[moira.git] / lib / mr_auth.c

/* $Id$
 *
 * Handles the client side of the sending of authenticators to the moira server
 *
 * Copyright (C) 1987-1998 by the Massachusetts Institute of Technology
 * For copying and distribution information, please see the file
 * <mit-copyright.h>.
 */

#include <mit-copyright.h>
#include <moira.h>
#include "mr_private.h"

#include <ctype.h>
#include <stdio.h>
#include <string.h>

#ifdef HAVE_KRB4
#include <krb.h>
#endif
#include <krb5.h>

krb5_context context = NULL;
krb5_auth_context auth_con = NULL;

RCSID("$Header$");

/* Authenticate this client with the Moira server.  prog is the name of the
 * client program, and will be recorded in the database.
 */

int mr_auth(char *prog)
{
#ifdef HAVE_KRB4
  int status;
  mr_params params, reply;
  char *args[2];
  int argl[2];
  char realm[REALM_SZ], host[BUFSIZ], *p;
  KTEXT_ST auth;

  CHECK_CONNECTED;

  if ((status = mr_host(host, sizeof(host) - 1)))
    return status;

  strcpy(realm, krb_realmofhost(host));
  for (p = host; *p && *p != '.'; p++)
    {
      if (isupper(*p))
	*p = tolower(*p);
    }
  *p = '\0';

  status = krb_mk_req(&auth, MOIRA_SNAME, host, realm, 0);
  if (status != KSUCCESS)
    {
      status += ERROR_TABLE_BASE_krb;
      return status;
    }
  params.u.mr_procno = MR_AUTH;
  params.mr_argc = 2;
  params.mr_argv = args;
  params.mr_argl = argl;
  params.mr_argv[0] = (char *)auth.dat;
  params.mr_argl[0] = auth.length;
  params.mr_argv[1] = prog;
  params.mr_argl[1] = strlen(prog) + 1;

  if ((status = mr_do_call(&params, &reply)) == MR_SUCCESS)
    status = reply.u.mr_status;

  mr_destroy_reply(reply);

  return status;
#else
  return MR_NO_KRB4;
#endif
}

int mr_proxy(char *principal, char *orig_authtype)
{
  int status;
  mr_params params, reply;
  char *args[2];

  CHECK_CONNECTED;

  params.u.mr_procno = MR_PROXY;
  params.mr_argc = 2;
  params.mr_argv = args;
  params.mr_argv[0] = principal;
  params.mr_argv[1] = orig_authtype;
  params.mr_argl = NULL;

  if ((status = mr_do_call(&params, &reply)) == MR_SUCCESS)
    status = reply.u.mr_status;

  mr_destroy_reply(reply);

  return status;
}

int mr_krb5_auth(char *prog)
{
  mr_params params, reply;
  char host[BUFSIZ], *p;
  char *args[2];
  int argl[2];
  krb5_ccache ccache = NULL;
  krb5_data auth;
  krb5_error_code problem = 0;

  CHECK_CONNECTED;

  memset(&auth, 0, sizeof(auth));

  if ((problem = mr_host(host, sizeof(host) - 1)))
    return problem;

  if (!context)
    {
      problem = krb5_init_context(&context);
      if (problem)
	goto out;
    }

  problem = krb5_auth_con_init(context, &auth_con);
  if (problem)
    goto out;

  problem = krb5_cc_default(context, &ccache);
  if (problem)
    goto out;

  problem = krb5_mk_req(context, &auth_con, 0, MOIRA_SNAME, host, NULL, 
		       ccache, &auth);
  if (problem)
    goto out;

  params.u.mr_procno = MR_KRB5_AUTH;
  params.mr_argc = 2;
  params.mr_argv = args;
  params.mr_argl = argl;
  params.mr_argv[0] = (char *)auth.data;
  params.mr_argl[0] = auth.length;
  params.mr_argv[1] = prog;
  params.mr_argl[1] = strlen(prog) + 1;

  if ((problem = mr_do_call(&params, &reply)) == MR_SUCCESS)
    problem = reply.u.mr_status;

  mr_destroy_reply(reply);

 out:
  if (ccache)
    krb5_cc_close(context, ccache);
  krb5_free_data_contents(context, &auth);
  if (auth_con)
    krb5_auth_con_free(context, auth_con);
  auth_con = NULL;

