- if (problem)
- goto err;
-
- problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL ,
- KRB5_NT_SRV_HST, &server);
- if (problem)
- goto err;
-
- problem = krb5_rd_req(authctxt->krb5_ctx, &authctxt->krb5_auth_ctx,
- auth, server, NULL, NULL, &ticket);
- if (problem)
- goto err;
-
-#ifdef HEIMDAL
- problem = krb5_copy_principal(authctxt->krb5_ctx, ticket->client,
- &authctxt->krb5_user);
-#else
- problem = krb5_copy_principal(authctxt->krb5_ctx,
- ticket->enc_part2->client,
- &authctxt->krb5_user);
-#endif
- if (problem)
- goto err;
-
- /* if client wants mutual auth */
- problem = krb5_mk_rep(authctxt->krb5_ctx, authctxt->krb5_auth_ctx,
- &reply);
- if (problem)
- goto err;
-
- /* Check .k5login authorization now. */
- if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user,
- authctxt->pw->pw_name))
- goto err;
-
- if (client)
- krb5_unparse_name(authctxt->krb5_ctx, authctxt->krb5_user,
- client);
-
- packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE);
- packet_put_string((char *) reply.data, reply.length);
- packet_send();
- packet_write_wait();
-
- ret = 1;
- err:
- if (server)
- krb5_free_principal(authctxt->krb5_ctx, server);
- if (ticket)
- krb5_free_ticket(authctxt->krb5_ctx, ticket);
- if (reply.length)
- xfree(reply.data);
-
- if (problem) {
- if (authctxt->krb5_ctx != NULL)
- debug("Kerberos v5 authentication failed: %s",
- krb5_get_err_text(authctxt->krb5_ctx, problem));
- else
- debug("Kerberos v5 authentication failed: %d",
- problem);
- }
-
- return (ret);
-}
-
-int
-auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt)
-{