registerd.c

早期freebsd实现

/*-
 * Copyright (c) 1990, 1993
 *	The Regents of the University of California.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *	This product includes software developed by the University of
 *	California, Berkeley and its contributors.
 * 4. Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#ifndef lint
static char copyright[] =
"@(#) Copyright (c) 1990, 1993\n\
	The Regents of the University of California.  All rights reserved.\n";
#endif /* not lint */

#ifndef lint
static char sccsid[] = "@(#)registerd.c	8.1 (Berkeley) 6/1/93";
#endif /* not lint */

#include <sys/types.h>
#include <sys/time.h>
#include <sys/signal.h>
#include <sys/resource.h>
#include <sys/param.h>
#include <sys/file.h>
#include <netinet/in.h>
#include <syslog.h>
#include <kerberosIV/des.h>
#include <kerberosIV/krb.h>
#include <kerberosIV/krb_db.h>
#include <stdio.h>
#include "register_proto.h"
#include "pathnames.h"

#define	KBUFSIZ		(sizeof(struct keyfile_data))
#define	RCRYPT		0x00
#define	CLEAR		0x01

char	*progname, msgbuf[BUFSIZ];

main(argc, argv)
	int argc;
	char **argv;
{
	static	Key_schedule	schedule;
	static struct rlimit rl = { 0, 0 };
	struct	keyfile_data	*kfile;
	u_char	code;
	int	kf, retval, sval;
	struct	sockaddr_in	sin;
	char	keyfile[MAXPATHLEN], keybuf[KBUFSIZ];
	void die();

	progname = argv[0];		/* for the library routines */

	openlog("registerd", LOG_PID, LOG_AUTH);

	(void)signal(SIGHUP, SIG_IGN);
	(void)signal(SIGINT, SIG_IGN);
	(void)signal(SIGTSTP, SIG_IGN);
	(void)signal(SIGPIPE, die);

	if (setrlimit(RLIMIT_CORE, &rl) < 0) {
		syslog(LOG_ERR, "setrlimit: %m");
		exit(1);
	}


	/* figure out who we are talking to */

	sval = sizeof(sin);
	if (getpeername(0, (struct sockaddr *) &sin, &sval) < 0) {
		syslog(LOG_ERR, "getpeername: %m");
		exit(1);
	}

	/* get encryption key */

	(void) sprintf(keyfile, "%s%s%s",
		SERVER_KEYDIR,
		CLIENT_KEYFILE,
		inet_ntoa(sin.sin_addr));

	if ((kf = open(keyfile, O_RDONLY)) < 0) {
		syslog(LOG_ERR,
		    "error opening Kerberos update keyfile (%s): %m", keyfile);
		(void) sprintf(msgbuf,
		    "couldn't open session keyfile for your host");
		send_packet(msgbuf, CLEAR);
		exit(1);
	}

	if (read(kf, keybuf, KBUFSIZ) != KBUFSIZ) {
		syslog(LOG_ERR, "wrong read size of Kerberos update keyfile");
		(void) sprintf(msgbuf,
			"couldn't read session key from your host's keyfile");
		send_packet(msgbuf, CLEAR);
		exit(1);
	}
	(void) sprintf(msgbuf, GOTKEY_MSG);
	send_packet(msgbuf, CLEAR);
	kfile = (struct keyfile_data *) keybuf;
	key_sched(kfile->kf_key, schedule);
	des_set_key(kfile->kf_key, schedule);

	/* read the command code byte */

	if (des_read(0, &code, 1) == 1) {

		switch(code) {
		case	APPEND_DB:
			retval = do_append(&sin);
			break;
		case	ABORT:
			cleanup();
			close(0);
			exit(0);
		default:
			retval = KFAILURE;
			syslog(LOG_NOTICE,
				"invalid command code on db update (0x%x)",
				code);
		}

	} else {
		retval = KFAILURE;
		syslog(LOG_ERR,
		    "couldn't read command code on Kerberos update");
	}

	code = (u_char) retval; 
	if (code != KSUCCESS) {
		(void) sprintf(msgbuf, "%s", krb_err_txt[code]);
		send_packet(msgbuf, RCRYPT);
	} else {
		(void) sprintf(msgbuf, "Update complete.");
		send_packet(msgbuf, RCRYPT);
	}
	cleanup();
	close(0);
	exit(0);
}

#define	MAX_PRINCIPAL	10
static	Principal	principal_data[MAX_PRINCIPAL];
static	C_Block		key, master_key;
static Key_schedule	master_key_schedule;
int
do_append(sinp)
	struct sockaddr_in *sinp;
{
	Principal	default_princ;
	char		input_name[ANAME_SZ];
	char		input_instance[INST_SZ];
	int		j,n, more;
	long		mkeyversion;



