![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to kpasswdd.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / old / athena / kpasswd|
Return to kpasswdd.c CVS log | Up to [CSRG BSD Unix] / 43BSDReno / old / athena / kpasswd |
1.1 ! root 1: /* ! 2: * Copyright (c) 1989 The Regents of the University of California. ! 3: * All rights reserved. ! 4: * ! 5: * Redistribution and use in source and binary forms are permitted ! 6: * provided that the above copyright notice and this paragraph are ! 7: * duplicated in all such forms and that any documentation, ! 8: * advertising materials, and other materials related to such ! 9: * distribution and use acknowledge that the software was developed ! 10: * by the University of California, Berkeley. The name of the ! 11: * University may not be used to endorse or promote products derived ! 12: * from this software without specific prior written permission. ! 13: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR ! 14: * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED ! 15: * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. ! 16: */ ! 17: ! 18: #ifndef lint ! 19: static char sccsid[] = "@(#)kpasswdd.c 1.2 (Berkeley) 5/17/89"; ! 20: #endif /* not lint */ ! 21: ! 22: /* ! 23: * kpasswdd - update a principal's passwd field in the Kerberos ! 24: * database. Called from inetd. ! 25: * K. Fall ! 26: * 12-Dec-88 ! 27: */ ! 28: ! 29: #include <stdio.h> ! 30: #include <sys/types.h> ! 31: #include <sys/time.h> ! 32: #include <syslog.h> ! 33: #include <kerberos/krb.h> ! 34: #include <kerberos/krb_db.h> ! 35: #include <sys/resource.h> ! 36: #include <sys/signal.h> ! 37: #include <netinet/in.h> ! 38: #include "kpasswd_proto.h" ! 39: ! 40: static struct kpasswd_data kpwd_data; ! 41: static C_Block master_key, key; ! 42: static Key_schedule master_key_schedule, ! 43: key_schedule, random_sched; ! 44: int mkeyversion; ! 45: AUTH_DAT kdata; ! 46: static Principal principal_data; ! 47: static struct update_data ud_data; ! 48: ! 49: char inst[INST_SZ]; ! 50: char version[9]; ! 51: KTEXT_ST ticket; ! 52: ! 53: char *progname; /* for the library */ ! 54: ! 55: main() ! 56: { ! 57: struct sockaddr_in foreign; ! 58: int foreign_len = sizeof(foreign); ! 59: int rval, more; ! 60: static char name[] = "kpasswdd"; ! 61: ! 62: static struct rlimit rl = { 0, 0 }; ! 63: ! 64: progname = name; ! 65: openlog("kpasswdd", LOG_CONS | LOG_PID, LOG_AUTH); ! 66: ! 67: signal(SIGHUP, SIG_IGN); ! 68: signal(SIGINT, SIG_IGN); ! 69: signal(SIGTSTP, SIG_IGN); ! 70: if(setrlimit(RLIMIT_CORE, &rl) < 0) { ! 71: syslog(LOG_ERR, "setrlimit: %m"); ! 72: exit(1); ! 73: } ! 74: ! 75: if(getpeername(0, &foreign, &foreign_len) < 0) { ! 76: syslog(LOG_ERR,"getpeername: %m"); ! 77: exit(1); ! 78: } ! 79: ! 80: strcpy(inst, "*"); ! 81: rval = krb_recvauth( ! 82: 0L, /* !MUTUAL */ ! 83: 0, /* file desc */ ! 84: &ticket, /* client's ticket */ ! 85: SERVICE, /* expected service */ ! 86: inst, /* expected instance */ ! 87: &foreign, /* foreign addr */ ! 88: (struct sockaddr_in *) 0, ! 89: &kdata, ! 90: "", ! 91: (bit_64 *) NULL, /* key schedule */ ! 92: version ! 93: ); ! 94: ! 95: ! 96: if(rval != KSUCCESS) { ! 97: syslog(LOG_ERR, "krb_recvauth: %s", krb_err_txt[rval]); ! 98: cleanup(); ! 99: exit(1); ! 100: } ! 101: ! 102: ! 103: /* get master key */ ! 104: if(kdb_get_master_key(0, master_key, master_key_schedule) != 0) { ! 105: syslog(LOG_ERR, "couldn't get master key"); ! 106: cleanup(); ! 107: exit(1); ! 108: } ! 109: ! 110: mkeyversion = ! 