+Wed Jan 31 16:24:50 1996 Sam Hartman <hartmans@tertius.mit.edu>
+
+ * krlogind.c (recvauth): Psas ccache to rd_and_store_for_creds
+
+ * krshd.c (recvauth): Pass address of ccache to rd_and_store_for_creds
+ (ccache): new global variable.
+ (cleanup): Destroy ccache if we have one.
+ (doit): Destroy cache on normal terination.
+
+ * forward.c (rd_and_store_for_creds): Take a pointer to a ccache;
+ we should provide the caller with a way of destroying forwarded
+ credentials.
+
+Tue Jan 30 17:56:49 1996 Sam Hartman <hartmans@tertius.mit.edu>
+
+ * krshd.c (envinit): Expand to have space KRB5_CCNAME
+ (doit): Put krb5_ccname at the end of envinit; this is
+ handled differently that other variables, because TZ may or may not
+ beset, so our position cannot be fixed.
+
+
+
+
+
+ done
+
+
+
+
+ Auto-saving...Use execle because AIX doesn't use envron for the initial environment.
+
Sat Jan 27 18:40:31 1996 Sam Hartman <hartmans@tertius.mit.edu>
* kcmd.c (kcmd): We no longer need F_SETOWN as nothing in appl/bsd
/* Decode, decrypt and store the forwarded creds in the local ccache. */
krb5_error_code
-rd_and_store_for_creds(context, auth_context, inbuf, ticket, lusername)
+rd_and_store_for_creds(context, auth_context, inbuf, ticket, lusername, ccache)
krb5_context context;
krb5_auth_context auth_context;
krb5_data *inbuf;
krb5_ticket *ticket;
char *lusername;
+ krb5_ccache *ccache;
{
krb5_creds ** creds;
krb5_error_code retval;
char ccname[35];
- krb5_ccache ccache = NULL;
struct passwd *pwd;
+ *ccache = NULL;
if (!(pwd = (struct passwd *) getpwnam(lusername)))
- return -1;
+ return ENOENT;
if (retval = krb5_rd_cred(context, auth_context, inbuf, &creds, NULL))
return(retval);
sprintf(ccname, "FILE:/tmp/krb5cc_p%d", getpid());
setenv("KRB5CCNAME", ccname, 0);
- if (retval = krb5_cc_resolve(context, ccname, &ccache))
+ if (retval = krb5_cc_resolve(context, ccname, ccache))
goto cleanup;
- if (retval = krb5_cc_initialize(context, ccache, ticket->enc_part2->client))
+ if (retval = krb5_cc_initialize(context, *ccache, ticket->enc_part2->client))
goto cleanup;
- if (retval = krb5_cc_store_cred(context, ccache, *creds))
+ if (retval = krb5_cc_store_cred(context, *ccache, *creds))
goto cleanup;
retval = chown(ccname+5, pwd->pw_uid, -1);
-
+
cleanup:
krb5_free_creds(context, *creds);
return retval;
krb5_authenticator *kdata;
krb5_ticket *ticket = 0;
krb5_context bsd_context;
+krb5_ccache ccache = NULL;
krb5_keytab keytab = NULL;
krb5_error_code
recvauth(valid_checksum)
-int *valid_checksum;
+ int *valid_checksum;
{
krb5_auth_context auth_context = NULL;
krb5_error_code status;
if ((inbuf.length) && /* Forwarding being done, read creds */
(status = rd_and_store_for_creds(bsd_context, auth_context, &inbuf,
- ticket, lusername))) {
+ ticket, lusername, &ccache))) {
fatal(netf, "Can't get forwarded credentials");
}
return 0;
krb5_context bsd_context;
char *srvtab = NULL;
krb5_keytab keytab = NULL;
-
+krb5_ccache ccache = NULL;
void fatal();
int v5_des_read();
int v5_des_write();
#ifdef CRAY
char *envinit[] =
-{homedir, shell, 0, username, "TZ=GMT0", tmpdir, term, 0};
+{homedir, shell, 0, username, "TZ=GMT0", tmpdir, term, 0,0};
#define TZENV 4
#define TMPDIRENV 5
char *getenv();
#else /* CRAY */
#ifdef KERBEROS
char *envinit[] =
-{homedir, shell, 0, username, term, 0, 0};
+{homedir, shell, 0, username, term, 0, 0, 0};
#define TZENV 5
#else /* KERBEROS */
char *envinit[] =
#endif
/* Finish session in wmtp */
pty_logwtmp(ttyn,"","");
+if (ccache)
+ krb5_cc_destroy(bsd_context, ccache);
+ ccache = NULL;
+
exit(0);
}
#ifdef SETPGRP_TWOARG
findtz++;
}
}
- environ = envinit;
strncat(homedir, pwd->pw_dir, sizeof(homedir)-6);
strncat(shell, pwd->pw_shell, sizeof(shell)-7);
strncat(username, pwd->pw_name, sizeof(username)-6);
}
sprintf(path, "PATH=%s:%s", kprogdir, path_rest);
envinit[PATHENV] = path;
+/* If we have KRB5CCNAME set, then copy into the
+ * child's environment. This can't really have
+ * a fixed position because tz may or may not be set.
+ */
+ if (getenv("KRB5CCNAME")) {
+ int i;
+ char *buf = (char *)malloc(strlen(getenv("KRB5CCNAME"))
+ +strlen("KRB5CCNAME=")+1);
+ if (buf) {
+sprintf(buf, "KRB5CCNAME=%s",getenv("KRB5CCNAME"));
+
+for (i = 0; envinit[i]; i++);
+envinit[i] =buf;
+ }
+ /* If we do anything else, make sure there is space in the array.
+ */
+ }
+ environ = envinit;
+
cp = strrchr(pwd->pw_shell, '/');
if (cp)
cp++;
else
cp = pwd->pw_shell;
-
+
#ifdef KERBEROS
/* To make Kerberos rcp work correctly, we must ensure that we
invoke Kerberos rcp on this end, not normal rcp, even if the
exit(1);
signout_please:
+if (ccache)
+ krb5_cc_destroy(bsd_context, ccache);
+ ccache = NULL;
pty_logwtmp(ttyn,"","");
exit(1);
}
pty_logwtmp(ttyn,"","");
syslog(LOG_INFO ,"Shell process completed.");
+if (ccache)
+ krb5_cc_destroy(bsd_context, ccache);
exit(0);
}
recvauth(netf, peersin, valid_checksum)
int netf;
struct sockaddr_in peersin;
-int *valid_checksum;
+ int *valid_checksum;
{
krb5_auth_context auth_context = NULL;
krb5_error_code status;
if (inbuf.length) { /* Forwarding being done, read creds */
if (status = rd_and_store_for_creds(bsd_context, auth_context, &inbuf,
- ticket, locuser)) {
+ ticket, locuser, &ccache)) {
error("Can't get forwarded credentials: %s\n",
error_message(status));
exit(1);
if (!(environ[offset] = /* name + `=' + value */
malloc((u_int)((int)(C - name) + l_value + 2))))
return(-1);
- for (C = environ[offset]; (*C = *name++) && *C != '='; ++C);
+ for (C = environ[offset]; (*C = *name++) &&( *C != '='); ++C);
for (*C++ = '='; *C++ = *value++;);
return(0);
}
projects / krb5.git / commitdiff