[moira.git] / server / mr_sauth.c

/*
 *	$Source$
 *	$Author$
 *	$Header$
 *
 *	Copyright (C) 1987 by the Massachusetts Institute of Technology
 *	For copying and distribution information, please see the file
 *	<mit-copyright.h>.
 *
 */

#ifndef lint
static char *rcsid_sms_sauth_c = "$Header$";
#endif lint

#include <mit-copyright.h>
#include <strings.h>
#include "mr_server.h"
#include <ctype.h>
#include <krb_et.h>

extern char buf1[];
extern char *whoami;
extern char *malloc();

char *kname_unparse();

/*
 * Handle a MOIRA_AUTH RPC request.
 *
 * argv[0] is a kerberos authenticator.  Decompose it, and if
 * successful, store the name the user authenticated to in 
 * cl->cl_name.
 */

void
do_auth(cl)
	client *cl;
{
	KTEXT_ST auth;
	AUTH_DAT ad;
	int status, ok;
	char buf[REALM_SZ+INST_SZ+ANAME_SZ], hostbuf[BUFSIZ], *host, *p;
	extern int errno;

	auth.length = cl->args->mr_argl[0];
	bcopy(cl->args->mr_argv[0], (char *)auth.dat, auth.length);
	auth.mbz = 0;
	if (gethostname(hostbuf, sizeof(hostbuf)) < 0)
	  com_err(whoami, errno, "Unable to get local hostname");
	host = canonicalize_hostname(strsave(hostbuf));
	for (p = host; *p && *p != '.'; p++)
	  if (isupper(*p))
	    *p = tolower(*p);
	*p = 0;

	if ((status = krb_rd_req (&auth, MOIRA_SNAME, host, cl->haddr.sin_addr,
				 &ad, "")) != 0 &&
	    /* for backwards compatability with old clients */
	    (status = krb_rd_req (&auth, "sms", "sms", cl->haddr.sin_addr,
				 &ad, "")) != 0) {
		status += ERROR_TABLE_BASE_krb;
		cl->reply.mr_status = status;
		if (log_flags & LOG_RES)
			com_err(whoami, status, "(authentication failed)");
		return;
	}
	free(host);

	bcopy(ad.pname, cl->kname.name, ANAME_SZ);
	bcopy(ad.pinst, cl->kname.inst, INST_SZ);
	bcopy(ad.prealm, cl->kname.realm, REALM_SZ);
	strcpy(cl->clname, kname_unparse(ad.pname, ad.pinst, ad.prealm));

	if (ad.pinst[0] == 0 && !strcmp(ad.prealm, krb_realm))
	  ok = 1;
	else
	  ok = 0;
	/* this is in a separate function because it accesses the database */
	status = set_krb_mapping(cl->clname, ad.pname, ok,
				 &cl->client_id, &cl->users_id);

	if (cl->args->mr_version_no == MR_VERSION_2) {
	    bcopy(cl->args->mr_argv[1], cl->entity, 8);
	    cl->entity[8] = 0;
	} else {
	    strcpy(cl->entity, "???");
	}
	bzero(&ad, sizeof(ad));	/* Clean up session key, etc. */

	if (log_flags & LOG_RES)
	    com_err(whoami, 0, "Auth to %s using %s, uid %d cid %d",
		    cl->clname, cl->entity, cl->users_id, cl->client_id);
	if (status != MR_SUCCESS)
	  cl->reply.mr_status = status;
	else if (cl->users_id == 0)
	  cl->reply.mr_status = MR_USER_AUTH;
}


