diff options
author | Geoff Rehmet <csgr@FreeBSD.org> | 1994-09-30 14:50:09 +0000 |
---|---|---|
committer | Geoff Rehmet <csgr@FreeBSD.org> | 1994-09-30 14:50:09 +0000 |
commit | 60643d379b73fbb523325aa82009e9d1a0675573 (patch) | |
tree | 74873a7f8b1a654a96addadb5929b6249491922d /eBones/usr.bin/register | |
parent | 3c6459e594dba63b0a1c54fd5b99a3315d522b40 (diff) | |
download | src-60643d379b73fbb523325aa82009e9d1a0675573.tar.gz src-60643d379b73fbb523325aa82009e9d1a0675573.zip |
Initial import of eBones.
(Including all changes for FreeBSD - importing the original eBones distribution
would be too complex at this stage, since I don't have access to Piero's
CVS.)
(If you want to include eBones in your system, don't forget to include
MAKE_EBONES in /etc/make.conf.)
(This stuff is now also suppable from braae.ru.ac.za.)
Bones originally from MIT SIPB.
Original port to FreeBSD 1.x by Piero Serini.
Moved to FreeBSD 2.0 by Doug Rabson and Geoff Rehmet.
Nice bug fixes from Doug Rabson.
Notes
Notes:
svn path=/cvs2svn/branches/EBONES_KRB4/; revision=3237
Diffstat (limited to 'eBones/usr.bin/register')
-rw-r--r-- | eBones/usr.bin/register/Makefile | 14 | ||||
-rw-r--r-- | eBones/usr.bin/register/pathnames.h | 39 | ||||
-rw-r--r-- | eBones/usr.bin/register/register.1 | 63 | ||||
-rw-r--r-- | eBones/usr.bin/register/register.c | 311 | ||||
-rw-r--r-- | eBones/usr.bin/register/register_proto.h | 43 |
5 files changed, 470 insertions, 0 deletions
diff --git a/eBones/usr.bin/register/Makefile b/eBones/usr.bin/register/Makefile new file mode 100644 index 000000000000..3ab09c39c2a3 --- /dev/null +++ b/eBones/usr.bin/register/Makefile @@ -0,0 +1,14 @@ +# @(#)Makefile 8.1 (Berkeley) 6/1/93 +# $Id: Makefile,v 1.4 1994/07/20 09:21:07 g89r4222 Exp $ + +PROG= register +SRCS= register.c +CFLAGS+=-DCRYPT -DDEBUG -DKERBEROS -I${.CURDIR}/../include +.PATH: ${.CURDIR}/../../usr.bin/rlogin +DPADD= ${LIBKRB} ${LIBDES} +LDADD= -lkrb -ldes -lcrypt +BINDIR= /usr/bin +BINOWN= root +BINMODE=4555 + +.include <bsd.prog.mk> diff --git a/eBones/usr.bin/register/pathnames.h b/eBones/usr.bin/register/pathnames.h new file mode 100644 index 000000000000..611c54f28a24 --- /dev/null +++ b/eBones/usr.bin/register/pathnames.h @@ -0,0 +1,39 @@ +/*- + * Copyright (c) 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)pathnames.h 8.1 (Berkeley) 6/1/93 + */ + +#define SERVER_KEYDIR "/etc/kerberosIV/register_keys" +#define CLIENT_KEYFILE "/etc/kerberosIV/.update.key" +#define KEYFILE_BASE ".update.key" +#define _PATH_KPASSWD "/usr/bin/passwd" diff --git a/eBones/usr.bin/register/register.1 b/eBones/usr.bin/register/register.1 new file mode 100644 index 000000000000..d8bf10442e61 --- /dev/null +++ b/eBones/usr.bin/register/register.1 @@ -0,0 +1,63 @@ +.\" Copyright (c) 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by the University of +.\" California, Berkeley and its contributors. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)register.1 8.1 (Berkeley) 6/1/93 +.\" +.TH REGISTER 1 "June 1, 1993" +.UC 7 +.SH NAME +register \- register with Kerberos +.SH SYNOPSIS +.B register +.SH DESCRIPTION +The +.I register +command +is used to register a new user with Kerberos. +The Kerberos server keeps record of certain trusted hosts +from which it will accept new registrations. +If the host on which +.I register +is run is trusted by Kerberos, the user +is asked for his current password, and then +a new password to be used with Kerberos. +A user may only register with Kerberos one time. +.SH FILES +.br +/.update.keyxx.xx.xx.xx shared DES key with server +.SH "SEE ALSO" +registerd(8), kerberos(1) +.SH DIAGNOSTICS +\*(lqPrincipal not unique\*(rq +if the user already exists in the Kerberos database. +.br +\*(lqPermission Denied,\*(rq +if the host on which register is being run is untrusted. diff --git a/eBones/usr.bin/register/register.c b/eBones/usr.bin/register/register.c new file mode 100644 index 000000000000..d20f848891bd --- /dev/null +++ b/eBones/usr.bin/register/register.c @@ -0,0 +1,311 @@ +/*- + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char copyright[] = +"@(#) Copyright (c) 1989, 1993\n\ + The Regents of the University of California. All rights reserved.\n"; +#endif /* not lint */ + +#ifndef lint +static char sccsid[] = "@(#)register.c 8.1 (Berkeley) 6/1/93"; +#endif /* not lint */ + +#include <sys/types.h> +#include <sys/param.h> +#include <sys/time.h> +#include <sys/resource.h> +#include <sys/socket.h> +#include <sys/file.h> +#include <sys/signal.h> +#include <netinet/in.h> +#include <pwd.h> +#include <stdio.h> +#include <netdb.h> +#include <kerberosIV/des.h> +#include <kerberosIV/krb.h> +#include "pathnames.h" +#include "register_proto.h" + +#define SERVICE "krbupdate" /* service to add to KDC's database */ +#define PROTO "tcp" + +char realm[REALM_SZ]; +char krbhst[MAX_HSTNM]; + +static char pname[ANAME_SZ]; +static char iname[INST_SZ]; +static char password[_PASSWORD_LEN]; + +/* extern char *sys_errlist; */ +void die(); +void setup_key(), type_info(), cleanup(); + +main(argc, argv) + int argc; + char **argv; +{ + struct servent *se; + struct hostent *host; + struct sockaddr_in sin, local; + int rval; + int sock, llen; + u_char code; + static struct rlimit rl = { 0, 0 }; + + signal(SIGPIPE, die); + + if (setrlimit(RLIMIT_CORE, &rl) < 0) { + perror("rlimit"); + exit(1); + } + + if ((se = getservbyname(SERVICE, PROTO)) == NULL) { + fprintf(stderr, "couldn't find entry for service %s\n", + SERVICE); + exit(1); + } + if ((rval = krb_get_lrealm(realm,0)) != KSUCCESS) { + fprintf(stderr, "couldn't get local Kerberos realm: %s\n", + krb_err_txt[rval]); + exit(1); + } + + if ((rval = krb_get_krbhst(krbhst, realm, 1)) != KSUCCESS) { + fprintf(stderr, "couldn't get Kerberos host: %s\n", + krb_err_txt[rval]); + exit(1); + } + + if ((host = gethostbyname(krbhst)) == NULL) { + fprintf(stderr, "couldn't get host entry for host %s\n", + krbhst); + exit(1); + } + + sin.sin_family = host->h_addrtype; + (void)bcopy(host->h_addr, (char *) &sin.sin_addr, host->h_length); + sin.sin_port = se->s_port; + + if ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) { + perror("socket"); + exit(1); + } + + if (connect(sock, (struct sockaddr *) &sin, sizeof(sin)) < 0) { + perror("connect"); + (void)close(sock); + exit(1); + } + + llen = sizeof(local); + if (getsockname(sock, (struct sockaddr *) &local, &llen) < 0) { + perror("getsockname"); + (void)close(sock); + exit(1); + } + + setup_key(local); + + type_info(); + + if (!get_user_info()) { + code = ABORT; + (void)des_write(sock, &code, 1); + cleanup(); + exit(1); + } + + code = APPEND_DB; + if (des_write(sock, &code, 1) != 1) { + perror("write 1"); + cleanup(); + exit(1); + } + + if (des_write(sock, pname, ANAME_SZ) != ANAME_SZ) { + perror("write principal name"); + cleanup(); + exit(1); + } + + if (des_write(sock, iname, INST_SZ) != INST_SZ) { + perror("write instance name"); + cleanup(); + exit(1); + } + + if (des_write(sock, password, 255) != 255) { + perror("write password"); + cleanup(); + exit(1); + } + + /* get