summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--kerberosIV/kpasswdd/Makefile13
-rw-r--r--kerberosIV/kpasswdd/kpasswdd.862
-rw-r--r--kerberosIV/kpasswdd/kpasswdd.c274
3 files changed, 0 insertions, 349 deletions
diff --git a/kerberosIV/kpasswdd/Makefile b/kerberosIV/kpasswdd/Makefile
deleted file mode 100644
index bf070788c5c..00000000000
--- a/kerberosIV/kpasswdd/Makefile
+++ /dev/null
@@ -1,13 +0,0 @@
-# from: @(#)Makefile 8.1 (Berkeley) 6/4/93
-# $Id: Makefile,v 1.1 1995/12/14 06:52:54 tholo Exp $
-
-PROG= kpasswdd
-SRCS= kpasswdd.c des_rw.c
-.PATH: ${.CURDIR}/../../usr.bin/rlogin
-CFLAGS+=-DKERBEROS -I${.CURDIR}/../../usr.bin/passwd
-DPADD= ${LIBKDB} ${LIBKRB} ${LIBDES}
-LDADD= -lkdb -lkrb -ldes
-MAN= kpasswdd.8
-BINDIR=/usr/libexec
-
-.include <bsd.prog.mk>
diff --git a/kerberosIV/kpasswdd/kpasswdd.8 b/kerberosIV/kpasswdd/kpasswdd.8
deleted file mode 100644
index f05107895a2..00000000000
--- a/kerberosIV/kpasswdd/kpasswdd.8
+++ /dev/null
@@ -1,62 +0,0 @@
-.\" Copyright (c) 1990, 1993
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" from @(#)kpasswdd.8 8.1 (Berkeley) 6/9/93
-.\" $OpenBSD: kpasswdd.8,v 1.3 1998/06/15 21:04:00 mickey Exp $
-.\"
-.Dd June 9, 1993
-.Dt KPASSWDD 8
-.Os
-.Sh NAME
-.Nm kpasswdd
-.Nd Kerberos password changing daemon
-.Sh SYNOPSIS
-.Nm kpasswdd
-.Sh DESCRIPTION
-.Nm Kpasswdd
-is the server for the
-.Xr passwd 1
-program.
-The server provides a remote password changing facility
-with Kerberos authentication.
-A user must provide the old Kerberos password, encrypted
-in a random session key, to the server.
-.Nm Kpasswdd
-runs only on the Kerberos server, as it directly updates the
-Kerberos database.
-.Sh SEE ALSO
-.Xr kerberos 1 ,
-.Xr passwd 1
-.Sh HISTORY
-The
-.Nm kpasswdd
-utility first appeared in
-.Bx 4.4 .
diff --git a/kerberosIV/kpasswdd/kpasswdd.c b/kerberosIV/kpasswdd/kpasswdd.c
deleted file mode 100644
index ef5eece6b3a..00000000000
--- a/kerberosIV/kpasswdd/kpasswdd.c
+++ /dev/null
@@ -1,274 +0,0 @@
-/* $OpenBSD: kpasswdd.c,v 1.5 1998/02/18 11:53:57 art Exp $ */
-
-/*-
- * Copyright (c) 1990, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char copyright[] =
-"@(#) Copyright (c) 1990, 1993\n\
- The Regents of the University of California. All rights reserved.\n";
-#endif /* not lint */
-
-#ifndef lint
-static char sccsid[] = "@(#)kpasswdd.c 8.1 (Berkeley) 6/4/93";
-#endif /* not lint */
-
-/*
- * kpasswdd - update a principal's passwd field in the Kerberos
- * database. Called from inetd.
- * K. Fall
- * 12-Dec-88
- */
-
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/resource.h>
-#include <sys/signal.h>
-#include <netinet/in.h>
-#include <pwd.h>
-#include <syslog.h>
-#include <des.h>
-#include <kerberosIV/krb.h>
-#include <kerberosIV/krb_db.h>
-#include <stdio.h>
-#include "kpasswd_proto.h"
-
-static struct kpasswd_data kpwd_data;
-static des_cblock master_key, key;
-static Key_schedule master_key_schedule,
- key_schedule, random_sched;
-long mkeyversion;
-AUTH_DAT kdata;
-static Principal principal_data;
-static struct update_data ud_data;
-
-char inst[INST_SZ];
-char version[9];
-KTEXT_ST ticket;
-
-char *progname; /* for the library */
-
-main()
-{
- struct sockaddr_in foreign;
- int foreign_len = sizeof(foreign);
- int rval, more;
- static char name[] = "kpasswdd";
-
- static struct rlimit rl = { 0, 0 };
-
- progname = name;
- openlog("kpasswdd", LOG_CONS | LOG_PID, LOG_AUTH);
-
- signal(SIGHUP, SIG_IGN);
- signal(SIGINT, SIG_IGN);
- signal(SIGTSTP, SIG_IGN);
- if (setrlimit(RLIMIT_CORE, &rl) < 0) {
- syslog(LOG_ERR, "setrlimit: %m");
- exit(1);
- }
-
- if (getpeername(0, &foreign, &foreign_len) < 0) {
- syslog(LOG_ERR,"getpeername: %m");
- exit(1);
- }
-
- strcpy(inst, "*");
- rval = krb_recvauth(
- 0L, /* options--!MUTUAL */
- 0, /* file desc */
- &ticket, /* client's ticket */
- SERVICE, /* expected service */
- inst, /* expected instance */
