aboutsummaryrefslogblamecommitdiff
path: root/security/krb5-16/files/patch-ba
blob: 60d70466eff3aa35f98cf10b69b722ce96cbebf4 (plain) (tree) 
f91c2d789248


f91c2d789248






























071860d8ceee

f91c2d789248



































071860d8ceee


f91c2d789248











1
2

3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

33

34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

69
70

71
72
73
74
75
76
77
78
79
80
81


                                                        





























                                                                              
                       


































                                                                                  

                                                  










                                                                   
--- appl/bsd/login.c.ORIG	Wed Oct 13 12:55:47 1999
+++ appl/bsd/login.c	Wed Oct 13 12:56:29 1999
@@ -1303,19 +1304,6 @@
 		setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET);
 	    }
 
-	    /* Policy: If local password is good, user is good.
-	       We really can't trust the Kerberos password,
-	       because somebody on the net could spoof the
-	       Kerberos server (not easy, but possible).
-	       Some sites might want to use it anyways, in
-	       which case they should change this line
-	       to:
-	       if (kpass_ok)
-	    */
-
-	    if (lpass_ok)
-		break;
-
 	    if (got_v5_tickets) {
 		if (retval = krb5_verify_init_creds(kcontext, &my_creds, NULL,
 						    NULL, &xtra_creds,
@@ -1338,6 +1326,9 @@
 	    }
 #endif /* KRB4_GET_TICKETS */
 
+	    if (lpass_ok)
+		break;
+
 	bad_login:
 	    setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET);
 
@@ -1640,20 +1631,28 @@
 	/* set up credential cache -- obeying KRB5_ENV_CCNAME 
 	   set earlier */
 	/* (KRB5_ENV_CCNAME == "KRB5CCNAME" via osconf.h) */
-	if (retval = krb5_cc_default(kcontext, &ccache)) {
+	retval = krb5_cc_default(kcontext, &ccache);
+	if (retval)
 	    com_err(argv[0], retval, "while getting default ccache");
-	} else if (retval = krb5_cc_initialize(kcontext, ccache, me)) {
-	    com_err(argv[0], retval, "when initializing cache");
-	} else if (retval = krb5_cc_store_cred(kcontext, ccache, &my_creds)) {
-	    com_err(argv[0], retval, "while storing credentials");
-	} else if (xtra_creds &&
-		   (retval = krb5_cc_copy_creds(kcontext, xtra_creds,
-						ccache))) {
-	    com_err(argv[0], retval, "while storing credentials");
+	else {
+	    retval = krb5_cc_initialize(kcontext, ccache, me);
+	    if (retval)
+		com_err(argv[0], retval, "when initializing cache");
+	    else {
+		retval = krb5_cc_store_cred(kcontext, ccache, &my_creds);
+		if (retval)
+		    com_err(argv[0], retval, "while storing credentials");
+		else  {
+		    if (xtra_creds) {
+			retval = krb5_cc_copy_creds(kcontext, xtra_creds,
+						ccache);
+			if (retval)
+			    com_err(argv[0], retval, "while storing credentials");
+			krb5_cc_destroy(kcontext, xtra_creds);
+		    }
+		}
+	    }
 	}
-
-	if (xtra_creds)
-	    krb5_cc_destroy(kcontext, xtra_creds);
     } else if (forwarded_v5_tickets && rewrite_ccache) {
 	if ((retval = krb5_cc_initialize (kcontext, ccache, me))) {
 	    syslog(LOG_ERR,
@@ -1727,6 +1727,7 @@
 
     if (ccname)
 	setenv("KRB5CCNAME", ccname, 1);
+    krb5_cc_set_default_name(kcontext, ccname);
 
     setenv("HOME", pwd->pw_dir, 1);
     setenv("PATH", LPATH, 1);
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-28 17:54:38 +0000