1 files changed, 94 insertions, 16 deletions

diff --git a/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c b/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c
index 2e6e2e5..f819904 100644
--- a/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c
+++ b/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c
@@ -53,7 +53,7 @@
 
 #include <config.h>
 
-RCSID("$Id: kerberos5.c,v 1.39 2000/02/01 00:32:05 assar Exp $");
+RCSID("$Id: kerberos5.c,v 1.47 2001/01/09 18:45:33 assar Exp $");
 
 #ifdef	KRB5
 
@@ -78,6 +78,12 @@ RCSID("$Id: kerberos5.c,v 1.39 2000/02/01 00:32:05 assar Exp $");
 #include "auth.h"
 #include "misc.h"
 
+#if defined(DCE)
+int dfsk5ok = 0;
+int dfspag = 0;
+int dfsfwd = 0;
+#endif
+
 int forward_flags = 0;  /* Flags get set in telnet/main.c on -f and -F */
 
 /* These values need to be the same as those defined in telnet/main.c. */
@@ -139,14 +145,34 @@ Data(Authenticator *ap, int type, void *d, int c)
 int
 kerberos5_init(Authenticator *ap, int server)
 {
-    if (server)
+    krb5_error_code ret;
+
+    ret = krb5_init_context(&context);
+    if (ret)
+	return 0;
+    if (server) {
+	krb5_keytab kt;
+	krb5_kt_cursor cursor;
+
+	ret = krb5_kt_default(context, &kt);
+	if (ret)
+	    return 0;
+
+	ret = krb5_kt_start_seq_get (context, kt, &cursor);
+	if (ret) {
+	    krb5_kt_close (context, kt);
+	    return 0;
+	}
+	krb5_kt_end_seq_get (context, kt, &cursor);
+	krb5_kt_close (context, kt);
+
 	str_data[3] = TELQUAL_REPLY;
-    else
+    } else
 	str_data[3] = TELQUAL_IS;
-    krb5_init_context(&context);
     return(1);
 }
 
+extern int net;
 static int
 kerberos5_send(char *name, Authenticator *ap)
 {
@@ -155,9 +181,7 @@ kerberos5_send(char *name, Authenticator *ap)
     int ap_opts;
     krb5_data cksum_data;
     char foo[2];
-    extern int net;
     
-    printf("[ Trying %s ... ]\r\n", name);
     if (!UserNameRequested) {
 	if (auth_debug_mode) {
 	    printf("Kerberos V5: no user name supplied\r\n");
@@ -207,10 +231,42 @@ kerberos5_send(char *name, Authenticator *ap)
 
     cksum_data.length = sizeof(foo);
     cksum_data.data   = foo;
-    ret = krb5_mk_req(context, &auth_context, ap_opts,
-		      "host", RemoteHostName, 
-		      &cksum_data, ccache, &auth);
 
+
+    {
+	krb5_principal service;
+	char sname[128];
+
+
+	ret = krb5_sname_to_principal (context,
+				       RemoteHostName,
+				       NULL,
+				       KRB5_NT_SRV_HST,
+				       &service);
+	if(ret) {
+	    if (auth_debug_mode) {
+		printf ("Kerberos V5:"
+			" krb5_sname_to_principal(%s) failed (%s)\r\n",
+			RemoteHostName, krb5_get_err_text(context, ret));
+	    }
+	    return 0;
+	}
+	ret = krb5_unparse_name_fixed(context, service, sname, sizeof(sname));
+	if(ret) {
+	    if (auth_debug_mode) {
+		printf ("Kerberos V5:"
+			" krb5_unparse_name_fixed failed (%s)\r\n",
+			krb5_get_err_text(context, ret));
+	    }
+	    return 0;
+	}
+	printf("[ Trying %s (%s)... ]\r\n", name, sname);
+	ret = krb5_mk_req_exact(context, &auth_context, ap_opts,
+				service, 
+				&cksum_data, ccache, &auth);
+	krb5_free_principal (context, service);
+
+    }
     if (ret) {
 	if (1 || auth_debug_mode) {
 	    printf("Kerberos V5: mk_req failed (%s)\r\n",
@@ -312,8 +368,8 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
 			  NULL,
 			  NULL,
 			  &ticket);
-	krb5_free_principal (context, server);
 
+	krb5_free_principal (context, server);
 	if (ret) {
 	    char *errbuf;
 
@@ -364,7 +420,7 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
 	}
 
 	if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
-	    ret = krb5_mk_rep(context, &auth_context, &outbuf);
+	    ret = krb5_mk_rep(context, auth_context, &outbuf);
 	    if (ret) {
 		Data(ap, KRB_REJECT,
 		     "krb5_mk_rep failed", -1);
@@ -454,10 +510,13 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
 	    break;
 	}
 
-	ret = krb5_rd_cred (context,
-			    auth_context,
-			    ccache,
-			    &inbuf);
+#if defined(DCE)
+	esetenv("KRB5CCNAME", ccname, 1);
+#endif
+	ret = krb5_rd_cred2 (context,
+			     auth_context,
+			     ccache,
+			     &inbuf);
 	if(ret) {
 	    char *errbuf;
 
@@ -472,8 +531,12 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
 		printf("Could not read forwarded credentials: %s\r\n",
 		       errbuf);
 	    free (errbuf);
-	} else
+	} else {
 	    Data(ap, KRB_FORWARD_ACCEPT, 0, 0);
+#if defined(DCE)
+	    dfsfwd = 1;
+#endif
+	}
 	chown (ccname + 5, pwd->pw_uid, -1);
 	if (auth_debug_mode)
 	    printf("Forwarded credentials obtained\r\n");
@@ -590,6 +653,9 @@ kerberos5_status(Authenticator *ap, char *name, size_t name_sz, int level)
 		     UserNameRequested))
 	{
 	    strlcpy(name, UserNameRequested, name_sz);
+#if defined(DCE)
+	    dfsk5ok = 1;
+#endif
 	    return(AUTH_VALID);
 	} else
 	    return(AUTH_USER);
@@ -733,4 +799,16 @@ kerberos5_forward(Authenticator *ap)
     }
 }
 
+#if defined(DCE)
+/* if this was a K5 authentication try and join a PAG for the user. */
+void
+kerberos5_dfspag(void)
+{
+    if (dfsk5ok) {
+	dfspag = krb5_dfs_pag(context, dfsfwd, ticket->client,
+			      UserNameRequested);
+    }
+}
+#endif
+
 #endif /* KRB5 */