From efee717954e7a54cc3ee7c13f654a2e9197f86d7 Mon Sep 17 00:00:00 2001 From: John Kohl Date: Wed, 20 Mar 1991 18:13:35 +0000 Subject: [PATCH] add V5 code git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1930 dc483132-0cff-0310-8789-dd5450dbe970 --- src/appl/popper/pop_pass.c | 67 ++++++++++++++++++++++++++++++++++++++ src/appl/popper/popper.c | 10 ++++++ 2 files changed, 77 insertions(+) diff --git a/src/appl/popper/pop_pass.c b/src/appl/popper/pop_pass.c index 127dfb65b..b938e45d5 100644 --- a/src/appl/popper/pop_pass.c +++ b/src/appl/popper/pop_pass.c @@ -21,8 +21,20 @@ static char SccsId[] = "@(#)pop_pass.c 1.7 7/13/90"; #include "popper.h" #ifdef KERBEROS +#ifdef KRB4 +#ifdef KRB5 + #error you can only use one of KRB4, KRB5 +#endif #include extern AUTH_DAT kdata; +#endif /* KRB4 */ +#ifdef KRB5 +#include +#include +#include +extern krb5_principal ext_client; +extern char *client_name; +#endif /* KRB5 */ #endif /* KERBEROS */ #ifndef KERBEROS_PASSWD_HACK @@ -35,8 +47,14 @@ int pop_pass (p) POP * p; { #ifdef KERBEROS +#ifdef KRB4 char lrealm[REALM_SZ]; int status; +#endif /* KRB4 */ +#ifdef KRB5 + char *lrealm; + krb5_error_code retval; +#endif /* KRB5 */ #else register struct passwd * pw; char *crypt(); @@ -44,6 +62,7 @@ POP * p; #ifdef KERBEROS +#ifdef KRB4 if ((status = krb_get_lrealm(lrealm,1)) == KFAILURE) { pop_log(p, POP_WARNING, "%s: (%s.%s@%s) %s", p->client, kdata.pname, kdata.pinst, kdata.prealm, krb_err_txt[status]); @@ -80,6 +99,49 @@ POP * p; "Wrong username supplied (%s vs. %s).\n", kdata.pname, p->user)); } +#endif /* KRB4 */ +#ifdef KRB5 + if (retval = krb5_get_default_realm(&lrealm)) { + pop_log(p, POP_WARNING, "%s: (%s) %s", p->client, client_name, + error_message(retval)); + return(pop_msg(p,POP_FAILURE, + "Kerberos error: \"%s\".", error_message(retval))); + } + + if (strncmp(ext_client[0]->data, lrealm, ext_client[0]->length)) { + pop_log(p, POP_WARNING, "%s: (%s) realm not accepted.", + p->client, client_name); + return(pop_msg(p,POP_FAILURE, + "Kerberos realm \"%*s\" not accepted.", + ext_client[0]->length, ext_client[0]->data)); + } + + + /* only accept one-component names, i.e. realm and name only */ + if (ext_client[2]) { + pop_log(p, POP_WARNING, "%s: (%s) instance not accepted.", + p->client, client_name); + return(pop_msg(p,POP_FAILURE, + "Must use null Kerberos(tm) \"instance\" - \"%s\" not accepted.", + client_name)); + } + + /* + * be careful! we are assuming that the instance and realm have been + * checked already! I used to simply copy the pname into p->user + * but this causes too much confusion and assumes p->user will never + * change. This makes me feel more comfortable. + */ + if(strncmp(p->user, ext_client[1]->data, ext_client[1]->length)) + { + pop_log(p, POP_WARNING, "%s: auth failed: %s vs %s", + p->client, client_name, p->user); + return(pop_msg(p,POP_FAILURE, + "Wrong username supplied (%*s vs. %s).\n", ext_client[1]->length, + ext_client[1]->data, + p->user)); + } +#endif /* KRB5 */ /* Build the name of the user's maildrop */ (void)sprintf(p->drop_name,"%s/%s",POP_MAILDIR,p->user); @@ -143,6 +205,7 @@ POP * p; +#ifdef KRB4 /* * Check to see if the user is in the passwd file, if not get a kerberos @@ -302,4 +365,8 @@ int verify_passwd_hack_hack_hack(p) return(POP_SUCCESS); } +#endif +#ifdef KRB5 + #error: no passwd_hack source for V5. +#endif #endif /* KERBEROS_PASSWD_HACK */ diff --git a/src/appl/popper/popper.c b/src/appl/popper/popper.c index 4c2130b45..be94f9312 100644 --- a/src/appl/popper/popper.c +++ b/src/appl/popper/popper.c @@ -31,7 +31,17 @@ char ** argv; /* Tell the user that we are listenting */ pop_msg(&p,POP_SUCCESS, +#ifdef KERBEROS +#ifdef KRB4 "UCB Pop server (version %s) with Kerberos (TM) at %s starting.", +#else +#ifdef KRB5 + "UCB Pop server (version %s) with Kerberos (TM) V5 at %s starting.", +#endif /* KRB5 */ +#endif /* KRB4 */ +#else /* !KERBEROS */ + "UCB Pop server (version %s) at %s starting.", +#endif /* KERBEROS */ VERSION,p.myhost); /* State loop. The POP server is always in a particular state in -- 2.26.2