imapext-2007
view src/osdep/unix/kerb_mit.c @ 0:ada5e610ab86
imap-2007e
| author | yuuji@gentei.org |
|---|---|
| date | Mon, 14 Sep 2009 15:17:45 +0900 |
| parents | |
| children |
line source
1 /* ========================================================================
2 * Copyright 1988-2006 University of Washington
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 *
11 * ========================================================================
12 */
14 /*
15 * Program: MIT Kerberos routines
16 *
17 * Author: Mark Crispin
18 * Networks and Distributed Computing
19 * Computing & Communications
20 * University of Washington
21 * Administration Building, AG-44
22 * Seattle, WA 98195
23 * Internet: MRC@CAC.Washington.EDU
24 *
25 * Date: 4 March 2003
26 * Last Edited: 30 August 2006
27 */
29 #define PROTOTYPE(x) x
30 #include <gssapi/gssapi_generic.h>
31 #include <gssapi/gssapi_krb5.h>
34 long kerberos_server_valid (void);
35 long kerberos_try_kinit (OM_uint32 error);
36 char *kerberos_login (char *user,char *authuser,int argc,char *argv[]);
38 /* Kerberos server valid check
39 * Returns: T if have keytab, NIL otherwise
40 *
41 * Note that this routine will probably return T only if the process is root.
42 * This is alright since the server is probably still root at this point.
43 */
45 long kerberos_server_valid ()
46 {
47 krb5_context ctx;
48 krb5_keytab kt;
49 krb5_kt_cursor csr;
50 long ret = NIL;
51 /* make a context */
52 if (!krb5_init_context (&ctx)) {
53 /* get default keytab */
54 if (!krb5_kt_default (ctx,&kt)) {
55 /* can do server if have good keytab */
56 if (!krb5_kt_start_seq_get (ctx,kt,&csr) &&
57 !krb5_kt_end_seq_get (ctx,kt,&csr)) ret = LONGT;
58 krb5_kt_close (ctx,kt); /* finished with keytab */
59 }
60 krb5_free_context (ctx); /* finished with context */
61 }
62 return ret;
63 }
66 /* Kerberos check for missing or expired credentials
67 * Returns: T if should suggest running kinit, NIL otherwise
68 */
70 long kerberos_try_kinit (OM_uint32 error)
71 {
72 switch (error) {
73 case KRB5KRB_AP_ERR_TKT_EXPIRED:
74 case KRB5_FCC_NOFILE: /* MIT */
75 case KRB5_CC_NOTFOUND: /* Heimdal */
76 return LONGT;
77 }
78 return NIL;
79 }
81 /* Kerberos server log in
82 * Accepts: authorization ID as user name
83 * authentication ID as Kerberos principal
84 * argument count
85 * argument vector
86 * Returns: logged in user name if logged in, NIL otherwise
87 */
89 char *kerberos_login (char *user,char *authuser,int argc,char *argv[])
90 {
91 krb5_context ctx;
92 krb5_principal prnc;
93 char kuser[NETMAXUSER];
94 char *ret = NIL;
95 /* make a context */
96 if (!krb5_init_context (&ctx)) {
97 /* build principal */
98 if (!krb5_parse_name (ctx,authuser,&prnc)) {
99 /* can get local name for this principal? */
100 if (!krb5_aname_to_localname (ctx,prnc,NETMAXUSER-1,kuser)) {
101 /* yes, local name permitted login as user? */
102 if (authserver_login (user,kuser,argc,argv) ||
103 authserver_login (lcase (user),kuser,argc,argv))
104 ret = myusername (); /* yes, return user name */
105 }
106 krb5_free_principal (ctx,prnc);
107 }
108 krb5_free_context (ctx); /* finished with context */
109 }
110 return ret;
111 }