version 1.1, 2005/05/24 03:43:56 |
version 1.2, 2013/06/21 13:35:26 |
|
|
int ap_opts; |
int ap_opts; |
krb5_data cksum_data; |
krb5_data cksum_data; |
char foo[2]; |
char foo[2]; |
|
const char *s; |
|
|
if(check_krb5_tickets() != 1) |
if(check_krb5_tickets() != 1) |
return 0; |
return 0; |
|
|
ret = krb5_cc_default(context, &ccache); |
ret = krb5_cc_default(context, &ccache); |
if (ret) { |
if (ret) { |
if (auth_debug_mode) { |
if (auth_debug_mode) { |
printf("Kerberos V5: could not get default ccache: %s\r\n", |
s = krb5_get_error_message(context, ret); |
krb5_get_err_text (context, ret)); |
printf("Kerberos V5: could not get default ccache: %s\r\n", s); |
|
krb5_free_error_message(context, s); |
} |
} |
return 0; |
return 0; |
} |
} |
|
|
ret = krb5_auth_con_init (context, &auth_context); |
ret = krb5_auth_con_init (context, &auth_context); |
if (ret) { |
if (ret) { |
if (auth_debug_mode) { |
if (auth_debug_mode) { |
printf("Kerberos V5: krb5_auth_con_init failed (%s)\r\n", |
s = krb5_get_error_message(context, ret); |
krb5_get_err_text(context, ret)); |
printf("Kerberos V5: krb5_auth_con_init failed (%s)\r\n", s); |
|
krb5_free_error_message(context, s); |
} |
} |
return(0); |
return(0); |
} |
} |
|
|
&net); |
&net); |
if (ret) { |
if (ret) { |
if (auth_debug_mode) { |
if (auth_debug_mode) { |
|
s = krb5_get_error_message(context, ret); |
printf ("Kerberos V5:" |
printf ("Kerberos V5:" |
" krb5_auth_con_setaddrs_from_fd failed (%s)\r\n", |
" krb5_auth_con_setaddrs_from_fd failed (%s)\r\n", s); |
krb5_get_err_text(context, ret)); |
krb5_free_error_message(context, s); |
} |
} |
return(0); |
return(0); |
} |
} |
|
|
&service); |
&service); |
if(ret) { |
if(ret) { |
if (auth_debug_mode) { |
if (auth_debug_mode) { |
|
s = krb5_get_error_message(context, ret); |
printf ("Kerberos V5:" |
printf ("Kerberos V5:" |
" krb5_sname_to_principal(%s) failed (%s)\r\n", |
" krb5_sname_to_principal(%s) failed (%s)\r\n", RemoteHostName, s); |
RemoteHostName, krb5_get_err_text(context, ret)); |
krb5_free_error_message(context, s); |
} |
} |
return 0; |
return 0; |
} |
} |
ret = krb5_unparse_name_fixed(context, service, sname, sizeof(sname)); |
ret = krb5_unparse_name_fixed(context, service, sname, sizeof(sname)); |
if(ret) { |
if(ret) { |
if (auth_debug_mode) { |
if (auth_debug_mode) { |
|
s = krb5_get_error_message(context, ret); |
printf ("Kerberos V5:" |
printf ("Kerberos V5:" |
" krb5_unparse_name_fixed failed (%s)\r\n", |
" krb5_unparse_name_fixed failed (%s)\r\n", s); |
krb5_get_err_text(context, ret)); |
krb5_free_error_message(context, s); |
} |
} |
return 0; |
return 0; |
} |
} |
|
|
} |
} |
if (ret) { |
if (ret) { |
if (1 || auth_debug_mode) { |
if (1 || auth_debug_mode) { |
printf("Kerberos V5: mk_req failed (%s)\r\n", |
s = krb5_get_error_message(context, ret); |
krb5_get_err_text(context, ret)); |
printf("Kerberos V5: mk_req failed (%s)\r\n", s); |
|
krb5_free_error_message(context, s); |
} |
} |
return(0); |
return(0); |
} |
} |
|
|
char *name; |
char *name; |
