[BACK]Return to auth-krb4.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/Attic/auth-krb4.c between version 1.14.2.4 and 1.15

version 1.14.2.4, 2001/03/21 18:52:32 version 1.15, 2000/06/22 23:54:59
Line 1 
Line 1 
 /*  /*
  * Copyright (c) 1999 Dug Song.  All rights reserved.   *    Dug Song <dugsong@UMICH.EDU>
  *   *    Kerberos v4 authentication and ticket-passing routines.
  * Redistribution and use in source and binary forms, with or without  
  * modification, are permitted provided that the following conditions  
  * are met:  
  * 1. Redistributions of source code must retain the above copyright  
  *    notice, this list of conditions and the following disclaimer.  
  * 2. Redistributions in binary form must reproduce the above copyright  
  *    notice, this list of conditions and the following disclaimer in the  
  *    documentation and/or other materials provided with the distribution.  
  *  
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR  
  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES  
  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  
  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,  
  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT  
  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,  
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY  
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT  
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF  
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.  
  */   */
   
 #include "includes.h"  #include "includes.h"
 RCSID("$OpenBSD$");  
   
 #include "ssh.h"  
 #include "ssh1.h"  
 #include "packet.h"  #include "packet.h"
 #include "xmalloc.h"  #include "xmalloc.h"
 #include "log.h"  #include "ssh.h"
 #include "servconf.h"  #include "servconf.h"
 #include "auth.h"  
   
 #ifdef AFS  RCSID("$OpenBSD$");
 #include "radix.h"  
 #endif  
   
 #ifdef KRB4  #ifdef KRB4
 char *ticket = NULL;  char *ticket = NULL;
Line 53 
Line 27 
         AUTH_DAT adata;          AUTH_DAT adata;
         KTEXT_ST tkt;          KTEXT_ST tkt;
         struct hostent *hp;          struct hostent *hp;
         u_long faddr;          unsigned long faddr;
         char localhost[MAXHOSTNAMELEN];          char localhost[MAXHOSTNAMELEN];
         char phost[INST_SZ];          char phost[INST_SZ];
         char realm[REALM_SZ];          char realm[REALM_SZ];
Line 108 
Line 82 
                         if (r == RD_AP_UNDEC) {                          if (r == RD_AP_UNDEC) {
                                 /*                                  /*
                                  * Probably didn't have a srvtab on                                   * Probably didn't have a srvtab on
                                  * localhost. Disallow login.                                   * localhost. Allow login.
                                  */                                   */
                                 log("Kerberos V4 TGT for %s unverifiable, "                                  log("Kerberos V4 TGT for %s unverifiable, "
                                     "no srvtab installed? krb_rd_req: %s",                                      "no srvtab installed? krb_rd_req: %s",
                                     pw->pw_name, krb_err_txt[r]);                                      pw->pw_name, krb_err_txt[r]);
                                 goto kerberos_auth_failure;  
                         } else if (r != KSUCCESS) {                          } else if (r != KSUCCESS) {
                                 log("Kerberos V4 %s ticket unverifiable: %s",                                  log("Kerberos V4 %s ticket unverifiable: %s",
                                     KRB4_SERVICE_NAME, krb_err_txt[r]);                                      KRB4_SERVICE_NAME, krb_err_txt[r]);
Line 121 
Line 94 
                         }                          }
                 } else if (r == KDC_PR_UNKNOWN) {                  } else if (r == KDC_PR_UNKNOWN) {
                         /*                          /*
                          * Disallow login if no rcmd service exists, and                           * Allow login if no rcmd service exists, but
                          * log the error.                           * log the error.
                          */                           */
                         log("Kerberos V4 TGT for %s unverifiable: %s; %s.%s "                          log("Kerberos V4 TGT for %s unverifiable: %s; %s.%s "
                             "not registered, or srvtab is wrong?", pw->pw_name,                              "not registered, or srvtab is wrong?", pw->pw_name,
                         krb_err_txt[r], KRB4_SERVICE_NAME, phost);                          krb_err_txt[r], KRB4_SERVICE_NAME, phost);
                         goto kerberos_auth_failure;  
                 } else {                  } else {
                         /*                          /*
                          * TGT is bad, forget it. Possibly spoofed!                           * TGT is bad, forget it. Possibly spoofed!
Line 180 
Line 152 
                 if (lstat("/ticket", &st) != -1)                  if (lstat("/ticket", &st) != -1)
                         tkt_root = "/ticket/";                          tkt_root = "/ticket/";
 #endif /* AFS */  #endif /* AFS */
                 snprintf(ticket, MAXPATHLEN, "%s%u_%d", tkt_root, uid, getpid());                  snprintf(ticket, MAXPATHLEN, "%s%d_%d", tkt_root, uid, getpid());
                 (void) krb_set_tkt_string(ticket);                  (void) krb_set_tkt_string(ticket);
         }          }
         /* Register ticket cleanup in case of fatal error. */          /* Register ticket cleanup in case of fatal error. */
Line 287 
Line 259 
 {  {
         CREDENTIALS creds;          CREDENTIALS creds;
   
         if (pw == NULL)  
                 goto auth_kerberos_tgt_failure;  
         if (!radix_to_creds(string, &creds)) {          if (!radix_to_creds(string, &creds)) {
                 log("Protocol error decoding Kerberos V4 tgt");                  log("Protocol error decoding Kerberos V4 tgt");
                 packet_send_debug("Protocol error decoding Kerberos V4 tgt");                  packet_send_debug("Protocol error decoding Kerberos V4 tgt");
Line 343 
Line 313 
 auth_afs_token(struct passwd *pw, const char *token_string)  auth_afs_token(struct passwd *pw, const char *token_string)
 {  {
         CREDENTIALS creds;          CREDENTIALS creds;
         uid_t uid;          uid_t uid = pw->pw_uid;
   
         if (pw == NULL) {  
                 /* XXX fake protocol error */  
                 packet_send_debug("Protocol error decoding AFS token");  
                 packet_start(SSH_SMSG_FAILURE);  
                 packet_send();  
                 packet_write_wait();  
                 return 0;  
         }  
         if (!radix_to_creds(token_string, &creds)) {          if (!radix_to_creds(token_string, &creds)) {
                 log("Protocol error decoding AFS token");                  log("Protocol error decoding AFS token");
                 packet_send_debug("Protocol error decoding AFS token");                  packet_send_debug("Protocol error decoding AFS token");
Line 366 
Line 328 
   
         if (strncmp(creds.pname, "AFS ID ", 7) == 0)          if (strncmp(creds.pname, "AFS ID ", 7) == 0)
                 uid = atoi(creds.pname + 7);                  uid = atoi(creds.pname + 7);
         else  
                 uid = pw->pw_uid;  
   
         if (kafs_settoken(creds.realm, uid, &creds)) {          if (kafs_settoken(creds.realm, uid, &creds)) {
                 log("AFS token (%s@%s) rejected for %s", creds.pname, creds.realm,                  log("AFS token (%s@%s) rejected for %s", creds.pname, creds.realm,
Legend:
Removed from v.1.14.2.4  
changed lines
  Added in v.1.15