[moira.git] / update / auth_001.c

/*
 *	$Source$
 *	$Header$
 */
/*  (c) Copyright 1988 by the Massachusetts Institute of Technology. */
/*  For copying and distribution information, please see the file */
/*  <mit-copyright.h>. */

#ifndef lint
static char *rcsid_auth_001_c = "$Header$";
#endif

#include <mit-copyright.h>
#include <stdio.h>
#include <string.h>
#include <gdb.h>
#include <krb.h>
#include <krb_et.h>
#include <netinet/in.h>
#include <errno.h>
#ifdef POSIX
#include <sys/utsname.h>
#endif

extern char buf[BUFSIZ];
extern int have_authorization;
extern struct sockaddr_in *client_address();
extern CONNECTION conn;
extern int code;
extern char *PrincipalHostname();
static char service[] = "rcmd";
static char master[] = "sms";
static char qmark[] = "???";
C_Block session;

/*
 * authentication request auth_001:
 *
 * >>> (STRING) "auth_001"
 * <<< (int) 0
 * >>> (STRING) ticket
 * <<< (int) code
 *
 */

int
auth_001(str)
     char *str;
{
    STRING data;
    char host[BUFSIZ], realm[REALM_SZ];
    char aname[ANAME_SZ], ainst[INST_SZ], arealm[REALM_SZ];
    AUTH_DAT ad;
    char *p, *first, *config_lookup();
    KTEXT_ST ticket_st;
#ifdef POSIX
    struct utsname name;
#endif

    if (send_ok())
	lose("sending okay for authorization (auth_001)");
    code = receive_object(conn, (char *)&data, STRING_T);
    if (code) {
	code = connection_errno(conn);
	lose("awaiting Kerberos authenticators");
    }
#ifdef POSIX
    (void) uname(&name);
    strncpy(host, name.nodename, sizeof(host));
#else
    gethostname(host, sizeof(host));
#endif
    ticket_st.mbz = 0;
    ticket_st.length = MAX_STRING_SIZE(data);
    memcpy(ticket_st.dat, STRING_DATA(data), MAX_STRING_SIZE(data));
    code = krb_rd_req(&ticket_st, service,
		      krb_get_phost(host), 0,
		      &ad, KEYFILE);
    if (code) {
	code += ERROR_TABLE_BASE_krb;
	strcpy(ad.pname, qmark);
	strcpy(ad.pinst, qmark);
	strcpy(ad.prealm, qmark);
	goto auth_failed;
    }

