From 0504800471e8bbe8f43bbfc7b2f1b6a935917c1c Mon Sep 17 00:00:00 2001
From: Chris Provenzano <proven@mit.edu>
Date: Wed, 26 Apr 1995 02:51:32 +0000
Subject: [PATCH] 	* forward.c (rd_and_store_for_creds()) : Rewritten to
 use 		auth_context and the new krb5_rd_creds(). 	* forward.c
 (get_for_creds()) : New function replacing 		krb5_get_for_creds()
 and uses auth_context and new 		krb5_mk_creds() routine. 	*
 kcmd.c (kcmd()): Use new get_for_creds() routine. 	* krlogind.c
 (recvauth()): Use new rd_and_store_for_creds() routine.

	* configure.in, krlogind.c, krsh.c, krshd.c, login.c, logutil.c.
		A bunch of patches from Ezra to get BSD to work on
		The Alpha that looked reasonable.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5484 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/appl/bsd/ChangeLog    |  59 +++++++-----
 src/appl/bsd/configure.in |   4 +
 src/appl/bsd/forward.c    | 192 +++++++++++++++++++++++++++++++++-----
 src/appl/bsd/kcmd.c       |  31 +++---
 src/appl/bsd/krlogind.c   |  39 +++++---
 src/appl/bsd/krsh.c       |   1 +
 src/appl/bsd/krshd.c      |  15 +--
 src/appl/bsd/login.c      |   7 +-
 src/appl/bsd/logutil.c    |  20 ++--
 9 files changed, 276 insertions(+), 92 deletions(-)

diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog
index ded3dfd56..2f51ddfce 100644
--- a/src/appl/bsd/ChangeLog
+++ b/src/appl/bsd/ChangeLog
@@ -1,3 +1,14 @@
+
+Tue Apr 25 21:23:28 1995  Chris Provenzano  (proven@mit.edu)
+
+	* forward.c (rd_and_store_for_creds()) : Rewritten to use
+		auth_context and the new krb5_rd_creds().
+	* forward.c (get_for_creds()) : New function replacing
+		krb5_get_for_creds() and uses auth_context and new
+		krb5_mk_creds() routine.
+	* kcmd.c (kcmd()): Use new get_for_creds() routine.
+	* krlogind.c (recvauth()): Use new rd_and_store_for_creds() routine.
+
 Sat Apr 22 00:42:22 1995  Theodore Y. Ts'o  (tytso@dcl)
 
 	* rlogind (main, doit): The variable krb5_override_default_realm
@@ -14,7 +25,31 @@ Fri Apr 21 17:18:57 1995  Mark Eichin  <eichin@cygnus.com>
 
 	rlogin testing changes from ian@cygnus.com.
 
-> Fri Mar 24 15:04:25 1995  Ian Lance Taylor  <ian@cygnus.com>
+Fri Apr 21 17:13:48 1995  Mark Eichin  <eichin@cygnus.com>
+
+	More changes from ian@cygnus.com to support testing.
+
+Fri Apr 21 14:07:15 1995  Mark Eichin  <eichin@cygnus.com>
+
+	Added Ian's changes with minor tweaks. These are used by the testsuite.
+
+Fri Apr 07 15:46:54 1995 Chris Provenzano (proven@mit.edu)
+
+	* configure.in, krlogind.c, krsh.c, krshd.c, login.c, logutil.c.
+		A bunch of patches from Ezra to get BSD to work on
+		The Alpha that looked reasonable.
+
+Mon Mar 27 07:56:26 1995 Chris Provenzano (proven@mit.edu)
+
+        * krcp.c (send_auth()): Use new calling convention for krb5_rd_req().
+
+        * krshd.c (recvauth()): Use new calling convention for 
+		krb5_compat_recvauth().
+
+        * krlogind.c (recvauth()): Use new calling convention for 
+		krb5_compat_recvauth().
+
+Fri Mar 24 15:04:25 1995  Ian Lance Taylor  <ian@cygnus.com>
 
 	* krlogind.c (srvtab): New global variable.
 	(krb5_override_default_realm): Declare.
@@ -26,11 +61,7 @@ Fri Apr 21 17:18:57 1995  Mark Eichin  <eichin@cygnus.com>
 	(recvauth): Pass srvtab to krb5_compat_recvauth.
 	* krlogind.M: Document -S, -M, and -L.
 
