[unix-history] / kerberosIV / registerd / registerd.c

/*-
 * Copyright (c) 1990 The Regents of the University of California.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *	This product includes software developed by the University of
 *	California, Berkeley and its contributors.
 * 4. Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#ifndef lint
char copyright[] =
"@(#) Copyright (c) 1990 The Regents of the University of California.\n\
 All rights reserved.\n";
#endif /* not lint */

#ifndef lint
static char sccsid[] = "@(#)registerd.c	5.1 (Berkeley) 11/1/90";
#endif /* not lint */

#include <sys/types.h>
#include <sys/time.h>
#include <sys/signal.h>
#include <sys/resource.h>
#include <sys/param.h>
#include <sys/file.h>
#include <netinet/in.h>
#include <syslog.h>
#include <kerberosIV/des.h>
#include <kerberosIV/krb.h>
#include <kerberosIV/krb_db.h>
#include <stdio.h>
#include "register_proto.h"
#include "pathnames.h"

#define	KBUFSIZ		(sizeof(struct keyfile_data))
#define	RCRYPT		0x00
#define	CLEAR		0x01

struct	sockaddr_in	sin;
char	*progname, msgbuf[BUFSIZ];

main(argc, argv)
	int argc;
	char **argv;
{
	static	Key_schedule	schedule;
	static struct rlimit rl = { 0, 0 };
	struct	keyfile_data	*kfile;
	u_char	code;
	int	kf, retval, sval;
	char	keyfile[MAXPATHLEN], keybuf[KBUFSIZ];
	void die();

	progname = argv[0];		/* for the library routines */

	openlog("registerd", LOG_PID, LOG_AUTH);

	(void)signal(SIGHUP, SIG_IGN);
	(void)signal(SIGINT, SIG_IGN);
	(void)signal(SIGTSTP, SIG_IGN);
	(void)signal(SIGPIPE, die);

	if (setrlimit(RLIMIT_CORE, &rl) < 0) {
		syslog(LOG_ERR, "setrlimit: %m");
		exit(1);
	}


	/* figure out who we are talking to */

	sval = sizeof(sin);
	if (getpeername(0, (struct sockaddr *) &sin, &sval) < 0) {
		syslog(LOG_ERR, "getpeername: %m");
		exit(1);
	}

	/* get encryption key */

	(void) sprintf(keyfile, "%s%s%s",
		SERVER_KEYDIR,
		CLIENT_KEYFILE,
		inet_ntoa(sin.sin_addr));

	if ((kf = open(keyfile, O_RDONLY)) < 0) {
		syslog(LOG_ERR,
		    "error opening Kerberos update keyfile (%s): %m", keyfile);
		(void) sprintf(msgbuf,
		    "couldn't open session keyfile for your host");
		send_packet(msgbuf, CLEAR);
		exit(1);
	}

	if (read(kf, keybuf, KBUFSIZ) != KBUFSIZ) {
		syslog(LOG_ERR, "wrong read size of Kerberos update keyfile");
		(void) sprintf(msgbuf,
			"couldn't read session key from your host's keyfile");
		send_packet(msgbuf, CLEAR);
		exit(1);
	}
	(void) sprintf(msgbuf, GOTKEY_MSG);
	send_packet(msgbuf, CLEAR);
	kfile = (struct keyfile_data *) keybuf;
	key_sched(kfile->kf_key, schedule);
	des_set_key(kfile->kf_key, schedule);

	/* read the command code byte */

	if (des_read(0, &code, 1) == 1) {

		switch(code) {
		case	APPEND_DB:
			retval = do_append();
			break;
		case	ABORT:
			cleanup();
			close(0);
			exit(0);
		default:
			retval = KFAILURE;
			syslog(LOG_NOTICE,
				"invalid command code on db update (0x%x)",
				code);
		}

