* Copyright (c) 1990 The Regents of the University of California.
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
"@(#) Copyright (c) 1990 The Regents of the University of California.\n\
static char sccsid
[] = "@(#)registerd.c 5.1 (Berkeley) 11/1/90";
#include <sys/resource.h>
#include <kerberosIV/des.h>
#include <kerberosIV/krb.h>
#include <kerberosIV/krb_db.h>
#include "register_proto.h"
#define KBUFSIZ (sizeof(struct keyfile_data))
char *progname
, msgbuf
[BUFSIZ
];
static Key_schedule schedule
;
static struct rlimit rl
= { 0, 0 };
struct keyfile_data
*kfile
;
char keyfile
[MAXPATHLEN
], keybuf
[KBUFSIZ
];
progname
= argv
[0]; /* for the library routines */
openlog("registerd", LOG_PID
, LOG_AUTH
);
(void)signal(SIGHUP
, SIG_IGN
);
(void)signal(SIGINT
, SIG_IGN
);
(void)signal(SIGTSTP
, SIG_IGN
);
(void)signal(SIGPIPE
, die
);
if (setrlimit(RLIMIT_CORE
, &rl
) < 0) {
syslog(LOG_ERR
, "setrlimit: %m");
/* figure out who we are talking to */
if (getpeername(0, (struct sockaddr
*) &sin
, &sval
) < 0) {
syslog(LOG_ERR
, "getpeername: %m");
(void) sprintf(keyfile
, "%s%s%s",
inet_ntoa(sin
.sin_addr
));
if ((kf
= open(keyfile
, O_RDONLY
)) < 0) {
"error opening Kerberos update keyfile (%s): %m", keyfile
);
"couldn't open session keyfile for your host");
send_packet(msgbuf
, CLEAR
);
if (read(kf
, keybuf
, KBUFSIZ
) != KBUFSIZ
) {
syslog(LOG_ERR
, "wrong read size of Kerberos update keyfile");
"couldn't read session key from your host's keyfile");
send_packet(msgbuf
, CLEAR
);
(void) sprintf(msgbuf
, GOTKEY_MSG
);
send_packet(msgbuf
, CLEAR
);
kfile
= (struct keyfile_data
*) keybuf
;
key_sched(kfile
->kf_key
, schedule
);
des_set_key(kfile
->kf_key
, schedule
);
/* read the command code byte */
if (des_read(0, &code
, 1) == 1) {
"invalid command code on db update (0x%x)",
"couldn't read command code on Kerberos update");
(void) sprintf(msgbuf
, "%s", krb_err_txt
[code
]);
send_packet(msgbuf
, RCRYPT
);
(void) sprintf(msgbuf
, "Update complete.");
send_packet(msgbuf
, RCRYPT
);
static Principal principal_data
[MAX_PRINCIPAL
];
static C_Block key
, master_key
;
static Key_schedule master_key_schedule
;
char input_name
[ANAME_SZ
];
char input_instance
[INST_SZ
];
/* get master key from MKEYFILE */
if (kdb_get_master_key(0, master_key
, master_key_schedule
) != 0) {
syslog(LOG_ERR
, "couldn't get master key");
mkeyversion
= kdb_verify_master_key(master_key
, master_key_schedule
, NULL
);
syslog(LOG_ERR
, "couldn't validate master key");
n
= kerb_get_principal(KERB_DEFAULT_NAME
, KERB_DEFAULT_INST
,
&default_princ
, 1, &more
);
syslog(LOG_ERR
, "couldn't get default principal");
* get principal name, instance, and password from network.
* convert password to key and store it
if (net_get_principal(input_name
, input_instance
, key
) != 0) {
/* already in database, no update */
"attempt to add duplicate entry for principal %s.%s",
input_name
, input_instance
);
* set up principal's name, instance
strcpy(principal_data
[0].name
, input_name
);
strcpy(principal_data
[0].instance
, input_instance
);
principal_data
[0].old
= NULL
;
/* and the expiration date and version #s */
principal_data
[0].exp_date
= default_princ
.exp_date
;
strcpy(principal_data
[0].exp_date_txt
, default_princ
.exp_date_txt
);
principal_data
[0].max_life
= default_princ
.max_life
;
principal_data
[0].attributes
= default_princ
.attributes
;
principal_data
[0].kdc_key_ver
= default_princ
.kdc_key_ver
;
kdb_encrypt_key(key
, key
, master_key
, master_key_schedule
,
bcopy(key
, &principal_data
[0].key_low
, 4);
bcopy(((long *) key
) + 1, &principal_data
[0].key_high
,4);
principal_data
[0].key_version
= 1; /* 1st entry */
/* and write it to the database */
if (kerb_put_principal(&principal_data
[0], 1)) {
syslog(LOG_INFO
, "Kerberos update failure: put_principal failed");
syslog(LOG_NOTICE
, "Kerberos update: wrote new record for %s.%s from %s",
principal_data
[0].instance
,
if (len
> sizeof(msgbuf
)) {
syslog(LOG_ERR
, "send_packet: invalid msg size");
if (des_write(0, msg
, len
) != len
)
syslog(LOG_ERR
, "couldn't write reply message");
} else if (flag
== CLEAR
) {
if (write(0, msg
, len
) != len
)
syslog(LOG_ERR
, "couldn't write reply message");
syslog(LOG_ERR
, "send_packet: invalid flag (%d)", flag
);
net_get_principal(pname
, iname
, keyp
)
static char password
[255];
cc
= des_read(0, pname
, ANAME_SZ
);
syslog(LOG_ERR
, "couldn't get principal name");
cc
= des_read(0, iname
, INST_SZ
);
syslog(LOG_ERR
, "couldn't get instance name");
cc
= des_read(0, password
, 255);
syslog(LOG_ERR
, "couldn't get password");
string_to_key(password
, *keyp
);
bzero(master_key
, sizeof(master_key
));
bzero(master_key_schedule
, sizeof(master_key_schedule
));
syslog(LOG_ERR
, "remote end died (SIGPIPE)");