kerberos5.c revision 1.5
1 /* $NetBSD: kerberos5.c,v 1.5 2000/07/17 02:25:02 thorpej Exp $ */ 2 3 /*- 4 * Copyright (c) 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed by the University of 18 * California, Berkeley and its contributors. 19 * 4. Neither the name of the University nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 /* 37 * Copyright (C) 1990 by the Massachusetts Institute of Technology 38 * 39 * Export of this software from the United States of America may 40 * require a specific license from the United States Government. 41 * It is the responsibility of any person or organization contemplating 42 * export to obtain such a license before exporting. 43 * 44 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 45 * distribute this software and its documentation for any purpose and 46 * without fee is hereby granted, provided that the above copyright 47 * notice appear in all copies and that both that copyright notice and 48 * this permission notice appear in supporting documentation, and that 49 * the name of M.I.T. not be used in advertising or publicity pertaining 50 * to distribution of the software without specific, written prior 51 * permission. M.I.T. makes no representations about the suitability of 52 * this software for any purpose. It is provided "as is" without express 53 * or implied warranty. 54 */ 55 56 #ifdef KRB5 57 #include <arpa/telnet.h> 58 #include <stdio.h> 59 #include <stdlib.h> 60 #include <string.h> 61 #include <unistd.h> 62 #include <netdb.h> 63 #include <ctype.h> 64 #include <pwd.h> 65 #define Authenticator k5_Authenticator 66 #include <krb5.h> 67 #undef Authenticator 68 /* #include <roken.h> */ 69 70 #include "encrypt.h" 71 #include "auth.h" 72 #include "misc.h" 73 74 int forward_flags; /* Flags get set in telnet/main.c on -f and -F */ 75 int got_forwarded_creds;/* Tell telnetd to pass -F or -f to login. */ 76 77 int require_hwpreauth; 78 79 void kerberos5_forward(Authenticator *); 80 81 static unsigned char str_data[1024] = {IAC, SB, TELOPT_AUTHENTICATION, 0, 82 AUTHTYPE_KERBEROS_V5,}; 83 84 #define KRB_AUTH 0 /* Authentication data follows */ 85 #define KRB_REJECT 1 /* Rejected (reason might follow) */ 86 #define KRB_ACCEPT 2 /* Accepted */ 87 #define KRB_RESPONSE 3 /* Response for mutual auth. */ 88 89 #define KRB_FORWARD 4 /* Forwarded credentials follow */ 90 #define KRB_FORWARD_ACCEPT 5 /* Forwarded credentials accepted */ 91 #define KRB_FORWARD_REJECT 6 /* Forwarded credentials rejected */ 92 93 static krb5_data auth; 94 static krb5_ticket *ticket; 95 96 krb5_context telnet_context; 97 static krb5_auth_context auth_context; 98 99 static int 100 Data(Authenticator *ap, int type, void *d, int c) 101 { 102 unsigned char *p = str_data + 4; 103 unsigned char *cd = (unsigned char *) d; 104 105 if (c == -1) 106 c = strlen(cd); 107 108 if (auth_debug_mode) { 109 printf("%s:%d: [%d] (%d)", 110 str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", 111 str_data[3], 112 type, c); 113 printd(d, c); 114 printf("\r\n"); 115 } 116 *p++ = ap->type; 117 *p++ = ap->way; 118 *p++ = type; 119 while (c-- > 0) { 120 if ((*p++ = *cd++) == IAC) 121 *p++ = IAC; 122 } 123 *p++ = IAC; 124 *p++ = SE; 125 if (str_data[3] == TELQUAL_IS) 126 printsub('>', &str_data[2], p - &str_data[2]); 127 return (telnet_net_write(str_data, p - str_data)); 128 } 129 130 int 131 kerberos5_init(Authenticator *ap, int server) 132 { 133 krb5_error_code ret; 134 135 if (telnet_context == 0) { 136 ret = krb5_init_context(&telnet_context); 137 if (ret) 138 return 0; 139 } 140 141 if (server) { 142 krb5_keytab kt; 143 krb5_kt_cursor cursor; 144 145 ret = krb5_kt_default(telnet_context, &kt); 146 if (ret) 147 return 0; 148 149 ret = krb5_kt_start_seq_get(telnet_context, kt, &cursor); 150 if (ret) { 151 krb5_kt_close(telnet_context, kt); 152 return 0; 153 } 154 krb5_kt_end_seq_get(telnet_context, kt, &cursor); 155 krb5_kt_close(telnet_context, kt); 156 157 str_data[3] = TELQUAL_REPLY; 158 } else 159 str_data[3] = TELQUAL_IS; 160 return (1); 161 } 162 163 int 164 kerberos5_send(Authenticator *ap) 165 { 166 krb5_error_code ret; 167 krb5_ccache ccache; 168 int ap_opts; 169 krb5_data cksum_data; 170 char foo[2]; 171 extern int net; 172 173 printf("[ Trying KERBEROS5 ... ]\r\n"); 174 175 if (!UserNameRequested) { 176 if (auth_debug_mode) { 177 printf("Kerberos V5: no user name supplied\r\n"); 178 } 179 return (0); 180 } 181 ret = krb5_cc_default(telnet_context, &ccache); 182 if (ret) { 183 if (auth_debug_mode) { 184 printf( 185 "Kerberos V5: could not get default ccache: %s\r\n", 186 krb5_get_err_text(telnet_context, ret)); 187 } 188 return (0); 189 } 190 if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) 191 ap_opts = AP_OPTS_MUTUAL_REQUIRED; 192 else 193 ap_opts = 0; 194 195 ret = krb5_auth_con_init(telnet_context, &auth_context); 196 if (ret) { 197 if (auth_debug_mode) { 198 printf( 199 "Kerberos V5: krb5_auth_con_init failed: %s\r\n", 200 krb5_get_err_text(telnet_context, ret)); 201 } 202 return (0); 203 } 204 ret = krb5_auth_con_setaddrs_from_fd(telnet_context, 205 auth_context, &net); 206 if (ret) { 207 if (auth_debug_mode) { 208 printf("Kerberos V5: " 209 "krb5_auth_con_setaddrs_from_fd failed: %s\r\n", 210 krb5_get_err_text(telnet_context, ret)); 211 } 212 return (0); 213 } 214 krb5_auth_setkeytype(telnet_context, auth_context, KEYTYPE_DES); 215 216 foo[0] = ap->type; 217 foo[1] = ap->way; 218 219 cksum_data.length = sizeof(foo); 220 cksum_data.data = foo; 221 ret = krb5_mk_req(telnet_context, &auth_context, ap_opts, "host", 222 RemoteHostName, &cksum_data, ccache, &auth); 223 if (ret) { 224 if (1 || auth_debug_mode) { 225 printf("Kerberos V5: mk_req failed (%s)\r\n", 226 krb5_get_err_text(telnet_context, ret)); 227 } 228 return (0); 229 } 230 231 if (!auth_sendname((unsigned char *) UserNameRequested, 232 strlen(UserNameRequested))) { 233 if (auth_debug_mode) 234 printf("Not enough room for user name\r\n"); 235 return (0); 236 } 237 if (!Data(ap, KRB_AUTH, auth.data, auth.length)) { 238 if (auth_debug_mode) 239 printf("Not enough room for authentication data\r\n"); 240 return (0); 241 } 242 if (auth_debug_mode) { 243 