-Fri Apr 21 17:13:48 1995  Mark Eichin  <eichin@cygnus.com>
-
-	More changes from ian@cygnus.com to support testing.
-
-> Fri Mar 24 15:04:25 1995  Ian Lance Taylor  <ian@cygnus.com>
+Fri Mar 24 15:04:25 1995  Ian Lance Taylor  <ian@cygnus.com>
 
 	* krcp.c (forcenet): New global vraiable.
 	(main): Accept -D and -N arguments.  Pass Kerberos realm to remote
@@ -50,11 +81,7 @@ Fri Apr 21 17:13:48 1995  Mark Eichin  <eichin@cygnus.com>
 	kprogdir/rcp if it exists.
 	* krshd.M: Document -P.
 
-Fri Apr 21 14:07:15 1995  Mark Eichin  <eichin@cygnus.com>
-
-	Added Ian's changes with minor tweaks. These are used by the testsuite.
-
-> Thu Mar 23 18:18:31 1995  Ian Lance Taylor  <ian@cygnus.com>
+Thu Mar 23 18:18:31 1995  Ian Lance Taylor  <ian@cygnus.com>
 
 	* krshd.c (ARGSTR): Add S:M:A to KERBEROS version.
 	(srvtab): New global variable.
@@ -74,16 +101,6 @@ Fri Apr 21 14:07:15 1995  Mark Eichin  <eichin@cygnus.com>
 	* krcp.c (main): Pass 0 for anyport to kcmd.
 	* krlogin.c (main): Pass 0 for anyport to kcmd.
 
-Mon Mar 27 07:56:26 1995 Chris Provenzano (proven@mit.edu)
-
-        * krcp.c (send_auth()): Use new calling convention for krb5_rd_req().
-
-        * krshd.c (recvauth()): Use new calling convention for 
-		krb5_compat_recvauth().
-
-        * krlogind.c (recvauth()): Use new calling convention for 
-		krb5_compat_recvauth().
-
 Thu Mar 23 23:23:25 1995  Theodore Y. Ts'o  <tytso@dcl>
 
 	* Makefile.in (krshd): Move $(K4LIB) after $(KLIB) so that if
diff --git a/src/appl/bsd/configure.in b/src/appl/bsd/configure.in
index b21c013e6..72e0ddd27 100644
--- a/src/appl/bsd/configure.in
+++ b/src/appl/bsd/configure.in
@@ -31,9 +31,13 @@ AC_FUNC_CHECK(setreuid,AC_DEFINE(HAVE_SETREUID))
 AC_FUNC_CHECK(setresuid,AC_DEFINE(HAVE_SETRESUID))
 AC_FUNC_CHECK(waitpid,AC_DEFINE(HAVE_WAITPID))
 AC_FUNC_CHECK(setsid,AC_DEFINE(HAVE_SETSID))
+AC_FUNC_CHECK(ttyname,AC_DEFINE(HAVE_TTYNAME))
 AC_FUNC_CHECK(line_push,AC_DEFINE(HAVE_LINE_PUSH))
 AC_FUNC_CHECK(ptsname,AC_DEFINE(HAVE_PTSNAME))
 AC_FUNC_CHECK(grantpt,AC_DEFINE(HAVE_GRANTPT))
+AC_FUNC_CHECK(openpty,AC_DEFINE(HAVE_OPENPTY))
+AC_FUNC_CHECK(setlogin,AC_DEFINE(HAVE_SETLOGIN))
+AC_FUNC_CHECK(logwtmp,AC_DEFINE(HAVE_LOGWTMP))
 AC_HAVE_HEADERS(sys/filio.h sys/sockio.h unistd.h stdlib.h sys/label.h sys/tty.h ttyent.h lastlog.h sys/select.h sys/ptyvar.h)
 AC_REPLACE_FUNCS(getdtablesize)
 CHECK_SIGNALS
diff --git a/src/appl/bsd/forward.c b/src/appl/bsd/forward.c
index 9c9b229be..0f6f65aed 100644
--- a/src/appl/bsd/forward.c
+++ b/src/appl/bsd/forward.c
@@ -27,31 +27,28 @@
 #include <pwd.h>
 #include <netdb.h>
 
