summaryrefslogtreecommitdiff
path: root/gss-serv-krb5.c
diff options
context:
space:
mode:
Diffstat (limited to 'gss-serv-krb5.c')
-rw-r--r--gss-serv-krb5.c70
1 files changed, 68 insertions, 2 deletions
diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
index b400081f6..e7170ee41 100644
--- a/gss-serv-krb5.c
+++ b/gss-serv-krb5.c
@@ -1,7 +1,7 @@
1/* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */ 1/* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. 4 * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.
5 * 5 *
6 * Redistribution and use in source and binary forms, with or without 6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions 7 * modification, are permitted provided that the following conditions
@@ -190,6 +190,71 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
190 return; 190 return;
191} 191}
192 192
193int
194ssh_gssapi_krb5_updatecreds(ssh_gssapi_ccache *store,
195 ssh_gssapi_client *client)
196{
197 krb5_ccache ccache = NULL;
198 krb5_principal principal = NULL;
199 char *name = NULL;
200 krb5_error_code problem;
201 OM_uint32 maj_status, min_status;
202
203 if ((problem = krb5_cc_resolve(krb_context, store->envval, &ccache))) {
204 logit("krb5_cc_resolve(): %.100s",
205 krb5_get_err_text(krb_context, problem));
206 return 0;
207 }
208
209 /* Find out who the principal in this cache is */
210 if ((problem = krb5_cc_get_principal(krb_context, ccache,
211 &principal))) {
212 logit("krb5_cc_get_principal(): %.100s",
213 krb5_get_err_text(krb_context, problem));
214 krb5_cc_close(krb_context, ccache);
215 return 0;
216 }
217
218 if ((problem = krb5_unparse_name(krb_context, principal, &name))) {
219 logit("krb5_unparse_name(): %.100s",
220 krb5_get_err_text(krb_context, problem));
221 krb5_free_principal(krb_context, principal);
222 krb5_cc_close(krb_context, ccache);
223 return 0;
224 }
225
226
227 if (strcmp(name,client->exportedname.value)!=0) {
228 debug("Name in local credentials cache differs. Not storing");
229 krb5_free_principal(krb_context, principal);
230 krb5_cc_close(krb_context, ccache);
231 krb5_free_unparsed_name(krb_context, name);
232 return 0;
233 }
234 krb5_free_unparsed_name(krb_context, name);
235
236 /* Name matches, so lets get on with it! */
237
238 if ((problem = krb5_cc_initialize(krb_context, ccache, principal))) {
239 logit("krb5_cc_initialize(): %.100s",
240 krb5_get_err_text(krb_context, problem));
241 krb5_free_principal(krb_context, principal);
242 krb5_cc_close(krb_context, ccache);
243 return 0;
244 }
245
246 krb5_free_principal(krb_context, principal);
247
248 if ((maj_status = gss_krb5_copy_ccache(&min_status, client->creds,
249 ccache))) {
250 logit("gss_krb5_copy_ccache() failed. Sorry!");
251 krb5_cc_close(krb_context, ccache);
252 return 0;
253 }
254
255 return 1;
256}
257
193ssh_gssapi_mech gssapi_kerberos_mech = { 258ssh_gssapi_mech gssapi_kerberos_mech = {
194 "toWM5Slw5Ew8Mqkay+al2g==", 259 "toWM5Slw5Ew8Mqkay+al2g==",
195 "Kerberos", 260 "Kerberos",
@@ -197,7 +262,8 @@ ssh_gssapi_mech gssapi_kerberos_mech = {
197 NULL, 262 NULL,
198 &ssh_gssapi_krb5_userok, 263 &ssh_gssapi_krb5_userok,
199 NULL, 264 NULL,
200 &ssh_gssapi_krb5_storecreds 265 &ssh_gssapi_krb5_storecreds,
266 &ssh_gssapi_krb5_updatecreds
201}; 267};
202 268
203#endif /* KRB5 */ 269#endif /* KRB5 */