From e3d3bbceb54a554a00b6cff479bc29ed1167d1d7 Mon Sep 17 00:00:00 2001
From: Assar Westerlund <assar@sics.se>
Date: Sun, 2 Jul 2000 05:33:48 +0000
Subject: [PATCH] DCE stuff

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8525 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 appl/telnet/libtelnet/kerberos5.c | 30 +++++++++++++++++++++++++++++-
 appl/telnet/telnetd/sys_term.c    |  4 ++++
 2 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/appl/telnet/libtelnet/kerberos5.c b/appl/telnet/libtelnet/kerberos5.c
index dd50a4066..cf9731858 100644
--- a/appl/telnet/libtelnet/kerberos5.c
+++ b/appl/telnet/libtelnet/kerberos5.c
@@ -78,6 +78,12 @@ RCSID("$Id$");
 #include "auth.h"
 #include "misc.h"
 
+#if defined(DCE)
+int dfsk5ok = 0;
+int dfspag = 0;
+int dfsfwd = 0;
+#endif
+
 int forward_flags = 0;  /* Flags get set in telnet/main.c on -f and -F */
 
 /* These values need to be the same as those defined in telnet/main.c. */
@@ -470,6 +476,9 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
 	    break;
 	}
 
+#if defined(DCE)
+	setenv("KRB5CCNAME", ccname, 1);
+#endif
 	ret = krb5_rd_cred (context,
 			    auth_context,
 			    ccache,
@@ -488,8 +497,12 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
 		printf("Could not read forwarded credentials: %s\r\n",
 		       errbuf);
 	    free (errbuf);
-	} else
+	} else {
 	    Data(ap, KRB_FORWARD_ACCEPT, 0, 0);
+#if defined(DCE)
+	    dfsfwd = 1;
+#endif
+	}
 	chown (ccname + 5, pwd->pw_uid, -1);
 	if (auth_debug_mode)
 	    printf("Forwarded credentials obtained\r\n");
@@ -606,6 +619,9 @@ kerberos5_status(Authenticator *ap, char *name, size_t name_sz, int level)
 		     UserNameRequested))
 	{
 	    strlcpy(name, UserNameRequested, name_sz);
+#if defined(DCE)
+	    dfsk5ok = 1;
+#endif
 	    return(AUTH_VALID);
 	} else
 	    return(AUTH_USER);
@@ -749,4 +765,16 @@ kerberos5_forward(Authenticator *ap)
     }
 }
 
+#if defined(DCE)
+/* if this was a K5 authentication try and join a PAG for the user. */
+void
+kerberos5_dfspag(void)
+{
+    if (dfsk5ok) {
+	dfspag = krb5_dfs_pag(context, dfsfwd, ticket->client,
+				UserNameRequested);
+    }
+}
+#endif
+ 
 #endif /* KRB5 */
diff --git a/appl/telnet/telnetd/sys_term.c b/appl/telnet/telnetd/sys_term.c
index c7b202e7e..e59a6dc51 100644
--- a/appl/telnet/telnetd/sys_term.c
+++ b/appl/telnet/telnetd/sys_term.c
@@ -1177,6 +1177,10 @@ startslave(char *host, int autologin, char *autoname)
 # endif	/* PARENT_DOES_UTMP */
     } else {
 	getptyslave();
+#if defined(DCE)
+	/* if we authenticated via K5, try and join the PAG */
+	kerberos5_dfspag();
+#endif
 	start_login(host, autologin, autoname);
 	/*NOTREACHED*/
     }