summaryrefslogtreecommitdiff
path: root/libexec
diff options
context:
space:
mode:
Diffstat (limited to 'libexec')
-rw-r--r--libexec/login_krb5/login_krb5.c135
1 files changed, 77 insertions, 58 deletions
diff --git a/libexec/login_krb5/login_krb5.c b/libexec/login_krb5/login_krb5.c
index 79b9ca6a4b4..cf2e37cae40 100644
--- a/libexec/login_krb5/login_krb5.c
+++ b/libexec/login_krb5/login_krb5.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: login_krb5.c,v 1.5 2001/06/25 05:23:13 hin Exp $ */
+/* $OpenBSD: login_krb5.c,v 1.6 2001/06/25 14:21:30 hin Exp $ */
/*-
* Copyright (c) 2001 Hans Insulander <hin@openbsd.org>.
@@ -50,6 +50,12 @@
#define MODE_CHALLENGE 1
#define MODE_RESPONSE 2
+#define AUTH_OK 0
+#define AUTH_FAILED -1
+
+FILE *back = NULL;
+
+void
krb5_syslog(krb5_context context, int level, krb5_error_code code, char *fmt, ...)
{
va_list ap;
@@ -61,65 +67,17 @@ krb5_syslog(krb5_context context, int level, krb5_error_code code, char *fmt, ..
}
int
-main(int argc, char **argv)
+krb5_login(char *username, char *password)
{
- int opt, mode;
- FILE *back = NULL;
- char *class, *username = NULL, *instance, *password, pw_prompt[256];
- char *tmp_name;
-
+ int return_code = AUTH_FAILED;
+ char *instance, *tmp_name;
krb5_error_code ret;
krb5_context context;
krb5_ccache ccache;
krb5_principal princ;
- signal(SIGQUIT, SIG_IGN);
- signal(SIGINT, SIG_IGN);
- setpriority(PRIO_PROCESS, 0, 0);
-
- openlog(NULL, LOG_ODELAY, LOG_AUTH);
-
- while((opt = getopt(argc, argv, "ds:v:")) != -1) {
- switch(opt) {
- case 'd':
- back = stdout;
- break;
- case 's': /* service */
- if(strcmp(optarg, "login") == 0)
- mode = MODE_LOGIN;
- else if(strcmp(optarg, "challenge") == 0)
- mode = MODE_CHALLENGE;
- else if(strcmp(optarg, "response") == 0)
- mode = MODE_RESPONSE;
- else {
- syslog(LOG_ERR, "%s: invalid service", optarg);
- exit(1);
- }
- break;
- case 'v':
- /* silently ignore -v options */
- break;
- default:
- syslog(LOG_ERR, "usage error1");
- exit(1);
- }
- }
- switch(argc - optind) {
- case 2:
- class = argv[optind + 1];
- case 1:
- username = argv[optind];
- break;
- default:
- syslog(LOG_ERR, "usage error2");
- exit(1);
- }
-
- if(back == NULL && (back = fdopen(3, "r+")) == NULL) {
- syslog(LOG_ERR, "reopening back channel: %m");
- exit(1);
- }
-
+ if(strcmp(username, "root") == 0)
+ return AUTH_FAILED;
ret = krb5_init_context(&context);
if(ret != 0) {
@@ -146,9 +104,6 @@ main(int argc, char **argv)
instance = "";
krb5_unparse_name(context, princ, &tmp_name);
- snprintf(pw_prompt, sizeof(pw_prompt), "%s's Password: ", tmp_name);
-
- password = getpass(pw_prompt);
ret = krb5_verify_user_lrealm(context, princ, ccache,
password,
@@ -268,12 +223,12 @@ main(int argc, char **argv)
krb4_ticket_file);
#endif
+ return_code = AUTH_OK;
break;
}
case KRB5KRB_AP_ERR_MODIFIED:
/* XXX syslog here? */
case KRB5KRB_AP_ERR_BAD_INTEGRITY:
- fprintf(back, BI_REJECT "\n");
break;
default:
krb5_syslog(context, LOG_ERR, ret, "verify");
@@ -284,6 +239,70 @@ main(int argc, char **argv)
krb5_free_principal(context, princ);
krb5_cc_close(context, ccache);
+ return return_code;
+}
+
+
+int
+main(int argc, char **argv)
+{
+ int opt, mode, ret;
+ char *username, *password;
+
+ signal(SIGQUIT, SIG_IGN);
+ signal(SIGINT, SIG_IGN);
+ setpriority(PRIO_PROCESS, 0, 0);
+
+ openlog(NULL, LOG_ODELAY, LOG_AUTH);
+
+ while((opt = getopt(argc, argv, "ds:v:")) != -1) {
+ switch(opt) {
+ case 'd':
+ back = stdout;
+ break;
+ case 's': /* service */
+ if(strcmp(optarg, "login") == 0)
+ mode = MODE_LOGIN;
+ else if(strcmp(optarg, "challenge") == 0)
+ mode = MODE_CHALLENGE;
+ else if(strcmp(optarg, "response") == 0)
+ mode = MODE_RESPONSE;
+ else {
+ syslog(LOG_ERR, "%s: invalid service", optarg);
+ exit(1);
+ }
+ break;
+ case 'v':
+ /* silently ignore -v options */
+ break;
+ default:
+ syslog(LOG_ERR, "usage error1");
+ exit(1);
+ }
+ }
+ switch(argc - optind) {
+ case 2:
+ /* class = argv[optind + 1]; */
+ case 1:
+ username = argv[optind];
+ break;
+ default:
+ syslog(LOG_ERR, "usage error2");
+ exit(1);
+ }
+
+ if(back == NULL && (back = fdopen(3, "r+")) == NULL) {
+ syslog(LOG_ERR, "reopening back channel: %m");
+ exit(1);
+ }
+
+ password = getpass("Password:");
+
+ ret = krb5_login(username, password);
+
+ if(ret != AUTH_OK)
+ fprintf(back, BI_REJECT "\n");
+
closelog();
return 0;