head	1.5;
access;
symbols
	RELEASE_7_3_0:1.4
	RELEASE_8_0_0:1.4
	RELEASE_7_2_0:1.4
	RELEASE_7_1_0:1.4
	RELEASE_6_4_0:1.4
	RELEASE_5_EOL:1.4
	RELEASE_7_0_0:1.4
	RELEASE_6_3_0:1.4
	PRE_XORG_7:1.4
	RELEASE_4_EOL:1.4
	RELEASE_6_2_0:1.4
	RELEASE_6_1_0:1.4
	RELEASE_5_5_0:1.4
	RELEASE_6_0_0:1.4
	RELEASE_5_4_0:1.4
	RELEASE_4_11_0:1.4
	RELEASE_5_3_0:1.4
	RELEASE_4_10_0:1.4
	RELEASE_5_2_1:1.4
	RELEASE_5_2_0:1.4
	RELEASE_4_9_0:1.4
	RELEASE_5_1_0:1.3
	RELEASE_4_8_0:1.3
	RELEASE_5_0_0:1.3
	RELEASE_4_7_0:1.3
	RELEASE_4_6_2:1.3
	RELEASE_4_6_1:1.3
	RELEASE_4_6_0:1.3
	RELEASE_5_0_DP1:1.3
	RELEASE_4_5_0:1.3
	RELEASE_4_4_0:1.3
	RELEASE_4_3_0:1.3
	RELEASE_4_2_0:1.3
	RELEASE_4_1_1:1.3
	RELEASE_4_1_0:1.3
	krb5_1_2:1.3
	krb5_1_1_1:1.2
	RELEASE_3_5_0:1.2
	RELEASE_4_0_0:1.2
	RELEASE_3_4_0:1.1;
locks; strict;
comment	@# @;


1.5
date	2010.04.26.03.48.43;	author cy;	state dead;
branches;
next	1.4;

1.4
date	2003.08.08.01.20.18;	author cy;	state Exp;
branches;
next	1.3;

1.3
date	2000.06.24.01.48.10;	author nectar;	state Exp;
branches;
next	1.2;

1.2
date	2000.01.16.19.10.56;	author nectar;	state Exp;
branches;
next	1.1;

1.1
date	99.10.13.18.43.59;	author nectar;	state Exp;
branches;
next	;


desc
@@


1.5
log
@Welcome the new krb5-1.8.1. Significant changes include the removal of
the MIT KRB5 applications (now in a separate tarball and port).
@
text
@--- appl/bsd/login.c.orig	Tue May 27 21:06:25 2003
+++ appl/bsd/login.c	Tue Jul 29 20:52:25 2003
@@@@ -1342,19 +1342,6 @@@@
 		setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET);
 	    }
 
-	    /* Policy: If local password is good, user is good.
-	       We really can't trust the Kerberos password,
-	       because somebody on the net could spoof the
-	       Kerberos server (not easy, but possible).
-	       Some sites might want to use it anyways, in
-	       which case they should change this line
-	       to:
-	       if (kpass_ok)
-	    */
-
-	    if (lpass_ok)
-		break;
-
 	    if (got_v5_tickets) {
 		retval = krb5_verify_init_creds(kcontext, &my_creds, NULL,
 						NULL, &xtra_creds,
@@@@ -1378,6 +1365,9 @@@@
 	    }
 #endif /* KRB4_GET_TICKETS */
 
+	    if (lpass_ok)
+		break;
+
 	bad_login:
 	    setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET);
 
