[moira.git] / update / ticket.c

/* $Id$
 *
 * Copyright (C) 1988-1998 by the Massachusetts Institute of Technology.
 * For copying and distribution information, please see the file
 * <mit-copyright.h>.
 */

#include <mit-copyright.h>
#include <moira.h>

#include <sys/stat.h>

#include <stdio.h>
#include <string.h>

#ifdef HAVE_KRB4
#include <krb.h>
#else
#define KTEXT void*
#include <mr_krb.h>
#endif
#include <krb5.h>
#include <update.h>

RCSID("$Header$");

static char realm[REALM_SZ];
static char master[INST_SZ] = "sms";
static char service[ANAME_SZ] = "rcmd";
#ifdef HAVE_KRB4
des_cblock session;
#endif
krb5_context context = NULL;

static int get_mr_krb5_tgt(krb5_context context, krb5_ccache ccache);
#ifdef HAVE_KRB4
static int get_mr_tgt(void);
#endif

int get_mr_krb5_update_ticket(char *host, krb5_data *auth)
{
  krb5_auth_context auth_con = NULL;
  krb5_ccache ccache = NULL;
  krb5_error_code code;
  int pass = 1;

  code = krb5_init_context(&context);
  if (code)
    goto out;

  code = krb5_auth_con_init(context, &auth_con);
  if (code)
    goto out;

  code = krb5_cc_default(context, &ccache);
  if (code)
    goto out;

 try_it:
  code = krb5_mk_req(context, &auth_con, 0, "host", host, NULL, ccache,
		     auth);
  if (code)
    {
      if (pass == 1)
	{
	  if ((code = get_mr_krb5_tgt(context, ccache)))
	    {
	      com_err(whoami, code, "can't get Kerberos v5 TGT");
	      return code;
	    }
	  pass++;
	  goto try_it;
	}
      com_err(whoami, code, "in krb5_mk_req");
    }

 out:
  if (ccache)
    krb5_cc_close(context, ccache);
  if (auth_con)
    krb5_auth_con_free(context, auth_con);
  return code;
}

int get_mr_krb5_tgt(krb5_context context, krb5_ccache ccache)
{
  krb5_creds my_creds;
  krb5_principal me = NULL;
  krb5_error_code code;

  memset(&my_creds, 0, sizeof(my_creds));

  code = krb5_parse_name(context, master, &me);
  if (code)
    goto out;
  
  code = krb5_get_init_creds_keytab(context, &my_creds, me, NULL, NULL, NULL, NULL);
  if (code)
    goto out;
  
  code = krb5_cc_initialize(context, ccache, me);
  if (code)
    goto out;

  code = krb5_cc_store_cred(context, ccache, &my_creds);
  if (code)
    goto out;

 out:
  if (me)
    krb5_free_principal(context, me);
  krb5_free_cred_contents(context, &my_creds);

  return code;
}

int get_mr_update_ticket(char *host, KTEXT ticket)
{
#ifdef HAVE_KRB4
  int code, pass;
  char phost[BUFSIZ];
  CREDENTIALS cr;

  pass = 1;
  if (krb_get_lrealm(realm, 1))
    strcpy(realm, KRB_REALM);
  strcpy(phost, (char *)krb_get_phost(host));

try_it:
  code = krb_mk_req(ticket, service, phost, realm, (long)0);
  if (code)
    {
      if (pass == 1)
	{
	  /* maybe we're taking too long? */
	  if ((code = get_mr_tgt()))
	    {
	      com_err(whoami, code, "can't get Kerberos TGT");
	      return code;
	    }
	  pass++;
	  goto try_it;
	}
      code += ERROR_TABLE_BASE_krb;
      com_err(whoami, code, "in krb_mk_req");
    }
  else
    {
      code = krb_get_cred(service, phost, realm, &cr);
      if (code)
	code += ERROR_TABLE_BASE_krb;
      memcpy(session, cr.session, sizeof(session));
    }
  return code;
#else
  return MR_NO_KRB4;
#endif
}

#ifdef HAVE_KRB4
static int get_mr_tgt(void)
{
  int code;
  char linst[INST_SZ], kinst[INST_SZ];

