Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
NetBSD/crypto/dist/krb4/lib/krb/verify_user.c

186 lines
4.9 KiB
C
Raw Normal View History

Import KTH Kerberos 4 from cryptosrc-intl.
2000-06-16 22:45:32 +04:00
/*
import krb4-1.0.5
2000-12-29 04:42:08 +03:00
* Copyright (c) 1995 - 2000 Kungliga Tekniska H<EFBFBD>gskolan
Import KTH Kerberos 4 from cryptosrc-intl.
2000-06-16 22:45:32 +04:00
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "krb_locl.h"
import krb4 1.2
2002-09-12 16:22:01 +04:00
__RCSID("$KTH-KRB: verify_user.c,v 1.20 2000/12/15 14:41:30 assar Exp $"
"$NetBSD: verify_user.c,v 1.1.1.4 2002/09/12 12:22:10 joda Exp $");
Import KTH Kerberos 4 from cryptosrc-intl.
2000-06-16 22:45:32 +04:00
/*
* Verify user (name.instance@realm) with `password'.
*
* If secure, also verify against local
* service key (`linstance'.hostname) (or rcmd if linstance == NULL),
* this can (usually) only be done by root.
*
* If secure == KRB_VERIFY_SECURE, fail if there's no key.
* If secure == KRB_VERIFY_SECURE_FAIL, don't fail if there's no such
* key in the srvtab.
*
* As a side effect, fresh tickets are obtained.
*
* srvtab is where the key is found.
*
* Returns zero if ok, a positive kerberos error or -1 for system
* errors.
*/
static int
krb_verify_user_srvtab_exact(char *name,
char *instance,
char *realm,
char *password,
int secure,
char *linstance,
char *srvtab)
{
int ret;
ret = krb_get_pw_in_tkt(name, instance, realm,
KRB_TICKET_GRANTING_TICKET,
realm,
DEFAULT_TKT_LIFE, password);
if(ret != KSUCCESS)
return ret;
if(secure == KRB_VERIFY_SECURE || secure == KRB_VERIFY_SECURE_FAIL){
struct hostent *hp;
int32_t addr;
KTEXT_ST ticket;
AUTH_DAT auth;
import krb4-1.0.5
2000-12-29 04:42:08 +03:00
int n;
Import KTH Kerberos 4 from cryptosrc-intl.
2000-06-16 22:45:32 +04:00
char lrealm[REALM_SZ];
char hostname[MaxHostNameLen];
char *phost;
if (gethostname(hostname, sizeof(hostname)) == -1) {
dest_tkt();
return -1;
}
hp = gethostbyname(hostname);
if(hp == NULL){
dest_tkt();
return -1;
}
memcpy(&addr, hp->h_addr, sizeof(addr));
phost = krb_get_phost(hostname);
if (linstance == NULL)
linstance = "rcmd";
import krb4-1.0.5
2000-12-29 04:42:08 +03:00
ret = KFAILURE;
for (n = 1; krb_get_lrealm(lrealm, n) == KSUCCESS; ++n) {
if(secure == KRB_VERIFY_SECURE_FAIL) {
des_cblock key;
ret = read_service_key(linstance, phost, lrealm, 0, srvtab,
&key);
memset(key, 0, sizeof(key));
if(ret == KFAILURE)
continue;
}
ret = krb_mk_req(&ticket, linstance, phost, lrealm, 0);
if(ret == KSUCCESS) {
ret = krb_rd_req(&ticket, linstance, phost, addr, &auth,
srvtab);
if (ret == KSUCCESS)
break;
}
Import KTH Kerberos 4 from cryptosrc-intl.
2000-06-16 22:45:32 +04:00
}
import krb4-1.0.5
2000-12-29 04:42:08 +03:00
if (ret != KSUCCESS) {
Import KTH Kerberos 4 from cryptosrc-intl.
2000-06-16 22:45:32 +04:00
dest_tkt();
return ret;
}
}
return 0;
}
/*
* Try to verify the user and password against all the local realms.
*/
int
krb_verify_user_srvtab(char *name,
char *instance,
char *realm,
char *password,
int secure,
char *linstance,
char *srvtab)
{
int ret;
int n;
char rlm[256];
/* First try to verify against the supplied realm. */
ret = krb_verify_user_srvtab_exact(name, instance, realm, password,
secure, linstance, srvtab);
if (ret == KSUCCESS)
return KSUCCESS;
/* Verify all local realms, except the supplied realm. */
for (n = 1; krb_get_lrealm(rlm, n) == KSUCCESS; n++)
if (strcmp(rlm, realm) != 0) {
ret = krb_verify_user_srvtab_exact(name, instance, rlm, password,
secure, linstance, srvtab);
if (ret == KSUCCESS)
return KSUCCESS;
}
return ret;
}
/*
* Compat function without srvtab.
*/
int
krb_verify_user(char *name,
char *instance,
char *realm,
char *password,
int secure,
char *linstance)
{
return krb_verify_user_srvtab (name,
instance,
realm,
password,
secure,
linstance,
(char *)KEYFILE);
}