auth2-krb5.c revision 1.8
1/* $NetBSD: auth2-krb5.c,v 1.8 2018/08/26 07:46:36 christos Exp $ */ 2/* 3 * Copyright (c) 2003 Markus Friedl. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25 26#include "includes.h" 27__RCSID("$NetBSD: auth2-krb5.c,v 1.8 2018/08/26 07:46:36 christos Exp $"); 28 29#include <krb5.h> 30#include <stdio.h> 31 32#include "ssh2.h" 33#include "xmalloc.h" 34#include "packet.h" 35#include "log.h" 36#include "hostfile.h" 37#include "auth.h" 38#ifdef GSSAPI 39#include "ssh-gss.h" 40#endif 41#include "ssherr.h" 42#include "monitor_wrap.h" 43#include "misc.h" 44#include "servconf.h" 45 46/* import */ 47extern ServerOptions options; 48 49static int 50userauth_kerberos(struct ssh *ssh) 51{ 52 krb5_data tkt, reply; 53 size_t dlen; 54 char *passwd; 55 char *client = NULL; 56 int authenticated = 0, r; 57 58 if ((r = sshpkt_get_cstring(ssh, &passwd, &dlen)) != 0 || 59 (r = sshpkt_get_end(ssh)) != 0) 60 fatal("%s: %s", __func__, ssh_err(r)); 61 62 tkt.data = passwd; 63 tkt.length = dlen; 64 if (PRIVSEP(auth_krb5(ssh->authctxt, &tkt, &client, &reply))) { 65 authenticated = 1; 66 if (reply.length) 67 free(reply.data); 68 } 69 if (client) 70 free(client); 71 free(tkt.data); 72 return (authenticated); 73} 74 75Authmethod method_kerberos = { 76 "kerberos-2@ssh.com", 77 userauth_kerberos, 78 &options.kerberos_authentication 79}; 80