Get a krb5 TGT if we don't have one.

[moira.git] / update / ticket.c

diff --git a/update/ticket.c b/update/ticket.c
index 155fa9de4ad257b2c5d01863f6d9fd387dbfb547..91348fd9fb1961a08b92e83db805e95f6c02ea74 100644 (file)
--- a/update/ticket.c
+++ b/update/ticket.c
@@ -13,46 +13,118 @@
 #include <stdio.h>
 #include <string.h>
 
+#ifdef HAVE_KRB4
 #include <krb.h>
+#else
+#define KTEXT void*
+#endif
+#include <krb5.h>
 #include <update.h>
 
 RCSID("$Header$");
 
-extern char *whoami;
-
-/* too bad we can't set the pathname easily */
-static char *srvtab = KEYFILE; /* default == /etc/srvtab */
+#ifdef HAVE_KRB4
 static char realm[REALM_SZ];
 static char master[INST_SZ] = "sms";
 static char service[ANAME_SZ] = "rcmd";
-C_Block session;
+des_cblock session;
+#endif
+krb5_context context = NULL;
 
-int get_mr_tgt(void);
+static int get_mr_krb5_tgt(krb5_context context, krb5_ccache ccache);
+#ifdef HAVE_KRB4
+static int get_mr_tgt(void);
+#endif
 
-static void init(void)
+int get_mr_krb5_update_ticket(char *host, krb5_data *auth)
 {
-  static int initialized = 0;
+  krb5_auth_context auth_con = NULL;
+  krb5_ccache ccache = NULL;
+  krb5_error_code code;
+  int pass = 1;
+
+  code = krb5_init_context(&context);
+  if (code)
+    goto out;
+
+  code = krb5_auth_con_init(context, &auth_con);
+  if (code)
+    goto out;
+
+  code = krb5_cc_default(context, &ccache);
+  if (code)
+    goto out;
 
-  if (!initialized)
+ try_it:
+  code = krb5_mk_req(context, &auth_con, 0, "host", host, NULL, ccache,
+                    auth);
+  if (code)
     {
-      if (krb_get_lrealm(realm, 1))
-       strcpy(realm, KRB_REALM);
-      initialize_krb_error_table();
-      initialized = 1;
+      if (pass == 1)
+       {
+         if ((code = get_mr_krb5_tgt(context, ccache)))
+           {
+             com_err(whoami, code, "can't get Kerberos v5 TGT");
+             return code;
+           }
+         pass++;
+         goto try_it;
+       }
+      com_err(whoami, code, "in krb5_mk_req");
     }
+
+ out:
+  if (ccache)
+    krb5_cc_close(context, ccache);
+  if (auth_con)
+    krb5_auth_con_free(context, auth_con);
+  return code;
 }
 
+int get_mr_krb5_tgt(krb5_context context, krb5_ccache ccache)
+{
+  krb5_creds my_creds;
+  krb5_principal me = NULL;
+  krb5_error_code code;
+
+  memset(&my_creds, 0, sizeof(my_creds));
+
+  code = krb5_parse_name(context, master, &me);
+  if (code)
+    goto out;
+  
+  code = krb5_get_init_creds_keytab(context, &my_creds, me, NULL, NULL, NULL, NULL);
+  if (code)
+    goto out;
+  
+  code = krb5_cc_initialize(context, ccache, me);
+  if (code)
+    goto out;
+
+  code = krb5_cc_store_cred(context, ccache, &my_creds);
+  if (code)
+    goto out;
+
+ out:
+  if (me)
+    krb5_free_principal(context, me);
+  krb5_free_cred_contents(context, &my_creds);
+
+  return code;
+}
 
 int get_mr_update_ticket(char *host, KTEXT ticket)
 {
-  int code;
-  int pass;
+#ifdef HAVE_KRB4
+  int code, pass;
   char phost[BUFSIZ];
   CREDENTIALS cr;
 
   pass = 1;
-  init();
+  if (krb_get_lrealm(realm, 1))
+    strcpy(realm, KRB_REALM);
   strcpy(phost, (char *)krb_get_phost(host));
+
 try_it:
   code = krb_mk_req(ticket, service, phost, realm, (long)0);
   if (code)
@@ -79,20 +151,24 @@ try_it:
       memcpy(session, cr.session, sizeof(session));
     }
   return code;
+#else
+  return MR_NO_KRB4;
+#endif
 }
 
-int get_mr_tgt(void)
+#ifdef HAVE_KRB4
+static int get_mr_tgt(void)
 {
   int code;
   char linst[INST_SZ], kinst[INST_SZ];
 
-  init();
   linst[0] = '\0';
   strcpy(kinst, "krbtgt");
   code = krb_get_svc_in_tkt(master, linst, realm, kinst, realm,
-                           DEFAULT_TKT_LIFE, srvtab);
+                           DEFAULT_TKT_LIFE, KEYFILE);
   if (!code)
     return 0;
   else
     return code + ERROR_TABLE_BASE_krb;
 }
+#endif