diff options
Diffstat (limited to 'crypto/heimdal/appl/telnet/libtelnet/kerberos5.c')
-rw-r--r-- | crypto/heimdal/appl/telnet/libtelnet/kerberos5.c | 110 |
1 files changed, 94 insertions, 16 deletions
diff --git a/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c b/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c index 2e6e2e5..f819904 100644 --- a/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c +++ b/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c @@ -53,7 +53,7 @@ #include <config.h> -RCSID("$Id: kerberos5.c,v 1.39 2000/02/01 00:32:05 assar Exp $"); +RCSID("$Id: kerberos5.c,v 1.47 2001/01/09 18:45:33 assar Exp $"); #ifdef KRB5 @@ -78,6 +78,12 @@ RCSID("$Id: kerberos5.c,v 1.39 2000/02/01 00:32:05 assar Exp $"); #include "auth.h" #include "misc.h" +#if defined(DCE) +int dfsk5ok = 0; +int dfspag = 0; +int dfsfwd = 0; +#endif + int forward_flags = 0; /* Flags get set in telnet/main.c on -f and -F */ /* These values need to be the same as those defined in telnet/main.c. */ @@ -139,14 +145,34 @@ Data(Authenticator *ap, int type, void *d, int c) int kerberos5_init(Authenticator *ap, int server) { - if (server) + krb5_error_code ret; + + ret = krb5_init_context(&context); + if (ret) + return 0; + if (server) { + krb5_keytab kt; + krb5_kt_cursor cursor; + + ret = krb5_kt_default(context, &kt); + if (ret) + return 0; + + ret = krb5_kt_start_seq_get (context, kt, &cursor); + if (ret) { + krb5_kt_close (context, kt); + return 0; + } + krb5_kt_end_seq_get (context, kt, &cursor); + krb5_kt_close (context, kt); + str_data[3] = TELQUAL_REPLY; - else + } else str_data[3] = TELQUAL_IS; - krb5_init_context(&context); return(1); } +extern int net; static int kerberos5_send(char *name, Authenticator *ap) { @@ -155,9 +181,7 @@ kerberos5_send(char *name, Authenticator *ap) int ap_opts; krb5_data cksum_data; char foo[2]; - extern int net; - printf("[ Trying %s ... ]\r\n", name); if (!UserNameRequested) { if (auth_debug_mode) { printf("Kerberos V5: no user name supplied\r\n"); @@ -207,10 +231,42 @@ kerberos5_send(char *name, Authenticator *ap) cksum_data.length = sizeof(foo); cksum_data.data = foo; - ret = krb5_mk_req(context, &auth_context, ap_opts, - "host", RemoteHostName, - &cksum_data, ccache, &auth); + + { + krb5_principal service; + char sname[128]; + + + ret = krb5_sname_to_principal (context, + RemoteHostName, + NULL, + KRB5_NT_SRV_HST, + &service); + if(ret) { + if (auth_debug_mode) { + printf ("Kerberos V5:" + " krb5_sname_to_principal(%s) failed (%s)\r\n", + RemoteHostName, krb5_get_err_text(context, ret)); + } + return 0; + } + ret = krb5_unparse_name_fixed(context, service, sname, sizeof(sname)); + if(ret) { + if (auth_debug_mode) { + printf ("Kerberos V5:" + " krb5_unparse_name_fixed failed (%s)\r\n", + krb5_get_err_text(context, ret)); + } + return 0; + } + printf("[ Trying %s (%s)... ]\r\n", name, sname); + ret = krb5_mk_req_exact(context, &auth_context, ap_opts, + service, + &cksum_data, ccache, &auth); + krb5_free_principal (context, service); + + } if (ret) { if (1 || auth_debug_mode) { printf("Kerberos V5: mk_req failed (%s)\r\n", @@ -312,8 +368,8 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) NULL, NULL, &ticket); - krb5_free_principal (context, server); + krb5_free_principal (context, server); if (ret) { char *errbuf; @@ -364,7 +420,7 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) } if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { - ret = krb5_mk_rep(context, &auth_context, &outbuf); + ret = krb5_mk_rep(context, auth_context, &outbuf); if (ret) { Data(ap, KRB_REJECT, "krb5_mk_rep failed", -1); @@ -454,10 +510,13 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) break; } - ret = krb5_rd_cred (context, - auth_context, - ccache, - &inbuf); +#if defined(DCE) + esetenv("KRB5CCNAME", ccname, 1); +#endif + ret = krb5_rd_cred2 (context, + auth_context, + ccache, + &inbuf); if(ret) { char *errbuf; @@ -472,8 +531,12 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) printf("Could not read forwarded credentials: %s\r\n", errbuf); free (errbuf); - } else + } else { Data(ap, KRB_FORWARD_ACCEPT, 0, 0); +#if defined(DCE) + dfsfwd = 1; +#endif + } chown (ccname + 5, pwd->pw_uid, -1); if (auth_debug_mode) printf("Forwarded credentials obtained\r\n"); @@ -590,6 +653,9 @@ kerberos5_status(Authenticator *ap, char *name, size_t name_sz, int level) UserNameRequested)) { strlcpy(name, UserNameRequested, name_sz); +#if defined(DCE) + dfsk5ok = 1; +#endif return(AUTH_VALID); } else return(AUTH_USER); @@ -733,4 +799,16 @@ kerberos5_forward(Authenticator *ap) } } +#if defined(DCE) +/* if this was a K5 authentication try and join a PAG for the user. */ +void +kerberos5_dfspag(void) +{ + if (dfsk5ok) { + dfspag = krb5_dfs_pag(context, dfsfwd, ticket->client, + UserNameRequested); + } +} +#endif + #endif /* KRB5 */ |