crypto/heimdal-0.6.3/appl/ftp/ftpd/gss_userok.c

   1 /*
   2  * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #include "ftpd_locl.h"
  35 #include <gssapi.h>
  36 #include <krb5.h>
  37
  38 RCSID("$Id: gss_userok.c,v 1.10 2003/03/18 13:56:35 lha Exp $");
  39
  40 /* XXX a bit too much of krb5 dependency here...
  41    What is the correct way to do this?
  42    */
  43
  44 extern krb5_context gssapi_krb5_context;
  45
  46 /* XXX sync with gssapi.c */
  47 struct gss_data {
  48     gss_ctx_id_t context_hdl;
  49     char *client_name;
  50     gss_cred_id_t delegated_cred_handle;
  51 };
  52
  53 int gss_userok(void*, char*); /* to keep gcc happy */
  54
  55 int
  56 gss_userok(void *app_data, char *username)
  57 {
  58     struct gss_data *data = app_data;
  59     if(gssapi_krb5_context) {
  60         krb5_principal client;
  61         krb5_error_code ret;
  62
  63         ret = krb5_parse_name(gssapi_krb5_context, data->client_name, &client);
  64         if(ret)
  65             return 1;
  66         ret = krb5_kuserok(gssapi_krb5_context, client, username);
  67         if (!ret) {
  68            krb5_free_principal(gssapi_krb5_context, client);
  69            return 1;
  70         }
  71
  72         ret = 0;
  73
  74         /* more of krb-depend stuff :-( */
  75         /* gss_add_cred() ? */
  76         if (data->delegated_cred_handle &&
  77             data->delegated_cred_handle->ccache ) {
  78
  79            krb5_ccache ccache = NULL;
  80            char* ticketfile;
  81            struct passwd *pw;
  82            OM_uint32 minor_status;
  83
  84            pw = getpwnam(username);
  85
  86            if (pw == NULL) {
  87                ret = 1;
  88                goto fail;
  89            }
  90
  91            asprintf (&ticketfile, "%s%u", KRB5_DEFAULT_CCROOT,
  92                      (unsigned)pw->pw_uid);
  93
  94            ret = krb5_cc_resolve(gssapi_krb5_context, ticketfile, &ccache);
  95            if (ret)
  96               goto fail;
  97
  98            ret = gss_krb5_copy_ccache(&minor_status,
  99                                       data->delegated_cred_handle,
 100                                       ccache);
 101            if (ret)
 102               goto fail;
 103
 104            chown (ticketfile+5, pw->pw_uid, pw->pw_gid);
 105
 106            if (k_hasafs()) {
 107                krb5_afslog(gssapi_krb5_context, ccache, 0, 0);
 108            }
 109            esetenv ("KRB5CCNAME", ticketfile, 1);
 110
 111 fail:
 112            if (ccache)
 113               krb5_cc_close(gssapi_krb5_context, ccache);
 114            krb5_cc_destroy(gssapi_krb5_context,
 115                            data->delegated_cred_handle->ccache);
 116            data->delegated_cred_handle->ccache = NULL;
 117            free(ticketfile);
 118         }
 119
 120         krb5_free_principal(gssapi_krb5_context, client);
 121         return ret;
 122     }
 123     return 1;
 124 }