Sent on behalf of Jai Lamerton. Please address any replies to jlamerto
_at_scu.edu.au
Hi, I am stabbing in the dark with this one. If anyone has any ideas I would
be appreciative.
The problem goes like this:
On a Compaq DS20 with tru64 4.0g I have squid 2.4STABLE1 running with a
custom KRB5 authenticator that I have hacked together in c (code supplied
below). The process functions as it should, however, at an unidentified
event
it just dies. I have the exact same setup on a Compaq workstation
500au with tru64 4.0g and I have not experienced these unexpected dying
processes.
The kerberos version I am using is 1.2.2 with some slave KDC's at version
1.0.5.
I have to confess I'm not a programmer so I am suspecting my code.
<####CODE BEGIN####>
#include <stdio.h>
#define MAXIMUM 254
main()
{
char username[MAXIMUM];
char passwd[MAXIMUM];
char* ptr;
char authstring[MAXIMUM];
char* end;
// Make standard output line buffered.
if(setvbuf(stdout, NULL, _IOLBF, 0) != 0)
return;
while(fgets(authstring, MAXIMUM, stdin) != NULL)
{
// Strip off trailing newline
if(strlen(authstring) > 0)
authstring[strlen(authstring) - 1] = '\0';
// parse out username and passwd
ptr = authstring;
while(isspace(*ptr))
ptr++;
if((end = strchr(ptr, ' ')) == NULL)
{
auth_log(" No password supplied for: ",
username);
printf("ERR\n"); // No Password.
continue;
}
*end = '\0';
strncpy(username, ptr, MAXIMUM);
ptr = end+1;
while(isspace(*ptr))
ptr++;
strncpy(passwd, ptr, MAXIMUM);
// Protect from root
if(!strcmp(username, "root"))
{
auth_log(" Denied access for: ",
username);
printf("ERR\n");
continue;
}
// Check auth.
if(auth_user_scu(username, passwd))
{
//auth_log(" Granted access for: ",
username);
printf("OK\n");
}
else
{
//auth_log(" Failed attempt for: ",
username);
printf("ERR\n");
}
fflush(stdout);
}
exit(1);
}
<####CODE END####>
<####CODE BEGIN####>
#include "krb5.h"
#define KRB5_DEFAULT_OPTIONS ((krb5_flags) 0)
#define KRB5_DEFAULT_LIFE 60*60*8 // 8 hours.
#define SUCCESS 1
#define FAILURE 0
krb5_data tgtname = {
0,
KRB5_TGS_NAME_SIZE,
KRB5_TGS_NAME
};
krb5_preauthtype *preauth = NULL;
// Kerberos code to check username and password
//
// Returns SUCCESS or FAILURE
int auth_user_scu(char* username, char* passwd)
{
// Kerberos variables
krb5_context kcontext;
krb5_ccache ccache = NULL;
long lifetime = KRB5_DEFAULT_LIFE;
krb5_error_code code;
krb5_principal me;
krb5_principal server;
krb5_creds my_creds;
krb5_timestamp now;
krb5_data* datap;
// Work through building a ticket
// fail if error.
if((*username == '\0') || (*passwd == '\0'))
{
auth_log(" krb5 password or user was null. ", username);
return FAILURE;
}
if(krb5_init_context(&kcontext))
{
auth_log(" Could not initialise krb5 context for: ",
username);
return FAILURE;
}
if((code = krb5_cc_default(kcontext, &ccache)))
{
auth_log(" Could not get krb5 default cache: ", username);
return FAILURE;
}
if((code = krb5_parse_name(kcontext, username, &me)))
{
auth_log(" Could not parse username: ", username);
return FAILURE;
}
code = krb5_cc_initialize(kcontext, ccache, me);
if(code != 0)
{
krb5_free_principal(kcontext, me);
krb5_free_context(kcontext,me);
auth_log(" Could not initialise krb5 default
cache: ", username);
return FAILURE;
}
memset((char*) &my_creds, 0, sizeof(my_creds));
my_creds.client = me;
datap = krb5_princ_realm(kcontext, me);
if((code = krb5_build_principal_ext(kcontext, &server,
datap->length, datap->data,
tgtname.length, tgtname.data,
datap->length, datap->data,
0)))
{
krb5_free_principal(kcontext, me);
krb5_free_context(kcontext);
auth_log(" Could not build krb5 server name: ",
username);
return FAILURE;
}
my_creds.server = server;
if((code = krb5_timeofday(kcontext, &now)))
{
krb5_free_principal(kcontext, me);
krb5_free_context(kcontext);
auth_log(" Could not get krb5 time of day: ", username);
return FAILURE;
}
my_creds.times.starttime = 0; // Start timer when request gets
to KD
my_creds.times.endtime = now + lifetime;
my_creds.times.renew_till = 0;
code = krb5_get_in_tkt_with_password(kcontext,
KRB5_DEFAULT_OPTIONS, NULL,
NULL, NULL, passwd, ccache,
&my_creds, NULL);
krb5_free_principal(kcontext, server);
krb5_free_principal(kcontext, me);
krb5_free_context(kcontext);
if(code)
{
//auth_log("Error getting krb5 passwd. \n");
auth_log(" krb5 password incorrect: ", username);
return FAILURE;
}
return SUCCESS;
}
<####CODE END####>
Jai Lamerton
Systems Administrator - UNIX
Southern Cross University
+++++++++++++++++++++++++++++++++++++++++
Microsoft Alert!
Windows has detected your mouse moved.
Please reboot for changes to take affect.
+++++++++++++++++++++++++++++++++++++++++
Received on Fri Aug 24 2001 - 04:10:41 NZST