#include <stdio.h>
#include <string.h>
+#ifdef HAVE_KRB4
#include <krb.h>
+#endif
+#include <krb5.h>
+
+krb5_context context = NULL;
+krb5_auth_context auth_con = NULL;
RCSID("$Header$");
int mr_auth(char *prog)
{
+#ifdef HAVE_KRB4
int status;
mr_params params, reply;
char *args[2];
mr_destroy_reply(reply);
return status;
+#else
+ return MR_NO_KRB4;
+#endif
}
int mr_proxy(char *principal, char *orig_authtype)
mr_params params, reply;
char *args[2];
+ CHECK_CONNECTED;
+
params.u.mr_procno = MR_PROXY;
params.mr_argc = 2;
params.mr_argv = args;
return status;
}
+
+int mr_krb5_auth(char *prog)
+{
+ mr_params params, reply;
+ char host[BUFSIZ], *p;
+ char *args[2];
+ int argl[2];
+ krb5_ccache ccache = NULL;
+ krb5_data auth;
+ krb5_error_code problem = 0;
+
+ CHECK_CONNECTED;
+
+ memset(&auth, 0, sizeof(auth));
+
+ if ((problem = mr_host(host, sizeof(host) - 1)))
+ return problem;
+
+ if (!context)
+ {
+ problem = krb5_init_context(&context);
+ if (problem)
+ goto out;
+ }
+
+ problem = krb5_auth_con_init(context, &auth_con);
+ if (problem)
+ goto out;
+
+ problem = krb5_cc_default(context, &ccache);
+ if (problem)
+ goto out;
+
+ problem = krb5_mk_req(context, &auth_con, 0, MOIRA_SNAME, host, NULL,
+ ccache, &auth);
+ if (problem)
+ goto out;
+
+ params.u.mr_procno = MR_KRB5_AUTH;
+ params.mr_argc = 2;
+ params.mr_argv = args;
+ params.mr_argl = argl;
+ params.mr_argv[0] = (char *)auth.data;
+ params.mr_argl[0] = auth.length;
+ params.mr_argv[1] = prog;
+ params.mr_argl[1] = strlen(prog) + 1;
+
+ if ((problem = mr_do_call(¶ms, &reply)) == MR_SUCCESS)
+ problem = reply.u.mr_status;
+
+ mr_destroy_reply(reply);
+
+ out:
+ if (ccache)
+ krb5_cc_close(context, ccache);
+ krb5_free_data_contents(context, &auth);
+ if (auth_con)
+ krb5_auth_con_free(context, auth_con);
+ auth_con = NULL;
+
+ return problem;
+}
+