1/*
2 * Copyright (c) 1995 - 2001, 2003 Kungliga Tekniska H�gskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#include "kafs_locl.h"
35
36RCSID("$Id: afskrb.c 15342 2005-06-02 07:38:22Z lha $");
37
38#ifdef KRB4
39
40struct krb_kafs_data {
41    const char *realm;
42};
43
44static int
45get_cred(struct kafs_data *data, const char *name, const char *inst,
46	 const char *realm, uid_t uid, struct kafs_token *kt)
47{
48    CREDENTIALS c;
49    KTEXT_ST tkt;
50    int ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, &c);
51
52    if (ret) {
53	ret = krb_mk_req(&tkt, (char*)name, (char*)inst, (char*)realm, 0);
54	if (ret == KSUCCESS)
55	    ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, &c);
56    }
57    if (ret == 0)
58	ret = _kafs_v4_to_kt(&c, uid, kt);
59    return ret;
60}
61
62static int
63afslog_uid_int(struct kafs_data *data,
64	       const char *cell,
65	       const char *realm_hint,
66	       uid_t uid,
67	       const char *homedir)
68{
69    int ret;
70    struct kafs_token kt;
71    char name[ANAME_SZ];
72    char inst[INST_SZ];
73    char realm[REALM_SZ];
74
75    kt.ticket = NULL;
76
77    if (cell == 0 || cell[0] == 0)
78	return _kafs_afslog_all_local_cells (data, uid, homedir);
79
80    /* Extract realm from ticket file. */
81    ret = krb_get_tf_fullname(tkt_string(), name, inst, realm);
82    if (ret != KSUCCESS)
83	return ret;
84
85    kt.ticket = NULL;
86    ret = _kafs_get_cred(data, cell, realm_hint, realm, uid, &kt);
87
88    if (ret == 0) {
89	ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len);
90	free(kt.ticket);
91    }
92    return ret;
93}
94
95static char *
96get_realm(struct kafs_data *data, const char *host)
97{
98    char *r = krb_realmofhost(host);
99    if(r != NULL)
100	return strdup(r);
101    else
102	return NULL;
103}
104
105int
106krb_afslog_uid_home(const char *cell, const char *realm_hint, uid_t uid,
107		    const char *homedir)
108{
109    struct kafs_data kd;
110
111    kd.name = "krb4";
112    kd.afslog_uid = afslog_uid_int;
113    kd.get_cred = get_cred;
114    kd.get_realm = get_realm;
115    kd.data = 0;
116    return afslog_uid_int(&kd, cell, realm_hint, uid, homedir);
117}
118
119int
120krb_afslog_uid(const char *cell, const char *realm_hint, uid_t uid)
121{
122    return krb_afslog_uid_home(cell, realm_hint, uid, NULL);
123}
124
125int
126krb_afslog(const char *cell, const char *realm_hint)
127{
128    return krb_afslog_uid(cell, realm_hint, getuid());
129}
130
131int
132krb_afslog_home(const char *cell, const char *realm_hint, const char *homedir)
133{
134    return krb_afslog_uid_home(cell, realm_hint, getuid(), homedir);
135}
136
137/*
138 *
139 */
140
141int
142krb_realm_of_cell(const char *cell, char **realm)
143{
144    struct kafs_data kd;
145
146    kd.name = "krb4";
147    kd.get_realm = get_realm;
148    return _kafs_realm_of_cell(&kd, cell, realm);
149}
150
151int
152kafs_settoken(const char *cell, uid_t uid, CREDENTIALS *c)
153{
154    struct kafs_token kt;
155    int ret;
156
157    kt.ticket = NULL;
158
159    ret = _kafs_v4_to_kt(c, uid, &kt);
160    if (ret)
161	return ret;
162
163    if (kt.ct.EndTimestamp < time(NULL)) {
164	free(kt.ticket);
165	return 0;
166    }
167
168    ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len);
169    free(kt.ticket);
170    return ret;
171}
172
173#else /* KRB4 */
174
175#define KAFS_KRBET_KDC_SERVICE_EXP 39525378
176
177int
178krb_afslog_uid_home(const char *cell, const char *realm_hint, uid_t uid,
179		    const char *homedir)
180{
181    return KAFS_KRBET_KDC_SERVICE_EXP;
182}
183
184int
185krb_afslog_uid(const char *cell, const char *realm_hint, uid_t uid)
186{
187    return KAFS_KRBET_KDC_SERVICE_EXP;
188}
189
190int
191krb_afslog_home(const char *cell, const char *realm_hint, const char *homedir)
192{
193    return KAFS_KRBET_KDC_SERVICE_EXP;
194}
195
196int
197krb_afslog(const char *cell, const char *realm_hint)
198{
199    return KAFS_KRBET_KDC_SERVICE_EXP;
200}
201
202int
203krb_realm_of_cell(const char *cell, char **realm)
204{
205    *realm = NULL;
206    return KAFS_KRBET_KDC_SERVICE_EXP;
207}
208
209int kafs_settoken (const char*, uid_t, struct credentials *);
210
211int
212kafs_settoken(const char *cell, uid_t uid, struct credentials *c)
213{
214    return KAFS_KRBET_KDC_SERVICE_EXP;
215}
216
217#endif /* KRB4 */
218