printf("Sent Kerberos V5 credentials to server\r\n"); 244 } 245 return (1); 246 } 247 248 void 249 kerberos5_is(Authenticator * ap, unsigned char *data, int cnt) 250 { 251 krb5_error_code ret; 252 krb5_data outbuf; 253 krb5_keyblock *key_block; 254 char *name; 255 krb5_principal server; 256 int zero = 0; 257 258 if (cnt-- < 1) 259 return; 260 switch (*data++) { 261 case KRB_AUTH: 262 auth.data = (char *) data; 263 auth.length = cnt; 264 265 auth_context = NULL; 266 267 ret = krb5_auth_con_init(telnet_context, &auth_context); 268 if (ret) { 269 Data(ap, KRB_REJECT, "krb5_auth_con_init failed", -1); 270 auth_finished(ap, AUTH_REJECT); 271 if (auth_debug_mode) 272 printf("Kerberos V5: krb5_auth_con_init failed (%s)\r\n", 273 krb5_get_err_text(telnet_context, ret)); 274 return; 275 } 276 ret = krb5_auth_con_setaddrs_from_fd(telnet_context, 277 auth_context, &zero); 278 if (ret) { 279 Data(ap, KRB_REJECT, "krb5_auth_con_setaddrs_from_fd failed", -1); 280 auth_finished(ap, AUTH_REJECT); 281 if (auth_debug_mode) 282 printf("Kerberos V5: " 283 "krb5_auth_con_setaddrs_from_fd failed (%s)\r\n", 284 krb5_get_err_text(telnet_context, ret)); 285 return; 286 } 287 ret = krb5_sock_to_principal(telnet_context, 0, "host", 288 KRB5_NT_SRV_HST, &server); 289 if (ret) { 290 Data(ap, KRB_REJECT, "krb5_sock_to_principal failed", -1); 291 auth_finished(ap, AUTH_REJECT); 292 if (auth_debug_mode) 293 printf("Kerberos V5: " 294 "krb5_sock_to_principal failed (%s)\r\n", 295 krb5_get_err_text(telnet_context, ret)); 296 return; 297 } 298 ret = krb5_rd_req(telnet_context, &auth_context, &auth, 299 server, NULL, NULL, &ticket); 300 krb5_free_principal(telnet_context, server); 301 302 if (ret) { 303 char *errbuf; 304 305 asprintf(&errbuf, 306 "Read req failed: %s", 307 krb5_get_err_text(telnet_context, ret)); 308 Data(ap, KRB_REJECT, errbuf, -1); 309 if (auth_debug_mode) 310 printf("%s\r\n", errbuf); 311 free(errbuf); 312 return; 313 } { 314 char foo[2]; 315 316 foo[0] = ap->type; 317 foo[1] = ap->way; 318 319 ret = krb5_verify_authenticator_checksum(telnet_context, 320 auth_context, foo, sizeof(foo)); 321 322 if (ret) { 323 char *errbuf; 324 asprintf(&errbuf, "Bad checksum: %s", 325 krb5_get_err_text(telnet_context, ret)); 326 Data(ap, KRB_REJECT, errbuf, -1); 327 if (auth_debug_mode) 328 printf("%s\r\n", errbuf); 329 free(errbuf); 330 return; 331 } 332 } 333 ret = krb5_auth_con_getremotesubkey(telnet_context, 334 auth_context, &key_block); 335 336 if (ret) { 337 Data(ap, KRB_REJECT, "krb5_auth_con_getremotesubkey failed", -1); 338 auth_finished(ap, AUTH_REJECT); 339 if (auth_debug_mode) 340 printf("Kerberos V5: " 341 "krb5_auth_con_getremotesubkey failed (%s)\r\n", 342 krb5_get_err_text(telnet_context, ret)); 343 return; 344 } 345 if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { 346 ret = krb5_mk_rep(telnet_context, 347 &auth_context, &outbuf); 348 if (ret) { 349 Data(ap, KRB_REJECT, 350 "krb5_mk_rep failed", -1); 351 auth_finished(ap, AUTH_REJECT); 352 if (auth_debug_mode) 353 printf("Kerberos V5: " 354 "krb5_mk_rep failed (%s)\r\n", 355 