aboutsummaryrefslogtreecommitdiff
path: root/eBones/libexec/kpropd/kpropd.c
diff options
context:
space:
mode:
Diffstat (limited to 'eBones/libexec/kpropd/kpropd.c')
-rw-r--r--eBones/libexec/kpropd/kpropd.c453
1 files changed, 0 insertions, 453 deletions
diff --git a/eBones/libexec/kpropd/kpropd.c b/eBones/libexec/kpropd/kpropd.c
deleted file mode 100644
index 1b232dfc0ded..000000000000
--- a/eBones/libexec/kpropd/kpropd.c
+++ /dev/null
@@ -1,453 +0,0 @@
-/*
- * Copyright 1987 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * MIT.Copyright.
- *
- * kprop/kpropd have been abandonded by Project Athena (for good reason)
- * however they still form the basis for one of the better ways for
- * distributing kerberos databases. This version of kpropd has been
- * adapted from the MIT distribution to work properly in a 4.4BSD
- * environment.
- *
- * $Revision: 1.1.1.1 $ $Date: 1995/08/03 07:37:19 $ $State: Exp $
- * $Source: /usr/cvs/src/eBones/kpropd/kpropd.c,v $
- *
- * Log: kpropd.c,v
- * Revision 4.5 92/10/23 15:45:46 tytso Make it possible
- * to specify the location of the kdb_util program.
- *
- * Revision 4.4 91/06/15 03:20:51 probe Fixed <sys/types.h> inclusion
- *
- * Revision 4.3 89/05/16 15:06:04 wesommer Fix operator precedence stuff.
- * Programmer: John Kohl.
- *
- * Revision 4.2 89/03/23 10:24:00 jtkohl NOENCRYPTION changes
- *
- * Revision 4.1 89/01/24 20:33:48 root name change
- *
- * Revision 4.0 89/01/24 18:45:06 wesommer Original version; programmer:
- * wesommer auditor: jon
- *
- * Revision 4.5 88/01/08 18:07:46 jon formatting and rcs header changes */
-
-/*
- * This program is run on slave servers, to catch updates "pushed" from the
- * master kerberos server in a realm.
- */
-
-#if 0
-#ifndef lint
-static char rcsid_kpropd_c[] =
-"$Header: /usr/cvs/src/eBones/kpropd/kpropd.c,v 1.1.1.1 1995/08/03 07:37:19 mark Exp $";
-#endif /* lint */
-#endif
-
-#include <errno.h>
-#include <unistd.h>
-#include <ctype.h>
-#include <sys/types.h>
-#include <sys/file.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <netdb.h>
-#include <syslog.h>
-#include <krb.h>
-#include <krb_db.h>
-
-#include "kprop.h"
-
-static char kprop_version[KPROP_PROT_VERSION_LEN] = KPROP_PROT_VERSION;
-
-int debug = 0;
-
-int pause_int = 300; /* 5 minutes in seconds */
-unsigned long get_data_checksum(int fd, Key_schedule key_sched);
-void recv_auth(int in, int out, int private,
- struct sockaddr_in *remote, struct sockaddr_in *local,
- AUTH_DAT *ad);
-static void SlowDeath(void);
-void recv_clear(int in, int out);
- /* leave room for private msg overhead */
-static char buf[KPROP_BUFSIZ + 64];
-
-static void
-usage()
-{
- fprintf(stderr, "\nUsage: kpropd [-r realm] [-s srvtab] [-P kdb_util] fname\n");
- exit(2);
-}
-
-void
-main(argc, argv)
- int argc;
- char **argv;
-{
- struct sockaddr_in from;
- struct sockaddr_in sin;
- int s2, fd, n, fdlock;
- int from_len;
- char local_file[256];
- char local_temp[256];
- struct hostent *hp;
- char hostname[256];
- char from_str[128];
- long kerror;
- AUTH_DAT auth_dat;
- KTEXT_ST ticket;
- char my_instance[INST_SZ];
- char my_realm[REALM_SZ];
- char cmd[1024];
- short net_transfer_mode, transfer_mode;
- Key_schedule session_sched;
- char version[9];
- int c;
- extern char *optarg;
- extern int optind;
- int rflag = 0;
- char *srvtab = "";
- char *local_db = DBM_FILE;
- char *kdb_util = KPROP_KDB_UTIL;
-
- if (argv[argc - 1][0] == 'k' && isdigit(argv[argc - 1][1])) {
- argc--; /* ttys file hack */
- }
- while ((c = getopt(argc, argv, "r:s:d:P:")) != EOF) {
