Initial import of eBones.

(Including all changes for FreeBSD - importing the original eBones distribution
would be too complex at this stage, since I don't have access to Piero's 
CVS.)
(If you want to include eBones in your system, don't forget to include
MAKE_EBONES in /etc/make.conf.)
(This stuff is now also suppable from braae.ru.ac.za.)

Bones originally from MIT SIPB.
Original port to FreeBSD 1.x  by Piero Serini.
Moved to FreeBSD 2.0 by Doug Rabson and Geoff Rehmet.
Nice bug fixes from Doug Rabson.

3 files changed, 430 insertions, 0 deletions

diff --git a/eBones/libexec/registerd/Makefile b/eBones/libexec/registerd/Makefile
new file mode 100644
index 0000000..bc91577
--- /dev/null
+++ b/eBones/libexec/registerd/Makefile
@@ -0,0 +1,20 @@
+#
+# Copyright (c) 1990 The Regents of the University of California.
+# All rights reserved.
+#
+# %sccs.include.redist.sh
+#
+#	@(#)Makefile	8.1 (Berkeley) 6/1/93
+#
+# $Id: Makefile,v 1.3 1994/07/20 09:20:51 g89r4222 Exp $
+
+PROG=	registerd
+SRCS=	registerd.c
+CFLAGS+=-DCRYPT -DKERBEROS -I${.CURDIR}/../register
+.PATH:	${.CURDIR}/../../usr.bin/rlogin
+DPADD=	${LIBKDB} ${LIBKRB} ${LIBDES}
+LDADD=	-lkdb -lkrb -ldes
+MAN8=	registerd.8
+BINDIR=	/usr/libexec
+
+.include <bsd.prog.mk>
diff --git a/eBones/libexec/registerd/registerd.8 b/eBones/libexec/registerd/registerd.8
new file mode 100644
index 0000000..7ceff75
--- /dev/null
+++ b/eBones/libexec/registerd/registerd.8
@@ -0,0 +1,69 @@
+.\" Copyright (c) 1990, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)registerd.8	8.2 (Berkeley) 12/11/93
+.\"
+.Dd December 11, 1993
+.Dt REGISTERD 8
+.Os
+.Sh NAME
+.Nm registerd
+.Nd Kerberos registration daemon
+.Sh SYNOPSIS
+.Nm registerd
+.Sh DESCRIPTION
+Act as a registration agent for a Kerberos domain.
+.Sh FILES
+.Bl -tag -width /etc/kerberosIV/register_keys -compact
+.It Pa /.update.keyxx.xx.xx.xx
+shared
+.Tn DES
+key with server
+.It Pa /etc/kerberosIV/principal*
+Kerberos database
+.It Pa /etc/kerberosIV/register_keys
+directory containing keys for trusted hosts
+.El
+.Sh SEE ALSO
+.Xr registerd 8 ,
+.Xr kerberos 1
+.Sh DIAGNOSTICS
+.Dq Already exists ,
+if the user already exists in the Kerberos database.
+.Pp
+.Dq Permission Denied ,
+if the host on which register is being run is untrusted.
+.Sh HISTORY
+The
+.Nm registerd
+utility
+first appeared in 4.4BSD.
