diff --git a/appl/kx/context.c b/appl/kx/context.c new file mode 100644 index 000000000..da1e5f344 --- /dev/null +++ b/appl/kx/context.c @@ -0,0 +1,89 @@ +/* + * Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kx.h" + +RCSID("$Id$"); + +void +context_set (kx_context *kc, char *host, char *user, int port, + int debug_flag, int keepalive_flag, int tcp_flag) +{ + kc->host = host; + kc->user = user; + kc->port = port; + kc->debug_flag = debug_flag; + kc->keepalive_flag = keepalive_flag; + kc->tcp_flag = tcp_flag; +} + +void +context_destroy (kx_context *kc) +{ + (*kc->destroy)(kc); +} + +int +context_authenticate (kx_context *kc, int s) +{ + return (*kc->authenticate)(kc, s); +} + +int +context_userok (kx_context *kc, char *user) +{ + return (*kc->userok)(kc, user); +} + +ssize_t +kx_read (kx_context *kc, int fd, void *buf, size_t len) +{ + return (*kc->read)(kc, fd, buf, len); +} + +ssize_t +kx_write (kx_context *kc, int fd, const void *buf, size_t len) +{ + return (*kc->write)(kc, fd, buf, len); +} + +int +copy_encrypted (kx_context *kc, int fd1, int fd2) +{ + return (*kc->copy_encrypted)(kc, fd1, fd2); +} diff --git a/appl/kx/krb4.c b/appl/kx/krb4.c new file mode 100644 index 000000000..5970e0393 --- /dev/null +++ b/appl/kx/krb4.c @@ -0,0 +1,309 @@ +/* + * Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kx.h" + +RCSID("$Id$"); + +#ifdef KRB4 + +struct krb4_kx_context { + des_cblock key; + des_key_schedule schedule; + AUTH_DAT auth; +}; + +typedef struct krb4_kx_context krb4_kx_context; + +static void +krb4_destroy (kx_context *c) +{ + memset (c->data, 0, sizeof(krb4_kx_context)); + free (c->data); +} + +static int +krb4_authenticate (kx_context *kc, int s) +{ + CREDENTIALS cred; + KTEXT_ST text; + MSG_DAT msg; + int status; + krb4_kx_context *c = (krb4_kx_context *)kc->data; + char *host = kc->host; + + status = krb_sendauth (KOPT_DO_MUTUAL, s, &text, "rcmd", + host, krb_realmofhost (host), + getpid(), &msg, &cred, c->schedule, + &kc->thisaddr, &kc->thataddr, KX_VERSION); + if (status != KSUCCESS) { + warnx ("%s: %s\n", host, krb_get_err_text(status)); + return -1; + } + memcpy (c->key, cred.session, sizeof(des_cblock)); + return 0; +} + +static ssize_t +krb4_read (kx_context *kc, + int fd, void *buf, size_t len) +{ + unsigned char tmp[4]; + ssize_t ret; + size_t l; + int status; + krb4_kx_context *c = (krb4_kx_context *)kc->data; + MSG_DAT msg; + + ret = krb_net_read (fd, tmp, 4); + if (ret == 0) + return ret; + if (ret != 4) + return -1; + l = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3]; + if (l > len) + return -1; + if (krb_net_read (fd, buf, l) != l) + return -1; + status = krb_rd_priv (buf, l, c->schedule, &c->key, + &kc->thataddr, &kc->thisaddr, &msg); + if (status != RD_AP_OK) { + warnx ("krb4_read: %s", krb_get_err_text(status)); + return -1; + } + memmove (buf, msg.app_data, msg.app_length); + return msg.app_length; +} + +static ssize_t +krb4_write(kx_context *kc, + int fd, const void *buf, size_t len) +{ + void *outbuf; + krb4_kx_context *c = (krb4_kx_context *)kc->data; + size_t outlen; + unsigned char tmp[4]; + + outbuf = malloc (len + 30); + if (outbuf == NULL) + return -1; + outlen = krb_mk_priv ((void *)buf, outbuf, len, c->schedule, &c->key, + &kc->thisaddr, &kc->thataddr); + if (outlen < 0) { + free (outbuf); + return -1; + } + tmp[0] = (outlen >> 24) & 0xFF; + tmp[1] = (outlen >> 16) & 0xFF; + tmp[2] = (outlen >> 8) & 0xFF; + tmp[3] = (outlen >> 0) & 0xFF; + + if (krb_net_write (fd, tmp, 4) != 4 || + krb_net_write (fd, outbuf, outlen) != outlen) { + free (outbuf); + return -1; + } + free (outbuf); + return len; +} + +/* + * Copy data from `fd1' to `fd2', {en,de}crypting with cfb64 + * with `mode' and