#include "config.h"
#include <sys/types.h>
#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
# include <stddef.h>
#else
# ifdef HAVE_STDLIB_H
# include <stdlib.h>
# endif
#endif
#ifdef HAVE_STRING_H
# include <string.h>
#else
# ifdef HAVE_STRINGS_H
# include <strings.h>
# endif
#endif
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif
#include <pwd.h>
#include <krb.h>
#include "sudo.h"
#include "sudo_auth.h"
#ifndef lint
static const char rcsid[] = "$Sudo: kerb4.c,v 1.11 2004/02/13 21:36:47 millert Exp $";
#endif
int
kerb4_init(pw, promptp, auth)
struct passwd *pw;
char **promptp;
sudo_auth *auth;
{
static char realm[REALM_SZ];
if (pw->pw_uid == 0)
return(AUTH_FAILURE);
if (krb_get_lrealm(realm, 1) != KSUCCESS)
return(AUTH_FAILURE);
auth->data = (VOID *) realm;
return(AUTH_SUCCESS);
}
int
kerb4_verify(pw, pass, auth)
struct passwd *pw;
char *pass;
sudo_auth *auth;
{
char tkfile[sizeof(_PATH_SUDO_TIMEDIR) + 4 + MAX_UID_T_LEN];
char *realm = (char *) auth->data;
int error;
(void) snprintf(tkfile, sizeof(tkfile), "%s/tkt%lu",
_PATH_SUDO_TIMEDIR, (unsigned long) pw->pw_uid);
(void) krb_set_tkt_string(tkfile);
error = krb_get_pw_in_tkt(pw->pw_name, "", realm, "krbtgt", realm,
DEFAULT_TKT_LIFE, pass);
switch (error) {
case INTK_OK:
dest_tkt();
return(AUTH_SUCCESS);
break;
case INTK_BADPW:
case KDC_PR_UNKNOWN:
break;
default:
(void) fprintf(stderr, "Warning: Kerberos error: %s\n",
krb_err_txt[error]);
}
return(AUTH_FAILURE);
}