version 1.8, 1999/10/19 15:56:41 |
version 1.9, 1999/11/10 22:24:01 |
|
|
#include "servconf.h" |
#include "servconf.h" |
#include "xmalloc.h" |
#include "xmalloc.h" |
|
|
#ifdef KRB4 |
|
extern char *ticket; |
|
#endif /* KRB4 */ |
|
|
|
/* Tries to authenticate the user using password. Returns true if |
/* Tries to authenticate the user using password. Returns true if |
authentication succeeds. */ |
authentication succeeds. */ |
|
|
|
|
KTEXT_ST tkt; |
KTEXT_ST tkt; |
struct hostent *hp; |
struct hostent *hp; |
unsigned long faddr; |
unsigned long faddr; |
char localhost[MAXHOSTNAMELEN]; /* local host name */ |
char localhost[MAXHOSTNAMELEN]; |
char phost[INST_SZ]; /* host instance */ |
char phost[INST_SZ]; |
char realm[REALM_SZ]; /* local Kerberos realm */ |
char realm[REALM_SZ]; |
int r; |
int r; |
|
|
/* Try Kerberos password authentication only for non-root |
/* Try Kerberos password authentication only for non-root |
|
|
if (pw->pw_uid != 0 && krb_get_lrealm(realm, 1) == KSUCCESS) { |
if (pw->pw_uid != 0 && krb_get_lrealm(realm, 1) == KSUCCESS) { |
|
|
/* Set up our ticket file. */ |
/* Set up our ticket file. */ |
if (!ssh_tf_init(pw->pw_uid)) { |
if (!krb4_init(pw->pw_uid)) { |
log("Couldn't initialize Kerberos ticket file for %s!", |
log("Couldn't initialize Kerberos ticket file for %s!", pw->pw_name); |
pw->pw_name); |
|
goto kerberos_auth_failure; |
goto kerberos_auth_failure; |
} |
} |
/* Try to get TGT using our password. */ |
/* Try to get TGT using our password. */ |
|
|
goto kerberos_auth_failure; |
goto kerberos_auth_failure; |
} |
} |
/* Successful authentication. */ |
/* Successful authentication. */ |
chown(ticket, pw->pw_uid, pw->pw_gid); |
chown(tkt_string(), pw->pw_uid, pw->pw_gid); |
|
|
(void) gethostname(localhost, sizeof(localhost)); |
|
(void) strlcpy(phost, (char *)krb_get_phost(localhost), INST_SZ); |
|
|
|
/* Now that we have a TGT, try to get a local "rcmd" ticket to |
/* Now that we have a TGT, try to get a local "rcmd" ticket to |
ensure that we are not talking to a bogus Kerberos server. */ |
ensure that we are not talking to a bogus Kerberos server. */ |
|
(void) gethostname(localhost, sizeof(localhost)); |
|
(void) strlcpy(phost, (char *)krb_get_phost(localhost), INST_SZ); |
r = krb_mk_req(&tkt, KRB4_SERVICE_NAME, phost, realm, 33); |
r = krb_mk_req(&tkt, KRB4_SERVICE_NAME, phost, realm, 33); |
|
|
if (r == KSUCCESS) { |
if (r == KSUCCESS) { |
|
|
return 1; |
return 1; |
|
|
kerberos_auth_failure: |
kerberos_auth_failure: |
(void) dest_tkt(); |
krb4_cleanup_proc(NULL); |
xfree(ticket); |
|
ticket = NULL; |
if (!options.kerberos_or_local_passwd) |
if (!options.kerberos_or_local_passwd ) return 0; |
return 0; |
} |
} |
else { |
else { |
/* Logging in as root or no local Kerberos realm. */ |
/* Logging in as root or no local Kerberos realm. */ |