imapext-2007
diff src/osdep/unix/ckp_gss.c @ 0:ada5e610ab86
imap-2007e
author | yuuji@gentei.org |
---|---|
date | Mon, 14 Sep 2009 15:17:45 +0900 |
parents | |
children |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/src/osdep/unix/ckp_gss.c Mon Sep 14 15:17:45 2009 +0900 1.3 @@ -0,0 +1,90 @@ 1.4 +/* ======================================================================== 1.5 + * Copyright 1988-2007 University of Washington 1.6 + * 1.7 + * Licensed under the Apache License, Version 2.0 (the "License"); 1.8 + * you may not use this file except in compliance with the License. 1.9 + * You may obtain a copy of the License at 1.10 + * 1.11 + * http://www.apache.org/licenses/LICENSE-2.0 1.12 + * 1.13 + * 1.14 + * ======================================================================== 1.15 + */ 1.16 + 1.17 +/* 1.18 + * Program: Kerberos 5 check password 1.19 + * 1.20 + * Author: Mark Crispin 1.21 + * Networks and Distributed Computing 1.22 + * Computing & Communications 1.23 + * University of Washington 1.24 + * Administration Building, AG-44 1.25 + * Seattle, WA 98195 1.26 + * Internet: MRC@CAC.Washington.EDU 1.27 + * 1.28 + * Date: 1 August 1988 1.29 + * Last Edited: 11 October 2007 1.30 + */ 1.31 + 1.32 +/* Check password 1.33 + * Accepts: login passwd struct 1.34 + * password string 1.35 + * argument count 1.36 + * argument vector 1.37 + * Returns: passwd struct if password validated, NIL otherwise 1.38 + */ 1.39 + 1.40 +struct passwd *checkpw (struct passwd *pw,char *pass,int argc,char *argv[]) 1.41 +{ 1.42 + char svrnam[MAILTMPLEN],cltnam[MAILTMPLEN]; 1.43 + krb5_context ctx; 1.44 + krb5_timestamp now; 1.45 + krb5_principal service; 1.46 + krb5_ccache ccache; 1.47 + krb5_error_code code; 1.48 + krb5_creds *crd = (krb5_creds *) memset (fs_get (sizeof (krb5_creds)),0, 1.49 + sizeof (krb5_creds)); 1.50 + struct passwd *ret = NIL; 1.51 + if (*pass) { /* only if password non-empty */ 1.52 + /* make service name */ 1.53 + sprintf (svrnam,"%.80s@%.512s", 1.54 + (char *) mail_parameters (NIL,GET_SERVICENAME,NIL), 1.55 + tcp_serverhost ()); 1.56 + /* make client name with principal */ 1.57 + sprintf (cltnam,"%.80s/%.80s",pw->pw_name, 1.58 + (char *) mail_parameters (NIL,GET_SERVICENAME,NIL)); 1.59 + /* get a context */ 1.60 + if (!krb5_init_context (&ctx)) { 1.61 + /* get time, client and server principals */ 1.62 + if (!krb5_timeofday (ctx,&now) && 1.63 + /* Normally, kerb_cp_svr_name (defined/set in env_unix.c) is NIL, so 1.64 + * only the user name is used as a client principal. A few sites want 1.65 + * to have separate client principals for different services, but many 1.66 + * other sites vehemently object... 1.67 + */ 1.68 + !krb5_parse_name (ctx,kerb_cp_svr_name ? cltnam : pw->pw_name, 1.69 + &crd->client) && 1.70 + !krb5_parse_name (ctx,svrnam,&service) && 1.71 + !krb5_build_principal_ext(ctx,&crd->server, 1.72 + krb5_princ_realm (ctx,crd->client)->length, 1.73 + krb5_princ_realm (ctx,crd->client)->data, 1.74 + KRB5_TGS_NAME_SIZE,KRB5_TGS_NAME, 1.75 + krb5_princ_realm (ctx,crd->client)->length, 1.76 + krb5_princ_realm (ctx,crd->client)->data, 1.77 + 0)) { 1.78 + /* expire in 3 minutes */ 1.79 + crd->times.endtime = now + (3 * 60); 1.80 + if (krb5_cc_resolve (ctx,"MEMORY:pwk",&ccache) || 1.81 + krb5_cc_initialize (ctx,ccache,crd->client)) ccache = 0; 1.82 + if (!krb5_get_in_tkt_with_password (ctx,NIL,NIL,NIL,NIL,pass,ccache, 1.83 + crd,0) && 1.84 + !krb5_verify_init_creds (ctx,crd,service,0,ccache ? &ccache : 0,0)) 1.85 + ret = pw; 1.86 + krb5_free_creds (ctx,crd);/* flush creds and service principal */ 1.87 + krb5_free_principal (ctx,service); 1.88 + } 1.89 + krb5_free_context (ctx); /* don't need context any more */ 1.90 + } 1.91 + } 1.92 + return ret; 1.93 +}