diff options
author | Damien Miller <djm@mindrot.org> | 1999-11-11 17:57:39 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 1999-11-11 17:57:39 +1100 |
commit | 5ce662a9202240a2f5fa6a9334d58186bdaba50c (patch) | |
tree | 9fe37122fa27f070abc3c9c28531877d43673b7f /auth-passwd.c | |
parent | ab5e0d0c27e00dca463c67395c2b5941e778836e (diff) |
- Merged more OpenBSD CVS changes:
- [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal()
+ krb-cleanup cleanup
- [clientloop.c log-client.c log-server.c ]
[readconf.c readconf.h servconf.c servconf.h ]
[ssh.1 ssh.c ssh.h sshd.8]
add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
obsoletes QuietMode and FascistLogging in sshd.
Diffstat (limited to 'auth-passwd.c')
-rw-r--r-- | auth-passwd.c | 32 |
1 files changed, 13 insertions, 19 deletions
diff --git a/auth-passwd.c b/auth-passwd.c index 61f66fedd..99d0af2be 100644 --- a/auth-passwd.c +++ b/auth-passwd.c | |||
@@ -15,17 +15,13 @@ the password is valid for the user. | |||
15 | */ | 15 | */ |
16 | 16 | ||
17 | #include "includes.h" | 17 | #include "includes.h" |
18 | RCSID("$Id: auth-passwd.c,v 1.2 1999/10/27 13:42:05 damien Exp $"); | 18 | RCSID("$Id: auth-passwd.c,v 1.3 1999/11/11 06:57:39 damien Exp $"); |
19 | 19 | ||
20 | #include "packet.h" | 20 | #include "packet.h" |
21 | #include "ssh.h" | 21 | #include "ssh.h" |
22 | #include "servconf.h" | 22 | #include "servconf.h" |
23 | #include "xmalloc.h" | 23 | #include "xmalloc.h" |
24 | 24 | ||
25 | #ifdef KRB4 | ||
26 | extern char *ticket; | ||
27 | #endif /* KRB4 */ | ||
28 | |||
29 | /* Tries to authenticate the user using password. Returns true if | 25 | /* Tries to authenticate the user using password. Returns true if |
30 | authentication succeeds. */ | 26 | authentication succeeds. */ |
31 | 27 | ||
@@ -80,9 +76,9 @@ int auth_password(struct passwd *pw, const char *password) | |||
80 | KTEXT_ST tkt; | 76 | KTEXT_ST tkt; |
81 | struct hostent *hp; | 77 | struct hostent *hp; |
82 | unsigned long faddr; | 78 | unsigned long faddr; |
83 | char localhost[MAXHOSTNAMELEN]; /* local host name */ | 79 | char localhost[MAXHOSTNAMELEN]; |
84 | char phost[INST_SZ]; /* host instance */ | 80 | char phost[INST_SZ]; |
85 | char realm[REALM_SZ]; /* local Kerberos realm */ | 81 | char realm[REALM_SZ]; |
86 | int r; | 82 | int r; |
87 | 83 | ||
88 | /* Try Kerberos password authentication only for non-root | 84 | /* Try Kerberos password authentication only for non-root |
@@ -90,9 +86,8 @@ int auth_password(struct passwd *pw, const char *password) | |||
90 | if (pw->pw_uid != 0 && krb_get_lrealm(realm, 1) == KSUCCESS) { | 86 | if (pw->pw_uid != 0 && krb_get_lrealm(realm, 1) == KSUCCESS) { |
91 | 87 | ||
92 | /* Set up our ticket file. */ | 88 | /* Set up our ticket file. */ |
93 | if (!ssh_tf_init(pw->pw_uid)) { | 89 | if (!krb4_init(pw->pw_uid)) { |
94 | log("Couldn't initialize Kerberos ticket file for %s!", | 90 | log("Couldn't initialize Kerberos ticket file for %s!", pw->pw_name); |
95 | pw->pw_name); | ||
96 | goto kerberos_auth_failure; | 91 | goto kerberos_auth_failure; |
97 | } | 92 | } |
98 | /* Try to get TGT using our password. */ | 93 | /* Try to get TGT using our password. */ |
@@ -104,13 +99,12 @@ int auth_password(struct passwd *pw, const char *password) | |||
104 | goto kerberos_auth_failure; | 99 | goto kerberos_auth_failure; |
105 | } | 100 | } |
106 | /* Successful authentication. */ | 101 | /* Successful authentication. */ |
107 | chown(ticket, pw->pw_uid, pw->pw_gid); | 102 | chown(tkt_string(), pw->pw_uid, pw->pw_gid); |
108 | |||
109 | (void) gethostname(localhost, sizeof(localhost)); | ||
110 | (void) strlcpy(phost, (char *)krb_get_phost(localhost), INST_SZ); | ||
111 | 103 | ||
112 | /* Now that we have a TGT, try to get a local "rcmd" ticket to | 104 | /* Now that we have a TGT, try to get a local "rcmd" ticket to |
113 | ensure that we are not talking to a bogus Kerberos server. */ | 105 | ensure that we are not talking to a bogus Kerberos server. */ |
106 | (void) gethostname(localhost, sizeof(localhost)); | ||
107 | (void) strlcpy(phost, (char *)krb_get_phost(localhost), INST_SZ); | ||
114 | r = krb_mk_req(&tkt, KRB4_SERVICE_NAME, phost, realm, 33); | 108 | r = krb_mk_req(&tkt, KRB4_SERVICE_NAME, phost, realm, 33); |
115 | 109 | ||
116 | if (r == KSUCCESS) { | 110 | if (r == KSUCCESS) { |
@@ -150,10 +144,10 @@ int auth_password(struct passwd *pw, const char *password) | |||
150 | return 1; | 144 | return 1; |
151 | 145 | ||
152 | kerberos_auth_failure: | 146 | kerberos_auth_failure: |
153 | (void) dest_tkt(); | 147 | krb4_cleanup_proc(NULL); |
154 | xfree(ticket); | 148 | |
155 | ticket = NULL; | 149 | if (!options.kerberos_or_local_passwd) |
156 | if (!options.kerberos_or_local_passwd ) return 0; | 150 | return 0; |
157 | } | 151 | } |
158 | else { | 152 | else { |
159 | /* Logging in as root or no local Kerberos realm. */ | 153 | /* Logging in as root or no local Kerberos realm. */ |