version 1.10, 2002/11/21 23:03:51 |
version 1.11, 2003/07/16 15:02:06 |
|
|
auth_krb5_password(Authctxt *authctxt, const char *password) |
auth_krb5_password(Authctxt *authctxt, const char *password) |
{ |
{ |
krb5_error_code problem; |
krb5_error_code problem; |
|
krb5_ccache ccache = NULL; |
|
|
if (authctxt->pw == NULL) |
if (authctxt->pw == NULL) |
return (0); |
return (0); |
|
|
if (problem) |
if (problem) |
goto out; |
goto out; |
|
|
problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, |
problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, &ccache); |
&authctxt->krb5_fwd_ccache); |
|
if (problem) |
if (problem) |
goto out; |
goto out; |
|
|
problem = krb5_cc_initialize(authctxt->krb5_ctx, |
problem = krb5_cc_initialize(authctxt->krb5_ctx, ccache, |
authctxt->krb5_fwd_ccache, authctxt->krb5_user); |
authctxt->krb5_user); |
if (problem) |
if (problem) |
goto out; |
goto out; |
|
|
restore_uid(); |
restore_uid(); |
|
|
problem = krb5_verify_user(authctxt->krb5_ctx, authctxt->krb5_user, |
problem = krb5_verify_user(authctxt->krb5_ctx, authctxt->krb5_user, |
authctxt->krb5_fwd_ccache, password, 1, NULL); |
ccache, password, 1, NULL); |
|
|
temporarily_use_uid(authctxt->pw); |
temporarily_use_uid(authctxt->pw); |
|
|
if (problem) |
if (problem) |
goto out; |
goto out; |
|
|
|
problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops, |
|
&authctxt->krb5_fwd_ccache); |
|
if (problem) |
|
goto out; |
|
|
|
problem = krb5_cc_copy_cache(authctxt->krb5_ctx, ccache, |
|
authctxt->krb5_fwd_ccache); |
|
krb5_cc_destroy(authctxt->krb5_ctx, ccache); |
|
ccache = NULL; |
|
if (problem) |
|
goto out; |
|
|
authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); |
authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); |
|
|
out: |
out: |
restore_uid(); |
restore_uid(); |
|
|
if (problem) { |
if (problem) { |
|
if (ccache) |
|
krb5_cc_destroy(authctxt->krb5_ctx, ccache); |
|
|
if (authctxt->krb5_ctx != NULL) |
if (authctxt->krb5_ctx != NULL) |
debug("Kerberos password authentication failed: %s", |
debug("Kerberos password authentication failed: %s", |
krb5_get_err_text(authctxt->krb5_ctx, problem)); |
krb5_get_err_text(authctxt->krb5_ctx, problem)); |