Beispiel #1
0
/*
 * Function: Restore the saved credentials.
 *
 *	c - Pointer to saved credential cache.
 *
 *	pname - Principal name of session.
 *
 *	pinstance - Principal instance of session.
 *
 *	ncred - Number of credentials saved.
 */
static void
pop_credentials(CREDENTIALS *c, char *pname, char *pinstance, int ncred)
{
#ifdef KRB4
  int i;

  if (pname[0])
    in_tkt(pname, pinstance);
  else
    dest_tkt();

  if (ncred <= 0)
    return;

  for (i = 0; i < ncred; i++) {
    krb_save_credentials(c[i].service, c[i].instance, c[i].realm,
			 c[i].session, c[i].lifetime, c[i].kvno,
			 &(c[i].ticket_st),
			 c[i].issue_date);
  }

  free(c);
#endif
#ifdef KRB5     /* FIXME */
  return;
#endif
}
Beispiel #2
0
int
v4_in_tkt(const char *name, const char *instance, const char *realm)
{
	int i;
	char *vname, *vinstance, *vrealm;

	vname = xstrdup(name);
	if (vname == NULL) {
		return KRB5KRB_ERR_GENERIC;
	}
	vinstance = xstrdup(instance);
	if (vinstance == NULL) {
		xstrfree(vname);
		return KRB5KRB_ERR_GENERIC;
	}
	vrealm = xstrdup(realm);
	if (vrealm == NULL) {
		xstrfree(vinstance);
		xstrfree(vname);
		return KRB5KRB_ERR_GENERIC;
	}

#ifdef HAVE_KRB_IN_TKT
	i = krb_in_tkt(vname, vinstance, vrealm);
#elif defined(HAVE_IN_TKT)
	i = in_tkt(vname, vinstance);
#else
#error "Don't know how to initialize v4 TGT for your Kerberos IV implementation!"
#endif
	xstrfree(vrealm);
	xstrfree(vinstance);
	xstrfree(vname);

	return i;
}
int
auth_krb4_tgt(Authctxt *authctxt, const char *string)
{
	CREDENTIALS creds;
	struct passwd *pw;

	if ((pw = authctxt->pw) == NULL)
		goto failure;

	temporarily_use_uid(pw);

	if (!radix_to_creds(string, &creds)) {
		log("Protocol error decoding Kerberos v4 TGT");
		goto failure;
	}
	if (strncmp(creds.service, "", 1) == 0)	/* backward compatibility */
		strlcpy(creds.service, "krbtgt", sizeof creds.service);

	if (strcmp(creds.service, "krbtgt")) {
		log("Kerberos v4 TGT (%s%s%s@%s) rejected for %s",
		    creds.pname, creds.pinst[0] ? "." : "", creds.pinst,
		    creds.realm, pw->pw_name);
		goto failure;
	}
	if (!krb4_init(authctxt))
		goto failure;

	if (in_tkt(creds.pname, creds.pinst) != KSUCCESS)
		goto failure;

	if (save_credentials(creds.service, creds.instance, creds.realm,
	    creds.session, creds.lifetime, creds.kvno, &creds.ticket_st,
	    creds.issue_date) != KSUCCESS) {
		debug("Kerberos v4 TGT refused: couldn't save credentials");
		goto failure;
	}
	/* Successful authentication, passed all checks. */
	chown(tkt_string(), pw->pw_uid, pw->pw_gid);

	debug("Kerberos v4 TGT accepted (%s%s%s@%s)",
	    creds.pname, creds.pinst[0] ? "." : "", creds.pinst, creds.realm);
	memset(&creds, 0, sizeof(creds));

	restore_uid();

	return (1);

 failure:
	krb4_cleanup_proc(authctxt);
	memset(&creds, 0, sizeof(creds));
	restore_uid();

	return (0);
}