-/*
- * $Source$
- * $Author$
- * $Header$
+/* $Id$
*
- * Copyright (C) 1987 by the Massachusetts Institute of Technology
+ * Handles the client side of the sending of authenticators to the moira server
*
- * $Log$
- * Revision 1.2 1987-05-31 22:03:23 wesommer
- * It's working better.
- *
- * Revision 1.1 87/05/20 03:11:18 wesommer
- * Initial revision
- *
- *
- * Handles the client side of the sending of authenticators to
- * the sms server.
+ * Copyright (C) 1987-1998 by the Massachusetts Institute of Technology
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
*/
-#ifndef lint
-static char *rcsid_sms_auth_c = "$Header$";
-#endif lint
+#include <mit-copyright.h>
+#include <moira.h>
+#include "mr_private.h"
+
+#include <ctype.h>
+#include <stdio.h>
+#include <string.h>
-#include "sms_private.h"
+#ifdef HAVE_KRB4
#include <krb.h>
+#endif
+#include <krb5.h>
+
+krb5_context context = NULL;
+krb5_auth_context auth_con = NULL;
+
+RCSID("$Header$");
+
+/* Authenticate this client with the Moira server. prog is the name of the
+ * client program, and will be recorded in the database.
+ */
+
+int mr_auth(char *prog)
+{
+#ifdef HAVE_KRB4
+ int status;
+ mr_params params, reply;
+ char *args[2];
+ int argl[2];
+ char realm[REALM_SZ], host[BUFSIZ], *p;
+ KTEXT_ST auth;
+
+ CHECK_CONNECTED;
+
+ if ((status = mr_host(host, sizeof(host) - 1)))
+ return status;
+
+ strcpy(realm, krb_realmofhost(host));
+ for (p = host; *p && *p != '.'; p++)
+ {
+ if (isupper(*p))
+ *p = tolower(*p);
+ }
+ *p = '\0';
+
+ status = krb_mk_req(&auth, MOIRA_SNAME, host, realm, 0);
+ if (status != KSUCCESS)
+ {
+ status += ERROR_TABLE_BASE_krb;
+ return status;
+ }
+ params.u.mr_procno = MR_AUTH;
+ params.mr_argc = 2;
+ params.mr_argv = args;
+ params.mr_argl = argl;
+ params.mr_argv[0] = (char *)auth.dat;
+ params.mr_argl[0] = auth.length;
+ params.mr_argv[1] = prog;
+ params.mr_argl[1] = strlen(prog) + 1;
+
+ if ((status = mr_do_call(¶ms, &reply)) == MR_SUCCESS)
+ status = reply.u.mr_status;
+
+ mr_destroy_reply(reply);
+
+ return status;
+#else
+ return MR_NO_KRB4;
+#endif
+}
+
+int mr_proxy(char *principal, char *orig_authtype)
+{
+ int status;
+ mr_params params, reply;
+ char *args[2];
+
+ CHECK_CONNECTED;
+
+ params.u.mr_procno = MR_PROXY;
+ params.mr_argc = 2;
+ params.mr_argv = args;
+ params.mr_argv[0] = principal;
+ params.mr_argv[1] = orig_authtype;
+ params.mr_argl = NULL;
-extern int krb_err_base;
+ if ((status = mr_do_call(¶ms, &reply)) == MR_SUCCESS)
+ status = reply.u.mr_status;
-int sms_auth()
+ mr_destroy_reply(reply);
+
+ return status;
+}
+
+int mr_krb5_auth(char *prog)
{
- int status;
- sms_params *params = NULL, *reply = NULL;
- KTEXT_ST auth;
-
- if (!_sms_conn) {
- return SMS_NOT_CONNECTED;
- }
-
- /*
- * Build a Kerberos authenticator.
- */
-
- status = mk_ap_req(&auth, "sms", "sms", "ATHENA.MIT.EDU", 0);
- if (status != KSUCCESS) {
- status += krb_err_base;
- goto punt;
- }
- params = (struct sms_params *) malloc(sizeof(*params));
- params->sms_procno = SMS_AUTH;
- params->sms_argc = 1;
-
- params->sms_argv = (char **)malloc(sizeof(char *) * 2);
- params->sms_argl = (int *)malloc(sizeof(int) * 2);
- params->sms_argv[0] = (char *)auth.dat;
- params->sms_argl[0] = auth.length;
- params->sms_argv[1] = NULL;
- params->sms_argl[1] = 0;
-
- if ((status = sms_do_call(params, &reply)) || (status = reply->sms_status))
- goto punt;
-punt:
- sms_destroy_reply(reply);
-ok:
- if(params) {
- if(params->sms_argv)
- free(params->sms_argv);
- if(params->sms_argl)
- free(params->sms_argl);
- free(params);
- }
- return status;
+ mr_params params, reply;
+ char host[BUFSIZ], *p;
+ char *args[2];
+ int argl[2];
+ krb5_ccache ccache = NULL;
+ krb5_data auth;
+ krb5_error_code problem = 0;
+
+ CHECK_CONNECTED;
+
+ memset(&auth, 0, sizeof(auth));
+
+ if ((problem = mr_host(host, sizeof(host) - 1)))
+ return problem;
+
+ if (!context)
+ {
+ problem = krb5_init_context(&context);
+ if (problem)
+ goto out;
+ }
+
+ problem = krb5_auth_con_init(context, &auth_con);
+ if (problem)
+ goto out;
+
+ problem = krb5_cc_default(context, &ccache);
+ if (problem)
+ goto out;
+
+ problem = krb5_mk_req(context, &auth_con, 0, MOIRA_SNAME, host, NULL,
+ ccache, &auth);
+ if (problem)
+ goto out;
+
+ params.u.mr_procno = MR_KRB5_AUTH;
+ params.mr_argc = 2;
+ params.mr_argv = args;
+ params.mr_argl = argl;
+ params.mr_argv[0] = (char *)auth.data;
+ params.mr_argl[0] = auth.length;
+ params.mr_argv[1] = prog;
+ params.mr_argl[1] = strlen(prog) + 1;
+
+ if ((problem = mr_do_call(¶ms, &reply)) == MR_SUCCESS)
+ problem = reply.u.mr_status;
+
+ mr_destroy_reply(reply);
+
+ out:
+ if (ccache)
+ krb5_cc_close(context, ccache);
+ krb5_free_data_contents(context, &auth);
+ if (auth_con)
+ krb5_auth_con_free(context, auth_con);
+ auth_con = NULL;
+
+ return problem;
}
+