	} else {
		retval = KFAILURE;
		syslog(LOG_ERR,
		    "couldn't read command code on Kerberos update");
	}

	code = (u_char) retval; 
	if (code != KSUCCESS) {
		(void) sprintf(msgbuf, "%s", krb_err_txt[code]);
		send_packet(msgbuf, RCRYPT);
	} else {
		(void) sprintf(msgbuf, "Update complete.");
		send_packet(msgbuf, RCRYPT);
	}
	cleanup();
	close(0);
	exit(0);
}

#define	MAX_PRINCIPAL	10
static	Principal	principal_data[MAX_PRINCIPAL];
static	C_Block		key, master_key;
static Key_schedule	master_key_schedule;
int
do_append()
{
	Principal	default_princ;
	char		input_name[ANAME_SZ];
	char		input_instance[INST_SZ];
	int		j,n, more;
	long		mkeyversion;


	/* get master key from MKEYFILE */
	if (kdb_get_master_key(0, master_key, master_key_schedule) != 0) {
		syslog(LOG_ERR, "couldn't get master key");
		return(KFAILURE);
	}

	mkeyversion = kdb_verify_master_key(master_key, master_key_schedule, NULL);
	if (mkeyversion < 0) {
		syslog(LOG_ERR, "couldn't validate master key");
		return(KFAILURE);
	}

	n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST,
		&default_princ, 1, &more);

	if (n != 1) {
		syslog(LOG_ERR, "couldn't get default principal");
		return(KFAILURE);
	}

	/*
	 * get principal name, instance, and password from network.
	 * convert password to key and store it
	 */

	if (net_get_principal(input_name, input_instance, key) != 0) {
		return(KFAILURE);
	}


	j = kerb_get_principal(
		input_name,
		input_instance,
		principal_data,
		MAX_PRINCIPAL,
		&more
	);

	if (j != 0) {
		/* already in database, no update */
		syslog(LOG_NOTICE,
			"attempt to add duplicate entry for principal %s.%s",
			input_name, input_instance);
		return(KDC_PR_N_UNIQUE);
	}

	/*
	 * set up principal's name, instance
	 */

	strcpy(principal_data[0].name, input_name);
	strcpy(principal_data[0].instance, input_instance);
	principal_data[0].old = NULL;


	/* and the expiration date and version #s */

	principal_data[0].exp_date = default_princ.exp_date;
	strcpy(principal_data[0].exp_date_txt, default_princ.exp_date_txt);
	principal_data[0].max_life = default_princ.max_life;
	principal_data[0].attributes = default_princ.attributes;
	principal_data[0].kdc_key_ver = default_princ.kdc_key_ver;


	/* and the key */

	kdb_encrypt_key(key, key, master_key, master_key_schedule,
			ENCRYPT);
	bcopy(key, &principal_data[0].key_low, 4);
	bcopy(((long *) key) + 1, &principal_data[0].key_high,4);
	bzero(key, sizeof(key));

	principal_data[0].key_version = 1;	/* 1st entry */

	/* and write it to the database */

	if (kerb_put_principal(&principal_data[0], 1)) {
		syslog(LOG_INFO, "Kerberos update failure: put_principal failed");
		return(KFAILURE);
	}

	syslog(LOG_NOTICE, "Kerberos update: wrote new record for %s.%s from %s",
		principal_data[0].name,
		principal_data[0].instance,
		inet_ntoa(sin.sin_addr)
	);

	return(KSUCCESS);

}

send_packet(msg,flag)
	char	*msg;
	int	flag;
{
	int	len = strlen(msg);
	msg[len++] = '\n';
	msg[len] = '\0';
	if (len > sizeof(msgbuf)) {
		syslog(LOG_ERR, "send_packet: invalid msg size");
		return;
	}
	if (flag == RCRYPT) {
		if (des_write(0, msg, len) != len)
			syslog(LOG_ERR, "couldn't write reply message");
	} else if (flag == CLEAR) {
		if (write(0, msg, len) != len)
			syslog(LOG_ERR, "couldn't write reply message");
	} else
			syslog(LOG_ERR, "send_packet: invalid flag (%d)", flag);