-#include "krb5.h"
+#include "k5-int.h"
 
 /* Decode, decrypt and store the forwarded creds in the local ccache. */
 krb5_error_code
-rd_and_store_for_creds(context, inbuf, ticket, lusername)
-     krb5_context context;
-     krb5_data *inbuf;
-     krb5_ticket *ticket;
-     char *lusername;
+rd_and_store_for_creds(context, auth_context, inbuf, ticket, lusername)
+    krb5_context context;
+    krb5_auth_context * auth_context;
+    krb5_data *inbuf;
+    krb5_ticket *ticket;
+    char *lusername;
 {
-    krb5_encrypt_block eblock;
-    krb5_creds creds;
+    krb5_creds ** creds;
     krb5_error_code retval;
     char ccname[35];
     krb5_ccache ccache = NULL;
     struct passwd *pwd;
 
-    if (retval = krb5_rd_cred(inbuf, ticket->enc_part2->session, 
-			 &creds, 0, 0)) {
-	return(retval);
-    }
-    
-    if (!(pwd = (struct passwd *) getpwnam(lusername))) {
+    if (!(pwd = (struct passwd *) getpwnam(lusername)))
 	return -1;
-    }
+
+    if (retval = krb5_rd_cred(context, auth_context, inbuf, &creds, NULL)) 
+	return(retval);
 
     /* Set the KRB5CCNAME ENV variable to keep sessions 
      * seperate. Use the process id of this process which is 
@@ -61,23 +58,170 @@ rd_and_store_for_creds(context, inbuf, ticket, lusername)
     sprintf(ccname, "FILE:/tmp/krb5cc_p%d", getpid());
     setenv("KRB5CCNAME", ccname, 0);
   
-    if (retval = krb5_cc_resolve(context, ccname, &ccache)) {
-	return(retval);
+    if (retval = krb5_cc_resolve(context, ccname, &ccache)) 
+	goto cleanup;
+
+    if (retval = krb5_cc_initialize(context, ccache, ticket->enc_part2->client))
+	goto cleanup;
+
+    if (retval = krb5_cc_store_cred(context, ccache, *creds)) 
+	goto cleanup;
+
+    retval = chown(ccname+5, pwd->pw_uid, -1);
+
+cleanup:
+    krb5_free_creds(context, *creds);
+    return retval;
+}
+
+#ifndef MAXHOSTNAMELEN 
+#define MAXHOSTNAMELEN 64
+#endif
+     
+#define KRB5_DEFAULT_LIFE 60*60*8   /* 8 hours */
+/* helper function: convert flags to necessary KDC options */
+#define flags2options(flags) (flags & KDC_TKT_COMMON_MASK)
+
+/* Get a TGT for use at the remote host */
+krb5_error_code 
+get_for_creds(context, auth_context, rhost, client, forwardable, out_buf)
+    krb5_context context;
+    krb5_auth_context * auth_context;
+    char *rhost;
+    krb5_principal client;
+    int forwardable;      /* Should forwarded TGT also be forwardable? */
+    krb5_data *out_buf;
+{
+    krb5_replay_data replaydata;
+    krb5_data * scratch;
+    struct hostent *hp;
+    krb5_address **addrs;
+    krb5_error_code retval;
+    krb5_creds tgt, creds, *pcreds;
+    krb5_ccache cc;
+    krb5_flags kdcoptions;
+    krb5_timestamp now;
+    char *remote_host = 0;
+    char **hrealms = 0;
+    int i;
+
+    memset((char *)&creds, 0, sizeof(creds));
+
+    if (!rhost || !(hp = gethostbyname(rhost)))
+      return KRB5_ERR_BAD_HOSTNAME;
+
+    remote_host = (char *) malloc(strlen(hp->h_name)+1);
+    if (!remote_host) {
+	retval = ENOMEM;
+	goto errout;
+    }	
+    strcpy(remote_host, hp->h_name);
+
+    if (retval = krb5_get_host_realm(context, remote_host, &hrealms))
+	goto errout;
+    if (!hrealms[0]) {
+	retval = KRB5_ERR_HOST_REALM_UNKNOWN;
+	goto errout;
     }
 
