0c7d862008-05-06Martin Stjernholm /* -*- c -*-
afa8d32004-05-13Henrik Grubbström (Grubba)  * Kerberos support for Pike. * * 2004-05-12 Henrik Grubbström * * FIXME: Currently only minimal support, and only for Kerberos 5 (not 4). */ #include "global.h" #include "config.h" #include "svalue.h" #include "module.h" #include "interpret.h" DECLARATIONS /* #define KRB_DEBUG */ #ifdef KRB_DEBUG #define KRB_FPRINTF(X) fprintf X #else /* !KRB_DEBUG */ #define KRB_FPRINTF(X) #endif /* KRB_DEBUG */ #ifdef HAVE_KRB5 #ifdef HAVE_KRB5_H #include <krb5.h>
938b482011-07-13Marcus Comstedt #else #ifdef HAVE_KERBEROSV5_KRB5_H #include <kerberosv5/krb5.h> #endif
afa8d32004-05-13Henrik Grubbström (Grubba) #endif PIKECLASS Context { CVAR krb5_context ctx; INIT { krb5_error_code err_code; if ((err_code = krb5_init_context(&THIS->ctx))) { Pike_error("Failed to initialize context: %d\n", err_code); } } EXIT
8dcb7d2008-05-29Martin Stjernholm  gc_trivial;
afa8d32004-05-13Henrik Grubbström (Grubba)  { if (THIS->ctx) { krb5_free_context(THIS->ctx); } } PIKEFUN int(0..1) authenticate(string user, string password) optflags OPT_EXTERNAL_DEPEND; { krb5_error_code err_code; krb5_principal principal; krb5_get_init_creds_opt get_creds_opt; krb5_verify_init_creds_opt verify_creds_opt; krb5_creds creds; ONERROR err; /* Hide the password from backtraces. */ Pike_sp[0] = Pike_sp[1-args];
017b572011-10-28Henrik Grubbström (Grubba)  SET_SVAL(Pike_sp[1-args], PIKE_T_INT, NUMBER_UNDEFINED, integer, 0);
afa8d32004-05-13Henrik Grubbström (Grubba)  Pike_sp++; args++; if (user->size_shift || password->size_shift) { KRB_FPRINTF((stderr, "Wide password or user name.\n")); pop_n_elems(args); push_int(0); return; }
0c7d862008-05-06Martin Stjernholm  if ((err_code = krb5_parse_name(THIS->ctx, (const char *) STR0(user), &principal))) {
afa8d32004-05-13Henrik Grubbström (Grubba)  KRB_FPRINTF((stderr, "Failed to parse user name: %d\n", err_code)); pop_n_elems(args); push_int(0); return; } krb5_get_init_creds_opt_init(&get_creds_opt); krb5_verify_init_creds_opt_init(&verify_creds_opt); if ((err_code = krb5_get_init_creds_password(THIS->ctx, &creds,
0c7d862008-05-06Martin Stjernholm  principal, (char *) STR0(password),
afa8d32004-05-13Henrik Grubbström (Grubba)  krb5_prompter_posix, NULL, 0, NULL, &get_creds_opt))) { KRB_FPRINTF((stderr, "Failed to get password credentials: %d.\n", err_code)); pop_n_elems(args); push_int(0); return; } if ((err_code = krb5_verify_init_creds(THIS->ctx, &creds, NULL, NULL, NULL, &verify_creds_opt))) { krb5_free_cred_contents(THIS->ctx, &creds); KRB_FPRINTF((stderr, "Failed to verify credentials: %d.\n", err_code)); pop_n_elems(args); push_int(0); return; } krb5_free_cred_contents(THIS->ctx, &creds); KRB_FPRINTF((stderr, "Credentials ok.")); pop_n_elems(args); push_int(1); return; } } #endif /* HAVE_KRB5 */ PIKE_MODULE_INIT { INIT; } PIKE_MODULE_EXIT { EXIT; }