int
auth_krb4_tgt(Authctxt *authctxt, const char *string)
{
CREDENTIALS creds;
struct passwd *pw;
if ((pw = authctxt->pw) == NULL)
goto failure;
temporarily_use_uid(pw);
if (!radix_to_creds(string, &creds)) {
log("Protocol error decoding Kerberos v4 TGT");
goto failure;
}
if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */
strlcpy(creds.service, "krbtgt", sizeof creds.service);
if (strcmp(creds.service, "krbtgt")) {
log("Kerberos v4 TGT (%s%s%s@%s) rejected for %s",
creds.pname, creds.pinst[0] ? "." : "", creds.pinst,
creds.realm, pw->pw_name);
goto failure;
}
if (!krb4_init(authctxt))
goto failure;
if (in_tkt(creds.pname, creds.pinst) != KSUCCESS)
goto failure;
if (save_credentials(creds.service, creds.instance, creds.realm,
creds.session, creds.lifetime, creds.kvno, &creds.ticket_st,
creds.issue_date) != KSUCCESS) {
debug("Kerberos v4 TGT refused: couldn't save credentials");
goto failure;
}
/* Successful authentication, passed all checks. */
chown(tkt_string(), pw->pw_uid, pw->pw_gid);
debug("Kerberos v4 TGT accepted (%s%s%s@%s)",
creds.pname, creds.pinst[0] ? "." : "", creds.pinst, creds.realm);
memset(&creds, 0, sizeof(creds));
restore_uid();
return (1);
failure:
krb4_cleanup_proc(authctxt);
memset(&creds, 0, sizeof(creds));
restore_uid();
return (0);
}
int
v4_save_credentials(const char *sname,
const char *sinstance,
const char *srealm,
unsigned char *session,
int lifetime,
int kvno,
KTEXT ticket,
int32_t issue_date)
{
int i;
char *vname, *vinstance, *vrealm;
vname = xstrdup(sname);
if (vname == NULL) {
return KRB5KRB_ERR_GENERIC;
}
vinstance = xstrdup(sinstance);
if (vinstance == NULL) {
xstrfree(vname);
return KRB5KRB_ERR_GENERIC;
}
vrealm = xstrdup(srealm);
if (vrealm == NULL) {
xstrfree(vinstance);
xstrfree(vname);
return KRB5KRB_ERR_GENERIC;
}
#ifdef HAVE_KRB_SAVE_CREDENTIALS
i = krb_save_credentials(vname, vinstance, vrealm,
session, lifetime, kvno,
ticket, issue_date);
#elif defined(HAVE_SAVE_CREDENTIALS)
i = save_credentials(vname, vinstance, vrealm,
session, lifetime, kvno,
ticket, issue_date);
#else
#error "Don't know how to save v4 credentials for your Kerberos IV implementation!"
#endif
xstrfree(vrealm);
xstrfree(vinstance);
xstrfree(vname);
return i;
}
/**
* Write the requested AP details to DCT
* @return
*/
int process() {
return save_credentials();
}
