diff --git a/.gitattributes b/.gitattributes index 49c9924bbe8f3edb5b77cc28a8f2d4cc3ad3ac10..f3710c7c3a955672589772b2ef32aa5b25e03d45 100644 --- a/.gitattributes +++ b/.gitattributes @@ -488,6 +488,10 @@ testfont binary /src/modules/Java/jvm.c foreign_ident /src/modules/Java/ntdl.c foreign_ident /src/modules/Java/testsuite.in foreign_ident +/src/modules/Kerberos/Makefile.in foreign_ident +/src/modules/Kerberos/acconfig.h foreign_ident +/src/modules/Kerberos/configure.in foreign_ident +/src/modules/Kerberos/kerberos.cmod foreign_ident /src/modules/MIME/Makefile.in foreign_ident /src/modules/MIME/acconfig.h foreign_ident /src/modules/MIME/configure.in foreign_ident diff --git a/src/modules/Kerberos/.cvsignore b/src/modules/Kerberos/.cvsignore new file mode 100644 index 0000000000000000000000000000000000000000..56b780c8c469a8a29679b56421636a8a681728d9 --- /dev/null +++ b/src/modules/Kerberos/.cvsignore @@ -0,0 +1,17 @@ +Makefile +config.h +config.h.in +config.log +config.status +configure +dependencies +linker_options +make_variables +modlist_headers +modlist_segment +testsuite +remake +stamp-h +stamp-h.in +kerberos.c +kerberos.cmod.compiled diff --git a/src/modules/Kerberos/.gitignore b/src/modules/Kerberos/.gitignore new file mode 100644 index 0000000000000000000000000000000000000000..07b0c1b528330776ee2c6aba4049c862a043b50a --- /dev/null +++ b/src/modules/Kerberos/.gitignore @@ -0,0 +1,17 @@ +/Makefile +/config.h +/config.h.in +/config.log +/config.status +/configure +/dependencies +/linker_options +/make_variables +/modlist_headers +/modlist_segment +/testsuite +/remake +/stamp-h +/stamp-h.in +/kerberos.c +/kerberos.cmod.compiled diff --git a/src/modules/Kerberos/Makefile.in b/src/modules/Kerberos/Makefile.in new file mode 100644 index 0000000000000000000000000000000000000000..498bd6249353a854310470614f0dc95f122f23a8 --- /dev/null +++ b/src/modules/Kerberos/Makefile.in @@ -0,0 +1,12 @@ +# $Id: Makefile.in,v 1.1 2004/05/13 08:57:07 grubba Exp $ +@make_variables@ +VPATH=@srcdir@ +OBJS=kerberos.o +MODULE_LDFLAGS=@LDFLAGS@ @LIBS@ + +CONFIG_HEADERS=@CONFIG_HEADERS@ + +@dynamic_module_makefile@ +kerberos.o: $(SRCDIR)/kerberos.c + +@dependencies@ diff --git a/src/modules/Kerberos/acconfig.h b/src/modules/Kerberos/acconfig.h new file mode 100644 index 0000000000000000000000000000000000000000..2061d6cdfb283b10e3c23f090a34fd9e15b1e53a --- /dev/null +++ b/src/modules/Kerberos/acconfig.h @@ -0,0 +1,8 @@ +/* +|| This file is part of Pike. For copyright information see COPYRIGHT. +|| Pike is distributed under GPL, LGPL and MPL. See the file COPYING +|| for more information. +|| $Id: acconfig.h,v 1.1 2004/05/13 08:57:07 grubba Exp $ +*/ + + diff --git a/src/modules/Kerberos/configure.in b/src/modules/Kerberos/configure.in new file mode 100644 index 0000000000000000000000000000000000000000..22b566140b4384bc0743fee5c1d2add67ae3aea5 --- /dev/null +++ b/src/modules/Kerberos/configure.in @@ -0,0 +1,39 @@ +# $Id: configure.in,v 1.1 2004/05/13 08:57:07 grubba Exp $ +# +# Support for Kerberos +# +# 2004-05-12 Henrik Grubbstr�m +# +# FIXME: Currently only minimal support, and only for Kerberos 5 (not 4). + +AC_INIT(kerberos.cmod) +AC_CONFIG_HEADER(config.h) +AC_ARG_WITH(krb5, [ --with(out)-krb5 Support for Kerberos 5],[],[with_krb5=yes]) + +AC_MODULE_INIT() + +PIKE_FEATURE_OK(Math.) + +AC_C_CHAR_UNSIGNED + +if test x$with_krb5 = xyes ; then + dnl Checks for header files. + + PIKE_FEATURE(Kerberos,[no (krb5.h not