/* Turn a principal, instance, realm triple into a single non-ambiguous 
 * string.  This is the inverse of kname_parse().  It returns a pointer
 * to a static buffer, or NULL on error.
 */

char *kname_unparse(p, i, r)
char *p;
char *i;
char *r;
{
    static char name[MAX_K_NAME_SZ];
    char *s;

    s = name;
    if (!p || strlen(p) > ANAME_SZ)
      return(NULL);
    while (*p) {
	switch (*p) {
	case '@':
	    *s++ = '\\';
	    *s++ = '@';
	    break;
	case '.':
	    *s++ = '\\';
	    *s++ = '.';
	    break;
	case '\\':
	    *s++ = '\\';
	    *s++ = '\\';
	    break;
	default:
	    *s++ = *p;
	}
	p++;
    }
    if (i && *i) {
	if (strlen(i) > INST_SZ)
	  return(NULL);
	*s++ = '.';
	while (*i) {
	    switch (*i) {
	    case '@':
		*s++ = '\\';
		*s++ = '@';
		break;
	    case '.':
		*s++ = '\\';
		*s++ = '.';
		break;
	    case '\\':
		*s++ = '\\';
		*s++ = '\\';
		break;
	    default:
		*s++ = *i;
	    }
	    i++;
	}
    }
    *s++ = '@';
    if (!r || strlen(r) > REALM_SZ)
      return(NULL);
    while (*r) {
	switch (*r) {
	case '@':
	    *s++ = '\\';
	    *s++ = '@';
	    break;
	case '\\':
	    *s++ = '\\';
	    *s++ = '\\';
	    break;
	default:
	    *s++ = *r;
	}
	r++;
    }
    *s = '\0';
    return(&name[0]);
}
Commit	Line	Data
a3cf6921	1	/*
	2	* $Source$
	3	* $Author$
	4	* $Header$
	5	*
	6	* Copyright (C) 1987 by the Massachusetts Institute of Technology
c801de4c	7	* For copying and distribution information, please see the file
c801de4c	8	* <mit-copyright.h>.
a3cf6921	9	*
a3cf6921	10	*/
	11
	12	#ifndef lint
	13	static char *rcsid_sms_sauth_c = "$Header$";
	14	#endif lint
	15
c801de4c	16	#include <mit-copyright.h>
a3cf6921	17	#include <strings.h>
d548a4e7	18	#include "mr_server.h"
713cf9c9	19	#include <ctype.h>
40165bd0	20	#include <krb_et.h>
a3cf6921	21
	22	extern char buf1[];
	23	extern char *whoami;
	24	extern char *malloc();
	25
c1665e6d	26	char *kname_unparse();
c1665e6d	27
a3cf6921	28	/*
d548a4e7	29	* Handle a MOIRA_AUTH RPC request.
a3cf6921	30	*
	31	* argv[0] is a kerberos authenticator. Decompose it, and if
	32	* successful, store the name the user authenticated to in
	33	* cl->cl_name.
	34	*/
	35
	36	void
	37	do_auth(cl)
	38	client *cl;
	39	{
	40	KTEXT_ST auth;
	41	AUTH_DAT ad;
c1665e6d	42	int status, ok;
713cf9c9	43	char buf[REALM_SZ+INST_SZ+ANAME_SZ], hostbuf[BUFSIZ], host, p;
a53c9c79	44	extern int errno;
713cf9c9	45
d548a4e7	46	auth.length = cl->args->mr_argl[0];
d548a4e7	47	bcopy(cl->args->mr_argv[0], (char *)auth.dat, auth.length);
a3cf6921	48	auth.mbz = 0;
713cf9c9	49	if (gethostname(hostbuf, sizeof(hostbuf)) < 0)
	50	com_err(whoami, errno, "Unable to get local hostname");
	51	host = canonicalize_hostname(strsave(hostbuf));
	52	for (p = host; p && p != '.'; p++)
	53	if (isupper(*p))
	54	p = tolower(p);
	55	*p = 0;
	56
	57	if ((status = krb_rd_req (&auth, MOIRA_SNAME, host, cl->haddr.sin_addr,
9b612b77	58	&ad, "")) != 0 &&
	59	/* for backwards compatability with old clients */