state stored in `iv', `schedule', and `num'. + * Return -1 if error, 0 if eof, else 1 + */ + +static int +do_enccopy (int fd1, int fd2, int mode, des_cblock *iv, + des_key_schedule schedule, int *num) +{ + int ret; + u_char buf[BUFSIZ]; + + ret = read (fd1, buf, sizeof(buf)); + if (ret == 0) + return 0; + if (ret < 0) { + warn ("read"); + return ret; + } +#ifndef NOENCRYPTION + des_cfb64_encrypt (buf, buf, ret, schedule, iv, + num, mode); +#endif + ret = krb_net_write (fd2, buf, ret); + if (ret < 0) { + warn ("write"); + return ret; + } + return 1; +} + +static int +krb4_copy_encrypted (kx_context *kc, + int fd1, int fd2) +{ + krb4_kx_context *c = (krb4_kx_context *)kc->data; + des_cblock iv1, iv2; + int num1 = 0, num2 = 0; + + memcpy (iv1, c->key, sizeof(iv1)); + memcpy (iv2, c->key, sizeof(iv2)); + for (;;) { + fd_set fdset; + int ret; + + FD_ZERO(&fdset); + FD_SET(fd1, &fdset); + FD_SET(fd2, &fdset); + + ret = select (max(fd1, fd2)+1, &fdset, NULL, NULL, NULL); + if (ret < 0 && errno != EINTR) { + warn ("select"); + return 1; + } + if (FD_ISSET(fd1, &fdset)) { + ret = do_enccopy (fd1, fd2, DES_ENCRYPT, &iv1, c->schedule, &num1); + if (ret <= 0) + return ret; + } + if (FD_ISSET(fd2, &fdset)) { + ret = do_enccopy (fd2, fd1, DES_DECRYPT, &iv2, c->schedule, &num2); + if (ret <= 0) + return ret; + } + } +} + +static int +krb4_userok (kx_context *kc, char *user) +{ + krb4_kx_context *c = (krb4_kx_context *)kc->data; + char *tmp; + + tmp = krb_unparse_name_long (c->auth.pname, + c->auth.pinst, + c->auth.prealm); + kc->user = strdup (tmp); + if (kc->user == NULL) + err (1, "malloc"); + + + return kuserok (&c->auth, user); +} + +void +krb4_make_context (kx_context *kc) +{ + kc->authenticate = krb4_authenticate; + kc->userok = krb4_userok; + kc->read = krb4_read; + kc->write = krb4_write; + kc->copy_encrypted = krb4_copy_encrypted; + kc->destroy = krb4_destroy; + kc->user = NULL; + kc->data = malloc(sizeof(krb4_kx_context)); + + if (kc->data == NULL) + err (1, "malloc"); +} + +int +recv_v4_auth (kx_context *kc, int sock, u_char *buf) +{ + int status; + KTEXT_ST ticket; + char instance[INST_SZ + 1]; + char version[KRB_SENDAUTH_VLEN + 1]; + krb4_kx_context *c; + AUTH_DAT auth; + des_key_schedule schedule; + + if (memcmp (buf, KRB_SENDAUTH_VERS, 4) != 0) + return -1; + if (net_read (sock, buf + 4, KRB_SENDAUTH_VLEN - 4) != + KRB_SENDAUTH_VLEN - 4) { + syslog (LOG_ERR, "read: %m"); + exit (1); + } + if (memcmp (buf, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN) != 0) { + syslog (LOG_ERR, "unrecognized auth protocol: %.8s", buf); + exit (1); + } + + k_getsockinst (sock, instance, sizeof(instance)); + status = krb_recvauth (KOPT_IGNORE_PROTOCOL | KOPT_DO_MUTUAL, + sock, + &ticket, + "rcmd", + instance, + &kc->thataddr, + &kc->thisaddr, + &auth, + "", + schedule, + version); + if (status != KSUCCESS) { + syslog (LOG_ERR, "krb_recvauth: %s", krb_get_err_text(status)); + exit (1); + } + if (strncmp (version, KX_VERSION, KRB_SENDAUTH_VLEN) != 0) { + /* Try to be nice to old kx's */ + if (strncmp (version, KX_OLD_VERSION, KRB_SENDAUTH_VLEN) == 0) { + char *old_errmsg = "\001Old version of kx. Please upgrade."; + char user[64]; + + syslog (LOG_ERR, "Old version client (%s)", version); + + krb_net_read (sock, user, sizeof(user)); + krb_net_write (sock, old_errmsg, strlen(old_errmsg) + 1); + } else + syslog (LOG_ERR, "bad version: %s", version); + } + + krb4_make_context (kc); + c = (krb4_kx_context *)kc->data; + + c->auth = auth; + memcpy (c->key, &auth.session, sizeof(des_cblock)); + memcpy (c->schedule, schedule, sizeof(schedule)); + + return 0; +} + +#endif /* KRB4 */ diff --git a/appl/kx/krb5.c b/appl/kx/krb5.c new file mode 100644 index 