]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * $Source$ | |
3 | * $Header$ | |
4 | */ | |
5 | /* (c) Copyright 1988 by the Massachusetts Institute of Technology. */ | |
6 | /* For copying and distribution information, please see the file */ | |
7 | /* <mit-copyright.h>. */ | |
8 | ||
9 | #ifndef lint | |
10 | static char *rcsid_auth_001_c = "$Header$"; | |
11 | #endif lint | |
12 | ||
13 | #include <mit-copyright.h> | |
14 | #include <stdio.h> | |
15 | #include <string.h> | |
16 | #include <gdb.h> | |
17 | #include <krb.h> | |
18 | #include <krb_et.h> | |
19 | #include <netinet/in.h> | |
20 | #include <errno.h> | |
21 | #ifdef POSIX | |
22 | #include <sys/utsname.h> | |
23 | #endif | |
24 | ||
25 | extern char buf[BUFSIZ]; | |
26 | extern int have_authorization; | |
27 | extern struct sockaddr_in *client_address(); | |
28 | extern CONNECTION conn; | |
29 | int code; | |
30 | extern char *PrincipalHostname(); | |
31 | static char service[] = "rcmd"; | |
32 | static char master[] = "sms"; | |
33 | static char qmark[] = "???"; | |
34 | C_Block session; | |
35 | ||
36 | /* | |
37 | * authentication request auth_001: | |
38 | * | |
39 | * >>> (STRING) "auth_001" | |
40 | * <<< (int) 0 | |
41 | * >>> (STRING) ticket | |
42 | * <<< (int) code | |
43 | * | |
44 | */ | |
45 | ||
46 | int | |
47 | auth_001(str) | |
48 | char *str; | |
49 | { | |
50 | STRING data; | |
51 | char host[BUFSIZ], realm[REALM_SZ]; | |
52 | char aname[ANAME_SZ], ainst[INST_SZ], arealm[REALM_SZ]; | |
53 | AUTH_DAT ad; | |
54 | char *p, *first, *config_lookup(); | |
55 | KTEXT_ST ticket_st; | |
56 | #ifdef POSIX | |
57 | struct utsname name; | |
58 | #endif | |
59 | ||
60 | if (send_ok()) | |
61 | lose("sending okay for authorization (auth_001)"); | |
62 | code = receive_object(conn, (char *)&data, STRING_T); | |
63 | if (code) { | |
64 | code = connection_errno(conn); | |
65 | lose("awaiting Kerberos authenticators"); | |
66 | } | |
67 | #ifdef POSIX | |
68 | (void) uname(&name); | |
69 | strncpy(host, name.nodename, sizeof(host)); | |
70 | #else | |
71 | gethostname(host, sizeof(host)); | |
72 | #endif | |
73 | ticket_st.mbz = 0; | |
74 | ticket_st.length = MAX_STRING_SIZE(data); | |
75 | memcpy(ticket_st.dat, STRING_DATA(data), MAX_STRING_SIZE(data)); | |
76 | code = krb_rd_req(&ticket_st, service, | |
77 | krb_get_phost(host), 0, | |
78 | &ad, KEYFILE); | |
79 | if (code) { | |
80 | code += ERROR_TABLE_BASE_krb; | |
81 | strcpy(ad.pname, qmark); | |
82 | strcpy(ad.pinst, qmark); | |
83 | strcpy(ad.prealm, qmark); | |
84 | goto auth_failed; | |
85 | } | |
86 | ||
87 | /* If there is an auth record in the config file matching the | |
88 | * authenticator we received, then accept it. If there's no | |
89 | * auth record, assume [master]@[local realm]. | |
90 | */ | |
91 | if (first = p = config_lookup("auth")) { | |
92 | do { | |
93 | kname_parse(aname, ainst, arealm, p); | |
94 | if (strcmp(aname, ad.pname) || | |
95 | strcmp(ainst, ad.pinst) || | |
96 | strcmp(arealm, ad.prealm)) | |
97 | p = config_lookup("auth"); | |
98 | else | |
99 | p = first; | |
100 | } while (p != first); | |
101 | } else { | |
102 | strcpy(aname, master); | |
103 | strcpy(ainst, ""); | |
104 | if (krb_get_lrealm(arealm,1)) | |
105 | strcpy(arealm, KRB_REALM); | |
106 | } | |
107 | code = EPERM; | |
108 | if (strcmp(aname, ad.pname) || | |
109 | strcmp(ainst, ad.pinst) || | |
110 | strcmp(arealm, ad.prealm)) | |
111 | goto auth_failed; | |
112 | if (send_ok()) | |
113 | lose("sending approval of authorization"); | |
114 | have_authorization = 1; | |
115 | /* Stash away session key */ | |
116 | memcpy(session, ad.session, sizeof(session)); | |
117 | return(0); | |
118 | auth_failed: | |
119 | sprintf(buf, "auth for %s.%s@%s failed: %s", | |
120 | ad.pname, ad.pinst, ad.prealm, error_message(code)); | |
121 | { | |
122 | register int rc; | |
123 | rc = send_object(conn, (char *)&code, INTEGER_T); | |
124 | code = rc; | |
125 | } | |
126 | if (code) | |
127 | lose("sending rejection of authenticator"); | |
128 | return(EPERM); | |
129 | } |