source: trunk/third/moira/update/ticket.c @ 24319

Revision 24319, 3.5 KB checked in by broder, 15 years ago (diff)
New Moira snapshot from SVN.
RevLine 
[24319]1/* $Id: ticket.c 3956 2010-01-05 20:56:56Z zacheiss $
[23095]2 *
3 * Copyright (C) 1988-1998 by the Massachusetts Institute of Technology.
4 * For copying and distribution information, please see the file
5 * <mit-copyright.h>.
6 */
7
8#include <mit-copyright.h>
9#include <moira.h>
10
11#include <sys/stat.h>
12
13#include <stdio.h>
14#include <string.h>
15
[23882]16#ifdef HAVE_KRB4
[23095]17#include <krb.h>
[23882]18#else
19#define KTEXT void*
[24191]20#include <mr_krb.h>
[23882]21#endif
[23095]22#include <krb5.h>
23#include <update.h>
24
[24319]25RCSID("$HeadURL: svn+ssh://svn.mit.edu/moira/trunk/moira/update/ticket.c $ $Id: ticket.c 3956 2010-01-05 20:56:56Z zacheiss $");
[23095]26
27static char realm[REALM_SZ];
28static char master[INST_SZ] = "sms";
29static char service[ANAME_SZ] = "rcmd";
[24191]30#ifdef HAVE_KRB4
[23095]31des_cblock session;
[23882]32#endif
[23095]33krb5_context context = NULL;
34
[24017]35static int get_mr_krb5_tgt(krb5_context context, krb5_ccache ccache);
[23882]36#ifdef HAVE_KRB4
[23095]37static int get_mr_tgt(void);
[23882]38#endif
[23095]39
[23932]40int get_mr_krb5_update_ticket(char *host, krb5_data *auth)
[23095]41{
42  krb5_auth_context auth_con = NULL;
43  krb5_ccache ccache = NULL;
44  krb5_error_code code;
[24017]45  int pass = 1;
[23095]46
47  code = krb5_init_context(&context);
48  if (code)
49    goto out;
50
51  code = krb5_auth_con_init(context, &auth_con);
52  if (code)
53    goto out;
54
55  code = krb5_cc_default(context, &ccache);
56  if (code)
57    goto out;
58
[24017]59 try_it:
[23095]60  code = krb5_mk_req(context, &auth_con, 0, "host", host, NULL, ccache,
[23932]61                     auth);
[24017]62  if (code)
63    {
64      if (pass == 1)
65        {
66          if ((code = get_mr_krb5_tgt(context, ccache)))
67            {
68              com_err(whoami, code, "can't get Kerberos v5 TGT");
69              return code;
70            }
71          pass++;
72          goto try_it;
73        }
74      com_err(whoami, code, "in krb5_mk_req");
75    }
[23095]76
77 out:
78  if (ccache)
79    krb5_cc_close(context, ccache);
80  if (auth_con)
81    krb5_auth_con_free(context, auth_con);
82  return code;
83}
84
[24017]85int get_mr_krb5_tgt(krb5_context context, krb5_ccache ccache)
86{
87  krb5_creds my_creds;
88  krb5_principal me = NULL;
89  krb5_error_code code;
90
91  memset(&my_creds, 0, sizeof(my_creds));
92
93  code = krb5_parse_name(context, master, &me);
94  if (code)
95    goto out;
96 
[24250]97  code = krb5_get_init_creds_keytab(context, &my_creds, me, NULL, 0, NULL, NULL);
[24017]98  if (code)
99    goto out;
100 
101  code = krb5_cc_initialize(context, ccache, me);
102  if (code)
103    goto out;
104
105  code = krb5_cc_store_cred(context, ccache, &my_creds);
106  if (code)
107    goto out;
108
109 out:
110  if (me)
111    krb5_free_principal(context, me);
112  krb5_free_cred_contents(context, &my_creds);
113
114  return code;
115}
116
[23095]117int get_mr_update_ticket(char *host, KTEXT ticket)
118{
[23882]119#ifdef HAVE_KRB4
[23095]120  int code, pass;
121  char phost[BUFSIZ];
122  CREDENTIALS cr;
123
124  pass = 1;
125  if (krb_get_lrealm(realm, 1))
126    strcpy(realm, KRB_REALM);
127  strcpy(phost, (char *)krb_get_phost(host));
128
129try_it:
130  code = krb_mk_req(ticket, service, phost, realm, (long)0);
131  if (code)
132    {
133      if (pass == 1)
134        {
135          /* maybe we're taking too long? */
136          if ((code = get_mr_tgt()))
137            {
138              com_err(whoami, code, "can't get Kerberos TGT");
139              return code;
140            }
141          pass++;
142          goto try_it;
143        }
144      code += ERROR_TABLE_BASE_krb;
145      com_err(whoami, code, "in krb_mk_req");
146    }
147  else
148    {
149      code = krb_get_cred(service, phost, realm, &cr);
150      if (code)
151        code += ERROR_TABLE_BASE_krb;
152      memcpy(session, cr.session, sizeof(session));
153    }
154  return code;
[23882]155#else
156  return MR_NO_KRB4;
157#endif
[23095]158}
159
[23882]160#ifdef HAVE_KRB4
[23095]161static int get_mr_tgt(void)
162{
163  int code;
164  char linst[INST_SZ], kinst[INST_SZ];
165
166  linst[0] = '\0';
167  strcpy(kinst, "krbtgt");
168  code = krb_get_svc_in_tkt(master, linst, realm, kinst, realm,
169                            DEFAULT_TKT_LIFE, KEYFILE);
170  if (!code)
171    return 0;
172  else
173    return code + ERROR_TABLE_BASE_krb;
174}
[23882]175#endif
Note: See TracBrowser for help on using the repository browser.