# HG changeset patch
# User gtb
# Date 1175202584 25200
# Node ID 4a2c8e3e6786203ea69856d9f27ff27ed6473b6f
# Parent  ea8d153ef9ae64a3c632b8f22e63f2933452b144
6531864 ktkt_warnd not warning after login

diff -r ea8d153ef9ae -r 4a2c8e3e6786 usr/src/lib/pam_modules/krb5/krb5_setcred.c
--- a/usr/src/lib/pam_modules/krb5/krb5_setcred.c	Thu Mar 29 09:50:09 2007 -0700
+++ b/usr/src/lib/pam_modules/krb5/krb5_setcred.c	Thu Mar 29 14:09:44 2007 -0700
@@ -363,7 +363,7 @@
 {
 	krb5_error_code	retval;
 	krb5_creds	creds;
-	krb5_creds	*credsp = &creds;
+	krb5_creds	*renewed_cred = NULL;
 	char		*client_name = NULL;
 	typedef struct _cred_node {
 		krb5_creds		*creds;
@@ -383,9 +383,9 @@
 	if ((retval = krb5_unparse_name(kmd->kcontext, me, &client_name)) != 0)
 		return (retval);
 
-	(void) memset((char *)credsp, 0, sizeof (krb5_creds));
+	(void) memset(&creds, 0, sizeof (krb5_creds));
 	if ((retval = krb5_copy_principal(kmd->kcontext,
-				server, &credsp->server))) {
+				server, &creds.server))) {
 		if (kmd->debug)
 			__pam_log(LOG_AUTH | LOG_DEBUG,
 				"PAM-KRB5 (setcred): krb5_copy_principal "
@@ -396,7 +396,7 @@
 
 	/* obtain ticket & session key */
 	retval = krb5_cc_get_principal(kmd->kcontext,
-				kmd->ccache, &credsp->client);
+				kmd->ccache, &creds.client);
 	if (retval && (kmd->debug))
 		__pam_log(LOG_AUTH | LOG_DEBUG,
 			"PAM-KRB5 (setcred): User not in cred "
@@ -445,7 +445,7 @@
 		creds.times.endtime = my_creds.times.endtime;
 		creds.times.renew_till = my_creds.times.renew_till;
 		if ((retval = krb5_get_credentials_renew(kmd->kcontext, 0,
-					kmd->ccache, &creds, &credsp))) {
+				kmd->ccache, &creds, &renewed_cred))) {
 			if (kmd->debug)
 			    __pam_log(LOG_AUTH | LOG_DEBUG,
 				"PAM-KRB5 (setcred): krb5_get_credentials",
@@ -543,7 +543,7 @@
 		 */
 		if (found &&
 		    (retval = krb5_get_credentials_renew(kmd->kcontext,
-				0, kmd->ccache, &creds, &credsp))) {
+				0, kmd->ccache, &creds, &renewed_cred))) {
 			if (kmd->debug)
 			    __pam_log(LOG_AUTH | LOG_DEBUG,
 				"PAM-KRB5 (setcred): krb5_get_credentials"
@@ -626,7 +626,8 @@
 				    "PAM-KRB5 (setcred): Unable to "
 				    "find matching uid/gid pair for user `%s'",
 				    username);
-				return (KRB5KRB_ERR_GENERIC);
+				retval = KRB5KRB_ERR_GENERIC;
+				goto error;
 			}
 			if (!(filepath = strchr(kmd->env, ':')) ||
 			    !(filepath+1)) {
@@ -634,7 +635,8 @@
 					"PAM-KRB5 (setcred): Invalid pathname "
 					"for credential cache of user `%s'",
 					username);
-				return (KRB5KRB_ERR_GENERIC);
+				retval = KRB5KRB_ERR_GENERIC;
+				goto error;
 			}
 			if (chown(filepath+1, uuid, ugid)) {
 				if (kmd->debug)
@@ -646,17 +648,32 @@
 
 			free(username);
 		}
+	}
 
-		if (creds.times.endtime != 0) {
-			kwarn_del_warning(client_name);
-			if (kwarn_add_warning(client_name,
-			    creds.times.endtime) != 0) {
-				__pam_log(LOG_AUTH | LOG_NOTICE,
-					"PAM-KRB5 (auth): kwarn_add_warning"
-					" failed: ktkt_warnd(1M) down?");
-			}
+error:
+	if (retval == 0) {
+		krb5_timestamp endtime;
+
+		if (renewed_cred && renewed_cred->times.endtime != 0)
+			endtime = renewed_cred->times.endtime;
+		else
+			endtime = my_creds.times.endtime;
+
+		if (kmd->debug)
+			__pam_log(LOG_AUTH | LOG_DEBUG,
+				"PAM-KRB5 (setcred): delete/add warning");
+
+		kwarn_del_warning(client_name);
+		if (kwarn_add_warning(client_name, endtime) != 0) {
+			__pam_log(LOG_AUTH | LOG_NOTICE,
+				"PAM-KRB5 (setcred): kwarn_add_warning"
+				" failed: ktkt_warnd(1M) down?");
 		}
 	}
+
+	if (renewed_cred != NULL)
+		krb5_free_creds(kmd->kcontext, renewed_cred);
+
 	if (client_name != NULL)
 		free(client_name);