diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2002-08-20 21:25:23 +0000 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2002-08-20 21:25:23 +0000 |
| commit | f48f91879a9d2ee8c0f4ac98d8c6744e80e20c46 (patch) | |
| tree | be976616e023831f156b25f31aff586e9c8d0d5c /security/krb5-beta/files/patch-ba | |
| parent | Update to 2.4.0.8. (diff) | |
New MIT Kerberos V beta, V 1.2.6-beta1.
Diffstat (limited to 'security/krb5-beta/files/patch-ba')
| -rw-r--r-- | security/krb5-beta/files/patch-ba | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/security/krb5-beta/files/patch-ba b/security/krb5-beta/files/patch-ba new file mode 100644 index 000000000000..60d70466eff3 --- /dev/null +++ b/security/krb5-beta/files/patch-ba @@ -0,0 +1,81 @@ +--- appl/bsd/login.c.ORIG Wed Oct 13 12:55:47 1999 ++++ appl/bsd/login.c Wed Oct 13 12:56:29 1999 +@@ -1303,19 +1304,6 @@ + setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET); + } + +- /* Policy: If local password is good, user is good. +- We really can't trust the Kerberos password, +- because somebody on the net could spoof the +- Kerberos server (not easy, but possible). +- Some sites might want to use it anyways, in +- which case they should change this line +- to: +- if (kpass_ok) +- */ +- +- if (lpass_ok) +- break; +- + if (got_v5_tickets) { + if (retval = krb5_verify_init_creds(kcontext, &my_creds, NULL, + NULL, &xtra_creds, +@@ -1338,6 +1326,9 @@ + } + #endif /* KRB4_GET_TICKETS */ + ++ if (lpass_ok) ++ break; ++ + bad_login: + setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET); + +@@ -1640,20 +1631,28 @@ + /* set up credential cache -- obeying KRB5_ENV_CCNAME + set earlier */ + /* (KRB5_ENV_CCNAME == "KRB5CCNAME" via osconf.h) */ +- if (retval = krb5_cc_default(kcontext, &ccache)) { ++ retval = krb5_cc_default(kcontext, &ccache); ++ if (retval) + com_err(argv[0], retval, "while getting default ccache"); +- } else if (retval = krb5_cc_initialize(kcontext, ccache, me)) { +- com_err(argv[0], retval, "when initializing cache"); +- } else if (retval = krb5_cc_store_cred(kcontext, ccache, &my_creds)) { +- com_err(argv[0], retval, "while storing credentials"); +- } else if (xtra_creds && +- (retval = krb5_cc_copy_creds(kcontext, xtra_creds, +- ccache))) { +- com_err(argv[0], retval, "while storing credentials"); ++ else { ++ retval = krb5_cc_initialize(kcontext, ccache, me); ++ if (retval) ++ com_err(argv[0], retval, "when initializing cache"); ++ else { ++ retval = krb5_cc_store_cred(kcontext, ccache, &my_creds); ++ if (retval) ++ com_err(argv[0], retval, "while storing credentials"); ++ else { ++ if (xtra_creds) { ++ retval = krb5_cc_copy_creds(kcontext, xtra_creds, ++ ccache); ++ if (retval) ++ com_err(argv[0], retval, "while storing credentials"); ++ krb5_cc_destroy(kcontext, xtra_creds); ++ } ++ } ++ } + } +- +- if (xtra_creds) +- krb5_cc_destroy(kcontext, xtra_creds); + } else if (forwarded_v5_tickets && rewrite_ccache) { + if ((retval = krb5_cc_initialize (kcontext, ccache, me))) { + syslog(LOG_ERR, +@@ -1727,6 +1727,7 @@ + + if (ccname) + setenv("KRB5CCNAME", ccname, 1); ++ krb5_cc_set_default_name(kcontext, ccname); + + setenv("HOME", pwd->pw_dir, 1); + setenv("PATH", LPATH, 1); |