summaryrefslogtreecommitdiff
path: root/imap/src/osdep/unix/kerb_mit.c
diff options
context:
space:
mode:
Diffstat (limited to 'imap/src/osdep/unix/kerb_mit.c')
-rw-r--r--imap/src/osdep/unix/kerb_mit.c111
1 files changed, 111 insertions, 0 deletions
diff --git a/imap/src/osdep/unix/kerb_mit.c b/imap/src/osdep/unix/kerb_mit.c
new file mode 100644
index 00000000..82e6c936
--- /dev/null
+++ b/imap/src/osdep/unix/kerb_mit.c
@@ -0,0 +1,111 @@
+/* ========================================================================
+ * Copyright 1988-2006 University of Washington
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *
+ * ========================================================================
+ */
+
+/*
+ * Program: MIT Kerberos routines
+ *
+ * Author: Mark Crispin
+ * Networks and Distributed Computing
+ * Computing & Communications
+ * University of Washington
+ * Administration Building, AG-44
+ * Seattle, WA 98195
+ * Internet: MRC@CAC.Washington.EDU
+ *
+ * Date: 4 March 2003
+ * Last Edited: 30 August 2006
+ */
+
+#define PROTOTYPE(x) x
+#include <gssapi/gssapi_generic.h>
+#include <gssapi/gssapi_krb5.h>
+
+
+long kerberos_server_valid (void);
+long kerberos_try_kinit (OM_uint32 error);
+char *kerberos_login (char *user,char *authuser,int argc,char *argv[]);
+
+/* Kerberos server valid check
+ * Returns: T if have keytab, NIL otherwise
+ *
+ * Note that this routine will probably return T only if the process is root.
+ * This is alright since the server is probably still root at this point.
+ */
+
+long kerberos_server_valid ()
+{
+ krb5_context ctx;
+ krb5_keytab kt;
+ krb5_kt_cursor csr;
+ long ret = NIL;
+ /* make a context */
+ if (!krb5_init_context (&ctx)) {
+ /* get default keytab */
+ if (!krb5_kt_default (ctx,&kt)) {
+ /* can do server if have good keytab */
+ if (!krb5_kt_start_seq_get (ctx,kt,&csr) &&
+ !krb5_kt_end_seq_get (ctx,kt,&csr)) ret = LONGT;
+ krb5_kt_close (ctx,kt); /* finished with keytab */
+ }
+ krb5_free_context (ctx); /* finished with context */
+ }
+ return ret;
+}
+
+
+/* Kerberos check for missing or expired credentials
+ * Returns: T if should suggest running kinit, NIL otherwise
+ */
+
+long kerberos_try_kinit (OM_uint32 error)
+{
+ switch (error) {
+ case KRB5KRB_AP_ERR_TKT_EXPIRED:
+ case KRB5_FCC_NOFILE: /* MIT */
+ case KRB5_CC_NOTFOUND: /* Heimdal */
+ return LONGT;
+ }
+ return NIL;
+}
+
+/* Kerberos server log in
+ * Accepts: authorization ID as user name
+ * authentication ID as Kerberos principal
+ * argument count
+ * argument vector
+ * Returns: logged in user name if logged in, NIL otherwise
+ */
+
+char *kerberos_login (char *user,char *authuser,int argc,char *argv[])
+{
+ krb5_context ctx;
+ krb5_principal prnc;
+ char kuser[NETMAXUSER];
+ char *ret = NIL;
+ /* make a context */
+ if (!krb5_init_context (&ctx)) {
+ /* build principal */
+ if (!krb5_parse_name (ctx,authuser,&prnc)) {
+ /* can get local name for this principal? */
+ if (!krb5_aname_to_localname (ctx,prnc,NETMAXUSER-1,kuser)) {
+ /* yes, local name permitted login as user? */
+ if (authserver_login (user,kuser,argc,argv) ||
+ authserver_login (lcase (user),kuser,argc,argv))
+ ret = myusername (); /* yes, return user name */
+ }
+ krb5_free_principal (ctx,prnc);
+ }
+ krb5_free_context (ctx); /* finished with context */
+ }
+ return ret;
+}
generated by cgit v1.2.3-54-g00ecf (git 2.44.0) at 2024-07-12 19:21:18 +0000