  return problem;
}
Commit	Line	Data
fa59b86f	1	/* $Id$
e2a67c78	2	*
7ac48069	3	* Handles the client side of the sending of authenticators to the moira server
e2a67c78	4	*
7ac48069	5	* Copyright (C) 1987-1998 by the Massachusetts Institute of Technology
	6	* For copying and distribution information, please see the file
	7	* <mit-copyright.h>.
e2a67c78	8	*/
e2a67c78	9
babbc197	10	#include <mit-copyright.h>
7ac48069	11	#include <moira.h>
8defc06b	12	#include "mr_private.h"
7ac48069	13
713cf9c9	14	#include <ctype.h>
85330553	15	#include <stdio.h>
8fd777cf	16	#include <string.h>
20e1c093	17
cb974713	18	#ifdef HAVE_KRB4
7ac48069	19	#include <krb.h>
cb974713	20	#endif
991417e4	21	#include <krb5.h>
	22
	23	krb5_context context = NULL;
	24	krb5_auth_context auth_con = NULL;
7ac48069	25
	26	RCSID("$Header$");
	27
59ec8dae	28	/* Authenticate this client with the Moira server. prog is the name of the
6e20c6e8	29	* client program, and will be recorded in the database.
	30	*/
	31
5eaef520	32	int mr_auth(char *prog)
e2a67c78	33	{
cb974713	34	#ifdef HAVE_KRB4
44d12d58	35	int status;
85330553	36	mr_params params, reply;
5eaef520	37	char *args[2];
	38	int argl[2];
	39	char realm[REALM_SZ], host[BUFSIZ], *p;
5eaef520	40	KTEXT_ST auth;
83e80378	41
5eaef520	42	CHECK_CONNECTED;
11cf0ee5	43
5eaef520	44	if ((status = mr_host(host, sizeof(host) - 1)))
	45	return status;
	46
7ac48069	47	strcpy(realm, krb_realmofhost(host));
5eaef520	48	for (p = host; p && p != '.'; p++)
5eaef520	49	{
713cf9c9	50	if (isupper(*p))
713cf9c9	51	p = tolower(p);
5eaef520	52	}
5eaef520	53	*p = '\0';
11cf0ee5	54
5eaef520	55	status = krb_mk_req(&auth, MOIRA_SNAME, host, realm, 0);
	56	if (status != KSUCCESS)
	57	{
	58	status += ERROR_TABLE_BASE_krb;
	59	return status;
	60	}
85330553	61	params.u.mr_procno = MR_AUTH;
	62	params.mr_argc = 2;
	63	params.mr_argv = args;
	64	params.mr_argl = argl;
	65	params.mr_argv[0] = (char *)auth.dat;
	66	params.mr_argl[0] = auth.length;
	67	params.mr_argv[1] = prog;
	68	params.mr_argl[1] = strlen(prog) + 1;
e2a67c78	69
85330553	70	if ((status = mr_do_call(&params, &reply)) == MR_SUCCESS)
85330553	71	status = reply.u.mr_status;
83e80378	72
5eaef520	73	mr_destroy_reply(reply);
	74
	75	return status;
cb974713	76	#else
	77	return MR_NO_KRB4;
	78	#endif
e2a67c78	79	}
ea16b46d	80
	81	int mr_proxy(char principal, char orig_authtype)
	82	{
	83	int status;
	84	mr_params params, reply;
	85	char *args[2];
	86
fea9f396	87	CHECK_CONNECTED;
fea9f396	88
ea16b46d	89	params.u.mr_procno = MR_PROXY;
	90	params.mr_argc = 2;
	91	params.mr_argv = args;
	92	params.mr_argv[0] = principal;
	93	params.mr_argv[1] = orig_authtype;
	94	params.mr_argl = NULL;
	95
	96	if ((status = mr_do_call(&params, &reply)) == MR_SUCCESS)
	97	status = reply.u.mr_status;
	98
	99	mr_destroy_reply(reply);
	100
	101	return status;
	102	}
991417e4	103
	104	int mr_krb5_auth(char *prog)
	105	{
	106	mr_params params, reply;
	107	char host[BUFSIZ], *p;
	108	char *args[2];
	109	int argl[2];
	110	krb5_ccache ccache = NULL;
	111	krb5_data auth;
	112	krb5_error_code problem = 0;
	113
	114	CHECK_CONNECTED;
	115
	116	memset(&auth, 0, sizeof(auth));
	117
	118	if ((problem = mr_host(host, sizeof(host) - 1)))
	119	return problem;
	120
991417e4	121	if (!context)
	122	{
	123	problem = krb5_init_context(&context);
	124	if (problem)
	125	goto out;
	126	}
	127
	128	problem = krb5_auth_con_init(context, &auth_con);
	129	if (problem)
	130	goto out;
	131
	132	problem = krb5_cc_default(context, &ccache);
	133	if (problem)
	134	goto out;
	135
548fc1f0	136	problem = krb5_mk_req(context, &auth_con, 0, MOIRA_SNAME, host, NULL,
991417e4	137	ccache, &auth);
	138	if (problem)
	139	goto out;
	140
	141	params.u.mr_procno = MR_KRB5_AUTH;
	142	params.mr_argc = 2;
	143	params.mr_argv = args;
	144	params.mr_argl = argl;
	145	params.mr_argv[0] = (char *)auth.data;
	146	params.mr_argl[0] = auth.length;
	147	params.mr_argv[1] = prog;
	148	params.mr_argl[1] = strlen(prog) + 1;
	149
	150	if ((problem = mr_do_call(&params, &reply)) == MR_SUCCESS)
	151	problem = reply.u.mr_status;
	152
	153	mr_destroy_reply(reply);
	154
	155	out:
	156	if (ccache)
	157	krb5_cc_close(context, ccache);
	158	krb5_free_data_contents(context, &auth);
	159	if (auth_con)
	160	krb5_auth_con_free(context, auth_con);
	161	auth_con = NULL;
	162
	163	return problem;
	164	}
	165