Subversion Repositories

?revision_form?Rev ?revision_input??revision_submit??revision_endform?

Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
135 magnus 1
Description: Modify lsh-krb-checkpw to work with MIT Kerberos instead of Heimdal.
2
 Building with the latest release of Heimdal (as of February 2016)
3
 fails and their maintainers want to orphan it.
4
Bug: https://bugs.debian.org/812813
5
 
6
--- a/configure.ac
7
+++ b/configure.ac
8
@@ -475,7 +475,7 @@ if test x$enable_kerberos = xyes; then
9
   LSH_CHECK_KRB_LIB(asn1, der_get_octet_string)
10
   # Check for krb5_cc_gen_new too?
11
   # krb5_verify_user_lrealm seems to be unique to heimdal
12
-  LSH_CHECK_KRB_LIB(krb5, krb5_verify_user_lrealm,, [enable_kerberos=no])
13
+  LSH_CHECK_KRB_LIB(krb5, krb5_get_init_creds_password,, [enable_kerberos=no])
14
 fi
15
 
16
 AH_TEMPLATE([WITH_KERBEROS], [For kerberos])
17
--- a/src/lsh-krb-checkpw.c
18
+++ b/src/lsh-krb-checkpw.c
19
@@ -97,6 +97,8 @@ main(int argc, char **argv)
20
   krb5_context context;
21
   krb5_ccache ccache;
22
   krb5_principal p;
23
+  krb5_creds creds;
24
+  krb5_principal server;
25
   char *name;
26
   char *pw;
27
 
28
@@ -121,18 +123,31 @@ main(int argc, char **argv)
29
   if (krb5_init_context (&context))
30
     die("krb5_init_context failed.");
31
 
32
-  if (krb5_make_principal(context, &p, NULL, name, NULL))
33
-    die("krb5_make_principal failed.");
34
+  if (krb5_parse_name(context, name, &p)) {
35
+    die("krb5_parse_name failed.");
36
+  }
37
+  
38
+  if (krb5_get_init_creds_password(context, &creds, p, pw,
39
+                                  NULL, NULL, 0, NULL, NULL)) {
40
+      die("krb5_get_init_creds_password failed.");
41
+  }
42
+
43
+  if (krb5_verify_init_creds(context, &creds, server,
44
+                            NULL, NULL, NULL)) {
45
+      die("krb5_verify_init_creds failed");
46
+  }
47
 
48
   if (!krb5_kuserok(context, p, name))
49
     die("krb5_kuserok doesn't know the user.");
50
 
51
+  /*
52
   if (krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache))
53
     die("krb5_cc_gen_new failed.");
54
 
55
   if (krb5_verify_user_lrealm(context, p, ccache, pw, TRUE, NULL))
56
     die("krb5_verify_user_lrealm failed.");
57
 
58
+  */
59
   /* Authentication successful. */
60
 
61
   /* TODO: Keep the credential cache in some way. Perhaps write it to