    /* If there is an auth record in the config file matching the
     * authenticator we received, then accept it.  If there's no
     * auth record, assume [master]@[local realm].
     */
    if (first = p = config_lookup("auth")) {
	do {
	    kname_parse(aname, ainst, arealm, p);
	    if (strcmp(aname, ad.pname) ||
		strcmp(ainst, ad.pinst) ||
		strcmp(arealm, ad.prealm))
	      p = config_lookup("auth");
	    else
	      p = first;
	} while (p != first);
    } else {
	strcpy(aname, master);
	strcpy(ainst, "");
	if (krb_get_lrealm(arealm,1))
	  strcpy(arealm, KRB_REALM);
    }
    code = EPERM;
    if (strcmp(aname, ad.pname) ||
	strcmp(ainst, ad.pinst) ||
	strcmp(arealm, ad.prealm))
      goto auth_failed;
    if (send_ok())
	lose("sending approval of authorization");
    have_authorization = 1;
    /* Stash away session key */
    memcpy(session, ad.session, sizeof(session));
    return(0);
auth_failed:
    sprintf(buf, "auth for %s.%s@%s failed: %s",
	    ad.pname, ad.pinst, ad.prealm, error_message(code));
    {
	register int rc;
	rc = send_object(conn, (char *)&code, INTEGER_T);
	code = rc;
    }
    if (code)
	lose("sending rejection of authenticator");
    return(EPERM);
}
Commit	Line	Data
de56407f	1	/*
	2	* $Source$
	3	* $Header$
	4	*/
546bc43b	5	/* (c) Copyright 1988 by the Massachusetts Institute of Technology. */
	6	/* For copying and distribution information, please see the file */
	7	/* <mit-copyright.h>. */
de56407f	8
	9	#ifndef lint
	10	static char *rcsid_auth_001_c = "$Header$";
7da203a3	11	#endif
de56407f	12
546bc43b	13	#include <mit-copyright.h>
de56407f	14	#include <stdio.h>
8fd777cf	15	#include <string.h>
1e8fd4c0	16	#include <gdb.h>
de56407f	17	#include <krb.h>
b29ec86e	18	#include <krb_et.h>
de56407f	19	#include <netinet/in.h>
de56407f	20	#include <errno.h>
8fd777cf	21	#ifdef POSIX
	22	#include <sys/utsname.h>
	23	#endif
de56407f	24
	25	extern char buf[BUFSIZ];
	26	extern int have_authorization;
	27	extern struct sockaddr_in *client_address();
	28	extern CONNECTION conn;
7da203a3	29	extern int code;
de56407f	30	extern char *PrincipalHostname();
1c6164bb	31	static char service[] = "rcmd";
1c6164bb	32	static char master[] = "sms";
de56407f	33	static char qmark[] = "???";
06c2568b	34	C_Block session;
de56407f	35
	36	/*
	37	* authentication request auth_001:
	38	*
	39	* >>> (STRING) "auth_001"
	40	* <<< (int) 0
	41	* >>> (STRING) ticket
	42	* <<< (int) code
	43	*
	44	*/
	45
	46	int
	47	auth_001(str)
	48	char *str;
	49	{
	50	STRING data;
c47daf21	51	char host[BUFSIZ], realm[REALM_SZ];
c47daf21	52	char aname[ANAME_SZ], ainst[INST_SZ], arealm[REALM_SZ];
de56407f	53	AUTH_DAT ad;
c47daf21	54	char p, first, *config_lookup();
de56407f	55	KTEXT_ST ticket_st;
8fd777cf	56	#ifdef POSIX
	57	struct utsname name;
	58	#endif
de56407f	59
	60	if (send_ok())
	61	lose("sending okay for authorization (auth_001)");
	62	code = receive_object(conn, (char *)&data, STRING_T);
	63	if (code) {
	64	code = connection_errno(conn);
	65	lose("awaiting Kerberos authenticators");
	66	}
8fd777cf	67	#ifdef POSIX
	68	(void) uname(&name);
	69	strncpy(host, name.nodename, sizeof(host));
	70	#else
	71	gethostname(host, sizeof(host));
	72	#endif
de56407f	73	ticket_st.mbz = 0;
de56407f	74	ticket_st.length = MAX_STRING_SIZE(data);
8fd777cf	75	memcpy(ticket_st.dat, STRING_DATA(data), MAX_STRING_SIZE(data));
1e8fd4c0	76	code = krb_rd_req(&ticket_st, service,
c47daf21	77	krb_get_phost(host), 0,
c47daf21	78	&ad, KEYFILE);
de56407f	79	if (code) {
b29ec86e	80	code += ERROR_TABLE_BASE_krb;
de56407f	81	strcpy(ad.pname, qmark);
	82	strcpy(ad.pinst, qmark);
	83	strcpy(ad.prealm, qmark);
	84	goto auth_failed;
	85	}
c47daf21	86
	87	/* If there is an auth record in the config file matching the
	88	* authenticator we received, then accept it. If there's no
	89	* auth record, assume [master]@[local realm].
	90	*/
	91	if (first = p = config_lookup("auth")) {
	92	do {
	93	kname_parse(aname, ainst, arealm, p);
	94	if (strcmp(aname, ad.pname) \|\|
	95	strcmp(ainst, ad.pinst) \|\|
	96	strcmp(arealm, ad.prealm))
	97	p = config_lookup("auth");
	98	else
	99	p = first;
	100	} while (p != first);
	101	} else {
	102	strcpy(aname, master);
	103	strcpy(ainst, "");
	104	if (krb_get_lrealm(arealm,1))
	105	strcpy(arealm, KRB_REALM);
	106	}
de56407f	107	code = EPERM;
c47daf21	108	if (strcmp(aname, ad.pname) \|\|
	109	strcmp(ainst, ad.pinst) \|\|
	110	strcmp(arealm, ad.prealm))
	111	goto auth_failed;
de56407f	112	if (send_ok())
	113	lose("sending approval of authorization");
	114	have_authorization = 1;
06c2568b	115	/* Stash away session key */
8fd777cf	116	memcpy(session, ad.session, sizeof(session));
de56407f	117	return(0);
	118	auth_failed:
	119	sprintf(buf, "auth for %s.%s@%s failed: %s",
	120	ad.pname, ad.pinst, ad.prealm, error_message(code));
	121	{
	122	register int rc;
	123	rc = send_object(conn, (char *)&code, INTEGER_T);
	124	code = rc;
	125	}
	126	if (code)
	127	lose("sending rejection of authenticator");
	128	return(EPERM);
	129	}