CVS commit: src/usr.bin/login

Mon, 23 Apr 2012 13:56:28 -0700 

Module Name:    src
Committed By:   christos
Date:           Mon Apr 23 20:57:04 UTC 2012

Modified Files:
        src/usr.bin/login: k5login.c login.c

Log Message:
make kerberos work again:
1. make notickets external
2. don't use the tty as part of the credential cache, since pts/1 will not work.
3. Attempt to use the newer functions, but punt for now since it does not work 
yet.


To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 src/usr.bin/login/k5login.c
cvs rdiff -u -r1.100 -r1.101 src/usr.bin/login/login.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/usr.bin/login/k5login.c
diff -u src/usr.bin/login/k5login.c:1.29 src/usr.bin/login/k5login.c:1.30
--- src/usr.bin/login/k5login.c:1.29	Mon Apr 23 11:07:02 2012
+++ src/usr.bin/login/k5login.c	Mon Apr 23 16:57:04 2012
@@ -1,4 +1,4 @@
-/*	$NetBSD: k5login.c,v 1.29 2012/04/23 15:07:02 christos Exp $	*/
+/*	$NetBSD: k5login.c,v 1.30 2012/04/23 20:57:04 christos Exp $	*/
 
 /*-
  * Copyright (c) 1990 The Regents of the University of California.
@@ -51,7 +51,7 @@
 #if 0
 static char sccsid[] = "@(#)klogin.c	5.11 (Berkeley) 7/12/92";
 #endif
-__RCSID("$NetBSD: k5login.c,v 1.29 2012/04/23 15:07:02 christos Exp $");
+__RCSID("$NetBSD: k5login.c,v 1.30 2012/04/23 20:57:04 christos Exp $");
 #endif /* not lint */
 
 #ifdef KERBEROS5
@@ -71,7 +71,7 @@ __RCSID("$NetBSD: k5login.c,v 1.29 2012/
 
 krb5_context kcontext;
 
-int notickets;
+extern int notickets;
 int krb5_configured;
 char *krb5tkfile_env;
 extern char *tty;
@@ -335,14 +335,11 @@ k5login(struct passwd *pw, char *instanc
 	krb5_timestamp now;
 	krb5_ccache ccache = NULL;
 	long lifetime = KRB5_DEFAULT_LIFE;
-	int options = KRB5_DEFAULT_OPTIONS;
 	char *realm, *client_name;
 	char *principal;
 
 	krb5_configured = 1;
 
-	if (login_krb5_forwardable_tgt)
-		options |= KDC_OPT_FORWARDABLE;
 
 	/*
 	 * Root logins don't use Kerberos.
@@ -366,10 +363,10 @@ k5login(struct passwd *pw, char *instanc
 
 	if (strcmp(instance, "root") != 0)
 		(void)snprintf(tkt_location, sizeof tkt_location,
-				"FILE:/tmp/krb5cc_%d.%s", pw->pw_uid, tty);
+				"FILE:/tmp/krb5cc_%d", pw->pw_uid);
 	else
 		(void)snprintf(tkt_location, sizeof tkt_location,
-				"FILE:/tmp/krb5cc_root_%d.%s", pw->pw_uid, tty);
+				"FILE:/tmp/krb5cc_root_%d", pw->pw_uid);
 	krb5tkfile_env = tkt_location;
 	has_ccache = 1;
 
@@ -433,8 +430,30 @@ k5login(struct passwd *pw, char *instanc
 	my_creds.times.endtime = now + lifetime;
 	my_creds.times.renew_till = 0;
 
+#if 1
+	int options = KRB5_DEFAULT_OPTIONS;
+
+	if (login_krb5_forwardable_tgt)
+		options |= KDC_OPT_FORWARDABLE;
+
 	kerror = krb5_get_in_tkt_with_password(kcontext, options,
 	    NULL, NULL, NULL, password, ccache, &my_creds, 0);
+#else
+	/* This does not work yet */
+	krb5_get_init_creds_opt *opt;
+
+	if ((kerror = krb5_get_init_creds_opt_alloc(kcontext, &opt)) != 0) {
+		k5_log(kcontext, kerror, "while getting options");
+		return (1);
+	}
+	if (login_krb5_forwardable_tgt)
+	    krb5_get_init_creds_opt_set_forwardable(opt, 1);
+
+        kerror = krb5_get_init_creds_password(kcontext, &my_creds, me, password,
+	    NULL, NULL, 0, NULL, opt);
+
+	krb5_get_init_creds_opt_free(kcontext, opt);
+#endif
 
 	if (my_creds.server != NULL)
 		krb5_free_principal(kcontext, my_creds.server);

Index: src/usr.bin/login/login.c
diff -u src/usr.bin/login/login.c:1.100 src/usr.bin/login/login.c:1.101
--- src/usr.bin/login/login.c:1.100	Mon Apr 23 14:27:15 2012
+++ src/usr.bin/login/login.c	Mon Apr 23 16:57:04 2012
@@ -1,4 +1,4 @@
-/*	$NetBSD: login.c,v 1.100 2012/04/23 18:27:15 christos Exp $	*/
+/*	$NetBSD: login.c,v 1.101 2012/04/23 20:57:04 christos Exp $	*/
 
 /*-
  * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
@@ -39,7 +39,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 19
 #if 0
 static char sccsid[] = "@(#)login.c	8.4 (Berkeley) 4/2/94";
 #endif
-__RCSID("$NetBSD: login.c,v 1.100 2012/04/23 18:27:15 christos Exp $");
+__RCSID("$NetBSD: login.c,v 1.101 2012/04/23 20:57:04 christos Exp $");
 #endif /* not lint */
 
 /*
@@ -118,7 +118,7 @@ static void	 usage(void);
 
 #if defined(KERBEROS5)
 int	has_ccache = 0;
-static int	notickets = 1;
+int	notickets = 1;
 extern krb5_context kcontext;
 extern int	have_forward;
 extern char	*krb5tkfile_env;

Reply via email to