diff options
Diffstat (limited to 'crypto/kerberosIV/lib/krb/verify_user.c')
-rw-r--r-- | crypto/kerberosIV/lib/krb/verify_user.c | 184 |
1 files changed, 0 insertions, 184 deletions
diff --git a/crypto/kerberosIV/lib/krb/verify_user.c b/crypto/kerberosIV/lib/krb/verify_user.c deleted file mode 100644 index 24138e2..0000000 --- a/crypto/kerberosIV/lib/krb/verify_user.c +++ /dev/null @@ -1,184 +0,0 @@ -/* - * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "krb_locl.h" - -RCSID("$Id: verify_user.c,v 1.17.2.2 2000/12/15 14:43:37 assar Exp $"); - -/* - * Verify user (name.instance@realm) with `password'. - * - * If secure, also verify against local - * service key (`linstance'.hostname) (or rcmd if linstance == NULL), - * this can (usually) only be done by root. - * - * If secure == KRB_VERIFY_SECURE, fail if there's no key. - * If secure == KRB_VERIFY_SECURE_FAIL, don't fail if there's no such - * key in the srvtab. - * - * As a side effect, fresh tickets are obtained. - * - * srvtab is where the key is found. - * - * Returns zero if ok, a positive kerberos error or -1 for system - * errors. - */ - -static int -krb_verify_user_srvtab_exact(char *name, - char *instance, - char *realm, - char *password, - int secure, - char *linstance, - char *srvtab) -{ - int ret; - - ret = krb_get_pw_in_tkt(name, instance, realm, - KRB_TICKET_GRANTING_TICKET, - realm, - DEFAULT_TKT_LIFE, password); - if(ret != KSUCCESS) - return ret; - - if(secure == KRB_VERIFY_SECURE || secure == KRB_VERIFY_SECURE_FAIL){ - struct hostent *hp; - int32_t addr; - - KTEXT_ST ticket; - AUTH_DAT auth; - int n; - - char lrealm[REALM_SZ]; - char hostname[MaxHostNameLen]; - char *phost; - - if (gethostname(hostname, sizeof(hostname)) == -1) { - dest_tkt(); - return -1; - } - - hp = gethostbyname(hostname); - if(hp == NULL){ - dest_tkt(); - return -1; - } - memcpy(&addr, hp->h_addr, sizeof(addr)); - phost = krb_get_phost(hostname); - if (linstance == NULL) - linstance = "rcmd"; - - ret = KFAILURE; - - for (n = 1; krb_get_lrealm(lrealm, n) == KSUCCESS; ++n) { - if(secure == KRB_VERIFY_SECURE_FAIL) { - des_cblock key; - ret = read_service_key(linstance, phost, lrealm, 0, srvtab, - &key); - memset(key, 0, sizeof(key)); - if(ret == KFAILURE) - continue; - } - - ret = krb_mk_req(&ticket, linstance, phost, lrealm, 0); - if(ret == KSUCCESS) { - ret = krb_rd_req(&ticket, linstance, phost, addr, &auth, - srvtab); - if (ret == KSUCCESS) - break; - } - } - if (ret != KSUCCESS) { - dest_tkt(); - return ret; - } - } - return 0; -} - -/* - * Try to verify the user and password against all the local realms. - */ - -int -krb_verify_user_srvtab(char *name, - char *instance, - char *realm, - char *password, - int secure, - char *linstance, - char *srvtab) -{ - int ret; - int n; - char rlm[256]; - - /* First try to verify against the supplied realm. */ - ret = krb_verify_user_srvtab_exact(name, instance, realm, password, - secure, linstance, srvtab); - if (ret == KSUCCESS) - return KSUCCESS; - - /* Verify all local realms, except the supplied realm. */ - for (n = 1; krb_get_lrealm(rlm, n) == KSUCCESS; n++) - if (strcmp(rlm, realm) != 0) { - ret = krb_verify_user_srvtab_exact(name, instance, rlm, password, - secure, linstance, srvtab); - if (ret == KSUCCESS) - return KSUCCESS; - } - - return ret; -} - -/* - * Compat function without srvtab. - */ - -int -krb_verify_user(char *name, - char *instance, - char *realm, - char *password, - int secure, - char *linstance) -{ - return krb_verify_user_srvtab (name, - instance, - realm, - password, - secure, - linstance, - (char *)KEYFILE); -} |