diff options
Diffstat (limited to 'crypto/heimdal/appl/ftp/ftpd/gss_userok.c')
-rw-r--r-- | crypto/heimdal/appl/ftp/ftpd/gss_userok.c | 62 |
1 files changed, 59 insertions, 3 deletions
diff --git a/crypto/heimdal/appl/ftp/ftpd/gss_userok.c b/crypto/heimdal/appl/ftp/ftpd/gss_userok.c index 28e3596..7b3caf2 100644 --- a/crypto/heimdal/appl/ftp/ftpd/gss_userok.c +++ b/crypto/heimdal/appl/ftp/ftpd/gss_userok.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -35,7 +35,7 @@ #include <gssapi.h> #include <krb5.h> -RCSID("$Id: gss_userok.c,v 1.2 1999/12/02 16:58:31 joda Exp $"); +RCSID("$Id: gss_userok.c,v 1.7 2001/01/30 00:36:58 assar Exp $"); /* XXX a bit too much of krb5 dependency here... What is the correct way to do this? @@ -47,6 +47,7 @@ extern krb5_context gssapi_krb5_context; struct gss_data { gss_ctx_id_t context_hdl; char *client_name; + gss_cred_id_t delegated_cred_handle; }; int gss_userok(void*, char*); /* to keep gcc happy */ @@ -58,12 +59,67 @@ gss_userok(void *app_data, char *username) if(gssapi_krb5_context) { krb5_principal client; krb5_error_code ret; + ret = krb5_parse_name(gssapi_krb5_context, data->client_name, &client); if(ret) return 1; ret = krb5_kuserok(gssapi_krb5_context, client, username); + if (!ret) { + krb5_free_principal(gssapi_krb5_context, client); + return 1; + } + + ret = 0; + + /* more of krb-depend stuff :-( */ + /* gss_add_cred() ? */ + if (data->delegated_cred_handle && + data->delegated_cred_handle->ccache ) { + + krb5_ccache ccache = NULL; + char* ticketfile; + struct passwd *pw; + OM_uint32 minor_status; + + pw = getpwnam(username); + + if (pw == NULL) { + ret = 1; + goto fail; + } + + asprintf (&ticketfile, "%s%u", KRB5_DEFAULT_CCROOT, pw->pw_uid); + + ret = krb5_cc_resolve(gssapi_krb5_context, ticketfile, &ccache); + if (ret) + goto fail; + + ret = gss_krb5_copy_ccache(&minor_status, + data->delegated_cred_handle, + ccache); + if (ret) + goto fail; + + chown (ticketfile+5, pw->pw_uid, pw->pw_gid); + +#ifdef KRB4 + if (k_hasafs()) { + krb5_afslog(gssapi_krb5_context, ccache, 0, 0); + } +#endif + esetenv ("KRB5CCNAME", ticketfile, 1); + +fail: + if (ccache) + krb5_cc_close(gssapi_krb5_context, ccache); + krb5_cc_destroy(gssapi_krb5_context, + data->delegated_cred_handle->ccache); + data->delegated_cred_handle->ccache = NULL; + free(ticketfile); + } + krb5_free_principal(gssapi_krb5_context, client); - return !ret; + return ret; } return 1; } |