111: kdb_get_master_key(master_key, master_key_schedule, NULL); ! 112: ! 113: ! 114: if(mkeyversion < 0) { ! 115: syslog(LOG_NOTICE, "couldn't verify master key"); ! 116: cleanup(); ! 117: exit(1); ! 118: } ! 119: ! 120: /* get principal info */ ! 121: rval = kerb_get_principal( ! 122: kdata.pname, ! 123: kdata.pinst, ! 124: &principal_data, ! 125: 1, ! 126: &more ! 127: ); ! 128: ! 129: if(rval != 1 || (more != 0)) { ! 130: syslog(LOG_NOTICE, "more than 1 entry for %s.%s", ! 131: kdata.pname, kdata.pinst); ! 132: cleanup(); ! 133: exit(1); ! 134: } ! 135: ! 136: /* get the user's key */ ! 137: ! 138: bcopy(&principal_data.key_low, key, 4); ! 139: bcopy(&principal_data.key_high, ((long *) key) + 1, 4); ! 140: kdb_encrypt_key(key, key, master_key, master_key_schedule, ! 141: DECRYPT); ! 142: key_sched(key, key_schedule); ! 143: des_set_key(key, key_schedule); ! 144: ! 145: ! 146: /* get random key and send it over {random} Kperson */ ! 147: ! 148: random_key(kpwd_data.random_key); ! 149: strcpy(kpwd_data.secure_msg, SECURE_STRING); ! 150: if(des_write(0, &kpwd_data, sizeof(kpwd_data)) != sizeof(kpwd_data)) { ! 151: syslog(LOG_ERR, "error writing initial data"); ! 152: cleanup(); ! 153: exit(1); ! 154: } ! 155: ! 156: bzero(key, sizeof(key)); ! 157: bzero(key_schedule, sizeof(key_schedule)); ! 158: ! 159: /* now read update info: { info }Krandom */ ! 160: ! 161: key_sched(kpwd_data.random_key, random_sched); ! 162: des_set_key(kpwd_data.random_key, random_sched); ! 163: if(des_read(0, &ud_data, sizeof(ud_data)) != sizeof(ud_data)) { ! 164: syslog(LOG_ERR, "update aborted"); ! 165: cleanup(); ! 166: exit(1); ! 167: } ! 168: ! 169: /* validate info string by looking at the embedded string */ ! 170: ! 171: if(strcmp(ud_data.secure_msg, SECURE_STRING)) { ! 172: syslog(LOG_NOTICE, "invalid update from %s", ! 173: inet_ntoa(foreign.sin_addr)); ! 174: cleanup(); ! 175: exit(1); ! 176: } ! 177: ! 178: /* produce the new key entry in the database { key }Kmaster */ ! 179: string_to_key(ud_data.pw, key); ! 180: kdb_encrypt_key(key, key, ! 181: master_key, master_key_schedule, ! 182: ENCRYPT); ! 183: bcopy(key, &principal_data.key_low, 4); ! 184: bcopy(((long *) key) + 1, ! 185: &principal_data.key_high, 4); ! 186: bzero(key, sizeof(key)); ! 187: principal_data.key_version++; ! 188: if(kerb_put_principal(&principal_data, 1)) { ! 189: syslog(LOG_ERR, "couldn't write new record for %s.%s", ! 190: principal_data.name, principal_data.instance); ! 191: cleanup(); ! 192: exit(1); ! 193: } ! 194: ! 195: syslog(LOG_NOTICE,"wrote new password field for %s.%s from %s", ! 196: principal_data.name, ! 197: principal_data.instance, ! 198: inet_ntoa(foreign.sin_addr) ! 199: ); ! 200: ! 201: send_ack(0, "Update complete.\n"); ! 202: cleanup(); ! 203: exit(0); ! 204: } ! 205: ! 206: cleanup() ! 207: { ! 208: bzero(&kpwd_data, sizeof(kpwd_data)); ! 209: bzero(master_key, sizeof(master_key)); ! 210: bzero(master_key_schedule, sizeof(master_key_schedule)); ! 211: bzero(key, sizeof(key)); ! 212: bzero(key_schedule, sizeof(key_schedule)); ! 213: bzero(random_sched, sizeof(random_sched)); ! 214: bzero(&principal_data, sizeof(principal_data)); ! 215: bzero(&ud_data, sizeof(ud_data)); ! 216: } ! 217: ! 218: send_ack(remote, msg) ! 219: int remote; ! 220: char *msg; ! 221: { ! 222: int cc; ! 223: cc = des_write(remote, msg, strlen(msg) + 1); ! 224: if(cc <= 0) { ! 225: syslog(LOG_ERR, "error writing ack"); ! 226: cleanup(); ! 227: exit(1); ! 228: } ! 229: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.