krb5_get_err_text(telnet_context, 356 ret)); 357 return; 358 } 359 Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length); 360 } 361 if (krb5_unparse_name(telnet_context, ticket->client, &name)) 362 name = 0; 363 364 if (UserNameRequested && krb5_kuserok(telnet_context, 365 ticket->client, UserNameRequested)) { 366 Data(ap, KRB_ACCEPT, name, name ? -1 : 0); 367 if (auth_debug_mode) { 368 printf("Kerberos5 identifies him as ``%s''\r\n", 369 name ? name : ""); 370 } 371 if (key_block->keytype == ETYPE_DES_CBC_MD5 || 372 key_block->keytype == ETYPE_DES_CBC_MD4 || 373 key_block->keytype == ETYPE_DES_CBC_CRC) { 374 Session_Key skey; 375 376 skey.type = SK_DES; 377 skey.length = 8; 378 skey.data = key_block->keyvalue.data; 379 encrypt_session_key(&skey, 0); 380 } 381 } else { 382 char *msg; 383 384 asprintf(&msg, "user `%s' is not authorized to " 385 "login as `%s'", 386 name ? name : "<unknown>", 387 UserNameRequested ? UserNameRequested : "<nobody>"); 388 if (msg == NULL) 389 Data(ap, KRB_REJECT, NULL, 0); 390 else { 391 Data(ap, KRB_REJECT, (void *) msg, -1); 392 free(msg); 393 } 394 auth_finished(ap, AUTH_REJECT); 395 krb5_free_keyblock_contents(telnet_context, key_block); 396 break; 397 } 398 auth_finished(ap, AUTH_USER); 399 krb5_free_keyblock_contents(telnet_context, key_block); 400 401 break; 402 case KRB_FORWARD:{ 403 struct passwd *pwd; 404 char ccname[1024]; /* XXX */ 405 krb5_data inbuf; 406 krb5_ccache ccache; 407 inbuf.data = (char *) data; 408 inbuf.length = cnt; 409 410 pwd = getpwnam(UserNameRequested); 411 if (pwd == NULL) 412 break; 413 414 snprintf(ccname, sizeof(ccname), 415 "FILE:/tmp/krb5cc_%u", pwd->pw_uid); 416 417 ret = krb5_cc_resolve(telnet_context, ccname, &ccache); 418 if (ret) { 419 if (auth_debug_mode) 420 printf("Kerberos V5: could not get ccache: %s\r\n", 421 krb5_get_err_text(telnet_context, 422 ret)); 423 break; 424 } 425 ret = krb5_cc_initialize(telnet_context, ccache, 426 ticket->client); 427 if (ret) { 428 if (auth_debug_mode) 429 printf("Kerberos V5: could not init ccache: %s\r\n", 430 krb5_get_err_text(telnet_context, 431 ret)); 432 break; 433 } 434 ret = krb5_rd_cred(telnet_context, auth_context, 435 ccache, &inbuf); 436 if (ret) { 437 char *errbuf; 438 439 asprintf(&errbuf, 440 "Read forwarded creds failed: %s", 441 krb5_get_err_text(telnet_context, ret)); 442 if (errbuf == NULL) 443 Data(ap, KRB_FORWARD_REJECT, NULL, 0); 444 else 445 Data(ap, KRB_FORWARD_REJECT, errbuf, -1); 446 if (auth_debug_mode) 447 printf("Could not read forwarded credentials: %s\r\n", 448 errbuf); 449 free(errbuf); 450 } else 451 Data(ap, KRB_FORWARD_ACCEPT, 0, 0); 452 chown(ccname + 5, pwd->pw_uid, -1); 453 if (auth_debug_mode) 454 printf("Forwarded credentials obtained\r\n"); 455 break; 456 } 457 default: 458 if (auth_debug_mode) 459 printf("Unknown Kerberos option %d\r\n", data[-1]); 460 Data(ap, KRB_REJECT, 0, 0); 461 break; 462 } 463 } 464 465 void 466 kerberos5_reply(Authenticator * ap, unsigned char *data, int cnt) 467 { 468 static int mutual_complete = 0; 469 470 if (cnt-- < 1) 471 return; 472 switch (*data++) { 473 case KRB_REJECT: 474 if (cnt > 0) { 475 printf("[ Kerberos V5 refuses authentication because %.