version 1.8, 2002/03/19 10:49:35 |
version 1.8.2.2, 2003/04/03 22:35:16 |
|
|
* from the ticket |
* from the ticket |
*/ |
*/ |
int |
int |
auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client) |
auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *reply) |
{ |
{ |
krb5_error_code problem; |
krb5_error_code problem; |
krb5_principal server; |
krb5_principal server; |
krb5_data reply; |
|
krb5_ticket *ticket; |
krb5_ticket *ticket; |
int fd, ret; |
int fd, ret; |
|
|
ret = 0; |
ret = 0; |
server = NULL; |
server = NULL; |
ticket = NULL; |
ticket = NULL; |
reply.length = 0; |
reply->length = 0; |
|
|
problem = krb5_init(authctxt); |
problem = krb5_init(authctxt); |
if (problem) |
if (problem) |
|
|
if (problem) |
if (problem) |
goto err; |
goto err; |
|
|
problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL , |
problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL, |
KRB5_NT_SRV_HST, &server); |
KRB5_NT_SRV_HST, &server); |
if (problem) |
if (problem) |
goto err; |
goto err; |
|
|
|
|
/* if client wants mutual auth */ |
/* if client wants mutual auth */ |
problem = krb5_mk_rep(authctxt->krb5_ctx, authctxt->krb5_auth_ctx, |
problem = krb5_mk_rep(authctxt->krb5_ctx, authctxt->krb5_auth_ctx, |
&reply); |
reply); |
if (problem) |
if (problem) |
goto err; |
goto err; |
|
|
|
|
krb5_unparse_name(authctxt->krb5_ctx, authctxt->krb5_user, |
krb5_unparse_name(authctxt->krb5_ctx, authctxt->krb5_user, |
client); |
client); |
|
|
packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE); |
|
packet_put_string((char *) reply.data, reply.length); |
|
packet_send(); |
|
packet_write_wait(); |
|
|
|
ret = 1; |
ret = 1; |
err: |
err: |
if (server) |
if (server) |
krb5_free_principal(authctxt->krb5_ctx, server); |
krb5_free_principal(authctxt->krb5_ctx, server); |
if (ticket) |
if (ticket) |
krb5_free_ticket(authctxt->krb5_ctx, ticket); |
krb5_free_ticket(authctxt->krb5_ctx, ticket); |
if (reply.length) |
if (!ret && reply->length) { |
xfree(reply.data); |
xfree(reply->data); |
|
memset(reply, 0, sizeof(*reply)); |
|
} |
|
|
if (problem) { |
if (problem) { |
if (authctxt->krb5_ctx != NULL) |
if (authctxt->krb5_ctx != NULL) |