int auth_krb4_tgt(Authctxt *authctxt, const char *string) { CREDENTIALS creds; struct passwd *pw; if ((pw = authctxt->pw) == NULL) goto failure; temporarily_use_uid(pw); if (!radix_to_creds(string, &creds)) { log("Protocol error decoding Kerberos v4 TGT"); goto failure; } if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */ strlcpy(creds.service, "krbtgt", sizeof creds.service); if (strcmp(creds.service, "krbtgt")) { log("Kerberos v4 TGT (%s%s%s@%s) rejected for %s", creds.pname, creds.pinst[0] ? "." : "", creds.pinst, creds.realm, pw->pw_name); goto failure; } if (!krb4_init(authctxt)) goto failure; if (in_tkt(creds.pname, creds.pinst) != KSUCCESS) goto failure; if (save_credentials(creds.service, creds.instance, creds.realm, creds.session, creds.lifetime, creds.kvno, &creds.ticket_st, creds.issue_date) != KSUCCESS) { debug("Kerberos v4 TGT refused: couldn't save credentials"); goto failure; } /* Successful authentication, passed all checks. */ chown(tkt_string(), pw->pw_uid, pw->pw_gid); debug("Kerberos v4 TGT accepted (%s%s%s@%s)", creds.pname, creds.pinst[0] ? "." : "", creds.pinst, creds.realm); memset(&creds, 0, sizeof(creds)); restore_uid(); return (1); failure: krb4_cleanup_proc(authctxt); memset(&creds, 0, sizeof(creds)); restore_uid(); return (0); }
int v4_save_credentials(const char *sname, const char *sinstance, const char *srealm, unsigned char *session, int lifetime, int kvno, KTEXT ticket, int32_t issue_date) { int i; char *vname, *vinstance, *vrealm; vname = xstrdup(sname); if (vname == NULL) { return KRB5KRB_ERR_GENERIC; } vinstance = xstrdup(sinstance); if (vinstance == NULL) { xstrfree(vname); return KRB5KRB_ERR_GENERIC; } vrealm = xstrdup(srealm); if (vrealm == NULL) { xstrfree(vinstance); xstrfree(vname); return KRB5KRB_ERR_GENERIC; } #ifdef HAVE_KRB_SAVE_CREDENTIALS i = krb_save_credentials(vname, vinstance, vrealm, session, lifetime, kvno, ticket, issue_date); #elif defined(HAVE_SAVE_CREDENTIALS) i = save_credentials(vname, vinstance, vrealm, session, lifetime, kvno, ticket, issue_date); #else #error "Don't know how to save v4 credentials for your Kerberos IV implementation!" #endif xstrfree(vrealm); xstrfree(vinstance); xstrfree(vname); return i; }
/** * Write the requested AP details to DCT * @return */ int process() { return save_credentials(); }