krb5_principal server; |
krb5_principal server; |
int zero = 0; |
int zero = 0; |
|
const char *s; |
|
|
if (cnt-- < 1) |
if (cnt-- < 1) |
return; |
return; |
|
|
if (ret) { |
if (ret) { |
Data(ap, KRB_REJECT, "krb5_auth_con_init failed", -1); |
Data(ap, KRB_REJECT, "krb5_auth_con_init failed", -1); |
auth_finished(ap, AUTH_REJECT); |
auth_finished(ap, AUTH_REJECT); |
if (auth_debug_mode) |
if (auth_debug_mode) { |
printf("Kerberos V5: krb5_auth_con_init failed (%s)\r\n", |
s = krb5_get_error_message(context, ret); |
krb5_get_err_text(context, ret)); |
printf("Kerberos V5: krb5_auth_con_init failed (%s)\r\n", s); |
|
krb5_free_error_message(context, s); |
|
} |
return; |
return; |
} |
} |
|
|
|
|
if (ret) { |
if (ret) { |
Data(ap, KRB_REJECT, "krb5_auth_con_setaddrs_from_fd failed", -1); |
Data(ap, KRB_REJECT, "krb5_auth_con_setaddrs_from_fd failed", -1); |
auth_finished(ap, AUTH_REJECT); |
auth_finished(ap, AUTH_REJECT); |
if (auth_debug_mode) |
if (auth_debug_mode) { |
|
s = krb5_get_error_message(context, ret); |
printf("Kerberos V5: " |
printf("Kerberos V5: " |
"krb5_auth_con_setaddrs_from_fd failed (%s)\r\n", |
"krb5_auth_con_setaddrs_from_fd failed (%s)\r\n", s); |
krb5_get_err_text(context, ret)); |
krb5_free_error_message(context, s); |
|
} |
return; |
return; |
} |
} |
|
|
|
|
if (ret) { |
if (ret) { |
Data(ap, KRB_REJECT, "krb5_sock_to_principal failed", -1); |
Data(ap, KRB_REJECT, "krb5_sock_to_principal failed", -1); |
auth_finished(ap, AUTH_REJECT); |
auth_finished(ap, AUTH_REJECT); |
if (auth_debug_mode) |
if (auth_debug_mode) { |
|
s = krb5_get_error_message(context, ret); |
printf("Kerberos V5: " |
printf("Kerberos V5: " |
"krb5_sock_to_principal failed (%s)\r\n", |
"krb5_sock_to_principal failed (%s)\r\n", s); |
krb5_get_err_text(context, ret)); |
krb5_free_error_message(context, s); |
|
} |
return; |
return; |
} |
} |
|
|
|
|
krb5_free_principal (context, server); |
krb5_free_principal (context, server); |
if (ret) { |
if (ret) { |
char *errbuf; |
char *errbuf; |
|
s = krb5_get_error_message(context, ret); |
|
|
asprintf(&errbuf, |
asprintf(&errbuf, |
"Read req failed: %s", |
"Read req failed: %s", s); |
krb5_get_err_text(context, ret)); |
krb5_free_error_message(context, s); |
Data(ap, KRB_REJECT, errbuf, -1); |
Data(ap, KRB_REJECT, errbuf, -1); |
if (auth_debug_mode) |
if (auth_debug_mode) |
printf("%s\r\n", errbuf); |
printf("%s\r\n", errbuf); |
|
|
|
|
if (ret) { |
if (ret) { |
char *errbuf; |
char *errbuf; |
asprintf(&errbuf, "Bad checksum: %s", |
s = krb5_get_error_message(context, ret); |
krb5_get_err_text(context, ret)); |
asprintf(&errbuf, "Bad checksum: %s", s); |
|
krb5_free_error_message(context, s); |
Data(ap, KRB_REJECT, errbuf, -1); |
Data(ap, KRB_REJECT, errbuf, -1); |
if (auth_debug_mode) |
if (auth_debug_mode) |
printf ("%s\r\n", errbuf); |
printf ("%s\r\n", errbuf); |
|
|
if (ret) { |
if (ret) { |
Data(ap, KRB_REJECT, "krb5_auth_con_getremotesubkey failed", -1); |
Data(ap, KRB_REJECT, "krb5_auth_con_getremotesubkey failed", -1); |