return message */ + + { + int cc; + char msgbuf[BUFSIZ]; + + cc = read(sock, msgbuf, BUFSIZ); + if (cc <= 0) { + fprintf(stderr, "protocol error during key verification\n"); + cleanup(); + exit(1); + } + if (strncmp(msgbuf, GOTKEY_MSG, 6) != 0) { + fprintf(stderr, "%s: %s", krbhst, msgbuf); + cleanup(); + exit(1); + } + + cc = des_read(sock, msgbuf, BUFSIZ); + if (cc <= 0) { + fprintf(stderr, "protocol error during read\n"); + cleanup(); + exit(1); + } else { + printf("%s: %s", krbhst, msgbuf); + } + } + + cleanup(); + (void)close(sock); +} + +void +cleanup() +{ + bzero(password, 255); +} + +extern char *crypt(); +extern char *getpass(); + +int +get_user_info() +{ + int uid = getuid(); + int valid = 0, i; + struct passwd *pw; + char *pas, *namep; + + /* NB: we must run setuid-root to get at the real pw file */ + + if ((pw = getpwuid(uid)) == NULL) { + fprintf(stderr, "Who are you?\n"); + return(0); + } + (void)seteuid(uid); + (void)strcpy(pname, pw->pw_name); /* principal name */ + + for (i = 1; i < 3; i++) { + pas = getpass("login password:"); + namep = crypt(pas, pw->pw_passwd); + if (strcmp(namep, pw->pw_passwd)) { + fprintf(stderr, "Password incorrect\n"); + continue; + } else { + valid = 1; + break; + } + } + if (!valid) + return(0); + pas = getpass("Kerberos password (may be the same):"); + while (*pas == NULL) { + printf("<NULL> password not allowed\n"); + pas = getpass("Kerberos password (may be the same):"); + } + (void)strcpy(password, pas); /* password */ + pas = getpass("Retype Kerberos password:"); + if (strcmp(password, pas)) { + fprintf(stderr, "Password mismatch -- aborted\n"); + return(0); + } + + iname[0] = NULL; /* null instance name */ + return(1); +} + +void +setup_key(local) + struct sockaddr_in local; +{ + static struct keyfile_data kdata; + static Key_schedule schedule; + int fd; + char namebuf[MAXPATHLEN]; + extern int errno; + + (void) sprintf(namebuf, "%s%s", + CLIENT_KEYFILE, + inet_ntoa(local.sin_addr)); + + fd = open(namebuf, O_RDONLY); + if (fd < 0) { + fprintf(stderr, "couldn't open key file %s for local host: ", + namebuf); + perror(""); + exit(1); + } + + if (read(fd, (char *)&kdata, sizeof(kdata)) != sizeof(kdata)) { + fprintf(stderr,"size error reading key file for local host %s\n", + inet_ntoa(local.sin_addr)); + exit(1); + } + key_sched(kdata.kf_key, schedule); + des_set_key(kdata.kf_key, schedule); + return; +} + +void +type_info() +{ + printf("Kerberos user registration (realm %s)\n\n", realm); + printf("Please enter your login password followed by your new Kerberos password.\n"); + printf("The Kerberos password you enter now will be used in the future\n"); + printf("as your Kerberos password for all machines in the %s realm.\n", realm); + printf("You will only be allowed to perform this operation once, although you may run\n"); + printf("the %s program from now on to change your Kerberos password.\n\n", _PATH_KPASSWD); +} + +void +die() +{ + fprintf(stderr, "\nServer no longer listening\n"); + fflush(stderr); + cleanup(); + exit(1); +} diff --git a/eBones/usr.bin/register/register_proto.h b/eBones/usr.bin/register/register_proto.h new file mode 100644 index 000000000000..54789494071f --- /dev/null +++ b/eBones/usr.bin/register/register_proto.h @@ -0,0 +1,43 @@ +/*- + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)register_proto.h 8.1 (Berkeley) 6/1/93 + */ + +#define APPEND_DB 0x01 +#define ABORT 0x02 + +#define GOTKEY_MSG "GOTKEY" + +struct keyfile_data { + C_Block kf_key; +}; |