Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.bin/login make kerberos work again:
details: https://anonhg.NetBSD.org/src/rev/a4a12739dcef
branches: trunk
changeset: 778982:a4a12739dcef
user: christos <christos%NetBSD.org@localhost>
date: Mon Apr 23 20:57:04 2012 +0000
description:
make kerberos work again:
1. make notickets external
2. don't use the tty as part of the credential cache, since pts/1 will not work.
3. Attempt to use the newer functions, but punt for now since it does not work yet.
diffstat:
usr.bin/login/k5login.c | 35 +++++++++++++++++++++++++++--------
usr.bin/login/login.c | 6 +++---
2 files changed, 30 insertions(+), 11 deletions(-)
diffs (113 lines):
diff -r acf2270715fc -r a4a12739dcef usr.bin/login/k5login.c
--- a/usr.bin/login/k5login.c Mon Apr 23 20:54:40 2012 +0000
+++ b/usr.bin/login/k5login.c Mon Apr 23 20:57:04 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: k5login.c,v 1.29 2012/04/23 15:07:02 christos Exp $ */
+/* $NetBSD: k5login.c,v 1.30 2012/04/23 20:57:04 christos Exp $ */
/*-
* Copyright (c) 1990 The Regents of the University of California.
@@ -51,7 +51,7 @@
#if 0
static char sccsid[] = "@(#)klogin.c 5.11 (Berkeley) 7/12/92";
#endif
-__RCSID("$NetBSD: k5login.c,v 1.29 2012/04/23 15:07:02 christos Exp $");
+__RCSID("$NetBSD: k5login.c,v 1.30 2012/04/23 20:57:04 christos Exp $");
#endif /* not lint */
#ifdef KERBEROS5
@@ -71,7 +71,7 @@
krb5_context kcontext;
-int notickets;
+extern int notickets;
int krb5_configured;
char *krb5tkfile_env;
extern char *tty;
@@ -335,14 +335,11 @@
krb5_timestamp now;
krb5_ccache ccache = NULL;
long lifetime = KRB5_DEFAULT_LIFE;
- int options = KRB5_DEFAULT_OPTIONS;
char *realm, *client_name;
char *principal;
krb5_configured = 1;
- if (login_krb5_forwardable_tgt)
- options |= KDC_OPT_FORWARDABLE;
/*
* Root logins don't use Kerberos.
@@ -366,10 +363,10 @@
if (strcmp(instance, "root") != 0)
(void)snprintf(tkt_location, sizeof tkt_location,
- "FILE:/tmp/krb5cc_%d.%s", pw->pw_uid, tty);
+ "FILE:/tmp/krb5cc_%d", pw->pw_uid);
else
(void)snprintf(tkt_location, sizeof tkt_location,
- "FILE:/tmp/krb5cc_root_%d.%s", pw->pw_uid, tty);
+ "FILE:/tmp/krb5cc_root_%d", pw->pw_uid);
krb5tkfile_env = tkt_location;
has_ccache = 1;
@@ -433,8 +430,30 @@
my_creds.times.endtime = now + lifetime;
my_creds.times.renew_till = 0;
+#if 1
+ int options = KRB5_DEFAULT_OPTIONS;
+
+ if (login_krb5_forwardable_tgt)
+ options |= KDC_OPT_FORWARDABLE;
+
kerror = krb5_get_in_tkt_with_password(kcontext, options,
NULL, NULL, NULL, password, ccache, &my_creds, 0);
+#else
+ /* This does not work yet */
+ krb5_get_init_creds_opt *opt;
+
+ if ((kerror = krb5_get_init_creds_opt_alloc(kcontext, &opt)) != 0) {
+ k5_log(kcontext, kerror, "while getting options");
+ return (1);
+ }
+ if (login_krb5_forwardable_tgt)
+ krb5_get_init_creds_opt_set_forwardable(opt, 1);
+
+ kerror = krb5_get_init_creds_password(kcontext, &my_creds, me, password,
+ NULL, NULL, 0, NULL, opt);
+
+ krb5_get_init_creds_opt_free(kcontext, opt);
+#endif
if (my_creds.server != NULL)
krb5_free_principal(kcontext, my_creds.server);
diff -r acf2270715fc -r a4a12739dcef usr.bin/login/login.c
--- a/usr.bin/login/login.c Mon Apr 23 20:54:40 2012 +0000
+++ b/usr.bin/login/login.c Mon Apr 23 20:57:04 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: login.c,v 1.100 2012/04/23 18:27:15 christos Exp $ */
+/* $NetBSD: login.c,v 1.101 2012/04/23 20:57:04 christos Exp $ */
/*-
* Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
@@ -39,7 +39,7 @@
#if 0
static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94";
#endif
-__RCSID("$NetBSD: login.c,v 1.100 2012/04/23 18:27:15 christos Exp $");
+__RCSID("$NetBSD: login.c,v 1.101 2012/04/23 20:57:04 christos Exp $");
#endif /* not lint */
/*
@@ -118,7 +118,7 @@
#if defined(KERBEROS5)
int has_ccache = 0;
-static int notickets = 1;
+int notickets = 1;
extern krb5_context kcontext;
extern int have_forward;
extern char *krb5tkfile_env;
Home |
Main Index |
Thread Index |
Old Index