freebsd-dev/eBones/libexec/registerd/registerd.c
Geoff Rehmet 60643d379b Initial import of eBones.
(Including all changes for FreeBSD - importing the original eBones distribution
would be too complex at this stage, since I don't have access to Piero's 
CVS.)
(If you want to include eBones in your system, don't forget to include
MAKE_EBONES in /etc/make.conf.)
(This stuff is now also suppable from braae.ru.ac.za.)

Bones originally from MIT SIPB.
Original port to FreeBSD 1.x  by Piero Serini.
Moved to FreeBSD 2.0 by Doug Rabson and Geoff Rehmet.
Nice bug fixes from Doug Rabson.
1994-09-30 14:50:09 +00:00

342 lines
8.4 KiB
C

/*-
* Copyright (c) 1990, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef lint
static char copyright[] =
"@(#) Copyright (c) 1990, 1993\n\
The Regents of the University of California. All rights reserved.\n";
#endif /* not lint */
#ifndef lint
static char sccsid[] = "@(#)registerd.c 8.1 (Berkeley) 6/1/93";
#endif /* not lint */
#include <sys/types.h>
#include <sys/time.h>
#include <sys/signal.h>
#include <sys/resource.h>
#include <sys/param.h>
#include <sys/file.h>
#include <netinet/in.h>
#include <syslog.h>
#include <kerberosIV/des.h>
#include <kerberosIV/krb.h>
#include <kerberosIV/krb_db.h>
#include <stdio.h>
#include "register_proto.h"
#include "pathnames.h"
#define KBUFSIZ (sizeof(struct keyfile_data))
#define RCRYPT 0x00
#define CLEAR 0x01
char *progname, msgbuf[BUFSIZ];
main(argc, argv)
int argc;
char **argv;
{
static Key_schedule schedule;
static struct rlimit rl = { 0, 0 };
struct keyfile_data *kfile;
u_char code;
int kf, retval, sval;
struct sockaddr_in sin;
char keyfile[MAXPATHLEN], keybuf[KBUFSIZ];
void die();
progname = argv[0]; /* for the library routines */
openlog("registerd", LOG_PID, LOG_AUTH);
(void)signal(SIGHUP, SIG_IGN);
(void)signal(SIGINT, SIG_IGN);
(void)signal(SIGTSTP, SIG_IGN);
(void)signal(SIGPIPE, die);
if (setrlimit(RLIMIT_CORE, &rl) < 0) {
syslog(LOG_ERR, "setrlimit: %m");
exit(1);
}
/* figure out who we are talking to */
sval = sizeof(sin);
if (getpeername(0, (struct sockaddr *) &sin, &sval) < 0) {
syslog(LOG_ERR, "getpeername: %m");
exit(1);
}
/* get encryption key */
(void) sprintf(keyfile, "%s/%s%s",
SERVER_KEYDIR,
KEYFILE_BASE,
inet_ntoa(sin.sin_addr));
if ((kf = open(keyfile, O_RDONLY)) < 0) {
syslog(LOG_ERR,
"error opening Kerberos update keyfile (%s): %m", keyfile);
(void) sprintf(msgbuf,
"couldn't open session keyfile for your host");
send_packet(msgbuf, CLEAR);
exit(1);
}
if (read(kf, keybuf, KBUFSIZ) != KBUFSIZ) {
syslog(LOG_ERR, "wrong read size of Kerberos update keyfile");
(void) sprintf(msgbuf,
"couldn't read session key from your host's keyfile");
send_packet(msgbuf, CLEAR);
exit(1);
}
(void) sprintf(msgbuf, GOTKEY_MSG);
send_packet(msgbuf, CLEAR);
kfile = (struct keyfile_data *) keybuf;
key_sched(kfile->kf_key, schedule);
des_set_key(kfile->kf_key, schedule);
/* read the command code byte */
if (des_read(0, &code, 1) == 1) {
switch(code) {
case APPEND_DB:
retval = do_append(&sin);
break;
case ABORT:
cleanup();
close(0);
exit(0);
default:
retval = KFAILURE;
syslog(LOG_NOTICE,
"invalid command code on db update (0x%x)",
code);
}
} else {
retval = KFAILURE;
syslog(LOG_ERR,
"couldn't read command code on Kerberos update");
}
code = (u_char) retval;
if (code != KSUCCESS) {
(void) sprintf(msgbuf, "%s", krb_err_txt[code]);
send_packet(msgbuf, RCRYPT);
} else {
(void) sprintf(msgbuf, "Update complete.");
send_packet(msgbuf, RCRYPT);
}
cleanup();
close(0);
exit(0);
}
#define MAX_PRINCIPAL 10
static Principal principal_data[MAX_PRINCIPAL];
