diff options
Diffstat (limited to 'crypto/heimdal/appl/ftp/ftpd/kauth.c')
-rw-r--r-- | crypto/heimdal/appl/ftp/ftpd/kauth.c | 167 |
1 files changed, 81 insertions, 86 deletions
diff --git a/crypto/heimdal/appl/ftp/ftpd/kauth.c b/crypto/heimdal/appl/ftp/ftpd/kauth.c index dad4de5..0f34092 100644 --- a/crypto/heimdal/appl/ftp/ftpd/kauth.c +++ b/crypto/heimdal/appl/ftp/ftpd/kauth.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 1999, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,16 @@ #include "ftpd_locl.h" -RCSID("$Id: kauth.c,v 1.25 1999/12/02 16:58:31 joda Exp $"); +RCSID("$Id: kauth.c 15666 2005-07-19 17:08:11Z lha $"); + +#if defined(KRB4) || defined(KRB5) + +int do_destroy_tickets = 1; +char *k5ccname; + +#endif + +#ifdef KRB4 static KTEXT_ST cip; static unsigned int lifetime; @@ -41,8 +50,6 @@ static time_t local_time; static krb_principal pr; -static int do_destroy_tickets = 1; - static int save_tkt(const char *user, const char *instance, @@ -237,86 +244,41 @@ short_date(int32_t dp) } void -klist(void) +krbtkfile(const char *tkfile) { - int err; + do_destroy_tickets = 0; + krb_set_tkt_string(tkfile); + reply(200, "Using ticket file %s", tkfile); +} - char *file = tkt_string(); +#endif /* KRB4 */ - krb_principal pr; - - char buf1[128], buf2[128]; - int header = 1; - CREDENTIALS c; +#ifdef KRB5 +static void +dest_cc(void) +{ + krb5_context context; + krb5_error_code ret; + krb5_ccache id; - - err = tf_init(file, R_TKT_FIL); - if(err != KSUCCESS){ - reply(500, "%s", krb_get_err_text(err)); - return; - } - tf_close(); - - /* - * We must find the realm of the ticket file here before calling - * tf_init because since the realm of the ticket file is not - * really stored in the principal section of the file, the - * routine we use must itself call tf_init and tf_close. - */ - err = krb_get_tf_realm(file, pr.realm); - if(err != KSUCCESS){ - reply(500, "%s", krb_get_err_text(err)); - return; - } - - err = tf_init(file, R_TKT_FIL); - if(err != KSUCCESS){ - reply(500, "%s", krb_get_err_text(err)); - return; - } - - err = tf_get_pname(pr.name); - if(err != KSUCCESS){ - reply(500, "%s", krb_get_err_text(err)); - return; - } - err = tf_get_pinst(pr.instance); - if(err != KSUCCESS){ - reply(500, "%s", krb_get_err_text(err)); - return; - } - - /* - * You may think that this is the obvious place to get the - * realm of the ticket file, but it can't be done here as the - * routine to do this must open the ticket file. This is why - * it was done before tf_init. - */ - - lreply(200, "Ticket file: %s", tkt_string()); - - lreply(200, "Principal: %s", krb_unparse_name(&pr)); - while ((err = tf_get_cred(&c)) == KSUCCESS) { - if (header) { - lreply(200, "%-15s %-15s %s", - " Issued", " Expires", " Principal (kvno)"); - header = 0; - } - strlcpy(buf1, short_date(c.issue_date), sizeof(buf1)); - c.issue_date = krb_life_to_time(c.issue_date, c.lifetime); - if (time(0) < (unsigned long) c.issue_date) - strlcpy(buf2, short_date(c.issue_date), sizeof(buf2)); + ret = krb5_init_context(&context); + if (ret == 0) { + if (k5ccname) + ret = krb5_cc_resolve(context, k5ccname, &id); else - strlcpy(buf2, ">>> Expired <<< ", sizeof(buf2)); - lreply(200, "%s %s %s (%d)", buf1, buf2, - krb_unparse_name_long(c.service, c.instance, c.realm), c.kvno); + ret = krb5_cc_default (context, &id); + if (ret) + krb5_free_context(context); } - if (header && err == EOF) { - lreply(200, "No tickets in file."); + if (ret == 0) { + krb5_cc_destroy(context, id); + krb5_free_context (context); } - reply(200, " "); } +#endif + +#if defined(KRB4) || defined(KRB5) /* * Only destroy if we created the tickets @@ -325,35 +287,64 @@ klist(void) void cond_kdestroy(void) { - if (do_destroy_tickets) + if (do_destroy_tickets) { +#if KRB4 dest_tkt(); +#endif +#if KRB5 + dest_cc(); +#endif + do_destroy_tickets = 0; + } afsunlog(); } void kdestroy(void) { +#if KRB4 dest_tkt(); +#endif +#if KRB5 + dest_cc(); +#endif afsunlog(); reply(200, "Tickets destroyed"); } -void -krbtkfile(const char *tkfile) -{ - do_destroy_tickets = 0; - krb_set_tkt_string(tkfile); - reply(200, "Using ticket file %s", tkfile); -} void -afslog(const char *cell) +afslog(const char *cell, int quiet) { if(k_hasafs()) { +#ifdef KRB5 + krb5_context context; + krb5_error_code ret; + krb5_ccache id; + + ret = krb5_init_context(&context); + if (ret == 0) { + if (k5ccname) + ret = krb5_cc_resolve(context, k5ccname, &id); + else + ret = krb5_cc_default(context, &id); + if (ret) + krb5_free_context(context); + } + if (ret == 0) { + krb5_afslog(context, id, cell, 0); + krb5_cc_close (context, id); + krb5_free_context (context); + } +#endif +#ifdef KRB4 krb_afslog(cell, 0); - reply(200, "afslog done"); +#endif + if (!quiet) + reply(200, "afslog done"); } else { - reply(200, "no AFS present"); + if (!quiet) + reply(200, "no AFS present"); } } @@ -363,3 +354,7 @@ afsunlog(void) if(k_hasafs()) k_unlog(); } + +#else +int ftpd_afslog_placeholder; +#endif /* KRB4 || KRB5 */ |