Various changes to keep up with krb5, mostly addition of the kcontext

structure.  From PR 3826, by Chris Jones.

usr.bin/login/Makefile

@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.12 1997/08/16 13:50:43 lukem Exp $
+#	$NetBSD: Makefile,v 1.13 1997/08/19 17:26:13 mycroft Exp $
 #	@(#)Makefile	8.1 (Berkeley) 7/19/93
 
 PROG=	login
@@ -12,7 +12,7 @@ WARNS?= 1
 .if defined(KERBEROS5)
 SRCS+=	k5login.c
 DPADD+=	${LIBKRB5} ${LIBCRYPTO}
-LDADD+=	-lkrb5 -lcrypto
+LDADD+=	-lkrb5 -lcrypto -lcom_err
 CFLAGS+= -DKERBEROS5
 .elif defined(KERBEROS)
 SRCS+=	klogin.c

usr.bin/login/k5login.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: k5login.c,v 1.4 1997/08/16 13:50:44 lukem Exp $	*/
+/*	$NetBSD: k5login.c,v 1.5 1997/08/19 17:26:14 mycroft Exp $	*/
 
 /*-
  * Copyright (c) 1990 The Regents of the University of California.
@@ -38,16 +38,13 @@
 #if 0
 static char sccsid[] = "@(#)klogin.c	5.11 (Berkeley) 7/12/92";
 #endif
-__RCSID("$NetBSD: k5login.c,v 1.4 1997/08/16 13:50:44 lukem Exp $");
+__RCSID("$NetBSD: k5login.c,v 1.5 1997/08/19 17:26:14 mycroft Exp $");
 #endif /* not lint */
 
 #ifdef KERBEROS5
 #include <sys/param.h>
 #include <sys/syslog.h>
-#include <com_err.h>
-#include <krb5/krb5.h>
-#include <krb5/ext-proto.h>
-#include <krb5/los-proto.h>
+#include <krb5.h>
 #include <pwd.h>
 #include <netdb.h>
 #include <stdio.h>
@@ -58,18 +55,12 @@ __RCSID("$NetBSD: k5login.c,v 1.4 1997/08/16 13:50:44 lukem Exp $");
 #define KRB5_DEFAULT_LIFE 60*60*10 /* 10 hours */
 
 krb5_data tgtname = {
+    0,
     KRB5_TGS_NAME_SIZE,
     KRB5_TGS_NAME
 };
 
-/*
- * Try no preauthentication first; then try the encrypted timestamp
- */
-int preauth_search_list[] = {
-	0,			
-	KRB5_PADATA_ENC_TIMESTAMP,
-	-1
-	};
+krb5_context kcontext;
 
 extern int notickets;
 extern char *krbtkfile_env;
@@ -110,7 +101,7 @@ klogin(pw, instance, localhost, password)
 	}
 #endif
 
-	krb5_init_ets();
+	krb5_init_ets(kcontext);
 
 	/*
 	 * Root logins don't use Kerberos.
@@ -121,7 +112,7 @@ klogin(pw, instance, localhost, password)
 	 * without issuing any tickets.
 	 */
 	if (strcmp(pw->pw_name, "root") == 0 ||
-	    krb5_get_default_realm(&realm))
+	    krb5_get_default_realm(kcontext, &realm))
 		return (1);
 
 	/*
@@ -138,32 +129,32 @@ klogin(pw, instance, localhost, password)
 		"FILE:/tmp/krb5cc_root_%d.%s", pw->pw_uid, tty);
 	krbtkfile_env = tkt_location;
 
-	principal = malloc(strlen(pw->pw_name)+strlen(instance)+2);
+	principal = (char *)malloc(strlen(pw->pw_name)+strlen(instance)+2);
 	strcpy(principal, pw->pw_name);	/* XXX strcpy is safe */
 	if (strlen(instance)) {
 	    strcat(principal, "/");		/* XXX strcat is safe */
 	    strcat(principal, instance);	/* XXX strcat is safe */
 	}
 	
-	if (kerror = krb5_cc_resolve(tkt_location, &ccache)) {
+	if (kerror = krb5_cc_resolve(kcontext, tkt_location, &ccache)) {
 	    syslog(LOG_NOTICE, "warning: %s while getting default ccache",
 		error_message(kerror));
 	    return(1);
 	}
 
-	if (kerror = krb5_parse_name(principal, &me)) {
+	if (kerror = krb5_parse_name(kcontext, principal, &me)) {
 	    syslog(LOG_NOTICE, "warning: %s when parsing name %s",
 		error_message(kerror), principal);
 	    return(1);
 	}
     
-	if (kerror = krb5_unparse_name(me, &client_name)) {
+	if (kerror = krb5_unparse_name(kcontext, me, &client_name)) {
 	    syslog(LOG_NOTICE, "warning: %s when unparsing name %s",
 		error_message(kerror), principal);
 	    return(1);
 	}
 
-	kerror = krb5_cc_initialize (ccache, me);
+	kerror = krb5_cc_initialize(kcontext, ccache, me);
 	if (kerror != 0) {
 	    syslog(LOG_NOTICE, "%s when initializing cache %s",
 		error_message(kerror), tkt_location);
@@ -174,12 +165,13 @@ klogin(pw, instance, localhost, password)
     
 	my_creds.client = me;
 
