![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to registerd.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / old / athena / register|
Return to registerd.c CVS log | Up to [CSRG BSD Unix] / 43BSDReno / old / athena / register |
1.1 root 1:
2: /*
3: * Copyright (c) 1989 The Regents of the University of California.
4: * All rights reserved.
5: *
6: * Redistribution and use in source and binary forms are permitted
7: * provided that the above copyright notice and this paragraph are
8: * duplicated in all such forms and that any documentation,
9: * advertising materials, and other materials related to such
10: * distribution and use acknowledge that the software was developed
11: * by the University of California, Berkeley. The name of the
12: * University may not be used to endorse or promote products derived
13: * from this software without specific prior written permission.
14: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
15: * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
16: * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
17: */
18:
19: #ifndef lint
20: static char sccsid[] = "@(#)registerd.c 1.4 (Berkeley) 5/17/89";
21: #endif /* not lint */
22:
23: #include <sys/types.h>
24: #include <sys/time.h>
25: #include <sys/signal.h>
26: #include <sys/resource.h>
27: #include <sys/param.h>
28: #include <sys/file.h>
29: #include <netinet/in.h>
30: #include <stdio.h>
31: #include <syslog.h>
32: #include <kerberos/krb.h>
33: #include <kerberos/krb_db.h>
34: #include "register_proto.h"
35:
36: #define SKEYFILE "/kerberos/update.key%s"
37: #define KBUFSIZ (sizeof(struct keyfile_data))
38: #define CRYPT 0x00
39: #define CLEAR 0x01
40:
41: char *progname;
42: struct sockaddr_in sin;
43: char msgbuf[BUFSIZ];
44:
45: int die();
46:
47: main(argc, argv)
48: char **argv;
49: {
50: int kf;
51: char keyfile[MAXPATHLEN];
52: static Key_schedule schedule;
53: u_char code;
54: char keybuf[KBUFSIZ];
55: int retval, sval;
56: struct keyfile_data *kfile;
57: static struct rlimit rl = { 0, 0 };
58:
59: openlog("registerd", LOG_PID, LOG_AUTH);
60:
61: progname = argv[0];
62:
63: signal(SIGHUP, SIG_IGN);
64: signal(SIGINT, SIG_IGN);
65: signal(SIGTSTP, SIG_IGN);
66: signal(SIGPIPE, die);
67: if(setrlimit(RLIMIT_CORE, &rl) < 0) {
68: syslog(LOG_ERR, "setrlimit: %m");
69: exit(1);
70: }
71:
72:
73: /* figure out who we are talking to */
74:
75: sval = sizeof(sin);
76: if(getpeername(0, (struct sockaddr *) &sin, &sval) < 0) {
77: syslog(LOG_ERR, "getpeername: %m");
78: exit(1);
79: }
80:
81: /* get encryption key */
82:
83: (void) sprintf(keyfile, SKEYFILE, inet_ntoa(sin.sin_addr));
84: if((kf = open(keyfile, O_RDONLY)) < 0) {
85: syslog(LOG_ERR, "error opening Kerberos update keyfile (%s): %m", keyfile);
86: (void) sprintf(msgbuf, "couldn't open session keyfile for your host");
87: send_packet(msgbuf, CLEAR);
88: exit(1);
89: }
90:
91: if(read(kf, keybuf, KBUFSIZ) != KBUFSIZ) {
92: syslog(LOG_ERR, "wrong read size of Kerberos update keyfile");
93: (void) sprintf(msgbuf,
94: "couldn't read session key from your host's keyfile");
95: send_packet(msgbuf, CLEAR);
96: exit(1);
97: }
98: (void) sprintf(msgbuf, GOTKEY_MSG);
99: send_packet(msgbuf, CLEAR);
100: kfile = (struct keyfile_data *) keybuf;
101: key_sched(kfile->kf_key, schedule);
102: des_set_key(kfile->kf_key, schedule);
103:
104: /* read the command code byte */
105:
106: if(des_read(0, &code, 1) == 1) {
107:
108: switch(code) {
109: case APPEND_DB:
110: retval = do_append();
111: break;
112: case ABORT:
113: cleanup();
114: close(0);
115: exit(0);
116: default:
117: retval = KFAILURE;
118: syslog(LOG_NOTICE,
119: "invalid command code on db update (0x%x)", code);
120: }
121:
122: } else {
123: retval = KFAILURE;
124: syslog(LOG_ERR, "couldn't read command code on Kerberos update");
125: }
126:
127: code = (u_char) retval;
128: if(code != KSUCCESS) {
129: (void) sprintf(msgbuf, "%s", krb_err_txt[code]);
130: send_packet(msgbuf,CRYPT);
131: } else {
132: (void) sprintf(msgbuf, "Update complete.");
133: send_packet(msgbuf, CRYPT);
134: }
135: cleanup();
136: close(0);
137: exit(0);
138: }
139:
140: #define MAX_PRINCIPAL 10
141: static Principal principal_data[MAX_PRINCIPAL];
142: static C_Block key, master_key;
143: static Key_schedule master_key_schedule;
144: int
145: do_append()
146: {
147: Principal default_princ;
148: char input_name[ANAME_SZ];
149: char input_instance[INST_SZ];
150: int j,n, more;
151: long mkeyversion;
152:
153:
154:
155: /* get master key from MKEYFILE */
156: if(kdb_get_master_key(0, master_key, master_key_schedule) != 0) {
157: syslog(LOG_ERR, "couldn't get master key");
158: return(KFAILURE);
159: }
160:
161: mkeyversion = kdb_verify_master_key(master_key, master_key_schedule, NULL);
162: if(mkeyversion < 0) {
163: syslog(LOG_ERR, "couldn't validate master key");
164: return(KFAILURE);
165: }
166:
167: n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST,
168: &default_princ, 1, &more);
169:
170: if(n != 1) {
171: syslog(LOG_ERR, "couldn't get default principal");
172: return(KFAILURE);
173: }
174:
175: /*
176: * get principal name, instance, and password from network.
