New resource destroyTickets with corresponding option -nodestroytickets.

First try local authentication and if it fails press on with kerberos. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@1905 ec53bebd-3082-4978-b11e-865c3cabbd6b
1997-06-12 11:52:17 +00:00
parent 578850ce62
commit 02c607db68
1 changed files with 26 additions and 17 deletions
--- a/appl/xnlock/xnlock.c
+++ b/appl/xnlock/xnlock.c
@@ -96,6 +96,7 @@ struct appres_t {
    Boolean accept_root;
    char *text, *text_prog, *file, *logoutPasswd;
    Boolean no_screensaver;
+    Boolean destroytickets;
 } appres;

 static XtResource resources[] = {
@@ -129,6 +130,9 @@ static XtResource resources[] = {
    
    { "noScreenSaver", "NoScreenSaver", XtRBoolean, sizeof(Boolean),
      XtOffsetOf(struct appres_t,no_screensaver), XtRImmediate, (XtPointer)True },
+
+    { "destroyTickets", "DestroyTickets", XtRBoolean, sizeof(Boolean),
+      XtOffsetOf(struct appres_t,destroytickets), XtRImmediate, (XtPointer)True },
 };

 static XrmOptionDescRec options[] = {
@@ -141,6 +145,7 @@ static XrmOptionDescRec options[] = {
    { "-ar",  ".acceptRootPasswd", XrmoptionNoArg, "True" },
    { "-noar", ".acceptRootPasswd", XrmoptionNoArg, "False" },
    { "-nonoscreensaver", ".noScreenSaver", XrmoptionNoArg, "False" },
+    { "-nodestroytickets", ".destroyTickets", XrmoptionNoArg, "False" },
 };

 static char*
@@ -187,6 +192,7 @@ usage(void)
    fprintf(stderr, "-nar          don't accept root's passwd\n");
    fprintf(stderr, "-f [file]     message is read from file or ~/.msgfile\n");
    fprintf(stderr, "-prog program  text is gotten from executing `program'\n");
+    fprintf(stderr, "-nodestroytickets keep kerberos tickets\n");
    exit(1);
 }

@@ -560,21 +566,6 @@ verify(char *password)
 		 * continue */
 		signal(SIGHUP, SIG_DFL);
 	    }
-    /*
-     * Try to verify as user with kerberos.
-     */
-
-    ret = krb_verify_user(name, inst, realm, password, 0, NULL);
-    
-    if(ret == KSUCCESS){
-	if(k_hasafs())
-	    k_afsklog(0, 0);
-	return 0;
-    }
-
-    if(ret != INTK_BADPW)
-	warnx ("warning: %s",
-	       (ret < 0) ? strerror(ret) : krb_get_err_text(ret));

    /*
     * Try copy of users password.
@@ -585,8 +576,22 @@ verify(char *password)
    /*
     * Try to verify as user in case password change.
     */
-    if(unix_verify_user(name, password) == 0)
+    if (unix_verify_user(name, password) == 0)
 	return 0;
+
+    /*
+     * Try to verify as user with kerberos.
+     */
+    ret = krb_verify_user(name, inst, realm, password, 0, NULL);
+    if (ret == KSUCCESS){
+	if (k_hasafs())
+	    k_afsklog(0, 0);
+	return 0;
+    }
+    if (ret != INTK_BADPW)
+	warnx ("warning: %s",
+	       (ret < 0) ? strerror(ret) : krb_get_err_text(ret));
+    
    return -1;
 }

@@ -888,7 +893,6 @@ main (int argc, char **argv)

    krb_get_default_principal(name, inst, realm);

-
    override = XtVaAppInitialize(&app, "XNlock", options, XtNumber(options),
 				 (Cardinal*)&argc, argv, NULL, 
 				 XtNoverrideRedirect, True, 
@@ -901,6 +905,11 @@ main (int argc, char **argv)
    Black = appres.bg;
    White = appres.fg;

+    if (appres.destroytickets) {
+        dest_tkt();		/* Nuke old ticket file */
+	creat(TKT_FILE, 0600);	/* but keep a place holder */
+    }
+
    dpy = XtDisplay(override);
    
    if (dpy == 0)