-    if (retval = krb5_cc_initialize(context, ccache,
-				    ticket->enc_part2->client)) {
-	return(retval);
+    /* Count elements */
+    for(i = 0; hp->h_addr_list[i]; i++);
+
+    addrs = (krb5_address **) malloc ((i + 1)*sizeof(*addrs));
+    if (!addrs) {
+	retval = ENOMEM;
+	goto errout;
+    }
+    memset(addrs, 0, (i+1)*sizeof(*addrs));
+    
+    for(i = 0; hp->h_addr_list[i]; i++) {
+	addrs[i] = (krb5_address *) malloc(sizeof(krb5_address));
+	if (!addrs[i]) {
+	    retval = ENOMEM;
+	    goto errout;
+	}
+	addrs[i]->addrtype = hp->h_addrtype;
+	addrs[i]->length   = hp->h_length;
+	addrs[i]->contents = (unsigned char *)malloc(addrs[i]->length);
+	if (!addrs[i]->contents) {
+	    retval = ENOMEM;
+	    goto errout;
+	}
+	memcpy ((char *)addrs[i]->contents, hp->h_addr_list[i],
+		addrs[i]->length);
     }
+    addrs[i] = 0;
 
-    if (retval = krb5_cc_store_cred(context, ccache, &creds)) {
-	return(retval);
+    if (retval = krb5_copy_principal(context, client, &creds.client))
+	goto errout;
+    
+    if (retval = krb5_build_principal_ext(context, &creds.server,
+					  strlen(hrealms[0]),
+					  hrealms[0],
+					  KRB5_TGS_NAME_SIZE,
+					  KRB5_TGS_NAME,
+					  client->realm.length,
+					  client->realm.data,
+					  0))
+	goto errout;
+	
+    creds.times.starttime = 0;
+    if (retval = krb5_timeofday(context, &now))
+	goto errout;
+
+    creds.times.endtime = now + KRB5_DEFAULT_LIFE;
+    creds.times.renew_till = 0;
+    
+    if (retval = krb5_cc_default(context, &cc))
+	goto errout;
+
+    /* fetch tgt directly from cache */
+    retval = krb5_cc_retrieve_cred (context, cc, KRB5_TC_MATCH_SRV_NAMEONLY,
+				    &creds, &tgt);
+    krb5_cc_close(context, cc);
+
+    if (retval)
+	goto errout;
+
+    /* tgt->client must be equal to creds.client */
+    if (!krb5_principal_compare(context, tgt.client, creds.client)) {
+	retval = KRB5_PRINC_NOMATCH;
+	goto errout;
     }
 
-    if (retval = chown(ccname+5, pwd->pw_uid, -1)) {
-	return(retval);
+    if (!tgt.ticket.length) {
+	retval = KRB5_NO_TKT_SUPPLIED;
+	goto errout;
+    }
+
+    if (!(tgt.ticket_flags & TKT_FLG_FORWARDABLE)) {
+	retval = KRB5_TKT_NOT_FORWARDABLE;
+	goto errout;
     }
 
+    kdcoptions = flags2options(tgt.ticket_flags)|KDC_OPT_FORWARDED;
+
+    if (!forwardable) /* Reset KDC_OPT_FORWARDABLE */
+      kdcoptions &= ~(KDC_OPT_FORWARDABLE);
+
+    if (retval = krb5_get_cred_via_tkt(context, &tgt, kdcoptions,
+				       addrs, &creds, &pcreds))
+	goto errout;
+
+    retval = krb5_mk_1cred(context, auth_context, pcreds, 
+			   &scratch, &replaydata);
+    krb5_free_creds(context, pcreds);
+    *out_buf = *scratch;
+    krb5_xfree(scratch);
+    
+errout:
+    if (remote_host)
+	free(remote_host);
+    if (hrealms)
+	krb5_xfree(hrealms);
+    if (addrs)
+	krb5_free_addresses(context, addrs);
+    krb5_free_cred_contents(context, &creds);
     return retval;
 }
 
diff --git a/src/appl/bsd/kcmd.c b/src/appl/bsd/kcmd.c
index 766f70bba..b23f2f9b7 100644
--- a/src/appl/bsd/kcmd.c
+++ b/src/appl/bsd/kcmd.c
@@ -53,19 +53,16 @@
 #include "krb5.h"
 
