-
Notifications
You must be signed in to change notification settings - Fork 2
/
auth_con.c
112 lines (95 loc) · 3.05 KB
/
auth_con.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
/*
* auth_con.c
*
* Functions dealing with Kerberos auth_context.
*
* $Id: auth_con.c,v 1.2 2012/05/16 12:16:16 kouril Exp $
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdio.h>
#include <string.h>
#include "auth_con.h"
char auth_con_error[255] = "No error";
/* XXX - check for cleanup */
krb5_error_code
setup_auth_context(krb5_context context,
krb5_auth_context auth_context,
struct sockaddr_in *localaddr, struct sockaddr_in *remoteaddr, char *uniq)
{
krb5_address laddr, raddr, *portlocal_addr;
krb5_address *p_laddr = NULL;
krb5_address *p_raddr = NULL;
krb5_rcache rcache;
krb5_data rcache_name;
char *outaddr;
krb5_error_code retval;
#ifndef HEIMDAL
/* Setting ports isn't compatible with Heimdal, if this code
is enabled, it's not possible to have an interoperable setup */
#if 0
laddr.addrtype = ADDRTYPE_IPPORT;
laddr.length = sizeof(localaddr->sin_port);
laddr.contents = (krb5_octet *) & (localaddr->sin_port);
raddr.addrtype = ADDRTYPE_IPPORT;
raddr.length = sizeof(remoteaddr->sin_port);
raddr.contents = (krb5_octet *) & (remoteaddr->sin_port);
if (retval = krb5_auth_con_setports(context, auth_context, &laddr, &raddr)) {
sprintf(auth_con_error, "%s while setting auth_con ports\n", error_message(retval));
return retval;
}
#endif
#endif
if (localaddr) {
#ifdef HEIMDAL
laddr.addr_type = KRB5_ADDRESS_INET;
laddr.address.length = sizeof(localaddr->sin_addr);
laddr.address.data = (void *)&(localaddr->sin_addr);
#else
laddr.addrtype = ADDRTYPE_INET;
laddr.length = sizeof(localaddr->sin_addr);
laddr.contents = (krb5_octet *) & (localaddr->sin_addr);
#endif
p_laddr = &laddr;
}
if (remoteaddr) {
#ifdef HEIMDAL
raddr.addr_type = KRB5_ADDRESS_INET;
raddr.address.length = sizeof(remoteaddr->sin_addr);
raddr.address.data = (void *)&(remoteaddr->sin_addr);
#else
raddr.addrtype = ADDRTYPE_INET;
raddr.length = sizeof(remoteaddr->sin_addr);
raddr.contents = (krb5_octet *) & (remoteaddr->sin_addr);
#endif
p_raddr = &raddr;
}
if (retval = krb5_auth_con_setaddrs(context, auth_context, p_laddr, p_raddr)) {
sprintf(auth_con_error, "%s while setting auth_con addresses\n", error_message(retval));
return retval;
}
#ifdef HEIMDAL
#else
/* Set up replay cache */
if ((retval = krb5_gen_portaddr(context, &laddr, (krb5_pointer) & (localaddr->sin_port), &portlocal_addr))) {
sprintf(auth_con_error, "%s while generating port address", error_message(retval));
return retval;
}
if ((retval = krb5_gen_replay_name(context, portlocal_addr, uniq, &outaddr))) {
sprintf(auth_con_error, "%s while generating replay cache name", error_message(retval));
return retval;
}
rcache_name.length = strlen(outaddr);
rcache_name.data = outaddr;
if ((retval = krb5_get_server_rcache(context, &rcache_name, &rcache))) {
sprintf(auth_con_error, "%s while getting server rcache", error_message(retval));
return retval;
}
if (retval = krb5_auth_con_setrcache(context, auth_context, rcache)) {
sprintf(auth_con_error, "%s setting rcache", error_message(retval));
return retval;
}
#endif
return retval;
}