5 /* (c) Copyright 1988 by the Massachusetts Institute of Technology. */
6 /* For copying and distribution information, please see the file */
7 /* <mit-copyright.h>. */
10 static char *rcsid_auth_001_c = "$Header$";
13 #include <mit-copyright.h>
19 #include <netinet/in.h>
22 extern char buf[BUFSIZ];
23 extern int have_authorization;
24 extern struct sockaddr_in *client_address();
25 extern CONNECTION conn;
27 extern char *PrincipalHostname();
28 static char service[] = "rcmd";
29 static char master[] = "sms";
30 static char qmark[] = "???";
34 * authentication request auth_001:
36 * >>> (STRING) "auth_001"
48 char host[BUFSIZ], realm[REALM_SZ];
49 char aname[ANAME_SZ], ainst[INST_SZ], arealm[REALM_SZ];
51 char *p, *first, *config_lookup();
55 lose("sending okay for authorization (auth_001)");
56 code = receive_object(conn, (char *)&data, STRING_T);
58 code = connection_errno(conn);
59 lose("awaiting Kerberos authenticators");
61 gethostname(host, BUFSIZ);
63 ticket_st.length = MAX_STRING_SIZE(data);
64 bcopy(STRING_DATA(data), ticket_st.dat, MAX_STRING_SIZE(data));
65 code = krb_rd_req(&ticket_st, service,
66 krb_get_phost(host), 0,
69 code += ERROR_TABLE_BASE_krb;
70 strcpy(ad.pname, qmark);
71 strcpy(ad.pinst, qmark);
72 strcpy(ad.prealm, qmark);
76 /* If there is an auth record in the config file matching the
77 * authenticator we received, then accept it. If there's no
78 * auth record, assume [master]@[local realm].
80 if (first = p = config_lookup("auth")) {
82 kname_parse(aname, ainst, arealm, p);
83 if (strcmp(aname, ad.pname) ||
84 strcmp(ainst, ad.pinst) ||
85 strcmp(arealm, ad.prealm))
86 p = config_lookup("auth");
91 strcpy(aname, master);
93 if (krb_get_lrealm(arealm,1))
94 strcpy(arealm, KRB_REALM);
97 if (strcmp(aname, ad.pname) ||
98 strcmp(ainst, ad.pinst) ||
99 strcmp(arealm, ad.prealm))
102 lose("sending approval of authorization");
103 have_authorization = 1;
104 /* Stash away session key */
105 bcopy(ad.session, session, sizeof(session));
108 sprintf(buf, "auth for %s.%s@%s failed: %s",
109 ad.pname, ad.pinst, ad.prealm, error_message(code));
112 rc = send_object(conn, (char *)&code, INTEGER_T);
116 lose("sending rejection of authenticator");