Don't depend error handling on exact resultCode.

[openldap] / clients / ud / auth.c

diff --git a/clients/ud/auth.c b/clients/ud/auth.c
index b757d78169c54226701ab71dcde79ebde0038022..e7f5ac8add8551c8af05fb2a35b7b3cf7620ddc4 100644 (file)
--- a/clients/ud/auth.c
+++ b/clients/ud/auth.c
@@ -1,4 +1,8 @@
 /* $OpenLDAP$ */
+/*
+ * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
 /*
  * Copyright (c) 1991, 1992 Regents of the University of Michigan.
  * All rights reserved.
@@ -33,7 +37,7 @@
 #include "ldap_defaults.h"
 #include "ud.h"
 
-#ifdef HAVE_KERBEROS
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
 static char tktpath[20];       /* ticket file path */
 static int kinit();
 static int valid_tgt();
@@ -56,7 +60,7 @@ auth( char *who, int implicit )
        char *user;
 #endif
        char uidname[20];
-#ifdef HAVE_KERBEROS
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
        char **krbnames;        /* for kerberos names */
        int kinited, ikrb;
        char buf[5];
@@ -144,7 +148,7 @@ auth( char *who, int implicit )
        rdns = ldap_explode_dn(Entry.DN, TRUE);
        printf("  Authenticating to the directory as \"%s\"...\n", *rdns );
 
-#ifdef HAVE_KERBEROS
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
        /*
         * First, if the user has a choice of auth methods, ask which
         * one they want to use.  if they want kerberos, ask which
@@ -243,7 +247,7 @@ auth( char *who, int implicit )
                        (void) ldap_value_free(rdns);
                        return(0);
                }
-#ifdef HAVE_KERBEROS
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
        }
        (void) ldap_value_free(krbnames);
 #endif
@@ -255,13 +259,13 @@ auth( char *who, int implicit )
                if (ld_errno == LDAP_NO_SUCH_ATTRIBUTE)
                        fprintf(stderr, "  Entry has no password\n");
                else if (ld_errno == LDAP_INVALID_CREDENTIALS)
-#ifdef HAVE_KERBEROS
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
                        if ( authmethod == LDAP_AUTH_KRBV4 ) {
                                fprintf(stderr, "  The Kerberos credentials are invalid.\n");
                        } else {
 #endif
                                fprintf(stderr, "  The password you provided is incorrect.\n");
-#ifdef HAVE_KERBEROS
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
                        }
 #endif
                else
@@ -290,7 +294,7 @@ auth( char *who, int implicit )
        return(0);
 }
 
-#ifdef HAVE_KERBEROS
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
 
 #define FIVEMINS       ( 5 * 60 )
 #define TGT            "krbtgt"
@@ -334,6 +338,8 @@ valid_tgt( char **names )
 
 static char *kauth_name;
 
+#ifndef HAVE_KTH_KERBEROS
+
 /*ARGSUSED*/
 int
 krbgetpass( char *user, char *inst, char *realm, char *pw, C_Block key )
@@ -365,6 +371,7 @@ krbgetpass( char *user, char *inst, char *realm, char *pw, C_Block key )
 
        return( 0 );
 }
+#endif /* HAVE_KTH_KERBEROS */
 
 static int
 kinit( char *kname )
@@ -382,14 +389,18 @@ kinit( char *kname )
        }
 
 #ifdef HAVE_AFS_KERBEROS
-       /*
-        * realm must be uppercase for krb_ routines
-        */
+       /* realm must be uppercase for AFS krb_ routines */
        ldap_pvt_str2upper( realm );
 #endif /* HAVE_AFS_KERBEROS */
 
+#ifdef HAVE_KTH_KERBEROS
+       /* Kth kerberos knows how to do both string to keys */
+       rc = krb_get_pw_in_tkt( name, inst, realm, TGT, realm,
+               DEFAULT_TKT_LIFE, 0 );
+#else
        rc = krb_get_in_tkt( name, inst, realm, TGT, realm,
            DEFAULT_TKT_LIFE, krbgetpass, NULL, NULL );
+#endif
 
        if ( rc != KSUCCESS ) {
                switch ( rc ) {