- &foreign, /* foreign addr */
- (struct sockaddr_in *) 0, /* local addr */
- &kdata, /* returned krb data */
- "", /* service keys file */
- (struct des_ks_struct *) NULL, /* returned key schedule */
- version
- );
-
-
- if (rval != KSUCCESS) {
- syslog(LOG_NOTICE, "krb_recvauth: %s", krb_err_txt[rval]);
- cleanup();
- exit(1);
- }
-
- if (*version == '\0') {
- /* indicates error on client's side (no tickets, etc.) */
- cleanup();
- exit(0);
- } else if (strcmp(version, "KPWDV0.1") != 0) {
- syslog(LOG_NOTICE,
- "kpasswdd version conflict (recv'd %s)",
- version);
- cleanup();
- exit(1);
- }
-
-
- /* get master key */
- if (kdb_get_master_key(0, &master_key, master_key_schedule) != 0) {
- syslog(LOG_ERR, "couldn't get master key");
- cleanup();
- exit(1);
- }
-
- mkeyversion = kdb_get_master_key(NULL, &master_key, master_key_schedule);
-
- if (mkeyversion < 0) {
- syslog(LOG_NOTICE, "couldn't verify master key");
- cleanup();
- exit(1);
- }
-
- /* get principal info */
- rval = kerb_get_principal(
- kdata.pname,
- kdata.pinst,
- &principal_data,
- 1,
- &more
- );
-
- if (rval < 0) {
- syslog(LOG_NOTICE,
- "error retrieving principal record for %s.%s",
- kdata.pname, kdata.pinst);
- cleanup();
- exit(1);
- }
-
- if (rval != 1 || (more != 0)) {
- syslog(LOG_NOTICE, "more than 1 dbase entry for %s.%s",
- kdata.pname, kdata.pinst);
- cleanup();
- exit(1);
- }
-
- /* get the user's key */
-
- bcopy(&principal_data.key_low, key, 4);
- bcopy(&principal_data.key_high, ((long *) key) + 1, 4);
- kdb_encrypt_key(&key, &key, &master_key, master_key_schedule,
- DECRYPT);
- key_sched(&key, key_schedule);
- desrw_set_key(&key, key_schedule);
-
-
- /* get random key and send it over {random} Kperson */
-
- random_key(kpwd_data.random_key);
- strcpy(kpwd_data.secure_msg, SECURE_STRING);
- if (des_write(0, &kpwd_data, sizeof(kpwd_data)) != sizeof(kpwd_data)) {
- syslog(LOG_NOTICE, "error writing initial data");
- cleanup();
- exit(1);
- }
-
- bzero(key, sizeof(key));
- bzero(key_schedule, sizeof(key_schedule));
-
- /* now read update info: { info }Krandom */
-
- key_sched(&kpwd_data.random_key, random_sched);
- desrw_set_key(&kpwd_data.random_key, random_sched);
- if (des_read(0, &ud_data, sizeof(ud_data)) != sizeof(ud_data)) {
- syslog(LOG_NOTICE, "update aborted");
- cleanup();
- exit(1);
- }
-
- /* validate info string by looking at the embedded string */
-
- if (strcmp(ud_data.secure_msg, SECURE_STRING) != 0) {
- syslog(LOG_NOTICE, "invalid update from %s (%s)",
- inet_ntoa(foreign.sin_addr),
- ud_data.secure_msg);
- cleanup();
- exit(1);
- }
-
- /* produce the new key entry in the database { key }Kmaster */
- string_to_key(ud_data.pw, &key);
- kdb_encrypt_key(&key, &key,
- &master_key, master_key_schedule,
- ENCRYPT);
- bcopy(key, &principal_data.key_low, 4);
- bcopy(((long *) key) + 1,
- &principal_data.key_high, 4);
- bzero(key, sizeof(key));
- principal_data.key_version++;
- if (kerb_put_principal(&principal_data, 1)) {
- syslog(LOG_ERR, "couldn't write new record for %s.%s",
- principal_data.name, principal_data.instance);
- cleanup();
- exit(1);
- }
-
- syslog(LOG_NOTICE,"wrote new password field for %s.%s from %s",
- principal_data.name,
- principal_data.instance,
- inet_ntoa(foreign.sin_addr)
- );
-
- send_ack(0, "Update complete.\n");
- cleanup();
- exit(0);
-}
-
-cleanup()
-{
- bzero(&kpwd_data, sizeof(kpwd_data));
- bzero(&master_key, sizeof(master_key));
- bzero(master_key_schedule, sizeof(master_key_schedule));
- bzero(key, sizeof(key));
- bzero(key_schedule, sizeof(key_schedule));
- bzero(random_sched, sizeof(random_sched));
- bzero(&principal_data, sizeof(principal_data));
- bzero(&ud_data, sizeof(ud_data));
-}
-
-send_ack(remote, msg)
- int remote;
- char *msg;
-{
- int cc;
- cc = des_write(remote, msg, strlen(msg) + 1);
- if (cc <= 0) {
- syslog(LOG_NOTICE, "error writing ack");
- cleanup();
- exit(1);
- }
-}