3 * Copyright (C) 1988-1998 by the Massachusetts Institute of Technology.
4 * For copying and distribution information, please see the file
8 #include <mit-copyright.h>
10 #include "update_server.h"
12 #include <sys/utsname.h>
27 static char service[] = "host";
28 static char master[] = "sms";
29 static char qmark[] = "???";
32 * authentication request auth_003:
34 * >>> (STRING) "auth_003"
41 void auth_003(int conn, char *str)
43 krb5_context context = NULL;
44 krb5_auth_context auth_con = NULL;
46 krb5_principal server = NULL, client = NULL;
48 char *p, *first, *data;
49 char name[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ];
50 char aname[ANAME_SZ], ainst[INST_SZ], arealm[REALM_SZ];
60 recv_string(conn, &data, &size);
61 auth.data = malloc(size);
64 memcpy(auth.data, data, size);
68 code = krb5_init_context(&context);
71 com_err(whoami, code, "Initializing context");
76 code = krb5_auth_con_init(context, &auth_con);
79 com_err(whoami, code, "Initializing auth context");
86 com_err(whoami, errno, "Unable to get local hostname");
87 send_int(conn, errno);
91 code = krb5_sname_to_principal(context, uts.nodename, service,
92 KRB5_NT_SRV_HST, &server);
96 com_err(whoami, code, "(krb5_sname_to_principal failed)");
101 code = krb5_rd_req(context, &auth_con, &auth, server, NULL, NULL, &ticket);
107 strcpy(realm, qmark);
108 com_err(whoami, code, "auth for %s.%s@%s failed", name, inst, realm);
109 send_int(conn, code);
113 code = krb5_copy_principal(context, ticket->enc_part2->client, &client);
116 com_err(whoami, code, "(krb5_copy_principal failed)");
117 send_int(conn, code);
121 code = krb5_524_conv_principal(context, client, name, inst, realm);
124 com_err(whoami, code, "(krb5_524_conv_principal_failed)");
125 send_int(conn, code);
129 /* If there is an auth record in the config file matching the
130 * authenticator we received, then accept it. If there's no
131 * auth record, assume [master]@[local realm].
133 if ((first = p = config_lookup("auth")))
137 kname_parse(aname, ainst, arealm, p);
138 if (strcmp(aname, name) ||
139 strcmp(ainst, inst) ||
140 strcmp(arealm, realm))
141 p = config_lookup("auth");
149 strcpy(aname, master);
151 if (!krb5_get_default_realm(context, &lrealm))
153 strcpy(arealm, lrealm);
156 strcpy(arealm, KRB_REALM);
159 if (strcmp(aname, name) ||
160 strcmp(ainst, inst) ||
161 strcmp(arealm, realm))
163 com_err(whoami, code, "auth for %s.%s@%s failed", name, inst, realm);
164 send_int(conn, code);
168 have_authorization = 1;
174 krb5_free_principal(context, client);
176 krb5_free_principal(context, server);
178 krb5_free_ticket(context, ticket);
179 krb5_free_data_contents(context, &auth);
181 krb5_auth_con_free(context, auth_con);