}

net_get_principal(pname, iname, keyp)
	char	*pname, *iname;
	C_Block	*keyp;
{
	int	cc;
	static	char	password[255];

	cc = des_read(0, pname, ANAME_SZ);
	if (cc != ANAME_SZ) {
		syslog(LOG_ERR, "couldn't get principal name");
		return(-1);
	}

	cc = des_read(0, iname, INST_SZ);
	if (cc != INST_SZ) {
		syslog(LOG_ERR, "couldn't get instance name");
		return(-1);
	}

	cc = des_read(0, password, 255);
	if (cc != 255) {
		syslog(LOG_ERR, "couldn't get password");
		bzero(password, 255);
		return(-1);
	}

	string_to_key(password, *keyp);
	bzero(password, 255);
	return(0);
}

cleanup()
{
	bzero(master_key, sizeof(master_key));
	bzero(key, sizeof(key));
	bzero(master_key_schedule, sizeof(master_key_schedule));
}

void
die()
{
	syslog(LOG_ERR, "remote end died (SIGPIPE)");
	cleanup();
	exit(1);
}
Commit	Line	Data
fdf53e02 GW	1	/*-
	2	* Copyright (c) 1990 The Regents of the University of California.
	3	* All rights reserved.
	4	*
	5	* Redistribution and use in source and binary forms, with or without
	6	* modification, are permitted provided that the following conditions
	7	* are met:
	8	* 1. Redistributions of source code must retain the above copyright
	9	* notice, this list of conditions and the following disclaimer.
	10	* 2. Redistributions in binary form must reproduce the above copyright
	11	* notice, this list of conditions and the following disclaimer in the
	12	* documentation and/or other materials provided with the distribution.
	13	* 3. All advertising materials mentioning features or use of this software
	14	* must display the following acknowledgement:
	15	* This product includes software developed by the University of
	16	* California, Berkeley and its contributors.
	17	* 4. Neither the name of the University nor the names of its contributors
	18	* may be used to endorse or promote products derived from this software
	19	* without specific prior written permission.
	20	*
	21	* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
	22	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	23	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	24	* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
	25	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	26	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	27	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	28	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	29	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	30	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	31	* SUCH DAMAGE.
	32	*/
	33
	34	#ifndef lint
	35	char copyright[] =
	36	"@(#) Copyright (c) 1990 The Regents of the University of California.\n\
	37	All rights reserved.\n";
	38	#endif /* not lint */
	39
	40	#ifndef lint
	41	static char sccsid[] = "@(#)registerd.c 5.1 (Berkeley) 11/1/90";
	42	#endif /* not lint */
	43
	44	#include <sys/types.h>
	45	#include <sys/time.h>
	46	#include <sys/signal.h>
	47	#include <sys/resource.h>
	48	#include <sys/param.h>
	49	#include <sys/file.h>
	50	#include <netinet/in.h>
	51	#include <syslog.h>
	52	#include <kerberosIV/des.h>
	53	#include <kerberosIV/krb.h>
	54	#include <kerberosIV/krb_db.h>
	55	#include <stdio.h>
	56	#include "register_proto.h"
	57	#include "pathnames.h"
	58
	59	#define KBUFSIZ (sizeof(struct keyfile_data))
	60	#define RCRYPT 0x00
	61	#define CLEAR 0x01
	62
	63	struct sockaddr_in sin;
