+/* $OpenBSD: auth-krb5.c,v 1.19 2006/08/03 03:34:41 deraadt Exp $ */
/*
* Kerberos v5 authentication and ticket-passing routines.
*
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-krb5.c,v 1.15 2003/11/21 11:57:02 djm Exp $");
+#include <sys/types.h>
+#include <pwd.h>
+#include <stdarg.h>
+
+#include "xmalloc.h"
#include "ssh.h"
#include "ssh1.h"
#include "packet.h"
-#include "xmalloc.h"
#include "log.h"
+#include "buffer.h"
#include "servconf.h"
#include "uidswap.h"
+#include "key.h"
+#include "hostfile.h"
#include "auth.h"
#ifdef KRB5
+#include <errno.h>
+#include <unistd.h>
+#include <string.h>
#include <krb5.h>
extern ServerOptions options;
krb5_error_code problem;
krb5_ccache ccache = NULL;
int len;
+ char *client, *platform_client;
- if (!authctxt->valid)
- return (0);
+ /* get platform-specific kerberos client principal name (if it exists) */
+ platform_client = platform_krb5_get_principal_name(authctxt->pw->pw_name);
+ client = platform_client ? platform_client : authctxt->pw->pw_name;
temporarily_use_uid(authctxt->pw);
if (problem)
goto out;
- problem = krb5_parse_name(authctxt->krb5_ctx, authctxt->pw->pw_name,
+ problem = krb5_parse_name(authctxt->krb5_ctx, client,
&authctxt->krb5_user);
if (problem)
goto out;
if (problem)
goto out;
- if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user,
- authctxt->pw->pw_name)) {
+ if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, client)) {
problem = -1;
goto out;
}
out:
restore_uid();
+
+ if (platform_client != NULL)
+ xfree(platform_client);
if (problem) {
if (ccache)
else
return (0);
}
- return (1);
+ return (authctxt->valid ? 1 : 0);
}
void
ret = snprintf(ccname, sizeof(ccname),
"FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid());
- if (ret == -1 || ret >= sizeof(ccname))
+ if (ret < 0 || (size_t)ret >= sizeof(ccname))
return ENOMEM;
old_umask = umask(0177);
andersk / openssh.git / blobdiff