3 * Kerberos routines for registration server
5 * Copyright (C) 1998 by the Massachusetts Institute of Technology
6 * For copying and distribution information, please see the file
11 #include <mit-copyright.h>
15 #if !defined(KRB4) && !defined(KRB5)
24 #define KRB5_DEPRECATED 1
25 #define KRB5_PRIVATE 1
35 #include <kadm5/admin.h>
43 extern char *hostname, *shorthostname;
46 long init_kerberos(void)
50 /* Initialize Kerberos stuff. */
51 code = krb5_init_context(&context);
54 krb_set_tkt_string("/tmp/tkt_ureg");
58 /* Check the kerberos database to see if a principal exists */
59 long check_kerberos(char *username)
65 #ifdef KERBEROS_TEST_REALM
68 sprintf(ubuf, "%s@%s", username, KERBEROS_TEST_REALM);
72 memset(&creds, 0, sizeof(creds));
73 code = krb5_parse_name(context, username, &creds.client);
77 realm = krb5_princ_realm(context, creds.client);
78 code = krb5_build_principal_ext(context, &creds.server,
79 realm->length, realm->data,
80 KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
81 realm->length, realm->data, 0);
85 code = krb5_timeofday(context, &now);
89 creds.times.starttime = 0;
90 creds.times.endtime = now + 60;
92 code = krb5_get_in_tkt_with_password(context,
96 NULL /* pre_auth_types */,
100 NULL /* ret_as_reply */);
103 krb5_free_principal(context, creds.client);
104 krb5_free_principal(context, creds.server);
106 if (code == KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN)
112 /* Create a new principal in Kerberos */
113 long register_kerberos(char *username, char *password)
115 void *kadm_server_handle = NULL;
117 kadm5_principal_ent_rec princ;
118 kadm5_policy_ent_rec defpol;
119 kadm5_config_params realm_params;
120 char admin_princ[256];
122 #ifdef KERBEROS_TEST_REALM
125 sprintf(admin_princ, "moira/%s@%s", hostname, KERBEROS_TEST_REALM);
126 sprintf(ubuf, "%s@%s", username, KERBEROS_TEST_REALM);
128 realm_params.realm = KERBEROS_TEST_REALM;
129 realm_params.mask = KADM5_CONFIG_REALM;
131 strcpy(admin_princ, REG_SVR_PRINCIPAL);
132 realm_params.mask = 0;
135 memset(&princ, 0, sizeof(princ));
137 status = krb5_parse_name(context, username, &(princ.principal));
142 status = kadm5_init_with_skey(admin_princ, NULL, KADM5_ADMIN_SERVICE,
143 &realm_params, KADM5_STRUCT_VERSION,
144 KADM5_API_VERSION_2, &kadm_server_handle);
148 /* Assign "default" policy if it exists. */
149 if (!kadm5_get_policy(kadm_server_handle, "default", &defpol))
151 princ.policy = "default";
152 mask |= KADM5_POLICY;
153 (void) kadm5_free_policy_ent(kadm_server_handle, &defpol);
156 mask |= KADM5_PRINCIPAL;
157 status = kadm5_create_principal(kadm_server_handle, &princ, mask, password);
160 krb5_free_principal(context, princ.principal);
161 if (kadm_server_handle)
162 kadm5_destroy(kadm_server_handle);
164 if (status == KADM5_DUP)
166 else if (status == KADM5_PASS_Q_TOOSHORT ||
167 status == KADM5_PASS_Q_CLASS ||
168 status == KADM5_PASS_Q_DICT)
175 char realm[REALM_SZ];
177 long init_kerberos(void)
179 return krb_get_lrealm(realm, 1);
182 long check_kerberos(char *username)
186 status = krb_get_pw_in_tkt(username, "", realm, "krbtgt", realm, 1, "");
187 if (status == KDC_PR_UNKNOWN)
193 long register_kerberos(char *username, char *password)
198 unsigned long *lkey = (unsigned long *)key;
200 if ((status = krb_get_svc_in_tkt(MOIRA_SNAME, shorthostname, realm,
201 PWSERV_NAME, KADM_SINST, 3, KEYFILE)))
204 if ((status = kadm_init_link(PWSERV_NAME, KADM_SINST, realm)) !=
208 memset(&new, 0, sizeof(new));
209 SET_FIELD(KADM_DESKEY, new.fields);
210 SET_FIELD(KADM_NAME, new.fields);
212 des_string_to_key(password, key);
213 new.key_low = htonl(lkey[0]);
214 new.key_high = htonl(lkey[1]);
215 strcpy(new.name, username);
217 status = kadm_add(&new);
218 memset(&new, 0, sizeof(new));
221 if (status == KADM_INUSE)