auth-krb5.c (147005) | auth-krb5.c (149753) |
---|---|
1/* 2 * Kerberos v5 authentication and ticket-passing routines. 3 * 4 * $xFreeBSD: src/crypto/openssh/auth-krb5.c,v 1.6 2001/02/13 16:58:04 assar Exp$ 5 */ 6/* 7 * Copyright (c) 2002 Daniel Kouril. All rights reserved. 8 * --- 15 unchanged lines hidden (view full) --- 24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 */ 29 30#include "includes.h" 31RCSID("$OpenBSD: auth-krb5.c,v 1.15 2003/11/21 11:57:02 djm Exp $"); | 1/* 2 * Kerberos v5 authentication and ticket-passing routines. 3 * 4 * $xFreeBSD: src/crypto/openssh/auth-krb5.c,v 1.6 2001/02/13 16:58:04 assar Exp$ 5 */ 6/* 7 * Copyright (c) 2002 Daniel Kouril. All rights reserved. 8 * --- 15 unchanged lines hidden (view full) --- 24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 */ 29 30#include "includes.h" 31RCSID("$OpenBSD: auth-krb5.c,v 1.15 2003/11/21 11:57:02 djm Exp $"); |
32RCSID("$FreeBSD: head/crypto/openssh/auth-krb5.c 147005 2005-06-05 15:46:09Z des $"); | 32RCSID("$FreeBSD: head/crypto/openssh/auth-krb5.c 149753 2005-09-03 07:04:25Z des $"); |
33 34#include "ssh.h" 35#include "ssh1.h" 36#include "packet.h" 37#include "xmalloc.h" 38#include "log.h" 39#include "servconf.h" 40#include "uidswap.h" --- 9 unchanged lines hidden (view full) --- 50{ 51 Authctxt *authctxt = (Authctxt *)context; 52 krb5_error_code problem; 53 54 if (authctxt->krb5_ctx == NULL) { 55 problem = krb5_init_context(&authctxt->krb5_ctx); 56 if (problem) 57 return (problem); | 33 34#include "ssh.h" 35#include "ssh1.h" 36#include "packet.h" 37#include "xmalloc.h" 38#include "log.h" 39#include "servconf.h" 40#include "uidswap.h" --- 9 unchanged lines hidden (view full) --- 50{ 51 Authctxt *authctxt = (Authctxt *)context; 52 krb5_error_code problem; 53 54 if (authctxt->krb5_ctx == NULL) { 55 problem = krb5_init_context(&authctxt->krb5_ctx); 56 if (problem) 57 return (problem); |
58#ifdef KRB5_INIT_ETS 59 krb5_init_ets(authctxt->krb5_ctx); 60#endif | |
61 } 62 return (0); 63} 64 65int 66auth_krb5_password(Authctxt *authctxt, const char *password) 67{ 68#ifndef HEIMDAL 69 krb5_creds creds; 70 krb5_principal server; | 58 } 59 return (0); 60} 61 62int 63auth_krb5_password(Authctxt *authctxt, const char *password) 64{ 65#ifndef HEIMDAL 66 krb5_creds creds; 67 krb5_principal server; |
71 char ccname[40]; 72 int tmpfd; 73 mode_t old_umask; | |
74#endif 75 krb5_error_code problem; 76 krb5_ccache ccache = NULL; 77 int len; 78 79 if (!authctxt->valid) 80 return (0); 81 --- 60 unchanged lines hidden (view full) --- 142 goto out; 143 144 if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, 145 authctxt->pw->pw_name)) { 146 problem = -1; 147 goto out; 148 } 149 | 68#endif 69 krb5_error_code problem; 70 krb5_ccache ccache = NULL; 71 int len; 72 73 if (!authctxt->valid) 74 return (0); 75 --- 60 unchanged lines hidden (view full) --- 136 goto out; 137 138 if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, 139 authctxt->pw->pw_name)) { 140 problem = -1; 141 goto out; 142 } 143 |
150 snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid()); 151 152 old_umask = umask(0177); 153 tmpfd = mkstemp(ccname + strlen("FILE:")); 154 umask(old_umask); 155 if (tmpfd == -1) { 156 logit("mkstemp(): %.100s", strerror(errno)); 157 problem = errno; 158 goto out; 159 } 160 161 if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) { 162 logit("fchmod(): %.100s", strerror(errno)); 163 close(tmpfd); 164 problem = errno; 165 goto out; 166 } 167 close(tmpfd); 168 169 problem = krb5_cc_resolve(authctxt->krb5_ctx, ccname, &authctxt->krb5_fwd_ccache); | 144 problem = ssh_krb5_cc_gen(authctxt->krb5_ctx, &authctxt->krb5_fwd_ccache); |
170 if (problem) 171 goto out; 172 173 problem = krb5_cc_initialize(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache, 174 authctxt->krb5_user); 175 if (problem) 176 goto out; 177 --- 52 unchanged lines hidden (view full) --- 230 authctxt->krb5_user = NULL; 231 } 232 if (authctxt->krb5_ctx) { 233 krb5_free_context(authctxt->krb5_ctx); 234 authctxt->krb5_ctx = NULL; 235 } 236} 237 | 145 if (problem) 146 goto out; 147 148 problem = krb5_cc_initialize(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache, 149 authctxt->krb5_user); 150 if (problem) 151 goto out; 152 --- 52 unchanged lines hidden (view full) --- 205 authctxt->krb5_user = NULL; 206 } 207 if (authctxt->krb5_ctx) { 208 krb5_free_context(authctxt->krb5_ctx); 209 authctxt->krb5_ctx = NULL; 210 } 211} 212 |
213#ifndef HEIMDAL 214krb5_error_code 215ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { 216 int tmpfd, ret; 217 char ccname[40]; 218 mode_t old_umask; 219 220 ret = snprintf(ccname, sizeof(ccname), 221 "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid()); 222 if (ret == -1 || ret >= sizeof(ccname)) 223 return ENOMEM; 224 225 old_umask = umask(0177); 226 tmpfd = mkstemp(ccname + strlen("FILE:")); 227 umask(old_umask); 228 if (tmpfd == -1) { 229 logit("mkstemp(): %.100s", strerror(errno)); 230 return errno; 231 } 232 233 if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) { 234 logit("fchmod(): %.100s", strerror(errno)); 235 close(tmpfd); 236 return errno; 237 } 238 close(tmpfd); 239 240 return (krb5_cc_resolve(ctx, ccname, ccache)); 241} 242#endif /* !HEIMDAL */ |
|
238#endif /* KRB5 */ | 243#endif /* KRB5 */ |