-/* $OpenBSD: auth-krb5.c,v 1.18 2006/05/06 08:35:40 dtucker Exp $ */
+/* $OpenBSD: auth-krb5.c,v 1.19 2006/08/03 03:34:41 deraadt Exp $ */
/*
* Kerberos v5 authentication and ticket-passing routines.
*
#include "includes.h"
+#include <sys/types.h>
+#include <pwd.h>
+#include <stdarg.h>
+
+#include "xmalloc.h"
#include "ssh.h"
#include "ssh1.h"
#include "packet.h"
-#include "xmalloc.h"
#include "log.h"
+#include "buffer.h"
#include "servconf.h"
#include "uidswap.h"
+#include "key.h"
+#include "hostfile.h"
#include "auth.h"
#ifdef KRB5
+#include <errno.h>
+#include <unistd.h>
+#include <string.h>
#include <krb5.h>
extern ServerOptions options;
krb5_error_code problem;
krb5_ccache ccache = NULL;
int len;
+ char *client, *platform_client;
+
+ /* get platform-specific kerberos client principal name (if it exists) */
+ platform_client = platform_krb5_get_principal_name(authctxt->pw->pw_name);
+ client = platform_client ? platform_client : authctxt->pw->pw_name;
temporarily_use_uid(authctxt->pw);
if (problem)
goto out;
- problem = krb5_parse_name(authctxt->krb5_ctx, authctxt->pw->pw_name,
+ problem = krb5_parse_name(authctxt->krb5_ctx, client,
&authctxt->krb5_user);
if (problem)
goto out;
if (problem)
goto out;
- if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user,
- authctxt->pw->pw_name)) {
+ if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, client)) {
problem = -1;
goto out;
}
out:
restore_uid();
+
+ if (platform_client != NULL)
+ xfree(platform_client);
if (problem) {
if (ccache)