[273] | 1 | /* |
---|
| 2 | * |
---|
[1934] | 3 | * Copyright (C) 1988, 1989 by the Massachusetts Institute of Technology |
---|
| 4 | * Developed by the MIT Student Information Processing Board (SIPB). |
---|
| 5 | * For copying information, see the file mit-copyright.h in this release. |
---|
| 6 | * |
---|
| 7 | */ |
---|
| 8 | /* |
---|
| 9 | * |
---|
[22658] | 10 | * $Id: auth_krb.c,v 1.13 2007-08-09 20:41:32 amb Exp $ |
---|
[341] | 11 | * |
---|
[22658] | 12 | * auth_krb () -- Authentication procedure for kerberos v5. This contains the |
---|
| 13 | * standard authentication for kerberos v5, and fallback code |
---|
| 14 | * for kerberos v4. |
---|
[273] | 15 | * |
---|
| 16 | */ |
---|
[341] | 17 | #ifndef lint |
---|
[1335] | 18 | static char *rcsid_auth_krb_c = |
---|
[22658] | 19 | "$Id: auth_krb.c,v 1.13 2007-08-09 20:41:32 amb Exp $"; |
---|
[12459] | 20 | #endif /* lint */ |
---|
[273] | 21 | |
---|
[12439] | 22 | #include <stdio.h> |
---|
[8855] | 23 | #include <string.h> |
---|
[273] | 24 | #include <ctype.h> |
---|
[23811] | 25 | #ifdef HAVE_KRB4 |
---|
[273] | 26 | #include "krb.h" |
---|
[23811] | 27 | #endif /* HAVE_KRB4 */ |
---|
[23807] | 28 | #ifdef HAVE_KRB5 |
---|
[22658] | 29 | #include "krb5.h" |
---|
[23807] | 30 | #endif /* HAVE_KRB5 */ |
---|
[23815] | 31 | #include "discuss_err.h" |
---|
[273] | 32 | |
---|
[6358] | 33 | char *local_host_name (); |
---|
[273] | 34 | |
---|
| 35 | /* |
---|
| 36 | * |
---|
| 37 | * get_authenticator () -- Interface routine to get an authenticator over |
---|
| 38 | * the net. Input is a service name (for kerberos, |
---|
| 39 | * this is in the form of service@REALM), optional |
---|
| 40 | * checksum. We return a pointer to the authenticator, |
---|
| 41 | * its length, and a standard error code. |
---|
| 42 | * |
---|
| 43 | */ |
---|
| 44 | get_authenticator (service_id, checksum, authp, authl, result) |
---|
| 45 | char *service_id; |
---|
| 46 | int checksum; |
---|
| 47 | char **authp; |
---|
| 48 | int *authl; |
---|
| 49 | int *result; |
---|
| 50 | { |
---|
[23807] | 51 | #ifdef HAVE_KRB5 |
---|
[22658] | 52 | get_authenticator_krb5(service_id, checksum, authp, authl, result); |
---|
[23811] | 53 | #elif HAVE_KRB4 |
---|
[22658] | 54 | get_authenticator_krb4(service_id, checksum, authp, authl, result); |
---|
[23811] | 55 | #else /* No Kerberos */ |
---|
[23815] | 56 | *authl = 0; |
---|
| 57 | *authp = NULL; |
---|
| 58 | *result = DISC_NO_KRB; |
---|
[23811] | 59 | #endif |
---|
[22658] | 60 | } |
---|
| 61 | |
---|
[23807] | 62 | #ifdef HAVE_KRB5 |
---|
[22658] | 63 | get_authenticator_krb5 (service_id, checksum, authp, authl, result) |
---|
| 64 | char *service_id; |
---|
| 65 | int checksum; |
---|
| 66 | char **authp; |
---|
| 67 | int *authl; |
---|
| 68 | int *result; |
---|
| 69 | { |
---|
[273] | 70 | char *realmp,*instancep; |
---|
[22658] | 71 | char serv [80]; |
---|
[273] | 72 | int rem; |
---|
[22658] | 73 | krb5_data packet, inbuf; |
---|
| 74 | krb5_ccache ccdef; |
---|
| 75 | krb5_context context; |
---|
| 76 | krb5_auth_context auth_context = NULL; |
---|
[273] | 77 | |
---|
[22658] | 78 | rem = krb5_init_context(&context); |
---|
| 79 | if (rem) { |
---|
| 80 | com_err("get_authenticator_krb5", rem, "while initializing krb5"); |
---|
| 81 | exit(1); |
---|
| 82 | } |
---|
[273] | 83 | |
---|
[24188] | 84 | #if !defined(__APPLE__) || !defined(__MACH__) |
---|