000000000..34b19f577 --- /dev/null +++ b/appl/kx/krb5.c @@ -0,0 +1,367 @@ +/* + * Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kx.h" + +RCSID("$Id$"); + +#ifdef KRB5 + +struct krb5_kx_context { + krb5_context context; + krb5_keyblock *keyblock; + krb5_crypto crypto; + krb5_principal client; +}; + +typedef struct krb5_kx_context krb5_kx_context; + +static void +krb5_destroy (kx_context *c) +{ + krb5_kx_context *kc = (krb5_kx_context *)c->data; + + if (kc->keyblock) + krb5_free_keyblock (kc->context, kc->keyblock); + if (kc->crypto) + krb5_crypto_destroy (kc->context, kc->crypto); + if (kc->client) + krb5_free_principal (kc->context, kc->client); + if (kc->context) + krb5_free_context (kc->context); + free (kc->context); +} + +static int +krb5_authenticate (kx_context *kc, int s) +{ + krb5_kx_context *c = (krb5_kx_context *)kc->data; + krb5_context context = c->context; + krb5_auth_context auth_context = NULL; + krb5_error_code ret; + krb5_principal server; + char *host = kc->host; + + ret = krb5_sname_to_principal (context, + host, "host", KRB5_NT_SRV_HST, &server); + if (ret) { + warnx ("krb5_sname_to_principal: %s: %s", host, + krb5_get_err_text(context, ret)); + return 1; + } + + ret = krb5_sendauth (context, + &auth_context, + &s, + KX_VERSION, + NULL, + server, + AP_OPTS_MUTUAL_REQUIRED, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL); + if (ret) { + warnx ("krb5_sendauth: %s: %s", host, + krb5_get_err_text(context, ret)); + return 1; + } + + ret = krb5_auth_con_getkey (context, auth_context, &c->keyblock); + if (ret) { + warnx ("krb5_auth_con_getkey: %s: %s", host, + krb5_get_err_text(context, ret)); + krb5_auth_con_free (context, auth_context); + return 1; + } + + ret = krb5_crypto_init (context, c->keyblock, 0, &c->crypto); + if (ret) { + warnx ("krb5_crypto_init: %s", krb5_get_err_text (context, ret)); + krb5_auth_con_free (context, auth_context); + return 1; + } + return 0; +} + +static ssize_t +krb5_read (kx_context *kc, + int fd, void *buf, size_t len) +{ + krb5_kx_context *c = (krb5_kx_context *)kc->data; + krb5_context context = c->context; + size_t data_len, outer_len; + krb5_error_code ret; + unsigned char tmp[4]; + krb5_data data; + int l; + + l = krb5_net_read (context, &fd, tmp, 4); + if (l == 0) + return l; + if (l != 4) + return -1; + data_len = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3]; + outer_len = krb5_get_wrapped_length (context, c->crypto, data_len); + if (outer_len > len) + return -1; + if (krb5_net_read (context, &fd, buf, outer_len) != outer_len) + return -1; + + ret = krb5_decrypt (context, c->crypto, KRB5_KU_OTHER_ENCRYPTED, + buf, outer_len, &data); + if (ret) { + warnx ("krb5_decrypt: %s", krb5_get_err_text(context, ret)); + return -1; + } + if (data_len > data.length) { + krb5_data_free (&data); + return -1; + } + memmove (buf, data.data, data_len); + krb5_data_free (&data); + return data_len; +} + +static ssize_t +krb5_write(kx_context *kc, + int fd, const void *buf, size_t len) +{ + krb5_kx_context *c = (krb5_kx_context *)kc->data; + krb5_context context = c->context; + krb5_data data; + krb5_error_code ret; + unsigned char tmp[4]; + size_t outlen; + + ret = krb5_encrypt (context, c->crypto, KRB5_KU_OTHER_ENCRYPTED, + (void *)buf, len, &data); + if (ret){ + warnx ("krb5_write: %s", krb5_get_err_text (context, ret)); + return -1; + } + + outlen = data.length; + tmp[0] = (len >> 24) & 0xFF; + tmp[1] = (len >> 16) & 0xFF; + tmp[2] = (len >> 8) & 0xFF; + tmp[3] = (len >> 0) & 0xFF; + + if (krb5_net_write (context, &fd, tmp, 4) != 4 || + krb5_net_write (context, &fd, data.data, outlen) != outlen) { + krb5_data_free (&data); + return -1; + } + krb5_data_free (&data); + return len; +} + +static