| version 1.29, 2003/02/21 10:34:48 |
version 1.30, 2003/04/08 20:21:28 |
|
|
| return (1); |
return (1); |
| } |
} |
| /* Failure - cancel cleanup function, leaving ticket for inspection. */ |
/* Failure - cancel cleanup function, leaving ticket for inspection. */ |
| log("WARNING: bad ticket file %s", authctxt->krb4_ticket_file); |
logit("WARNING: bad ticket file %s", authctxt->krb4_ticket_file); |
| |
|
| fatal_remove_cleanup(krb4_cleanup_proc, authctxt); |
fatal_remove_cleanup(krb4_cleanup_proc, authctxt); |
| cleanup_registered = 0; |
cleanup_registered = 0; |
|
|
| if (pw->pw_uid != 0 && krb_get_lrealm(realm, 1) == KSUCCESS) { |
if (pw->pw_uid != 0 && krb_get_lrealm(realm, 1) == KSUCCESS) { |
| /* Set up our ticket file. */ |
/* Set up our ticket file. */ |
| if (!krb4_init(authctxt)) { |
if (!krb4_init(authctxt)) { |
| log("Couldn't initialize Kerberos ticket file for %s!", |
logit("Couldn't initialize Kerberos ticket file for %s!", |
| pw->pw_name); |
pw->pw_name); |
| goto failure; |
goto failure; |
| } |
} |
|
|
| |
|
| if (r == KSUCCESS) { |
if (r == KSUCCESS) { |
| if ((hp = gethostbyname(localhost)) == NULL) { |
if ((hp = gethostbyname(localhost)) == NULL) { |
| log("Couldn't get local host address!"); |
logit("Couldn't get local host address!"); |
| goto failure; |
goto failure; |
| } |
} |
| memmove((void *)&faddr, (void *)hp->h_addr, |
memmove((void *)&faddr, (void *)hp->h_addr, |
|
|
| * Probably didn't have a srvtab on |
* Probably didn't have a srvtab on |
| * localhost. Disallow login. |
* localhost. Disallow login. |
| */ |
*/ |
| log("Kerberos v4 TGT for %s unverifiable, " |
logit("Kerberos v4 TGT for %s unverifiable, " |
| "no srvtab installed? krb_rd_req: %s", |
"no srvtab installed? krb_rd_req: %s", |
| pw->pw_name, krb_err_txt[r]); |
pw->pw_name, krb_err_txt[r]); |
| goto failure; |
goto failure; |
| } else if (r != KSUCCESS) { |
} else if (r != KSUCCESS) { |
| log("Kerberos v4 %s ticket unverifiable: %s", |
logit("Kerberos v4 %s ticket unverifiable: %s", |
| KRB4_SERVICE_NAME, krb_err_txt[r]); |
KRB4_SERVICE_NAME, krb_err_txt[r]); |
| goto failure; |
goto failure; |
| } |
} |
|
|
| * Disallow login if no rcmd service exists, and |
* Disallow login if no rcmd service exists, and |
| * log the error. |
* log the error. |
| */ |
*/ |
| log("Kerberos v4 TGT for %s unverifiable: %s; %s.%s " |
logit("Kerberos v4 TGT for %s unverifiable: %s; %s.%s " |
| "not registered, or srvtab is wrong?", pw->pw_name, |
"not registered, or srvtab is wrong?", pw->pw_name, |
| krb_err_txt[r], KRB4_SERVICE_NAME, phost); |
krb_err_txt[r], KRB4_SERVICE_NAME, phost); |
| goto failure; |
goto failure; |
|
|
| |
|
| /* Check ~/.klogin authorization now. */ |
/* Check ~/.klogin authorization now. */ |
| if (kuserok(&adat, authctxt->user) != KSUCCESS) { |
if (kuserok(&adat, authctxt->user) != KSUCCESS) { |
| log("Kerberos v4 .klogin authorization failed for %s to " |
logit("Kerberos v4 .klogin authorization failed for %s to " |
| "account %s", *client, authctxt->user); |
"account %s", *client, authctxt->user); |
| xfree(*client); |
xfree(*client); |
| *client = NULL; |
*client = NULL; |
|
|
| temporarily_use_uid(pw); |
temporarily_use_uid(pw); |
| |
|
| if (!radix_to_creds(string, &creds)) { |
if (!radix_to_creds(string, &creds)) { |
| log("Protocol error decoding Kerberos v4 TGT"); |
logit("Protocol error decoding Kerberos v4 TGT"); |
| goto failure; |
goto failure; |
| } |
} |
| if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */ |
if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */ |
| strlcpy(creds.service, "krbtgt", sizeof creds.service); |
strlcpy(creds.service, "krbtgt", sizeof creds.service); |
| |
|
| if (strcmp(creds.service, "krbtgt")) { |
if (strcmp(creds.service, "krbtgt")) { |
| log("Kerberos v4 TGT (%s%s%s@%s) rejected for %s", |
logit("Kerberos v4 TGT (%s%s%s@%s) rejected for %s", |
| creds.pname, creds.pinst[0] ? "." : "", creds.pinst, |
creds.pname, creds.pinst[0] ? "." : "", creds.pinst, |
| creds.realm, pw->pw_name); |
creds.realm, pw->pw_name); |
| goto failure; |
goto failure; |
|
|
| return (0); |
return (0); |
| |
|
| if (!radix_to_creds(token_string, &creds)) { |
if (!radix_to_creds(token_string, &creds)) { |
| log("Protocol error decoding AFS token"); |
logit("Protocol error decoding AFS token"); |
| return (0); |
return (0); |
| } |
} |
| if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */ |
if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */ |
|
|
| uid = pw->pw_uid; |
uid = pw->pw_uid; |
| |
|
| if (kafs_settoken(creds.realm, uid, &creds)) { |
if (kafs_settoken(creds.realm, uid, &creds)) { |
| log("AFS token (%s@%s) rejected for %s", |
logit("AFS token (%s@%s) rejected for %s", |
| creds.pname, creds.realm, pw->pw_name); |
creds.pname, creds.realm, pw->pw_name); |
| memset(&creds, 0, sizeof(creds)); |
memset(&creds, 0, sizeof(creds)); |
| return (0); |
return (0); |
![[BACK]](/icons/back.gif){kind=icon}
Return to auth-krb4.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh