summaryrefslogtreecommitdiffstats
path: root/crypto/kerberosIV/lib/auth/sia/sia.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/kerberosIV/lib/auth/sia/sia.c')
-rw-r--r--crypto/kerberosIV/lib/auth/sia/sia.c29
1 files changed, 14 insertions, 15 deletions
diff --git a/crypto/kerberosIV/lib/auth/sia/sia.c b/crypto/kerberosIV/lib/auth/sia/sia.c
index 8d35b41..73cd53e 100644
--- a/crypto/kerberosIV/lib/auth/sia/sia.c
+++ b/crypto/kerberosIV/lib/auth/sia/sia.c
@@ -33,7 +33,7 @@
#include "sia_locl.h"
-RCSID("$Id: sia.c,v 1.30 1999/04/08 13:07:38 joda Exp $");
+RCSID("$Id: sia.c,v 1.32 1999/10/03 15:49:36 joda Exp $");
int
siad_init(void)
@@ -105,7 +105,7 @@ doauth(SIAENTITY *entity, int pkgind, char *name)
char pwbuf[1024];
struct state *s = (struct state*)entity->mech[pkgind];
#ifdef SIA_KRB5
- char *realm;
+ krb5_realm *realms, *r;
krb5_principal principal;
krb5_ccache ccache;
krb5_error_code ret;
@@ -125,23 +125,22 @@ doauth(SIAENTITY *entity, int pkgind, char *name)
}
#ifdef SIA_KRB5
- ret = krb5_get_default_realm(s->context, &realm);
- krb5_build_principal(s->context, &principal,
- strlen(realm),
- realm,
- entity->name,
- NULL);
+ ret = krb5_get_default_realms(s->context, &realms);
-
- if(!krb5_kuserok(s->context, principal, entity->name))
+ for (r = realms; *r != NULL; ++r) {
+ krb5_make_principal (s->context, &principal, *r, entity->name, NULL);
+
+ if(krb5_kuserok(s->context, principal, entity->name))
+ break;
+ }
+ krb5_free_host_realm (s->context, realms);
+ if (*r == NULL)
return SIADFAIL;
+
sprintf(s->ticket, "FILE:/tmp/krb5_cc%d_%d", pwd->pw_uid, getpid());
ret = krb5_cc_resolve(s->context, s->ticket, &ccache);
if(ret)
return SIADFAIL;
- ret = krb5_cc_initialize(s->context, ccache, principal);
- if(ret)
- return SIADFAIL;
#endif
#ifdef SIA_KRB4
@@ -181,8 +180,8 @@ doauth(SIAENTITY *entity, int pkgind, char *name)
}
#endif
#ifdef SIA_KRB5
- ret = krb5_verify_user(s->context, principal, ccache,
- entity->password, 1, NULL);
+ ret = krb5_verify_user_lrealm(s->context, principal, ccache,
+ entity->password, 1, NULL);
if(ret){
/* if this is most likely a local user (such as
root), just silently return failure when the
OpenPOWER on IntegriCloud