+
diff --git a/eBones/libexec/registerd/registerd.c b/eBones/libexec/registerd/registerd.c
new file mode 100644
index 0000000..b62e379
--- /dev/null
+++ b/eBones/libexec/registerd/registerd.c
@@ -0,0 +1,341 @@
+/*-
+ * Copyright (c) 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static char copyright[] =
+"@(#) Copyright (c) 1990, 1993\n\
+	The Regents of the University of California.  All rights reserved.\n";
+#endif /* not lint */
+
+#ifndef lint
+static char sccsid[] = "@(#)registerd.c	8.1 (Berkeley) 6/1/93";
+#endif /* not lint */
+
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/signal.h>
+#include <sys/resource.h>
+#include <sys/param.h>
+#include <sys/file.h>
+#include <netinet/in.h>
+#include <syslog.h>
+#include <kerberosIV/des.h>
+#include <kerberosIV/krb.h>
+#include <kerberosIV/krb_db.h>
+#include <stdio.h>
+#include "register_proto.h"
+#include "pathnames.h"
+
+#define	KBUFSIZ		(sizeof(struct keyfile_data))
+#define	RCRYPT		0x00
+#define	CLEAR		0x01
+
+char	*progname, msgbuf[BUFSIZ];
+
+main(argc, argv)
+	int argc;
+	char **argv;
+{
+	static	Key_schedule	schedule;
+	static struct rlimit rl = { 0, 0 };
+	struct	keyfile_data	*kfile;
+	u_char	code;
+	int	kf, retval, sval;
+	struct	sockaddr_in	sin;
+	char	keyfile[MAXPATHLEN], keybuf[KBUFSIZ];
+	void die();
+
+	progname = argv[0];		/* for the library routines */
+
+	openlog("registerd", LOG_PID, LOG_AUTH);
+
+	(void)signal(SIGHUP, SIG_IGN);
+	(void)signal(SIGINT, SIG_IGN);
+	(void)signal(SIGTSTP, SIG_IGN);
+	(void)signal(SIGPIPE, die);
+
+	if (setrlimit(RLIMIT_CORE, &rl) < 0) {
+		syslog(LOG_ERR, "setrlimit: %m");
+		exit(1);
+	}
+
+
+	/* figure out who we are talking to */
+
+	sval = sizeof(sin);
+	if (getpeername(0, (struct sockaddr *) &sin, &sval) < 0) {
+		syslog(LOG_ERR, "getpeername: %m");
+		exit(1);
+	}
+
+	/* get encryption key */
+
+	(void) sprintf(keyfile, "%s/%s%s",
+		SERVER_KEYDIR,
+		KEYFILE_BASE,
+		inet_ntoa(sin.sin_addr));
+
+	if ((kf = open(keyfile, O_RDONLY)) < 0) {
+		syslog(LOG_ERR,
+		    "error opening Kerberos update keyfile (%s): %m", keyfile);
+		(void) sprintf(msgbuf,
+		    "couldn't open session keyfile for your host");
+		send_packet(msgbuf, CLEAR);
+		exit(1);
+	}
+
+	if (read(kf, keybuf, KBUFSIZ) != KBUFSIZ) {
+		syslog(LOG_ERR, "wrong read size of Kerberos update keyfile");
+		(void) sprintf(msgbuf,
+			"couldn't read session key from your host's keyfile");
+		send_packet(msgbuf, CLEAR);
+		exit(1);
+	}
+	(void) sprintf(msgbuf, GOTKEY_MSG);
+	send_packet(msgbuf, CLEAR);
+	kfile = (struct keyfile_data *) keybuf;
+	key_sched(kfile->kf_key, schedule);
+	des_set_key(kfile->kf_key, schedule);
+
+	/* read the command code byte */
+
+	if (des_read(0, &code, 1) == 1) {
+
+		switch(code) {
+		case	APPEND_DB:
+			retval = do_append(&sin);
+			break;
+		case	ABORT:
+			cleanup();
+			close(0);
+			exit(0);
+		default:
+			retval = KFAILURE;
+			syslog(LOG_NOTICE,
+				"invalid command code on db update (0x%x)",
+				code);
+		}
+
+	} else {
+		retval = KFAILURE;
+		syslog(LOG_ERR,
+		    "couldn't read command code on Kerberos update");
+	}
+
+	code = (u_char) retval; 
+	if (code != KSUCCESS) {
+		(void) sprintf(msgbuf, "%s", krb_err_txt[code]);
+		send_packet(msgbuf, RCRYPT);
+	} else {
+		(void) sprintf(msgbuf, "Update complete.");
+		send_packet(msgbuf, RCRYPT);
+	}
+	cleanup();
+	close(0);
+	exit(0);
+}
+
+#define	MAX_PRINCIPAL	10
+static	Principal	principal_data[MAX_PRINCIPAL];
+static	C_Block		key, master_key;
+static Key_schedule	master_key_schedule;
+int
+do_append(sinp)
+	struct sockaddr_in *sinp;
+{
+	Principal	default_princ;
+	char		input_name[ANAME_SZ];
+	char		input_instance[INST_SZ];
+	int		j,n, more;
+	long		mkeyversion;
+
+
+
+	/* get master key from MKEYFILE */
+	if (kdb_get_master_key(0, master_key, master_key_schedule) != 0) {
+		syslog(LOG_ERR, "couldn't get master key");
+		return(KFAILURE);
+	}
+
+	mkeyversion = kdb_verify_master_key(master_key, master_key_schedule, NULL);
+	if (mkeyversion < 0) {
+		syslog(LOG_ERR, "couldn't validate master key");
+		return(KFAILURE);
+	}
+
+	n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST,
+		&default_princ, 1, &more);
+
+	if (n != 1) {
+		syslog(LOG_ERR, "couldn't get default principal");
+		return(KFAILURE);
+	}
+
+	/*
+	 * get principal name, instance, and password from network.
