Initial cut of krb5 support.

[moira.git] / lib / mr_auth.c

diff --git a/lib/mr_auth.c b/lib/mr_auth.c
index 06d38d36fae76858a7eb5d45d8aaa1d2ac673741..e0f805b68755855d8cfee4ce303edd99fa3756c8 100644 (file)
--- a/lib/mr_auth.c
+++ b/lib/mr_auth.c
@@ -16,6 +16,10 @@
 #include <string.h>
 
 #include <krb.h>
+#include <krb5.h>
+
+krb5_context context = NULL;
+krb5_auth_context auth_con = NULL;
 
 RCSID("$Header$");
 
@@ -88,3 +92,71 @@ int mr_proxy(char *principal, char *orig_authtype)
 
   return status;
 }
+
+int mr_krb5_auth(char *prog)
+{
+  int status;
+  mr_params params, reply;
+  char host[BUFSIZ], *p;
+  char *args[2];
+  int argl[2];
+  krb5_ccache ccache = NULL;
+  krb5_data auth;
+
+  CHECK_CONNECTED;
+
+  memset(&auth, 0, sizeof(auth));
+
+  if ((status = mr_host(host, sizeof(host) - 1)))
+    return status;
+
+  for (p = host; *p && *p != '.'; p++)
+    {
+      if (isupper(*p))
+       *p = tolower(*p);
+    }
+  *p = '\0';
+
+  if (!context)
+    status = krb5_init_context(&context);
+  if (status)
+    goto out;
+
+  status = krb5_auth_con_init(context, &auth_con);
+  if (status)
+    goto out;
+
+  status = krb5_cc_default(context, &ccache);
+  if (status)
+    goto out;
+
+  status = krb5_mk_req(context, &auth_con, NULL, MOIRA_SNAME, host, NULL, 
+                      ccache, &auth);
+  if (status)
+    goto out;
+
+  params.u.mr_procno = MR_KRB5_AUTH;
+  params.mr_argc = 2;
+  params.mr_argv = args;
+  params.mr_argl = argl;
+  params.mr_argv[0] = (char *)auth.data;
+  params.mr_argl[0] = auth.length;
+  params.mr_argv[1] = prog;
+  params.mr_argl[1] = strlen(prog) + 1;
+
+  if ((status = mr_do_call(&params, &reply)) == MR_SUCCESS)
+    status = reply.u.mr_status;
+
+  mr_destroy_reply(reply);
+
+ out:
+  if (ccache)
+    krb5_cc_close(context, ccache);
+  if (auth.data)
+    krb5_free_data_contents(context, &auth);
+  if (auth_con)
+    krb5_auth_con_free(context, auth_con);
+
+  return status;
+}
+