*s ]\r\n", 476 cnt, data); 477 } else 478 printf("[ Kerberos V5 refuses authentication ]\r\n"); 479 auth_send_retry(); 480 return; 481 case KRB_ACCEPT:{ 482 krb5_error_code ret; 483 Session_Key skey; 484 krb5_keyblock *keyblock; 485 486 if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL && 487 !mutual_complete) { 488 printf("[ Kerberos V5 accepted you, but didn't provide mutual authentication! ]\r\n"); 489 auth_send_retry(); 490 return; 491 } 492 if (cnt) 493 printf("[ Kerberos V5 accepts you as ``%.*s'' ]\r\n", cnt, data); 494 else 495 printf("[ Kerberos V5 accepts you ]\r\n"); 496 497 ret = krb5_auth_con_getlocalsubkey(telnet_context, 498 auth_context, &keyblock); 499 if (ret) 500 ret = krb5_auth_con_getkey(telnet_context, 501 auth_context, &keyblock); 502 if (ret) { 503 printf("[ krb5_auth_con_getkey: %s ]\r\n", 504 krb5_get_err_text(telnet_context, ret)); 505 auth_send_retry(); 506 return; 507 } 508 skey.type = SK_DES; 509 skey.length = 8; 510 skey.data = keyblock->keyvalue.data; 511 encrypt_session_key(&skey, 0); 512 krb5_free_keyblock_contents(telnet_context, keyblock); 513 auth_finished(ap, AUTH_USER); 514 if (forward_flags & OPTS_FORWARD_CREDS) 515 kerberos5_forward(ap); 516 break; 517 } 518 case KRB_RESPONSE: 519 if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { 520 /* the rest of the reply should contain a krb_ap_rep */ 521 krb5_ap_rep_enc_part *reply; 522 krb5_data inbuf; 523 krb5_error_code ret; 524 525 inbuf.length = cnt; 526 inbuf.data = (char *) data; 527 528 ret = krb5_rd_rep(telnet_context, 529 auth_context, &inbuf, &reply); 530 if (ret) { 531 printf("[ Mutual authentication failed: %s ]\r\n", 532 krb5_get_err_text(telnet_context, ret)); 533 auth_send_retry(); 534 return; 535 } 536 krb5_free_ap_rep_enc_part(telnet_context, reply); 537 mutual_complete = 1; 538 } 539 return; 540 case KRB_FORWARD_ACCEPT: 541 printf("[ Kerberos V5 accepted forwarded credentials ]\r\n"); 542 return; 543 case KRB_FORWARD_REJECT: 544 printf("[ Kerberos V5 refuses forwarded credentials because %.*s ]\r\n", 545 cnt, data); 546 return; 547 default: 548 if (auth_debug_mode) 549 printf("Unknown Kerberos option %d\r\n", data[-1]); 550 return; 551 } 552 } 553 554 int 555 kerberos5_status(Authenticator *ap, char *name, int level) 556 { 557 if (level < AUTH_USER) 558 return (level); 559 560 if (UserNameRequested && 561 krb5_kuserok(telnet_context, ticket->client, UserNameRequested)) { 562 strcpy(name, UserNameRequested); 563 return (AUTH_VALID); 564 } else 565 return (AUTH_USER); 566 } 567 #define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} 568 #define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} 569 570 void 571 kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) 572 { 573 int i; 574 575 buf[buflen - 1] = '\0'; /* make sure its NULL terminated */ 576 buflen -= 1; 577 578 switch (data[3]) { 579 case KRB_REJECT: /* Rejected (reason might follow) */ 580 strlcpy((char *) buf, " REJECT ", buflen); 