![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to kpasswdd.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / libexec / kpasswdd|
Return to kpasswdd.c CVS log | Up to [CSRG BSD Unix] / 43BSDReno / libexec / kpasswdd |
1.1 ! root 1: /* ! 2: * Copyright (c) 1989 The Regents of the University of California. ! 3: * All rights reserved. ! 4: * ! 5: * Redistribution and use in source and binary forms are permitted ! 6: * provided that the above copyright notice and this paragraph are ! 7: * duplicated in all such forms and that any documentation, ! 8: * advertising materials, and other materials related to such ! 9: * distribution and use acknowledge that the software was developed ! 10: * by the University of California, Berkeley. The name of the ! 11: * University may not be used to endorse or promote products derived ! 12: * from this software without specific prior written permission. ! 13: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR ! 14: * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED ! 15: * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. ! 16: */ ! 17: ! 18: #ifndef lint ! 19: static char sccsid[] = "@(#)kpasswdd.c 1.5 (Berkeley) 6/22/90"; ! 20: #endif /* not lint */ ! 21: ! 22: /* ! 23: * kpasswdd - update a principal's passwd field in the Kerberos ! 24: * database. Called from inetd. ! 25: * K. Fall ! 26: * 12-Dec-88 ! 27: */ ! 28: ! 29: #include <sys/types.h> ! 30: #include <sys/time.h> ! 31: #include <sys/resource.h> ! 32: #include <sys/signal.h> ! 33: #include <netinet/in.h> ! 34: #include <pwd.h> ! 35: #include <syslog.h> ! 36: #include <kerberosIV/des.h> ! 37: #include <kerberosIV/krb.h> ! 38: #include <kerberosIV/krb_db.h> ! 39: #include <stdio.h> ! 40: #include "kpasswd_proto.h" ! 41: ! 42: static struct kpasswd_data kpwd_data; ! 43: static des_cblock master_key, key; ! 44: static Key_schedule master_key_schedule, ! 45: key_schedule, random_sched; ! 46: long mkeyversion; ! 47: AUTH_DAT kdata; ! 48: static Principal principal_data; ! 49: static struct update_data ud_data; ! 50: ! 51: char inst[INST_SZ]; ! 52: char version[9]; ! 53: KTEXT_ST ticket; ! 54: ! 55: char *progname; /* for the library */ ! 56: ! 57: main() ! 58: { ! 59: struct sockaddr_in foreign; ! 60: int foreign_len = sizeof(foreign); ! 61: int rval, more; ! 62: static char name[] = "kpasswdd"; ! 63: ! 64: static struct rlimit rl = { 0, 0 }; ! 65: ! 66: progname = name; ! 67: openlog("kpasswdd", LOG_CONS | LOG_PID, LOG_AUTH); ! 68: ! 69: signal(SIGHUP, SIG_IGN); ! 70: signal(SIGINT, SIG_IGN); ! 71: signal(SIGTSTP, SIG_IGN); ! 72: if (setrlimit(RLIMIT_CORE, &rl) < 0) { ! 73: syslog(LOG_ERR, "setrlimit: %m"); ! 74: exit(1); ! 75: } ! 76: ! 77: if (getpeername(0, &foreign, &foreign_len) < 0) { ! 78: syslog(LOG_ERR,"getpeername: %m"); ! 79: exit(1); ! 80: } ! 81: ! 82: strcpy(inst, "*"); ! 83: rval = krb_recvauth( ! 84: 0L, /* options--!MUTUAL */ ! 85: 0, /* file desc */ ! 86: &ticket, /* client's ticket */ ! 87: SERVICE, /* expected service */ ! 88: inst, /* expected instance */ ! 89: &foreign, /* foreign addr */ ! 90: (struct sockaddr_in *) 0, /* local addr */ ! 91: &kdata, /* returned krb data */ ! 92: "", /* service keys file */ ! 93: (bit_64 *) NULL, /* returned key schedule */ ! 94: version ! 95: ); ! 96: ! 97: ! 98: if (rval != KSUCCESS) { ! 99: syslog(LOG_ERR, "krb_recvauth: %s", krb_err_txt[rval]); ! 100: cleanup(); ! 101: exit(1); ! 102: } ! 103: ! 104: if (*version == '\0') { ! 105: /* indicates error on client's side (no tickets, etc.) */ ! 106: cleanup(); ! 107: exit(0); ! 108: } else if (strcmp(version, "KPWDV0.1") != 0) { ! 109: syslog(LOG_NOTICE, ! 110: "kpasswdd version conflict (recv'd %s)", ! 111: version); ! 112: cleanup(); ! 113: exit(1); ! 114: } ! 115: ! 116: ! 117: /* get master key */ ! 118: if (kdb_get_master_key(0, master_key, master_key_schedule) != 0) { ! 