2 * Copyright (c) 1990 Regents of the University of Michigan.
5 * Redistribution and use in source and binary forms are permitted
6 * provided that this notice is preserved and that due credit is given
7 * to the University of Michigan at Ann Arbor. The name of the University
8 * may not be used to endorse or promote products derived from this
9 * software without specific prior written permission. This software
10 * is provided ``as is'' without express or implied warranty.
16 #include <sys/types.h>
18 #include <kerberosIV/krb.h>
21 #endif /* KERBEROS_V */
22 #include <sys/socket.h>
24 #include <netinet/in.h>
25 #include <quipu/bind.h>
26 #if ISODEPACKAGE == IC
27 #include <quipu/DAS-types.h>
29 #include <pepsy/DAS-types.h>
36 kerberosv4_ldap_auth( char *cred, long len )
40 char instance[INST_SZ];
43 extern char *krb_ldap_service;
44 extern char *kerberos_keyfile;
46 Debug( LDAP_DEBUG_TRACE, "kerberosv4_ldap_auth\n", 0, 0, 0 );
48 SAFEMEMCPY( ktxt->dat, cred, len );
51 strcpy( instance, "*" );
52 if ( (err = krb_rd_req( ktxt, krb_ldap_service, instance, 0L,
53 &ad, kerberos_keyfile )) != KSUCCESS ) {
54 Debug( LDAP_DEBUG_ANY, "krb_rd_req failed (%s)\n",
55 krb_err_txt[err], 0, 0 );
56 return( LDAP_INVALID_CREDENTIALS );
59 return( LDAP_SUCCESS );
64 struct ds_bind_arg *ba,
71 struct type_UNIV_EXTERNAL *e;
72 struct kerberos_parms kp;
77 extern char *krb_x500_service;
78 extern char *krb_x500_instance;
80 Debug( LDAP_DEBUG_TRACE, "kerberosv4_bindarg\n", 0, 0, 0 );
82 e = (struct type_UNIV_EXTERNAL *) calloc( 1,
83 sizeof(struct type_UNIV_EXTERNAL) );
84 e->encoding = (struct choice_UNIV_0 *) calloc( 1,
85 sizeof(struct choice_UNIV_0) );
87 ba->dba_version = DBA_VERSION_V1988;
88 ba->dba_auth_type = DBA_AUTH_EXTERNAL;
90 e->indirect__reference = AUTH_TYPE_KERBEROS_V4;
91 e->direct__reference = NULLOID;
92 e->data__value__descriptor = str2qb( "KRBv4 client credentials",
96 kp.kp_version = AUTH_TYPE_KERBEROS_V4;
98 if ( (err = krb_get_lrealm( realm, 1 )) != KSUCCESS ) {
99 Debug( LDAP_DEBUG_ANY, "krb_get_lrealm failed (%s)\n",
100 krb_err_txt[err], 0, 0 );
101 return( LDAP_OPERATIONS_ERROR );
104 gettimeofday( &tv, NULL );
106 SAFEMEMCPY( kp.kp_ktxt.dat, cred, len );
107 kp.kp_ktxt.length = len;
108 if ( encode_kerberos_parms( &pe, &kp ) == NOTOK ) {
109 Debug( LDAP_DEBUG_ANY, "kerberos parms encoding failed\n", 0,
111 return( LDAP_OPERATIONS_ERROR );
114 e->encoding->offset = choice_UNIV_0_single__ASN1__type;
115 e->encoding->un.single__ASN1__type = pe;
121 kerberos_check_mutual(
122 struct ds_bind_arg *res,
126 struct type_UNIV_EXTERNAL *e = res->dba_external;
127 struct kerberos_parms *kp;
130 Debug( LDAP_DEBUG_TRACE, "kerberos_check_mutual\n", 0, 0, 0 );
132 if ( decode_kerberos_parms( e->encoding->un.single__ASN1__type, &kp )
135 ret = ((kp->kp_nonce == (nonce + 1)) ? OK : NOTOK );
137 Debug( LDAP_DEBUG_TRACE, "expecting %d got %d\n", nonce, kp->kp_nonce,
140 pe_free( e->encoding->un.single__ASN1__type );
141 dn_free( kp->kp_dn );