]>
Commit | Line | Data |
---|---|---|
7ac48069 | 1 | /* $Id$ |
2 | * | |
3 | * Copyright (C) 1988-1998 by the Massachusetts Institute of Technology. | |
4 | * For copying and distribution information, please see the file | |
5 | * <mit-copyright.h>. | |
de56407f | 6 | */ |
de56407f | 7 | |
546bc43b | 8 | #include <mit-copyright.h> |
7ac48069 | 9 | #include <moira.h> |
10 | ||
de56407f | 11 | #include <sys/stat.h> |
7ac48069 | 12 | |
13 | #include <stdio.h> | |
a6e20de8 | 14 | #include <string.h> |
7ac48069 | 15 | |
cb974713 | 16 | #ifdef HAVE_KRB4 |
7ac48069 | 17 | #include <krb.h> |
cb974713 | 18 | #else |
19 | #define KTEXT void* | |
20 | #endif | |
991417e4 | 21 | #include <krb5.h> |
5c87ce34 | 22 | #include <update.h> |
7ac48069 | 23 | |
24 | RCSID("$Header$"); | |
de56407f | 25 | |
cb974713 | 26 | #ifdef HAVE_KRB4 |
de56407f | 27 | static char realm[REALM_SZ]; |
b95ec814 | 28 | static char master[INST_SZ] = "sms"; |
29 | static char service[ANAME_SZ] = "rcmd"; | |
85330553 | 30 | des_cblock session; |
cb974713 | 31 | #endif |
991417e4 | 32 | krb5_context context = NULL; |
de56407f | 33 | |
9e50a841 | 34 | static int get_mr_krb5_tgt(krb5_context context, krb5_ccache ccache); |
cb974713 | 35 | #ifdef HAVE_KRB4 |
85330553 | 36 | static int get_mr_tgt(void); |
cb974713 | 37 | #endif |
de56407f | 38 | |
e51080f9 | 39 | int get_mr_krb5_update_ticket(char *host, krb5_data *auth) |
991417e4 | 40 | { |
41 | krb5_auth_context auth_con = NULL; | |
42 | krb5_ccache ccache = NULL; | |
43 | krb5_error_code code; | |
9e50a841 | 44 | int pass = 1; |
991417e4 | 45 | |
46 | code = krb5_init_context(&context); | |
47 | if (code) | |
48 | goto out; | |
49 | ||
50 | code = krb5_auth_con_init(context, &auth_con); | |
51 | if (code) | |
52 | goto out; | |
53 | ||
54 | code = krb5_cc_default(context, &ccache); | |
55 | if (code) | |
56 | goto out; | |
57 | ||
9e50a841 | 58 | try_it: |
548fc1f0 | 59 | code = krb5_mk_req(context, &auth_con, 0, "host", host, NULL, ccache, |
e51080f9 | 60 | auth); |
9e50a841 | 61 | if (code) |
62 | { | |
63 | if (pass == 1) | |
64 | { | |
65 | if ((code = get_mr_krb5_tgt(context, ccache))) | |
66 | { | |
67 | com_err(whoami, code, "can't get Kerberos v5 TGT"); | |
68 | return code; | |
69 | } | |
70 | pass++; | |
71 | goto try_it; | |
72 | } | |
73 | com_err(whoami, code, "in krb5_mk_req"); | |
74 | } | |
991417e4 | 75 | |
76 | out: | |
77 | if (ccache) | |
78 | krb5_cc_close(context, ccache); | |
79 | if (auth_con) | |
80 | krb5_auth_con_free(context, auth_con); | |
81 | return code; | |
82 | } | |
83 | ||
9e50a841 | 84 | int get_mr_krb5_tgt(krb5_context context, krb5_ccache ccache) |
85 | { | |
86 | krb5_creds my_creds; | |
87 | krb5_principal me = NULL; | |
88 | krb5_error_code code; | |
89 | ||
90 | memset(&my_creds, 0, sizeof(my_creds)); | |
91 | ||
92 | code = krb5_parse_name(context, master, &me); | |
93 | if (code) | |
94 | goto out; | |
95 | ||
96 | code = krb5_get_init_creds_keytab(context, &my_creds, me, NULL, NULL, NULL, NULL); | |
97 | if (code) | |
98 | goto out; | |
99 | ||
100 | code = krb5_cc_initialize(context, ccache, me); | |
101 | if (code) | |
102 | goto out; | |
103 | ||
104 | code = krb5_cc_store_cred(context, ccache, &my_creds); | |
105 | if (code) | |
106 | goto out; | |
107 | ||
108 | out: | |
109 | if (me) | |
110 | krb5_free_principal(context, me); | |
111 | krb5_free_cred_contents(context, &my_creds); | |
112 | ||
113 | return code; | |
114 | } | |
115 | ||
5eaef520 | 116 | int get_mr_update_ticket(char *host, KTEXT ticket) |
de56407f | 117 | { |
cb974713 | 118 | #ifdef HAVE_KRB4 |
85330553 | 119 | int code, pass; |
5eaef520 | 120 | char phost[BUFSIZ]; |
121 | CREDENTIALS cr; | |
de56407f | 122 | |
5eaef520 | 123 | pass = 1; |
85330553 | 124 | if (krb_get_lrealm(realm, 1)) |
125 | strcpy(realm, KRB_REALM); | |
5eaef520 | 126 | strcpy(phost, (char *)krb_get_phost(host)); |
85330553 | 127 | |
5eaef520 | 128 | try_it: |
129 | code = krb_mk_req(ticket, service, phost, realm, (long)0); | |
130 | if (code) | |
131 | { | |
132 | if (pass == 1) | |
133 | { | |
134 | /* maybe we're taking too long? */ | |
135 | if ((code = get_mr_tgt())) | |
136 | { | |
137 | com_err(whoami, code, "can't get Kerberos TGT"); | |
138 | return code; | |
139 | } | |
140 | pass++; | |
141 | goto try_it; | |
142 | } | |
143 | code += ERROR_TABLE_BASE_krb; | |
144 | com_err(whoami, code, "in krb_mk_req"); | |
145 | } | |
146 | else | |
147 | { | |
148 | code = krb_get_cred(service, phost, realm, &cr); | |
149 | if (code) | |
150 | code += ERROR_TABLE_BASE_krb; | |
151 | memcpy(session, cr.session, sizeof(session)); | |
152 | } | |
153 | return code; | |
cb974713 | 154 | #else |
155 | return MR_NO_KRB4; | |
156 | #endif | |
de56407f | 157 | } |
158 | ||
cb974713 | 159 | #ifdef HAVE_KRB4 |
85330553 | 160 | static int get_mr_tgt(void) |
de56407f | 161 | { |
44d12d58 | 162 | int code; |
5eaef520 | 163 | char linst[INST_SZ], kinst[INST_SZ]; |
b95ec814 | 164 | |
5eaef520 | 165 | linst[0] = '\0'; |
166 | strcpy(kinst, "krbtgt"); | |
167 | code = krb_get_svc_in_tkt(master, linst, realm, kinst, realm, | |
91519120 | 168 | DEFAULT_TKT_LIFE, KEYFILE); |
5eaef520 | 169 | if (!code) |
170 | return 0; | |
171 | else | |
172 | return code + ERROR_TABLE_BASE_krb; | |
de56407f | 173 | } |
cb974713 | 174 | #endif |