[moira.git] / server / mr_sauth.c

/*
 *	$Source$
 *	$Author$
 *	$Header$
 *
 *	Copyright (C) 1987 by the Massachusetts Institute of Technology
 *	For copying and distribution information, please see the file
 *	<mit-copyright.h>.
 *
 */

#ifndef lint
static char *rcsid_sms_sauth_c = "$Header$";
#endif lint

#include <mit-copyright.h>
#include <strings.h>
#include "mr_server.h"
#include <ctype.h>
#include <krb_et.h>

extern char buf1[];
extern char *whoami;

char *kname_unparse();

/*
 * Handle a MOIRA_AUTH RPC request.
 *
 * argv[0] is a kerberos authenticator.  Decompose it, and if
 * successful, store the name the user authenticated to in 
 * cl->cl_name.
 */

void
do_auth(cl)
	client *cl;
{
	KTEXT_ST auth;
	AUTH_DAT ad;
	int status, ok;
	char buf[REALM_SZ+INST_SZ+ANAME_SZ], hostbuf[BUFSIZ], *host, *p;
	extern int errno;

	auth.length = cl->args->mr_argl[0];
	bcopy(cl->args->mr_argv[0], (char *)auth.dat, auth.length);
	auth.mbz = 0;
	if (gethostname(hostbuf, sizeof(hostbuf)) < 0)
	  com_err(whoami, errno, "Unable to get local hostname");
	host = canonicalize_hostname(strsave(hostbuf));
	for (p = host; *p && *p != '.'; p++)
	  if (isupper(*p))
	    *p = tolower(*p);
	*p = 0;

	if ((status = krb_rd_req (&auth, MOIRA_SNAME, host, cl->haddr.sin_addr,
				 &ad, "")) != 0 &&
	    /* for backwards compatability with old clients */
	    (status = krb_rd_req (&auth, "sms", "sms", cl->haddr.sin_addr,
				 &ad, "")) != 0) {
		status += ERROR_TABLE_BASE_krb;
		cl->reply.mr_status = status;
		if (log_flags & LOG_RES)
			com_err(whoami, status, "(authentication failed)");
		return;
	}
	free(host);

	bcopy(ad.pname, cl->kname.name, ANAME_SZ);
	bcopy(ad.pinst, cl->kname.inst, INST_SZ);
	bcopy(ad.prealm, cl->kname.realm, REALM_SZ);
	strcpy(cl->clname, kname_unparse(ad.pname, ad.pinst, ad.prealm));

	if (ad.pinst[0] == 0 && !strcmp(ad.prealm, krb_realm))
	  ok = 1;
	else
	  ok = 0;
	/* this is in a separate function because it accesses the database */
	status = set_krb_mapping(cl->clname, ad.pname, ok,
				 &cl->client_id, &cl->users_id);

	if (cl->args->mr_version_no == MR_VERSION_2) {
	    strncpy(cl->entity, cl->args->mr_argv[1], 8);
	    cl->entity[8] = 0;
	} else {
	    strcpy(cl->entity, "???");
	}
	bzero(&ad, sizeof(ad));	/* Clean up session key, etc. */

	if (log_flags & LOG_RES)
	    com_err(whoami, 0, "Auth to %s using %s, uid %d cid %d",
		    cl->clname, cl->entity, cl->users_id, cl->client_id);
	if (status != MR_SUCCESS)
	  cl->reply.mr_status = status;
	else if (cl->users_id == 0)
	  cl->reply.mr_status = MR_USER_AUTH;
}


