1/* $Id: kcglue_krb.c,v 1.4 2005/01/10 19:17:32 snsimon Exp $ 2 * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in 13 * the documentation and/or other materials provided with the 14 * distribution. 15 * 16 * 3. The name "Carnegie Mellon University" must not be used to 17 * endorse or promote products derived from this software without 18 * prior written permission. For permission or any other legal 19 * details, please contact 20 * Office of Technology Transfer 21 * Carnegie Mellon University 22 * 5000 Forbes Avenue 23 * Pittsburgh, PA 15213-3890 24 * (412) 268-4387, fax: (412) 268-7395 25 * tech-transfer@andrew.cmu.edu 26 * 27 * 4. Redistributions of any form whatsoever must retain the following 28 * acknowledgment: 29 * "This product includes software developed by Computing Services 30 * at Carnegie Mellon University (http://www.cmu.edu/computing/)." 31 * 32 * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO 33 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 34 * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE 35 * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 36 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 37 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 38 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 39 */ 40#include <stdlib.h> 41#include <string.h> 42#include <kcglue_krb.h> 43//#include "macKClientPublic.h" 44#include "KClient.h" 45 46#ifndef FALSE 47#define FALSE 0 48#endif 49#ifndef TRUE 50#define TRUE 1 51#endif 52 53#define SOME_KRB_ERR_NUMBER (70) 54#define MAX_KRB_ERRORS 256 55 56const char *krb_err_txt[MAX_KRB_ERRORS]={ 57 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 58 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 59 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 60 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 61 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 62 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 63 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 64 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 65 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 66 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 67 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 68 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 69 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 70 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 71 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 72 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 73 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 74 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 75 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 76 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 77 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 78 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 79 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 80 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 81 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 82 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 83 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 84 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 85 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 86 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 87 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", 88 "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err" 89}; 90 91 92/* 93 * given a service instance and realm, combine them to foo.bar@REALM 94 * return true upon success 95 */ 96static int implode_krb_user_info(char *dst,const char *service,const char *instance,const char *realm) 97{ 98 if(strlen(service)>=KCGLUE_ITEM_SIZE) 99 return FALSE; 100 if(strlen(instance)>=KCGLUE_ITEM_SIZE) 101 return FALSE; 102 if(strlen(realm)>=KCGLUE_ITEM_SIZE) 103 return FALSE; 104 strcpy(dst,service); 105 dst+=strlen(dst); 106 if(instance[0]!=0) { 107 *dst++='.'; 108 strcpy(dst,instance); 109 dst+=strlen(dst); 110 } 111 *dst++='@'; 112 strcpy(dst,realm); 113 return TRUE; 114} 115 116int kcglue_krb_mk_req(void *dat,int *len, const char *service, char *instance, char *realm, 117 long checksum, 118 void *des_key, 119 char *pname, 120 char *pinst) 121{ 122 char tkt_buf[KCGLUE_MAX_KTXT_LEN+20]; 123 char user_id[KCGLUE_MAX_K_STR_LEN+1]; 124 char dummy1[KCGLUE_MAX_K_STR_LEN+1], dummy2[KCGLUE_MAX_K_STR_LEN+1]; 125 KClientSession ses; 126 KClientPrincipal prin, srvp; 127 int have_session=FALSE; 128 int rc; 129 130 if(!implode_krb_user_info(user_id,service,instance,realm)) 131 return SOME_KRB_ERR_NUMBER; 132 133 rc=KClientNewClientSession(&ses/*,0,0,0,0*/ ); 134 if(rc!=0) 135 return SOME_KRB_ERR_NUMBER; 136 have_session=TRUE; 137 138 *len=sizeof(tkt_buf)-10; 139 //rc=KClientGetTicketForServiceFull(&ses,user_id,tkt_buf,len,checksum); 140 rc=KClientV4StringToPrincipal(user_id, &srvp); 141 if (rc==0) 142 rc=KClientSetServerPrincipal(ses,srvp); 143 if (rc==0) 144 rc=KClientGetTicketForService(ses,checksum,tkt_buf,len); 145 if(rc==0) { 146 memcpy(dat,tkt_buf/*+4*/,*len); /*kclient puts out a 4 byte length that mit doesnt*/ 147 rc=KClientGetSessionKey(ses,des_key); 148 } 149 if(rc==0) { 150// rc=KClientGetUserName(pname); 151 rc=KClientGetClientPrincipal(ses, &prin); 152 if (rc==0) { 153 rc=KClientPrincipalToV4Triplet(prin, pname, dummy1, dummy2); 154 KClientDisposePrincipal(prin); 155 } 156 } 157 *pinst=0; 158 if(have_session) 159 KClientDisposeSession(ses); 160 161 if(rc!=0) 162 return SOME_KRB_ERR_NUMBER; 163 return 0; 164} 165