diff options
Diffstat (limited to 'crypto/kerberosIV/lib/krb/kntoln.c')
-rw-r--r-- | crypto/kerberosIV/lib/krb/kntoln.c | 180 |
1 files changed, 180 insertions, 0 deletions
diff --git a/crypto/kerberosIV/lib/krb/kntoln.c b/crypto/kerberosIV/lib/krb/kntoln.c new file mode 100644 index 0000000..88b8b25 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/kntoln.c @@ -0,0 +1,180 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * krb_kntoln converts an auth name into a local name by looking up + * the auth name in the /etc/aname file. The format of the aname + * file is: + * + * +-----+-----+-----+-----+------+----------+-------+-------+ + * | anl | inl | rll | lnl | name | instance | realm | lname | + * +-----+-----+-----+-----+------+----------+-------+-------+ + * | 1by | 1by | 1by | 1by | name | instance | realm | lname | + * +-----+-----+-----+-----+------+----------+-------+-------+ + * + * If the /etc/aname file can not be opened it will set the + * local name to the auth name. Thus, in this case it performs as + * the identity function. + * + * The name instance and realm are passed to krb_kntoln through + * the AUTH_DAT structure (ad). + * + * Now here's what it *really* does: + * + * Given a Kerberos name in an AUTH_DAT structure, check that the + * instance is null, and that the realm is the same as the local + * realm, and return the principal's name in "lname". Return + * KSUCCESS if all goes well, otherwise KFAILURE. + */ + +#include "krb_locl.h" + +RCSID("$Id: kntoln.c,v 1.7 1997/03/23 03:53:12 joda Exp $"); + +int +krb_kntoln(AUTH_DAT *ad, char *lname) +{ + static char lrealm[REALM_SZ] = ""; + + if (!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) + return(KFAILURE); + + if (strcmp(ad->pinst, "")) + return(KFAILURE); + if (strcmp(ad->prealm, lrealm)) + return(KFAILURE); + strcpy(lname, ad->pname); + return(KSUCCESS); +} + +#if 0 +/* Posted to usenet by "Derrick J. Brashear" <shadow+@andrew.cmu.edu> */ + +#include <krb.h> +#include <ndbm.h> +#include <stdio.h> +#include <sys/file.h> +#include <strings.h> +#include <sys/syslog.h> +#include <sys/errno.h> + +extern int errno; +/* + * antoln converts an authentication name into a local name by looking up + * the authentication name in the /etc/aname dbm database. + * + * If the /etc/aname file can not be opened it will set the + * local name to the principal name. Thus, in this case it performs as + * the identity function. + * + * The name instance and realm are passed to antoln through + * the AUTH_DAT structure (ad). + */ + +static char lrealm[REALM_SZ] = ""; + +an_to_ln(ad,lname) +AUTH_DAT *ad; +char *lname; +{ + static DBM *aname = NULL; + char keyname[ANAME_SZ+INST_SZ+REALM_SZ+2]; + + if(!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) + return(KFAILURE); + + if((strcmp(ad->pinst,"") && strcmp(ad->pinst,"root")) || +strcmp(ad->prealm,lrealm)) { + datum val; + datum key; + /* + * Non-local name (or) non-null and non-root instance. + * Look up in dbm file. + */ + if (!aname) { + if ((aname = dbm_open("/etc/aname", O_RDONLY, 0)) + == NULL) return (KFAILURE); + } + /* Construct dbm lookup key. */ + an_to_a(ad, keyname); + key.dptr = keyname; + key.dsize = strlen(keyname)+1; + flock(dbm_dirfno(aname), LOCK_SH); + val = dbm_fetch(aname, key); + flock(dbm_dirfno(aname), LOCK_UN); + if (!val.dptr) { + dbm_close(aname); + return(KFAILURE); + } + /* Got it! */ + strcpy(lname,val.dptr); + return(KSUCCESS); + } else strcpy(lname,ad->pname); + return(KSUCCESS); +} + +an_to_a(ad, str) + AUTH_DAT *ad; + char *str; +{ + strcpy(str, ad->pname); + if(*ad->pinst) { + strcat(str, "."); + strcat(str, ad->pinst); + } + strcat(str, "@"); + strcat(str, ad->prealm); +} + +/* + * Parse a string of the form "user[.instance][@realm]" + * into a struct AUTH_DAT. + */ + +a_to_an(str, ad) + AUTH_DAT *ad; + char *str; +{ + char *buf = (char *)malloc(strlen(str)+1); + char *rlm, *inst, *princ; + + if(!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) { + free(buf); + return(KFAILURE); + } + /* destructive string hacking is more fun.. */ + strcpy(buf, str); + + if (rlm = index(buf, '@')) { + *rlm++ = '\0'; + } + if (inst = index(buf, '.')) { + *inst++ = '\0'; + } + strcpy(ad->pname, buf); + if(inst) strcpy(ad->pinst, inst); + else *ad->pinst = '\0'; + if (rlm) strcpy(ad->prealm, rlm); + else strcpy(ad->prealm, lrealm); + free(buf); + return(KSUCCESS); +} +#endif |