auth_finished(ap, AUTH_REJECT); |
auth_finished(ap, AUTH_REJECT); |
if (auth_debug_mode) |
if (auth_debug_mode) { |
|
s = krb5_get_error_message(context, ret); |
printf("Kerberos V5: " |
printf("Kerberos V5: " |
"krb5_auth_con_getremotesubkey failed (%s)\r\n", |
"krb5_auth_con_getremotesubkey failed (%s)\r\n", s); |
krb5_get_err_text(context, ret)); |
krb5_free_error_message(context, s); |
|
} |
return; |
return; |
} |
} |
|
|
|
|
if (ret) { |
if (ret) { |
Data(ap, KRB_REJECT, "krb5_auth_con_getkey failed", -1); |
Data(ap, KRB_REJECT, "krb5_auth_con_getkey failed", -1); |
auth_finished(ap, AUTH_REJECT); |
auth_finished(ap, AUTH_REJECT); |
if (auth_debug_mode) |
if (auth_debug_mode) { |
|
s = krb5_get_error_message(context, ret); |
printf("Kerberos V5: " |
printf("Kerberos V5: " |
"krb5_auth_con_getkey failed (%s)\r\n", |
"krb5_auth_con_getkey failed (%s)\r\n", s); |
krb5_get_err_text(context, ret)); |
krb5_free_error_message(context, s); |
|
} |
return; |
return; |
} |
} |
if (key_block == NULL) { |
if (key_block == NULL) { |
|
|
Data(ap, KRB_REJECT, |
Data(ap, KRB_REJECT, |
"krb5_mk_rep failed", -1); |
"krb5_mk_rep failed", -1); |
auth_finished(ap, AUTH_REJECT); |
auth_finished(ap, AUTH_REJECT); |
if (auth_debug_mode) |
if (auth_debug_mode) { |
|
s = krb5_get_error_message(context, ret); |
printf("Kerberos V5: " |
printf("Kerberos V5: " |
"krb5_mk_rep failed (%s)\r\n", |
"krb5_mk_rep failed (%s)\r\n", s); |
krb5_get_err_text(context, ret)); |
krb5_free_error_message(context, s); |
|
} |
return; |
return; |
} |
} |
Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length); |
Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length); |
|
|
|
|
ret = krb5_cc_resolve (context, ccname, &ccache); |
ret = krb5_cc_resolve (context, ccname, &ccache); |
if (ret) { |
if (ret) { |
if (auth_debug_mode) |
if (auth_debug_mode) { |
printf ("Kerberos V5: could not get ccache: %s\r\n", |
s = krb5_get_error_message(context, ret); |
krb5_get_err_text(context, ret)); |
printf ("Kerberos V5: could not get ccache: %s\r\n", s); |
|
krb5_free_error_message(context, s); |
|
} |
break; |
break; |
} |
} |
|
|
|
|
ccache, |
ccache, |
ticket->client); |
ticket->client); |
if (ret) { |
if (ret) { |
if (auth_debug_mode) |
if (auth_debug_mode) { |
printf ("Kerberos V5: could not init ccache: %s\r\n", |
s = krb5_get_error_message(context, ret); |
krb5_get_err_text(context, ret)); |
printf ("Kerberos V5: could not init ccache: %s\r\n", s); |
|
krb5_free_error_message(context, s); |
|
} |
break; |
break; |
} |
} |
|
|
|
|
&inbuf); |
&inbuf); |
if(ret) { |
if(ret) { |
char *errbuf; |
char *errbuf; |
|
s = krb5_get_error_message(context, ret); |
|
|
asprintf (&errbuf, |
asprintf (&errbuf, |
"Read forwarded creds failed: %s", |
"Read forwarded creds failed: %s", s); |
krb5_get_err_text (context, ret)); |
krb5_free_error_message(context, s); |
if(errbuf == NULL) |
if(errbuf == NULL) |
Data(ap, KRB_FORWARD_REJECT, NULL, 0); |
Data(ap, KRB_FORWARD_REJECT, NULL, 0); |
else |
else |
|