[23811] | 85 | initialize_krb5_error_table(); |
---|
[24188] | 86 | #endif |
---|
[273] | 87 | |
---|
[8855] | 88 | realmp = strchr (service_id, '@'); |
---|
[273] | 89 | if (realmp == NULL || realmp - service_id >= sizeof (serv)) { |
---|
| 90 | realmp = ""; |
---|
| 91 | strncpy (serv, service_id, sizeof (serv)); |
---|
| 92 | } else { |
---|
[8855] | 93 | memcpy (serv, service_id, realmp - service_id); /* copy to serv */ |
---|
[1335] | 94 | serv [realmp - service_id] = '\0'; |
---|
| 95 | realmp++; |
---|
[273] | 96 | } |
---|
| 97 | |
---|
| 98 | /* look for service instance */ |
---|
[22658] | 99 | instancep = strchr (serv, '/'); |
---|
[273] | 100 | if (instancep == NULL) { |
---|
[274] | 101 | instancep = ""; |
---|
[273] | 102 | } else { |
---|
| 103 | *instancep++ = '\0'; |
---|
| 104 | } |
---|
| 105 | |
---|
[22658] | 106 | inbuf.data = instancep; |
---|
| 107 | inbuf.length = strlen(instancep); |
---|
| 108 | |
---|
| 109 | rem = krb5_cc_default(context, &ccdef); |
---|
| 110 | if (rem) { |
---|
| 111 | com_err("get_authenticator_krb5", rem, "while getting default ccache"); |
---|
| 112 | exit(1); |
---|
| 113 | } |
---|
| 114 | |
---|
| 115 | rem = krb5_mk_req (context, &auth_context, 0, serv, instancep, &inbuf, |
---|
| 116 | ccdef, &packet); |
---|
| 117 | if (rem) { |
---|
| 118 | com_err("get_authenticator_krb5", rem, "while preparing AP_REQ"); |
---|
| 119 | *authl = 0; |
---|
| 120 | *authp = NULL; |
---|
| 121 | *result = rem; |
---|
| 122 | } else { |
---|
| 123 | *authl = packet.length; |
---|
| 124 | *authp = (char *)packet.data; |
---|
| 125 | *result = 0; |
---|
| 126 | } |
---|
| 127 | } |
---|
[23807] | 128 | #endif /* HAVE_KRB5 */ |
---|
[22658] | 129 | |
---|
[23811] | 130 | #ifdef HAVE_KRB4 |
---|
[22658] | 131 | get_authenticator_krb4 (service_id, checksum, authp, authl, result) |
---|
| 132 | char *service_id; |
---|
| 133 | int checksum; |
---|
| 134 | char **authp; |
---|
| 135 | int *authl; |
---|
| 136 | int *result; |
---|
| 137 | { |
---|
| 138 | char *realmp,*instancep; |
---|
| 139 | char serv [SNAME_SZ+INST_SZ]; |
---|
| 140 | int rem; |
---|
| 141 | |
---|
| 142 | static KTEXT_ST ticket; |
---|
| 143 | |
---|
[22864] | 144 | initialize_krb_error_table(); |
---|
[22658] | 145 | |
---|
| 146 | realmp = strchr (service_id, '@'); |
---|
| 147 | if (realmp == NULL || realmp - service_id >= sizeof (serv)) { |
---|
| 148 | realmp = ""; |
---|
| 149 | strncpy (serv, service_id, sizeof (serv)); |
---|
| 150 | } else { |
---|
| 151 | memcpy (serv, service_id, realmp - service_id); /* copy to serv */ |
---|
| 152 | serv [realmp - service_id] = '\0'; |
---|
| 153 | realmp++; |
---|
| 154 | } |
---|
| 155 | |
---|
| 156 | /* look for service instance */ |
---|
| 157 | instancep = strchr (serv, '.'); |
---|
| 158 | if (instancep == NULL) { |
---|
| 159 | instancep = ""; |
---|
| 160 | } else { |
---|
| 161 | *instancep++ = '\0'; |
---|
| 162 | } |
---|
| 163 | |
---|
[1335] | 164 | rem = krb_mk_req (&ticket, serv, instancep, realmp, checksum); |
---|
[273] | 165 | if (rem == KSUCCESS) { |
---|
[22658] | 166 | *authl = ticket.length; |
---|
| 167 | *authp = (char *) ticket.dat; |
---|
| 168 | *result = 0; |
---|
[273] | 169 | } else { |
---|
[22658] | 170 | *authl = 0; |
---|
| 171 | *authp = NULL; |
---|
[22864] | 172 | *result = rem + ERROR_TABLE_BASE_krb; |
---|
[273] | 173 | } |
---|
| 174 | } |
---|
[23811] | 175 | #endif /* HAVE_KRB4 */ |
---|