119: syslog(LOG_ERR, "couldn't get master key"); ! 120: cleanup(); ! 121: exit(1); ! 122: } ! 123: ! 124: mkeyversion = kdb_get_master_key(NULL, master_key, master_key_schedule); ! 125: ! 126: if (mkeyversion < 0) { ! 127: syslog(LOG_NOTICE, "couldn't verify master key"); ! 128: cleanup(); ! 129: exit(1); ! 130: } ! 131: ! 132: /* get principal info */ ! 133: rval = kerb_get_principal( ! 134: kdata.pname, ! 135: kdata.pinst, ! 136: &principal_data, ! 137: 1, ! 138: &more ! 139: ); ! 140: ! 141: if (rval < 0) { ! 142: syslog(LOG_NOTICE, ! 143: "error retrieving principal record for %s.%s", ! 144: kdata.pname, kdata.pinst); ! 145: cleanup(); ! 146: exit(1); ! 147: } ! 148: ! 149: if (rval != 1 || (more != 0)) { ! 150: syslog(LOG_NOTICE, "more than 1 dbase entry for %s.%s", ! 151: kdata.pname, kdata.pinst); ! 152: cleanup(); ! 153: exit(1); ! 154: } ! 155: ! 156: /* get the user's key */ ! 157: ! 158: bcopy(&principal_data.key_low, key, 4); ! 159: bcopy(&principal_data.key_high, ((long *) key) + 1, 4); ! 160: kdb_encrypt_key(key, key, master_key, master_key_schedule, ! 161: DECRYPT); ! 162: key_sched(key, key_schedule); ! 163: des_set_key(key, key_schedule); ! 164: ! 165: ! 166: /* get random key and send it over {random} Kperson */ ! 167: ! 168: random_key(kpwd_data.random_key); ! 169: strcpy(kpwd_data.secure_msg, SECURE_STRING); ! 170: if (des_write(0, &kpwd_data, sizeof(kpwd_data)) != sizeof(kpwd_data)) { ! 171: syslog(LOG_ERR, "error writing initial data"); ! 172: cleanup(); ! 173: exit(1); ! 174: } ! 175: ! 176: bzero(key, sizeof(key)); ! 177: bzero(key_schedule, sizeof(key_schedule)); ! 178: ! 179: /* now read update info: { info }Krandom */ ! 180: ! 181: key_sched(kpwd_data.random_key, random_sched); ! 182: des_set_key(kpwd_data.random_key, random_sched); ! 183: if (des_read(0, &ud_data, sizeof(ud_data)) != sizeof(ud_data)) { ! 184: syslog(LOG_ERR, "update aborted"); ! 185: cleanup(); ! 186: exit(1); ! 187: } ! 188: ! 189: /* validate info string by looking at the embedded string */ ! 190: ! 191: if (strcmp(ud_data.secure_msg, SECURE_STRING) != 0) { ! 192: syslog(LOG_NOTICE, "invalid update from %s", ! 193: inet_ntoa(foreign.sin_addr)); ! 194: cleanup(); ! 195: exit(1); ! 196: } ! 197: ! 198: /* produce the new key entry in the database { key }Kmaster */ ! 199: string_to_key(ud_data.pw, key); ! 200: kdb_encrypt_key(key, key, ! 201: master_key, master_key_schedule, ! 202: ENCRYPT); ! 203: bcopy(key, &principal_data.key_low, 4); ! 204: bcopy(((long *) key) + 1, ! 205: &principal_data.key_high, 4); ! 206: bzero(key, sizeof(key)); ! 207: principal_data.key_version++; ! 208: if (kerb_put_principal(&principal_data, 1)) { ! 209: syslog(LOG_ERR, "couldn't write new record for %s.%s", ! 210: principal_data.name, principal_data.instance); ! 211: cleanup(); ! 212: exit(1); ! 213: } ! 214: ! 215: syslog(LOG_NOTICE,"wrote new password field for %s.%s from %s", ! 216: principal_data.name, ! 217: principal_data.instance, ! 218: inet_ntoa(foreign.sin_addr) ! 219: ); ! 220: ! 221: send_ack(0, "Update complete.\n"); ! 222: cleanup(); ! 223: exit(0); ! 224: } ! 225: ! 226: cleanup() ! 227: { ! 228: bzero(&kpwd_data, sizeof(kpwd_data)); ! 229: bzero(master_key, sizeof(master_key)); ! 230: bzero(master_key_schedule, sizeof(master_key_schedule)); ! 231: bzero(key, sizeof(key)); ! 232: bzero(key_schedule, sizeof(key_schedule)); ! 233: bzero(random_sched, sizeof(random_sched)); ! 234: bzero(&principal_data, sizeof(principal_data)); ! 235: bzero(&ud_data, sizeof(ud_data)); ! 236: } ! 237: ! 238: send_ack(remote, msg) ! 239: int remote; ! 240: char *msg; ! 241: { ! 242: int cc; ! 243: cc = des_write(remote, msg, strlen(msg) + 1); ! 244: if (cc <= 0) { ! 245: syslog(LOG_ERR, "error writing ack"); ! 246: cleanup(); ! 247: exit(1); ! 248: } ! 249: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.