[moira.git] / update / auth_001.c

/*
 *	$Source$
 *	$Header$
 */
/*  (c) Copyright 1988 by the Massachusetts Institute of Technology. */
/*  For copying and distribution information, please see the file */
/*  <mit-copyright.h>. */

#ifndef lint
static char *rcsid_auth_001_c = "$Header$";
#endif	lint

#include <mit-copyright.h>
#include <stdio.h>
#include <strings.h>
#include <gdb.h>
#include <krb.h>
#include <krb_et.h>
#include <netinet/in.h>
#include <errno.h>

extern char buf[BUFSIZ];
extern int have_authorization;
extern struct sockaddr_in *client_address();
extern CONNECTION conn;
int code;
extern char *PrincipalHostname();
static char service[] = "rcmd";
static char master[] = "sms";
static char qmark[] = "???";

/*
 * authentication request auth_001:
 *
 * >>> (STRING) "auth_001"
 * <<< (int) 0
 * >>> (STRING) ticket
 * <<< (int) code
 *
 */

int
auth_001(str)
     char *str;
{
    STRING data;
    char host[BUFSIZ];
    AUTH_DAT ad;
    char realm[REALM_SZ];
    KTEXT_ST ticket_st;

    if (send_ok())
	lose("sending okay for authorization (auth_001)");
    code = receive_object(conn, (char *)&data, STRING_T);
    if (code) {
	code = connection_errno(conn);
	lose("awaiting Kerberos authenticators");
    }
    gethostname(host, BUFSIZ);
    ticket_st.mbz = 0;
    ticket_st.length = MAX_STRING_SIZE(data);
    bcopy(STRING_DATA(data), ticket_st.dat, MAX_STRING_SIZE(data));
    code = krb_rd_req(&ticket_st, service,
		     PrincipalHostname(host), 0,
		     &ad, KEYFILE);
    if (code) {
	code += ERROR_TABLE_BASE_krb;
	strcpy(ad.pname, qmark);
	strcpy(ad.pinst, qmark);
	strcpy(ad.prealm, qmark);
	goto auth_failed;
    }
    if (krb_get_lrealm(realm,1))
	strcpy(realm, KRB_REALM);
    code = EPERM;
    if (strcmp(master, ad.pname))
	goto auth_failed;
    if (ad.pinst[0] != '\0')
	goto auth_failed;
    if (strcmp(realm, ad.prealm))
	goto auth_failed;
    if (send_ok())
	lose("sending approval of authorization");
    have_authorization = 1;
    return(0);
auth_failed:
    sprintf(buf, "auth for %s.%s@%s failed: %s",
	    ad.pname, ad.pinst, ad.prealm, error_message(code));
    {
	register int rc;
	rc = send_object(conn, (char *)&code, INTEGER_T);
	code = rc;
    }
    if (code)
	lose("sending rejection of authenticator");
    return(EPERM);
}
Commit	Line	Data
de56407f	1	/*
	2	* $Source$
	3	* $Header$
	4	*/
546bc43b	5	/* (c) Copyright 1988 by the Massachusetts Institute of Technology. */
	6	/* For copying and distribution information, please see the file */
	7	/* <mit-copyright.h>. */
de56407f	8
	9	#ifndef lint
	10	static char *rcsid_auth_001_c = "$Header$";
	11	#endif lint
	12
546bc43b	13	#include <mit-copyright.h>
de56407f	14	#include <stdio.h>
de56407f	15	#include <strings.h>
1e8fd4c0	16	#include <gdb.h>
de56407f	17	#include <krb.h>
b29ec86e	18	#include <krb_et.h>
de56407f	19	#include <netinet/in.h>
	20	#include <errno.h>
	21
	22	extern char buf[BUFSIZ];
	23	extern int have_authorization;
	24	extern struct sockaddr_in *client_address();
	25	extern CONNECTION conn;
	26	int code;
	27	extern char *PrincipalHostname();
1c6164bb	28	static char service[] = "rcmd";
1c6164bb	29	static char master[] = "sms";
de56407f	30	static char qmark[] = "???";
	31
	32	/*
	33	* authentication request auth_001:
	34	*
	35	* >>> (STRING) "auth_001"
	36	* <<< (int) 0
	37	* >>> (STRING) ticket
	38	* <<< (int) code
	39	*
	40	*/
	41
	42	int
	43	auth_001(str)
	44	char *str;
	45	{
	46	STRING data;
	47	char host[BUFSIZ];
	48	AUTH_DAT ad;
	49	char realm[REALM_SZ];
	50	KTEXT_ST ticket_st;
	51
	52	if (send_ok())
	53	lose("sending okay for authorization (auth_001)");
	54	code = receive_object(conn, (char *)&data, STRING_T);
	55	if (code) {
	56	code = connection_errno(conn);
	57	lose("awaiting Kerberos authenticators");
	58	}
	59	gethostname(host, BUFSIZ);
	60	ticket_st.mbz = 0;
	61	ticket_st.length = MAX_STRING_SIZE(data);
	62	bcopy(STRING_DATA(data), ticket_st.dat, MAX_STRING_SIZE(data));
1e8fd4c0	63	code = krb_rd_req(&ticket_st, service,
de56407f	64	PrincipalHostname(host), 0,
f89fc8cf	65	&ad, KEYFILE);
de56407f	66	if (code) {
b29ec86e	67	code += ERROR_TABLE_BASE_krb;
de56407f	68	strcpy(ad.pname, qmark);
	69	strcpy(ad.pinst, qmark);
	70	strcpy(ad.prealm, qmark);
	71	goto auth_failed;
	72	}
f89fc8cf	73	if (krb_get_lrealm(realm,1))
f89fc8cf	74	strcpy(realm, KRB_REALM);
de56407f	75	code = EPERM;
1c6164bb	76	if (strcmp(master, ad.pname))
de56407f	77	goto auth_failed;
	78	if (ad.pinst[0] != '\0')
	79	goto auth_failed;
	80	if (strcmp(realm, ad.prealm))
	81	goto auth_failed;
	82	if (send_ok())
	83	lose("sending approval of authorization");
	84	have_authorization = 1;
	85	return(0);
	86	auth_failed:
	87	sprintf(buf, "auth for %s.%s@%s failed: %s",
	88	ad.pname, ad.pinst, ad.prealm, error_message(code));
	89	{
	90	register int rc;
	91	rc = send_object(conn, (char *)&code, INTEGER_T);
	92	code = rc;
	93	}
	94	if (code)
	95	lose("sending rejection of authenticator");
	96	return(EPERM);
	97	}