1 /*

     2  * krbauth.c: Check a username/password pair against krb5 by temporarily

     3  *            obtaining a short-lived ticket for the corresponding

     4  *            principal. Returns 1 in case of successful verification,

     5  *            0 otherwise.

     6  *

     7  * Nickolai Zeldovich <kolya@MIT.EDU>

     8  *

     9  */

    10 

    11 #include <stddef.h>

    12 #include <krb5.h>

    13 #include <com_err.h>

    14 #include <string.h>

    15 

    16 #define KRB5_LIFETIME 5

    17 

    18 int krbauth(char *user, char *pass) {

    19 

    20  krb5_data tgtname = { 0, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME };

    21  krb5_context kcontext;

    22  krb5_error_code code;

    23  krb5_principal me;

    24  krb5_principal server;

    25  krb5_creds my_creds;

    26  krb5_timestamp now;

    27  char *client_name;

    28 

    29  if((code=krb5_init_context (&kcontext))) {

    30 #ifdef DEBUG

    31   com_err("krbauth", code, "while initializing krb5");

    32 #endif

    33   return 0; }

    34 

    35  if((code=krb5_timeofday(kcontext,&now))) {

    36 #ifdef DEBUG

    37   com_err("krbauth", code, "while getting time of day");

    38 #endif

    39   return 0; }

    40 

    41  if((code=krb5_parse_name(kcontext, user, &me))) {

    42 #ifdef DEBUG

    43   com_err("krbauth", code, "while parsing name %s", user);

    44 #endif

    45   return 0; }

    46 

    47  if((code=krb5_unparse_name(kcontext, me, &client_name))) {

    48 #ifdef DEBUG

    49   com_err("krbauth", code, "when unparsing name");

    50 #endif

    51   return 0; }

    52 

    53  memset((char *)&my_creds, 0, sizeof(my_creds));

    54  my_creds.client = me;

    55  if((code=krb5_build_principal_ext(kcontext, &server,

    56 	krb5_princ_realm(kcontext, me)->length,

    57 	krb5_princ_realm(kcontext, me)->data,

    58 	tgtname.length, tgtname.data,

    59 	krb5_princ_realm(kcontext, me)->length,

    60 	krb5_princ_realm(kcontext, me)->data,

    61 	0))) {

    62 #ifdef DEBUG

    63   com_err("krbauth", code, "while building server name");

    64 #endif

    65   return 0; }

    66 

    67  my_creds.server = server;

    68  my_creds.times.starttime = 0;

    69  my_creds.times.endtime = now + KRB5_LIFETIME;

    70  if((code=krb5_get_in_tkt_with_password(kcontext, 0, 0,

    71 	NULL, NULL, pass, 0, &my_creds, 0))) {

    72 #ifdef DEBUG

    73   if(code==KRB5KRB_AP_ERR_BAD_INTEGRITY)

    74    com_err("krbauth", code, "incorrect password");

    75   else

    76    com_err("krbauth", code, "while getting initial credentials");

    77 #endif

    78   return 0;

    79  }

    80 

    81  return 1;

    82 }