X-Git-Url: http://git.hungrycats.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=driver%2Fpasswd-kerberos.c;h=cdb22b595d0ade04aa309caacd861e080f2bf9b7;hb=96a411663168b0ba5432b407a83be55f3df0c802;hp=ca3f13ea889d35b913a6def81b17bfb92ed4eeab;hpb=0316d74da7982288abddd34e7a62698eb7f79965;p=xscreensaver diff --git a/driver/passwd-kerberos.c b/driver/passwd-kerberos.c index ca3f13ea..cdb22b59 100644 --- a/driver/passwd-kerberos.c +++ b/driver/passwd-kerberos.c @@ -1,6 +1,6 @@ /* kpasswd.c --- verify kerberos passwords. * written by Nat Lanza (magus@cs.cmu.edu) for - * xscreensaver, Copyright (c) 1993-1997, 1998, 2000 + * xscreensaver, Copyright (c) 1993-1997, 1998, 2000, 2003 * Jamie Zawinski * * Permission to use, copy, modify, distribute, and sell this software and its @@ -27,7 +27,20 @@ #include #include -#ifdef HAVE_KERBEROS5 +/* I'm not sure if this is exactly the right test... + Might __APPLE__ be defined if this is apple hardware, but not + an Apple OS? + + Thanks to Alexei Kosut for the MacOS X code. + */ +#ifdef __APPLE__ +# define HAVE_DARWIN +#endif + + +#if defined(HAVE_DARWIN) +# include +#elif defined(HAVE_KERBEROS5) # include # include #else /* !HAVE_KERBEROS5 (meaning Kerberos 4) */ @@ -56,10 +69,14 @@ #define False 0 /* The user information we need to store */ -static char realm[REALM_SZ]; -static char name[ANAME_SZ]; -static char inst[INST_SZ]; -static char *tk_file; +#ifdef HAVE_DARWIN + static KLPrincipal princ; +#else /* !HAVE_DARWIN */ + static char realm[REALM_SZ]; + static char name[ANAME_SZ]; + static char inst[INST_SZ]; + static char *tk_file; +#endif /* !HAVE_DARWIN */ /* Called at startup to grab user, instance, and realm information @@ -83,6 +100,20 @@ static char *tk_file; Bool kerberos_lock_init (int argc, char **argv, Bool verbose_p) { +# ifdef HAVE_DARWIN + + KLBoolean found; + return ((klNoErr == (KLCacheHasValidTickets (NULL, kerberosVersion_Any, + &found, &princ, NULL))) + && found); + +# else /* !HAVE_DARWIN */ + + /* Perhaps we should be doing it the Mac way (above) all the time? + The following code assumes Unix-style file-based Kerberos credentials + cache, which Mac OS X doesn't use. But is there any real reason to + do it this way at all, even on other Unixen? + */ int k_errno; memset(name, 0, sizeof(name)); @@ -120,6 +151,8 @@ kerberos_lock_init (int argc, char **argv, Bool verbose_p) /* success */ return True; + +# endif /* !HAVE_DARWIN */ } @@ -128,12 +161,14 @@ kerberos_lock_init (int argc, char **argv, Bool verbose_p) we are. Calling it ive_got_your_local_function_right_here_buddy() would have been rude. */ +#ifndef HAVE_DARWIN static int key_to_key(char *user, char *instance, char *realm, char *passwd, C_Block key) { memcpy(key, passwd, sizeof(des_cblock)); return (0); } +#endif /* !HAVE_DARWIN */ /* Called to see if the user's typed password is valid. We do this by asking the kerberos server for a ticket and checking to see if it gave us one. @@ -145,6 +180,15 @@ key_to_key(char *user, char *instance, char *realm, char *passwd, C_Block key) Bool kerberos_passwd_valid_p (const char *typed_passwd, Bool verbose_p) { +# ifdef HAVE_DARWIN + return (klNoErr == + KLAcquireNewInitialTicketsWithPassword (princ, NULL, + typed_passwd, NULL)); +# else /* !HAVE_DARWIN */ + + /* See comments in kerberos_lock_init -- should we do it the Mac Way + on all systems? + */ C_Block mitkey; Bool success; char *newtkfile; @@ -182,6 +226,8 @@ kerberos_passwd_valid_p (const char *typed_passwd, Bool verbose_p) /* Did we verify successfully? */ return success; + +# endif /* !HAVE_DARWIN */ } #endif /* NO_LOCKING -- whole file */