]>
Commit | Line | Data |
---|---|---|
1 | /* $Id$ | |
2 | * | |
3 | * Copyright (C) 1988-1998 by the Massachusetts Institute of Technology. | |
4 | * For copying and distribution information, please see the file | |
5 | * <mit-copyright.h>. | |
6 | */ | |
7 | ||
8 | #include <mit-copyright.h> | |
9 | #include <moira.h> | |
10 | ||
11 | #include <sys/stat.h> | |
12 | ||
13 | #include <stdio.h> | |
14 | #include <string.h> | |
15 | ||
16 | #ifdef HAVE_KRB4 | |
17 | #include <krb.h> | |
18 | #else | |
19 | #define KTEXT void* | |
20 | #endif | |
21 | #include <krb5.h> | |
22 | #include <update.h> | |
23 | ||
24 | RCSID("$Header$"); | |
25 | ||
26 | #ifdef HAVE_KRB4 | |
27 | static char realm[REALM_SZ]; | |
28 | static char master[INST_SZ] = "sms"; | |
29 | static char service[ANAME_SZ] = "rcmd"; | |
30 | des_cblock session; | |
31 | #endif | |
32 | krb5_context context = NULL; | |
33 | ||
34 | static int get_mr_krb5_tgt(krb5_context context, krb5_ccache ccache); | |
35 | #ifdef HAVE_KRB4 | |
36 | static int get_mr_tgt(void); | |
37 | #endif | |
38 | ||
39 | int get_mr_krb5_update_ticket(char *host, krb5_data *auth) | |
40 | { | |
41 | krb5_auth_context auth_con = NULL; | |
42 | krb5_ccache ccache = NULL; | |
43 | krb5_error_code code; | |
44 | int pass = 1; | |
45 | ||
46 | code = krb5_init_context(&context); | |
47 | if (code) | |
48 | goto out; | |
49 | ||
50 | code = krb5_auth_con_init(context, &auth_con); | |
51 | if (code) | |
52 | goto out; | |
53 | ||
54 | code = krb5_cc_default(context, &ccache); | |
55 | if (code) | |
56 | goto out; | |
57 | ||
58 | try_it: | |
59 | code = krb5_mk_req(context, &auth_con, 0, "host", host, NULL, ccache, | |
60 | auth); | |
61 | if (code) | |
62 | { | |
63 | if (pass == 1) | |
64 | { | |
65 | if ((code = get_mr_krb5_tgt(context, ccache))) | |
66 | { | |
67 | com_err(whoami, code, "can't get Kerberos v5 TGT"); | |
68 | return code; | |
69 | } | |
70 | pass++; | |
71 | goto try_it; | |
72 | } | |
73 | com_err(whoami, code, "in krb5_mk_req"); | |
74 | } | |
75 | ||
76 | out: | |
77 | if (ccache) | |
78 | krb5_cc_close(context, ccache); | |
79 | if (auth_con) | |
80 | krb5_auth_con_free(context, auth_con); | |
81 | return code; | |
82 | } | |
83 | ||
84 | int get_mr_krb5_tgt(krb5_context context, krb5_ccache ccache) | |
85 | { | |
86 | krb5_creds my_creds; | |
87 | krb5_principal me = NULL; | |
88 | krb5_error_code code; | |
89 | ||
90 | memset(&my_creds, 0, sizeof(my_creds)); | |
91 | ||
92 | code = krb5_parse_name(context, master, &me); | |
93 | if (code) | |
94 | goto out; | |
95 | ||
96 | code = krb5_get_init_creds_keytab(context, &my_creds, me, NULL, NULL, NULL, NULL); | |
97 | if (code) | |
98 | goto out; | |
99 | ||
100 | code = krb5_cc_initialize(context, ccache, me); | |
101 | if (code) | |
102 | goto out; | |
103 | ||
104 | code = krb5_cc_store_cred(context, ccache, &my_creds); | |
105 | if (code) | |
106 | goto out; | |
107 | ||
108 | out: | |
109 | if (me) | |
110 | krb5_free_principal(context, me); | |
111 | krb5_free_cred_contents(context, &my_creds); | |
112 | ||
113 | return code; | |
114 | } | |
115 | ||
116 | int get_mr_update_ticket(char *host, KTEXT ticket) | |
117 | { | |
118 | #ifdef HAVE_KRB4 | |
119 | int code, pass; | |
120 | char phost[BUFSIZ]; | |
121 | CREDENTIALS cr; | |
122 | ||
123 | pass = 1; | |
124 | if (krb_get_lrealm(realm, 1)) | |
125 | strcpy(realm, KRB_REALM); | |
126 | strcpy(phost, (char *)krb_get_phost(host)); | |
127 | ||
128 | try_it: | |
129 | code = krb_mk_req(ticket, service, phost, realm, (long)0); | |
130 | if (code) | |
131 | { | |
132 | if (pass == 1) | |
133 | { | |
134 | /* maybe we're taking too long? */ | |
135 | if ((code = get_mr_tgt())) | |
136 | { | |
137 | com_err(whoami, code, "can't get Kerberos TGT"); | |
138 | return code; | |
139 | } | |
140 | pass++; | |
141 | goto try_it; | |
142 | } | |
143 | code += ERROR_TABLE_BASE_krb; | |
144 | com_err(whoami, code, "in krb_mk_req"); | |
145 | } | |
146 | else | |
147 | { | |
148 | code = krb_get_cred(service, phost, realm, &cr); | |
149 | if (code) | |
150 | code += ERROR_TABLE_BASE_krb; | |
151 | memcpy(session, cr.session, sizeof(session)); | |
152 | } | |
153 | return code; | |
154 | #else | |
155 | return MR_NO_KRB4; | |
156 | #endif | |
157 | } | |
158 | ||
159 | #ifdef HAVE_KRB4 | |
160 | static int get_mr_tgt(void) | |
161 | { | |
162 | int code; | |
163 | char linst[INST_SZ], kinst[INST_SZ]; | |
164 | ||
165 | linst[0] = '\0'; | |
166 | strcpy(kinst, "krbtgt"); | |
167 | code = krb_get_svc_in_tkt(master, linst, realm, kinst, realm, | |
168 | DEFAULT_TKT_LIFE, KEYFILE); | |
169 | if (!code) | |
170 | return 0; | |
171 | else | |
172 | return code + ERROR_TABLE_BASE_krb; | |
173 | } | |
174 | #endif |