-	if (kerror = krb5_build_principal_ext(&server,
-					krb5_princ_realm(me)->length,
-					krb5_princ_realm(me)->data,
+	if (kerror = krb5_build_principal_ext(kcontext,
+					&server,
+					krb5_princ_realm(kcontext, me)->length,
+					krb5_princ_realm(kcontext, me)->data,
 					tgtname.length, tgtname.data,
-					krb5_princ_realm(me)->length,
-					krb5_princ_realm(me)->data,
+					krb5_princ_realm(kcontext, me)->length,
+					krb5_princ_realm(kcontext, me)->data,
 					0)) {
 	    syslog(LOG_NOTICE, "%s while building server name",
 		error_message(kerror));
@@ -188,14 +180,14 @@ klogin(pw, instance, localhost, password)
 
 	my_creds.server = server;
 
-	kerror = krb5_os_localaddr(&my_addresses);
+	kerror = krb5_os_localaddr(kcontext, &my_addresses);
 	if (kerror != 0) {
 	    syslog(LOG_NOTICE, "%s when getting my address",
 		error_message(kerror));
 	    return(1);
 	}
 
-	if (kerror = krb5_timeofday(&now)) {
+	if (kerror = krb5_timeofday(kcontext, &now)) {
 	    syslog(LOG_NOTICE, "%s while getting time of day",
 		error_message(kerror));
 	    return(1);
@@ -205,21 +197,16 @@ klogin(pw, instance, localhost, password)
 	my_creds.times.endtime = now + lifetime;
 	my_creds.times.renew_till = 0;
 
-	for (i=0; preauth_search_list[i] >= 0; i++) {
-	    kerror = krb5_get_in_tkt_with_password(options, my_addresses,
-		                                   preauth_search_list[i],
-		                                   ETYPE_DES_CBC_CRC,
-						   KEYTYPE_DES,
-						   password,
-						   ccache,
-						   &my_creds, 0);
-	    if (kerror != KRB5KDC_PREAUTH_FAILED &&
-		kerror != KRB5KRB_ERR_GENERIC)
-		    break;
-	}
+	kerror = krb5_get_in_tkt_with_password(kcontext, options,
+					       my_addresses,
+					       NULL,
+					       NULL,
+					       password,
+					       ccache,
+					       &my_creds, 0);
 
-	krb5_free_principal(server);
-	krb5_free_addresses(my_addresses);
+	krb5_free_principal(kcontext, server);
+	krb5_free_addresses(kcontext, my_addresses);
 
 	if (chown(&tkt_location[5], pw->pw_uid, pw->pw_gid) < 0)
 		syslog(LOG_ERR, "chown tkfile (%s): %m", &tkt_location[5]);
@@ -250,11 +237,11 @@ kdestroy()
 	if (krbtkfile_env == NULL)
 	    return;
 
-	code = krb5_cc_resolve(krbtkfile_env, &ccache);
+	code = krb5_cc_resolve(kcontext, krbtkfile_env, &ccache);
 	if (!code) {
-	    code = krb5_cc_destroy(ccache);
+	    code = krb5_cc_destroy(kcontext, ccache);
 	    if (!code) {
-		krb5_cc_close(ccache);
+		krb5_cc_close(kcontext, ccache);
 	    }
 	}
 }

usr.bin/login/login.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: login.c,v 1.24 1997/08/16 13:50:46 lukem Exp $	*/
+/*	$NetBSD: login.c,v 1.25 1997/08/19 17:26:15 mycroft Exp $	*/
 
 /*-
  * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
@@ -44,7 +44,7 @@ __COPYRIGHT(
 #if 0
 static char sccsid[] = "@(#)login.c	8.4 (Berkeley) 4/2/94";
 #endif
-__RCSID("$NetBSD: login.c,v 1.24 1997/08/16 13:50:46 lukem Exp $");
+__RCSID("$NetBSD: login.c,v 1.25 1997/08/19 17:26:15 mycroft Exp $");
 #endif /* not lint */
 
 /*
@@ -76,6 +76,10 @@ __RCSID("$NetBSD: login.c,v 1.24 1997/08/16 13:50:46 lukem Exp $");
 #include <utmp.h>
 #include <util.h>
 
+#ifdef KERBEROS5
+#include <krb5.h>		/* Solely for definition of kcontext */
+#endif
+
 #include "pathnames.h"
 
 void	 badlogin __P((char *));
@@ -112,6 +116,9 @@ char	*instance;
 char	*krbtkfile_env;
 int	authok;
 #endif
+#ifdef KERBEROS5
+extern krb5_context kcontext;
+#endif
 
 struct	passwd *pwd;
 int	failures;
@@ -138,6 +145,9 @@ main(argc, argv)
 	char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10];
 	char localhost[MAXHOSTNAMELEN];
 	int need_chpass;
+#ifdef KERBEROS5
+	krb5_error_code kerror;
+#endif
 
 	tbuf[0] = '\0';
 	rval = 0;
@@ -223,6 +233,15 @@ main(argc, argv)
 	else
 		tty = ttyn;
 
+#ifdef KERBEROS5
+	kerror = krb5_init_context(&kcontext);
+	if (kerror) {
+		syslog(LOG_NOTICE, "%s when initializing Kerberos context",
+		    error_message(kerror));
+		exit(1);
+	}
+#endif KERBEROS5
+
 	for (cnt = 0;; ask = 1) {
 #ifdef SKEY
 		used_skey = 0;