![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to registerd.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / registerd|
Return to registerd.c CVS log | Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / registerd |
1.1 root 1:
2: /*
3: * Copyright (c) 1989 The Regents of the University of California.
4: * All rights reserved.
5: *
6: * Redistribution and use in source and binary forms are permitted
7: * provided that the above copyright notice and this paragraph are
8: * duplicated in all such forms and that any documentation,
9: * advertising materials, and other materials related to such
10: * distribution and use acknowledge that the software was developed
11: * by the University of California, Berkeley. The name of the
12: * University may not be used to endorse or promote products derived
13: * from this software without specific prior written permission.
14: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
15: * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
16: * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
17: */
18:
19: #ifndef lint
20: static char sccsid[] = "@(#)registerd.c 1.7 (Berkeley) 5/11/90";
21: #endif /* not lint */
22:
23: #include <sys/types.h>
24: #include <sys/time.h>
25: #include <sys/signal.h>
26: #include <sys/resource.h>
27: #include <sys/param.h>
28: #include <sys/file.h>
29: #include <netinet/in.h>
30: #include <stdio.h>
31: #include <syslog.h>
32: #include <kerberosIV/des.h>
33: #include <kerberosIV/krb.h>
34: #include <kerberosIV/krb_db.h>
35: #include "pathnames.h"
36: #include "register_proto.h"
37:
38: #define KBUFSIZ (sizeof(struct keyfile_data))
39: #define CRYPT 0x00
40: #define CLEAR 0x01
41:
42: char *progname;
43: struct sockaddr_in sin;
44: char msgbuf[BUFSIZ];
45:
46: int die();
47:
48: main(argc, argv)
49: char **argv;
50: {
51: int kf;
52: char keyfile[MAXPATHLEN];
53: static Key_schedule schedule;
54: u_char code;
55: char keybuf[KBUFSIZ];
56: int retval, sval;
57: struct keyfile_data *kfile;
58: static struct rlimit rl = { 0, 0 };
59:
60: openlog("registerd", LOG_PID, LOG_AUTH);
61:
62: progname = argv[0];
63:
64: signal(SIGHUP, SIG_IGN);
65: signal(SIGINT, SIG_IGN);
66: signal(SIGTSTP, SIG_IGN);
67: signal(SIGPIPE, die);
68: if (setrlimit(RLIMIT_CORE, &rl) < 0) {
69: syslog(LOG_ERR, "setrlimit: %m");
70: exit(1);
71: }
72:
73:
74: /* figure out who we are talking to */
75:
76: sval = sizeof(sin);
77: if (getpeername(0, (struct sockaddr *) &sin, &sval) < 0) {
78: syslog(LOG_ERR, "getpeername: %m");
79: exit(1);
80: }
81:
82: /* get encryption key */
83:
84: (void) sprintf(keyfile, "%s%s%s",
85: SERVER_KEYDIR,
86: CLIENT_KEYFILE,
87: inet_ntoa(sin.sin_addr));
88:
89: if ((kf = open(keyfile, O_RDONLY)) < 0) {
90: syslog(LOG_ERR,
91: "error opening Kerberos update keyfile (%s): %m", keyfile);
92: (void) sprintf(msgbuf,
93: "couldn't open session keyfile for your host");
94: send_packet(msgbuf, CLEAR);
95: exit(1);
96: }
97:
98: if (read(kf, keybuf, KBUFSIZ) != KBUFSIZ) {
99: syslog(LOG_ERR, "wrong read size of Kerberos update keyfile");
100: (void) sprintf(msgbuf,
101: "couldn't read session key from your host's keyfile");
102: send_packet(msgbuf, CLEAR);
103: exit(1);
104: }
105: (void) sprintf(msgbuf, GOTKEY_MSG);
106: send_packet(msgbuf, CLEAR);
107: kfile = (struct keyfile_data *) keybuf;
108: key_sched(kfile->kf_key, schedule);
109: des_set_key(kfile->kf_key, schedule);
110:
111: /* read the command code byte */
112:
113: if (des_read(0, &code, 1) == 1) {
114:
115: switch(code) {
116: case APPEND_DB:
117: retval = do_append();
118: break;
119: case ABORT:
120: cleanup();
121: close(0);
122: exit(0);
123: default:
124: retval = KFAILURE;
125: syslog(LOG_NOTICE,
126: "invalid command code on db update (0x%x)",
127: code);
128: }
129:
130: } else {
131: retval = KFAILURE;
132: syslog(LOG_ERR, "couldn't read command code on Kerberos update");
133: }
134:
135: code = (u_char) retval;
136: if (code != KSUCCESS) {
137: (void) sprintf(msgbuf, "%s", krb_err_txt[code]);
138: send_packet(msgbuf, CRYPT);
139: } else {
140: (void) sprintf(msgbuf, "Update complete.");
141: send_packet(msgbuf, CRYPT);
142: }
143: cleanup();
144: close(0);
145: exit(0);
146: }
147:
148: #define MAX_PRINCIPAL 10
149: static Principal principal_data[MAX_PRINCIPAL];
150: static C_Block key, master_key;
151: static Key_schedule master_key_schedule;
152: int
153: do_append()
154: {
155: Principal default_princ;
156: char input_name[ANAME_SZ];
157: char input_instance[INST_SZ];
158: int j,n, more;
159: long mkeyversion;
160:
161:
162:
163: /* get master key from MKEYFILE */
164: if (kdb_get_master_key(0, master_key, master_key_schedule) != 0) {
165: syslog(LOG_ERR, "couldn't get master key");
166: return(KFAILURE);
167: }
168:
169: mkeyversion = kdb_verify_master_key(master_key, master_key_schedule, NULL);
170: if (mkeyversion < 0) {
171: syslog(LOG_ERR, "couldn't validate master key");
172: return(KFAILURE);
173: }
174:
175: n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST,
176: &default_princ, 1, &more);
177:
178: if (n != 1) {
179: syslog(LOG_ERR, "couldn't get default principal");
180: return(KFAILURE);
181: }
182:
183: /*
184: * get principal name, instance, and password from network.