581 goto common; 582 583 case KRB_ACCEPT: /* Accepted (name might follow) */ 584 strlcpy((char *) buf, " ACCEPT ", buflen); 585 common: 586 BUMP(buf, buflen); 587 if (cnt <= 4) 588 break; 589 ADDC(buf, buflen, '"'); 590 for (i = 4; i < cnt; i++) 591 ADDC(buf, buflen, data[i]); 592 ADDC(buf, buflen, '"'); 593 ADDC(buf, buflen, '\0'); 594 break; 595 596 597 case KRB_AUTH: /* Authentication data follows */ 598 strlcpy((char *) buf, " AUTH", buflen); 599 goto common2; 600 601 case KRB_RESPONSE: 602 strlcpy((char *) buf, " RESPONSE", buflen); 603 goto common2; 604 605 case KRB_FORWARD: /* Forwarded credentials follow */ 606 strlcpy((char *) buf, " FORWARD", buflen); 607 goto common2; 608 609 case KRB_FORWARD_ACCEPT: /* Forwarded credentials accepted */ 610 strlcpy((char *) buf, " FORWARD_ACCEPT", buflen); 611 goto common2; 612 613 case KRB_FORWARD_REJECT: /* Forwarded credentials rejected */ 614 /* (reason might follow) */ 615 strlcpy((char *) buf, " FORWARD_REJECT", buflen); 616 goto common2; 617 618 default: 619 snprintf(buf, buflen, " %d (unknown)", data[3]); 620 common2: 621 BUMP(buf, buflen); 622 for (i = 4; i < cnt; i++) { 623 snprintf(buf, buflen, " %d", data[i]); 624 BUMP(buf, buflen); 625 } 626 break; 627 } 628 } 629 630 void 631 kerberos5_forward(Authenticator * ap) 632 { 633 krb5_error_code ret; 634 krb5_ccache ccache; 635 krb5_creds creds; 636 krb5_kdc_flags flags; 637 krb5_data out_data; 638 krb5_principal principal; 639 640 ret = krb5_cc_default(telnet_context, &ccache); 641 if (ret) { 642 if (auth_debug_mode) 643 printf("KerberosV5: could not get default ccache: %s\r\n", 644 krb5_get_err_text(telnet_context, ret)); 645 return; 646 } 647 ret = krb5_cc_get_principal(telnet_context, ccache, &principal); 648 if (ret) { 649 if (auth_debug_mode) 650 printf("KerberosV5: could not get principal: %s\r\n", 651 krb5_get_err_text(telnet_context, ret)); 652 return; 653 } 654 memset(&creds, 0, sizeof(creds)); 655 656 creds.client = principal; 657 658 ret = krb5_build_principal(telnet_context, &creds.server, 659 strlen(principal->realm), principal->realm, "krbtgt", 660 principal->realm, NULL); 661 662 if (ret) { 663 if (auth_debug_mode) 664 printf("KerberosV5: could not get principal: %s\r\n", 665 krb5_get_err_text(telnet_context, ret)); 666 return; 667 } 668 creds.times.endtime = 0; 669 670 flags.i = 0; 671 flags.b.forwarded = 1; 672 if (forward_flags & OPTS_FORWARDABLE_CREDS) 673 flags.b.forwardable = 1; 674 675 ret = krb5_get_forwarded_creds(telnet_context, auth_context, 676 ccache, flags.i, RemoteHostName, &creds, &out_data); 677 if (ret) { 678 if (auth_debug_mode) 679 printf("Kerberos V5: error getting forwarded creds: %s\r\n", 680 krb5_get_err_text(telnet_context, ret)); 681 return; 682 } 683 if (!Data(ap, KRB_FORWARD, out_data.data, out_data.length)) { 684 if (auth_debug_mode) 685 printf("Not enough room for authentication data\r\n"); 686 } else { 687 if (auth_debug_mode) 688 printf("Forwarded local Kerberos V5 credentials to server\r\n"); 689 } 690 } 691 #endif /* KRB5 */ 692
Indexes created Tue Sep 23 02:09:52 GMT 2025