Attachment 108349 Details for Bug 83323 – 4.0.3-kerberos.patch for use with screen-4.0.3-r1

[patch] 4.0.3-kerberos.patch for use with screen-4.0.3-r1

4.0.3-kerberos.patch (text/plain), 9.23 KB, created by Alex Unigovsky on 2007-01-28 07:12:27 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Alex Unigovsky

Created: 2007-01-28 07:12:27 UTC

Size: 9.23 KB

patch

obsolete

>diff -Nur screen-4.0.2/config.h.in screen-4.0.2-krb5/config.h.in
>--- screen-4.0.2/config.h.in	2003-12-05 14:59:39.000000000 +0100
>+++ screen-4.0.2-krb5/config.h.in	2005-02-25 16:45:36.688158560 +0100
>@@ -651,6 +651,12 @@
>  */
> #undef HAVE_OPENPTY
> 
>+/*
>+ * define HAVE_KRB5 if your system supports MIT Kerberos 5 or
>+ * equivalent.
>+ */
>+#undef HAVE_KRB5
>+
> /* 
>  * define PTYRANGE0 and or PTYRANGE1 if you want to adapt screen
>  * to unusual environments. E.g. For SunOs the defaults are "qpr" and 
>diff -Nur screen-4.0.2/configure.in screen-4.0.2-krb5/configure.in
>--- screen-4.0.2/configure.in	2003-06-03 13:58:24.000000000 +0200
>+++ screen-4.0.2-krb5/configure.in	2005-02-25 16:45:36.704156128 +0100
>@@ -719,6 +719,17 @@
> AC_DEFINE_UNQUOTED(PTYRANGE1,"$p1")
> fi
> 
>+dnl    **** Kerberos ****
>+AC_ARG_WITH(krb5, [  --with-krb5[=dir]         Use Kerberos 5 (optionally installed in dir)])
>+if test "$with_krb5" != no -a -n "$with_krb5"; then
>+	if test "$with_krb5" != yes; then
>+		CFLAGS="$CFLAGS -I${with_krb5}/include"
>+		LDFLAGS="$LDFLAGS -L${with_krb5}/lib"
>+	fi
>+	LIBS="$LIBS -lkrb5"
>+	AC_DEFINE(HAVE_KRB5)
>+fi
>+
> dnl    ****  pty mode/group handling ****
> dnl
> dnl support provided by Luke Mewburn <lm@rmit.edu.au>, 931222
>diff -Nur screen-4.0.2/kerberos.c screen-4.0.2-krb5/kerberos.c
>--- screen-4.0.2/kerberos.c	1970-01-01 01:00:00.000000000 +0100
>+++ screen-4.0.2-krb5/kerberos.c	2005-02-25 16:45:36.716154304 +0100
>@@ -0,0 +1,218 @@
>+/* Copyright (c) 2005
>+ *      Fredrik Tolf (fredrik@dolda2000.com)
>+ *
>+ * This program is free software; you can redistribute it and/or modify
>+ * it under the terms of the GNU General Public License as published by
>+ * the Free Software Foundation; either version 2, or (at your option)
>+ * any later version.
>+ *
>+ * This program is distributed in the hope that it will be useful,
>+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
>+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>+ * GNU General Public License for more details.
>+ *
>+ * You should have received a copy of the GNU General Public License
>+ * along with this program (see the file COPYING); if not, write to the
>+ * Free Software Foundation, Inc.,
>+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA
>+ *
>+ ****************************************************************
>+ */
>+
>+#include "config.h"
>+#ifdef HAVE_KRB5
>+
>+#include <stdlib.h>
>+#include <stdio.h>
>+#include <unistd.h>
>+#include <krb5.h>
>+#include <com_err.h>
>+
>+#include "screen.h"
>+
>+/*
>+ * I do not like the coding style of screen... =(
>+ */
>+
>+static krb5_context context;
>+static krb5_ccache ccache;
>+static int usingkrb = 0;
>+static struct event renewev;
>+
>+#include "extern.h"
>+
>+static void
>+krb_renew(ev, data)
>+struct event *ev;
>+char *data;
>+{
>+  int ret;
>+  krb5_principal myprinc;
>+  krb5_creds creds;
>+  krb5_cc_cursor cur;
>+  time_t now;
>+  int renew;
>+  
>+  SetTimeout(&renewev, 60000);
>+  evenq(&renewev);
>+  
