summaryrefslogtreecommitdiff
path: root/sshconnect1.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2002-04-13 11:04:40 +1000
committerDamien Miller <djm@mindrot.org>2002-04-13 11:04:40 +1000
commitfd4c9eee25e4e796b714477c3fbb0286ebe50fb7 (patch)
tree2b9995e4425eac437a6f1b195abf9f096cda0edb /sshconnect1.c
parent927dfd2d7eb8801e444a3bcff7fdf7a628a779f0 (diff)
- (djm) Add KrbV support patch from Simon Wilkinson <simon@sxw.org.uk>
Diffstat (limited to 'sshconnect1.c')
-rw-r--r--sshconnect1.c52
1 files changed, 49 insertions, 3 deletions
diff --git a/sshconnect1.c b/sshconnect1.c
index 39369413..3b5c7186 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -23,6 +23,9 @@ RCSID("$OpenBSD: sshconnect1.c,v 1.49 2002/03/14 15:24:27 markus Exp $");
#endif
#ifdef KRB5
#include <krb5.h>
+#ifndef HEIMDAL
+#define krb5_get_err_text(context,code) error_message(code)
+#endif /* !HEIMDAL */
#endif
#ifdef AFS
#include <kafs.h>
@@ -521,6 +524,23 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context)
ret = 0;
goto out;
}
+
+ problem = krb5_auth_con_init(*context, auth_context);
+ if (problem) {
+ debug("Kerberos v5: krb5_auth_con_init failed");
+ ret = 0;
+ goto out;
+ }
+
+#ifndef HEIMDAL
+ problem = krb5_auth_con_setflags(*context, *auth_context,
+ KRB5_AUTH_CONTEXT_RET_TIME);
+ if (problem) {
+ debug("Keberos v5: krb5_auth_con_setflags failed");
+ ret = 0;
+ goto out;
+ }
+#endif
tkfile = krb5_cc_default_name(*context);
if (strncmp(tkfile, "FILE:", 5) == 0)
@@ -597,7 +617,11 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context)
if (reply != NULL)
krb5_free_ap_rep_enc_part(*context, reply);
if (ap.length > 0)
+#ifdef HEIMDAL
krb5_data_free(&ap);
+#else
+ krb5_free_data_contents(*context, &ap);
+#endif
return (ret);
}
@@ -610,7 +634,11 @@ send_krb5_tgt(krb5_context context, krb5_auth_context auth_context)
krb5_data outbuf;
krb5_ccache ccache = NULL;
krb5_creds creds;
+#ifdef HEIMDAL
krb5_kdc_flags flags;
+#else
+ int forwardable;
+#endif
const char *remotehost;
memset(&creds, 0, sizeof(creds));
@@ -618,7 +646,13 @@ send_krb5_tgt(krb5_context context, krb5_auth_context auth_context)
fd = packet_get_connection_in();
+#ifdef HEIMDAL
problem = krb5_auth_con_setaddrs_from_fd(context, auth_context, &fd);
+#else
+ problem = krb5_auth_con_genaddrs(context, auth_context, fd,
+ KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR |
+ KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR);
+#endif
if (problem)
goto out;
@@ -630,23 +664,35 @@ send_krb5_tgt(krb5_context context, krb5_auth_context auth_context)
if (problem)
goto out;
+ remotehost = get_canonical_hostname(1);
+
+#ifdef HEIMDAL
problem = krb5_build_principal(context, &creds.server,
strlen(creds.client->realm), creds.client->realm,
"krbtgt", creds.client->realm, NULL);
+#else
+ problem = krb5_build_principal(context, &creds.server,
+ creds.client->realm.length, creds.client->realm.data,
+ "host", remotehost, NULL);
+#endif
if (problem)
goto out;
creds.times.endtime = 0;
+#ifdef HEIMDAL
flags.i = 0;
flags.b.forwarded = 1;
flags.b.forwardable = krb5_config_get_bool(context, NULL,
"libdefaults", "forwardable", NULL);
-
- remotehost = get_canonical_hostname(1);
-
problem = krb5_get_forwarded_creds(context, auth_context,
ccache, flags.i, remotehost, &creds, &outbuf);
+#else
+ forwardable = 1;
+ problem = krb5_fwd_tgt_creds(context, auth_context, remotehost,
+ creds.client, creds.server, ccache, forwardable, &outbuf);
+#endif
+
if (problem)
goto out;