diff options
| author | Sam Hartman <hartmans@mit.edu> | 1996-08-22 00:08:49 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 1996-08-22 00:08:49 +0000 |
| commit | eac4151455ed1735cef5cf54dae742d28548bc1c (patch) | |
| tree | 3117e345b6bd251b6a1c0ccec87f2d90e590c39e | |
| parent | a433d3e32d23de48080bf50a501c03b512dae3d6 (diff) | |
| download | krb5-eac4151455ed1735cef5cf54dae742d28548bc1c.tar.gz krb5-eac4151455ed1735cef5cf54dae742d28548bc1c.tar.xz krb5-eac4151455ed1735cef5cf54dae742d28548bc1c.zip | |
* Include new MH patch from kenh@cmf.nrl.navy.mil. I have audited the
patch against the old patch and krb5 changes, and it looks clean. He
claims it compiles and works; it's certainly not any worse than the
previous patch.
* Popper now checks the client name to see that it matches the
supplied credentials. If I understand the previous code, it didn't
exactly care who you Kerberos-authenticated as.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8963 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/appl/popper/ChangeLog | 11 | ||||
| -rw-r--r-- | src/appl/popper/mh-6.8.patch | 595 | ||||
| -rw-r--r-- | src/appl/popper/pop_init.c | 12 |
3 files changed, 325 insertions, 293 deletions
diff --git a/src/appl/popper/ChangeLog b/src/appl/popper/ChangeLog index 5d84f9473..ecfed9772 100644 --- a/src/appl/popper/ChangeLog +++ b/src/appl/popper/ChangeLog @@ -1,3 +1,14 @@ +Wed Aug 21 19:39:11 1996 Sam Hartman <hartmans@mit.edu> + + * mh-6.8.patch: Ken Hornstein <kenh@cmf.nrl.navy.mil> contributed + replacement patch that uses Beta-6 calling conventions. + +Thu Aug 15 22:16:20 1996 Sam Hartman <hartmans@mit.edu> + + * pop_init.c (authenticate): Patch from Ken Hornstein + <kenh@cmf.nrl.navy.mil> to make sure we actually look at the + client name. + Sat Mar 16 07:11:06 1996 Ezra Peisach <epeisach@mit.edu> * configure.in: pop_init.c authenticate() needs USE_ANAME. diff --git a/src/appl/popper/mh-6.8.patch b/src/appl/popper/mh-6.8.patch index 7ed7107db..ef4090aa2 100644 --- a/src/appl/popper/mh-6.8.patch +++ b/src/appl/popper/mh-6.8.patch @@ -1,292 +1,303 @@ -*** ./zotnet/mts/client.c.orig Fri Jul 8 21:56:54 1994 ---- ./zotnet/mts/client.c Fri Jul 8 22:44:04 1994 -*************** -*** 26,31 **** ---- 26,46 ---- - #include <hesiod.h> - #endif - -+ #if defined(KPOP) && defined(K5POP) -+ #error "You cannot define both KPOP and K5POP" -+ #endif -+ #ifdef K5POP -+ #include "krb5.h" -+ /* #include <krb5/ext-proto.h> */ -+ /* #include <krb5/los-proto.h> */ -+ #include "com_err.h" -+ #include <ctype.h> -+ -+ static krb5_error_code retval; -+ static krb5_ccache ccdef; -+ static krb5_principal kclient = NULL, kserver = NULL; -+ #endif -+ - #ifdef KPOP - #include <krb.h> - #include <ctype.h> -*************** -*** 75,80 **** ---- 90,98 ---- - static struct addrent *he, *hz; - static struct addrent hosts[MAXHOSTS]; - -+ #ifdef K5POP -+ static char *kservice; /* "pop" if using kpop */ -+ #endif - #ifdef KPOP - char krb_realm[REALM_SZ]; - char *PrincipalHostname(); -*************** -*** 109,115 **** - register struct netent *np; - #endif - register struct servent *sp; -! #ifdef KPOP - char *cp; - - if (cp = index (kservice = service, '/')) { /* "pop/kpop" */ ---- 127,133 ---- - register struct netent *np; - #endif - register struct servent *sp; -! #if defined(KPOP) || defined(K5POP) - char *cp; - - if (cp = index (kservice = service, '/')) { /* "pop/kpop" */ -*************** -*** 118,129 **** - } - else - kservice = NULL; /* not using KERBEROS */ -! #endif /* KPOP */ - - - if ((sp = getservbyname (service, protocol)) == NULL) { - #ifdef HESIOD -! if ((sp = hes_getservbyname (service, protocol)) == NULL) { - (void) sprintf (response, "%s/%s: unknown service", - protocol, service); - return NOTOK; ---- 136,147 ---- - } - else - kservice = NULL; /* not using KERBEROS */ -! #endif /* KPOP || K5POP */ - - - if ((sp = getservbyname (service, protocol)) == NULL) { - #ifdef HESIOD -! if ((sp = (struct servent *) hes_getservbyname (service, protocol)) == NULL) { - (void) sprintf (response, "%s/%s: unknown service", - protocol, service); - return NOTOK; -*************** -*** 206,214 **** - register struct addrent *ap; - struct sockaddr_in in_socket; - register struct sockaddr_in *isock = &in_socket; -! #ifdef KPOP - int rem; -! #endif /* KPOP */ - - for (ap = nets; ap < ne; ap++) - if (ap -> a_addrtype == hp -> h_addrtype && inet (hp, ap -> a_net)) ---- 224,232 ---- - register struct addrent *ap; - struct sockaddr_in in_socket; - register struct sockaddr_in *isock = &in_socket; -! #if defined(KPOP) || defined(K5POP) - int rem; -! #endif /* KPOP || K5POP */ - - for (ap = nets; ap < ne; ap++) - if (ap -> a_addrtype == hp -> h_addrtype && inet (hp, ap -> a_net)) -*************** -*** 252,257 **** ---- 270,328 ---- - return NOTOK; - } - -+ #ifdef K5POP -+ if (kservice) { /* "pop" */ -+ krb5_error *err_ret = NULL; -+ -+ krb5_init_ets(); -+ -+ if (retval = krb5_cc_default(&ccdef)) { -+ sprintf(response, "Post office refused connection: krb5_cc_default: %s", -+ error_message(retval)); -+ close(sd); -+ return OOPS2; -+ } -+ if (retval = krb5_cc_get_principal(ccdef, &kclient)) { -+ sprintf(response, "Post office refused connection: krb5_cc_get_principal: %s", -+ error_message(retval)); -+ close(sd); -+ return OOPS2; -+ } -+ -+ if (retval = krb5_sname_to_principal(hp->h_name, kservice, -+ KRB5_NT_SRV_HST, -+ &kserver)) { -+ sprintf(response, "Post office refused connection: krb5_sname_to_principal: %s", -+ error_message(retval)); -+ close(sd); -+ return OOPS2; -+ } -+ -+ retval = krb5_sendauth((krb5_pointer) &sd, "KPOPV1.0", kclient, kserver, -+ AP_OPTS_MUTUAL_REQUIRED, -+ 0, /* no checksum */ -+ 0, /* no creds, use ccache instead */ -+ ccdef, -+ 0, /* don't need seq # */ -+ 0, /* don't need a subsession key */ -+ &err_ret, -+ 0); /* don't need reply */ -+ krb5_free_principal(kserver); -+ if (retval) { -+ if (err_ret && err_ret->text.length) { -+ sprintf(response, "Post office refused connection: %s [server says '%*s'] ", -+ error_message(retval), -+ err_ret->text.length, -+ err_ret->text.data); -+ krb5_free_error(err_ret); -+ } else -+ sprintf(response, "Post office refused connection: %s", -+ error_message(retval)); -+ close(sd); -+ return OOPS2; -+ } -+ } -+ #endif /* K5POP */ - #ifdef KPOP - if (kservice) { /* "pop" */ - ticket = (KTEXT)malloc( sizeof(KTEXT_ST) ); -*************** -*** 298,307 **** - : "unknown error"); - return NOTOK; - } -! #ifdef KPOP - if (kservice) /* "pop" */ - return(sd); -! #endif /* KPOP */ - if (!rproto) - return sd; - ---- 369,378 ---- - : "unknown error"); - return NOTOK; - } -! #if defined(KPOP) || defined(K5POP) - if (kservice) /* "pop" */ - return(sd); -! #endif /* KPOP || K5POP */ - if (!rproto) - return sd; - -*** ./uip/popsbr.c.orig Fri Jul 8 21:59:08 1994 ---- ./uip/popsbr.c Fri Jul 8 22:28:00 1994 -*************** -*** 144,153 **** - #endif /* APOP */ - - #ifndef NNTP -! #ifndef KPOP - if ((fd1 = client (host, "tcp", POPSERVICE, rpop, response)) == NOTOK) - #else /* KPOP */ - (void) sprintf (buffer, "%s/%s", POPSERVICE, "kpop"); - if ((fd1 = client (host, "tcp", buffer, rpop, response)) == NOTOK) - #endif - #else /* NNTP */ ---- 144,158 ---- - #endif /* APOP */ - - #ifndef NNTP -! #if !defined(KPOP) && !defined(K5POP) - if ((fd1 = client (host, "tcp", POPSERVICE, rpop, response)) == NOTOK) - #else /* KPOP */ -+ #ifdef K5POP -+ (void) sprintf (buffer, "%s/%s", POPSERVICE, "k5pop"); -+ #endif -+ #ifdef KPOP - (void) sprintf (buffer, "%s/%s", POPSERVICE, "kpop"); -+ #endif - if ((fd1 = client (host, "tcp", buffer, rpop, response)) == NOTOK) - #endif - #else /* NNTP */ -*************** -*** 177,183 **** - fprintf (stderr, "<--- %s\n", response); - #ifndef NNTP - if (*response == '+') { -! #ifndef KPOP - #ifdef APOP - if (apop < 0) { - char *cp = pop_auth (user, pass); ---- 182,188 ---- - fprintf (stderr, "<--- %s\n", response); - #ifndef NNTP - if (*response == '+') { -! #if !defined(KPOP) && !defined(K5POP) - #ifdef APOP - if (apop < 0) { - char *cp = pop_auth (user, pass); -*************** -*** 191,197 **** - && command ("%s %s", rpop ? "RPOP" : (pophack++, "PASS"), - pass) != NOTOK) - return OK; -! #else /* KPOP */ - if (command ("USER %s", user) != NOTOK - && command ("PASS %s", pass) != NOTOK) - return OK; ---- 196,202 ---- - && command ("%s %s", rpop ? "RPOP" : (pophack++, "PASS"), - pass) != NOTOK) - return OK; -! #else /* KPOP || K5POP */ - if (command ("USER %s", user) != NOTOK - && command ("PASS %s", pass) != NOTOK) - return OK; -*** ./uip/inc.c.orig Fri Jul 8 22:02:16 1994 ---- ./uip/inc.c Fri Jul 8 22:02:35 1994 -*************** -*** 19,27 **** - #ifdef POP - #include "../h/dropsbr.h" - #endif -- #ifdef KPOP -- #include <krb.h> -- #endif - #ifdef HESIOD - #include <hesiod.h> - #endif ---- 19,24 ---- -*** ./conf/makefiles/uip.orig Fri Jul 8 22:17:19 1994 ---- ./conf/makefiles/uip Fri Jul 8 22:35:23 1994 -*************** -*** 84,89 **** ---- 84,92 ---- - @BEGIN: KPOP - KRBLIB = -lkrb -ldes - @END: KPOP -+ @BEGIN: K5POP -+ KRBLIB = -lkrb5 -lcrypto -lisode -lcom_err -+ @END: K5POP - @BEGIN: BPOP - PSHLIB = popsbr.o - PSHLLIBS= popsbr.c -*** ./conf/mhconfig.c.orig Fri Jul 8 22:14:14 1994 ---- ./conf/mhconfig.c Fri Jul 8 22:19:37 1994 -*************** -*** 138,143 **** ---- 138,144 ---- - "APOP", 0, /* authenticated pop */ - "BSD43", 0, /* sgid ttys */ - "KPOP", 0, /* KERBEROS pop */ -+ "K5POP", 0, /* KERBEROS5 pop */ - "HESIOD", 0, - "MIME", 0, /* multi-media extensions */ - "MPOP", 