Added Kerberos V4 style authentification.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@4 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Björn Groenvall
@@ -68,8 +68,10 @@ struct passwd * pwp;
|
||||
}
|
||||
|
||||
/* Now give this file to the user */
|
||||
if (pwp) {
|
||||
(void) chown(template,pwp->pw_uid, pwp->pw_gid);
|
||||
(void) chmod(template,0600);
|
||||
}
|
||||
|
||||
/* Now link this file to the temporary maildrop. If this fails it
|
||||
* is probably because the temporary maildrop already exists. If so,
|
||||
@@ -81,9 +83,10 @@ struct passwd * pwp;
|
||||
(void) unlink(template);
|
||||
|
||||
/* Now we run as the user. */
|
||||
if (pwp) {
|
||||
(void) setuid(pwp->pw_uid);
|
||||
(void) setgid(pwp->pw_gid);
|
||||
|
||||
}
|
||||
#ifdef DEBUG
|
||||
if(p->debug)pop_log(p,POP_DEBUG,"uid = %d, gid = %d",getuid(),getgid());
|
||||
#endif DEBUG
|
||||
|
||||
@@ -18,6 +18,12 @@ static char SccsId[] = "@(#)@(#)pop_init.c 2.1 2.1 3/18/91";
|
||||
#include <arpa/inet.h>
|
||||
#include "popper.h"
|
||||
|
||||
#ifdef KERBEROS
|
||||
#include <krb.h>
|
||||
|
||||
AUTH_DAT kdata;
|
||||
#endif /* KERBEROS */
|
||||
|
||||
extern int errno;
|
||||
|
||||
/*
|
||||
@@ -184,5 +190,42 @@ char ** argmessage;
|
||||
pop_log(p,POP_PRIORITY,"Debugging turned on");
|
||||
#endif DEBUG
|
||||
|
||||
return(authenticate(p, &cs));
|
||||
}
|
||||
|
||||
authenticate(p, addr)
|
||||
POP *p;
|
||||
struct sockaddr_in *addr;
|
||||
{
|
||||
|
||||
#ifdef KERBEROS
|
||||
Key_schedule schedule;
|
||||
KTEXT_ST ticket;
|
||||
char instance[INST_SZ];
|
||||
char version[9];
|
||||
int auth;
|
||||
|
||||
strcpy(instance, "*");
|
||||
auth = krb_recvauth(0L, 0, &ticket, "pop", instance,
|
||||
addr, (struct sockaddr_in *) NULL,
|
||||
&kdata, "", schedule, version);
|
||||
|
||||
if (auth != KSUCCESS) {
|
||||
pop_msg(p, POP_FAILURE, "Kerberos authentication failure: %s",
|
||||
krb_err_txt[auth]);
|
||||
pop_log(p, POP_FAILURE, "%s: (%s.%s@%s) %s", p->client,
|
||||
kdata.pname, kdata.pinst, kdata.prealm, krb_err_txt[auth]);
|
||||
exit(-1);
|
||||
}
|
||||
|
||||
#ifdef DEBUG
|
||||
pop_log(p, POP_DEBUG, "%s.%s@%s (%s): ok", kdata.pname,
|
||||
kdata.pinst, kdata.prealm, inet_ntoa(addr->sin_addr));
|
||||
#endif /* DEBUG */
|
||||
|
||||
strcpy(p->user, kdata.pname);
|
||||
|
||||
#endif /* KERBEROS */
|
||||
|
||||
return(POP_SUCCESS);
|
||||
}
|
||||
|
||||
@@ -15,6 +15,11 @@ static char SccsId[] = "@(#)@(#)pop_pass.c 2.3 2.3 4/2/91";
|
||||
#include <pwd.h>
|
||||
#include "popper.h"
|
||||
|
||||
#ifdef KERBEROS
|
||||
#include <krb.h>
|
||||
extern AUTH_DAT kdata;
|
||||
#endif /* KERBEROS */
|
||||
|
||||
/*
|
||||
* pass: Obtain the user password from a POP client
|
||||
*/
|
||||
@@ -22,8 +27,44 @@ static char SccsId[] = "@(#)@(#)pop_pass.c 2.3 2.3 4/2/91";
|
||||
int pop_pass (p)
|
||||
POP * p;
|
||||
{
|
||||
#ifdef KERBEROS
|
||||
char lrealm[REALM_SZ];
|
||||
int status;
|
||||
#else
|
||||
register struct passwd * pw;
|
||||
char *crypt();
|
||||
#endif /* KERBEROS */
|
||||
|
||||
#ifdef KERBEROS
|
||||
if ((status = krb_get_lrealm(lrealm,1)) == KFAILURE) {
|
||||
pop_log(p, POP_FAILURE, "%s: (%s.%s@%s) %s", p->client, kdata.pname,
|
||||
kdata.pinst, kdata.prealm, krb_err_txt[status]);
|
||||
return(pop_msg(p,POP_FAILURE,
|
||||
"Kerberos error: \"%s\".", krb_err_txt[status]));
|
||||
}
|
||||
|
||||
if (strcmp(kdata.prealm,lrealm)) {
|
||||
pop_log(p, POP_FAILURE, "%s: (%s.%s@%s) realm not accepted.",
|
||||
p->client, kdata.pname, kdata.pinst, kdata.prealm);
|
||||
return(pop_msg(p,POP_FAILURE,
|
||||
"Kerberos realm \"%s\" not accepted.", kdata.prealm));
|
||||
}
|
||||
|
||||
if (strcmp(kdata.pinst,"")) {
|
||||
pop_log(p, POP_FAILURE, "%s: (%s.%s@%s) instance not accepted.",
|
||||
p->client, kdata.pname, kdata.pinst, kdata.prealm);
|
||||
return(pop_msg(p,POP_FAILURE,
|
||||
"Must use null Kerberos(tm) instance - \"%s.%s\" not accepted.",
|
||||
kdata.pname, kdata.pinst));
|
||||
}
|
||||
|
||||
/* Build the name of the user's maildrop */
|
||||
(void)sprintf(p->drop_name,"%s/%s",POP_MAILDIR,p->user);
|
||||
|
||||
/* Make a temporary copy of the user's maildrop */
|
||||
if (pop_dropcopy(p, 0) != POP_SUCCESS) return (POP_FAILURE);
|
||||
|
||||
#else /* !KERBEROS */
|
||||
|
||||
/* Look for the user in the password file */
|
||||
if ((pw = getpwnam(p->user)) == NULL)
|
||||
@@ -47,6 +88,8 @@ POP * p;
|
||||
/* and set the group and user id */
|
||||
if (pop_dropcopy(p,pw) != POP_SUCCESS) return (POP_FAILURE);
|
||||
|
||||
#endif /* !KERBEROS */
|
||||
|
||||
/* Get information about the maildrop */
|
||||
if (pop_dropinfo(p) != POP_SUCCESS) return(POP_FAILURE);
|
||||
|
||||
|
||||
@@ -21,8 +21,10 @@ static char SccsId[] = "@(#)@(#)pop_user.c 2.1 2.1 3/18/91";
|
||||
int pop_user (p)
|
||||
POP * p;
|
||||
{
|
||||
#ifndef KERBEROS
|
||||
/* Save the user name */
|
||||
(void)strcpy(p->user, p->pop_parm[1]);
|
||||
#endif /* KERBEROS */
|
||||
|
||||
/* Tell the user that the password is required */
|
||||
return (pop_msg(p,POP_SUCCESS,"Password required for %s.",p->user));
|
||||
|
||||
Reference in New Issue
Block a user