5 /* (c) Copyright 1988 by the Massachusetts Institute of Technology. */
6 /* For copying and distribution information, please see the file */
7 /* <mit-copyright.h>. */
10 static char *rcsid_auth_001_c = "$Header$";
13 #include <mit-copyright.h>
19 #include <netinet/in.h>
22 extern char buf[BUFSIZ];
23 extern int have_authorization;
24 extern struct sockaddr_in *client_address();
25 extern CONNECTION conn;
27 extern char *PrincipalHostname();
28 static char service[] = "rcmd";
29 static char master[] = "sms";
30 static char qmark[] = "???";
33 * authentication request auth_001:
35 * >>> (STRING) "auth_001"
47 char host[BUFSIZ], realm[REALM_SZ];
48 char aname[ANAME_SZ], ainst[INST_SZ], arealm[REALM_SZ];
50 char *p, *first, *config_lookup();
54 lose("sending okay for authorization (auth_001)");
55 code = receive_object(conn, (char *)&data, STRING_T);
57 code = connection_errno(conn);
58 lose("awaiting Kerberos authenticators");
60 gethostname(host, BUFSIZ);
62 ticket_st.length = MAX_STRING_SIZE(data);
63 bcopy(STRING_DATA(data), ticket_st.dat, MAX_STRING_SIZE(data));
64 code = krb_rd_req(&ticket_st, service,
65 krb_get_phost(host), 0,
68 code += ERROR_TABLE_BASE_krb;
69 strcpy(ad.pname, qmark);
70 strcpy(ad.pinst, qmark);
71 strcpy(ad.prealm, qmark);
75 /* If there is an auth record in the config file matching the
76 * authenticator we received, then accept it. If there's no
77 * auth record, assume [master]@[local realm].
79 if (first = p = config_lookup("auth")) {
81 kname_parse(aname, ainst, arealm, p);
82 if (strcmp(aname, ad.pname) ||
83 strcmp(ainst, ad.pinst) ||
84 strcmp(arealm, ad.prealm))
85 p = config_lookup("auth");
90 strcpy(aname, master);
92 if (krb_get_lrealm(arealm,1))
93 strcpy(arealm, KRB_REALM);
96 if (strcmp(aname, ad.pname) ||
97 strcmp(ainst, ad.pinst) ||
98 strcmp(arealm, ad.prealm))
101 lose("sending approval of authorization");
102 have_authorization = 1;
105 sprintf(buf, "auth for %s.%s@%s failed: %s",
106 ad.pname, ad.pinst, ad.prealm, error_message(code));
109 rc = send_object(conn, (char *)&code, INTEGER_T);
113 lose("sending rejection of authenticator");