| version 1.8, 1999/10/19 15:56:41 |
version 1.9, 1999/11/10 22:24:01 |
|
|
| #include "servconf.h" |
#include "servconf.h" |
| #include "xmalloc.h" |
#include "xmalloc.h" |
| |
|
| #ifdef KRB4 |
|
| extern char *ticket; |
|
| #endif /* KRB4 */ |
|
| |
|
| /* Tries to authenticate the user using password. Returns true if |
/* Tries to authenticate the user using password. Returns true if |
| authentication succeeds. */ |
authentication succeeds. */ |
| |
|
|
|
| KTEXT_ST tkt; |
KTEXT_ST tkt; |
| struct hostent *hp; |
struct hostent *hp; |
| unsigned long faddr; |
unsigned long faddr; |
| char localhost[MAXHOSTNAMELEN]; /* local host name */ |
char localhost[MAXHOSTNAMELEN]; |
| char phost[INST_SZ]; /* host instance */ |
char phost[INST_SZ]; |
| char realm[REALM_SZ]; /* local Kerberos realm */ |
char realm[REALM_SZ]; |
| int r; |
int r; |
| |
|
| /* Try Kerberos password authentication only for non-root |
/* Try Kerberos password authentication only for non-root |
|
|
| if (pw->pw_uid != 0 && krb_get_lrealm(realm, 1) == KSUCCESS) { |
if (pw->pw_uid != 0 && krb_get_lrealm(realm, 1) == KSUCCESS) { |
| |
|
| /* Set up our ticket file. */ |
/* Set up our ticket file. */ |
| if (!ssh_tf_init(pw->pw_uid)) { |
if (!krb4_init(pw->pw_uid)) { |
| log("Couldn't initialize Kerberos ticket file for %s!", |
log("Couldn't initialize Kerberos ticket file for %s!", pw->pw_name); |
| pw->pw_name); |
|
| goto kerberos_auth_failure; |
goto kerberos_auth_failure; |
| } |
} |
| /* Try to get TGT using our password. */ |
/* Try to get TGT using our password. */ |
|
|
| goto kerberos_auth_failure; |
goto kerberos_auth_failure; |
| } |
} |
| /* Successful authentication. */ |
/* Successful authentication. */ |
| chown(ticket, pw->pw_uid, pw->pw_gid); |
chown(tkt_string(), pw->pw_uid, pw->pw_gid); |
| |
|
| (void) gethostname(localhost, sizeof(localhost)); |
|
| (void) strlcpy(phost, (char *)krb_get_phost(localhost), INST_SZ); |
|
| |
|
| /* Now that we have a TGT, try to get a local "rcmd" ticket to |
/* Now that we have a TGT, try to get a local "rcmd" ticket to |
| ensure that we are not talking to a bogus Kerberos server. */ |
ensure that we are not talking to a bogus Kerberos server. */ |
| |
(void) gethostname(localhost, sizeof(localhost)); |
| |
(void) strlcpy(phost, (char *)krb_get_phost(localhost), INST_SZ); |
| r = krb_mk_req(&tkt, KRB4_SERVICE_NAME, phost, realm, 33); |
r = krb_mk_req(&tkt, KRB4_SERVICE_NAME, phost, realm, 33); |
| |
|
| if (r == KSUCCESS) { |
if (r == KSUCCESS) { |
|
|
| return 1; |
return 1; |
| |
|
| kerberos_auth_failure: |
kerberos_auth_failure: |
| (void) dest_tkt(); |
krb4_cleanup_proc(NULL); |
| xfree(ticket); |
|
| ticket = NULL; |
if (!options.kerberos_or_local_passwd) |
| if (!options.kerberos_or_local_passwd ) return 0; |
return 0; |
| } |
} |
| else { |
else { |
| /* Logging in as root or no local Kerberos realm. */ |
/* Logging in as root or no local Kerberos realm. */ |
![[BACK]](/icons/back.gif){kind=icon}
Return to auth-passwd.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh