|
Lines 17-22
Link Here
|
| 17 |
|
17 |
|
| 18 |
#ifdef KRB5 |
18 |
#ifdef KRB5 |
| 19 |
#include <krb5.h> |
19 |
#include <krb5.h> |
|
|
20 |
#ifndef HEIMDAL |
| 21 |
#define krb5_get_err_text(context,code) error_message(code) |
| 22 |
#endif /* !HEIMDAL */ |
| 20 |
|
23 |
|
| 21 |
extern ServerOptions options; |
24 |
extern ServerOptions options; |
| 22 |
|
25 |
|
|
Lines 69-76
Link Here
|
| 69 |
goto err; |
72 |
goto err; |
| 70 |
|
73 |
|
| 71 |
fd = packet_get_connection_in(); |
74 |
fd = packet_get_connection_in(); |
|
|
75 |
#ifdef HEIMDAL |
| 72 |
problem = krb5_auth_con_setaddrs_from_fd(authctxt->krb5_ctx, |
76 |
problem = krb5_auth_con_setaddrs_from_fd(authctxt->krb5_ctx, |
| 73 |
authctxt->krb5_auth_ctx, &fd); |
77 |
authctxt->krb5_auth_ctx, &fd); |
|
|
78 |
#else |
| 79 |
problem = krb5_auth_con_genaddrs(authctxt->krb5_ctx, |
| 80 |
authctxt->krb5_auth_ctx,fd, |
| 81 |
KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR | |
| 82 |
KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR); |
| 83 |
#endif |
| 74 |
if (problem) |
84 |
if (problem) |
| 75 |
goto err; |
85 |
goto err; |
| 76 |
|
86 |
|
|
Lines 84-91
Link Here
|
| 84 |
if (problem) |
94 |
if (problem) |
| 85 |
goto err; |
95 |
goto err; |
| 86 |
|
96 |
|
|
|
97 |
#ifdef HEIMDAL |
| 87 |
problem = krb5_copy_principal(authctxt->krb5_ctx, ticket->client, |
98 |
problem = krb5_copy_principal(authctxt->krb5_ctx, ticket->client, |
| 88 |
&authctxt->krb5_user); |
99 |
&authctxt->krb5_user); |
|
|
100 |
#else |
| 101 |
problem = krb5_copy_principal(authctxt->krb5_ctx, ticket->enc_part2->client, |
| 102 |
&authctxt->krb5_user); |
| 103 |
#endif |
| 89 |
if (problem) |
104 |
if (problem) |
| 90 |
goto err; |
105 |
goto err; |
| 91 |
|
106 |
|
|
Lines 131-143
Link Here
|
| 131 |
krb5_error_code problem; |
146 |
krb5_error_code problem; |
| 132 |
krb5_ccache ccache = NULL; |
147 |
krb5_ccache ccache = NULL; |
| 133 |
char *pname; |
148 |
char *pname; |
|
|
149 |
krb5_creds **creds; |
| 134 |
|
150 |
|
| 135 |
if (authctxt->pw == NULL || authctxt->krb5_user == NULL) |
151 |
if (authctxt->pw == NULL || authctxt->krb5_user == NULL) |
| 136 |
return (0); |
152 |
return (0); |
| 137 |
|
153 |
|
| 138 |
temporarily_use_uid(authctxt->pw); |
154 |
temporarily_use_uid(authctxt->pw); |
| 139 |
|
155 |
|
|
|
156 |
#ifdef HEIMDAL |
| 140 |
problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops, &ccache); |
157 |
problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops, &ccache); |
|
|
158 |
#else |
| 159 |
{ |
| 160 |
char ccname[35]; |
| 161 |
|
| 162 |
snprintf(ccname, sizeof(ccname), "FILE:/tmp/krb5cc_%d", authctxt->pw->pw_uid); |
| 163 |
problem = krb5_cc_resolve(authctxt->krb5_ctx, ccname, &ccache); |
| 164 |
} |
| 165 |
#endif |
| 141 |
if (problem) |
166 |
if (problem) |
| 142 |
goto fail; |
167 |
goto fail; |
| 143 |
|
168 |
|
|
Lines 146-155
Link Here
|
| 146 |
if (problem) |
171 |
if (problem) |
| 147 |
goto fail; |
172 |
goto fail; |
| 148 |
|
173 |
|
|
|
174 |
#ifdef HEIMDAL |
| 149 |
problem = krb5_rd_cred2(authctxt->krb5_ctx, authctxt->krb5_auth_ctx, |
175 |
problem = krb5_rd_cred2(authctxt->krb5_ctx, authctxt->krb5_auth_ctx, |
| 150 |
ccache, tgt); |
176 |
ccache, tgt); |