 #include "defines.h"
-     
-#ifndef MAXHOSTNAMELEN 
-#define MAXHOSTNAMELEN 64
-#endif
-     
-extern	errno;
 
-#define	START_PORT	5120	 /* arbitrary */
+
+#define START_PORT      5120     /* arbitrary */
 char *default_service = "host";
 
 extern krb5_cksumtype krb5_kdc_req_sumtype;
 extern krb5_context bsd_context;
 
+
+
 kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
      cred, seqno, server_seqno, laddr, faddr, authopts, anyport)
      int *sock;
@@ -272,7 +269,7 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
         status = -1;
         goto bad2;
     }
-    
+
     status = krb5_cc_default(bsd_context, &cc);
     if (status) goto bad2;
 
@@ -289,6 +286,18 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
     authopts &= (~OPTS_FORWARD_CREDS);
     authopts &= (~OPTS_FORWARDABLE_CREDS);
 
+    if (krb5_auth_con_init(bsd_context, &auth_context)) 
+	goto bad2;
+
+    if (krb5_auth_con_setflags(bsd_context, auth_context, 
+			       KRB5_AUTH_CONTEXT_RET_TIME))
+	goto bad2;
+
+    /* Only need local address for mk_cred() to send to krlogind */
+    if (status = krb5_auth_con_genaddrs(bsd_context, auth_context, s,
+			KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR))
+	goto bad2;
+
    /* call Kerberos library routine to obtain an authenticator,
        pass it over the socket to the server, and obtain mutual
        authentication. */
@@ -319,18 +328,16 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
     (void) write(s, locuser, strlen(locuser)+1);
     
     if (options & OPTS_FORWARD_CREDS) {   /* Forward credentials */
-	if (status = krb5_get_for_creds(bsd_context, 
-					krb5_kdc_req_sumtype,
+	if (status = get_for_creds(bsd_context, auth_context,
 					hp->h_name,
 					ret_cred->client,
-					&ret_cred->keyblock,
 					/* Forwardable TGT? */
 					options & OPTS_FORWARDABLE_CREDS,
 					&outbuf)) {
 	    fprintf(stderr, "kcmd: Error getting forwarded creds\n");
 	    goto bad2;
 	}
-	
+
 	/* Send forwarded credentials */
 	if (status = krb5_write_message(bsd_context, (krb5_pointer)&s, &outbuf))
 	  goto bad2;
diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c
index 1cc3ca5c7..29a1b39ca 100644
--- a/src/appl/bsd/krlogind.c
+++ b/src/appl/bsd/krlogind.c
@@ -1393,6 +1393,14 @@ getpty(fd,slave)
     int i,ptynum;
     struct stat stb;
 
+#ifdef HAVE_OPENPTY
+    int slavefd;
+
+    if(openpty(fd, &slavefd, slave, (struct termios *) 0,
+         (struct winsize *) 0)) return 1;
+    return 0;
+#else
+
     *fd = open("/dev/ptmx", O_RDWR|O_NDELAY);	/* Solaris, IRIX */
     if (*fd < 0) *fd = open("/dev/ptc", O_RDWR|O_NDELAY); /* AIX */
     if (*fd < 0) *fd = open("/dev/pty", O_RDWR|O_NDELAY); /* sysvimp */
@@ -1403,10 +1411,14 @@ getpty(fd,slave)
 	if (grantpt(*fd) || unlockpt(*fd)) return 1;
 #endif
     
+#ifdef	HAVE_TTYNAME
+	p = ttyname(*fd);
+#else
 #ifdef HAVE_PTSNAME
 	p = ptsname(*fd);
 #else
-	p = ttyname(*fd);
+	/* XXX If we don't have either what do we do */
+#endif
 #endif
 	if (p) {
 	    strcpy(slave, p);
@@ -1441,6 +1453,7 @@ getpty(fd,slave)
 	}
 	return 1;
     }
+#endif /* HAVE_OPENPTY */
 }
 
 
@@ -1511,7 +1524,6 @@ recvauth()
     char krb_vers[KRB_SENDAUTH_VLEN + 1];
     int len;
     krb5_principal server;
-    krb5_address peeraddr;
     krb5_data inbuf;
     char v4_instance[INST_SZ];	/* V4 Instance */
     char v4_version[9];
@@ -1527,16 +1539,6 @@ recvauth()
 	exit(1);
     }
 