+	 * convert password to key and store it
+	 */
+
+	if (net_get_principal(input_name, input_instance, key) != 0) {
+		return(KFAILURE);
+	}
+
+
+	j = kerb_get_principal(
+		input_name,
+		input_instance,
+		principal_data,
+		MAX_PRINCIPAL,
+		&more
+	);
+
+	if (j != 0) {
+		/* already in database, no update */
+		syslog(LOG_NOTICE,
+			"attempt to add duplicate entry for principal %s.%s",
+			input_name, input_instance);
+		return(KDC_PR_N_UNIQUE);
+	}
+
+	/*
+	 * set up principal's name, instance
+	 */
+
+	strcpy(principal_data[0].name, input_name);
+	strcpy(principal_data[0].instance, input_instance);
+	principal_data[0].old = NULL;
+
+
+	/* and the expiration date and version #s */
+
+	principal_data[0].exp_date = default_princ.exp_date;
+	strcpy(principal_data[0].exp_date_txt, default_princ.exp_date_txt);
+	principal_data[0].max_life = default_princ.max_life;
+	principal_data[0].attributes = default_princ.attributes;
+	principal_data[0].kdc_key_ver = default_princ.kdc_key_ver;
+
+
+	/* and the key */
+
+	kdb_encrypt_key(key, key, master_key, master_key_schedule,
+			ENCRYPT);
+	bcopy(key, &principal_data[0].key_low, 4);
+	bcopy(((long *) key) + 1, &principal_data[0].key_high,4);
+	bzero(key, sizeof(key));
+
+	principal_data[0].key_version = 1;	/* 1st entry */
+
+	/* and write it to the database */
+
+	if (kerb_put_principal(&principal_data[0], 1)) {
+		syslog(LOG_INFO, "Kerberos update failure: put_principal failed");
+		return(KFAILURE);
+	}
+
+	syslog(LOG_NOTICE, "Kerberos update: wrote new record for %s.%s from %s",
+		principal_data[0].name,
+		principal_data[0].instance,
+		inet_ntoa(sinp->sin_addr)
+	);
+
+	return(KSUCCESS);
+
+}
+
+send_packet(msg,flag)
+	char	*msg;
+	int	flag;
+{
+	int	len = strlen(msg);
+	msg[len++] = '\n';
+	msg[len] = '\0';
+	if (len > sizeof(msgbuf)) {
+		syslog(LOG_ERR, "send_packet: invalid msg size");
+		return;
+	}
+	if (flag == RCRYPT) {
+		if (des_write(0, msg, len) != len)
+			syslog(LOG_ERR, "couldn't write reply message");
+	} else if (flag == CLEAR) {
+		if (write(0, msg, len) != len)
+			syslog(LOG_ERR, "couldn't write reply message");
+	} else
+			syslog(LOG_ERR, "send_packet: invalid flag (%d)", flag);
+
+}
+
+net_get_principal(pname, iname, keyp)
+	char	*pname, *iname;
+	C_Block	*keyp;
+{
+	int	cc;
+	static	char	password[255];
+
+	cc = des_read(0, pname, ANAME_SZ);
+	if (cc != ANAME_SZ) {
+		syslog(LOG_ERR, "couldn't get principal name");
+		return(-1);
+	}
+
+	cc = des_read(0, iname, INST_SZ);
+	if (cc != INST_SZ) {
+		syslog(LOG_ERR, "couldn't get instance name");
+		return(-1);
+	}
+
+	cc = des_read(0, password, 255);
+	if (cc != 255) {
+		syslog(LOG_ERR, "couldn't get password");
+		bzero(password, 255);
+		return(-1);
+	}
+
+	string_to_key(password, *keyp);
+	bzero(password, 255);
+	return(0);
+}
+
+cleanup()
+{
+	bzero(master_key, sizeof(master_key));
+	bzero(key, sizeof(key));
+	bzero(master_key_schedule, sizeof(master_key_schedule));
+}
+
+void
+die()
+{
+	syslog(LOG_ERR, "remote end died (SIGPIPE)");
+	cleanup();
+	exit(1);
+}