diff -Nur screen-4.0.2/config.h.in screen-4.0.2-krb5/config.h.in --- screen-4.0.2/config.h.in 2003-12-05 14:59:39.000000000 +0100 +++ screen-4.0.2-krb5/config.h.in 2005-02-25 16:45:36.688158560 +0100 @@ -651,6 +651,12 @@ */ #undef HAVE_OPENPTY +/* + * define HAVE_KRB5 if your system supports MIT Kerberos 5 or + * equivalent. + */ +#undef HAVE_KRB5 + /* * define PTYRANGE0 and or PTYRANGE1 if you want to adapt screen * to unusual environments. E.g. For SunOs the defaults are "qpr" and diff -Nur screen-4.0.2/configure.in screen-4.0.2-krb5/configure.in --- screen-4.0.2/configure.in 2003-06-03 13:58:24.000000000 +0200 +++ screen-4.0.2-krb5/configure.in 2005-02-25 16:45:36.704156128 +0100 @@ -719,6 +719,17 @@ AC_DEFINE_UNQUOTED(PTYRANGE1,"$p1") fi +dnl **** Kerberos **** +AC_ARG_WITH(krb5, [ --with-krb5[=dir] Use Kerberos 5 (optionally installed in dir)]) +if test "$with_krb5" != no -a -n "$with_krb5"; then + if test "$with_krb5" != yes; then + CFLAGS="$CFLAGS -I${with_krb5}/include" + LDFLAGS="$LDFLAGS -L${with_krb5}/lib" + fi + LIBS="$LIBS -lkrb5" + AC_DEFINE(HAVE_KRB5) +fi + dnl **** pty mode/group handling **** dnl dnl support provided by Luke Mewburn , 931222 diff -Nur screen-4.0.2/kerberos.c screen-4.0.2-krb5/kerberos.c --- screen-4.0.2/kerberos.c 1970-01-01 01:00:00.000000000 +0100 +++ screen-4.0.2-krb5/kerberos.c 2005-02-25 16:45:36.716154304 +0100 @@ -0,0 +1,218 @@ +/* Copyright (c) 2005 + * Fredrik Tolf (fredrik@dolda2000.com) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING); if not, write to the + * Free Software Foundation, Inc., + * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * + **************************************************************** + */ + +#include "config.h" +#ifdef HAVE_KRB5 + +#include +#include +#include +#include +#include + +#include "screen.h" + +/* + * I do not like the coding style of screen... =( + */ + +static krb5_context context; +static krb5_ccache ccache; +static int usingkrb = 0; +static struct event renewev; + +#include "extern.h" + +static void +krb_renew(ev, data) +struct event *ev; +char *data; +{ + int ret; + krb5_principal myprinc; + krb5_creds creds; + krb5_cc_cursor cur; + time_t now; + int renew; + + SetTimeout(&renewev, 60000); + evenq(&renewev); + + if((ret = krb5_cc_get_principal(context, ccache, &myprinc)) != 0) + { + Msg(0, "Could not get principal to renew: %s", error_message(ret)); + return; + } + + if((ret = krb5_cc_start_seq_get(context, ccache, &cur)) != 0) + { + Msg(0, "Could not open current credentials cache: %s", error_message(ret)); + krb5_free_principal(context, myprinc); + return; + } + time(&now); + renew = 0; + while(!krb5_cc_next_cred(context, ccache, &cur, &creds)) + { + if(!strcmp(krb5_princ_component(context, creds.server, 0)->data, KRB5_TGS_NAME) && + !strcmp(krb5_princ_component(context, creds.server, 1)->data, myprinc->realm.data)) + { + if(!creds.times.starttime) + creds.times.starttime = creds.times.authtime; + if(now > (creds.times.starttime + (((creds.times.endtime - creds.times.starttime) * 9) / 10))) + renew = 1; + break; + } + krb5_free_cred_contents(context, &creds); + } + krb5_cc_end_seq_get(context, ccache, &cur); + if(!renew) + { + krb5_free_principal(context, myprinc); + return; + } + + memset(&creds, 0, sizeof(creds)); + if((ret = krb5_get_renewed_creds(context, &creds, myprinc, ccache, NULL)) != 0) + { + Msg(0, "Could not get renewed credentials: %s", error_message(ret)); + krb5_free_principal(context, myprinc); + return; + } + if((ret = krb5_cc_initialize(context, ccache, myprinc)) != 0) + { + Msg(0, "Could not re-initialize credentials cache: %s", error_message(ret)); + krb5_free_principal(context, myprinc); + krb5_free_cred_contents(context, &creds); + return; + } + if((ret = krb5_cc_store_cred(context, ccache, &creds)) != 0) + { + Msg(0, "Could not store renewed TGT: %s", error_message(ret)); + krb5_free_principal(context, myprinc); + krb5_free_cred_contents(context, &creds); + return; + } + + krb5_free_principal(context, myprinc); + krb5_free_cred_contents(context, &creds); + Msg(0, "Renewed Kerberos credentials successfully."); +} + +int +krb_copycc() +{ + int ret, fd; + krb5_ccache prevcache; + krb5_principal myprinc; + krb5_creds creds; + krb5_cc_cursor cur; + char buf[100]; + char *ccfile; + + if((ret = krb5_init_context(&context)) != 0) + { + Msg(0, "Could not initialize Kerberos library: %s", error_message(ret)); + return(-1); + } + if((ret = krb5_cc_default(context, &prevcache)) != 0) + { + Msg(0, "Could not get Kerberos credential cache: %s", error_message(ret)); + krb5_free_context(context); + return(-1); + } + if((ret = krb5_cc_get_principal(context, prevcache, &myprinc)) != 0) + { + Msg(0, "Could not get principal of current ccache: %s", error_message(ret)); + krb5_cc_close(context, prevcache); + krb5_free_context(context); + return(-1); + } + + sprintf(buf, "FILE:/tmp/krb5cc_scr_%i_XXXXXX", getuid()); + ccfile = buf + 5; + if((fd = mkstemp(ccfile)) < 0) + { + Msg(errno, "Could not create temporary file."); + krb5_cc_close(context, prevcache); + krb5_free_context(context); + return(-1); + } + close(fd); + if((ret = krb5_cc_resolve(context, buf, &ccache)) != 0) + { + Msg(0, "Could not resolve new credential cache: %s", error_message(ret)); + krb5_cc_close(context, prevcache); + krb5_free_context(context); + return(-1); + } + if((ret = krb5_cc_initialize(context, ccache, myprinc)) != 0) + { + Msg(0, "Could not initialize new credential cache: %s", error_message(ret)); + krb5_cc_close(context, prevcache); + krb5_free_context(context); + return(-1); + } + + if((ret = krb5_cc_start_seq_get(context, prevcache, &cur)) != 0) + { + Msg(0, "Could not get ccache cursor: %s", error_message(ret)); + krb5_cc_destroy(context, ccache); + krb5_cc_close(context, prevcache); + krb5_free_context(context); + return(-1); + } + while(!krb5_cc_next_cred(context, prevcache, &cur, &creds)) + { + if((ret = krb5_cc_store_cred(context, ccache, &creds)) != 0) + { + Msg(0, "Could not store credential: %s", error_message(ret)); + krb5_cc_destroy(context, ccache); + krb5_cc_close(context, prevcache); + krb5_free_context(context); + return(-1); + } + } + krb5_cc_end_seq_get(context, prevcache, &cur); + + krb5_free_principal(context, myprinc); + krb5_cc_close(context, prevcache); + xsetenv("KRB5CCNAME", buf); + MakeNewEnv(); + memset(&renewev, 0, sizeof(renewev)); + renewev.type = EV_TIMEOUT; + renewev.handler = krb_renew; + SetTimeout(&renewev, 60000); + evenq(&renewev); + usingkrb = 1; + return(0); +} + +void +krb_cleanup() +{ + if(!usingkrb) + return; + krb5_cc_destroy(context, ccache); + krb5_free_context(context); +} + +#endif diff -Nur screen-4.0.2/Makefile.in screen-4.0.2-krb5/Makefile.in --- screen-4.0.2/Makefile.in 2003-12-05 14:59:39.000000000 +0100 +++ screen-4.0.2-krb5/Makefile.in 2005-02-25 17:15:51.953096472 +0100 @@ -55,12 +55,12 @@ search.c tty.c term.c window.c utmp.c loadav.c putenv.c help.c \ termcap.c input.c attacher.c pty.c process.c display.c comm.c \ kmapdef.c acls.c braille.c braille_tsi.c logfile.c layer.c \ - sched.c teln.c nethack.c encoding.c + sched.c teln.c nethack.c encoding.c kerberos.c OFILES= screen.o ansi.o fileio.o mark.o misc.o resize.o socket.o \ search.o tty.o term.o window.o utmp.o loadav.o putenv.o help.o \ termcap.o input.o attacher.o pty.o process.o display.o comm.o \ kmapdef.o acls.o braille.o braille_tsi.o logfile.o layer.o \ - sched.o teln.o nethack.o encoding.o + sched.o teln.o nethack.o encoding.o kerberos.o all: screen @@ -329,3 +329,4 @@ comm.h layer.h term.h image.h display.h window.h extern.h encoding.o: encoding.c config.h screen.h os.h osdef.h ansi.h acls.h \ comm.h layer.h term.h image.h display.h window.h extern.h +kerberos.o: kerberos.c config.h screen.h osdef.h diff -Nur screen-4.0.2/screen.c screen-4.0.2-krb5/screen.c --- screen-4.0.2/screen.c 2003-09-08 16:26:41.000000000 +0200 +++ screen-4.0.2-krb5/screen.c 2005-02-25 16:45:36.749149288 +0100 @@ -1320,6 +1320,10 @@ #endif FinishRc(RcFileName); +#ifdef HAVE_KRB5 + krb_copycc(); +#endif + debug2("UID %d EUID %d\n", (int)getuid(), (int)geteuid()); if (windows == NULL) { @@ -1643,6 +1647,9 @@ xsetegid(eff_gid); #endif } +#ifdef HAVE_KRB5 + krb_cleanup(); +#endif for (display = displays; display; display = display->d_next) { if (D_status)