	/* get master key from MKEYFILE */
	if (kdb_get_master_key(0, master_key, master_key_schedule) != 0) {
		syslog(LOG_ERR, "couldn't get master key");
		return(KFAILURE);
	}

	mkeyversion = kdb_verify_master_key(master_key, master_key_schedule, NULL);
	if (mkeyversion < 0) {
		syslog(LOG_ERR, "couldn't validate master key");
		return(KFAILURE);
	}

	n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST,
		&default_princ, 1, &more);

	if (n != 1) {
		syslog(LOG_ERR, "couldn't get default principal");
		return(KFAILURE);
	}

	/*
	 * get principal name, instance, and password from network.
	 * convert password to key and store it
	 */

	if (net_get_principal(input_name, input_instance, key) != 0) {
		return(KFAILURE);
	}


	j = kerb_get_principal(
		input_name,
		input_instance,
		principal_data,
		MAX_PRINCIPAL,
		&more
	);

	if (j != 0) {
		/* already in database, no update */
		syslog(LOG_NOTICE,
			"attempt to add duplicate entry for principal %s.%s",
			input_name, input_instance);
		return(KDC_PR_N_UNIQUE);
	}

	/*
	 * set up principal's name, instance
	 */

	strcpy(principal_data[0].name, input_name);
	strcpy(principal_data[0].instance, input_instance);
	principal_data[0].old = NULL;


	/* and the expiration date and version #s */

	principal_data[0].exp_date = default_princ.exp_date;
	strcpy(principal_data[0].exp_date_txt, default_princ.exp_date_txt);
	principal_data[0].max_life = default_princ.max_life;
	principal_data[0].attributes = default_princ.attributes;
	principal_data[0].kdc_key_ver = default_princ.kdc_key_ver;


	/* and the key */

	kdb_encrypt_key(key, key, master_key, master_key_schedule,
			ENCRYPT);
	bcopy(key, &principal_data[0].key_low, 4);
	bcopy(((long *) key) + 1, &principal_data[0].key_high,4);
	bzero(key, sizeof(key));

	principal_data[0].key_version = 1;	/* 1st entry */

	/* and write it to the database */

	if (kerb_put_principal(&principal_data[0], 1)) {
		syslog(LOG_INFO, "Kerberos update failure: put_principal failed");
		return(KFAILURE);
	}

	syslog(LOG_NOTICE, "Kerberos update: wrote new record for %s.%s from %s",
		principal_data[0].name,
		principal_data[0].instance,
		inet_ntoa(sinp->sin_addr)
	);

	return(KSUCCESS);

}

send_packet(msg,flag)
	char	*msg;
	int	flag;
{
	int	len = strlen(msg);
	msg[len++] = '\n';
	msg[len] = '\0';
	if (len > sizeof(msgbuf)) {
		syslog(LOG_ERR, "send_packet: invalid msg size");
		return;
	}
	if (flag == RCRYPT) {
		if (des_write(0, msg, len) != len)
			syslog(LOG_ERR, "couldn't write reply message");
	} else if (flag == CLEAR) {
		if (write(0, msg, len) != len)
			syslog(LOG_ERR, "couldn't write reply message");
	} else
			syslog(LOG_ERR, "send_packet: invalid flag (%d)", flag);

}

net_get_principal(pname, iname, keyp)
	char	*pname, *iname;
	C_Block	*keyp;
{
	int	cc;
	static	char	password[255];

	cc = des_read(0, pname, ANAME_SZ);
	if (cc != ANAME_SZ) {
		syslog(LOG_ERR, "couldn't get principal name");
		return(-1);
	}

	cc = des_read(0, iname, INST_SZ);
	if (cc != INST_SZ) {
		syslog(LOG_ERR, "couldn't get instance name");
		return(-1);
	}

	cc = des_read(0, password, 255);
	if (cc != 255) {
		syslog(LOG_ERR, "couldn't get password");
		bzero(password, 255);
		return(-1);
	}

	string_to_key(password, *keyp);
	bzero(password, 255);
	return(0);
}

cleanup()
{
	bzero(master_key, sizeof(master_key));
	bzero(key, sizeof(key));
	bzero(master_key_schedule, sizeof(master_key_schedule));
}

void
die()
{
	syslog(LOG_ERR, "remote end died (SIGPIPE)");
	cleanup();
	exit(1);
}