diff options
-rw-r--r-- | eBones/kprop/Makefile | 11 | ||||
-rw-r--r-- | eBones/kprop/kprop.c | 604 | ||||
-rw-r--r-- | eBones/kprop/kprop.h | 33 | ||||
-rw-r--r-- | eBones/usr.sbin/kprop/Makefile | 11 | ||||
-rw-r--r-- | eBones/usr.sbin/kprop/kprop.c | 604 | ||||
-rw-r--r-- | eBones/usr.sbin/kprop/kprop.h | 33 |
6 files changed, 1296 insertions, 0 deletions
diff --git a/eBones/kprop/Makefile b/eBones/kprop/Makefile new file mode 100644 index 0000000..962813e --- /dev/null +++ b/eBones/kprop/Makefile @@ -0,0 +1,11 @@ +# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 +# $Id$ + +PROG= kprop +CFLAGS+=-I${.CURDIR}/../include +DPADD= ${LIBKRB} ${LIBDES} +LDADD= -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes +BINDIR= /usr/sbin +NOMAN= noman + +.include <bsd.prog.mk> diff --git a/eBones/kprop/kprop.c b/eBones/kprop/kprop.c new file mode 100644 index 0000000..91fb08f --- /dev/null +++ b/eBones/kprop/kprop.c @@ -0,0 +1,604 @@ +/* + * + * Copyright 1987 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, + * please see the file <mit-copyright.h>. + * + * $Revision: 4.7 $ + * $Date: 92/11/10 23:01:06 $ + * $State: Exp $ + * $Source: /afs/net.mit.edu/project/krb4/src/slave/RCS/kprop.c,v $ + * $Author: tytso $ + * $Locker: $ + * + * $Log: kprop.c,v $ + * Revision 4.7 92/11/10 23:01:06 tytso + * Removed incompatible #include + * + * Revision 4.6 91/02/28 22:49:34 probe + * Fixed header file inclusion + * + * Revision 4.5 90/03/20 15:37:57 jon + * Stop kpropd port number from being bashed (static buffers) + * Programmer: jtkohl + * Auditor: jon + * + * Revision 4.4 90/01/02 13:42:40 jtkohl + * add back in accidentally deleted $ in rcsid string + * + * Revision 4.3 89/12/30 21:22:27 qjb + * Added #define MAXHOSTNAMELEN if not already defined for the benifit + * of Unixes that don't have this variable in sys/param.h. + * + * Revision 4.2 89/03/23 10:23:43 jtkohl + * fix misuse of mkstemp to use mktemp + * NOENCRYPTION changes + * + * Revision 4.1 89/01/24 20:35:17 root + * name change + * + * Revision 4.0 89/01/24 18:44:38 wesommer + * Original version; programmer: wesommer + * auditor: jon. + * + * Revision 4.4 88/01/08 18:05:21 jon + * formating changes and rcs header info + * + * + */ + +#ifndef lint +static char rcsid_kprop_c[] = +"$Id: kprop.c,v 4.7 92/11/10 23:01:06 tytso Exp $"; +#endif lint + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include <sys/types.h> +#include <sys/file.h> +#include <signal.h> +#include <sys/stat.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <sys/param.h> +#include <netdb.h> +#include <krb.h> +#include <des.h> + +#include "kprop.h" + +/* for those broken Unixes without this defined... should be in sys/param.h */ +#ifndef MAXHOSTNAMELEN +#define MAXHOSTNAMELEN 64 +#endif + +static char kprop_version[KPROP_PROT_VERSION_LEN] = KPROP_PROT_VERSION; + +int debug = 0; + +char my_realm[REALM_SZ]; +int princ_data_size = 3 * sizeof(long) + 3 * sizeof(unsigned char); +short transfer_mode, net_transfer_mode; +int force_flag; +static char ok[] = ".dump_ok"; + +extern char *krb_get_phost(char *); + +struct slave_host { + u_long net_addr; + char *name; + char *instance; + char *realm; + int not_time_yet; + int succeeded; + struct slave_host *next; +}; + +main(argc, argv) + int argc; + char *argv[]; +{ + int fd, i; + char *floc, *floc_ok; + char *fslv; + struct stat stbuf, stbuf_ok; + long l_init, l_final; + char *pc; + int