2 * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 RCSID("$Id: verify_user.c,v 1.17.2.2 2000/12/15 14:43:37 assar Exp $");
39 * Verify user (name.instance@realm) with `password'.
41 * If secure, also verify against local
42 * service key (`linstance'.hostname) (or rcmd if linstance == NULL),
43 * this can (usually) only be done by root.
45 * If secure == KRB_VERIFY_SECURE, fail if there's no key.
46 * If secure == KRB_VERIFY_SECURE_FAIL, don't fail if there's no such
49 * As a side effect, fresh tickets are obtained.
51 * srvtab is where the key is found.
53 * Returns zero if ok, a positive kerberos error or -1 for system
58 krb_verify_user_srvtab_exact(char *name,
68 ret = krb_get_pw_in_tkt(name, instance, realm,
69 KRB_TICKET_GRANTING_TICKET,
71 DEFAULT_TKT_LIFE, password);
75 if(secure == KRB_VERIFY_SECURE || secure == KRB_VERIFY_SECURE_FAIL){
83 char lrealm[REALM_SZ];
84 char hostname[MaxHostNameLen];
87 if (gethostname(hostname, sizeof(hostname)) == -1) {
92 hp = gethostbyname(hostname);
97 memcpy(&addr, hp->h_addr, sizeof(addr));
98 phost = krb_get_phost(hostname);
99 if (linstance == NULL)
104 for (n = 1; krb_get_lrealm(lrealm, n) == KSUCCESS; ++n) {
105 if(secure == KRB_VERIFY_SECURE_FAIL) {
107 ret = read_service_key(linstance, phost, lrealm, 0, srvtab,
109 memset(key, 0, sizeof(key));
114 ret = krb_mk_req(&ticket, linstance, phost, lrealm, 0);
115 if(ret == KSUCCESS) {
116 ret = krb_rd_req(&ticket, linstance, phost, addr, &auth,
122 if (ret != KSUCCESS) {
131 * Try to verify the user and password against all the local realms.
135 krb_verify_user_srvtab(char *name,
147 /* First try to verify against the supplied realm. */
148 ret = krb_verify_user_srvtab_exact(name, instance, realm, password,
149 secure, linstance, srvtab);
153 /* Verify all local realms, except the supplied realm. */
154 for (n = 1; krb_get_lrealm(rlm, n) == KSUCCESS; n++)
155 if (strcmp(rlm, realm) != 0) {
156 ret = krb_verify_user_srvtab_exact(name, instance, rlm, password,
157 secure, linstance, srvtab);
166 * Compat function without srvtab.
170 krb_verify_user(char *name,
177 return krb_verify_user_srvtab (name,