Preliminary fixed version of patch to deal with reading in credentials

and writing them out later. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9101 dc483132-0cff-0310-8789-dd5450dbe970
author: Sam Hartman <hartmans@mit.edu> 1996-09-21 09:26:07 +0000
committer: Sam Hartman <hartmans@mit.edu> 1996-09-21 09:26:07 +0000
commit: b67d0cec8adc2c43e274c60e8a838cf63f06d206 (patch)
tree: 58e9b454aea97b5ce2f404ad8ccd6576f1f9d4ac /src/appl/bsd
parent: a67adf453eb72787f5bef983750684e48257eb49 (diff)
download: krb5-b67d0cec8adc2c43e274c60e8a838cf63f06d206.tar.gz
krb5-b67d0cec8adc2c43e274c60e8a838cf63f06d206.tar.xz
krb5-b67d0cec8adc2c43e274c60e8a838cf63f06d206.zip
2 files changed, 38 insertions, 17 deletions
diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog
index e6d6bd6020..b41f87fa9a 100644
--- a/src/appl/bsd/ChangeLog
+++ b/src/appl/bsd/ChangeLog
@@ -1,3 +1,15 @@
+Fri Sep 20 18:23:53 1996  Sam Hartman  <hartmans@planet-zorp.MIT.EDU>
+
+	* login.c: Update so that we try to convert krb524 tickets after
+ 	we setuid(), and so that we don't hard fail if cache writeout
+ 	fail.
+
+Fri Sep 20 17:35:22 1996  Sam Hartman  <hartmans@mit.edu>
+
+	* login.c: Check to see if we got krb5 tickets at all times,
+ 	regardless of wether we are converting to krb4.  This helps us
+ 	know when to kdestroy.
+
 Wed Sep 11 17:27:02 1996  Barry Jaspan  <bjaspan@mit.edu>
 
 	* login.c: fix a security-threating race condition: chown'ing the
diff --git a/src/appl/bsd/login.c b/src/appl/bsd/login.c
index 6cffb27aae..e398f1b626 100644
--- a/src/appl/bsd/login.c
+++ b/src/appl/bsd/login.c
@@ -1157,6 +1157,7 @@ int main(argc, argv)
 	char *ttyname(), *stypeof(), *crypt(), *getpass();
 	time_t login_time;
 	int retval;
+int rewrite_ccache = 1; /*try to write out ccache*/
 #ifdef KRB5_GET_TICKETS
 	krb5_principal me;
 	krb5_creds save_v5creds;
@@ -1567,13 +1568,15 @@ int main(argc, argv)
 	    (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
 
 	(void)chmod(ttyn, 0620);
+#ifdef KRB5_GET_TICKETS
+		    /* Maybe telnetd got tickets for us?  */
+	if (!got_v5_tickets && have_v5_tickets (&me))
+	  got_v5_tickets = 1;
+#endif /*gET_KRB%_TICKETS/*/
 
 #ifdef KRB4_GET_TICKETS
-	if (login_krb4_get_tickets && login_krb4_convert && !got_v4_tickets) {
+	if ( login_krb4_convert && !got_v4_tickets) {
 
-	    /* Maybe telnetd got tickets for us?  */
-	    if (!got_v5_tickets && have_v5_tickets (&me))
-		got_v5_tickets = 1;
 
 	    if (got_v5_tickets)
 		try_convert524 (kcontext, me);
@@ -1677,17 +1680,18 @@ int main(argc, argv)
 		  syslog(LOG_ERR,
 			 "%s while creating V5 krbtgt principal",
 			 error_message(retval));
-		  sleepexit(1);
+		  goto skip_ccache_rewrite;
 	     }
-	     mcreds.ticket_flags = TKT_FLG_INITIAL;
+
+	       mcreds.ticket_flags =0;
 	     
