|
158 |
krb5_free_error_message(k5_ctx, msg); |
158 |
krb5_free_error_message(k5_ctx, msg); |
159 |
} |
159 |
} |
160 |
|
160 |
|
161 |
int verify_krb5_principal(char *principal_name, char *password, Operation *op) { |
161 |
int verify_krb5_principal(char *principal_name, char *password, Operation *op, const char **text) { |
162 |
|
162 |
|
163 |
int ret; |
163 |
int ret; |
164 |
|
164 |
|
|
209 |
case KRB5KDC_ERR_PREAUTH_FAILED: |
209 |
case KRB5KDC_ERR_PREAUTH_FAILED: |
210 |
case KRB5_GET_IN_TKT_LOOP: |
210 |
case KRB5_GET_IN_TKT_LOOP: |
211 |
/* Authentication failed */ |
211 |
/* Authentication failed */ |
212 |
printf("Authentication failed\n"); |
212 |
if( text ) *text = "Authentication failed"; |
213 |
ret = -1; |
213 |
ret = -1; |
214 |
goto cleanup; |
214 |
goto cleanup; |
215 |
case KRB5KDC_ERR_KEY_EXP: |
215 |
case KRB5KDC_ERR_KEY_EXP: |
216 |
/* Authentication ok, password expired */ |
216 |
/* Authentication ok, password expired */ |
217 |
printf("Password expired\n"); |
217 |
if( text ) *text = "Password expired"; |
|
|
218 |
ret = -1; |
219 |
goto cleanup; |
220 |
case KRB5KRB_AP_ERR_SKEW: |
221 |
if( text ) *text = "Clock skew too great"; |
218 |
ret = -1; |
222 |
ret = -1; |
219 |
goto cleanup; |
223 |
goto cleanup; |
220 |
default: |
224 |
default: |
|
312 |
memcpy( password, cred->bv_val, cred->bv_len ); |
316 |
memcpy( password, cred->bv_val, cred->bv_len ); |
313 |
password[cred->bv_len] = '\0'; |
317 |
password[cred->bv_len] = '\0'; |
314 |
|
318 |
|
315 |
rc = verify_krb5_principal(principal, password, op); |
319 |
rc = verify_krb5_principal(principal, password, op, text); |
316 |
if ( rc ) { |
320 |
if ( rc ) { |
317 |
ret = LUTIL_PASSWD_ERR; |
321 |
ret = LUTIL_PASSWD_ERR; |
318 |
goto done; |
322 |
goto done; |