|
kerberos5_reply(Authenticator *ap, unsigned char *data, int cnt) |
kerberos5_reply(Authenticator *ap, unsigned char *data, int cnt) |
{ |
{ |
static int mutual_complete = 0; |
static int mutual_complete = 0; |
|
const char *s; |
|
|
if (cnt-- < 1) |
if (cnt-- < 1) |
return; |
return; |
|
|
auth_context, |
auth_context, |
&keyblock); |
&keyblock); |
if(ret) { |
if(ret) { |
printf("[ krb5_auth_con_getkey: %s ]\r\n", |
s = krb5_get_error_message(context, ret); |
krb5_get_err_text(context, ret)); |
printf("[ krb5_auth_con_getkey: %s ]\r\n", s); |
|
krb5_free_error_message(context, s); |
auth_send_retry(); |
auth_send_retry(); |
return; |
return; |
} |
} |
|
|
|
|
ret = krb5_rd_rep(context, auth_context, &inbuf, &reply); |
ret = krb5_rd_rep(context, auth_context, &inbuf, &reply); |
if (ret) { |
if (ret) { |
printf("[ Mutual authentication failed: %s ]\r\n", |
s = krb5_get_error_message(context, ret); |
krb5_get_err_text (context, ret)); |
printf("[ Mutual authentication failed: %s ]\r\n", s); |
|
krb5_free_error_message(context, s); |
auth_send_retry(); |
auth_send_retry(); |
return; |
return; |
} |
} |
|
|
krb5_kdc_flags flags; |
krb5_kdc_flags flags; |
krb5_data out_data; |
krb5_data out_data; |
krb5_principal principal; |
krb5_principal principal; |
|
const char *s; |
|
|
ret = krb5_cc_default (context, &ccache); |
ret = krb5_cc_default (context, &ccache); |
if (ret) { |
if (ret) { |
if (auth_debug_mode) |
if (auth_debug_mode) { |
printf ("KerberosV5: could not get default ccache: %s\r\n", |
s = krb5_get_error_message(context, ret); |
krb5_get_err_text (context, ret)); |
printf ("KerberosV5: could not get default ccache: %s\r\n", s); |
|
krb5_free_error_message(context, s); |
|
} |
return; |
return; |
} |
} |
|
|
ret = krb5_cc_get_principal (context, ccache, &principal); |
ret = krb5_cc_get_principal (context, ccache, &principal); |
if (ret) { |
if (ret) { |
if (auth_debug_mode) |
if (auth_debug_mode) { |
printf ("KerberosV5: could not get principal: %s\r\n", |
s = krb5_get_error_message(context, ret); |
krb5_get_err_text (context, ret)); |
printf ("KerberosV5: could not get principal: %s\r\n", s); |
|
krb5_free_error_message(context, s); |
|
} |
return; |
return; |
} |
} |
|
|
|
|
NULL); |
NULL); |
|
|
if (ret) { |
if (ret) { |
if (auth_debug_mode) |
if (auth_debug_mode) { |
printf ("KerberosV5: could not get principal: %s\r\n", |
s = krb5_get_error_message(context, ret); |
krb5_get_err_text (context, ret)); |
printf ("KerberosV5: could not get principal: %s\r\n", s); |
|
krb5_free_error_message(context, s); |
|
} |
return; |
return; |
} |
} |
|
|
|
|
&creds, |
&creds, |
&out_data); |
&out_data); |
if (ret) { |
if (ret) { |
if (auth_debug_mode) |
if (auth_debug_mode) { |
printf ("Kerberos V5: error getting forwarded creds: %s\r\n", |
s = krb5_get_error_message(context, ret); |
krb5_get_err_text (context, ret)); |
printf ("Kerberos V5: error getting forwarded creds: %s\r\n", s); |
|
krb5_free_error_message(context, s); |
|
} |
return; |
return; |
} |
} |
|
|