1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
$NetBSD: patch-al,v 1.7 2007/08/03 17:03:30 obache Exp $
--- src/c-client/auth_gss.c.orig 2006-08-30 23:37:16.000000000 +0000
+++ src/c-client/auth_gss.c
@@ -26,6 +26,14 @@
* Last Edited: 30 August 2006
*/
+#ifdef HEIMDAL_KRB5
+#include <gssapi/gssapi.h>
+#include <krb5/krb5.h>
+#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE
+#else
+#include <gssapi/gssapi_generic.h>
+#include <gssapi/gssapi_krb5.h>
+#endif
long auth_gssapi_valid (void);
long auth_gssapi_client (authchallenge_t challenger,authrespond_t responder,
@@ -64,15 +72,32 @@ long auth_gssapi_valid (void)
OM_uint32 smn;
gss_buffer_desc buf;
gss_name_t name;
+ krb5_context ctx;
+ krb5_keytab kt;
+ krb5_kt_cursor csr;
+
+ /* make a context */
+ if (krb5_init_context (&ctx))
+ return NIL;
/* make service name */
sprintf (tmp,"%s@%s",(char *) mail_parameters (NIL,GET_SERVICENAME,NIL),
mylocalhost ());
buf.length = strlen (buf.value = tmp);
/* see if can build a name */
if (gss_import_name (&smn,&buf,GSS_C_NT_HOSTBASED_SERVICE,&name) !=
- GSS_S_COMPLETE) return NIL;
- /* remove server method if no keytab */
- if (!kerberos_server_valid ()) auth_gss.server = NIL;
+ GSS_S_COMPLETE) {
+ krb5_free_context (ctx); /* finished with context */
+ return NIL;
+ }
+
+ /* get default keytab */
+ if (!krb5_kt_default (ctx,&kt)) {
+ /* can do server if have good keytab */
+ if (!krb5_kt_start_seq_get (ctx,kt,&csr))
+ auth_gss.server = auth_gssapi_server;
+ krb5_kt_close (ctx,kt); /* finished with keytab */
+ }
+ krb5_free_context (ctx); /* finished with context */
gss_release_name (&smn,&name);/* finished with name */
return LONGT;
}
|
