2 * Copyright (c) 1995 - 1999, 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "ftpd_locl.h"
36 RCSID("$Id: kauth.c 15666 2005-07-19 17:08:11Z lha $");
38 #if defined(KRB4) || defined(KRB5)
40 int do_destroy_tickets = 1;
48 static unsigned int lifetime;
49 static time_t local_time;
51 static krb_principal pr;
54 save_tkt(const char *user,
62 memmove(&cip, *cipp, sizeof(cip));
67 store_ticket(KTEXT cip)
74 int left = cip->length;
78 ptr = (char *) cip->dat;
80 /* extract session key */
81 memmove(session, ptr, 8);
85 len = strnlen(ptr, left);
89 /* extract server's name */
90 strlcpy(sp.name, ptr, sizeof(sp.name));
94 len = strnlen(ptr, left);
98 /* extract server's instance */
99 strlcpy(sp.instance, ptr, sizeof(sp.instance));
103 len = strnlen(ptr, left);
107 /* extract server's realm */
108 strlcpy(sp.realm, ptr, sizeof(sp.realm));
114 /* extract ticket lifetime, server key version, ticket length */
115 /* be sure to avoid sign extension on lifetime! */
116 lifetime = (unsigned char) ptr[0];
117 kvno = (unsigned char) ptr[1];
118 tkt.length = (unsigned char) ptr[2];
122 if (tkt.length > left)
125 /* extract ticket itself */
126 memmove(tkt.dat, ptr, tkt.length);
130 /* Here is where the time should be verified against the KDC.
131 * Unfortunately everything is sent in host byte order (receiver
132 * makes wrong) , and at this stage there is no way for us to know
133 * which byteorder the KDC has. So we simply ignore the time,
134 * there are no security risks with this, the only thing that can
135 * happen is that we might receive a replayed ticket, which could
136 * at most be useless.
140 /* check KDC time stamp */
144 memmove(&kdc_time, ptr, sizeof(kdc_time));
145 if (swap_bytes) swap_u_long(kdc_time);
149 if (abs((int)(local_time - kdc_time)) > CLOCK_SKEW) {
150 return(RD_AP_TIME); /* XXX should probably be better
156 /* initialize ticket cache */
158 if (tf_create(TKT_FILE) != KSUCCESS)
161 if (tf_put_pname(pr.name) != KSUCCESS ||
162 tf_put_pinst(pr.instance) != KSUCCESS) {
168 kerror = tf_save_cred(sp.name, sp.instance, sp.realm, session,
169 lifetime, kvno, &tkt, local_time);
176 kauth(char *principal, char *ticket)
181 if(get_command_prot() != prot_private) {
182 reply(500, "Request denied (bad protection level)");
185 ret = krb_parse_name(principal, &pr);
187 reply(500, "Bad principal: %s.", krb_get_err_text(ret));
191 krb_get_lrealm(pr.realm, 1);
194 cip.length = base64_decode(ticket, &cip.dat);
195 if(cip.length == -1){
196 reply(500, "Failed to decode data.");
199 ret = store_ticket(&cip);
201 reply(500, "Kerberos error: %s.", krb_get_err_text(ret));
202 memset(&cip, 0, sizeof(cip));
205 do_destroy_tickets = 1;
209 reply(200, "Tickets will be destroyed on exit.");
213 ret = krb_get_in_tkt (pr.name,
216 KRB_TICKET_GRANTING_TICKET,
219 NULL, save_tkt, NULL);
220 if(ret != INTK_BADPW){
221 reply(500, "Kerberos error: %s.", krb_get_err_text(ret));
224 if(base64_encode(cip.dat, cip.length, &p) < 0) {
225 reply(500, "Out of memory while base64-encoding.");
228 reply(300, "P=%s T=%s", krb_unparse_name(&pr), p);
230 memset(&cip, 0, sizeof(cip));
235 short_date(int32_t dp)
238 time_t t = (time_t)dp;
240 if (t == (time_t)(-1L)) return "*** Never *** ";
247 krbtkfile(const char *tkfile)
249 do_destroy_tickets = 0;
250 krb_set_tkt_string(tkfile);
251 reply(200, "Using ticket file %s", tkfile);
261 krb5_context context;
265 ret = krb5_init_context(&context);
268 ret = krb5_cc_resolve(context, k5ccname, &id);
270 ret = krb5_cc_default (context, &id);
272 krb5_free_context(context);
275 krb5_cc_destroy(context, id);
276 krb5_free_context (context);
281 #if defined(KRB4) || defined(KRB5)
284 * Only destroy if we created the tickets
290 if (do_destroy_tickets) {
297 do_destroy_tickets = 0;
312 reply(200, "Tickets destroyed");
317 afslog(const char *cell, int quiet)
321 krb5_context context;
325 ret = krb5_init_context(&context);
328 ret = krb5_cc_resolve(context, k5ccname, &id);
330 ret = krb5_cc_default(context, &id);
332 krb5_free_context(context);
335 krb5_afslog(context, id, cell, 0);
336 krb5_cc_close (context, id);
337 krb5_free_context (context);
344 reply(200, "afslog done");
347 reply(200, "no AFS present");
359 int ftpd_afslog_placeholder;
360 #endif /* KRB4 || KRB5 */