  linst[0] = '\0';
  strcpy(kinst, "krbtgt");
  code = krb_get_svc_in_tkt(master, linst, realm, kinst, realm,
			    DEFAULT_TKT_LIFE, KEYFILE);
  if (!code)
    return 0;
  else
    return code + ERROR_TABLE_BASE_krb;
}
#endif
Commit	Line	Data
7ac48069	1	/* $Id$
	2	*
	3	* Copyright (C) 1988-1998 by the Massachusetts Institute of Technology.
	4	* For copying and distribution information, please see the file
	5	* <mit-copyright.h>.
de56407f	6	*/
de56407f	7
546bc43b	8	#include <mit-copyright.h>
7ac48069	9	#include <moira.h>
7ac48069	10
de56407f	11	#include <sys/stat.h>
7ac48069	12
7ac48069	13	#include <stdio.h>
a6e20de8	14	#include <string.h>
7ac48069	15
cb974713	16	#ifdef HAVE_KRB4
7ac48069	17	#include <krb.h>
cb974713	18	#else
cb974713	19	#define KTEXT void*
a17e3340	20	#include <mr_krb.h>
cb974713	21	#endif
991417e4	22	#include <krb5.h>
5c87ce34	23	#include <update.h>
7ac48069	24
7ac48069	25	RCSID("$Header$");
de56407f	26
de56407f	27	static char realm[REALM_SZ];
b95ec814	28	static char master[INST_SZ] = "sms";
b95ec814	29	static char service[ANAME_SZ] = "rcmd";
a17e3340	30	#ifdef HAVE_KRB4
85330553	31	des_cblock session;
cb974713	32	#endif
991417e4	33	krb5_context context = NULL;
de56407f	34
9e50a841	35	static int get_mr_krb5_tgt(krb5_context context, krb5_ccache ccache);
cb974713	36	#ifdef HAVE_KRB4
85330553	37	static int get_mr_tgt(void);
cb974713	38	#endif
de56407f	39
e51080f9	40	int get_mr_krb5_update_ticket(char host, krb5_data auth)
991417e4	41	{
	42	krb5_auth_context auth_con = NULL;
	43	krb5_ccache ccache = NULL;
	44	krb5_error_code code;
9e50a841	45	int pass = 1;
991417e4	46
	47	code = krb5_init_context(&context);
	48	if (code)
	49	goto out;
	50
	51	code = krb5_auth_con_init(context, &auth_con);
	52	if (code)
	53	goto out;
	54
	55	code = krb5_cc_default(context, &ccache);
	56	if (code)
	57	goto out;
	58
9e50a841	59	try_it:
548fc1f0	60	code = krb5_mk_req(context, &auth_con, 0, "host", host, NULL, ccache,
e51080f9	61	auth);
9e50a841	62	if (code)
	63	{
	64	if (pass == 1)
	65	{
	66	if ((code = get_mr_krb5_tgt(context, ccache)))
	67	{
	68	com_err(whoami, code, "can't get Kerberos v5 TGT");
	69	return code;
	70	}
	71	pass++;
	72	goto try_it;
	73	}
	74	com_err(whoami, code, "in krb5_mk_req");
	75	}
991417e4	76
	77	out:
	78	if (ccache)
	79	krb5_cc_close(context, ccache);
	80	if (auth_con)
	81	krb5_auth_con_free(context, auth_con);
	82	return code;
	83	}
	84
9e50a841	85	int get_mr_krb5_tgt(krb5_context context, krb5_ccache ccache)
	86	{
	87	krb5_creds my_creds;
	88	krb5_principal me = NULL;
	89	krb5_error_code code;
	90
	91	memset(&my_creds, 0, sizeof(my_creds));
	92
	93	code = krb5_parse_name(context, master, &me);
	94	if (code)
	95	goto out;
	96
	97	code = krb5_get_init_creds_keytab(context, &my_creds, me, NULL, NULL, NULL, NULL);
	98	if (code)
	99	goto out;
	100
	101	code = krb5_cc_initialize(context, ccache, me);
	102	if (code)
	103	goto out;
	104
	105	code = krb5_cc_store_cred(context, ccache, &my_creds);
	106	if (code)
	107	goto out;
	108
	109	out:
	110	if (me)
	111	krb5_free_principal(context, me);
	112	krb5_free_cred_contents(context, &my_creds);
	113
	114	return code;
	115	}
	116
5eaef520	117	int get_mr_update_ticket(char *host, KTEXT ticket)
de56407f	118	{
cb974713	119	#ifdef HAVE_KRB4
85330553	120	int code, pass;
5eaef520	121	char phost[BUFSIZ];
5eaef520	122	CREDENTIALS cr;
de56407f	123
5eaef520	124	pass = 1;
85330553	125	if (krb_get_lrealm(realm, 1))
85330553	126	strcpy(realm, KRB_REALM);
5eaef520	127	strcpy(phost, (char *)krb_get_phost(host));
85330553	128
5eaef520	129	try_it:
	130	code = krb_mk_req(ticket, service, phost, realm, (long)0);
	131	if (code)
	132	{
	133	if (pass == 1)
	134	{
	135	/* maybe we're taking too long? */
	136	if ((code = get_mr_tgt()))
	137	{
	138	com_err(whoami, code, "can't get Kerberos TGT");
	139	return code;
	140	}
	141	pass++;
	142	goto try_it;
	143	}
	144	code += ERROR_TABLE_BASE_krb;
	145	com_err(whoami, code, "in krb_mk_req");
	146	}
	147	else
	148	{
	149	code = krb_get_cred(service, phost, realm, &cr);
	150	if (code)
	151	code += ERROR_TABLE_BASE_krb;
	152	memcpy(session, cr.session, sizeof(session));
	153	}
	154	return code;
cb974713	155	#else
	156	return MR_NO_KRB4;
	157	#endif
de56407f	158	}
de56407f	159
cb974713	160	#ifdef HAVE_KRB4
85330553	161	static int get_mr_tgt(void)
de56407f	162	{
44d12d58	163	int code;
5eaef520	164	char linst[INST_SZ], kinst[INST_SZ];
b95ec814	165
5eaef520	166	linst[0] = '\0';
	167	strcpy(kinst, "krbtgt");
	168	code = krb_get_svc_in_tkt(master, linst, realm, kinst, realm,
91519120	169	DEFAULT_TKT_LIFE, KEYFILE);
5eaef520	170	if (!code)
	171	return 0;
	172	else
	173	return code + ERROR_TABLE_BASE_krb;
de56407f	174	}
cb974713	175	#endif