add prefix to subnet table & queries

[moira.git] / update / auth_001.c

diff --git a/update/auth_001.c b/update/auth_001.c
index c3c1684288fe1036f58686b50ab2c18e97e439a4..9ff2bf6bc9850fe23da3769244feb3e6b0d62f8d 100644 (file)
--- a/update/auth_001.c
+++ b/update/auth_001.c
@@ -12,12 +12,15 @@ static char *rcsid_auth_001_c = "$Header$";
 
 #include <mit-copyright.h>
 #include <stdio.h>
-#include <strings.h>
+#include <string.h>
 #include <gdb.h>
-#include "kludge.h"
 #include <krb.h>
+#include <krb_et.h>
 #include <netinet/in.h>
 #include <errno.h>
+#ifdef POSIX
+#include <sys/utsname.h>
+#endif
 
 extern char buf[BUFSIZ];
 extern int have_authorization;
@@ -28,6 +31,7 @@ extern char *PrincipalHostname();
 static char service[] = "rcmd";
 static char master[] = "sms";
 static char qmark[] = "???";
+C_Block session;
 
 /*
  * authentication request auth_001:
@@ -44,10 +48,14 @@ auth_001(str)
      char *str;
 {
     STRING data;
-    char host[BUFSIZ];
+    char host[BUFSIZ], realm[REALM_SZ];
+    char aname[ANAME_SZ], ainst[INST_SZ], arealm[REALM_SZ];
     AUTH_DAT ad;
-    char realm[REALM_SZ];
+    char *p, *first, *config_lookup();
     KTEXT_ST ticket_st;
+#ifdef POSIX
+    struct utsname name;
+#endif
 
     if (send_ok())
        lose("sending okay for authorization (auth_001)");
@@ -56,32 +64,56 @@ auth_001(str)
        code = connection_errno(conn);
        lose("awaiting Kerberos authenticators");
     }
-    gethostname(host, BUFSIZ);
+#ifdef POSIX
+    (void) uname(&name);
+    strncpy(host, name.nodename, sizeof(host));
+#else
+    gethostname(host, sizeof(host));
+#endif
     ticket_st.mbz = 0;
     ticket_st.length = MAX_STRING_SIZE(data);
-    bcopy(STRING_DATA(data), ticket_st.dat, MAX_STRING_SIZE(data));
+    memcpy(ticket_st.dat, STRING_DATA(data), MAX_STRING_SIZE(data));
     code = krb_rd_req(&ticket_st, service,
-                    PrincipalHostname(host), 0,
-                    &ad, KEYFILE);
+                     krb_get_phost(host), 0,
+                     &ad, KEYFILE);
     if (code) {
-       code = krb_err_frob(code);
+       code += ERROR_TABLE_BASE_krb;
        strcpy(ad.pname, qmark);
        strcpy(ad.pinst, qmark);
        strcpy(ad.prealm, qmark);
        goto auth_failed;
     }
-    if (krb_get_lrealm(realm,1))
-       strcpy(realm, KRB_REALM);
+
+    /* If there is an auth record in the config file matching the
+     * authenticator we received, then accept it.  If there's no
+     * auth record, assume [master]@[local realm].
+     */
+    if (first = p = config_lookup("auth")) {
+       do {
+           kname_parse(aname, ainst, arealm, p);
+           if (strcmp(aname, ad.pname) ||
+               strcmp(ainst, ad.pinst) ||
+               strcmp(arealm, ad.prealm))
+             p = config_lookup("auth");
+           else
+             p = first;
+       } while (p != first);
+    } else {
+       strcpy(aname, master);
+       strcpy(ainst, "");
+       if (krb_get_lrealm(arealm,1))
+         strcpy(arealm, KRB_REALM);
+    }
     code = EPERM;
-    if (strcmp(master, ad.pname))
-       goto auth_failed;
-    if (ad.pinst[0] != '\0')
-       goto auth_failed;
-    if (strcmp(realm, ad.prealm))
-       goto auth_failed;
+    if (strcmp(aname, ad.pname) ||
+       strcmp(ainst, ad.pinst) ||
+       strcmp(arealm, ad.prealm))
+      goto auth_failed;
     if (send_ok())
        lose("sending approval of authorization");
     have_authorization = 1;
+    /* Stash away session key */
+    memcpy(session, ad.session, sizeof(session));
     return(0);
 auth_failed:
     sprintf(buf, "auth for %s.%s@%s failed: %s",