-/*
- * $Source$
- * $Header$
+/* $Id$
+ *
+ * Copyright (C) 1988-1998 by the Massachusetts Institute of Technology.
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
*/
-#ifndef lint
-static char *rcsid_ticket_c = "$Header$";
-#endif lint
+#include <mit-copyright.h>
+#include <moira.h>
+
+#include <sys/stat.h>
#include <stdio.h>
+#include <string.h>
+
+#ifdef HAVE_KRB4
#include <krb.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <strings.h>
-#include "sms_update_int.h"
-#include "com_err.h"
-#include "kludge.h"
-
-/* too bad we can't set the pathname easily */
-/*static char tkt_pathname[] = "/tmp/tkt:sms";*/
-static char *srvtab = SRVTAB; /* default == /etc/srvtab */
-static char realm[REALM_SZ];
-static char master[] = "sms";
-static char service[] = "rcmd";
+#else
+#define KTEXT void*
+#include <mr_krb.h>
+#endif
+#include <krb5.h>
+#include <update.h>
+
+RCSID("$Header$");
-extern char *tkt_string(), *PrincipalHostname();
-static int initialized = 0;
+static char realm[REALM_SZ];
+static char master[INST_SZ] = "sms";
+static char service[ANAME_SZ] = "rcmd";
+#ifdef HAVE_KRB4
+des_cblock session;
+#endif
+krb5_context context = NULL;
-#define init() { if (!initialized) { get_krbrlm(realm,0); initialized=1; }}
+static int get_mr_krb5_tgt(krb5_context context, krb5_ccache ccache);
+#ifdef HAVE_KRB4
+static int get_mr_tgt(void);
+#endif
-int
-get_sms_update_ticket(host, ticket)
- char *host;
- KTEXT ticket;
+int get_mr_krb5_update_ticket(char *host, krb5_data *auth)
{
- register int code;
- register int pass;
- char phost[BUFSIZ];
+ krb5_auth_context auth_con = NULL;
+ krb5_ccache ccache = NULL;
+ krb5_error_code code;
+ int pass = 1;
+
+ code = krb5_init_context(&context);
+ if (code)
+ goto out;
+
+ code = krb5_auth_con_init(context, &auth_con);
+ if (code)
+ goto out;
+
+ code = krb5_cc_default(context, &ccache);
+ if (code)
+ goto out;
- pass = 1;
- init();
- strcpy(phost, PrincipalHostname(host));
try_it:
- code = mk_ap_req(ticket, service, phost, realm, (long)0);
- if (pass == 1) {
- /* maybe we're taking too long? */
- if ((code = get_sms_tgt()) != 0) {
- /* don't need phost buffer any more */
- sprintf(phost, "%s: can't get Kerberos TGT",
- error_message(code));
- sms_log_error(phost);
- return(code);
- }
- pass++;
- goto try_it;
- }
- return(krb_err_frob(code));
+ code = krb5_mk_req(context, &auth_con, 0, "host", host, NULL, ccache,
+ auth);
+ if (code)
+ {
+ if (pass == 1)
+ {
+ if ((code = get_mr_krb5_tgt(context, ccache)))
+ {
+ com_err(whoami, code, "can't get Kerberos v5 TGT");
+ return code;
+ }
+ pass++;
+ goto try_it;
+ }
+ com_err(whoami, code, "in krb5_mk_req");
+ }
+
+ out:
+ if (ccache)
+ krb5_cc_close(context, ccache);
+ if (auth_con)
+ krb5_auth_con_free(context, auth_con);
+ return code;
}
-int
-get_sms_tgt()
+int get_mr_krb5_tgt(krb5_context context, krb5_ccache ccache)
{
- register int code;
- init();
- code = get_svc_in_tkt(master, "", realm, "krbtgt", realm, 1, srvtab);
- if (!code)
- return(0);
- else
- return(krb_err_frob(code));
+ krb5_creds my_creds;
+ krb5_principal me = NULL;
+ krb5_error_code code;
+
+ memset(&my_creds, 0, sizeof(my_creds));
+
+ code = krb5_parse_name(context, master, &me);
+ if (code)
+ goto out;
+
+ code = krb5_get_init_creds_keytab(context, &my_creds, me, NULL, NULL, NULL, NULL);
+ if (code)
+ goto out;
+
+ code = krb5_cc_initialize(context, ccache, me);
+ if (code)
+ goto out;
+
+ code = krb5_cc_store_cred(context, ccache, &my_creds);
+ if (code)
+ goto out;
+
+ out:
+ if (me)
+ krb5_free_principal(context, me);
+ krb5_free_cred_contents(context, &my_creds);
+
+ return code;
+}
+
+int get_mr_update_ticket(char *host, KTEXT ticket)
+{
+#ifdef HAVE_KRB4
+ int code, pass;
+ char phost[BUFSIZ];
+ CREDENTIALS cr;
+
+ pass = 1;
+ if (krb_get_lrealm(realm, 1))
+ strcpy(realm, KRB_REALM);
+ strcpy(phost, (char *)krb_get_phost(host));
+
+try_it:
+ code = krb_mk_req(ticket, service, phost, realm, (long)0);
+ if (code)
+ {
+ if (pass == 1)
+ {
+ /* maybe we're taking too long? */
+ if ((code = get_mr_tgt()))
+ {
+ com_err(whoami, code, "can't get Kerberos TGT");
+ return code;
+ }
+ pass++;
+ goto try_it;
+ }
+ code += ERROR_TABLE_BASE_krb;
+ com_err(whoami, code, "in krb_mk_req");
+ }
+ else
+ {
+ code = krb_get_cred(service, phost, realm, &cr);
+ if (code)
+ code += ERROR_TABLE_BASE_krb;
+ memcpy(session, cr.session, sizeof(session));
+ }
+ return code;
+#else
+ return MR_NO_KRB4;
+#endif
+}
+
+#ifdef HAVE_KRB4
+static int get_mr_tgt(void)
+{
+ int code;
+ char linst[INST_SZ], kinst[INST_SZ];
+
+ linst[0] = '\0';
+ strcpy(kinst, "krbtgt");
+ code = krb_get_svc_in_tkt(master, linst, realm, kinst, realm,
+ DEFAULT_TKT_LIFE, KEYFILE);
+ if (!code)
+ return 0;
+ else
+ return code + ERROR_TABLE_BASE_krb;
}
+#endif