3 * Copyright (C) 1988-1998 by the Massachusetts Institute of Technology.
4 * For copying and distribution information, please see the file
8 #include <mit-copyright.h>
10 #include "update_server.h"
12 #include <sys/utsname.h>
23 static char service[] = "host";
24 static char master[] = "sms";
25 static char qmark[] = "???";
28 * authentication request auth_003:
30 * >>> (STRING) "auth_003"
37 void auth_003(int conn, char *str)
39 krb5_context context = NULL;
40 krb5_auth_context auth_con = NULL;
42 krb5_principal server = NULL, client = NULL;
44 char *p, *first, *data;
45 char name[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ];
46 char aname[ANAME_SZ], ainst[INST_SZ], arealm[REALM_SZ];
55 recv_string(conn, &data, &size);
56 auth.data = malloc(size);
59 memcpy(auth.data, data, size);
63 code = krb5_init_context(&context);
66 com_err(whoami, code, "Initializing context");
71 code = krb5_auth_con_init(context, &auth_con);
74 com_err(whoami, code, "Initializing auth context");
81 com_err(whoami, errno, "Unable to get local hostname");
82 send_int(conn, errno);
86 code = krb5_sname_to_principal(context, uts.nodename, service,
87 KRB5_NT_SRV_HST, &server);
91 com_err(whoami, code, "(krb5_sname_to_principal failed)");
96 code = krb5_rd_req(context, &auth_con, &auth, server, NULL, NULL, &ticket);
102 strcpy(realm, qmark);
103 com_err(whoami, code, "auth for %s.%s@%s failed", name, inst, realm);
104 send_int(conn, code);
108 code = krb5_copy_principal(context, ticket->enc_part2->client, &client);
111 com_err(whoami, code, "(krb5_copy_principal failed)");
112 send_int(conn, code);
116 code = krb5_524_conv_principal(context, client, name, inst, realm);
119 com_err(whoami, code, "(krb5_524_conv_principal_failed)");
120 send_int(conn, code);
124 /* If there is an auth record in the config file matching the
125 * authenticator we received, then accept it. If there's no
126 * auth record, assume [master]@[local realm].
128 if ((first = p = config_lookup("auth")))
132 kname_parse(aname, ainst, arealm, p);
133 if (strcmp(aname, name) ||
134 strcmp(ainst, inst) ||
135 strcmp(arealm, realm))
136 p = config_lookup("auth");
144 strcpy(aname, master);
146 if (krb_get_lrealm(arealm, 1))
147 strcpy(arealm, KRB_REALM);
150 if (strcmp(aname, name) ||
151 strcmp(ainst, inst) ||
152 strcmp(arealm, realm))
154 com_err(whoami, code, "auth for %s.%s@%s failed", name, inst, realm);
155 send_int(conn, code);
159 have_authorization = 1;
163 krb5_free_principal(context, client);
165 krb5_free_principal(context, server);
167 krb5_free_ticket(context, ticket);
168 krb5_free_data_contents(context, &auth);
170 krb5_auth_con_free(context, auth_con);