diff options
Diffstat (limited to 'crypto/openssh/auth-krb5.c')
| -rw-r--r-- | crypto/openssh/auth-krb5.c | 249 | 
1 files changed, 0 insertions, 249 deletions
| diff --git a/crypto/openssh/auth-krb5.c b/crypto/openssh/auth-krb5.c deleted file mode 100644 index 183243e2f9ad6..0000000000000 --- a/crypto/openssh/auth-krb5.c +++ /dev/null @@ -1,249 +0,0 @@ -/* - *    Kerberos v5 authentication and ticket-passing routines. - *  - * $FreeBSD$ - */ - -#include "includes.h" -#include "ssh.h" -#include "packet.h" -#include "xmalloc.h" - -#ifdef KRB5 - -krb5_context ssh_context = NULL; -krb5_auth_context auth_context; -krb5_ccache mem_ccache = NULL; /* Credential cache for acquired ticket */ - -/* Try krb5 authentication. server_user is passed for logging purposes only, -   in auth is received ticket, in client is returned principal from the -   ticket */ -int  -auth_krb5(const char* server_user, krb5_data *auth, krb5_principal *client) -{ -	krb5_error_code problem; -	krb5_principal server = NULL; -	krb5_principal tkt_client = NULL; -	krb5_data reply; -	krb5_ticket *ticket = NULL; -	int fd; -	int ret; -	 -	reply.length = 0; -	 -	problem = krb5_init(); -	if (problem)  -	   return 0; -	 -	problem = krb5_auth_con_init(ssh_context, &auth_context); -	if (problem) { -	  log("Kerberos v5 authentication failed: %.100s", -	       krb5_get_err_text(ssh_context, problem)); - -	  return 0; -	} -	 -       fd = packet_get_connection_in(); -       problem = krb5_auth_con_setaddrs_from_fd(ssh_context, auth_context, &fd); -       if (problem) { -	 ret = 0; -	 goto err;  -       } -	 -	problem = krb5_sname_to_principal(ssh_context,  NULL, NULL , -	    KRB5_NT_SRV_HST, &server); -	if (problem) { -	    ret = 0; -	    goto err; -	} -	 -	problem = krb5_rd_req(ssh_context, &auth_context, auth, server, NULL, -	    NULL, &ticket); -	if (problem) { -	  ret = 0; -	  goto err; -	} -	 -	problem = krb5_copy_principal(ssh_context, ticket->client, &tkt_client); -	if (problem) { -	  ret = 0; -	  goto err; -	} -	 -	/* if client wants mutual auth */ -	problem = krb5_mk_rep(ssh_context, &auth_context, &reply); -	if (problem) { -	  ret = 0; -	  goto err; -	} -	 -	*client = tkt_client; -	 -	packet_start(SSH_SMSG_AUTH_KRB5_RESPONSE); -	packet_put_string((char *) reply.data, reply.length); -	packet_send(); -	packet_write_wait(); -	ret = 1; -	   -err: -	if (server) -	  krb5_free_principal(ssh_context, server); -	if (ticket) -	  krb5_free_ticket(ssh_context, ticket); -	if (reply.length) -	  xfree(reply.data); -	return ret; -} - -int -auth_krb5_tgt(char *server_user, krb5_data *tgt, krb5_principal tkt_client) -{ -  krb5_error_code problem; -  krb5_ccache ccache = NULL; -   -  if (ssh_context == NULL) { -     goto fail; -  } -   -  problem = krb5_cc_gen_new(ssh_context, &krb5_mcc_ops, &ccache); -  if (problem) { -     goto fail; -  } -   -  problem = krb5_cc_initialize(ssh_context, ccache, tkt_client); -  if (problem) { -     goto fail; -  } -     -  problem = krb5_rd_cred(ssh_context, auth_context, ccache, tgt); -  if (problem) { -     goto fail; -  } -   -  mem_ccache = ccache; -  ccache = NULL; -   -  /* -  problem = krb5_cc_copy_cache(ssh_context, ccache, mem_ccache); -  if (problem) { -     mem_ccache = NULL; -     goto fail;  -  } -   -   -  problem = krb5_cc_destroy(ssh_context, ccache); -  if (problem) -     goto fail; -     */ -   -#if 0 -  packet_start(SSH_SMSG_SUCCESS); -  packet_send(); -  packet_write_wait(); -#endif  -  return 1; -   -fail: -  if (ccache) -     krb5_cc_destroy(ssh_context, ccache); -#if 0 -  packet_start(SSH_SMSG_FAILURE); -  packet_send(); -  packet_write_wait(); -#endif -  return 0; -} - -int -auth_krb5_password(struct passwd *pw, const char *password) -{ -  krb5_error_code problem; -  krb5_ccache ccache = NULL; -  krb5_principal client = NULL;  -  int ret; -   -  problem = krb5_init(); -  if (problem) -     return 0; -   -  problem = krb5_parse_name(ssh_context, pw->pw_name, &client); -  if (problem) {  -     ret = 0; -     goto out; -  } - -  problem = krb5_cc_gen_new(ssh_context, &krb5_mcc_ops, &ccache); -  if (problem) {  -     ret = 0; -     goto out; -  } -  -  problem = krb5_cc_initialize(ssh_context, ccache, client); -  if (problem) {  -     ret = 0; -     goto out; -  } -   -  problem = krb5_verify_user(ssh_context, client, ccache, password, 1, NULL); -  if (problem) {  -     ret = 0; -     goto out; -  } -   -/* -  problem = krb5_cc_copy_cache(ssh_context, ccache, mem_ccache); -  if (problem) {  -     ret = 0; -     mem_ccache = NULL; -     goto out; -  } -  */ -  mem_ccache = ccache; -  ccache = NULL; -   -  ret = 1; -out: -  if (client != NULL) -     krb5_free_principal(ssh_context, client); -  if (ccache != NULL) -     krb5_cc_destroy(ssh_context, ccache); -  return ret; -} - -void -krb5_cleanup_proc(void *ignore) -{ -   extern krb5_principal tkt_client; -    -   debug("krb5_cleanup_proc() called"); -   if (mem_ccache) -      krb5_cc_destroy(ssh_context, mem_ccache); -   if (tkt_client) -      krb5_free_principal(ssh_context, tkt_client); -   if (auth_context) -      krb5_auth_con_free(ssh_context, auth_context); -   if (ssh_context) -      krb5_free_context(ssh_context); -} -  -int -krb5_init(void) -{   -   krb5_error_code problem; -   static cleanup_registered = 0; -    -   if (ssh_context == NULL) { -      problem = krb5_init_context(&ssh_context); -      if (problem) -	 return problem; -      krb5_init_ets(ssh_context); -   } -   -   if (!cleanup_registered) { -      fatal_add_cleanup(krb5_cleanup_proc, NULL); -     cleanup_registered = 1; -   } -   return 0; -} -    -#endif /* KRB5 */ | 