	64	char *progname, msgbuf[BUFSIZ];
65
66	main(argc, argv)
67	int argc;
68	char **argv;
69	{
70	static Key_schedule schedule;
71	static struct rlimit rl = { 0, 0 };
72	struct keyfile_data *kfile;
73	u_char code;
74	int kf, retval, sval;
75	char keyfile[MAXPATHLEN], keybuf[KBUFSIZ];
76	void die();
77
78	progname = argv[0]; /* for the library routines */
79
80	openlog("registerd", LOG_PID, LOG_AUTH);
81
82	(void)signal(SIGHUP, SIG_IGN);
83	(void)signal(SIGINT, SIG_IGN);
84	(void)signal(SIGTSTP, SIG_IGN);
85	(void)signal(SIGPIPE, die);
86
87	if (setrlimit(RLIMIT_CORE, &rl) < 0) {
88	syslog(LOG_ERR, "setrlimit: %m");
89	exit(1);
90	}
91
92
93	/* figure out who we are talking to */
94
95	sval = sizeof(sin);
96	if (getpeername(0, (struct sockaddr *) &sin, &sval) < 0) {
97	syslog(LOG_ERR, "getpeername: %m");
98	exit(1);
99	}
100
101	/* get encryption key */
102
103	(void) sprintf(keyfile, "%s%s%s",
104	SERVER_KEYDIR,
105	CLIENT_KEYFILE,
106	inet_ntoa(sin.sin_addr));
107
108	if ((kf = open(keyfile, O_RDONLY)) < 0) {
109	syslog(LOG_ERR,
110	"error opening Kerberos update keyfile (%s): %m", keyfile);
111	(void) sprintf(msgbuf,
112	"couldn't open session keyfile for your host");
113	send_packet(msgbuf, CLEAR);
114	exit(1);
115	}
116
117	if (read(kf, keybuf, KBUFSIZ) != KBUFSIZ) {
118	syslog(LOG_ERR, "wrong read size of Kerberos update keyfile");
119	(void) sprintf(msgbuf,
120	"couldn't read session key from your host's keyfile");
121	send_packet(msgbuf, CLEAR);
122	exit(1);
123	}
124	(void) sprintf(msgbuf, GOTKEY_MSG);
125	send_packet(msgbuf, CLEAR);
126	kfile = (struct keyfile_data *) keybuf;
127	key_sched(kfile->kf_key, schedule);
128	des_set_key(kfile->kf_key, schedule);
129
130	/* read the command code byte */
131
132	if (des_read(0, &code, 1) == 1) {
133
134	switch(code) {
135	case APPEND_DB:
136	retval = do_append();
137	break;
138	case ABORT:
139	cleanup();
140	close(0);
141	exit(0);
142	default:
143	retval = KFAILURE;
144	syslog(LOG_NOTICE,
145	"invalid command code on db update (0x%x)",
146	code);
147	}
148
149	} else {
150	retval = KFAILURE;
151	syslog(LOG_ERR,
152	"couldn't read command code on Kerberos update");
153	}
154
155	code = (u_char) retval;
156	if (code != KSUCCESS) {
157	(void) sprintf(msgbuf, "%s", krb_err_txt[code]);
158	send_packet(msgbuf, RCRYPT);
159	} else {
160	(void) sprintf(msgbuf, "Update complete.");
161	send_packet(msgbuf, RCRYPT);
162	}
163	cleanup();
164	close(0);
165	exit(0);
166	}
167
168	#define MAX_PRINCIPAL 10
169	static Principal principal_data[MAX_PRINCIPAL];
170	static C_Block key, master_key;
171	static Key_schedule master_key_schedule;
172	int
173	do_append()
174	{
175	Principal default_princ;
176	char input_name[ANAME_SZ];
177	char input_instance[INST_SZ];
178	int j,n, more;
179	long mkeyversion;
180
181
182
183	/* get master key from MKEYFILE */
184	if (kdb_get_master_key(0, master_key, master_key_schedule) != 0) {
185	syslog(LOG_ERR, "couldn't get master key");
186	return(KFAILURE);
187	}
188
189	mkeyversion = kdb_verify_master_key(master_key, master_key_schedule, NULL);
190	if (mkeyversion < 0) {
191	syslog(LOG_ERR, "couldn't validate master key");
192	return(KFAILURE);
193	}
194
195	n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST,
196	&default_princ, 1, &more);
197
198	if (n != 1) {
199	syslog(LOG_ERR, "couldn't get default principal");
200	return(KFAILURE);
201	}