found)]) + + AC_CHECK_HEADERS(krb5.h) + + if test "$ac_cv_header_krb5_h" = "yes"; then + dnl Checks for libraries. + + PIKE_FEATURE(Kerberos,[no (krb5 libraries not found)]) + + AC_CHECK_LIB(krb5, krb5_init_context) + + if test "$ac_cv_lib_krb5_krb5_init_context" = "yes"; then + PIKE_FEATURE(Kerberos,[yes]) + fi + fi +fi + +AC_OUTPUT(Makefile,echo FOO >stamp-h ) diff --git a/src/modules/Kerberos/kerberos.cmod b/src/modules/Kerberos/kerberos.cmod new file mode 100644 index 0000000000000000000000000000000000000000..b37ef0f7b26d85f518775cc44c91e2a215001628 --- /dev/null +++ b/src/modules/Kerberos/kerberos.cmod @@ -0,0 +1,134 @@ +/* + * $Id: kerberos.cmod,v 1.1 2004/05/13 08:57:08 grubba Exp $ + * + * Kerberos support for Pike. + * + * 2004-05-12 Henrik Grubbstr�m + * + * FIXME: Currently only minimal support, and only for Kerberos 5 (not 4). + */ + +#include "global.h" +#include "config.h" + +#include "svalue.h" +#include "module.h" +#include "interpret.h" + +#if defined(HAVE_KRB5_H) && defined(HAVE_LIBKRB5) +#define HAVE_KRB5 +#endif + +DECLARATIONS + +/* #define KRB_DEBUG */ + +#ifdef KRB_DEBUG +#define KRB_FPRINTF(X) fprintf X +#else /* !KRB_DEBUG */ +#define KRB_FPRINTF(X) +#endif /* KRB_DEBUG */ + +#ifdef HAVE_KRB5 + +#ifdef HAVE_KRB5_H +#include <krb5.h> +#endif + +PIKECLASS Context +{ + CVAR krb5_context ctx; + + INIT + { + krb5_error_code err_code; + if ((err_code = krb5_init_context(&THIS->ctx))) { + Pike_error("Failed to initialize context: %d\n", err_code); + } + } + + EXIT + { + if (THIS->ctx) { + krb5_free_context(THIS->ctx); + } + } + + PIKEFUN int(0..1) authenticate(string user, string password) + optflags OPT_EXTERNAL_DEPEND; + { + krb5_error_code err_code; + krb5_principal principal; + krb5_get_init_creds_opt get_creds_opt; + krb5_verify_init_creds_opt verify_creds_opt; + krb5_creds creds; + ONERROR err; + + /* Hide the password from backtraces. */ + Pike_sp[0] = Pike_sp[1-args]; + Pike_sp[1-args].type = PIKE_T_INT; + Pike_sp[1-args].subtype = NUMBER_UNDEFINED; + Pike_sp[1-args].u.integer = 0; + Pike_sp++; + args++; + + if (user->size_shift || password->size_shift) { + KRB_FPRINTF((stderr, "Wide password or user name.\n")); + pop_n_elems(args); + push_int(0); + return; + } + + if ((err_code = krb5_parse_name(THIS->ctx, STR0(user), &principal))) { + KRB_FPRINTF((stderr, "Failed to parse user name: %d\n", err_code)); + pop_n_elems(args); + push_int(0); + return; + } + + krb5_get_init_creds_opt_init(&get_creds_opt); + krb5_verify_init_creds_opt_init(&verify_creds_opt); + + if ((err_code = krb5_get_init_creds_password(THIS->ctx, &creds, + principal, STR0(password), + krb5_prompter_posix, + NULL, 0, NULL, + &get_creds_opt))) { + KRB_FPRINTF((stderr, "Failed to get password credentials: %d.\n", + err_code)); + pop_n_elems(args); + push_int(0); + return; + } + + if ((err_code = krb5_verify_init_creds(THIS->ctx, &creds, + NULL, NULL, NULL, + &verify_creds_opt))) { + krb5_free_cred_contents(THIS->ctx, &creds); + KRB_FPRINTF((stderr, "Failed to verify credentials: %d.\n", err_code)); + pop_n_elems(args); + push_int(0); + return; + } + + krb5_free_cred_contents(THIS->ctx, &creds); + KRB_FPRINTF((stderr, "Credentials ok.")); + + pop_n_elems(args); + push_int(1); + return; + } +} + + +#endif /* HAVE_KRB5 */ + +PIKE_MODULE_INIT +{ + INIT; +} + +PIKE_MODULE_EXIT +{ + EXIT; +} diff --git a/src/modules/Kerberos/testsuite.in b/src/modules/Kerberos/testsuite.in new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391