l_diff, prop_to_slaves(), get_slaves(); + static struct slave_host *slave_host_list = NULL; + struct slave_host *sh; + + transfer_mode = KPROP_TRANSFER_PRIVATE; + + time(&l_init); + pc = ctime(&l_init); + pc[strlen(pc) - 1] = '\0'; + printf("\nStart slave propagation: %s\n", pc); + + floc = (char *) NULL; + fslv = (char *) NULL; + + if (krb_get_lrealm(my_realm,1) != KSUCCESS) + Death ("Getting my kerberos realm. Check krb.conf"); + + for (i = 1; i < argc; i++) + switch (argv[i][0]) { + case '-': + if (strcmp (argv[i], "-private") == 0) + transfer_mode = KPROP_TRANSFER_PRIVATE; +#ifdef not_safe_yet + else if (strcmp (argv[i], "-safe") == 0) + transfer_mode = KPROP_TRANSFER_SAFE; + else if (strcmp (argv[i], "-clear") == 0) + transfer_mode = KPROP_TRANSFER_CLEAR; +#endif + else if (strcmp (argv[i], "-realm") == 0) { + i++; + if (i < argc) + strcpy(my_realm, argv[i]); + else + goto usage; + } else if (strcmp (argv[i], "-force") == 0) + force_flag++; + else { + fprintf (stderr, "kprop: unknown control argument %s.\n", + argv[i]); + exit (1); + } + break; + default: + /* positional arguments are marginal at best ... */ + if (floc == (char *) NULL) + floc = argv[i]; + else { + if (fslv == (char *) NULL) + fslv = argv[i]; + else { + usage: + /* already got floc and fslv, what is this? */ + fprintf(stderr, + "\nUsage: kprop [-force] [-realm realm] [-private|-safe|-clear] data_file slaves_file\n\n"); + exit(1); + } + } + } + if ((floc == (char *)NULL) || (fslv == (char *)NULL)) + goto usage; + + if ((floc_ok = (char *) malloc(strlen(floc) + strlen(ok) + 1)) + == NULL) { + Death(floc); + } + strcat(strcpy(floc_ok, floc), ok); + + if ((fd = open(floc, O_RDONLY)) < 0) { + Death(floc); + } + if (flock(fd, LOCK_EX | LOCK_NB)) { + Death(floc); + } + if (stat(floc, &stbuf)) { + Death(floc); + } + if (stat(floc_ok, &stbuf_ok)) { + Death(floc_ok); + } + if (stbuf.st_mtime > stbuf_ok.st_mtime) { + fprintf(stderr, "kprop: '%s' more recent than '%s'.\n", + floc, floc_ok); + exit(1); + } + if (!get_slaves(&slave_host_list, fslv, stbuf_ok.st_mtime)) { + fprintf(stderr, + "kprop: can't read slave host file '%s'.\n", fslv); + exit(1); + } +#ifdef KPROP_DBG + { + struct slave_host *sh; + int i; + fprintf(stderr, "\n\n"); + fflush(stderr); + for (sh = slave_host_list; sh; sh = sh->next) { + fprintf(stderr, "slave %d: %s, %s", i++, sh->name, + inet_ntoa(sh->net_addr)); + fflush(stderr); + } + } +#endif /* KPROP_DBG */ + + if (!prop_to_slaves(slave_host_list, fd, fslv)) { + fprintf(stderr, + "kprop: propagation failed.\n"); + exit(1); + } + if (flock(fd, LOCK_UN)) { + Death(floc); + } + fprintf(stderr, "\n\n"); + for (sh = slave_host_list; sh; sh = sh->next) { + fprintf(stderr, "%s:\t\t%s\n", sh->name, + (sh->not_time_yet? "Not time yet" : (sh->succeeded ? "Succeeded" : "FAILED"))); + } + + time(&l_final); + l_diff = l_final - l_init; + printf("propagation finished, %d:%02d:%02d elapsed\n", + l_diff / 3600, (l_diff % 3600) / 60, l_diff % 60); + + exit(0); +} + +Death(s) + char *s; +{ + fprintf(stderr, "kprop: "); + perror(s); + exit(1); +} + +/* The master -> slave protocol looks like this: + 1) 8 byte version string + 2) 2 bytes of "transfer mode" (net byte order of course) + 3) ticket/authentication send by sendauth + 4) 4 bytes of "block" length (u_long) + 5) data + + 4 and 5 repeat til EOF ... +*/ + +int prop_to_slaves(sl, fd, fslv) + struct slave_host *sl; + int fd; + char *fslv; +{ + char buf[KPROP_BUFSIZ]; + char obuf[KPROP_BUFSIZ + 64 /* leave room for private msg overhead */ ]; + struct servent *sp; + struct sockaddr_in sin, my_sin; + int i, n, s; + struct slave_host *cs; /* current slave */ + char path[256], my_host_name[MAXHOSTNAMELEN], *p_my_host_name; + char kprop_service_instance[INST_SZ]; + char *pc; + u_long cksum, get_data_checksum(); + u_long length, nlength; + long kerror; + KTEXT_ST ticket; + CREDENTIALS cred; + MSG_DAT msg_dat; + static char tkstring[] = "/tmp/kproptktXXXXXX"; + + Key_schedule session_sched; + + (void) mktemp(tkstring); + krb_set_tkt_string(tkstring); + + if ((sp = getservbyname("krb_prop", "tcp")) == 0) { + fprintf(stderr, "tcp/krb_prop: service unknown.\n"); + exit(1); + } + + bzero(&sin, sizeof sin); + sin.sin_family = AF_INET; + sin.sin_port = sp->s_port; + + strcpy(path, fslv); + if (pc = rindex(path, '/')) { + pc += 1; + } else { + pc = path; + } + + for (i = 0; i < 5; i++) { /* try each slave five times max */ + for (cs = sl; cs; cs = cs->next) { + if (!cs->succeeded) { + if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { + perror("kprop: socket"); + exit(1); + } + bcopy(&cs->net_addr, &sin.sin_addr, + sizeof cs->net_addr); + + if (connect(s, (struct sockaddr *) &sin, sizeof sin) < 0) { + fprintf(stderr, "%s: ", cs->name); + perror("connect"); + close(s); + continue; /*** NEXT SLAVE ***/ + } + + /* for krb_mk_{priv, safe} */ + bzero (&my_sin, sizeof my_sin); + n = sizeof my_sin; + if (getsockname (s, (struct sockaddr *) &my_sin, &n) != 0) { + fprintf (stderr, "kprop: can't get socketname."); + perror ("getsockname"); + close (s); + continue; /*** NEXT SLAVE ***/ + } + if (n != sizeof (my_sin)) { + fprintf (stderr, "kprop: can't get socketname. len"); + close (s); + continue; /*** NEXT SLAVE ***/ + } + + /* Get ticket */ + kerror = krb_mk_req (&ticket, KPROP_SERVICE_NAME, + cs->instance, cs->realm, (u_long) 0); + /* if ticket has expired try to get a new one, but + * first get a TGT ... + */ + if (kerror != MK_AP_OK) { + if (gethostname (my_host_name, sizeof(my_host_name)) != 0) { + fprintf (stderr, "%s:", cs->name); + perror ("getting my hostname"); + close (s); + break; /* next one can't work either! */ + } + /* get canonical kerberos service instance name */ + p_my_host_name = krb_get_phost (my_host_name); + /* copy it to make sure gethostbyname static doesn't + * screw us. */ + strcpy (kprop_service_instance, p_my_host_name); + kerror = krb_get_svc_in_tkt (KPROP_SERVICE_NAME, +#if 0 + kprop_service_instance, +#else + KRB_MASTER, +#endif + my_realm, + TGT_SERVICE_NAME, + my_realm, + 96, + KPROP_SRVTAB); + if (kerror != INTK_OK) { + fprintf (stderr, + "%s: %s. While getting initial ticket\n", + cs->name, krb_err_txt[kerror]); + close (s); + goto punt; + } + kerror = krb_mk_req (&ticket, KPROP_SERVICE_NAME, + cs->instance, cs->realm, (u_long) 0); + } + if (kerror != MK_AP_OK) { + fprintf (stderr, "%s: %s. Calling krb_mk_req.", + cs->name, krb_err_txt[kerror]); + close (s); + continue; /*** NEXT SLAVE ***/ + } + + if (write(s, kprop_version, sizeof(kprop_version)) + != sizeof(kprop_version)) { + fprintf (stderr, "%s: ", cs->name); + perror ("write (version) error"); + close (s); + continue; /*** NEXT SLAVE ***/ + } + + net_transfer_mode = htons (transfer_mode); + if (write(s, &net_transfer_mode, sizeof(net_transfer_mode)) + != sizeof(net_transfer_mode)) { + fprintf (stderr, "%s: ", cs->name); + perror ("write (transfer_mode) error"); + close (s); + continue; /*** NEXT SLAVE ***/ + } + + kerror = krb_get_cred (KPROP_SERVICE_NAME, cs->instance, + cs->realm, &cred); + if (kerror != KSUCCESS) { + fprintf (stderr, "%s: %s. Getting session key.", + cs->name, krb_err_txt[kerror]); + close (s); + continue; /*** NEXT SLAVE ***/ + } +#ifdef NOENCRYPTION + bzero((char *)session_sched, sizeof(session_sched)); +#else + if (key_sched (cred.session, session_sched)) { + fprintf (stderr, "%s: can't make key schedule.", + cs->name); + close (s); + continue; /*** NEXT SLAVE ***/ + } +#endif + /* SAFE (quad_cksum) and CLEAR are just not good enough */ + cksum = 0; +#ifdef not_working_yet + if (transfer_mode != KPROP_TRANSFER_PRIVATE) { + cksum = get_data_checksum(fd, session_sched); + lseek(fd, 0L, 0); + } + else +#endif + { + struct stat st; + fstat (fd, &st); + cksum = st.st_size; + } + kerror = krb_sendauth(KOPT_DO_MUTUAL, + s, + &ticket, + KPROP_SERVICE_NAME, + cs->instance, + cs->realm, + cksum, + &msg_dat, + &cred, + session_sched, + &my_sin, + &sin, + KPROP_PROT_VERSION); + if (kerror != KSUCCESS) { + fprintf (stderr, "%s: %s. Calling krb_sendauth.", + cs->name, krb_err_txt[kerror]); + close (s); + continue; /*** NEXT SLAVE ***/ + } + + while (n = read(fd, buf, sizeof buf)) { + if (n < 0) { + perror("input file read error"); + exit(1); + } + switch (transfer_mode) { + case KPROP_TRANSFER_PRIVATE: + case KPROP_TRANSFER_SAFE: + if (transfer_mode == KPROP_TRANSFER_PRIVATE) + length = krb_mk_priv (buf, obuf, n, + session_sched, cred.session, + &my_sin, &sin); + else + length = krb_mk_safe (buf, obuf, n, + cred.session, + &my_sin, &sin); + if (length == -1) { + fprintf (stderr, "%s: %s failed.", + cs->name, + (transfer_mode == KPROP_TRANSFER_PRIVATE) + ? "krb_rd_priv" : "krb_rd_safe"); + close (s); + continue; /*** NEXT SLAVE ***/ + } + nlength = htonl(length); + if (write(s, &nlength, sizeof nlength) + != sizeof nlength) { + fprintf (stderr, "%s: ", cs->name); + perror ("write error"); + close (s); + continue; /*** NEXT SLAVE ***/ + } + if (write(s, obuf, length) != length) { + fprintf(stderr, "%s: ", cs->name); + perror("write error"); + close(s); + continue; /*** NEXT SLAVE ***/ + } + break; + case KPROP_TRANSFER_CLEAR: + if (write(s, buf, n) != n) { + fprintf(stderr, "%s: ", cs->name); + perror("write error"); + close(s); + continue; /*** NEXT SLAVE ***/ + } + break; + } + } + close(s); + cs->succeeded = 1; + fprintf(stderr, "%s: success.\n", cs->name); + strcat(strcpy(pc, cs->name), "-last-prop"); + close(creat(path, 0600)); + } + } + } +punt: + + dest_tkt(); + for (cs = sl; cs; cs = cs->next) { + if (!cs->succeeded) + return (0); /* didn't get this slave */ + } + return (1); +} + +int get_slaves(psl, file, ok_mtime) + struct slave_host **psl; + char *file; + time_t ok_mtime; +{ + FILE *fin; + char namebuf[128], *inst; + char *pc; + struct hostent *host; + struct slave_host **th; + char path[256]; + char *ppath; + struct stat stbuf; + + if ((fin = fopen(file, "r")) == NULL) { + fprintf(stderr, "Can't open slave host file, '%s'.\n", file); + exit(-1); + } + strcpy(path, file); + if (ppath = rindex(path, '/')) { + ppath += 1; + } else { + ppath = path; + } + for (th = psl; fgets(namebuf, sizeof namebuf, fin); th = &(*th)->next) { + if (pc = index(namebuf, '\n')) { + *pc = '\0'; + } else { + fprintf(stderr, "Host name too long (>= %d chars) in '%s'.