oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

implement forwarding

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2629 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
1997-07-25 15:32:34 +00:00
parent 5962efedfa
commit e2d147bf5a
1 changed files with 48 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
appl/rsh/rshd.c
View File

@@ -141,6 +141,47 @@ recv_krb4_auth (int s, u_char *buf,
} }
#endif /* KRB4 */ #endif /* KRB4 */
static void
recv_krb5_creds (int s,
krb5_auth_context auth_context,
char *username,
krb5_principal client)
{
krb5_error_code ret;
krb5_ccache ccache;
krb5_data data;
char ccname[MAXPATHLEN];
struct passwd *pwd;
krb5_data_zero (&data);
ret = krb5_read_message (context,
(void *)&s,
&data);
if (ret || data.length == 0)
return;
pwd = getpwnam (username);
if (pwd == NULL)
goto out;
snprintf (ccname, sizeof(ccname),
"FILE:/tmp/krb5cc_%u", pwd->pw_uid);
ret = krb5_cc_resolve (context, ccname, &ccache);
if (ret)
goto out;
ret = krb5_cc_initialize (context, ccache, client);
if (ret)
goto out;
ret = krb5_rd_cred (context, auth_context, ccache, &data);
krb5_cc_close (context, ccache);
if (ret)
goto out;
chown (ccname + 5, pwd->pw_uid, -1);
out:
krb5_data_free (&data);
}
static int static int
recv_krb5_auth (int s, u_char *buf, recv_krb5_auth (int s, u_char *buf,
struct sockaddr_in thisaddr, struct sockaddr_in thisaddr,
@@ -184,6 +225,11 @@ recv_krb5_auth (int s, u_char *buf,
read_str (s, cmd, COMMAND_SZ, "command"); read_str (s, cmd, COMMAND_SZ, "command");
read_str (s, server_username, USERNAME_SZ, "remote username"); read_str (s, server_username, USERNAME_SZ, "remote username");
status = krb5_auth_con_getkey (context, auth_context, &keyblock);
if (status)
syslog_and_die ("krb5_auth_con_getkey: %s",
krb5_get_err_text(context, status));
status = krb5_auth_getauthenticator (context, status = krb5_auth_getauthenticator (context,
auth_context, auth_context,
&authenticator); &authenticator);
@@ -200,7 +246,7 @@ recv_krb5_auth (int s, u_char *buf,
status = krb5_verify_checksum (context, status = krb5_verify_checksum (context,
cksum_data.data, cksum_data.data,
cksum_data.length, cksum_data.length,
NULL, keyblock,
authenticator->cksum); authenticator->cksum);
if (status) if (status)
syslog_and_die ("krb5_verify_checksum: %s", syslog_and_die ("krb5_verify_checksum: %s",
@@ -209,13 +255,7 @@ recv_krb5_auth (int s, u_char *buf,
free (cksum_data.data); free (cksum_data.data);
krb5_free_authenticator (context, &authenticator); krb5_free_authenticator (context, &authenticator);
status = krb5_auth_con_getkey (context, auth_context, &keyblock); recv_krb5_creds (s, auth_context, server_username, ticket->client);
if (status)
syslog_and_die ("krb5_auth_con_getkey: %s",
krb5_get_err_text(context, status));
/* discard forwarding information */
net_read (s, buf, 4);
if(!krb5_kuserok (context, if(!krb5_kuserok (context,
ticket->client, ticket->client,