-/*
- * $Source$
- * $Author$
- * $Header$
+/* $Id$
*
- * Copyright (C) 1987 by the Massachusetts Institute of Technology
+ * Handles the client side of the sending of authenticators to the moira server
*
- * $Log$
- * Revision 1.7 1988-06-21 13:46:05 mar
- * changed name of kerberos call
- *
- * Revision 1.6 88/06/01 15:31:53 mar
- * make auth do the right thing for version 2 of the protocol
- *
- * Revision 1.5 88/04/19 12:40:29 mar
- * pass version number on queries
- *
- * Revision 1.4 87/10/20 15:09:22 mar
- * replace hardcoded ATHENA realm with call to get_krbrlm();
- *
- * Revision 1.3 87/06/16 17:47:20 wesommer
- * Clean up memory allocation, indenting.
- *
- * Revision 1.2 87/05/31 22:03:23 wesommer
- * It's working better.
- *
- * Revision 1.1 87/05/20 03:11:18 wesommer
- * Initial revision
- *
- *
- * Handles the client side of the sending of authenticators to
- * the sms server.
+ * Copyright (C) 1987-1998 by the Massachusetts Institute of Technology
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
*/
-#ifndef lint
-static char *rcsid_sms_auth_c = "$Header$";
-#endif lint
+#include <mit-copyright.h>
+#include <moira.h>
+#include "mr_private.h"
+
+#include <ctype.h>
+#include <stdio.h>
+#include <string.h>
-#include "sms_private.h"
+#ifdef HAVE_KRB4
#include <krb.h>
+#endif
+#include <krb5.h>
-extern int krb_err_base;
+krb5_context context = NULL;
+krb5_auth_context auth_con = NULL;
-/* Authenticate this client with the SMS server. prog is the name of the
+RCSID("$Header$");
+
+/* Authenticate this client with the Moira server. prog is the name of the
* client program, and will be recorded in the database.
*/
-int sms_auth(prog)
-char *prog;
+int mr_auth(char *prog)
{
- register int status;
- sms_params params_st;
- char *args[2];
- int argl[2];
- char realm[REALM_SZ];
-
- register sms_params *params = ¶ms_st;
- sms_params *reply = NULL;
- KTEXT_ST auth;
-
- CHECK_CONNECTED;
-
- /*
- * Build a Kerberos authenticator.
- * The "service" and "instance" should not be hardcoded here.
- */
-
- if ((status = get_krbrlm(realm, 1)) != KSUCCESS) {
- return status;
- }
- status = krb_mk_req(&auth, "sms", "sms", realm, 0);
- if (status != KSUCCESS) {
- status += krb_err_base;
- return status;
- }
- params->sms_version_no = sending_version_no;
- params->sms_procno = SMS_AUTH;
- params->sms_argc = 2;
- params->sms_argv = args;
- params->sms_argl = argl;
- params->sms_argv[0] = (char *)auth.dat;
- params->sms_argl[0] = auth.length;
- params->sms_argv[1] = prog;
- params->sms_argl[1] = strlen(prog) + 1;
-
- if (sending_version_no == SMS_VERSION_1)
- params->sms_argc = 1;
-
- if ((status = sms_do_call(params, &reply)) == 0)
- status = reply->sms_status;
-
- sms_destroy_reply(reply);
+#ifdef HAVE_KRB4
+ int status;
+ mr_params params, reply;
+ char *args[2];
+ int argl[2];
+ char realm[REALM_SZ], host[BUFSIZ], *p;
+ KTEXT_ST auth;
+ CHECK_CONNECTED;
+
+ if ((status = mr_host(host, sizeof(host) - 1)))
return status;
+
+ strcpy(realm, krb_realmofhost(host));
+ for (p = host; *p && *p != '.'; p++)
+ {
+ if (isupper(*p))
+ *p = tolower(*p);
+ }
+ *p = '\0';
+
+ status = krb_mk_req(&auth, MOIRA_SNAME, host, realm, 0);
+ if (status != KSUCCESS)
+ {
+ status += ERROR_TABLE_BASE_krb;
+ return status;
+ }
+ params.u.mr_procno = MR_AUTH;
+ params.mr_argc = 2;
+ params.mr_argv = args;
+ params.mr_argl = argl;
+ params.mr_argv[0] = (char *)auth.dat;
+ params.mr_argl[0] = auth.length;
+ params.mr_argv[1] = prog;
+ params.mr_argl[1] = strlen(prog) + 1;
+
+ if ((status = mr_do_call(¶ms, &reply)) == MR_SUCCESS)
+ status = reply.u.mr_status;
+
+ mr_destroy_reply(reply);
+
+ return status;
+#else
+ return MR_NO_KRB4;
+#endif
}
-/*
- * Local Variables:
- * mode: c
- * c-indent-level: 4
- * c-continued-statement-offset: 4
- * c-brace-offset: -4
- * c-argdecl-indent: 4
- * c-label-offset: -4
- * End:
- */
+int mr_proxy(char *principal, char *orig_authtype)
+{
+ int status;
+ mr_params params, reply;
+ char *args[2];
+
+ CHECK_CONNECTED;
+
+ params.u.mr_procno = MR_PROXY;
+ params.mr_argc = 2;
+ params.mr_argv = args;
+ params.mr_argv[0] = principal;
+ params.mr_argv[1] = orig_authtype;
+ params.mr_argl = NULL;
+
+ if ((status = mr_do_call(¶ms, &reply)) == MR_SUCCESS)
+ status = reply.u.mr_status;
+
+ mr_destroy_reply(reply);
+
+ return status;
+}
+
+int mr_krb5_auth(char *prog)
+{
+ mr_params params, reply;
+ char host[BUFSIZ], *p;
+ char *args[2];
+ int argl[2];
+ krb5_ccache ccache = NULL;
+ krb5_data auth;
+ krb5_error_code problem = 0;
+
+ CHECK_CONNECTED;
+
+ memset(&auth, 0, sizeof(auth));
+
+ if ((problem = mr_host(host, sizeof(host) - 1)))
+ return problem;
+
+ if (!context)
+ {
+ problem = krb5_init_context(&context);
+ if (problem)
+ goto out;
+ }
+
+ problem = krb5_auth_con_init(context, &auth_con);
+ if (problem)
+ goto out;
+
+ problem = krb5_cc_default(context, &ccache);
+ if (problem)
+ goto out;
+
+ problem = krb5_mk_req(context, &auth_con, 0, MOIRA_SNAME, host, NULL,
+ ccache, &auth);
+ if (problem)
+ goto out;
+
+ params.u.mr_procno = MR_KRB5_AUTH;
+ params.mr_argc = 2;
+ params.mr_argv = args;
+ params.mr_argl = argl;
+ params.mr_argv[0] = (char *)auth.data;
+ params.mr_argl[0] = auth.length;
+ params.mr_argv[1] = prog;
+ params.mr_argl[1] = strlen(prog) + 1;
+
+ if ((problem = mr_do_call(¶ms, &reply)) == MR_SUCCESS)
+ problem = reply.u.mr_status;
+
+ mr_destroy_reply(reply);
+
+ out:
+ if (ccache)
+ krb5_cc_close(context, ccache);
+ krb5_free_data_contents(context, &auth);
+ if (auth_con)
+ krb5_auth_con_free(context, auth_con);
+ auth_con = NULL;
+
+ return problem;
+}
+
andersk / moira.git / blobdiff