>+  if((ret = krb5_cc_get_principal(context, ccache, &myprinc)) != 0)
>+    {
>+      Msg(0, "Could not get principal to renew: %s", error_message(ret));
>+      return;
>+    }
>+
>+  if((ret = krb5_cc_start_seq_get(context, ccache, &cur)) != 0)
>+    {
>+      Msg(0, "Could not open current credentials cache: %s", error_message(ret));
>+      krb5_free_principal(context, myprinc);
>+      return;
>+    }
>+  time(&now);
>+  renew = 0;
>+  while(!krb5_cc_next_cred(context, ccache, &cur, &creds))
>+    {
>+      if(!strcmp(krb5_princ_component(context, creds.server, 0)->data, KRB5_TGS_NAME) &&
>+	 !strcmp(krb5_princ_component(context, creds.server, 1)->data, myprinc->realm.data))
>+	{
>+	  if(!creds.times.starttime)
>+	    creds.times.starttime = creds.times.authtime;
>+	  if(now > (creds.times.starttime + (((creds.times.endtime - creds.times.starttime) * 9) / 10)))
>+	    renew = 1;
>+	  break;
>+	}
>+      krb5_free_cred_contents(context, &creds);
>+    }
>+  krb5_cc_end_seq_get(context, ccache, &cur);
>+  if(!renew)
>+    {
>+      krb5_free_principal(context, myprinc);
>+      return;
>+    }
>+  
>+  memset(&creds, 0, sizeof(creds));
>+  if((ret = krb5_get_renewed_creds(context, &creds, myprinc, ccache, NULL)) != 0)
>+    {
>+      Msg(0, "Could not get renewed credentials: %s", error_message(ret));
>+      krb5_free_principal(context, myprinc);
>+      return;
>+    }
>+  if((ret = krb5_cc_initialize(context, ccache, myprinc)) != 0)
>+    {
>+      Msg(0, "Could not re-initialize credentials cache: %s", error_message(ret));
>+      krb5_free_principal(context, myprinc);
>+      krb5_free_cred_contents(context, &creds);
>+      return;
>+    }
>+  if((ret = krb5_cc_store_cred(context, ccache, &creds)) != 0)
>+    {
>+      Msg(0, "Could not store renewed TGT: %s", error_message(ret));
>+      krb5_free_principal(context, myprinc);
>+      krb5_free_cred_contents(context, &creds);
>+      return;
>+    }
>+
>+  krb5_free_principal(context, myprinc);
>+  krb5_free_cred_contents(context, &creds);
>+  Msg(0, "Renewed Kerberos credentials successfully.");
>+}
>+
>+int
>+krb_copycc()
>+{
>+  int ret, fd;
>+  krb5_ccache prevcache;
>+  krb5_principal myprinc;
>+  krb5_creds creds;
>+  krb5_cc_cursor cur;
>+  char buf[100];
>+  char *ccfile;
>+
>+  if((ret = krb5_init_context(&context)) != 0)
>+    {
>+      Msg(0, "Could not initialize Kerberos library: %s", error_message(ret));
>+      return(-1);
>+    }
>+  if((ret = krb5_cc_default(context, &prevcache)) != 0)
>+    {
>+      Msg(0, "Could not get Kerberos credential cache: %s", error_message(ret));
>+      krb5_free_context(context);
>+      return(-1);
>+    }
>+  if((ret = krb5_cc_get_principal(context, prevcache, &myprinc)) != 0)
>+    {
>+      Msg(0, "Could not get principal of current ccache: %s", error_message(ret));
>+      krb5_cc_close(context, prevcache);
>+      krb5_free_context(context);
>+      return(-1);
>+    }
>+
>+  sprintf(buf, "FILE:/tmp/krb5cc_scr_%i_XXXXXX", getuid());
>+  ccfile = buf + 5;
>+  if((fd = mkstemp(ccfile)) < 0)
>+    {
>+      Msg(errno, "Could not create temporary file.");
>+      krb5_cc_close(context, prevcache);
>+      krb5_free_context(context);
>+      return(-1);
>+    }
>+  close(fd);
>+  if((ret = krb5_cc_resolve(context, buf, &ccache)) != 0)
>+    {
>+      Msg(0, "Could not resolve new credential cache: %s", error_message(ret));
