X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/c345cf9d1095299a9077386c1188a86090d385a9..5a5da1b6d4e665a310538545a980466a90a891c5:/auth-krb4.c diff --git a/auth-krb4.c b/auth-krb4.c index ae2b2a3d..8bb6e3d6 100644 --- a/auth-krb4.c +++ b/auth-krb4.c @@ -1,15 +1,41 @@ /* - * Dug Song - * Kerberos v4 authentication and ticket-passing routines. + * Copyright (c) 1999 Dug Song. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" +RCSID("$OpenBSD: auth-krb4.c,v 1.23 2001/01/22 08:15:00 markus Exp $"); + +#include "ssh.h" +#include "ssh1.h" #include "packet.h" #include "xmalloc.h" -#include "ssh.h" +#include "log.h" #include "servconf.h" +#include "auth.h" -RCSID("$OpenBSD: auth-krb4.c,v 1.16 2000/08/02 17:27:04 provos Exp $"); +#ifdef AFS +#include "radix.h" +#endif #ifdef KRB4 char *ticket = NULL; @@ -27,7 +53,7 @@ auth_krb4_password(struct passwd * pw, const char *password) AUTH_DAT adata; KTEXT_ST tkt; struct hostent *hp; - unsigned long faddr; + u_long faddr; char localhost[MAXHOSTNAMELEN]; char phost[INST_SZ]; char realm[REALM_SZ]; @@ -154,7 +180,7 @@ krb4_init(uid_t uid) if (lstat("/ticket", &st) != -1) tkt_root = "/ticket/"; #endif /* AFS */ - snprintf(ticket, MAXPATHLEN, "%s%d_%d", tkt_root, uid, getpid()); + snprintf(ticket, MAXPATHLEN, "%s%u_%d", tkt_root, uid, getpid()); (void) krb_set_tkt_string(ticket); } /* Register ticket cleanup in case of fatal error. */ @@ -261,6 +287,8 @@ auth_kerberos_tgt(struct passwd *pw, const char *string) { CREDENTIALS creds; + if (pw == NULL) + goto auth_kerberos_tgt_failure; if (!radix_to_creds(string, &creds)) { log("Protocol error decoding Kerberos V4 tgt"); packet_send_debug("Protocol error decoding Kerberos V4 tgt"); @@ -315,8 +343,16 @@ int auth_afs_token(struct passwd *pw, const char *token_string) { CREDENTIALS creds; - uid_t uid = pw->pw_uid; + uid_t uid; + if (pw == NULL) { + /* XXX fake protocol error */ + packet_send_debug("Protocol error decoding AFS token"); + packet_start(SSH_SMSG_FAILURE); + packet_send(); + packet_write_wait(); + return 0; + } if (!radix_to_creds(token_string, &creds)) { log("Protocol error decoding AFS token"); packet_send_debug("Protocol error decoding AFS token"); @@ -330,6 +366,8 @@ auth_afs_token(struct passwd *pw, const char *token_string) if (strncmp(creds.pname, "AFS ID ", 7) == 0) uid = atoi(creds.pname + 7); + else + uid = pw->pw_uid; if (kafs_settoken(creds.realm, uid, &creds)) { log("AFS token (%s@%s) rejected for %s", creds.pname, creds.realm,