3 * Handle server side of authentication
5 * Copyright (C) 1987-1998 by the Massachusetts Institute of Technology
6 * For copying and distribution information, please see the file
11 #include <mit-copyright.h>
12 #include "mr_server.h"
14 #include <sys/types.h>
16 #include <arpa/inet.h>
17 #include <netinet/in.h>
24 extern char *whoami, *host;
26 typedef struct _replay_cache {
29 struct _replay_cache *next;
32 replay_cache *rcache = NULL;
35 * Handle a MOIRA_AUTH RPC request.
37 * argv[0] is a kerberos authenticator. Decompose it, and if
38 * successful, store the name the user authenticated to in
42 void do_auth(client *cl, mr_params req)
47 replay_cache *rc, *rcnew;
50 auth.length = req.mr_argl[0];
51 memcpy(auth.dat, req.mr_argv[0], auth.length);
54 if ((status = krb_rd_req(&auth, MOIRA_SNAME, host,
55 cl->haddr.sin_addr.s_addr, &ad, "")))
57 status += ERROR_TABLE_BASE_krb;
58 client_reply(cl, status);
59 com_err(whoami, status, " (authentication failed)");
65 rcache = xmalloc(sizeof(replay_cache));
66 memset(rcache, 0, sizeof(replay_cache));
69 /* scan replay cache */
70 for (rc = rcache->next; rc; rc = rc->next)
72 if (auth.length == rc->auth.length &&
73 !memcmp(&(auth.dat), &(rc->auth.dat), auth.length))
76 "Authenticator replay from %s using authenticator for %s",
77 inet_ntoa(cl->haddr.sin_addr),
78 kname_unparse(ad.pname, ad.pinst, ad.prealm));
79 com_err(whoami, KE_RD_AP_REPEAT, " (authentication failed)");
80 client_reply(cl, KE_RD_AP_REPEAT);
87 rcnew = xmalloc(sizeof(replay_cache));
88 memcpy(&(rcnew->auth), &auth, sizeof(KTEXT_ST));
89 rcnew->expires = now + 2 * CLOCK_SKEW;
90 rcnew->next = rcache->next;
94 for (rc = rcnew; rc->next; )
96 if (rc->next->expires < now)
99 rc->next = rc->next->next;
106 memcpy(cl->kname.name, ad.pname, ANAME_SZ);
107 memcpy(cl->kname.inst, ad.pinst, INST_SZ);
108 memcpy(cl->kname.realm, ad.prealm, REALM_SZ);
109 strncpy(cl->clname, kname_unparse(ad.pname, ad.pinst, ad.prealm),
111 cl->clname[sizeof(cl->clname) - 1] = '\0';
113 if (ad.pinst[0] == 0 && !strcmp(ad.prealm, krb_realm))
117 /* this is in a separate function because it accesses the database */
118 status = set_krb_mapping(cl->clname, ad.pname, ok,
119 &cl->client_id, &cl->users_id);
121 strncpy(cl->entity, req.mr_argv[1], 8);
124 memset(&ad, 0, sizeof(ad)); /* Clean up session key, etc. */
126 com_err(whoami, 0, "Auth to %s using %s, uid %d cid %d",
127 cl->clname, cl->entity, cl->users_id, cl->client_id);
129 if (status != MR_SUCCESS || cl->users_id != 0)
130 client_reply(cl, status);
132 client_reply(cl, MR_USER_AUTH);