| 151 |
if (problem) |
177 |
if (problem) |
| 152 |
goto fail; |
178 |
goto fail; |
|
|
179 |
#else |
| 180 |
problem = krb5_rd_cred(authctxt->krb5_ctx, authctxt->krb5_auth_ctx, |
| 181 |
tgt, &creds, NULL); |
| 182 |
if (problem) |
| 183 |
goto fail; |
| 184 |
problem = krb5_cc_store_cred(authctxt->krb5_ctx, ccache, *creds); |
| 185 |
if (problem) |
| 186 |
goto fail; |
| 187 |
#endif |
| 153 |
|
188 |
|
| 154 |
authctxt->krb5_fwd_ccache = ccache; |
189 |
authctxt->krb5_fwd_ccache = ccache; |
| 155 |
ccache = NULL; |
190 |
ccache = NULL; |
|
Lines 182-187
Link Here
|
| 182 |
int |
217 |
int |
| 183 |
auth_krb5_password(Authctxt *authctxt, const char *password) |
218 |
auth_krb5_password(Authctxt *authctxt, const char *password) |
| 184 |
{ |
219 |
{ |
|
|
220 |
#ifndef HEIMDAL |
| 221 |
krb5_creds creds; |
| 222 |
krb5_principal server; |
| 223 |
#endif |
| 185 |
krb5_error_code problem; |
224 |
krb5_error_code problem; |
| 186 |
|
225 |
|
| 187 |
if (authctxt->pw == NULL) |
226 |
if (authctxt->pw == NULL) |
|
Lines 198-205
Link Here
|
| 198 |
if (problem) |
237 |
if (problem) |
| 199 |
goto out; |
238 |
goto out; |
| 200 |
|
239 |
|
|
|
240 |
#ifdef HEIMDAL |
| 201 |
problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, |
241 |
problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, |
| 202 |
&authctxt->krb5_fwd_ccache); |
242 |
&authctxt->krb5_fwd_ccache); |
|
|
243 |
#else |
| 244 |
problem = krb5_cc_resolve(authctxt->krb5_ctx, "MEMORY:", |
| 245 |
&authctxt->krb5_fwd_ccache); |
| 246 |
#endif |
| 203 |
if (problem) |
247 |
if (problem) |
| 204 |
goto out; |
248 |
goto out; |
| 205 |
|
249 |
|
|
Lines 208-218
Link Here
|
| 208 |
if (problem) |
252 |
if (problem) |
| 209 |
goto out; |
253 |
goto out; |
| 210 |
|
254 |
|
|
|
255 |
#ifdef HEIMDAL |
| 211 |
problem = krb5_verify_user(authctxt->krb5_ctx, authctxt->krb5_user, |
256 |
problem = krb5_verify_user(authctxt->krb5_ctx, authctxt->krb5_user, |
| 212 |
authctxt->krb5_fwd_ccache, password, 1, NULL); |
257 |
authctxt->krb5_fwd_ccache, password, 1, NULL); |
| 213 |
if (problem) |
258 |
if (problem) |
| 214 |
goto out; |
259 |
goto out; |
| 215 |
|
260 |
|
|
|
261 |
#else |
| 262 |
problem = krb5_get_init_creds_password(authctxt->krb5_ctx, &creds, |
| 263 |
authctxt->krb5_user, password, NULL, NULL, 0, NULL, NULL); |
| 264 |
if (problem) |
| 265 |
goto out; |
| 266 |
|
| 267 |
problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL, |
| 268 |
KRB5_NT_SRV_HST, &server); |
| 269 |
if (problem) |
| 270 |
goto out; |
| 271 |
|
| 272 |
restore_uid(); |
| 273 |
problem = krb5_verify_init_creds(authctxt->krb5_ctx, &creds, server, NULL, NULL, |
| 274 |
NULL); |
| 275 |
temporarily_use_uid(authctxt->pw); |
| 276 |
|
| 277 |
krb5_free_principal(authctxt->krb5_ctx, server); |
| 278 |
if (problem) |
| 279 |
goto out; |
| 280 |
|
| 281 |
problem = krb5_cc_store_cred(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache, &creds); |
| 282 |
if (problem) |
| 283 |
goto out; |
| 284 |
|
| 285 |
#endif /* HEIMDAL */ |
| 286 |
|
| 216 |
authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); |
287 |
authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); |
| 217 |
|
288 |
|
| 218 |
out: |
289 |
out: |