1/*	$NetBSD: auth2-krb5.c,v 1.14 2009/02/16 20:55:22 christos Exp $	*/
2/*
3 * Copyright (c) 2003 Markus Friedl.  All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#include "includes.h"
27__RCSID("$NetBSD: auth2-krb5.c,v 1.14 2009/02/16 20:55:22 christos Exp $");
28
29#include <krb5.h>
30#include <stdio.h>
31
32#include "ssh2.h"
33#include "xmalloc.h"
34#include "packet.h"
35#include "log.h"
36#include "key.h"
37#include "buffer.h"
38#include "hostfile.h"
39#include "auth.h"
40#ifdef GSSAPI
41#include "ssh-gss.h"
42#endif
43#include "monitor_wrap.h"
44#include "servconf.h"
45
46/* import */
47extern ServerOptions options;
48
49static int
50userauth_kerberos(Authctxt *authctxt)
51{
52	krb5_data tkt, reply;
53	u_int dlen;
54	char *client = NULL;
55	int authenticated = 0;
56
57	tkt.data = packet_get_string(&dlen);
58	tkt.length = dlen;
59	packet_check_eom();
60
61	if (PRIVSEP(auth_krb5(authctxt, &tkt, &client, &reply))) {
62		authenticated = 1;
63		if (reply.length)
64			xfree(reply.data);
65	}
66	if (client)
67		xfree(client);
68	xfree(tkt.data);
69	return (authenticated);
70}
71
72Authmethod method_kerberos = {
73	"kerberos-2@ssh.com",
74	userauth_kerberos,
75	&options.kerberos_authentication
76};
77