+/* $OpenBSD: auth-krb5.c,v 1.19 2006/08/03 03:34:41 deraadt Exp $ */
/*
* Kerberos v5 authentication and ticket-passing routines.
*
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-krb5.c,v 1.15 2003/11/21 11:57:02 djm Exp $");
+#include <sys/types.h>
+#include <pwd.h>
+#include <stdarg.h>
+
+#include "xmalloc.h"
#include "ssh.h"
#include "ssh1.h"
#include "packet.h"
-#include "xmalloc.h"
#include "log.h"
+#include "buffer.h"
#include "servconf.h"
#include "uidswap.h"
+#include "key.h"
+#include "hostfile.h"
#include "auth.h"
#ifdef KRB5
+#include <errno.h>
+#include <unistd.h>
+#include <string.h>
#include <krb5.h>
extern ServerOptions options;
krb5_ccache ccache = NULL;
int len;
- if (!authctxt->valid)
- return (0);
-
temporarily_use_uid(authctxt->pw);
problem = krb5_init(authctxt);
len = strlen(authctxt->krb5_ticket_file) + 6;
authctxt->krb5_ccname = xmalloc(len);
+#ifdef USE_CCAPI
+ snprintf(authctxt->krb5_ccname, len, "API:%s",
+ authctxt->krb5_ticket_file);
+#else
snprintf(authctxt->krb5_ccname, len, "FILE:%s",
authctxt->krb5_ticket_file);
+#endif
#ifdef USE_PAM
if (options.use_pam)
else
return (0);
}
- return (1);
+ return (authctxt->valid ? 1 : 0);
}
void
#ifndef HEIMDAL
krb5_error_code
ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
- int tmpfd, ret;
+ int ret;
char ccname[40];
mode_t old_umask;
+#ifdef USE_CCAPI
+ char cctemplate[] = "API:krb5cc_%d";
+#else
+ char cctemplate[] = "FILE:/tmp/krb5cc_%d_XXXXXXXXXX";
+ int tmpfd;
+#endif
ret = snprintf(ccname, sizeof(ccname),
- "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid());
- if (ret == -1 || ret >= sizeof(ccname))
+ cctemplate, geteuid());
+ if (ret < 0 || (size_t)ret >= sizeof(ccname))
return ENOMEM;
+#ifndef USE_CCAPI
old_umask = umask(0177);
tmpfd = mkstemp(ccname + strlen("FILE:"));
umask(old_umask);
return errno;
}
close(tmpfd);
+#endif
return (krb5_cc_resolve(ctx, ccname, ccache));
}