 	     if (retval = krb5_cc_retrieve_cred(kcontext, ccache,
-					   KRB5_TC_MATCH_FLAGS,
+						0,
 					   &mcreds, &save_v5creds)) {
 		  syslog(LOG_ERR,
 			 "%s while retrieiving V5 initial ticket for copy",
 			 error_message(retval));
-		  sleepexit(1);
+		  goto skip_ccache_rewrite;
 	     }
 	     krb5_free_principal(kcontext, mcreds.server);
 	}
@@ -1701,12 +1705,14 @@ int main(argc, argv)
 		  syslog(LOG_ERR,
 			 "%s while retrieving V4 initial ticket for copy",
 			 error_message(retval));
-		  sleepexit(1);
+	     skip_ccache_rewrite: rewrite_ccache = 0;
+	     
 	     }
 	}
 #endif /* KRB4_GET_TICKETS */
 #if defined(KRB5_GET_TICKETS) || defined(KRB4_GET_TICKETS)
-	destroy_tickets();
+	if (got_v5_tickets || got_v4_tickets)
+	  destroy_tickets();
 #endif
 
 #ifdef OQUOTA
@@ -1731,6 +1737,7 @@ int main(argc, argv)
 #ifdef _IBMR2
 	setuidx(ID_LOGIN, pwd->pw_uid);
 #endif
+
 	if(setuid((uid_t) pwd->pw_uid) < 0) {
 	     perror("setuid");
 	     sleepexit(1);
@@ -1741,31 +1748,31 @@ int main(argc, argv)
 	 * ticket file.
 	 */
 #ifdef KRB5_GET_TICKETS
-	if (got_v5_tickets) {
+	if (got_v5_tickets && rewrite_ccache) {
 	     retval = krb5_cc_initialize (kcontext, ccache, me);
 	     if (retval) {
 		  syslog(LOG_ERR,
 			 "%s while re-initializing V5 ccache as user",
 			 error_message(retval));
-		  sleepexit(1);
+		  goto skip_ccache_output;
 	     }
 	     if (retval = krb5_cc_store_cred(kcontext, ccache, &save_v5creds)) {
 		  syslog(LOG_ERR,
 			 "%s while re-storing V5 credentials as user",
 			 error_message(retval));
-		  sleepexit(1);
+
 	     }
-	     krb5_free_cred_contents(kcontext, &save_v5creds);
+	     skip_ccache_output: krb5_free_cred_contents(kcontext, &save_v5creds);
 	}
 #endif /* KRB5_GET_TICKETS */
 #ifdef KRB4_GET_TICKETS
-	if (got_v4_tickets) {
+	if (got_v4_tickets&&rewrite_ccache) {
 	     retval = in_tkt(save_v4creds.pname, save_v4creds.pinst);
 	     if (retval != KSUCCESS) {
 		  syslog(LOG_ERR,
 			 "%s while re-initializing V4 ticket cache as user",
 			 error_message(retval));
-		  sleepexit(1);
+		  goto skip_output_tkfile;
 	     }
 	     retval = krb_save_credentials(save_v4creds.service,
 					   save_v4creds.instance,
@@ -1779,11 +1786,13 @@ int main(argc, argv)
 		  syslog(LOG_ERR,
 			 "%s while re-storing V4 tickets as user",
 			 error_message(retval));
-		  sleepexit(1);
+
 	     }
+	skip_output_tkfile: /*null*/;
 	}
 #endif /* KRB4_GET_TICKETS */
 
+
 	if (*pwd->pw_shell == '\0')
 		pwd->pw_shell = BSHELL;
 #if defined(NTTYDISC) && defined(TIOCSETD)
author	Sam Hartman <hartmans@mit.edu>	1996-09-21 09:26:07 +0000
committer	Sam Hartman <hartmans@mit.edu>	1996-09-21 09:26:07 +0000
commit	b67d0cec8adc2c43e274c60e8a838cf63f06d206 (patch)
tree	58e9b454aea97b5ce2f404ad8ccd6576f1f9d4ac /src/appl/bsd
parent	a67adf453eb72787f5bef983750684e48257eb49 (diff)
download	krb5-b67d0cec8adc2c43e274c60e8a838cf63f06d206.tar.gz krb5-b67d0cec8adc2c43e274c60e8a838cf63f06d206.tar.xz krb5-b67d0cec8adc2c43e274c60e8a838cf63f06d206.zip