- switch (c) {
- case 'r':
- rflag++;
- strcpy(my_realm, optarg);
- break;
- case 's':
- srvtab = optarg;
- break;
- case 'd':
- local_db = optarg;
- break;
- case 'P':
- kdb_util = optarg;
- break;
- default:
- usage();
- break;
- }
- }
- if (optind != argc - 1)
- usage();
-
- openlog("kpropd", LOG_PID, LOG_AUTH);
-
- strcpy(local_file, argv[optind]);
- strcat(strcpy(local_temp, argv[optind]), ".tmp");
-
-#ifdef STANDALONE
-
- if ((sp = getservbyname("krb_prop", "tcp")) == NULL) {
- syslog(LOG_ERR, "tcp/krb_prop: unknown service.");
- SlowDeath();
- }
- bzero(&sin, sizeof sin);
- sin.sin_port = sp->s_port;
- sin.sin_family = AF_INET;
-
- if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
- syslog(LOG_ERR, "socket: %m");
- SlowDeath();
- }
- if (bind(s, (struct sockaddr *)&sin, sizeof sin) < 0) {
- syslog(LOG_ERR, "bind: %m");
- SlowDeath();
- }
-
-#endif /* STANDALONE */
-
- if (!rflag) {
- kerror = krb_get_lrealm(my_realm, 1);
- if (kerror != KSUCCESS) {
- syslog(LOG_ERR, "can't get local realm. %s",
- krb_err_txt[kerror]);
- SlowDeath();
- }
- }
- if (gethostname(my_instance, sizeof(my_instance)) != 0) {
- syslog(LOG_ERR, "gethostname: %m");
- SlowDeath();
- }
-
-#ifdef STANDALONE
- listen(s, 5);
- for (;;) {
- from_len = sizeof from;
- if ((s2 = accept(s, (struct sockaddr *)&from, &from_len)) < 0) {
- syslog(LOG_ERR, "accept: %m");
- continue;
- }
-#else /* !STANDALONE */
-
- s2 = 0;
- from_len = sizeof from;
- if (getpeername(0, (struct sockaddr *)&from, &from_len) < 0) {
- syslog(LOG_ERR, "getpeername: %m");
- SlowDeath();
- }
-
-#endif /* !STANDALONE */
-
- strcpy(from_str, inet_ntoa(from.sin_addr));
-
- if ((hp = gethostbyaddr((char *) &(from.sin_addr.s_addr),
- from_len, AF_INET)) == NULL) {
- strcpy(hostname, "UNKNOWN");
- } else {
- strcpy(hostname, hp->h_name);
- }
-
- syslog(LOG_INFO, "connection from %s, %s", hostname, from_str);
-
- /* for krb_rd_{priv, safe} */
- n = sizeof sin;
- if (getsockname(s2, (struct sockaddr *)&sin, &n) != 0) {
- syslog(LOG_ERR, "can't get socketname: %m");
- SlowDeath();
- }
- if (n != sizeof(sin)) {
- syslog(LOG_ERR, "can't get socketname (length)");
- SlowDeath();
- }
- if ((fdlock = open(local_temp, O_WRONLY | O_CREAT, 0600)) < 0) {
- syslog(LOG_ERR, "open: %m");
- SlowDeath();
- }
- if (flock(fdlock, LOCK_EX | LOCK_NB)) {
- syslog(LOG_ERR, "flock: %m");
- SlowDeath();
- }
- if ((fd = creat(local_temp, 0600)) < 0) {
- syslog(LOG_ERR, "creat: %m");
- SlowDeath();
- }
- if ((n = read(s2, buf, sizeof(kprop_version)))
- != sizeof(kprop_version)) {
- syslog(LOG_ERR,
- "can't read protocol version (%d bytes)", n);
- SlowDeath();
- }
- if (strncmp(buf, kprop_version, sizeof(kprop_version)) != 0) {
- syslog(LOG_ERR, "unsupported version %s", buf);
- SlowDeath();
- }
- if ((n = read(s2, &net_transfer_mode,
- sizeof(net_transfer_mode)))
- != sizeof(net_transfer_mode)) {
- syslog(LOG_ERR, "can't read transfer mode");
- SlowDeath();
- }
- transfer_mode = ntohs(net_transfer_mode);
- kerror = krb_recvauth(KOPT_DO_MUTUAL, s2, &ticket,
- KPROP_SERVICE_NAME,
- my_instance,
- &from,
- &sin,
- &auth_dat,
- srvtab,
- session_sched,
- version);
- if (kerror != KSUCCESS) {
- syslog(LOG_ERR, "%s calling getkdata",
- krb_err_txt[kerror]);
- SlowDeath();
- }
- syslog(LOG_INFO, "connection from %s.%s@%s",
- auth_dat.pname, auth_dat.pinst, auth_dat.prealm);
-
- /*
- * AUTHORIZATION is done here. We might want to expand this
- * to read an acl file at some point, but allowing for now
- * KPROP_SERVICE_NAME.KRB_MASTER@local-realm is fine ...
