version 1.14, 2000/04/14 10:30:29 |
version 1.14.2.1, 2000/09/01 18:23:16 |
|
|
#include "ssh.h" |
#include "ssh.h" |
#include "servconf.h" |
#include "servconf.h" |
|
|
|
RCSID("$OpenBSD$"); |
|
|
#ifdef KRB4 |
#ifdef KRB4 |
char *ticket = NULL; |
char *ticket = NULL; |
|
|
|
|
if (r == RD_AP_UNDEC) { |
if (r == RD_AP_UNDEC) { |
/* |
/* |
* Probably didn't have a srvtab on |
* Probably didn't have a srvtab on |
* localhost. Allow login. |
* localhost. Disallow login. |
*/ |
*/ |
log("Kerberos V4 TGT for %s unverifiable, " |
log("Kerberos V4 TGT for %s unverifiable, " |
"no srvtab installed? krb_rd_req: %s", |
"no srvtab installed? krb_rd_req: %s", |
pw->pw_name, krb_err_txt[r]); |
pw->pw_name, krb_err_txt[r]); |
|
goto kerberos_auth_failure; |
} else if (r != KSUCCESS) { |
} else if (r != KSUCCESS) { |
log("Kerberos V4 %s ticket unverifiable: %s", |
log("Kerberos V4 %s ticket unverifiable: %s", |
KRB4_SERVICE_NAME, krb_err_txt[r]); |
KRB4_SERVICE_NAME, krb_err_txt[r]); |
|
|
} |
} |
} else if (r == KDC_PR_UNKNOWN) { |
} else if (r == KDC_PR_UNKNOWN) { |
/* |
/* |
* Allow login if no rcmd service exists, but |
* Disallow login if no rcmd service exists, and |
* log the error. |
* log the error. |
*/ |
*/ |
log("Kerberos V4 TGT for %s unverifiable: %s; %s.%s " |
log("Kerberos V4 TGT for %s unverifiable: %s; %s.%s " |
"not registered, or srvtab is wrong?", pw->pw_name, |
"not registered, or srvtab is wrong?", pw->pw_name, |
krb_err_txt[r], KRB4_SERVICE_NAME, phost); |
krb_err_txt[r], KRB4_SERVICE_NAME, phost); |
|
goto kerberos_auth_failure; |
} else { |
} else { |
/* |
/* |
* TGT is bad, forget it. Possibly spoofed! |
* TGT is bad, forget it. Possibly spoofed! |
|
|
if (lstat("/ticket", &st) != -1) |
if (lstat("/ticket", &st) != -1) |
tkt_root = "/ticket/"; |
tkt_root = "/ticket/"; |
#endif /* AFS */ |
#endif /* AFS */ |
snprintf(ticket, MAXPATHLEN, "%s%d_%d", tkt_root, uid, getpid()); |
snprintf(ticket, MAXPATHLEN, "%s%u_%d", tkt_root, uid, getpid()); |
(void) krb_set_tkt_string(ticket); |
(void) krb_set_tkt_string(ticket); |
} |
} |
/* Register ticket cleanup in case of fatal error. */ |
/* Register ticket cleanup in case of fatal error. */ |