+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <sys/socket.h>
+#include <stdio.h>
+#include <netdb.h>
+#include <netinet/in.h>
+#include <kerberos/krb.h>
+#include <sys/param.h>
+#include <sys/file.h>
+#include "register_proto.h"
+
+#define SERVICE "krbupdate"
+#define PROTO "tcp"
+#define KFILE "/.update.key%s"
+#define KPASSWD "/usr/local/kpasswd"
+
+char realm[REALM_SZ];
+char krbhst[MAX_HSTNM];
+
+static char pname[ANAME_SZ];
+static char iname[INST_SZ];
+static char password[255];
+
+extern char *sys_errlist;
+
+main(argc, argv)
+int argc;
+char **argv;
+{
+ struct servent *se;
+ struct hostent *host;
+ struct sockaddr_in sin, local;
+ int rval;
+ int sock, llen;
+ u_char code;
+ static struct rlimit rl = { 0, 0 };
+
+ if(geteuid()) {
+ fprintf(stderr, "must run set-uid root to access keyfile\n");
+ exit(1);
+ }
+
+ if(setrlimit(RLIMIT_CORE, &rl) < 0) {
+ perror("rlimit");
+ exit(1);
+ }
+
+ if((se = getservbyname(SERVICE, PROTO)) == NULL) {
+ fprintf(stderr, "couldn't find entry for service %s\n",
+ SERVICE);
+ exit(1);
+ }
+ if((rval = get_krbrlm(realm,1)) != KSUCCESS) {
+ fprintf(stderr, "couldn't get local Kerberos realm: %s\n",
+ krb_err_txt[rval]);
+ exit(1);
+ }
+
+ if((rval = get_krbhst(krbhst, realm, 1)) != KSUCCESS) {
+ fprintf(stderr, "couldn't get Kerberos host: %s\n",
+ krb_err_txt[rval]);
+ exit(1);
+ }
+
+ if((host = gethostbyname(krbhst)) == NULL) {
+ fprintf(stderr, "couldn't get host entry for host %s\n",
+ krbhst);
+ exit(1);
+ }
+
+ sin.sin_family = host->h_addrtype;
+ bcopy(host->h_addr, (char *) &sin.sin_addr, host->h_length);
+ sin.sin_port = se->s_port;
+
+ if((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) {
+ perror("socket");
+ exit(1);
+ }
+
+ if(connect(sock, (struct sockaddr *) &sin, sizeof(sin)) < 0) {
+ perror("connect");
+ close(sock);
+ exit(1);
+ }
+
+ llen = sizeof(local);
+ if(getsockname(sock, (struct sockaddr *) &local, &llen) < 0) {
+ perror("getsockname");
+ close(sock);
+ exit(1);
+ }
+
+ setup_key(local);
+
+ type_info();
+ get_user_info();
+
+ code = APPEND_DB;
+ if(des_write(sock, &code, 1) != 1) {
+ perror("write 1");
+ cleanup();
+ exit(1);
+ }
+
+ if(des_write(sock, pname, ANAME_SZ) != ANAME_SZ) {
+ perror("write principal name");
+ cleanup();
+ exit(1);
+ }
+
+ if(des_write(sock, iname, INST_SZ) != INST_SZ) {
+ perror("write instance name");
+ cleanup();
+ exit(1);
+ }
+
+ if(des_write(sock, password, 255) != 255) {
+ perror("write password");
+ cleanup();
+ exit(1);
+ }
+
+ /* get return message */
+
+ {
+ int cc;
+ char msgbuf[BUFSIZ];
+
+ cc = des_read(sock, msgbuf, BUFSIZ);
+ if(cc <= 0) {
+ fprintf(stderr, "protocol error during read\n");
+ cleanup();
+ exit(1);
+ } else {
+ printf("%s: %s", krbhst, msgbuf);
+ }
+ }
+
+ cleanup();
+ close(sock);
+}
+
+cleanup()
+{
+ bzero(password, 255);
+}
+
+#include <pwd.h>
+
+extern char *crypt();
+extern char *getpass();
+get_user_info()
+{
+ int uid = getuid();
+ int valid = 0, i;
+ struct passwd *pw;
+ char *pas, *namep;
+
+ if((pw = getpwuid(uid)) == NULL) {
+ fprintf(stderr, "Who are you?\n");
+ exit(1);
+ }
+ strcpy(pname, pw->pw_name); /* principal name */
+ for(i = 1; i < 3; i++) {
+ pas = getpass("login password:");
+ namep = crypt(pas, pw->pw_passwd);
+ if(strcmp(namep, pw->pw_passwd)) {
+ fprintf(stderr, "Password incorrect\n");
+ continue;
+ } else {
+ valid = 1;
+ break;
+ }
+ }
+ if(!valid)
+ exit(1);
+ pas = getpass("Kerberos password (may be the same):");
+ strcpy(password, pas); /* password */
+ pas = getpass("Retype Kerberos password:");
+ if(strcmp(password, pas)) {
+ fprintf(stderr, "Password mismatch -- aborted\n");
+ cleanup();
+ exit(1);
+ }
+
+ iname[0] = NULL; /* null instance name */
+}
+
+setup_key(local)
+ struct sockaddr_in local;
+{
+ static struct keyfile_data kdata;
+ static Key_schedule schedule;
+ int fd;
+ char namebuf[MAXPATHLEN];
+ extern int errno;
+
+ sprintf(namebuf, KFILE, inet_ntoa(local.sin_addr));
+ fd = open(namebuf, O_RDONLY);
+ if(fd < 0) {
+ fprintf(stderr, "couldn't open key file for local host %s\n",
+ inet_ntoa(local.sin_addr));
+ perror("open");
+ exit(1);
+ }
+
+ if(read(fd, (char *)&kdata, sizeof(kdata)) != sizeof(kdata)) {
+ fprintf(stderr,"size error reading key file for local host %s\n",
+ inet_ntoa(local.sin_addr));
+ exit(1);
+ }
+ key_sched(kdata.kf_key, schedule);
+ des_set_key(kdata.kf_key, schedule);
+}
+
+type_info()
+{
+ printf("Kerberos user registration (realm %s)\n\n", realm);
+ printf("Please enter your login password followed by your new Kerberos password.\n");
+ printf("The Kerberos password you enter now will be used in the future\n");
+ printf("as your login password for all machines in the %s realm.\n", realm);
+ printf("You will only be allowed to perform this operation once, although you may run\n");
+ printf("the %s program to change your Kerberos password\n\n", KPASSWD);
+}
projects / unix-history / commitdiff