version 1.29, 2003/02/21 10:34:48 |
version 1.30, 2003/04/08 20:21:28 |
|
|
return (1); |
return (1); |
} |
} |
/* Failure - cancel cleanup function, leaving ticket for inspection. */ |
/* Failure - cancel cleanup function, leaving ticket for inspection. */ |
log("WARNING: bad ticket file %s", authctxt->krb4_ticket_file); |
logit("WARNING: bad ticket file %s", authctxt->krb4_ticket_file); |
|
|
fatal_remove_cleanup(krb4_cleanup_proc, authctxt); |
fatal_remove_cleanup(krb4_cleanup_proc, authctxt); |
cleanup_registered = 0; |
cleanup_registered = 0; |
|
|
if (pw->pw_uid != 0 && krb_get_lrealm(realm, 1) == KSUCCESS) { |
if (pw->pw_uid != 0 && krb_get_lrealm(realm, 1) == KSUCCESS) { |
/* Set up our ticket file. */ |
/* Set up our ticket file. */ |
if (!krb4_init(authctxt)) { |
if (!krb4_init(authctxt)) { |
log("Couldn't initialize Kerberos ticket file for %s!", |
logit("Couldn't initialize Kerberos ticket file for %s!", |
pw->pw_name); |
pw->pw_name); |
goto failure; |
goto failure; |
} |
} |
|
|
|
|
if (r == KSUCCESS) { |
if (r == KSUCCESS) { |
if ((hp = gethostbyname(localhost)) == NULL) { |
if ((hp = gethostbyname(localhost)) == NULL) { |
log("Couldn't get local host address!"); |
logit("Couldn't get local host address!"); |
goto failure; |
goto failure; |
} |
} |
memmove((void *)&faddr, (void *)hp->h_addr, |
memmove((void *)&faddr, (void *)hp->h_addr, |
|
|
* Probably didn't have a srvtab on |
* Probably didn't have a srvtab on |
* localhost. Disallow login. |
* localhost. Disallow login. |
*/ |
*/ |
log("Kerberos v4 TGT for %s unverifiable, " |
logit("Kerberos v4 TGT for %s unverifiable, " |
"no srvtab installed? krb_rd_req: %s", |
"no srvtab installed? krb_rd_req: %s", |
pw->pw_name, krb_err_txt[r]); |
pw->pw_name, krb_err_txt[r]); |
goto failure; |
goto failure; |
} else if (r != KSUCCESS) { |
} else if (r != KSUCCESS) { |
log("Kerberos v4 %s ticket unverifiable: %s", |
logit("Kerberos v4 %s ticket unverifiable: %s", |
KRB4_SERVICE_NAME, krb_err_txt[r]); |
KRB4_SERVICE_NAME, krb_err_txt[r]); |
goto failure; |
goto failure; |
} |
} |
|
|
* Disallow login if no rcmd service exists, and |
* Disallow login if no rcmd service exists, and |
* log the error. |
* log the error. |
*/ |
*/ |
log("Kerberos v4 TGT for %s unverifiable: %s; %s.%s " |
logit("Kerberos v4 TGT for %s unverifiable: %s; %s.%s " |
"not registered, or srvtab is wrong?", pw->pw_name, |
"not registered, or srvtab is wrong?", pw->pw_name, |
krb_err_txt[r], KRB4_SERVICE_NAME, phost); |
krb_err_txt[r], KRB4_SERVICE_NAME, phost); |
goto failure; |
goto failure; |
|
|
|
|
/* Check ~/.klogin authorization now. */ |
/* Check ~/.klogin authorization now. */ |
if (kuserok(&adat, authctxt->user) != KSUCCESS) { |
if (kuserok(&adat, authctxt->user) != KSUCCESS) { |
log("Kerberos v4 .klogin authorization failed for %s to " |
logit("Kerberos v4 .klogin authorization failed for %s to " |
"account %s", *client, authctxt->user); |
"account %s", *client, authctxt->user); |
xfree(*client); |
xfree(*client); |
*client = NULL; |
*client = NULL; |
|
|
temporarily_use_uid(pw); |
temporarily_use_uid(pw); |
|
|
if (!radix_to_creds(string, &creds)) { |
if (!radix_to_creds(string, &creds)) { |
log("Protocol error decoding Kerberos v4 TGT"); |
logit("Protocol error decoding Kerberos v4 TGT"); |
goto failure; |
goto failure; |
} |
} |
if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */ |
if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */ |
strlcpy(creds.service, "krbtgt", sizeof creds.service); |
strlcpy(creds.service, "krbtgt", sizeof creds.service); |
|
|
if (strcmp(creds.service, "krbtgt")) { |
if (strcmp(creds.service, "krbtgt")) { |
log("Kerberos v4 TGT (%s%s%s@%s) rejected for %s", |
logit("Kerberos v4 TGT (%s%s%s@%s) rejected for %s", |
creds.pname, creds.pinst[0] ? "." : "", creds.pinst, |
creds.pname, creds.pinst[0] ? "." : "", creds.pinst, |
creds.realm, pw->pw_name); |
creds.realm, pw->pw_name); |
goto failure; |
goto failure; |
|
|
return (0); |
return (0); |
|
|
if (!radix_to_creds(token_string, &creds)) { |
if (!radix_to_creds(token_string, &creds)) { |
log("Protocol error decoding AFS token"); |
logit("Protocol error decoding AFS token"); |
return (0); |
return (0); |
} |
} |
if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */ |
if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */ |
|
|
uid = pw->pw_uid; |
uid = pw->pw_uid; |
|
|
if (kafs_settoken(creds.realm, uid, &creds)) { |
if (kafs_settoken(creds.realm, uid, &creds)) { |
log("AFS token (%s@%s) rejected for %s", |
logit("AFS token (%s@%s) rejected for %s", |
creds.pname, creds.realm, pw->pw_name); |
creds.pname, creds.realm, pw->pw_name); |
memset(&creds, 0, sizeof(creds)); |
memset(&creds, 0, sizeof(creds)); |
return (0); |
return (0); |