-#ifdef unicos61
-#define SIZEOF_INADDR  SIZEOF_in_addr
-#else
-#define SIZEOF_INADDR sizeof(struct in_addr)
-#endif
-
-    peeraddr.addrtype = peersin.sin_family;
-    peeraddr.length = SIZEOF_INADDR;
-    peeraddr.contents = (krb5_octet *)&peersin.sin_addr;
-	
     if (status = krb5_sname_to_principal(bsd_context, NULL, "host", 
 					 KRB5_NT_SRV_HST, &server)) {
 	    syslog(LOG_ERR, "parse server name %s: %s", "host",
@@ -1549,7 +1551,10 @@ recvauth()
     if (status = krb5_auth_con_init(bsd_context, &auth_context))
         return status;
  
-    krb5_auth_con_setaddrs(bsd_context, auth_context, NULL, &peeraddr);
+    /* Only need remote address for rd_cred() to verify client */
+    if (status = krb5_auth_con_genaddrs(bsd_context, auth_context, netf,
+			KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR))
+	return status;
 
     if (status = krb5_compat_recvauth(bsd_context, &auth_context, &netf,
 				  "KCMDV0.1",
@@ -1634,8 +1639,12 @@ recvauth()
 	fatal(netf, "Error reading message");
 
     if (inbuf.length) { /* Forwarding being done, read creds */
-	if (status = rd_and_store_for_creds(bsd_context, &inbuf, ticket, 
-					    lusername))
+        if (status = krb5_auth_con_genaddrs(bsd_context, auth_context, netf,
+			KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR))
+	    fatal(netf, "Can't generate full address for client");
+
+	if (status = rd_and_store_for_creds(bsd_context, auth_context, &inbuf, 
+					    ticket, lusername))
 	    fatal(netf, "Can't get forwarded credentials");
     }
     return 0;
diff --git a/src/appl/bsd/krsh.c b/src/appl/bsd/krsh.c
index 06838fbfa..74e4f0dc3 100644
--- a/src/appl/bsd/krsh.c
+++ b/src/appl/bsd/krsh.c
@@ -58,6 +58,7 @@ char copyright[] =
 #include "krb5.h"
 #include "com_err.h"
 #include "defines.h"
+#include "ext-proto.h"
 #endif /* KERBEROS */
      
 /*
diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c
index ae1f99c2f..2b77593a4 100644
--- a/src/appl/bsd/krshd.c
+++ b/src/appl/bsd/krshd.c
@@ -820,13 +820,13 @@ doit(f, fromp)
     if (port) {
 	/* Place entry into wtmp */
 	sprintf(ttyn,"krsh%1d",getpid());
-	logwtmp(ttyn,locuser,hostname,1);
+	logwtmp(ttyn,locuser,hostname);
     }
     /*      We are simply execing a program over rshd : log entry into wtmp,
 	    as kexe(pid), then finish out the session right after that.
 	    Syslog should have the information as to what was exec'd */
     else {
-	logwtmp(ttyn,locuser,hostname,1);
+	logwtmp(ttyn,locuser,hostname);
     }
     
 #ifdef CRAY
@@ -1181,7 +1181,7 @@ doit(f, fromp)
 		   "Shell process completed.");
 #endif
 	    /* Finish session in wmtp */
-	    logwtmp(ttyn,"","",0);
+	    logwtmp(ttyn,"","");
 	    exit(0);
 	}
 #ifdef SETPGRP_TWOARG
@@ -1208,7 +1208,7 @@ doit(f, fromp)
 	    as kexe(pid), then finish out the session right after that.
 	    Syslog should have the information as to what was exec'd */
     else {
-	logwtmp(ttyn,"","",0);
+	logwtmp(ttyn,"","");
     }
     
     if (*pwd->pw_shell == '\0')
@@ -1284,7 +1284,7 @@ doit(f, fromp)
     exit(1);
     
   signout_please:
-    logwtmp(ttyn,"","",0);
+    logwtmp(ttyn,"","");
     exit(1);
 }
     
@@ -1353,7 +1353,7 @@ krb5_sigtype
 #endif
     wait(0);
     
