Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-6]: src/usr.bin/login Pull up following revision(s) (requested by...
details: https://anonhg.NetBSD.org/src/rev/792cff4b6c92
branches: netbsd-6
changeset: 774055:792cff4b6c92
user: riz <riz%NetBSD.org@localhost>
date: Mon May 07 16:24:07 2012 +0000
description:
Pull up following revision(s) (requested by christos in ticket #215):
usr.bin/login/login.c: revision 1.100
usr.bin/login/login.c: revision 1.101
usr.bin/login/login.c: revision 1.102
usr.bin/login/common.c: revision 1.4
usr.bin/login/common.h: revision 1.2
usr.bin/login/k5login.c: revision 1.28
usr.bin/login/k5login.c: revision 1.29
usr.bin/login/login.c: revision 1.99
usr.bin/login/login_pam.c: revision 1.21
usr.bin/login/Makefile: revision 1.53
usr.bin/login/Makefile: revision 1.54
usr.bin/login/Makefile: revision 1.55
usr.bin/login/k5login.c: revision 1.30
usr.bin/login/k5login.c: revision 1.31
usr.bin/login/k5login.c: revision 1.32
usr.bin/login/k5login.c: revision 1.33
make krb5 compile again. XXX: one function left that is deprecated, what's
the new equivalent?
centralize error function processing.
fix the USE_KERBEROS=no USE_PAM=no build.
remove obsolete comment.
make kerberos work again:
1. make notickets external
2. don't use the tty as part of the credential cache, since pts/1 will not work.
3. Attempt to use the newer functions, but punt for now since it does not work
yet.
don't abuse the instance variable
move more of the compat code in the compat block.
last commit before I nuke the old code.
no more KRB5_DEPRECATED
diffstat:
usr.bin/login/Makefile | 4 +-
usr.bin/login/common.c | 24 ++++++---
usr.bin/login/common.h | 10 ++-
usr.bin/login/k5login.c | 122 ++++++++++++++++++---------------------------
usr.bin/login/login.c | 36 ++++++------
usr.bin/login/login_pam.c | 20 +++----
6 files changed, 101 insertions(+), 115 deletions(-)
diffs (truncated from 564 to 300 lines):
diff -r 8445fadb2661 -r 792cff4b6c92 usr.bin/login/Makefile
--- a/usr.bin/login/Makefile Mon May 07 15:59:37 2012 +0000
+++ b/usr.bin/login/Makefile Mon May 07 16:24:07 2012 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.52 2011/04/24 21:42:06 elric Exp $
+# $NetBSD: Makefile,v 1.52.6.1 2012/05/07 16:24:07 riz Exp $
# @(#)Makefile 8.1 (Berkeley) 7/19/93
-WARNS?= 2 # XXX -Wcast-qual issues
+WARNS?= 5
.include <bsd.own.mk>
diff -r 8445fadb2661 -r 792cff4b6c92 usr.bin/login/common.c
--- a/usr.bin/login/common.c Mon May 07 15:59:37 2012 +0000
+++ b/usr.bin/login/common.c Mon May 07 16:24:07 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: common.c,v 1.3 2009/12/29 20:15:15 christos Exp $ */
+/* $NetBSD: common.c,v 1.3.8.1 2012/05/07 16:24:07 riz Exp $ */
/*-
* Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
@@ -29,7 +29,7 @@
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: common.c,v 1.3 2009/12/29 20:15:15 christos Exp $");
+__RCSID("$NetBSD: common.c,v 1.3.8.1 2012/05/07 16:24:07 riz Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -77,11 +77,20 @@
void decode_ss(const char *);
struct passwd *pwd;
int failures, have_ss;
-char term[64], *envinit[1], *hostname, *username, *tty, *nested;
+char term[64], *envinit[1], *hostname, *tty, *nested;
