source: trunk/third/moira/lib/mr_auth.c @ 24250

Revision 24250, 3.5 KB checked in by broder, 14 years ago (diff)
New Moira snapshot from subversion. Sorry for the large diff - looks like all of the keywords changed in the SVN import process.
Line 
1/* $Id: mr_auth.c,v 1.29 2009-05-04 20:49:11 zacheiss Exp $
2 *
3 * Handles the client side of the sending of authenticators to the moira server
4 *
5 * Copyright (C) 1987-1998 by the Massachusetts Institute of Technology
6 * For copying and distribution information, please see the file
7 * <mit-copyright.h>.
8 */
9
10#include <mit-copyright.h>
11#include <moira.h>
12#include "mr_private.h"
13
14#include <ctype.h>
15#include <stdio.h>
16#include <string.h>
17
18#ifdef HAVE_KRB4
19#include <krb.h>
20#endif
21#include <krb5.h>
22
23krb5_context context = NULL;
24krb5_auth_context auth_con = NULL;
25
26RCSID("$Header: /afs/.athena.mit.edu/astaff/project/moiradev/repository/moira/lib/mr_auth.c,v 1.29 2009-05-04 20:49:11 zacheiss Exp $");
27
28/* Authenticate this client with the Moira server.  prog is the name of the
29 * client program, and will be recorded in the database.
30 */
31
32int mr_auth(char *prog)
33{
34#ifdef HAVE_KRB4
35  int status;
36  mr_params params, reply;
37  char *args[2];
38  int argl[2];
39  char realm[REALM_SZ], host[BUFSIZ], *p;
40  KTEXT_ST auth;
41
42  CHECK_CONNECTED;
43
44  if ((status = mr_host(host, sizeof(host) - 1)))
45    return status;
46
47  strcpy(realm, krb_realmofhost(host));
48  for (p = host; *p && *p != '.'; p++)
49    {
50      if (isupper(*p))
51        *p = tolower(*p);
52    }
53  *p = '\0';
54
55  status = krb_mk_req(&auth, MOIRA_SNAME, host, realm, 0);
56  if (status != KSUCCESS)
57    {
58      status += ERROR_TABLE_BASE_krb;
59      return status;
60    }
61  params.u.mr_procno = MR_AUTH;
62  params.mr_argc = 2;
63  params.mr_argv = args;
64  params.mr_argl = argl;
65  params.mr_argv[0] = (char *)auth.dat;
66  params.mr_argl[0] = auth.length;
67  params.mr_argv[1] = prog;
68  params.mr_argl[1] = strlen(prog) + 1;
69
70  if ((status = mr_do_call(&params, &reply)) == MR_SUCCESS)
71    status = reply.u.mr_status;
72
73  mr_destroy_reply(reply);
74
75  return status;
76#else
77  return MR_NO_KRB4;
78#endif
79}
80
81int mr_proxy(char *principal, char *orig_authtype)
82{
83  int status;
84  mr_params params, reply;
85  char *args[2];
86
87  CHECK_CONNECTED;
88
89  params.u.mr_procno = MR_PROXY;
90  params.mr_argc = 2;
91  params.mr_argv = args;
92  params.mr_argv[0] = principal;
93  params.mr_argv[1] = orig_authtype;
94  params.mr_argl = NULL;
95
96  if ((status = mr_do_call(&params, &reply)) == MR_SUCCESS)
97    status = reply.u.mr_status;
98
99  mr_destroy_reply(reply);
100
101  return status;
102}
103
104int mr_krb5_auth(char *prog)
105{
106  mr_params params, reply;
107  char host[BUFSIZ], *p;
108  char *args[2];
109  int argl[2];
110  krb5_ccache ccache = NULL;
111  krb5_data auth;
112  krb5_error_code problem = 0;
113
114  CHECK_CONNECTED;
115
116  memset(&auth, 0, sizeof(auth));
117
118  if ((problem = mr_host(host, sizeof(host) - 1)))
119    return problem;
120
121  if (!context)
122    {
123      problem = krb5_init_context(&context);
124      if (problem)
125        goto out;
126    }
127
128  problem = krb5_auth_con_init(context, &auth_con);
129  if (problem)
130    goto out;
131
132  problem = krb5_cc_default(context, &ccache);
133  if (problem)
134    goto out;
135
136  problem = krb5_mk_req(context, &auth_con, 0, MOIRA_SNAME, host, NULL,
137                       ccache, &auth);
138  if (problem)
139    goto out;
140
141  params.u.mr_procno = MR_KRB5_AUTH;
142  params.mr_argc = 2;
143  params.mr_argv = args;
144  params.mr_argl = argl;
145  params.mr_argv[0] = (char *)auth.data;
146  params.mr_argl[0] = auth.length;
147  params.mr_argv[1] = prog;
148  params.mr_argl[1] = strlen(prog) + 1;
149
150  if ((problem = mr_do_call(&params, &reply)) == MR_SUCCESS)
151    problem = reply.u.mr_status;
152
153  mr_destroy_reply(reply);
154
155 out:
156  if (ccache)
157    krb5_cc_close(context, ccache);
158  krb5_free_data_contents(context, &auth);
159  if (auth_con)
160    krb5_auth_con_free(context, auth_con);
161  auth_con = NULL;
162
163  return problem;
164}
165     
Note: See TracBrowser for help on using the repository browser.