@@@@ -1667,21 +1657,23 @@@@
 	/* set up credential cache -- obeying KRB5_ENV_CCNAME 
 	   set earlier */
 	/* (KRB5_ENV_CCNAME == "KRB5CCNAME" via osconf.h) */
-	if ((retval = krb5_cc_default(kcontext, &ccache))) {
+	if ((retval = krb5_cc_default(kcontext, &ccache)))
 	    com_err(argv[0], retval, "while getting default ccache");
-	} else if ((retval = krb5_cc_initialize(kcontext, ccache, me))) {
-	    com_err(argv[0], retval, "when initializing cache");
-	} else if ((retval = krb5_cc_store_cred(kcontext, ccache, 
-						&my_creds))) {
-	    com_err(argv[0], retval, "while storing credentials");
-	} else if (xtra_creds &&
-		   (retval = krb5_cc_copy_creds(kcontext, xtra_creds,
-						ccache))) {
-	    com_err(argv[0], retval, "while storing credentials");
+	else {
+	    if (retval = krb5_cc_initialize(kcontext, ccache, me))
+		com_err(argv[0], retval, "when initializing cache");
+	    else {
+		if (retval = krb5_cc_store_cred(kcontext, ccache, &my_creds))
+		    com_err(argv[0], retval, "while storing credentials");
+		else  {
+		    if (xtra_creds &&
+				(retval = krb5_cc_copy_creds(kcontext, xtra_creds, ccache))) {
+			com_err(argv[0], retval, "while storing credentials");
+			krb5_cc_destroy(kcontext, xtra_creds);
+		    }
+		}
+	    }
 	}
-
-	if (xtra_creds)
-	    krb5_cc_destroy(kcontext, xtra_creds);
     } else if (forwarded_v5_tickets && rewrite_ccache) {
 	if ((retval = krb5_cc_initialize (kcontext, ccache, me))) {
 	    syslog(LOG_ERR,
@@@@ -1762,6 +1754,7 @@@@
 
     if (ccname)
 	setenv("KRB5CCNAME", ccname, 1);
+    krb5_cc_set_default_name(kcontext, ccname);
 
     setenv("HOME", pwd->pw_dir, 1);
     setenv("PATH", LPATH, 1);
@


1.4
log
@Update 1.2.8 --> 1.3
@
text
@@


1.3
log
@Update 1.1.1 -> 1.2
@
text
@d1 3
a3 3
--- appl/bsd/login.c.ORIG	Wed Oct 13 12:55:47 1999
+++ appl/bsd/login.c	Wed Oct 13 12:56:29 1999
@@@@ -1303,19 +1304,6 @@@@
d21 3
a23 3
 		if (retval = krb5_verify_init_creds(kcontext, &my_creds, NULL,
 						    NULL, &xtra_creds,
@@@@ -1338,6 +1326,9 @@@@
d33 1
a33 1
@@@@ -1640,20 +1631,28 @@@@
d37 2
a38 3
-	if (retval = krb5_cc_default(kcontext, &ccache)) {
+	retval = krb5_cc_default(kcontext, &ccache);
+	if (retval)
d40 1
a40 1
-	} else if (retval = krb5_cc_initialize(kcontext, ccache, me)) {
d42 2
a43 1
-	} else if (retval = krb5_cc_store_cred(kcontext, ccache, &my_creds)) {
d50 1
a50 2
+	    retval = krb5_cc_initialize(kcontext, ccache, me);
+	    if (retval)
d53 1
a53 2
+		retval = krb5_cc_store_cred(kcontext, ccache, &my_creds);
+		if (retval)
d56 3
a58 5
+		    if (xtra_creds) {
+			retval = krb5_cc_copy_creds(kcontext, xtra_creds,
+						ccache);
+			if (retval)
+			    com_err(argv[0], retval, "while storing credentials");
d70 1
a70 1
@@@@ -1727,6 +1727,7 @@@@
@


1.2
log
@Update 1.1 -> 1.1.1
@
text
@d33 1
a33 1
@@@@ -1634,19 +1625,28 @@@@
d69 2
a70 1
-	krb5_cc_destroy(kcontext, xtra_creds);
@


1.1
log
@Fix for abort in login.krb5 (segment violation when trying to get a
TGT).

Obtained from:		MIT Kerberos GNATS PR krb5-appl/762, 763
@
text
@a2 8
@@@@ -518,6 +518,7 @@@@
     if (!getenv(KRB5_ENV_CCNAME)) {
 	sprintf(ccfile, "FILE:/tmp/krb5cc_p%d", getpid());
 	setenv(KRB5_ENV_CCNAME, ccfile, 1);
+	krb5_cc_set_default_name(kcontext, ccfile);
 	unlink(ccfile+strlen("FILE:"));
     } else {
 	/* note it correctly */
a80 12
@@@@ -1748,8 +1749,10 @@@@
 
 #ifdef KRB5_GET_TICKETS
     /* ccfile[0] is only set if we got tickets above */
-    if (login_krb5_get_tickets && ccfile[0])
+    if (login_krb5_get_tickets && ccfile[0]) {
 	(void) setenv(KRB5_ENV_CCNAME, ccfile, 1);
+	krb5_cc_set_default_name(kcontext, ccfile);
+    }
 #endif /* KRB5_GET_TICKETS */
 
     if (tty[sizeof("tty")-1] == 'd')
@