185: * convert password to key and store it
186: */
187:
188: if (net_get_principal(input_name, input_instance, key) != 0) {
189: return(KFAILURE);
190: }
191:
192:
193: j = kerb_get_principal(
194: input_name,
195: input_instance,
196: principal_data,
197: MAX_PRINCIPAL,
198: &more
199: );
200:
201: if (j != 0) {
202: /* already in database, no update */
203: syslog(LOG_NOTICE,
204: "attempt to add duplicate entry for principal %s.%s",
205: input_name, input_instance);
206: return(KDC_PR_N_UNIQUE);
207: }
208:
209: /*
210: * set up principal's name, instance
211: */
212:
213: strcpy(principal_data[0].name, input_name);
214: strcpy(principal_data[0].instance, input_instance);
215: principal_data[0].old = NULL;
216:
217:
218: /* and the expiration date and version #s */
219:
220: principal_data[0].exp_date = default_princ.exp_date;
221: strcpy(principal_data[0].exp_date_txt, default_princ.exp_date_txt);
222: principal_data[0].max_life = default_princ.max_life;
223: principal_data[0].attributes = default_princ.attributes;
224: principal_data[0].kdc_key_ver = default_princ.kdc_key_ver;
225:
226:
227: /* and the key */
228:
229: kdb_encrypt_key(key, key, master_key, master_key_schedule,
230: ENCRYPT);
231: bcopy(key, &principal_data[0].key_low, 4);
232: bcopy(((long *) key) + 1, &principal_data[0].key_high,4);
233: bzero(key, sizeof(key));
234:
235: principal_data[0].key_version = 1; /* 1st entry */
236:
237: /* and write it to the database */
238:
239: if (kerb_put_principal(&principal_data[0], 1)) {
240: syslog(LOG_INFO, "Kerberos update failure: put_principal failed");
241: return(KFAILURE);
242: }
243:
244: syslog(LOG_NOTICE, "Kerberos update: wrote new record for %s.%s from %s",
245: principal_data[0].name,
246: principal_data[0].instance,
247: inet_ntoa(sin.sin_addr)
248: );
249:
250: return(KSUCCESS);
251:
252: }
253:
254: send_packet(msg,flag)
255: char *msg;
256: int flag;
257: {
258: int len = strlen(msg);
259: msg[len++] = '\n';
260: msg[len] = '\0';
261: if (len > sizeof(msgbuf)) {
262: syslog(LOG_ERR, "send_packet: invalid msg size");
263: return;
264: }
265: if (flag == CRYPT) {
266: if (des_write(0, msg, len) != len)
267: syslog(LOG_ERR, "couldn't write reply message");
268: } else if (flag == CLEAR) {
269: if (write(0, msg, len) != len)
270: syslog(LOG_ERR, "couldn't write reply message");
271: } else
272: syslog(LOG_ERR, "send_packet: invalid flag (%d)", flag);
273:
274: }
275:
276: net_get_principal(pname, iname, keyp)
277: char *pname, *iname;
278: C_Block *keyp;
279: {
280: int cc;
281: static char password[255];
282:
283: cc = des_read(0, pname, ANAME_SZ);
284: if (cc != ANAME_SZ) {
285: syslog(LOG_ERR, "couldn't get principal name");
286: return(-1);
287: }
288:
289: cc = des_read(0, iname, INST_SZ);
290: if (cc != INST_SZ) {
291: syslog(LOG_ERR, "couldn't get instance name");
292: return(-1);
293: }
294:
295: cc = des_read(0, password, 255);
296: if (cc != 255) {
297: syslog(LOG_ERR, "couldn't get password");
298: bzero(password, 255);
299: return(-1);
300: }
301:
302: string_to_key(password, *keyp);
303: bzero(password, 255);
304: return(0);
305: }
306:
307: cleanup()
308: {
309: bzero(master_key, sizeof(master_key));
310: bzero(key, sizeof(key));
311: bzero(master_key_schedule, sizeof(master_key_schedule));
312: }
313:
314: die()
315: {
316: syslog(LOG_ERR, "remote end died (SIGPIPE)");
317: cleanup();
318: exit(1);
319: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.