202
203	/*
204	* get principal name, instance, and password from network.
205	* convert password to key and store it
206	*/
207
208	if (net_get_principal(input_name, input_instance, key) != 0) {
209	return(KFAILURE);
210	}
211
212
213	j = kerb_get_principal(
214	input_name,
215	input_instance,
216	principal_data,
217	MAX_PRINCIPAL,
218	&more
219	);
220
221	if (j != 0) {
222	/* already in database, no update */
223	syslog(LOG_NOTICE,
224	"attempt to add duplicate entry for principal %s.%s",
225	input_name, input_instance);
226	return(KDC_PR_N_UNIQUE);
227	}
228
229	/*
230	* set up principal's name, instance
231	*/
232
233	strcpy(principal_data[0].name, input_name);
234	strcpy(principal_data[0].instance, input_instance);
235	principal_data[0].old = NULL;
236
237
238	/* and the expiration date and version #s */
239
240	principal_data[0].exp_date = default_princ.exp_date;
241	strcpy(principal_data[0].exp_date_txt, default_princ.exp_date_txt);
242	principal_data[0].max_life = default_princ.max_life;
243	principal_data[0].attributes = default_princ.attributes;
244	principal_data[0].kdc_key_ver = default_princ.kdc_key_ver;
245
246
247	/* and the key */
248
249	kdb_encrypt_key(key, key, master_key, master_key_schedule,
250	ENCRYPT);
251	bcopy(key, &principal_data[0].key_low, 4);
252	bcopy(((long *) key) + 1, &principal_data[0].key_high,4);
253	bzero(key, sizeof(key));
254
255	principal_data[0].key_version = 1; /* 1st entry */
256
257	/* and write it to the database */
258
259	if (kerb_put_principal(&principal_data[0], 1)) {
260	syslog(LOG_INFO, "Kerberos update failure: put_principal failed");
261	return(KFAILURE);
262	}
263
264	syslog(LOG_NOTICE, "Kerberos update: wrote new record for %s.%s from %s",
265	principal_data[0].name,
266	principal_data[0].instance,
267	inet_ntoa(sin.sin_addr)
268	);
269
270	return(KSUCCESS);
271
272	}
273
274	send_packet(msg,flag)
275	char *msg;
276	int flag;
277	{
278	int len = strlen(msg);
279	msg[len++] = '\n';
280	msg[len] = '\0';
281	if (len > sizeof(msgbuf)) {
282	syslog(LOG_ERR, "send_packet: invalid msg size");
283	return;
284	}
285	if (flag == RCRYPT) {
286	if (des_write(0, msg, len) != len)
287	syslog(LOG_ERR, "couldn't write reply message");
288	} else if (flag == CLEAR) {
289	if (write(0, msg, len) != len)
290	syslog(LOG_ERR, "couldn't write reply message");
291	} else
292	syslog(LOG_ERR, "send_packet: invalid flag (%d)", flag);
293
294	}
295
296	net_get_principal(pname, iname, keyp)
297	char pname, iname;
298	C_Block *keyp;
299	{
300	int cc;
301	static char password[255];
302
303	cc = des_read(0, pname, ANAME_SZ);
304	if (cc != ANAME_SZ) {
305	syslog(LOG_ERR, "couldn't get principal name");
306	return(-1);
307	}
308
309	cc = des_read(0, iname, INST_SZ);
310	if (cc != INST_SZ) {
311	syslog(LOG_ERR, "couldn't get instance name");
312	return(-1);
313	}
314
315	cc = des_read(0, password, 255);
316	if (cc != 255) {
317	syslog(LOG_ERR, "couldn't get password");
318	bzero(password, 255);
319	return(-1);
320	}
321
322	string_to_key(password, *keyp);
323	bzero(password, 255);
324	return(0);
325	}
326
327	cleanup()
328	{
329	bzero(master_key, sizeof(master_key));
330	bzero(key, sizeof(key));
331	bzero(master_key_schedule, sizeof(master_key_schedule));
332	}
333
334	void
335	die()
336	{
337	syslog(LOG_ERR, "remote end died (SIGPIPE)");
338	cleanup();
339	exit(1);
340	}