/* Turn a principal, instance, realm triple into a single non-ambiguous 
 * string.  This is the inverse of kname_parse().  It returns a pointer
 * to a static buffer, or NULL on error.
 */

char *kname_unparse(p, i, r)
char *p;
char *i;
char *r;
{
    static char name[MAX_K_NAME_SZ];
    char *s;

    s = name;
    if (!p || strlen(p) > ANAME_SZ)
      return(NULL);
    while (*p) {
	switch (*p) {
	case '@':
	    *s++ = '\\';
	    *s++ = '@';
	    break;
	case '.':
	    *s++ = '\\';
	    *s++ = '.';
	    break;
	case '\\':
	    *s++ = '\\';
	    *s++ = '\\';
	    break;
	default:
	    *s++ = *p;
	}
	p++;
    }
    if (i && *i) {
	if (strlen(i) > INST_SZ)
	  return(NULL);
	*s++ = '.';
	while (*i) {
	    switch (*i) {
	    case '@':
		*s++ = '\\';
		*s++ = '@';
		break;
	    case '.':
		*s++ = '\\';
		*s++ = '.';
		break;
	    case '\\':
		*s++ = '\\';
		*s++ = '\\';
		break;
	    default:
		*s++ = *i;
	    }
	    i++;
	}
    }
    *s++ = '@';
    if (!r || strlen(r) > REALM_SZ)
      return(NULL);
    while (*r) {
	switch (*r) {
	case '@':
	    *s++ = '\\';
	    *s++ = '@';
	    break;
	case '\\':
	    *s++ = '\\';
	    *s++ = '\\';
	    break;
	default:
	    *s++ = *r;
	}
	r++;
    }
    *s = '\0';
    return(&name[0]);
}
Commit	Line	Data
a3cf6921	1	/*
	2	* $Source$
	3	* $Author$
	4	* $Header$
	5	*
	6	* Copyright (C) 1987 by the Massachusetts Institute of Technology
c801de4c	7	* For copying and distribution information, please see the file
c801de4c	8	* <mit-copyright.h>.
a3cf6921	9	*
a3cf6921	10	*/
	11
	12	#ifndef lint
	13	static char *rcsid_sms_sauth_c = "$Header$";
	14	#endif lint
	15
c801de4c	16	#include <mit-copyright.h>
a3cf6921	17	#include <strings.h>
d548a4e7	18	#include "mr_server.h"
713cf9c9	19	#include <ctype.h>
40165bd0	20	#include <krb_et.h>
a3cf6921	21
	22	extern char buf1[];
	23	extern char *whoami;
a3cf6921	24
c1665e6d	25	char *kname_unparse();
c1665e6d	26
a3cf6921	27	/*
d548a4e7	28	* Handle a MOIRA_AUTH RPC request.
a3cf6921	29	*
	30	* argv[0] is a kerberos authenticator. Decompose it, and if
	31	* successful, store the name the user authenticated to in
	32	* cl->cl_name.
	33	*/
	34
	35	void
	36	do_auth(cl)
	37	client *cl;
	38	{
	39	KTEXT_ST auth;
	40	AUTH_DAT ad;
c1665e6d	41	int status, ok;
713cf9c9	42	char buf[REALM_SZ+INST_SZ+ANAME_SZ], hostbuf[BUFSIZ], host, p;
a53c9c79	43	extern int errno;
713cf9c9	44
d548a4e7	45	auth.length = cl->args->mr_argl[0];
d548a4e7	46	bcopy(cl->args->mr_argv[0], (char *)auth.dat, auth.length);
a3cf6921	47	auth.mbz = 0;
713cf9c9	48	if (gethostname(hostbuf, sizeof(hostbuf)) < 0)
	49	com_err(whoami, errno, "Unable to get local hostname");
	50	host = canonicalize_hostname(strsave(hostbuf));
	51	for (p = host; p && p != '.'; p++)
	52	if (isupper(*p))
	53	p = tolower(p);
	54	*p = 0;
	55
	56	if ((status = krb_rd_req (&auth, MOIRA_SNAME, host, cl->haddr.sin_addr,
9b612b77	57	&ad, "")) != 0 &&
	58	/* for backwards compatability with old clients */
