#include <sys/resource.h>
#include <kerberos/krb.h>
#include <kerberos/krb_db.h>
#include "register_proto.h"
#define SKEYFILE "/kerberos/update.key%s"
#define KBUFSIZ (sizeof(struct keyfile_data))
char keyfile
[MAXPATHLEN
];
static Key_schedule schedule
;
struct keyfile_data
*kfile
;
static struct rlimit rl
= { 0, 0 };
openlog("registerd", LOG_PID
, LOG_AUTH
);
signal(SIGTSTP
, SIG_IGN
);
if(setrlimit(RLIMIT_CORE
, &rl
) < 0) {
syslog(LOG_ERR
, "setrlimit: %m");
/* figure out who we are talking to */
if(getpeername(0, (struct sockaddr
*) &sin
, &sval
) < 0) {
syslog(LOG_ERR
, "getpeername: %m");
(void) sprintf(keyfile
, SKEYFILE
, inet_ntoa(sin
.sin_addr
));
if((kf
= open(keyfile
, O_RDONLY
)) < 0) {
syslog(LOG_ERR
, "error opening Kerberos update keyfile (%s): %m", keyfile
);
(void) sprintf(msgbuf
, "couldn't open session keyfile for your host");
send_packet(msgbuf
, CLEAR
);
if(read(kf
, keybuf
, KBUFSIZ
) != KBUFSIZ
) {
syslog(LOG_ERR
, "wrong read size of Kerberos update keyfile");
(void) sprintf(msgbuf
, "couldn't read session key from your host's keyfile");
send_packet(msgbuf
, CLEAR
);
(void) sprintf(msgbuf
, "GOTKEY");
send_packet(msgbuf
, CLEAR
);
kfile
= (struct keyfile_data
*) keybuf
;
key_sched(kfile
->kf_key
, schedule
);
des_set_key(kfile
->kf_key
, schedule
);
/* read the command code byte */
if(des_read(0, &code
, 1) == 1) {
syslog(LOG_NOTICE
, "invalid command code on Kerberos update (0x%x)", code
);
syslog(LOG_ERR
, "couldn't read command code on Kerberos update");
(void) sprintf(msgbuf
, "%s", krb_err_txt
[code
]);
send_packet(msgbuf
,CRYPT
);
(void) sprintf(msgbuf
, "Update complete.");
send_packet(msgbuf
, CRYPT
);
static Principal principal_data
[MAX_PRINCIPAL
];
static C_Block key
, master_key
;
static Key_schedule master_key_schedule
;
char input_name
[ANAME_SZ
];
char input_instance
[INST_SZ
];
/* get master key from MKEYFILE */
if(kdb_get_master_key(0, master_key
, master_key_schedule
) != 0) {
syslog(LOG_ERR
, "couldn't get master key");
mkeyversion
= kdb_verify_master_key(master_key
, master_key_schedule
, NULL
);
syslog(LOG_ERR
, "couldn't validate master key");
n
= kerb_get_principal(KERB_DEFAULT_NAME
, KERB_DEFAULT_INST
,
&default_princ
, 1, &more
);
syslog(LOG_ERR
, "couldn't get default principal");
* get principal name, instance, and password from network.
* convert password to key and store it
if(net_get_principal(input_name
, input_instance
, key
) != 0) {
/* already in database, no update */
syslog(LOG_NOTICE
, "attempt to add duplicate entry for principal %s.%s",
input_name
, input_instance
);
* set up principal's name, instance
strcpy(principal_data
[0].name
, input_name
);
strcpy(principal_data
[0].instance
, input_instance
);
principal_data
[0].old
= NULL
;
/* and the expiration date and version #s */
principal_data
[0].exp_date
= default_princ
.exp_date
;
strcpy(principal_data
[0].exp_date_txt
, default_princ
.exp_date_txt
);
principal_data
[0].max_life
= default_princ
.max_life
;
principal_data
[0].attributes
= default_princ
.attributes
;
principal_data
[0].kdc_key_ver
= default_princ
.kdc_key_ver
;
kdb_encrypt_key(key
, key
, master_key
, master_key_schedule
,
bcopy(key
, &principal_data
[0].key_low
, 4);
bcopy(((long *) key
) + 1, &principal_data
[0].key_high
,4);
principal_data
[0].key_version
= 1; /* 1st entry */
if(kerb_put_principal(&principal_data
[0], 1)) {
syslog(LOG_INFO
, "Kerberos update failure: put_principal failed");
syslog(LOG_NOTICE
, "Kerberos update: wrote new record for %s.%s from %s",
principal_data
[0].instance
,
if (len
> sizeof(msgbuf
)) {
syslog(LOG_ERR
, "send_packet: invalid msg size");
if (des_write(0, msg
, len
) != len
)
syslog(LOG_ERR
, "couldn't write reply message");
} else if (flag
== CLEAR
) {
if (write(0, msg
, len
) != len
)
syslog(LOG_ERR
, "couldn't write reply message");
syslog(LOG_ERR
, "send_packet: invalid flag (%d)", flag
);
net_get_principal(pname
, iname
, keyp
)
static char password
[255];
cc
= des_read(0, pname
, ANAME_SZ
);
syslog(LOG_ERR
, "couldn't get principal name");
cc
= des_read(0, iname
, INST_SZ
);
syslog(LOG_ERR
, "couldn't get instance name");
cc
= des_read(0, password
, 255);
syslog(LOG_ERR
, "couldn't get password");
string_to_key(password
, *keyp
);
bzero(master_key
, sizeof(master_key
));
bzero(master_key_schedule
, sizeof(master_key_schedule
));
syslog(LOG_ERR
, "remote end died (SIGPIPE)");