- stevesk@cvs.openbsd.org 2002/04/21 16:19:27

[openssh.git] / sshconnect1.c

diff --git a/sshconnect1.c b/sshconnect1.c
index 393694138f60b372f49f8c3217ad2266a84e8bc3..3b5c7186ff0153437f43bbd3eb0237b439af2ea2 100644 (file)
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -23,6 +23,9 @@ RCSID("$OpenBSD: sshconnect1.c,v 1.49 2002/03/14 15:24:27 markus Exp $");
 #endif
 #ifdef KRB5
 #include <krb5.h>
+#ifndef HEIMDAL
+#define krb5_get_err_text(context,code) error_message(code)
+#endif /* !HEIMDAL */
 #endif
 #ifdef AFS
 #include <kafs.h>
@@ -521,6 +524,23 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context)
                ret = 0;
                goto out;
        }
+       
+       problem = krb5_auth_con_init(*context, auth_context);
+       if (problem) {
+               debug("Kerberos v5: krb5_auth_con_init failed");
+               ret = 0;
+               goto out;
+       }
+
+#ifndef HEIMDAL
+       problem = krb5_auth_con_setflags(*context, *auth_context,
+                                        KRB5_AUTH_CONTEXT_RET_TIME);
+       if (problem) {
+               debug("Keberos v5: krb5_auth_con_setflags failed");
+               ret = 0;
+               goto out;
+       }
+#endif
 
        tkfile = krb5_cc_default_name(*context);
        if (strncmp(tkfile, "FILE:", 5) == 0)
@@ -597,7 +617,11 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context)
        if (reply != NULL)
                krb5_free_ap_rep_enc_part(*context, reply);
        if (ap.length > 0)
+#ifdef HEIMDAL
                krb5_data_free(&ap);
+#else
+               krb5_free_data_contents(*context, &ap);
+#endif
 
        return (ret);
 }
@@ -610,7 +634,11 @@ send_krb5_tgt(krb5_context context, krb5_auth_context auth_context)
        krb5_data outbuf;
        krb5_ccache ccache = NULL;
        krb5_creds creds;
+#ifdef HEIMDAL
        krb5_kdc_flags flags;
+#else
+       int forwardable;
+#endif
        const char *remotehost;
 
        memset(&creds, 0, sizeof(creds));
@@ -618,7 +646,13 @@ send_krb5_tgt(krb5_context context, krb5_auth_context auth_context)
 
        fd = packet_get_connection_in();
 
+#ifdef HEIMDAL
        problem = krb5_auth_con_setaddrs_from_fd(context, auth_context, &fd);
+#else
+       problem = krb5_auth_con_genaddrs(context, auth_context, fd,
+                       KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR |
+                       KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR);
+#endif
        if (problem)
                goto out;
 
@@ -630,23 +664,35 @@ send_krb5_tgt(krb5_context context, krb5_auth_context auth_context)
        if (problem)
                goto out;
 
+       remotehost = get_canonical_hostname(1);
+       
+#ifdef HEIMDAL
        problem = krb5_build_principal(context, &creds.server,
            strlen(creds.client->realm), creds.client->realm,
            "krbtgt", creds.client->realm, NULL);
+#else
+       problem = krb5_build_principal(context, &creds.server,
+           creds.client->realm.length, creds.client->realm.data,
+           "host", remotehost, NULL);
+#endif
        if (problem)
                goto out;
 
        creds.times.endtime = 0;
 
+#ifdef HEIMDAL
        flags.i = 0;
        flags.b.forwarded = 1;
        flags.b.forwardable = krb5_config_get_bool(context,  NULL,
            "libdefaults", "forwardable", NULL);
-
-       remotehost = get_canonical_hostname(1);
-
        problem = krb5_get_forwarded_creds(context, auth_context,
            ccache, flags.i, remotehost, &creds, &outbuf);
+#else
+       forwardable = 1;
+       problem = krb5_fwd_tgt_creds(context, auth_context, remotehost,
+           creds.client, creds.server, ccache, forwardable, &outbuf);
+#endif
+
        if (problem)
                goto out;