|
|
|---|
| 158 |
krb5_free_error_message(k5_ctx, msg); |
158 |
krb5_free_error_message(k5_ctx, msg); |
| 159 |
} |
159 |
} |
| 160 |
|
160 |
|
| 161 |
int verify_krb5_principal(char *principal_name, char *password, Operation *op) { |
161 |
int verify_krb5_principal(char *principal_name, char *password, Operation *op, const char **text) { |
| 162 |
|
162 |
|
| 163 |
int ret; |
163 |
int ret; |
| 164 |
|
164 |
|
|
|
|---|
| 209 |
case KRB5KDC_ERR_PREAUTH_FAILED: |
209 |
case KRB5KDC_ERR_PREAUTH_FAILED: |
| 210 |
case KRB5_GET_IN_TKT_LOOP: |
210 |
case KRB5_GET_IN_TKT_LOOP: |
| 211 |
/* Authentication failed */ |
211 |
/* Authentication failed */ |
| 212 |
printf("Authentication failed\n"); |
212 |
if( text ) *text = "Authentication failed"; |
| 213 |
ret = -1; |
213 |
ret = -1; |
| 214 |
goto cleanup; |
214 |
goto cleanup; |
| 215 |
case KRB5KDC_ERR_KEY_EXP: |
215 |
case KRB5KDC_ERR_KEY_EXP: |
| 216 |
/* Authentication ok, password expired */ |
216 |
/* Authentication ok, password expired */ |
| 217 |
printf("Password expired\n"); |
217 |
if( text ) *text = "Password expired"; |
|
|
218 |
ret = -1; |
| 219 |
goto cleanup; |
| 220 |
case KRB5KRB_AP_ERR_SKEW: |
| 221 |
if( text ) *text = "Clock skew too great"; |
| 218 |
ret = -1; |
222 |
ret = -1; |
| 219 |
goto cleanup; |
223 |
goto cleanup; |
| 220 |
default: |
224 |
default: |
|
|
|---|
| 312 |
memcpy( password, cred->bv_val, cred->bv_len ); |
316 |
memcpy( password, cred->bv_val, cred->bv_len ); |
| 313 |
password[cred->bv_len] = '\0'; |
317 |
password[cred->bv_len] = '\0'; |
| 314 |
|
318 |
|
| 315 |
rc = verify_krb5_principal(principal, password, op); |
319 |
rc = verify_krb5_principal(principal, password, op, text); |
| 316 |
if ( rc ) { |
320 |
if ( rc ) { |
| 317 |
ret = LUTIL_PASSWD_ERR; |
321 |
ret = LUTIL_PASSWD_ERR; |
| 318 |
goto done; |
322 |
goto done; |