static C_Block key, master_key;
static Key_schedule master_key_schedule;
int
do_append(sinp)
struct sockaddr_in *sinp;
{
Principal default_princ;
char input_name[ANAME_SZ];
char input_instance[INST_SZ];
int j,n, more;
long mkeyversion;
/* get master key from MKEYFILE */
if (kdb_get_master_key(0, master_key, master_key_schedule) != 0) {
syslog(LOG_ERR, "couldn't get master key");
return(KFAILURE);
}
mkeyversion = kdb_verify_master_key(master_key, master_key_schedule, NULL);
if (mkeyversion < 0) {
syslog(LOG_ERR, "couldn't validate master key");
return(KFAILURE);
}
n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST,
&default_princ, 1, &more);
if (n != 1) {
syslog(LOG_ERR, "couldn't get default principal");
return(KFAILURE);
}
/*
* get principal name, instance, and password from network.
* convert password to key and store it
*/
if (net_get_principal(input_name, input_instance, key) != 0) {
return(KFAILURE);
}
j = kerb_get_principal(
input_name,
input_instance,
principal_data,
MAX_PRINCIPAL,
&more
);
if (j != 0) {
/* already in database, no update */
syslog(LOG_NOTICE,
"attempt to add duplicate entry for principal %s.%s",
input_name, input_instance);
return(KDC_PR_N_UNIQUE);
}
/*
* set up principal's name, instance
*/
strcpy(principal_data[0].name, input_name);
strcpy(principal_data[0].instance, input_instance);
principal_data[0].old = NULL;
/* and the expiration date and version #s */
principal_data[0].exp_date = default_princ.exp_date;
strcpy(principal_data[0].exp_date_txt, default_princ.exp_date_txt);
principal_data[0].max_life = default_princ.max_life;
principal_data[0].attributes = default_princ.attributes;
principal_data[0].kdc_key_ver = default_princ.kdc_key_ver;
/* and the key */
kdb_encrypt_key(key, key, master_key, master_key_schedule,
ENCRYPT);
bcopy(key, &principal_data[0].key_low, 4);
bcopy(((long *) key) + 1, &principal_data[0].key_high,4);
bzero(key, sizeof(key));
principal_data[0].key_version = 1; /* 1st entry */
/* and write it to the database */
if (kerb_put_principal(&principal_data[0], 1)) {
syslog(LOG_INFO, "Kerberos update failure: put_principal failed");
return(KFAILURE);
}
syslog(LOG_NOTICE, "Kerberos update: wrote new record for %s.%s from %s",
principal_data[0].name,
principal_data[0].instance,
inet_ntoa(sinp->sin_addr)
);
return(KSUCCESS);
}
send_packet(msg,flag)
char *msg;
int flag;
{
int len = strlen(msg);
msg[len++] = '\n';
msg[len] = '\0';
if (len > sizeof(msgbuf)) {
syslog(LOG_ERR, "send_packet: invalid msg size");
return;
}
if (flag == RCRYPT) {
if (des_write(0, msg, len) != len)
syslog(LOG_ERR, "couldn't write reply message");
} else if (flag == CLEAR) {
if (write(0, msg, len) != len)
syslog(LOG_ERR, "couldn't write reply message");
} else
syslog(LOG_ERR, "send_packet: invalid flag (%d)", flag);
}
net_get_principal(pname, iname, keyp)
char *pname, *iname;
C_Block *keyp;
{
int cc;
static char password[255];
cc = des_read(0, pname, ANAME_SZ);
if (cc != ANAME_SZ) {
syslog(LOG_ERR, "couldn't get principal name");
return(-1);
}
cc = des_read(0, iname, INST_SZ);
if (cc != INST_SZ) {
syslog(LOG_ERR, "couldn't get instance name");
return(-1);
}
cc = des_read(0, password, 255);
if (cc != 255) {
syslog(LOG_ERR, "couldn't get password");
bzero(password, 255);
return(-1);
}
string_to_key(password, *keyp);
bzero(password, 255);
return(0);
}
cleanup()
{
bzero(master_key, sizeof(master_key));
bzero(key, sizeof(key));
bzero(master_key_schedule, sizeof(master_key_schedule));
}
void
die()
{
syslog(LOG_ERR, "remote end died (SIGPIPE)");
cleanup();
exit(1);
}