]>
Commit | Line | Data |
---|---|---|
1 | /* $Id$ | |
2 | * | |
3 | * Copyright (C) 1988-1998 by the Massachusetts Institute of Technology. | |
4 | * For copying and distribution information, please see the file | |
5 | * <mit-copyright.h>. | |
6 | */ | |
7 | ||
8 | #include <mit-copyright.h> | |
9 | #include <moira.h> | |
10 | ||
11 | #include <sys/stat.h> | |
12 | ||
13 | #include <stdio.h> | |
14 | #include <string.h> | |
15 | ||
16 | #ifdef HAVE_KRB4 | |
17 | #include <krb.h> | |
18 | #else | |
19 | #define KTEXT void* | |
20 | #endif | |
21 | #include <krb5.h> | |
22 | #include <update.h> | |
23 | ||
24 | RCSID("$Header$"); | |
25 | ||
26 | #ifdef HAVE_KRB4 | |
27 | static char realm[REALM_SZ]; | |
28 | static char master[INST_SZ] = "sms"; | |
29 | static char service[ANAME_SZ] = "rcmd"; | |
30 | des_cblock session; | |
31 | #endif | |
32 | krb5_context context = NULL; | |
33 | ||
34 | #ifdef HAVE_KRB4 | |
35 | static int get_mr_tgt(void); | |
36 | #endif | |
37 | ||
38 | int get_mr_krb5_update_ticket(char *host, krb5_data *auth) | |
39 | { | |
40 | krb5_auth_context auth_con = NULL; | |
41 | krb5_ccache ccache = NULL; | |
42 | krb5_error_code code; | |
43 | ||
44 | code = krb5_init_context(&context); | |
45 | if (code) | |
46 | goto out; | |
47 | ||
48 | code = krb5_auth_con_init(context, &auth_con); | |
49 | if (code) | |
50 | goto out; | |
51 | ||
52 | code = krb5_cc_default(context, &ccache); | |
53 | if (code) | |
54 | goto out; | |
55 | ||
56 | code = krb5_mk_req(context, &auth_con, 0, "host", host, NULL, ccache, | |
57 | auth); | |
58 | ||
59 | out: | |
60 | if (ccache) | |
61 | krb5_cc_close(context, ccache); | |
62 | if (auth_con) | |
63 | krb5_auth_con_free(context, auth_con); | |
64 | return code; | |
65 | } | |
66 | ||
67 | int get_mr_update_ticket(char *host, KTEXT ticket) | |
68 | { | |
69 | #ifdef HAVE_KRB4 | |
70 | int code, pass; | |
71 | char phost[BUFSIZ]; | |
72 | CREDENTIALS cr; | |
73 | ||
74 | pass = 1; | |
75 | if (krb_get_lrealm(realm, 1)) | |
76 | strcpy(realm, KRB_REALM); | |
77 | strcpy(phost, (char *)krb_get_phost(host)); | |
78 | ||
79 | try_it: | |
80 | code = krb_mk_req(ticket, service, phost, realm, (long)0); | |
81 | if (code) | |
82 | { | |
83 | if (pass == 1) | |
84 | { | |
85 | /* maybe we're taking too long? */ | |
86 | if ((code = get_mr_tgt())) | |
87 | { | |
88 | com_err(whoami, code, "can't get Kerberos TGT"); | |
89 | return code; | |
90 | } | |
91 | pass++; | |
92 | goto try_it; | |
93 | } | |
94 | code += ERROR_TABLE_BASE_krb; | |
95 | com_err(whoami, code, "in krb_mk_req"); | |
96 | } | |
97 | else | |
98 | { | |
99 | code = krb_get_cred(service, phost, realm, &cr); | |
100 | if (code) | |
101 | code += ERROR_TABLE_BASE_krb; | |
102 | memcpy(session, cr.session, sizeof(session)); | |
103 | } | |
104 | return code; | |
105 | #else | |
106 | return MR_NO_KRB4; | |
107 | #endif | |
108 | } | |
109 | ||
110 | #ifdef HAVE_KRB4 | |
111 | static int get_mr_tgt(void) | |
112 | { | |
113 | int code; | |
114 | char linst[INST_SZ], kinst[INST_SZ]; | |
115 | ||
116 | linst[0] = '\0'; | |
117 | strcpy(kinst, "krbtgt"); | |
118 | code = krb_get_svc_in_tkt(master, linst, realm, kinst, realm, | |
119 | DEFAULT_TKT_LIFE, KEYFILE); | |
120 | if (!code) | |
121 | return 0; | |
122 | else | |
123 | return code + ERROR_TABLE_BASE_krb; | |
124 | } | |
125 | #endif |