60 	Authctxt *authctxt = (Authctxt *)context;
63 	if (authctxt->krb5_ctx == NULL) {
64 		problem = krb5_init_context(&authctxt->krb5_ctx);
72 auth_krb5_password(Authctxt *authctxt, const char *password)
85 	platform_client = platform_krb5_get_principal_name(authctxt->pw->pw_name);
86 	client = platform_client ? platform_client : authctxt->pw->pw_name;
88 	temporarily_use_uid(authctxt->pw);
90 	problem = krb5_init(authctxt);
94 	problem = krb5_parse_name(authctxt->krb5_ctx, client,
95 		    &authctxt->krb5_user);
101 	problem = krb5_cc_new_unique(authctxt->krb5_ctx,
104 	problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, &ccache);
109 	problem = krb5_cc_initialize(authctxt->krb5_ctx, ccache,
110 		authctxt->krb5_user);
116 	problem = krb5_verify_user(authctxt->krb5_ctx, authctxt->krb5_user,
119 	temporarily_use_uid(authctxt->pw);
125 	problem = krb5_cc_new_unique(authctxt->krb5_ctx,
126 	     krb5_fcc_ops.prefix, NULL, &authctxt->krb5_fwd_ccache);
128 	problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops,
129 	    &authctxt->krb5_fwd_ccache);
134 	problem = krb5_cc_copy_cache(authctxt->krb5_ctx, ccache,
135 	    authctxt->krb5_fwd_ccache);
136 	krb5_cc_destroy(authctxt->krb5_ctx, ccache);
142 	problem = krb5_get_init_creds_password(authctxt->krb5_ctx, &creds,
143 	    authctxt->krb5_user, (char *)password, NULL, NULL, 0, NULL, NULL);
147 	problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL,
153 	problem = krb5_verify_init_creds(authctxt->krb5_ctx, &creds, server,
155 	krb5_free_principal(authctxt->krb5_ctx, server);
156 	temporarily_use_uid(authctxt->pw);
160 	if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user,
161 	    authctxt->pw->pw_name)) {
166 	problem = ssh_krb5_cc_gen(authctxt->krb5_ctx, &authctxt->krb5_fwd_ccache);
170 	problem = krb5_cc_initialize(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache,
171 				     authctxt->krb5_user);
175 	problem= krb5_cc_store_cred(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache,
181 	authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
183 	len = strlen(authctxt->krb5_ticket_file) + 6;
184 	authctxt->krb5_ccname = xmalloc(len);
185 	snprintf(authctxt->krb5_ccname, len, "FILE:%s",
186 	    authctxt->krb5_ticket_file);
190 		do_pam_putenv("KRB5CCNAME", authctxt->krb5_ccname);
200 			krb5_cc_destroy(authctxt->krb5_ctx, ccache);
202 		if (authctxt->krb5_ctx != NULL && problem!=-1) {
203 			errmsg = krb5_get_error_message(authctxt->krb5_ctx,
207 			krb5_free_error_message(authctxt->krb5_ctx, errmsg);
212 		krb5_cleanup_proc(authctxt);
219 	return (authctxt->valid ? 1 : 0);
223 krb5_cleanup_proc(Authctxt *authctxt)
226 	if (authctxt->krb5_fwd_ccache) {
227 		krb5_cc_destroy(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
228 		authctxt->krb5_fwd_ccache = NULL;
230 	if (authctxt->krb5_user) {
231 		krb5_free_principal(authctxt->krb5_ctx, authctxt->krb5_user);
232 		authctxt->krb5_user = NULL;
234 	if (authctxt->krb5_ctx) {
235 		krb5_free_context(authctxt->krb5_ctx);
236 		authctxt->krb5_ctx = NULL;

Indexes created Sun Jun 16 09:41:23 MDT 2024