+const char *username;
struct timeval now;
struct sockaddr_storage ss;
-void
+char *
+trimloginname(char *u)
+{
+ if (strlen(u) > MAXLOGNAME)
+ u[MAXLOGNAME] = '\0';
+ return u;
+}
+
+char *
getloginname(void)
{
int ch;
@@ -104,8 +113,7 @@
"login names may not start with '-'.\n");
else {
*p = '\0';
- username = nbuf;
- break;
+ return nbuf;
}
}
}
@@ -122,7 +130,7 @@
static jmp_buf motdinterrupt;
void
-motd(char *fname)
+motd(const char *fname)
{
int fd, nchars;
sig_t oldint;
@@ -243,7 +251,7 @@
utmpx.ut_type = USER_PROCESS;
utmpx.ut_pid = getpid();
t = tty + strlen(tty);
- if (t - tty >= sizeof(utmpx.ut_id)) {
+ if ((size_t)(t - tty) >= sizeof(utmpx.ut_id)) {
(void)strncpy(utmpx.ut_id, t - sizeof(utmpx.ut_id),
sizeof(utmpx.ut_id));
} else {
diff -r 8445fadb2661 -r 792cff4b6c92 usr.bin/login/common.h
--- a/usr.bin/login/common.h Mon May 07 15:59:37 2012 +0000
+++ b/usr.bin/login/common.h Mon May 07 16:24:07 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: common.h,v 1.1 2009/12/29 19:26:13 christos Exp $ */
+/* $NetBSD: common.h,v 1.1.8.1 2012/05/07 16:24:07 riz Exp $ */
/*-
* Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
@@ -33,8 +33,9 @@
void badlogin(const char *);
void update_db(int, int, int);
-void getloginname(void);
-void motd(char *);
+char *trimloginname(char *);
+char *getloginname(void);
+void motd(const char *);
int rootterm(char *);
void sigint(int);
void sleepexit(int);
@@ -45,7 +46,8 @@
extern u_int timeout;
extern struct passwd *pwd;
extern int failures, have_ss;
-extern char term[64], *envinit[1], *hostname, *username, *tty, *nested;
+extern char term[64], *envinit[1], *hostname, *tty, *nested;
+extern const char *username;
extern struct timeval now;
extern struct sockaddr_storage ss;
extern const char copyrightstr[];
diff -r 8445fadb2661 -r 792cff4b6c92 usr.bin/login/k5login.c
--- a/usr.bin/login/k5login.c Mon May 07 15:59:37 2012 +0000
+++ b/usr.bin/login/k5login.c Mon May 07 16:24:07 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: k5login.c,v 1.27 2006/03/23 23:33:28 wiz Exp $ */
+/* $NetBSD: k5login.c,v 1.27.46.1 2012/05/07 16:24:07 riz Exp $ */
/*-
* Copyright (c) 1990 The Regents of the University of California.
@@ -51,7 +51,7 @@
#if 0
static char sccsid[] = "@(#)klogin.c 5.11 (Berkeley) 7/12/92";
#endif
-__RCSID("$NetBSD: k5login.c,v 1.27 2006/03/23 23:33:28 wiz Exp $");
+__RCSID("$NetBSD: k5login.c,v 1.27.46.1 2012/05/07 16:24:07 riz Exp $");
#endif /* not lint */
#ifdef KERBEROS5
@@ -71,7 +71,7 @@
krb5_context kcontext;
-int notickets;
+extern int notickets;
int krb5_configured;
char *krb5tkfile_env;
extern char *tty;
@@ -81,7 +81,7 @@
static char tkt_location[MAXPATHLEN];
static krb5_creds forw_creds;
int have_forward;
-static krb5_principal me, server;
+static krb5_principal me;
int k5_read_creds(char *);
int k5_write_creds(void);
@@ -89,12 +89,26 @@
int k5login(struct passwd *, char *, char *, char *);
void k5destroy(void);
-#ifndef krb5_realm_length
-#define krb5_realm_length(r) ((r).length)
-#endif
-#ifndef krb5_realm_data
-#define krb5_realm_data(r) ((r).data)
-#endif
+static void __printflike(3, 4)
+k5_log(krb5_context context, krb5_error_code kerror, const char *fmt, ...)