-    logwtmp(ttyn,"","",0);
+    logwtmp(ttyn,"","");
     syslog(LOG_INFO ,"Shell process completed.");
     exit(0);
 }
@@ -1696,7 +1696,8 @@ recvauth(netf, peersin, peeraddr)
     }
 
     if (inbuf.length) { /* Forwarding being done, read creds */
-	if (status = rd_and_store_for_creds(bsd_context, &inbuf, ticket, locuser)) {
+	if (status = rd_and_store_for_creds(bsd_context, auth_context, &inbuf,
+					    ticket, locuser)) {
 	    error("Can't get forwarded credentials: %s\n",
 		  error_message(status));
 	    exit(1);
diff --git a/src/appl/bsd/login.c b/src/appl/bsd/login.c
index 71f89dbee..e60dad5ae 100644
--- a/src/appl/bsd/login.c
+++ b/src/appl/bsd/login.c
@@ -82,10 +82,10 @@ char copyright[] =
 #include <ttyent.h>
 #endif
 #include <syslog.h>
+#include <stdio.h>
 #include <grp.h>
 #include <pwd.h>
 #include <setjmp.h>
-#include <stdio.h>
 #include <string.h>
 
 #ifdef HAVE_SHADOW
@@ -814,6 +814,11 @@ bad_login:
 #ifdef OQUOTA
 	quota(Q_DOWARN, pwd->pw_uid, (dev_t)-1, 0);
 #endif
+#ifdef HAVE_SETLOGIN
+	if (setlogin(pwd->pw_name) < 0)
+      	    syslog(LOG_ERR, "setlogin() failure %d",errno);
+#endif
+
 #ifdef __SCO__
 	/* this is necessary when C2 mode is enabled, but not otherwise */
 	setluid((uid_t) pwd->pw_uid);
diff --git a/src/appl/bsd/logutil.c b/src/appl/bsd/logutil.c
index dbc6738ae..5c594e492 100644
--- a/src/appl/bsd/logutil.c
+++ b/src/appl/bsd/logutil.c
@@ -140,11 +140,9 @@ void update_utmp(ent, username, line, host)
 void update_wtmp(ent)
     struct utmp *ent;
 {
-#ifndef HAVE_SETUTENT
     struct utmp ut;
     struct stat statb;
     int fd;
-#endif /* !HAVE_SETUTENT */
 #ifdef HAVE_SETUTXENT
     struct utmpx utx;
 
@@ -155,12 +153,6 @@ void update_wtmp(ent)
 #ifdef HAVE_UPDWTMP
     updwtmp(WTMP_FILE, ent);
 #else /* HAVE_UPDWTMP */
-#ifdef HAVE_SETUTENT
-    utmpname(WTMP_FILE);
-    setutent();
-    pututline(ent);
-    endutent();
-#else /* HAVE_SETUTENT */
 
     if ((fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) >= 0) {
 	if (!fstat(fd, &statb)) {
@@ -171,7 +163,7 @@ void update_wtmp(ent)
 	  (void)strncpy(ut.ut_host, ent->ut_host, sizeof(ut.ut_host));
 #endif
 	  (void)time(&ut.ut_time);
-#ifdef HAVE_GETUTENT
+#if defined(HAVE_GETUTENT) && defined(USER_PROCESS)
 	  if (ent->ut_name) {
 	    if (!ut.ut_pid)
 	      ut.ut_pid = getpid();
@@ -186,20 +178,23 @@ void update_wtmp(ent)
 	}
 	(void)close(fd);
     }
-#endif /* HAVE_SETUTENT */
 #endif /* HAVE_UPDWTMP */
 }
 
-void logwtmp(tty, locuser, host, loggingin)
+#ifndef HAVE_LOGWTMP
+void logwtmp(tty, locuser, host)
     char *tty;
     char *locuser;
     char *host;
-    int loggingin;
 {
     struct utmp ut;
     char *tmpx;
     char utmp_id[5];
 
+    /* Will be empty for logout */
+    int loggingin = locuser[0];
+
+
 #ifndef NO_UT_HOST
     strncpy(ut.ut_host, host, sizeof(ut.ut_host));
 #endif
@@ -222,3 +217,4 @@ void logwtmp(tty, locuser, host, loggingin)
 
     update_wtmp(&ut);
 }
+#endif
-- 
2.26.2