/* * Given a Kerberos error code, return the corresponding error. Prefer the * Kerberos interface if available since it will provide context-specific * error information, whereas the error_message() call will only provide a * fixed message. */ const char * krb5_get_error_message(krb5_context ctx UNUSED, krb5_error_code code UNUSED) { const char *msg = NULL; # if defined(HAVE_KRB5_GET_ERROR_STRING) msg = krb5_get_error_string(ctx); # elif defined(HAVE_KRB5_GET_ERR_TEXT) msg = krb5_get_err_text(ctx, code); # elif defined(HAVE_KRB5_SVC_GET_MSG) krb5_svc_get_msg(code, (char **) &msg); # else msg = error_message(code); # endif if (msg == NULL) return error_unknown; else return msg; }
int aklog_authenticate(char *userName, char *response, int *reenter, char **message) { char *reason, *pword, prompt[256]; struct passwd *pwd; int code, unixauthneeded, password_expires = -1; int status; krb5_context context; krb5_init_context(&context); *reenter = 0; *message = (char *)0; status = auth_to_cell(context, userName, NULL, NULL); if (status) { char *str = afs_error_message(status); *message = (char *)malloc(1024); #ifdef HAVE_KRB5_SVC_GET_MSG if (strncmp(str, "unknown", strlen("unknown")) == 0) { krb5_svc_get_msg(status,&str); sprintf(*message, "Unable to obtain AFS tokens: %s.\n", str); krb5_free_string(context, str); } else #endif sprintf(*message, "Unable to obtain AFS tokens: %s.\n", str); return AUTH_FAILURE; /* NOTFOUND? */ } #if 0 /* * Local hack - if the person has a file in their home * directory called ".xlog", read that for a list of * extra cells to authenticate to */ if ((pwd = getpwuid(getuid())) != NULL) { struct stat sbuf; FILE *f; char fcell[100], xlog_path[512]; strcpy(xlog_path, pwd->pw_dir); strcat(xlog_path, "/.xlog"); if ((stat(xlog_path, &sbuf) == 0) && ((f = fopen(xlog_path, "r")) != NULL)) { while (fgets(fcell, 100, f) != NULL) { int auth_status; fcell[strlen(fcell) - 1] = '\0'; auth_status = auth_to_cell(context, userName, fcell, NULL); if (status == AKLOG_SUCCESS) status = auth_status; else status = AKLOG_SOMETHINGSWRONG; } } } #endif return AUTH_SUCCESS; }