diff options
Diffstat (limited to 'crypto/kerberosIV/lib/auth/sia')
| -rw-r--r-- | crypto/kerberosIV/lib/auth/sia/Makefile.in | 5 | ||||
| -rw-r--r-- | crypto/kerberosIV/lib/auth/sia/README | 4 | ||||
| -rw-r--r-- | crypto/kerberosIV/lib/auth/sia/krb4+c2_matrix.conf | 9 | ||||
| -rw-r--r-- | crypto/kerberosIV/lib/auth/sia/krb4_matrix.conf | 9 | ||||
| -rw-r--r-- | crypto/kerberosIV/lib/auth/sia/sia.c | 29 |
5 files changed, 23 insertions, 33 deletions
diff --git a/crypto/kerberosIV/lib/auth/sia/Makefile.in b/crypto/kerberosIV/lib/auth/sia/Makefile.in index 7abc8f0..69858bd 100644 --- a/crypto/kerberosIV/lib/auth/sia/Makefile.in +++ b/crypto/kerberosIV/lib/auth/sia/Makefile.in @@ -1,5 +1,5 @@ # -# $Id: Makefile.in,v 1.29 1999/03/21 17:11:58 joda Exp $ +# $Id: Makefile.in,v 1.30 1999/11/15 10:20:50 assar Exp $ # SHELL = /bin/sh @@ -39,7 +39,8 @@ LD_FLAGS = @REAL_LD_FLAGS@ @lib_deps_yes@ -lc @lib_deps_no@LIB_DEPS = -LIB = libsia_krb4.$(SHLIBEXT) +LIBNAME = libsia_krb4 +LIB = $(LIBNAME).$(SHLIBEXT) SOURCES = sia.c posix_getpw.c diff --git a/crypto/kerberosIV/lib/auth/sia/README b/crypto/kerberosIV/lib/auth/sia/README index aa7383e..6595734 100644 --- a/crypto/kerberosIV/lib/auth/sia/README +++ b/crypto/kerberosIV/lib/auth/sia/README @@ -59,7 +59,7 @@ following. the default entry `/usr/tcb/bin/edauth -dd default', and add a `d_accept_alternate_vouching' capability, if not already present. - * For each user that does *not* have a local C2 password, you should + * For each user that does _not_ have a local C2 password, you should set the password expiration field to zero. You can do this for each user, or in the `default' table. To do this use `edauth' to set (or change) the `u_exp' capability to `u_exp#0'. @@ -78,7 +78,7 @@ Also, kerberised ftp will not work with C2 passwords. You can solve this by using both Digital's ftpd and our on different ports. *Remember*, if you do these changes you will get a system that most -certainly does *not* fulfill the requirements of a C2 system. If C2 is +certainly does _not_ fulfill the requirements of a C2 system. If C2 is what you want, for instance if someone else is forcing you to use it, you're out of luck. If you use enhanced security because you want a system that is more secure than it would otherwise be, you probably got diff --git a/crypto/kerberosIV/lib/auth/sia/krb4+c2_matrix.conf b/crypto/kerberosIV/lib/auth/sia/krb4+c2_matrix.conf index b664d3d..4b90e02 100644 --- a/crypto/kerberosIV/lib/auth/sia/krb4+c2_matrix.conf +++ b/crypto/kerberosIV/lib/auth/sia/krb4+c2_matrix.conf @@ -13,12 +13,7 @@ # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # -# 3. All advertising materials mentioning features or use of this software -# must display the following acknowledgement: -# This product includes software developed by Kungliga Tekniska -# Högskolan and its contributors. -# -# 4. Neither the name of the Institute nor the names of its contributors +# 3. Neither the name of the Institute nor the names of its contributors # may be used to endorse or promote products derived from this software # without specific prior written permission. # @@ -34,7 +29,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. -# $Id: krb4+c2_matrix.conf,v 1.3 1998/06/30 15:14:31 assar Exp $ +# $Id: krb4+c2_matrix.conf,v 1.4 1999/12/02 16:58:37 joda Exp $ # sia matrix configuration file (Kerberos 4 + C2) diff --git a/crypto/kerberosIV/lib/auth/sia/krb4_matrix.conf b/crypto/kerberosIV/lib/auth/sia/krb4_matrix.conf index 9f78850..4f55a81 100644 --- a/crypto/kerberosIV/lib/auth/sia/krb4_matrix.conf +++ b/crypto/kerberosIV/lib/auth/sia/krb4_matrix.conf @@ -13,12 +13,7 @@ # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # -# 3. All advertising materials mentioning features or use of this software -# must display the following acknowledgement: -# This product includes software developed by Kungliga Tekniska -# Högskolan and its contributors. -# -# 4. Neither the name of the Institute nor the names of its contributors +# 3. Neither the name of the Institute nor the names of its contributors # may be used to endorse or promote products derived from this software # without specific prior written permission. # @@ -34,7 +29,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. -# $Id: krb4_matrix.conf,v 1.5 1998/01/29 02:54:11 joda Exp $ +# $Id: krb4_matrix.conf,v 1.6 1999/12/02 16:58:37 joda Exp $ # sia matrix configuration file (Kerberos 4 + BSD) diff --git a/crypto/kerberosIV/lib/auth/sia/sia.c b/crypto/kerberosIV/lib/auth/sia/sia.c index 8d35b41..73cd53e 100644 --- a/crypto/kerberosIV/lib/auth/sia/sia.c +++ b/crypto/kerberosIV/lib/auth/sia/sia.c @@ -33,7 +33,7 @@ #include "sia_locl.h" -RCSID("$Id: sia.c,v 1.30 1999/04/08 13:07:38 joda Exp $"); +RCSID("$Id: sia.c,v 1.32 1999/10/03 15:49:36 joda Exp $"); int siad_init(void) @@ -105,7 +105,7 @@ doauth(SIAENTITY *entity, int pkgind, char *name) char pwbuf[1024]; struct state *s = (struct state*)entity->mech[pkgind]; #ifdef SIA_KRB5 - char *realm; + krb5_realm *realms, *r; krb5_principal principal; krb5_ccache ccache; krb5_error_code ret; @@ -125,23 +125,22 @@ doauth(SIAENTITY *entity, int pkgind, char *name) } #ifdef SIA_KRB5 - ret = krb5_get_default_realm(s->context, &realm); - krb5_build_principal(s->context, &principal, - strlen(realm), - realm, - entity->name, - NULL); + ret = krb5_get_default_realms(s->context, &realms); - - if(!krb5_kuserok(s->context, principal, entity->name)) + for (r = realms; *r != NULL; ++r) { + krb5_make_principal (s->context, &principal, *r, entity->name, NULL); + + if(krb5_kuserok(s->context, principal, entity->name)) + break; + } + krb5_free_host_realm (s->context, realms); + if (*r == NULL) return SIADFAIL; + sprintf(s->ticket, "FILE:/tmp/krb5_cc%d_%d", pwd->pw_uid, getpid()); ret = krb5_cc_resolve(s->context, s->ticket, &ccache); if(ret) return SIADFAIL; - ret = krb5_cc_initialize(s->context, ccache, principal); - if(ret) - return SIADFAIL; #endif #ifdef SIA_KRB4 @@ -181,8 +180,8 @@ doauth(SIAENTITY *entity, int pkgind, char *name) } #endif #ifdef SIA_KRB5 - ret = krb5_verify_user(s->context, principal, ccache, - entity->password, 1, NULL); + ret = krb5_verify_user_lrealm(s->context, principal, ccache, + entity->password, 1, NULL); if(ret){ /* if this is most likely a local user (such as root), just silently return failure when the |
