andersk Git - moira.git/blame_incremental

... / ...

Commit	Line	Data
	1	/* $Id$
	2	*
	3	* Copyright (C) 1988-1998 by the Massachusetts Institute of Technology.
	4	* For copying and distribution information, please see the file
	5	* <mit-copyright.h>.
	6	*/
	7
	8	#include <mit-copyright.h>
	9	#include <moira.h>
	10
	11	#include <sys/stat.h>
	12
	13	#include <stdio.h>
	14	#include <string.h>
	15
	16	#ifdef HAVE_KRB4
	17	#include <krb.h>
	18	#else
	19	#define KTEXT void*
	20	#endif
	21	#include <krb5.h>
	22	#include <update.h>
	23
	24	RCSID("$Header$");
	25
	26	#ifdef HAVE_KRB4
	27	static char realm[REALM_SZ];
	28	static char master[INST_SZ] = "sms";
	29	static char service[ANAME_SZ] = "rcmd";
	30	des_cblock session;
	31	#endif
	32	krb5_context context = NULL;
	33
	34	static int get_mr_krb5_tgt(krb5_context context, krb5_ccache ccache);
	35	#ifdef HAVE_KRB4
	36	static int get_mr_tgt(void);
	37	#endif
	38
	39	int get_mr_krb5_update_ticket(char host, krb5_data auth)
	40	{
	41	krb5_auth_context auth_con = NULL;
	42	krb5_ccache ccache = NULL;
	43	krb5_error_code code;
	44	int pass = 1;
	45
	46	code = krb5_init_context(&context);
	47	if (code)
	48	goto out;
	49
	50	code = krb5_auth_con_init(context, &auth_con);
	51	if (code)
	52	goto out;
	53
	54	code = krb5_cc_default(context, &ccache);
	55	if (code)
	56	goto out;
	57
	58	try_it:
	59	code = krb5_mk_req(context, &auth_con, 0, "host", host, NULL, ccache,
	60	auth);
	61	if (code)
	62	{
	63	if (pass == 1)
	64	{
	65	if ((code = get_mr_krb5_tgt(context, ccache)))
	66	{
	67	com_err(whoami, code, "can't get Kerberos v5 TGT");
	68	return code;
	69	}
	70	pass++;
	71	goto try_it;
	72	}
	73	com_err(whoami, code, "in krb5_mk_req");
	74	}
	75
	76	out:
	77	if (ccache)
	78	krb5_cc_close(context, ccache);
	79	if (auth_con)
	80	krb5_auth_con_free(context, auth_con);
	81	return code;
	82	}
	83
	84	int get_mr_krb5_tgt(krb5_context context, krb5_ccache ccache)
	85	{
	86	krb5_creds my_creds;
	87	krb5_principal me = NULL;
	88	krb5_error_code code;
	89
	90	memset(&my_creds, 0, sizeof(my_creds));
	91
	92	code = krb5_parse_name(context, master, &me);
	93	if (code)
	94	goto out;
	95
	96	code = krb5_get_init_creds_keytab(context, &my_creds, me, NULL, NULL, NULL, NULL);
	97	if (code)
	98	goto out;
	99
	100	code = krb5_cc_initialize(context, ccache, me);
	101	if (code)
	102	goto out;
	103
	104	code = krb5_cc_store_cred(context, ccache, &my_creds);
	105	if (code)
	106	goto out;
	107
	108	out:
	109	if (me)
	110	krb5_free_principal(context, me);
	111	krb5_free_cred_contents(context, &my_creds);
	112
	113	return code;
	114	}
	115
	116	int get_mr_update_ticket(char *host, KTEXT ticket)
	117	{
	118	#ifdef HAVE_KRB4
	119	int code, pass;
	120	char phost[BUFSIZ];
	121	CREDENTIALS cr;
	122
	123	pass = 1;
	124	if (krb_get_lrealm(realm, 1))
	125	strcpy(realm, KRB_REALM);
	126	strcpy(phost, (char *)krb_get_phost(host));
	127
	128	try_it:
	129	code = krb_mk_req(ticket, service, phost, realm, (long)0);
	130	if (code)
	131	{
	132	if (pass == 1)
	133	{
	134	/* maybe we're taking too long? */
	135	if ((code = get_mr_tgt()))
	136	{
	137	com_err(whoami, code, "can't get Kerberos TGT");
	138	return code;
	139	}
	140	pass++;
	141	goto try_it;
	142	}
	143	code += ERROR_TABLE_BASE_krb;
	144	com_err(whoami, code, "in krb_mk_req");
	145	}
	146	else
	147	{
	148	code = krb_get_cred(service, phost, realm, &cr);
	149	if (code)
	150	code += ERROR_TABLE_BASE_krb;
	151	memcpy(session, cr.session, sizeof(session));
	152	}
	153	return code;
	154	#else
	155	return MR_NO_KRB4;
	156	#endif
	157	}
	158
	159	#ifdef HAVE_KRB4
	160	static int get_mr_tgt(void)
	161	{
	162	int code;
	163	char linst[INST_SZ], kinst[INST_SZ];
	164
	165	linst[0] = '\0';
	166	strcpy(kinst, "krbtgt");
	167	code = krb_get_svc_in_tkt(master, linst, realm, kinst, realm,
	168	DEFAULT_TKT_LIFE, KEYFILE);
	169	if (!code)
	170	return 0;
	171	else
	172	return code + ERROR_TABLE_BASE_krb;
	173	}
	174	#endif