freebsd-dev/eBones/registerd/registerd.c
1995-05-30 06:41:30 +00:00

342 lines
8.4 KiB
C

/*-
* Copyright (c) 1990, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef lint
static char copyright[] =
"@(#) Copyright (c) 1990, 1993\n\
The Regents of the University of California. All rights reserved.\n";
#endif /* not lint */
#ifndef lint
static char sccsid[] = "@(#)registerd.c 8.1 (Berkeley) 6/1/93";
#endif /* not lint */
#include <sys/types.h>
#include <sys/time.h>
#include <sys/signal.h>
#include <sys/resource.h>
#include <sys/param.h>
#include <sys/file.h>
#include <netinet/in.h>
#include <syslog.h>
#include <kerberosIV/des.h>
#include <kerberosIV/krb.h>
#include <kerberosIV/krb_db.h>
#include <stdio.h>
#include "register_proto.h"
#include "pathnames.h"
#define KBUFSIZ (sizeof(struct keyfile_data))
#define RCRYPT 0x00
#define CLEAR 0x01
char *progname, msgbuf[BUFSIZ];
main(argc, argv)
int argc;
char **argv;
{
static Key_schedule schedule;
static struct rlimit rl = { 0, 0 };
struct keyfile_data *kfile;
u_char code;
int kf, retval, sval;
struct sockaddr_in sin;
char keyfile[MAXPATHLEN], keybuf[KBUFSIZ];
void die();
progname = argv[0]; /* for the library routines */
openlog("registerd", LOG_PID, LOG_AUTH);
(void)signal(SIGHUP, SIG_IGN);
(void)signal(SIGINT, SIG_IGN);
(void)signal(SIGTSTP, SIG_IGN);
(void)signal(SIGPIPE, die);
if (setrlimit(RLIMIT_CORE, &rl) < 0) {
syslog(LOG_ERR, "setrlimit: %m");
exit(1);
}
/* figure out who we are talking to */
sval = sizeof(sin);
if (getpeername(0, (struct sockaddr *) &sin, &sval) < 0) {
syslog(LOG_ERR, "getpeername: %m");
exit(1);
}
/* get encryption key */
(void) sprintf(keyfile, "%s/%s%s",
SERVER_KEYDIR,
KEYFILE_BASE,
inet_ntoa(sin.sin_addr));
if ((kf = open(keyfile, O_RDONLY)) < 0) {
syslog(LOG_ERR,
"error opening Kerberos update keyfile (%s): %m", keyfile);
(void) sprintf(msgbuf,
"couldn't open session keyfile for your host");
send_packet(msgbuf, CLEAR);
exit(1);
}
if (read(kf, keybuf, KBUFSIZ) != KBUFSIZ) {
syslog(LOG_ERR, "wrong read size of Kerberos update keyfile");
(void) sprintf(msgbuf,
"couldn't read session key from your host's keyfile");
send_packet(msgbuf, CLEAR);
exit(1);
}
(void) sprintf(msgbuf, GOTKEY_MSG);
send_packet(msgbuf, CLEAR);
kfile = (struct keyfile_data *) keybuf;
key_sched(kfile->kf_key, schedule);
des_set_key(kfile->kf_key, schedule);
/* read the command code byte */
if (des_read(0, &code, 1) == 1) {
switch(code) {
case APPEND_DB:
retval = do_append(&sin);
break;
case ABORT:
cleanup();
close(0);
exit(0);
default:
retval = KFAILURE;
syslog(LOG_NOTICE,
"invalid command code on db update (0x%x)",
code);
}
} else {
retval = KFAILURE;
syslog(LOG_ERR,
"couldn't read command code on Kerberos update");
}
code = (u_char) retval;
if (code != KSUCCESS) {
(void) sprintf(msgbuf, "%s", krb_err_txt[code]);
send_packet(msgbuf, RCRYPT);
} else {
(void) sprintf(msgbuf, "Update complete.");
send_packet(msgbuf, RCRYPT);
}
cleanup();
close(0);
exit(0);
}
#define MAX_PRINCIPAL 10
static Principal principal_data[MAX_PRINCIPAL];
static C_Block key, master_key;
static Key_schedule master_key_schedule;
int
do_append(sinp)
struct sockaddr_in *sinp;
{
Principal default_princ;
char input_name[ANAME_SZ];
char input_instance[INST_SZ];
int j,n, more;
long mkeyversion;
/* get master key from MKEYFILE */
if (kdb_get_master_key(0, master_key, master_key_schedule) != 0) {
syslog(LOG_ERR, "couldn't get master key");
return(KFAILURE);
}
mkeyversion = kdb_verify_master_key(master_key, master_key_schedule, NULL);
if (mkeyversion < 0) {
syslog(LOG_ERR, "couldn't validate master key");
return(KFAILURE);
}
n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST,
&default_princ, 1, &more);
if (n != 1) {
syslog(LOG_ERR, "couldn't get default principal");
return(KFAILURE);
}
/*
* get principal name, instance, and password from network.