0, /* mobile pop */ + +--- zotnet/mts/client.c.orig Mon Aug 12 00:26:34 1996 ++++ zotnet/mts/client.c Mon Aug 12 01:36:12 1996 +@@ -26,6 +26,22 @@ + #include <hesiod.h> + #endif + ++#if defined(KPOP) && defined(K5POP) ++#error "You cannot define both KPOP and K5POP" ++#endif ++#ifdef K5POP ++#include "krb5.h" ++/* #include <krb5/ext-proto.h> */ ++/* #include <krb5/los-proto.h> */ ++#include "com_err.h" ++#include <ctype.h> ++ ++static krb5_error_code retval; ++static krb5_ccache ccdef; ++static krb5_principal kclient = NULL, kserver = NULL; ++static krb5_context context; ++#endif ++ + #ifdef KPOP + #include <krb.h> + #include <ctype.h> +@@ -76,6 +92,9 @@ + static struct addrent *he, *hz; + static struct addrent hosts[MAXHOSTS]; + ++#ifdef K5POP ++static char *kservice; /* "pop" if using kpop */ ++#endif + #ifdef KPOP + char krb_realm[REALM_SZ]; + char *PrincipalHostname(); +@@ -122,7 +141,7 @@ + register struct netent *np; + #endif + register struct servent *sp; +-#ifdef KPOP ++#if defined(KPOP) || defined(K5POP) + char *cp; + + if (cp = index (kservice = service, '/')) { /* "pop/kpop" */ +@@ -131,12 +150,12 @@ + } + else + kservice = NULL; /* not using KERBEROS */ +-#endif /* KPOP */ ++#endif /* KPOP || K5POP */ + + + if ((sp = getservbyname (service, protocol)) == NULL) { + #ifdef HESIOD +- if ((sp = hes_getservbyname (service, protocol)) == NULL) { ++ if ((sp = (struct servent *) hes_getservbyname (service, protocol)) == NULL) { + (void) sprintf (response, "%s/%s: unknown service", + protocol, service); + return NOTOK; +@@ -219,9 +238,9 @@ + register struct addrent *ap; + struct sockaddr_in in_socket; + register struct sockaddr_in *isock = &in_socket; +-#ifdef KPOP ++#if defined(KPOP) || defined(K5POP) + int rem; +-#endif /* KPOP */ ++#endif /* KPOP || K5POP */ + + for (ap = nets; ap < ne; ap++) + if (ap -> a_addrtype == hp -> h_addrtype && inet (hp, ap -> a_net)) +@@ -265,6 +284,65 @@ + return NOTOK; + } + ++#ifdef K5POP ++ if (kservice) { /* "pop" */ ++ krb5_error *err_ret = NULL; ++ krb5_auth_context auth_context = NULL; ++ ++ krb5_init_context(&context); ++ krb5_init_ets(context); ++ ++ if (retval = krb5_cc_default(context, &ccdef)) { ++ sprintf(response, "Post office refused connection: krb5_cc_default: %s", ++ error_message(retval)); ++ close(sd); ++ return OOPS2; ++ } ++ if (retval = krb5_cc_get_principal(context, ccdef, &kclient)) { ++ sprintf(response, "Post office refused connection: krb5_cc_get_principal: %s", ++ error_message(retval)); ++ close(sd); ++ return OOPS2; ++ } ++ ++ if (retval = krb5_sname_to_principal(context, hp->h_name, kservice, ++ KRB5_NT_SRV_HST, ++ &kserver)) { ++ sprintf(response, "Post office refused connection: krb5_sname_to_principal: %s", ++ error_message(retval)); ++ close(sd); ++ return OOPS2; ++ } ++ ++ retval = krb5_sendauth(context, &auth_context, (krb5_pointer) &sd, ++ "KPOPV1.0", kclient, kserver, ++ AP_OPTS_MUTUAL_REQUIRED, ++ 0, /* no checksum */ ++ 0, /* no creds, use ccache instead */ ++ ccdef, ++ &err_ret, ++ 0, ++ 0); /* don't need reply */ ++ krb5_free_principal(context, kserver); ++ if (auth_context) ++ krb5_auth_con_free(context, auth_context); ++ if (retval) { ++ if (err_ret && err_ret->text.length) { ++ sprintf(response, "Post office refused connection: %s [server says '%*s'] ", ++ error_message(retval), ++ err_ret->text.length, ++ err_ret->text.data); ++ krb5_free_error(context, err_ret); ++ } else ++ sprintf(response, "Post office refused connection: %s", ++ error_message(retval)); ++ close(sd); ++ krb5_free_context(context); ++ return OOPS2; ++ } ++ krb5_free_context(context); ++ } ++#endif /* K5POP */ + #ifdef KPOP + if (kservice) { /* "pop" */ + ticket = (KTEXT)malloc( sizeof(KTEXT_ST) ); +@@ -311,10 +389,10 @@ + : "unknown error"); + return NOTOK; + } +-#ifdef KPOP ++#if defined(KPOP) || defined(K5POP) + if (kservice) /* "pop" */ + return(sd); +-#endif /* KPOP */ ++#endif /* KPOP || K5POP */ + if (!rproto) + return sd; + +--- uip/popsbr.c.orig Mon Aug 12 00:27:00 1996 ++++ uip/popsbr.c Mon Aug 12 01:20:50 1996 +@@ -15,6 +15,7 @@ + #endif /* NNTP */ + #include <stdio.h> + #include <signal.h> ++#include <errno.h> + + #ifndef POPSERVICE + #define POPSERVICE "pop" +@@ -144,10 +145,15 @@ + #endif /* APOP */ + + #ifndef NNTP +-#ifndef KPOP ++#if !defined(KPOP) && !defined(K5POP) + if ((fd1 = client (host, "tcp", POPSERVICE, rpop, response)) == NOTOK) + #else /* KPOP */ ++#ifdef K5POP + (void) sprintf (buffer, "%s/%s", POPSERVICE, "kpop"); ++#endif ++#ifdef KPOP ++ (void) sprintf (buffer, "%s/%s", POPSERVICE, "kpop"); ++#endif + if ((fd1 = client (host, "tcp", buffer, rpop, response)) == NOTOK) + #endif + #else /* NNTP */ +@@ -177,7 +183,7 @@ + fprintf (stderr, "<--- %s\n", response); + #ifndef NNTP + if (*response == '+') { +-#ifndef KPOP ++#if !defined(KPOP) && !defined(K5POP) + #ifdef APOP + if (apop < 0) { + char *cp = pop_auth (user, pass); +@@ -191,7 +197,7 @@ + && command ("%s %s", rpop ? "RPOP" : (pophack++, "PASS"), + pass) != NOTOK) + return OK; +-#else /* KPOP */ ++#else /* KPOP || K5POP */ + if (command ("USER %s", user) != NOTOK + && command ("PASS %s", pass) != NOTOK) + return OK; +--- uip/inc.c.orig Mon Aug 12 00:27:08 1996 ++++ uip/inc.c Mon Aug 12 00:28:27 1996 +@@ -19,9 +19,6 @@ + #ifdef POP + #include "../h/dropsbr.h" + #endif +-#ifdef KPOP +-#include <krb.h> +-#endif + #ifdef HESIOD + #include <hesiod.h> + #endif +--- conf/mhconfig.c.orig Sat Aug 10 00:13:00 1996 ++++ conf/mhconfig.c Mon Aug 12 00:28:29 1996 +@@ -134,6 +134,7 @@ + "BSD43", 0, /* sgid ttys */ + "BSD44", 0, /* manual headings */ + "KPOP", 0, /* KERBEROS pop */ ++ "K5POP", 0, /* KERBEROS5 pop */ + "HESIOD", 0, + "MIME", 0, /* multi-media extensions */ + "MPOP", 0, /* mobile pop */ +--- conf/makefiles/uip.orig Tue Nov 30 23:00:23 1993 ++++ conf/makefiles/uip Tue Aug 13 14:44:56 1996 +@@ -84,6 +84,8 @@ + @BEGIN: KPOP + KRBLIB = -lkrb -ldes + @END: KPOP ++@BEGIN: K5POP ++KRBLIB = -lkrb5 -lcrypto -lcom_err + @END: POP + @BEGIN: BPOP + PSHLIB = popsbr.o +@@ -328,7 +330,7 @@ + bbc: xbbc + + xbbc: bbc.o $(PSHLIB) $(LIBES) +- $(LD) $(LDFLAGS) -o $@ bbc.o $(PSHLIB) $(LDLIBS) ++ $(LD) $(LDFLAGS) -o $@ bbc.o $(KRBLIB) $(PSHLIB) $(LDLIBS) + + l-bbc:; $(LINT) $(LFLAGS) bbc.c $(PSHLLIBS) $(LLIBS) + +@@ -640,7 +642,7 @@ + xmhl: mhl.o \ + mhlsbr.o trmsbr.o $(LIBES) + $(LD) $(LDFLAGS) -o $@ mhl.o \ +- mhlsbr.o trmsbr.o $(LDLIBS) $(LDCURSES) ++ mhlsbr.o trmsbr.o $(KRBLIB) $(LDLIBS) $(LDCURSES) + + l-mhl:; $(LINT) $(LFLAGS) mhl.c \ + mhlsbr.c trmsbr.c $(LLIBS) +@@ -676,7 +678,7 @@ + + xmhn: mhn.o ftpsbr.o trmsbr.o $(LIBES) + $(LD) $(LDFLAGS) -o $@ mhn.o ftpsbr.o trmsbr.o \ +- $(LDLIBS) $(LDCURSES) ++ $(KRBLIB) $(LDLIBS) $(LDCURSES) + + l-mhn:; $(LINT) $(LFLAGS) mhn.c ftpsbr.c trmsbr.c $(LLIBS) + +@@ -756,7 +758,7 @@ + $(PSHLIB) $(LIBES) + $(LD) $(LDFLAGS) -o $@ msh.o mshcmds.o vmhsbr.o \ + picksbr.o scansbr.o dropsbr.o mhlsbr.o trmsbr.o \ +- $(PSHLIB) $(LDLIBS) $(LDCURSES) ++ $(PSHLIB) $(KRBLIB) $(LDLIBS) $(LDCURSES) + + l-msh:; $(LINT) $(LFLAGS) msh.c mshcmds.c vmhsbr.c \ + picksbr.c scansbr.c dropsbr.c mhlsbr.c trmsbr.c \ +@@ -809,8 +811,8 @@ + popi: xpopi + + xpopi: popi.o $(POPLIB) trmsbr.o $(LIBES) +- $(LD) $(LDFLAGS) -o $@ popi.o $(POPLIB) trmsbr.o $(LDLIBS) \ +- $(LDCURSES) ++ $(LD) $(LDFLAGS) -o $@ popi.o $(POPLIB) trmsbr.o $(KRBLIB) \ ++ $(LDLIBS) $(LDCURSES) + + l-popi:; $(LINT) $(LFLAGS) popi.c $(POPLLIBS) trmsbr.c $(LLIBS) + +@@ -835,7 +837,7 @@ + + xpost: post.o \ + aliasbr.o $(MTSBRS) $(TMALIB) $(LIBES) +- $(LD) $(LDFLAGS) -o $@ post.o \ ++ $(LD) $(KRBLIB) $(LDFLAGS) -o $@ post.o \ + aliasbr.o $(MTSBRS) $(TMALIB) $(LDLIBS) + + l-post:; $(LINT) $(LFLAGS) post.c \ +@@ -1096,7 +1098,7 @@ + xshow: show.o \ + mhlsbr.o trmsbr.o $(LIBES) + $(LD) $(LDFLAGS) -o $@ show.o \ +- mhlsbr.o trmsbr.o $(LDLIBS) $(LDCURSES) ++ mhlsbr.o trmsbr.o $(KRBLIB) $(LDLIBS) $(LDCURSES) + + l-show:; $(LINT) $(LFLAGS) show.c \ + mhlsbr.c trmsbr.c $(LLIBS) +@@ -1121,7 +1123,7 @@ + sbboards: xsbboards + + xsbboards: sbboards.o dropsbr.o $(LIBES) +- $(LD) $(LDFLAGS) -o $@ sbboards.o dropsbr.o $(LDLIBS) ++ $(LD) $(LDFLAGS) -o $@ sbboards.o dropsbr.o $(KRBLIB) $(LDLIBS) + + l-sbboards:; $(LINT) $(LFLAGS) sbboards.c dropsbr.c $(LLIBS) + diff --git a/src/appl/popper/pop_init.c b/src/appl/popper/pop_init.c index 40b97d329..68c14e942 100644 --- a/src/appl/popper/pop_init.c +++ b/src/appl/popper/pop_init.c @@ -290,6 +290,7 @@ authenticate(p, addr) krb5_auth_context auth_context = NULL; krb5_error_code retval; krb5_principal server; + krb5_ticket *ticket; int sock = 0; krb5_init_context(&pop_context); @@ -309,7 +310,7 @@ authenticate(p, addr) "KPOPV1.0", server, 0, /* no flags */ NULL, /* default keytab */ - NULL /* don't care about ticket */ + &ticket /* need ticket for client name */ )) { pop_msg(p, POP_FAILURE, "recvauth failed--%s", error_message(retval)); pop_log(p, POP_WARNING, "%s: recvauth failed--%s", @@ -318,6 +319,15 @@ authenticate(p, addr) } krb5_free_principal(pop_context, server); krb5_auth_con_free(pop_context, auth_context); + if (retval = krb5_copy_principal(pop_context, ticket->enc_part2->client, + &ext_client)) { + pop_msg(p, POP_FAILURE, "unable to copy principal--%s", + error_message(retval)); + pop_msg(p, POP_FAILURE, "unable to copy principal (%s)", + inet_ntoa(addr->sin_addr)); + exit(-1); + } + krb5_free_ticket(pop_context, ticket); if (retval = krb5_unparse_name(pop_context, ext_client, &client_name)) { pop_msg(p, POP_FAILURE, "name not parsable--%s", error_message(retval)); |