	60	(status = krb_rd_req (&auth, "sms", "sms", cl->haddr.sin_addr,
40165bd0	61	&ad, "")) != 0) {
40165bd0	62	status += ERROR_TABLE_BASE_krb;
d548a4e7	63	cl->reply.mr_status = status;
060e9c63	64	if (log_flags & LOG_RES)
060e9c63	65	com_err(whoami, status, "(authentication failed)");
a3cf6921	66	return;
a3cf6921	67	}
713cf9c9	68	free(host);
c1665e6d	69
8a36ddfe	70	bcopy(ad.pname, cl->kname.name, ANAME_SZ);
	71	bcopy(ad.pinst, cl->kname.inst, INST_SZ);
	72	bcopy(ad.prealm, cl->kname.realm, REALM_SZ);
c1665e6d	73	strcpy(cl->clname, kname_unparse(ad.pname, ad.pinst, ad.prealm));
90021a6f	74
c1665e6d	75	if (ad.pinst[0] == 0 && !strcmp(ad.prealm, krb_realm))
	76	ok = 1;
	77	else
	78	ok = 0;
	79	/* this is in a separate function because it accesses the database */
aa3c5c98	80	status = set_krb_mapping(cl->clname, ad.pname, ok,
aa3c5c98	81	&cl->client_id, &cl->users_id);
90021a6f	82
d548a4e7	83	if (cl->args->mr_version_no == MR_VERSION_2) {
d548a4e7	84	bcopy(cl->args->mr_argv[1], cl->entity, 8);
c1665e6d	85	cl->entity[8] = 0;
90021a6f	86	} else {
c1665e6d	87	strcpy(cl->entity, "???");
060e9c63	88	}
c0d41186	89	bzero(&ad, sizeof(ad)); /* Clean up session key, etc. */
90021a6f	90
90021a6f	91	if (log_flags & LOG_RES)
c1665e6d	92	com_err(whoami, 0, "Auth to %s using %s, uid %d cid %d",
c1665e6d	93	cl->clname, cl->entity, cl->users_id, cl->client_id);
aa3c5c98	94	if (status != MR_SUCCESS)
	95	cl->reply.mr_status = status;
	96	else if (cl->users_id == 0)
d548a4e7	97	cl->reply.mr_status = MR_USER_AUTH;
a3cf6921	98	}
c1665e6d	99
	100
	101	/* Turn a principal, instance, realm triple into a single non-ambiguous
	102	* string. This is the inverse of kname_parse(). It returns a pointer
	103	* to a static buffer, or NULL on error.
	104	*/
	105
	106	char *kname_unparse(p, i, r)
	107	char *p;
	108	char *i;
	109	char *r;
	110	{
	111	static char name[MAX_K_NAME_SZ];
	112	char *s;
	113
	114	s = name;
	115	if (!p \|\| strlen(p) > ANAME_SZ)
	116	return(NULL);
	117	while (*p) {
	118	switch (*p) {
	119	case '@':
	120	*s++ = '\\';
	121	*s++ = '@';
	122	break;
	123	case '.':
	124	*s++ = '\\';
	125	*s++ = '.';
	126	break;
	127	case '\\':
	128	*s++ = '\\';
	129	*s++ = '\\';
	130	break;
	131	default:
	132	s++ = p;
	133	}
	134	p++;
	135	}
	136	if (i && *i) {
	137	if (strlen(i) > INST_SZ)
	138	return(NULL);
	139	*s++ = '.';
	140	while (*i) {
	141	switch (*i) {
	142	case '@':
	143	*s++ = '\\';
	144	*s++ = '@';
	145	break;
	146	case '.':
	147	*s++ = '\\';
	148	*s++ = '.';
	149	break;
	150	case '\\':
	151	*s++ = '\\';
	152	*s++ = '\\';
	153	break;
	154	default:
	155	s++ = i;
	156	}
	157	i++;
	158	}
	159	}
	160	*s++ = '@';
	161	if (!r \|\| strlen(r) > REALM_SZ)
	162	return(NULL);
163	while (*r) {
164	switch (*r) {
165	case '@':
166	*s++ = '\\';
167	*s++ = '@';
168	break;
169	case '\\':
170	*s++ = '\\';
171	*s++ = '\\';
172	break;
173	default:
174	s++ = r;
175	}
176	r++;
177	}
178	*s = '\0';
179	return(&name[0]);
180	}