- */
-
- if ((strcmp(KPROP_SERVICE_NAME, auth_dat.pname) != 0) ||
- (strcmp(KRB_MASTER, auth_dat.pinst) != 0) ||
- (strcmp(my_realm, auth_dat.prealm) != 0)) {
- syslog(LOG_NOTICE, "authorization denied");
- SlowDeath();
- }
- switch (transfer_mode) {
- case KPROP_TRANSFER_PRIVATE:
- recv_auth(s2, fd, 1 /* private */ , &from, &sin, &auth_dat);
- break;
- case KPROP_TRANSFER_SAFE:
- recv_auth(s2, fd, 0 /* safe */ , &from, &sin, &auth_dat);
- break;
- case KPROP_TRANSFER_CLEAR:
- recv_clear(s2, fd);
- break;
- default:
- syslog(LOG_ERR, "bad transfer mode %d", transfer_mode);
- SlowDeath();
- }
-
- if (transfer_mode != KPROP_TRANSFER_PRIVATE) {
- syslog(LOG_ERR, "non-private transfers not supported\n");
- SlowDeath();
-#ifdef doesnt_work_yet
- lseek(fd, (long) 0, L_SET);
- if (auth_dat.checksum != get_data_checksum(fd, session_sched)) {
- syslog(LOG_ERR, "checksum doesn't match");
- SlowDeath();
- }
-#endif
- } else {
- struct stat st;
- fstat(fd, &st);
- if (st.st_size != auth_dat.checksum) {
- syslog(LOG_ERR, "length doesn't match");
- SlowDeath();
- }
- }
- close(fd);
- close(s2);
-
- if (rename(local_temp, local_file) < 0) {
- syslog(LOG_ERR, "rename: %m");
- SlowDeath();
- }
-
- if (flock(fdlock, LOCK_UN)) {
- syslog(LOG_ERR, "flock (unlock): %m");
- SlowDeath();
- }
- close(fdlock);
- sprintf(cmd, "%s load %s %s\n", kdb_util, local_file, local_db);
- if (system(cmd) != 0) {
- syslog(LOG_ERR, "couldn't load database");
- SlowDeath();
- }
-
-#ifdef STANDALONE
- }
-#endif
-
-}
-
-void
-recv_auth(in, out, private, remote, local, ad)
- int in, out;
- int private;
- struct sockaddr_in *remote, *local;
- AUTH_DAT *ad;
-{
- u_long length;
- long kerror;
- int n;
- MSG_DAT msg_data;
- Key_schedule session_sched;
-
- if (private)
-#ifdef NOENCRYPTION
- bzero((char *) session_sched, sizeof(session_sched));
-#else
- if (key_sched((C_Block *)ad->session, session_sched)) {
- syslog(LOG_ERR, "can't make key schedule");
- SlowDeath();
- }
-#endif
-
- while (1) {
- n = krb_net_read(in, (char *)&length, sizeof length);
- if (n == 0)
- break;
- if (n < 0) {
- syslog(LOG_ERR, "read: %m");
- SlowDeath();
- }
- length = ntohl(length);
- if (length > sizeof buf) {
- syslog(LOG_ERR, "read length %d, bigger than buf %d",
- length, sizeof buf);
- SlowDeath();
- }
- n = krb_net_read(in, buf, length);
- if (n < 0) {
- syslog(LOG_ERR, "kpropd: read: %m");
- SlowDeath();
- }
- if (private)
- kerror = krb_rd_priv(buf, n, session_sched, ad->session,
- remote, local, &msg_data);
- else
- kerror = krb_rd_safe(buf, n, (C_Block *)ad->session,
- remote, local, &msg_data);
- if (kerror != KSUCCESS) {
- syslog(LOG_ERR, "%s: %s",
- private ? "krb_rd_priv" : "krb_rd_safe",
- krb_err_txt[kerror]);
- SlowDeath();
- }
- if (write(out, msg_data.app_data, msg_data.app_length) !=
- msg_data.app_length) {
- syslog(LOG_ERR, "write: %m");
- SlowDeath();
- }
- }
-}
-
-void
-recv_clear(in, out)
- int in, out;
-{
- int n;
-
- while (1) {
- n = read(in, buf, sizeof buf);
- if (n == 0)
- break;
- if (n < 0) {
- syslog(LOG_ERR, "read: %m");
- SlowDeath();
- }
- if (write(out, buf, n) != n) {
- syslog(LOG_ERR, "write: %m");
- SlowDeath();
- }
- }
-}
-
-static void
-SlowDeath()
-{
-#ifdef STANDALONE
- sleep(pause_int);
-#endif
- exit(1);
-}
-
-#ifdef doesnt_work_yet
-unsigned long
-get_data_checksum(fd, key_sched)
- int fd;
- Key_schedule key_sched;
-{
- unsigned long cksum = 0;
- unsigned long cbc_cksum();
- int n;
- char buf[BUFSIZ];
- char obuf[8];
-
- while (n = read(fd, buf, sizeof buf)) {
- if (n < 0) {
- syslog(LOG_ERR, "read (in checksum test): %m");
- SlowDeath();
- }
-#ifndef NOENCRYPTION
- cksum += cbc_cksum(buf, obuf, n, key_sched, key_sched);
-#endif
- }
- return cksum;
-}
-#endif
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-04 05:16:20 +0000