>+      krb5_cc_close(context, prevcache);
>+      krb5_free_context(context);
>+      return(-1);
>+    }
>+  if((ret = krb5_cc_initialize(context, ccache, myprinc)) != 0)
>+    {
>+      Msg(0, "Could not initialize new credential cache: %s", error_message(ret));
>+      krb5_cc_close(context, prevcache);
>+      krb5_free_context(context);
>+      return(-1);
>+    }
>+  
>+  if((ret = krb5_cc_start_seq_get(context, prevcache, &cur)) != 0)
>+    {
>+      Msg(0, "Could not get ccache cursor: %s", error_message(ret));
>+      krb5_cc_destroy(context, ccache);
>+      krb5_cc_close(context, prevcache);
>+      krb5_free_context(context);
>+      return(-1);
>+    }
>+  while(!krb5_cc_next_cred(context, prevcache, &cur, &creds))
>+    {
>+      if((ret = krb5_cc_store_cred(context, ccache, &creds)) != 0)
>+	{
>+	  Msg(0, "Could not store credential: %s", error_message(ret));
>+	  krb5_cc_destroy(context, ccache);
>+	  krb5_cc_close(context, prevcache);
>+	  krb5_free_context(context);
>+	  return(-1);
>+	}
>+    }
>+  krb5_cc_end_seq_get(context, prevcache, &cur);
>+  
>+  krb5_free_principal(context, myprinc);
>+  krb5_cc_close(context, prevcache);
>+  xsetenv("KRB5CCNAME", buf);
>+  MakeNewEnv();
>+  memset(&renewev, 0, sizeof(renewev));
>+  renewev.type = EV_TIMEOUT;
>+  renewev.handler = krb_renew;
>+  SetTimeout(&renewev, 60000);
>+  evenq(&renewev);
>+  usingkrb = 1;
>+  return(0);
>+}
>+
>+void
>+krb_cleanup()
>+{
>+  if(!usingkrb)
>+    return;
>+  krb5_cc_destroy(context, ccache);
>+  krb5_free_context(context);
>+}
>+
>+#endif
>diff -Nur screen-4.0.2/Makefile.in screen-4.0.2-krb5/Makefile.in
>--- screen-4.0.2/Makefile.in	2003-12-05 14:59:39.000000000 +0100
>+++ screen-4.0.2-krb5/Makefile.in	2005-02-25 17:15:51.953096472 +0100
>@@ -55,12 +55,12 @@
> 	search.c tty.c term.c window.c utmp.c loadav.c putenv.c help.c \
> 	termcap.c input.c attacher.c pty.c process.c display.c comm.c \
> 	kmapdef.c acls.c braille.c braille_tsi.c logfile.c layer.c \
>-	sched.c teln.c nethack.c encoding.c
>+	sched.c teln.c nethack.c encoding.c kerberos.c
> OFILES=	screen.o ansi.o fileio.o mark.o misc.o resize.o socket.o \
> 	search.o tty.o term.o window.o utmp.o loadav.o putenv.o help.o \
> 	termcap.o input.o attacher.o pty.o process.o display.o comm.o \
> 	kmapdef.o acls.o braille.o braille_tsi.o logfile.o layer.o \
>-	sched.o teln.o nethack.o encoding.o
>+	sched.o teln.o nethack.o encoding.o kerberos.o
> 
> all:	screen
> 
>@@ -329,3 +329,4 @@
>  comm.h layer.h term.h image.h display.h window.h extern.h
> encoding.o: encoding.c config.h screen.h os.h osdef.h ansi.h acls.h \
>  comm.h layer.h term.h image.h display.h window.h extern.h
>+kerberos.o: kerberos.c config.h screen.h osdef.h
>diff -Nur screen-4.0.2/screen.c screen-4.0.2-krb5/screen.c
>--- screen-4.0.2/screen.c	2003-09-08 16:26:41.000000000 +0200
>+++ screen-4.0.2-krb5/screen.c	2005-02-25 16:45:36.749149288 +0100
>@@ -1320,6 +1320,10 @@
> #endif
>   FinishRc(RcFileName);
> 
>+#ifdef HAVE_KRB5
>+  krb_copycc();
>+#endif
>+
>   debug2("UID %d  EUID %d\n", (int)getuid(), (int)geteuid());
>   if (windows == NULL)
>     {
>@@ -1643,6 +1647,9 @@
>       xsetegid(eff_gid);
> #endif
>     }
>+#ifdef HAVE_KRB5
>+  krb_cleanup();
>+#endif
>   for (display = displays; display; display = display->d_next)
>     {
>       if (D_status)

Actions: View | Diff

Attachments on bug 83323: 52137 | 52138 | 97723 | 97724 | 108348 | 108349