+/* $OpenLDAP$ */
+/*
+ * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
/*
* Copyright (c) 1991, 1992 Regents of the University of Michigan.
* All rights reserved.
#include "portable.h"
#include <stdio.h>
-#include <stdlib.h>
+
+#include <ac/stdlib.h>
#include <ac/ctype.h>
#include <ac/krb.h>
#include <ac/string.h>
#include <ac/time.h>
#include <ac/unistd.h>
-extern char *strdup (const char *);
#ifdef HAVE_PWD_H
#include <pwd.h>
#include <lber.h>
#include <ldap.h>
-#include <ldapconfig.h>
+#include "ldap_defaults.h"
#include "ud.h"
-#ifdef HAVE_KERBEROS
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
static char tktpath[20]; /* ticket file path */
static int kinit();
static int valid_tgt();
auth( char *who, int implicit )
{
int rc; /* return code from ldap_bind() */
- char *passwd = NULL; /* returned by mygetpass() */
+ char *passwd = NULL; /* returned by getpass() */
char **rdns; /* for fiddling with the DN */
int authmethod;
int name_provided; /* was a name passed in? */
char *user;
#endif
char uidname[20];
-#ifdef HAVE_KERBEROS
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
char **krbnames; /* for kerberos names */
int kinited, ikrb;
char buf[5];
* from the user. Then perform the ldap_bind().
*/
if ((mp = find(who, TRUE)) == NULL) {
- (void) ldap_msgfree(mp);
printf(" I could not find \"%s\" in the Directory.\n", who);
printf(" I used a search base of ");
printbase("", search_base);
rdns = ldap_explode_dn(Entry.DN, TRUE);
printf(" Authenticating to the directory as \"%s\"...\n", *rdns );
-#ifdef HAVE_KERBEROS
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
/*
* First, if the user has a choice of auth methods, ask which
* one they want to use. if they want kerberos, ask which
authmethod = LDAP_AUTH_SIMPLE;
sprintf(prompt, " Enter your LDAP password: ");
do {
- passwd = mygetpass(prompt);
+ passwd = getpass(prompt);
} while (passwd != NULL && *passwd == '\0');
if (passwd == NULL) {
(void) ldap_value_free(rdns);
return(0);
}
-#ifdef HAVE_KERBEROS
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
}
(void) ldap_value_free(krbnames);
#endif
if (ld_errno == LDAP_NO_SUCH_ATTRIBUTE)
fprintf(stderr, " Entry has no password\n");
else if (ld_errno == LDAP_INVALID_CREDENTIALS)
-#ifdef HAVE_KERBEROS
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
if ( authmethod == LDAP_AUTH_KRBV4 ) {
fprintf(stderr, " The Kerberos credentials are invalid.\n");
} else {
#endif
fprintf(stderr, " The password you provided is incorrect.\n");
-#ifdef HAVE_KERBEROS
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
}
#endif
else
return(0);
}
-#ifdef HAVE_KERBEROS
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
#define FIVEMINS ( 5 * 60 )
#define TGT "krbtgt"
-static void
-str2upper( char *s )
-{
- char *p;
-
- for ( p = s; *p != '\0'; ++p ) {
- *p = TOUPPER( *p );
- }
-}
-
-
static int
valid_tgt( char **names )
{
/*
* realm must be uppercase for krb_ routines
*/
- str2upper( realm );
+ ldap_pvt_str2upper( realm );
#endif /* HAVE_AFS_KERBEROS */
/*
static char *kauth_name;
+#ifndef HAVE_KTH_KERBEROS
+
/*ARGSUSED*/
int
krbgetpass( char *user, char *inst, char *realm, char *pw, C_Block key )
sprintf(prompt, " Enter Kerberos password for %s: ", kauth_name );
#endif
do {
- passwd = mygetpass(prompt);
+ passwd = getpass(prompt);
} while (passwd != NULL && *passwd == '\0');
if (passwd == NULL) {
return(-1);
#ifdef HAVE_AFS_KERBEROS
strcpy( lcrealm, realm );
for ( p = lcrealm; *p != '\0'; ++p ) {
- *p = TOLOWER( *p );
+ *p = TOLOWER( (unsigned char) *p );
}
ka_StringToKey( passwd, lcrealm, key );
return( 0 );
}
+#endif /* HAVE_KTH_KERBEROS */
static int
kinit( char *kname )
}
#ifdef HAVE_AFS_KERBEROS
- /*
- * realm must be uppercase for krb_ routines
- */
- str2upper( realm );
+ /* realm must be uppercase for AFS krb_ routines */
+ ldap_pvt_str2upper( realm );
#endif /* HAVE_AFS_KERBEROS */
+#ifdef HAVE_KTH_KERBEROS
+ /* Kth kerberos knows how to do both string to keys */
+ rc = krb_get_pw_in_tkt( name, inst, realm, TGT, realm,
+ DEFAULT_TKT_LIFE, 0 );
+#else
rc = krb_get_in_tkt( name, inst, realm, TGT, realm,
DEFAULT_TKT_LIFE, krbgetpass, NULL, NULL );
+#endif
if ( rc != KSUCCESS ) {
switch ( rc ) {