177: * convert password to key and store it
178: */
179:
180: if(net_get_principal(input_name, input_instance, key) != 0) {
181: return(KFAILURE);
182: }
183:
184:
185: j = kerb_get_principal(
186: input_name,
187: input_instance,
188: principal_data,
189: MAX_PRINCIPAL,
190: &more
191: );
192:
193: if(j != 0) {
194: /* already in database, no update */
195: syslog(LOG_NOTICE, "attempt to add duplicate entry for principal %s.%s",
196: input_name, input_instance);
197: return(KDC_PR_N_UNIQUE);
198: }
199:
200: /*
201: * set up principal's name, instance
202: */
203:
204: strcpy(principal_data[0].name, input_name);
205: strcpy(principal_data[0].instance, input_instance);
206: principal_data[0].old = NULL;
207:
208:
209: /* and the expiration date and version #s */
210:
211: principal_data[0].exp_date = default_princ.exp_date;
212: strcpy(principal_data[0].exp_date_txt, default_princ.exp_date_txt);
213: principal_data[0].max_life = default_princ.max_life;
214: principal_data[0].attributes = default_princ.attributes;
215: principal_data[0].kdc_key_ver = default_princ.kdc_key_ver;
216:
217:
218: /* and the key */
219:
220: kdb_encrypt_key(key, key, master_key, master_key_schedule,
221: ENCRYPT);
222: bcopy(key, &principal_data[0].key_low, 4);
223: bcopy(((long *) key) + 1, &principal_data[0].key_high,4);
224: bzero(key, sizeof(key));
225:
226: principal_data[0].key_version = 1; /* 1st entry */
227: if(kerb_put_principal(&principal_data[0], 1)) {
228: syslog(LOG_INFO, "Kerberos update failure: put_principal failed");
229: return(KFAILURE);
230: }
231:
232: syslog(LOG_NOTICE, "Kerberos update: wrote new record for %s.%s from %s",
233: principal_data[0].name,
234: principal_data[0].instance,
235: inet_ntoa(sin.sin_addr)
236: );
237:
238: return(KSUCCESS);
239:
240: }
241:
242: send_packet(msg,flag)
243: char *msg;
244: int flag;
245: {
246: int len = strlen(msg);
247: msg[len++] = '\n';
248: msg[len] = '\0';
249: if (len > sizeof(msgbuf)) {
250: syslog(LOG_ERR, "send_packet: invalid msg size");
251: return;
252: }
253: if (flag == CRYPT) {
254: if (des_write(0, msg, len) != len)
255: syslog(LOG_ERR, "couldn't write reply message");
256: } else if (flag == CLEAR) {
257: if (write(0, msg, len) != len)
258: syslog(LOG_ERR, "couldn't write reply message");
259: } else
260: syslog(LOG_ERR, "send_packet: invalid flag (%d)", flag);
261:
262: }
263:
264: net_get_principal(pname, iname, keyp)
265: char *pname, *iname;
266: C_Block *keyp;
267: {
268: int cc;
269: static char password[255];
270:
271: cc = des_read(0, pname, ANAME_SZ);
272: if(cc != ANAME_SZ) {
273: syslog(LOG_ERR, "couldn't get principal name");
274: return(-1);
275: }
276:
277: cc = des_read(0, iname, INST_SZ);
278: if(cc != INST_SZ) {
279: syslog(LOG_ERR, "couldn't get instance name");
280: return(-1);
281: }
282:
283: cc = des_read(0, password, 255);
284: if(cc != 255) {
285: syslog(LOG_ERR, "couldn't get password");
286: bzero(password, 255);
287: return(-1);
288: }
289:
290: string_to_key(password, *keyp);
291: bzero(password, 255);
292: return(0);
293: }
294:
295: cleanup()
296: {
297: bzero(master_key, sizeof(master_key));
298: bzero(key, sizeof(key));
299: bzero(master_key_schedule, sizeof(master_key_schedule));
300: }
301:
302: die()
303: {
304: syslog(LOG_ERR, "remote end died (SIGPIPE)");
305: cleanup();
306: exit(1);
307: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.