int +copy_out (kx_context *kc, int from_fd, int to_fd) +{ + char buf[32768]; + ssize_t len; + + len = read (from_fd, buf, sizeof(buf)); + if (len == 0) + return 0; + if (len < 0) { + warn ("read"); + return len; + } + return krb5_write (kc, to_fd, buf, len); +} + +static int +copy_in (kx_context *kc, int from_fd, int to_fd) +{ + krb5_kx_context *c = (krb5_kx_context *)kc->data; + char buf[33000]; /* XXX */ + + ssize_t len; + + len = krb5_read (kc, from_fd, buf, sizeof(buf)); + if (len == 0) + return 0; + if (len < 0) { + warn ("krb5_read"); + return len; + } + + return krb5_net_write (c->context, &to_fd, buf, len); +} + +static int +krb5_copy_encrypted (kx_context *kc, int fd1, int fd2) +{ + for (;;) { + fd_set fdset; + int ret; + + FD_ZERO(&fdset); + FD_SET(fd1, &fdset); + FD_SET(fd2, &fdset); + + ret = select (max(fd1, fd2)+1, &fdset, NULL, NULL, NULL); + if (ret < 0 && errno != EINTR) { + warn ("select"); + return 1; + } + if (FD_ISSET(fd1, &fdset)) { + ret = copy_out (kc, fd1, fd2); + if (ret <= 0) + return ret; + } + if (FD_ISSET(fd2, &fdset)) { + ret = copy_in (kc, fd2, fd1); + if (ret <= 0) + return ret; + } + } +} + +static int +krb5_userok (kx_context *kc, char *user) +{ + krb5_kx_context *c = (krb5_kx_context *)kc->data; + krb5_context context = c->context; + krb5_error_code ret; + + ret = krb5_unparse_name (context, c->client, &kc->user); + if (ret) + krb5_err (context, 1, ret, "krb5_unparse_name"); + + return !krb5_kuserok (context, c->client, user); +} + +void +krb5_make_context (kx_context *kc) +{ + krb5_kx_context *c; + + kc->authenticate = krb5_authenticate; + kc->userok = krb5_userok; + kc->read = krb5_read; + kc->write = krb5_write; + kc->copy_encrypted = krb5_copy_encrypted; + kc->destroy = krb5_destroy; + kc->user = NULL; + kc->data = malloc(sizeof(krb5_kx_context)); + + if (kc->data == NULL) + err (1, "malloc"); + memset (kc->data, 0, sizeof(krb5_kx_context)); + c = (krb5_kx_context *)kc->data; + krb5_init_context (&c->context); +} + +int +recv_v5_auth (kx_context *kc, int sock, u_char *buf) +{ + u_int32_t len; + krb5_error_code ret; + krb5_kx_context *c; + krb5_context context; + krb5_principal server; + krb5_auth_context auth_context = NULL; + krb5_ticket *ticket; + + if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0) + return 1; + len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | (buf[3]); + if (net_read(sock, buf, len) != len) { + syslog (LOG_ERR, "read: %m"); + exit (1); + } + if (len != sizeof(KRB5_SENDAUTH_VERSION) + || memcmp (buf, KRB5_SENDAUTH_VERSION, len) != 0) { + syslog (LOG_ERR, "bad sendauth version: %.8s", buf); + exit (1); + } + + krb5_make_context (kc); + c = (krb5_kx_context *)kc->data; + context = c->context; + + ret = krb5_sock_to_principal (context, sock, "host", + KRB5_NT_SRV_HST, &server); + if (ret) { + syslog (LOG_ERR, "krb5_sock_to_principal: %s", + krb5_get_err_text (context, ret)); + exit (1); + } + + ret = krb5_recvauth (context, + &auth_context, + &sock, + KX_VERSION, + server, + KRB5_RECVAUTH_IGNORE_VERSION, + NULL, + &ticket); + krb5_free_principal (context, server); + if (ret) { + syslog (LOG_ERR, "krb5_sock_to_principal: %s", + krb5_get_err_text (context, ret)); + exit (1); + } + + ret = krb5_auth_con_getkey (context, auth_context, &c->keyblock); + if (ret) { + syslog (LOG_ERR, "krb5_auth_con_getkey: %s", + krb5_get_err_text (context, ret)); + exit (1); + } + + ret = krb5_crypto_init (context, c->keyblock, 0, &c->crypto); + if (ret) { + syslog (LOG_ERR, "krb5_crypto_init: %s", + krb5_get_err_text (context, ret)); + exit (1); + } + + c->client = ticket->client; + ticket->client = NULL; + krb5_free_ticket (context, ticket); + + return 0; +} + +#endif /* KRB5 */