-/*
- * $Source$
- * $Header$
+/* $Id$
+ *
+ * Copyright (C) 1988-1998 by the Massachusetts Institute of Technology.
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
*/
-/* (c) Copyright 1988 by the Massachusetts Institute of Technology. */
-/* For copying and distribution information, please see the file */
-/* <mit-copyright.h>. */
-
-#ifndef lint
-static char *rcsid_auth_002_c = "$Header$";
-#endif
#include <mit-copyright.h>
+#include <moira.h>
+#include "update_server.h"
+
+#include <sys/utsname.h>
+
+#include <errno.h>
#include <stdio.h>
#include <string.h>
-#include <gdb.h>
+
+#ifdef HAVE_KRB4
#include <krb.h>
-#include <krb_et.h>
-#include <netinet/in.h>
-#include <errno.h>
-#ifdef POSIX
-#include <sys/utsname.h>
#endif
-extern char buf[BUFSIZ];
-extern int have_authorization;
-extern struct sockaddr_in *client_address();
-extern CONNECTION conn;
-extern int code;
-extern char *PrincipalHostname();
+RCSID("$Header$");
+
static char service[] = "rcmd";
static char master[] = "sms";
static char qmark[] = "???";
-extern C_Block session;
+#ifdef HAVE_KRB4
+extern des_cblock session;
+#endif
/*
* authentication request auth_002:
*
*/
-int auth_002(char *str)
+void auth_002(int conn, char *str)
{
- STRING data;
- char realm[REALM_SZ];
+#ifdef HAVE_KRB4
char aname[ANAME_SZ], ainst[INST_SZ], arealm[REALM_SZ];
AUTH_DAT ad;
- char *p, *first, *config_lookup();
+ char *p, *first, *data;
+ size_t size;
KTEXT_ST ticket_st;
- struct utsname name;
des_key_schedule sched;
- C_Block nonce, nonce2;
+ des_cblock nonce, nonce2;
+ long code;
- if (send_ok())
- lose("sending okay for authorization (auth_002)");
- code = receive_object(conn, (char *)&data, STRING_T);
- if (code)
+ send_ok(conn);
+
+ recv_string(conn, &data, &size);
+ if (size > sizeof(ticket_st.dat))
{
- code = connection_errno(conn);
- lose("awaiting Kerberos authenticators");
+ code = KE_RD_AP_UNDEC;
+ com_err(whoami, code, ": authenticator too large");
+ send_int(conn, code);
+ return;
}
- uname(&name);
+ memcpy(ticket_st.dat, data, size);
+ free(data);
ticket_st.mbz = 0;
- ticket_st.length = MAX_STRING_SIZE(data);
- memcpy(ticket_st.dat, STRING_DATA(data), MAX_STRING_SIZE(data));
- code = krb_rd_req(&ticket_st, service, krb_get_phost(name.nodename), 0,
+ ticket_st.length = size;
+ code = krb_rd_req(&ticket_st, service, krb_get_phost(hostname), 0,
&ad, KEYFILE);
if (code)
{
* authenticator we received, then accept it. If there's no
* auth record, assume [master]@[local realm].
*/
- if (first = p = config_lookup("auth"))
+ if ((first = p = config_lookup("auth")))
{
do
{
strcmp(arealm, ad.prealm))
goto auth_failed;
- if (send_ok())
- lose("sending preliminary approval of authorization");
+ send_ok(conn);
/* replay protection */
des_random_key(&nonce);
- STRING_DATA(data) = (char *)nonce;
- MAX_STRING_SIZE(data) = 8;
- if (send_object(conn, (char *)&data, STRING_T))
- lose("sending nonce");
- code = receive_object(conn, (char *)&data, STRING_T);
- if (code)
- {
- code = connection_errno(conn);
- goto auth_failed;
- }
+ send_string(conn, (char *)nonce, sizeof(nonce));
+ recv_string(conn, &data, &size);
des_key_sched(ad.session, sched);
- des_ecb_encrypt(STRING_DATA(data), nonce2, sched, 0);
+ des_ecb_encrypt(data, nonce2, sched, 0);
+ free(data);
if (memcmp(nonce, nonce2, sizeof(nonce)))
goto auth_failed;
+ send_ok(conn);
- if (send_ok())
- lose("sending approval of authorization");
have_authorization = 1;
/* Stash away session key */
memcpy(session, ad.session, sizeof(session));
- return 0;
+ return;
+
auth_failed:
- sprintf(buf, "auth for %s.%s@%s failed: %s",
- ad.pname, ad.pinst, ad.prealm, error_message(code));
- {
- register int rc;
- rc = send_object(conn, (char *)&code, INTEGER_T);
- code = rc;
- }
- if (code)
- lose("sending rejection of authenticator");
- return EPERM;
+ com_err(whoami, code, "auth for %s.%s@%s failed",
+ ad.pname, ad.pinst, ad.prealm);
+ send_int(conn, code);
+#else
+ send_int(conn, MR_NO_KRB4);
+#endif
}