	59	(status = krb_rd_req (&auth, "sms", "sms", cl->haddr.sin_addr,
40165bd0	60	&ad, "")) != 0) {
40165bd0	61	status += ERROR_TABLE_BASE_krb;
d548a4e7	62	cl->reply.mr_status = status;
060e9c63	63	if (log_flags & LOG_RES)
060e9c63	64	com_err(whoami, status, "(authentication failed)");
a3cf6921	65	return;
a3cf6921	66	}
713cf9c9	67	free(host);
c1665e6d	68
8a36ddfe	69	bcopy(ad.pname, cl->kname.name, ANAME_SZ);
	70	bcopy(ad.pinst, cl->kname.inst, INST_SZ);
	71	bcopy(ad.prealm, cl->kname.realm, REALM_SZ);
c1665e6d	72	strcpy(cl->clname, kname_unparse(ad.pname, ad.pinst, ad.prealm));
90021a6f	73
c1665e6d	74	if (ad.pinst[0] == 0 && !strcmp(ad.prealm, krb_realm))
	75	ok = 1;
	76	else
	77	ok = 0;
	78	/* this is in a separate function because it accesses the database */
aa3c5c98	79	status = set_krb_mapping(cl->clname, ad.pname, ok,
aa3c5c98	80	&cl->client_id, &cl->users_id);
90021a6f	81
d548a4e7	82	if (cl->args->mr_version_no == MR_VERSION_2) {
dda4020f	83	strncpy(cl->entity, cl->args->mr_argv[1], 8);
c1665e6d	84	cl->entity[8] = 0;
90021a6f	85	} else {
c1665e6d	86	strcpy(cl->entity, "???");
060e9c63	87	}
c0d41186	88	bzero(&ad, sizeof(ad)); /* Clean up session key, etc. */
90021a6f	89
90021a6f	90	if (log_flags & LOG_RES)
c1665e6d	91	com_err(whoami, 0, "Auth to %s using %s, uid %d cid %d",
c1665e6d	92	cl->clname, cl->entity, cl->users_id, cl->client_id);
aa3c5c98	93	if (status != MR_SUCCESS)
	94	cl->reply.mr_status = status;
	95	else if (cl->users_id == 0)
d548a4e7	96	cl->reply.mr_status = MR_USER_AUTH;
a3cf6921	97	}
c1665e6d	98
	99
	100	/* Turn a principal, instance, realm triple into a single non-ambiguous
	101	* string. This is the inverse of kname_parse(). It returns a pointer
	102	* to a static buffer, or NULL on error.
	103	*/
	104
	105	char *kname_unparse(p, i, r)
	106	char *p;
	107	char *i;
	108	char *r;
	109	{
	110	static char name[MAX_K_NAME_SZ];
	111	char *s;
	112
	113	s = name;
	114	if (!p \|\| strlen(p) > ANAME_SZ)
	115	return(NULL);
	116	while (*p) {
	117	switch (*p) {
	118	case '@':
	119	*s++ = '\\';
	120	*s++ = '@';
	121	break;
	122	case '.':
	123	*s++ = '\\';
	124	*s++ = '.';
	125	break;
	126	case '\\':
	127	*s++ = '\\';
	128	*s++ = '\\';
	129	break;
	130	default:
	131	s++ = p;
	132	}
	133	p++;
	134	}
	135	if (i && *i) {
	136	if (strlen(i) > INST_SZ)
	137	return(NULL);
	138	*s++ = '.';
	139	while (*i) {
	140	switch (*i) {
	141	case '@':
	142	*s++ = '\\';
	143	*s++ = '@';
	144	break;
	145	case '.':
	146	*s++ = '\\';
	147	*s++ = '.';
	148	break;
	149	case '\\':
	150	*s++ = '\\';
	151	*s++ = '\\';
	152	break;
	153	default:
	154	s++ = i;
	155	}
	156	i++;
	157	}
	158	}
	159	*s++ = '@';
	160	if (!r \|\| strlen(r) > REALM_SZ)
	161	return(NULL);
162	while (*r) {
163	switch (*r) {
164	case '@':
165	*s++ = '\\';
166	*s++ = '@';
167	break;
168	case '\\':
169	*s++ = '\\';
170	*s++ = '\\';
171	break;
172	default:
173	s++ = r;
174	}
175	r++;
176	}
177	*s = '\0';
178	return(&name[0]);
179	}