+{
+ const char *msg = krb5_get_error_message(context, kerror);
+ char *str;
+ va_list ap;
+
+ va_start(ap, fmt);
+ if (vasprintf(&str, fmt, ap) == -1) {
+ va_end(ap);
+ syslog(LOG_NOTICE, "Cannot allocate memory for error %s: %s",
+ fmt, msg);
+ return;
+ }
+ va_end(ap);
+
+ syslog(LOG_NOTICE, "warning: %s: %s", str, msg);
+ krb5_free_error_message(kcontext, msg);
+ free(str);
+}
/*
* Verify the Kerberos ticket-granting ticket just retrieved for the
@@ -163,8 +177,7 @@
else if (kerror) {
krb5_warn(kcontext, kerror,
"Unable to verify Kerberos V5 TGT: %s", phost);
- syslog(LOG_NOTICE, "Kerberos V5 TGT bad: %s",
- krb5_get_err_text(kcontext, kerror));
+ k5_log(kcontext, kerror, "Kerberos V5 TGT bad");
retval = -1;
goto EGRESS;
}
@@ -192,11 +205,9 @@
retval = -1;
}
krb5_warn(kcontext, kerror, "Unable to verify host ticket");
- syslog(LOG_NOTICE, "can't verify v5 ticket: %s; %s\n",
- krb5_get_err_text(kcontext, kerror),
- retval
- ? "keytab found, assuming failure"
- : "no keytab found, assuming success");
+ k5_log(kcontext, kerror, "can't verify v5 ticket (%s)",
+ retval ? "keytab found, assuming failure" :
+ "no keytab found, assuming success");
goto EGRESS;
}
/*
@@ -243,13 +254,13 @@
}
mcreds.client = me;
+ const char *realm = krb5_principal_get_realm(kcontext, me);
+ size_t rlen = strlen(realm);
kerror = krb5_build_principal_ext(kcontext, &mcreds.server,
- krb5_realm_length(*krb5_princ_realm(kcontext, me)),
- krb5_realm_data(*krb5_princ_realm(kcontext, me)),
+ rlen, realm,
KRB5_TGS_NAME_SIZE,
KRB5_TGS_NAME,
- krb5_realm_length(*krb5_princ_realm(kcontext, me)),
- krb5_realm_data(*krb5_princ_realm(kcontext, me)),
+ rlen, realm,
0);
if (kerror) {
krb5_warn(kcontext, kerror, "while building server name");
@@ -321,17 +332,12 @@
{
krb5_error_code kerror;
krb5_creds my_creds;
- krb5_timestamp now;
krb5_ccache ccache = NULL;
- long lifetime = KRB5_DEFAULT_LIFE;
- int options = KRB5_DEFAULT_OPTIONS;
char *realm, *client_name;
char *principal;
krb5_configured = 1;
- if (login_krb5_forwardable_tgt)
- options |= KDC_OPT_FORWARDABLE;
/*
* Root logins don't use Kerberos.
@@ -355,10 +361,10 @@
if (strcmp(instance, "root") != 0)
(void)snprintf(tkt_location, sizeof tkt_location,
- "FILE:/tmp/krb5cc_%d.%s", pw->pw_uid, tty);
+ "FILE:/tmp/krb5cc_%d", pw->pw_uid);
else
(void)snprintf(tkt_location, sizeof tkt_location,
- "FILE:/tmp/krb5cc_root_%d.%s", pw->pw_uid, tty);
+ "FILE:/tmp/krb5cc_root_%d", pw->pw_uid);
krb5tkfile_env = tkt_location;
has_ccache = 1;
@@ -372,71 +378,43 @@
}
if ((kerror = krb5_cc_resolve(kcontext, tkt_location, &ccache)) != 0) {
- syslog(LOG_NOTICE, "warning: %s while getting default ccache",
- krb5_get_err_text(kcontext, kerror));
+ k5_log(kcontext, kerror, "while getting default ccache");
return (1);
}
if ((kerror = krb5_parse_name(kcontext, principal, &me)) != 0) {
- syslog(LOG_NOTICE, "warning: %s when parsing name %s",
- krb5_get_err_text(kcontext, kerror), principal);
+ k5_log(kcontext, kerror, "when parsing name %s", principal);
return (1);
}
if ((kerror = krb5_unparse_name(kcontext, me, &client_name)) != 0) {
- syslog(LOG_NOTICE, "warning: %s when unparsing name %s",
- krb5_get_err_text(kcontext, kerror), principal);
+ k5_log(kcontext, kerror, "when unparsing name %s", principal);
return (1);
}
kerror = krb5_cc_initialize(kcontext, ccache, me);
if (kerror != 0) {
- syslog(LOG_NOTICE, "%s when initializing cache %s",
- krb5_get_err_text(kcontext, kerror), tkt_location);
- return (1);
- }
-
- memset((char *)&my_creds, 0, sizeof(my_creds));
-
- my_creds.client = me;
-
- if ((kerror = krb5_build_principal_ext(kcontext,
- &server,
- krb5_realm_length(*krb5_princ_realm(kcontext, me)),
- krb5_realm_data(*krb5_princ_realm(kcontext, me)),
- KRB5_TGS_NAME_SIZE,
- KRB5_TGS_NAME,
- krb5_realm_length(*krb5_princ_realm(kcontext, me)),
- krb5_realm_data(*krb5_princ_realm(kcontext, me)),
- 0)) != 0) {
Home |
Main Index |
Thread Index |
Old Index