diff options
| author | djm <djm> | 2002-04-13 01:04:40 +0000 |
|---|---|---|
| committer | djm <djm> | 2002-04-13 01:04:40 +0000 |
| commit | 1c7bcadc083003ae61ca8a273dc481f323f2d123 (patch) | |
| tree | 3e35f934d929c3771e2adcfdd28c96602322cd8d /sshconnect1.c | |
| parent | 9f277e5fe1b827b0aca2ad3cda91c55166b4788e (diff) | |
| download | openssh-1c7bcadc083003ae61ca8a273dc481f323f2d123.tar.gz | |
- (djm) Add KrbV support patch from Simon Wilkinson <simon@sxw.org.uk>
Diffstat (limited to 'sshconnect1.c')
| -rw-r--r-- | sshconnect1.c | 52 |
1 files changed, 49 insertions, 3 deletions
diff --git a/sshconnect1.c b/sshconnect1.c index 39369413..3b5c7186 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -23,6 +23,9 @@ RCSID("$OpenBSD: sshconnect1.c,v 1.49 2002/03/14 15:24:27 markus Exp $"); #endif #ifdef KRB5 #include <krb5.h> +#ifndef HEIMDAL +#define krb5_get_err_text(context,code) error_message(code) +#endif /* !HEIMDAL */ #endif #ifdef AFS #include <kafs.h> @@ -521,6 +524,23 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context) ret = 0; goto out; } + + problem = krb5_auth_con_init(*context, auth_context); + if (problem) { + debug("Kerberos v5: krb5_auth_con_init failed"); + ret = 0; + goto out; + } + +#ifndef HEIMDAL + problem = krb5_auth_con_setflags(*context, *auth_context, + KRB5_AUTH_CONTEXT_RET_TIME); + if (problem) { + debug("Keberos v5: krb5_auth_con_setflags failed"); + ret = 0; + goto out; + } +#endif tkfile = krb5_cc_default_name(*context); if (strncmp(tkfile, "FILE:", 5) == 0) @@ -597,7 +617,11 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context) if (reply != NULL) krb5_free_ap_rep_enc_part(*context, reply); if (ap.length > 0) +#ifdef HEIMDAL krb5_data_free(&ap); +#else + krb5_free_data_contents(*context, &ap); +#endif return (ret); } @@ -610,7 +634,11 @@ send_krb5_tgt(krb5_context context, krb5_auth_context auth_context) krb5_data outbuf; krb5_ccache ccache = NULL; krb5_creds creds; +#ifdef HEIMDAL krb5_kdc_flags flags; +#else + int forwardable; +#endif const char *remotehost; memset(&creds, 0, sizeof(creds)); @@ -618,7 +646,13 @@ send_krb5_tgt(krb5_context context, krb5_auth_context auth_context) fd = packet_get_connection_in(); +#ifdef HEIMDAL problem = krb5_auth_con_setaddrs_from_fd(context, auth_context, &fd); +#else + problem = krb5_auth_con_genaddrs(context, auth_context, fd, + KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR | + KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR); +#endif if (problem) goto out; @@ -630,23 +664,35 @@ send_krb5_tgt(krb5_context context, krb5_auth_context auth_context) if (problem) goto out; + remotehost = get_canonical_hostname(1); + +#ifdef HEIMDAL problem = krb5_build_principal(context, &creds.server, strlen(creds.client->realm), creds.client->realm, "krbtgt", creds.client->realm, NULL); +#else + problem = krb5_build_principal(context, &creds.server, + creds.client->realm.length, creds.client->realm.data, + "host", remotehost, NULL); +#endif if (problem) goto out; creds.times.endtime = 0; +#ifdef HEIMDAL flags.i = 0; flags.b.forwarded = 1; flags.b.forwardable = krb5_config_get_bool(context, NULL, "libdefaults", "forwardable", NULL); - - remotehost = get_canonical_hostname(1); - problem = krb5_get_forwarded_creds(context, auth_context, ccache, flags.i, remotehost, &creds, &outbuf); +#else + forwardable = 1; + problem = krb5_fwd_tgt_creds(context, auth_context, remotehost, + creds.client, creds.server, ccache, forwardable, &outbuf); +#endif + if (problem) goto out; |