diff options
Diffstat (limited to 'sshconnect1.c')
-rw-r--r-- | sshconnect1.c | 52 |
1 files changed, 49 insertions, 3 deletions
diff --git a/sshconnect1.c b/sshconnect1.c index 393694138..3b5c7186f 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
@@ -23,6 +23,9 @@ RCSID("$OpenBSD: sshconnect1.c,v 1.49 2002/03/14 15:24:27 markus Exp $"); | |||
23 | #endif | 23 | #endif |
24 | #ifdef KRB5 | 24 | #ifdef KRB5 |
25 | #include <krb5.h> | 25 | #include <krb5.h> |
26 | #ifndef HEIMDAL | ||
27 | #define krb5_get_err_text(context,code) error_message(code) | ||
28 | #endif /* !HEIMDAL */ | ||
26 | #endif | 29 | #endif |
27 | #ifdef AFS | 30 | #ifdef AFS |
28 | #include <kafs.h> | 31 | #include <kafs.h> |
@@ -521,6 +524,23 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context) | |||
521 | ret = 0; | 524 | ret = 0; |
522 | goto out; | 525 | goto out; |
523 | } | 526 | } |
527 | |||
528 | problem = krb5_auth_con_init(*context, auth_context); | ||
529 | if (problem) { | ||
530 | debug("Kerberos v5: krb5_auth_con_init failed"); | ||
531 | ret = 0; | ||
532 | goto out; | ||
533 | } | ||
534 | |||
535 | #ifndef HEIMDAL | ||
536 | problem = krb5_auth_con_setflags(*context, *auth_context, | ||
537 | KRB5_AUTH_CONTEXT_RET_TIME); | ||
538 | if (problem) { | ||
539 | debug("Keberos v5: krb5_auth_con_setflags failed"); | ||
540 | ret = 0; | ||
541 | goto out; | ||
542 | } | ||
543 | #endif | ||
524 | 544 | ||
525 | tkfile = krb5_cc_default_name(*context); | 545 | tkfile = krb5_cc_default_name(*context); |
526 | if (strncmp(tkfile, "FILE:", 5) == 0) | 546 | if (strncmp(tkfile, "FILE:", 5) == 0) |
@@ -597,7 +617,11 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context) | |||
597 | if (reply != NULL) | 617 | if (reply != NULL) |
598 | krb5_free_ap_rep_enc_part(*context, reply); | 618 | krb5_free_ap_rep_enc_part(*context, reply); |
599 | if (ap.length > 0) | 619 | if (ap.length > 0) |
620 | #ifdef HEIMDAL | ||
600 | krb5_data_free(&ap); | 621 | krb5_data_free(&ap); |
622 | #else | ||
623 | krb5_free_data_contents(*context, &ap); | ||
624 | #endif | ||
601 | 625 | ||
602 | return (ret); | 626 | return (ret); |
603 | } | 627 | } |
@@ -610,7 +634,11 @@ send_krb5_tgt(krb5_context context, krb5_auth_context auth_context) | |||
610 | krb5_data outbuf; | 634 | krb5_data outbuf; |
611 | krb5_ccache ccache = NULL; | 635 | krb5_ccache ccache = NULL; |
612 | krb5_creds creds; | 636 | krb5_creds creds; |
637 | #ifdef HEIMDAL | ||
613 | krb5_kdc_flags flags; | 638 | krb5_kdc_flags flags; |
639 | #else | ||
640 | int forwardable; | ||
641 | #endif | ||
614 | const char *remotehost; | 642 | const char *remotehost; |
615 | 643 | ||
616 | memset(&creds, 0, sizeof(creds)); | 644 | memset(&creds, 0, sizeof(creds)); |
@@ -618,7 +646,13 @@ send_krb5_tgt(krb5_context context, krb5_auth_context auth_context) | |||
618 | 646 | ||
619 | fd = packet_get_connection_in(); | 647 | fd = packet_get_connection_in(); |
620 | 648 | ||
649 | #ifdef HEIMDAL | ||
621 | problem = krb5_auth_con_setaddrs_from_fd(context, auth_context, &fd); | 650 | problem = krb5_auth_con_setaddrs_from_fd(context, auth_context, &fd); |
651 | #else | ||
652 | problem = krb5_auth_con_genaddrs(context, auth_context, fd, | ||
653 | KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR | | ||
654 | KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR); | ||
655 | #endif | ||
622 | if (problem) | 656 | if (problem) |
623 | goto out; | 657 | goto out; |
624 | 658 | ||
@@ -630,23 +664,35 @@ send_krb5_tgt(krb5_context context, krb5_auth_context auth_context) | |||
630 | if (problem) | 664 | if (problem) |
631 | goto out; | 665 | goto out; |
632 | 666 | ||
667 | remotehost = get_canonical_hostname(1); | ||
668 | |||
669 | #ifdef HEIMDAL | ||
633 | problem = krb5_build_principal(context, &creds.server, | 670 | problem = krb5_build_principal(context, &creds.server, |
634 | strlen(creds.client->realm), creds.client->realm, | 671 | strlen(creds.client->realm), creds.client->realm, |
635 | "krbtgt", creds.client->realm, NULL); | 672 | "krbtgt", creds.client->realm, NULL); |
673 | #else | ||
674 | problem = krb5_build_principal(context, &creds.server, | ||
675 | creds.client->realm.length, creds.client->realm.data, | ||
676 | "host", remotehost, NULL); | ||
677 | #endif | ||
636 | if (problem) | 678 | if (problem) |
637 | goto out; | 679 | goto out; |
638 | 680 | ||
639 | creds.times.endtime = 0; | 681 | creds.times.endtime = 0; |
640 | 682 | ||
683 | #ifdef HEIMDAL | ||
641 | flags.i = 0; | 684 | flags.i = 0; |
642 | flags.b.forwarded = 1; | 685 | flags.b.forwarded = 1; |
643 | flags.b.forwardable = krb5_config_get_bool(context, NULL, | 686 | flags.b.forwardable = krb5_config_get_bool(context, NULL, |
644 | "libdefaults", "forwardable", NULL); | 687 | "libdefaults", "forwardable", NULL); |
645 | |||
646 | remotehost = get_canonical_hostname(1); | ||
647 | |||
648 | problem = krb5_get_forwarded_creds(context, auth_context, | 688 | problem = krb5_get_forwarded_creds(context, auth_context, |
649 | ccache, flags.i, remotehost, &creds, &outbuf); | 689 | ccache, flags.i, remotehost, &creds, &outbuf); |
690 | #else | ||
691 | forwardable = 1; | ||
692 | problem = krb5_fwd_tgt_creds(context, auth_context, remotehost, | ||
693 | creds.client, creds.server, ccache, forwardable, &outbuf); | ||
694 | #endif | ||
695 | |||
650 | if (problem) | 696 | if (problem) |
651 | goto out; | 697 | goto out; |
652 | 698 | ||