krb5/validate.c

   1 int kerb5_password_validate(const char *user, const char *pass) {
   2         int ret;
   3         krb5_context kcontext;
   4         krb5_principal server, me;
   5         krb5_creds my_creds;
   6         krb5_timestamp now;
   7         krb5_deltat lifetime = 0;
   8         krb5_data tgtname = {
   9                 0,
  10                 KRB5_TGS_NAME_SIZE,
  11                 KRB5_TGS_NAME
  12         };
  13
  14         if (krb5_init_context(&kcontext))
  15                 return !KRB5_OK;
  16
  17         memset((char *)&my_creds, 0, sizeof(my_creds));
  18         if(krb5_parse_name(kcontext, user, &me))
  19                 return !KRB5_OK;
  20         my_creds.client = me;
  21
  22         if (krb5_build_principal_ext(kcontext, &server,
  23                                 krb5_princ_realm(kcontext, me)->length,
  24                                 krb5_princ_realm(kcontext, me)->data,
  25                                 tgtname.length, tgtname.data,
  26                                 krb5_princ_realm(kcontext, me)->length,
  27                                 krb5_princ_realm(kcontext, me)->data,
  28                                 0)) {
  29                 return !KRB5_OK;
  30         }
  31         my_creds.server = server;
  32         if (krb5_timeofday(kcontext, &now))
  33                 return !KRB5_OK;
  34         my_creds.times.starttime = 0;
  35         my_creds.times.endtime = now + lifetime;
  36         my_creds.times.renew_till = 0;
  37
  38         ret = krb5_get_in_tkt_with_password(kcontext, 0, 0, NULL, 0,
  39                                 pass, NULL, &my_creds, 0);
  40         if (ret) {
  41                 return !KRB5_OK;
  42         }
  43
  44         krb5_free_cred_contents(kcontext, &my_creds);
  45
  46         return KRB5_OK;
  47 }