* convert password to key and store it
*/
if (net_get_principal(input_name, input_instance, key) != 0) {
return(KFAILURE);
}
j = kerb_get_principal(
input_name,
input_instance,
principal_data,
MAX_PRINCIPAL,
&more
);
if (j != 0) {
/* already in database, no update */
syslog(LOG_NOTICE,
"attempt to add duplicate entry for principal %s.%s",
input_name, input_instance);
return(KDC_PR_N_UNIQUE);
}
/*
* set up principal's name, instance
*/
strcpy(principal_data[0].name, input_name);
strcpy(principal_data[0].instance, input_instance);
principal_data[0].old = NULL;
/* and the expiration date and version #s */
principal_data[0].exp_date = default_princ.exp_date;
strcpy(principal_data[0].exp_date_txt, default_princ.exp_date_txt);
principal_data[0].max_life = default_princ.max_life;
principal_data[0].attributes = default_princ.attributes;
principal_data[0].kdc_key_ver = default_princ.kdc_key_ver;
/* and the key */
kdb_encrypt_key(key, key, master_key, master_key_schedule,
ENCRYPT);
bcopy(key, &principal_data[0].key_low, 4);
bcopy(((long *) key) + 1, &principal_data[0].key_high,4);
bzero(key, sizeof(key));
principal_data[0].key_version = 1; /* 1st entry */
/* and write it to the database */
if (kerb_put_principal(&principal_data[0], 1)) {
syslog(LOG_INFO, "Kerberos update failure: put_principal failed");
return(KFAILURE);
}
syslog(LOG_NOTICE, "Kerberos update: wrote new record for %s.%s from %s",
principal_data[0].name,
principal_data[0].instance,
inet_ntoa(sinp->sin_addr)
);
return(KSUCCESS);
}
send_packet(msg,flag)
char *msg;
int flag;
{
int len = strlen(msg);
msg[len++] = '\n';
msg[len] = '\0';
if (len > sizeof(msgbuf)) {
syslog(LOG_ERR, "send_packet: invalid msg size");
return;
}
if (flag == RCRYPT) {
if (des_write(0, msg, len) != len)
syslog(LOG_ERR, "couldn't write reply message");
} else if (flag == CLEAR) {
if (write(0, msg, len) != len)
syslog(LOG_ERR, "couldn't write reply message");
} else
syslog(LOG_ERR, "send_packet: invalid flag (%d)", flag);
}
net_get_principal(pname, iname, keyp)
char *pname, *iname;
C_Block *keyp;
{
int cc;
static char password[255];
cc = des_read(0, pname, ANAME_SZ);
if (cc != ANAME_SZ) {
syslog(LOG_ERR, "couldn't get principal name");
return(-1);
}
cc = des_read(0, iname, INST_SZ);
if (cc != INST_SZ) {
syslog(LOG_ERR, "couldn't get instance name");
return(-1);
}
cc = des_read(0, password, 255);
if (cc != 255) {
syslog(LOG_ERR, "couldn't get password");
bzero(password, 255);
return(-1);
}
string_to_key(password, *keyp);
bzero(password, 255);
return(0);
}
cleanup()
{
bzero(master_key, sizeof(master_key));
bzero(key, sizeof(key));
bzero(master_key_schedule, sizeof(master_key_schedule));
}
void
die()
{
syslog(LOG_ERR, "remote end died (SIGPIPE)");
cleanup();
exit(1);
}