imapext-2007
diff src/osdep/unix/kerb_mit.c @ 0:ada5e610ab86
imap-2007e
author | yuuji@gentei.org |
---|---|
date | Mon, 14 Sep 2009 15:17:45 +0900 |
parents | |
children |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/src/osdep/unix/kerb_mit.c Mon Sep 14 15:17:45 2009 +0900 1.3 @@ -0,0 +1,111 @@ 1.4 +/* ======================================================================== 1.5 + * Copyright 1988-2006 University of Washington 1.6 + * 1.7 + * Licensed under the Apache License, Version 2.0 (the "License"); 1.8 + * you may not use this file except in compliance with the License. 1.9 + * You may obtain a copy of the License at 1.10 + * 1.11 + * http://www.apache.org/licenses/LICENSE-2.0 1.12 + * 1.13 + * 1.14 + * ======================================================================== 1.15 + */ 1.16 + 1.17 +/* 1.18 + * Program: MIT Kerberos routines 1.19 + * 1.20 + * Author: Mark Crispin 1.21 + * Networks and Distributed Computing 1.22 + * Computing & Communications 1.23 + * University of Washington 1.24 + * Administration Building, AG-44 1.25 + * Seattle, WA 98195 1.26 + * Internet: MRC@CAC.Washington.EDU 1.27 + * 1.28 + * Date: 4 March 2003 1.29 + * Last Edited: 30 August 2006 1.30 + */ 1.31 + 1.32 +#define PROTOTYPE(x) x 1.33 +#include <gssapi/gssapi_generic.h> 1.34 +#include <gssapi/gssapi_krb5.h> 1.35 + 1.36 + 1.37 +long kerberos_server_valid (void); 1.38 +long kerberos_try_kinit (OM_uint32 error); 1.39 +char *kerberos_login (char *user,char *authuser,int argc,char *argv[]); 1.40 + 1.41 +/* Kerberos server valid check 1.42 + * Returns: T if have keytab, NIL otherwise 1.43 + * 1.44 + * Note that this routine will probably return T only if the process is root. 1.45 + * This is alright since the server is probably still root at this point. 1.46 + */ 1.47 + 1.48 +long kerberos_server_valid () 1.49 +{ 1.50 + krb5_context ctx; 1.51 + krb5_keytab kt; 1.52 + krb5_kt_cursor csr; 1.53 + long ret = NIL; 1.54 + /* make a context */ 1.55 + if (!krb5_init_context (&ctx)) { 1.56 + /* get default keytab */ 1.57 + if (!krb5_kt_default (ctx,&kt)) { 1.58 + /* can do server if have good keytab */ 1.59 + if (!krb5_kt_start_seq_get (ctx,kt,&csr) && 1.60 + !krb5_kt_end_seq_get (ctx,kt,&csr)) ret = LONGT; 1.61 + krb5_kt_close (ctx,kt); /* finished with keytab */ 1.62 + } 1.63 + krb5_free_context (ctx); /* finished with context */ 1.64 + } 1.65 + return ret; 1.66 +} 1.67 + 1.68 + 1.69 +/* Kerberos check for missing or expired credentials 1.70 + * Returns: T if should suggest running kinit, NIL otherwise 1.71 + */ 1.72 + 1.73 +long kerberos_try_kinit (OM_uint32 error) 1.74 +{ 1.75 + switch (error) { 1.76 + case KRB5KRB_AP_ERR_TKT_EXPIRED: 1.77 + case KRB5_FCC_NOFILE: /* MIT */ 1.78 + case KRB5_CC_NOTFOUND: /* Heimdal */ 1.79 + return LONGT; 1.80 + } 1.81 + return NIL; 1.82 +} 1.83 + 1.84 +/* Kerberos server log in 1.85 + * Accepts: authorization ID as user name 1.86 + * authentication ID as Kerberos principal 1.87 + * argument count 1.88 + * argument vector 1.89 + * Returns: logged in user name if logged in, NIL otherwise 1.90 + */ 1.91 + 1.92 +char *kerberos_login (char *user,char *authuser,int argc,char *argv[]) 1.93 +{ 1.94 + krb5_context ctx; 1.95 + krb5_principal prnc; 1.96 + char kuser[NETMAXUSER]; 1.97 + char *ret = NIL; 1.98 + /* make a context */ 1.99 + if (!krb5_init_context (&ctx)) { 1.100 + /* build principal */ 1.101 + if (!krb5_parse_name (ctx,authuser,&prnc)) { 1.102 + /* can get local name for this principal? */ 1.103 + if (!krb5_aname_to_localname (ctx,prnc,NETMAXUSER-1,kuser)) { 1.104 + /* yes, local name permitted login as user? */ 1.105 + if (authserver_login (user,kuser,argc,argv) || 1.106 + authserver_login (lcase (user),kuser,argc,argv)) 1.107 + ret = myusername (); /* yes, return user name */ 1.108 + } 1.109 + krb5_free_principal (ctx,prnc); 1.110 + } 1.111 + krb5_free_context (ctx); /* finished with context */ 1.112 + } 1.113 + return ret; 1.114 +}