\n", + sizeof namebuf, file); + exit(-1); + } + host = gethostbyname(namebuf); + if (host == NULL) { + fprintf(stderr, "Unknown host '%s' in '%s'.\n", namebuf, file); + exit(-1); + } + (*th) = (struct slave_host *) malloc(sizeof(struct slave_host)); + if (!*th) { + fprintf(stderr, "No memory reading host list from '%s'.\n", + file); + exit(-1); + } + (*th)->name = malloc(strlen(namebuf) + 1); + if (!(*th)->name) { + fprintf(stderr, "No memory reading host list from '%s'.\n", + file); + exit(-1); + } + /* get kerberos cannonical instance name */ + strcpy((*th)->name, namebuf); + inst = krb_get_phost ((*th)->name); + (*th)->instance = malloc(strlen(inst) + 1); + if (!(*th)->instance) { + fprintf(stderr, "No memory reading host list from '%s'.\n", + file); + exit(-1); + } + strcpy((*th)->instance, inst); + /* what a concept, slave servers in different realms! */ + (*th)->realm = my_realm; + (*th)->net_addr = *(u_long *) host->h_addr; + (*th)->succeeded = 0; + (*th)->next = NULL; + strcat(strcpy(ppath, (*th)->name), "-last-prop"); + if (!force_flag && !stat(path, &stbuf) && stbuf.st_mtime > ok_mtime) { + (*th)->not_time_yet = 1; + (*th)->succeeded = 1; /* no change since last success */ + } + } + fclose(fin); + return (1); +} + +#ifdef doesnt_work_yet +u_long get_data_checksum(fd, key_sched) + int fd; + Key_schedule key_sched; +{ + unsigned long cksum = 0; + unsigned long cbc_cksum(); + int n; + char buf[BUFSIZ]; + long obuf[2]; + + while (n = read(fd, buf, sizeof buf)) { + if (n < 0) { + fprintf(stderr, "Input data file read error: "); + perror("read"); + exit(1); + } + cksum = cbc_cksum(buf, obuf, n, key_sched, key_sched); + } + return cksum; +} +#endif diff --git a/eBones/kprop/kprop.h b/eBones/kprop/kprop.h new file mode 100644 index 0000000..2f34e36 --- /dev/null +++ b/eBones/kprop/kprop.h @@ -0,0 +1,33 @@ +/* + * Copyright 1987 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, + * please see the file <mit-copyright.h>. + * + * $Revision: 4.1 $ + * $Date: 92/10/23 15:45:13 $ + * $State: Exp $ + * $Source: /afs/net.mit.edu/project/krb4/src/slave/RCS/kprop.h,v $ + * $Author: tytso $ + * $Locker: $ + * + * $Log: kprop.h,v $ + * Revision 4.1 92/10/23 15:45:13 tytso + * Change the location of KPROP_KDBUTIL to be /kerberos/bin/kdb_util. + * + * Revision 4.0 89/01/24 18:44:46 wesommer + * Original version; programmer: wesommer + * auditor: jon + * + */ + +#define KPROP_SERVICE_NAME "rcmd" +#define KPROP_SRVTAB "/etc/kerberosIV/srvtab" +#define TGT_SERVICE_NAME "krbtgt" +#define KPROP_PROT_VERSION_LEN 8 +#define KPROP_PROT_VERSION "kprop01" +#define KPROP_TRANSFER_PRIVATE 1 +#define KPROP_TRANSFER_SAFE 2 +#define KPROP_TRANSFER_CLEAR 3 +#define KPROP_BUFSIZ 32768 +#define KPROP_KDB_UTIL "/usr/sbin/kdb_util" diff --git a/eBones/usr.sbin/kprop/Makefile b/eBones/usr.sbin/kprop/Makefile new file mode 100644 index 0000000..962813e --- /dev/null +++ b/eBones/usr.sbin/kprop/Makefile @@ -0,0 +1,11 @@ +# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 +# $Id$ + +PROG= kprop +CFLAGS+=-I${.CURDIR}/../include +DPADD= ${LIBKRB} ${LIBDES} +LDADD= -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes +BINDIR= /usr/sbin +NOMAN= noman + +.include <bsd.prog.mk> diff --git a/eBones/usr.sbin/kprop/kprop.c b/eBones/usr.sbin/kprop/kprop.c new file mode 100644 index 0000000..91fb08f --- /dev/null +++ b/eBones/usr.sbin/kprop/kprop.c @@ -0,0 +1,604 @@ +/* + * + * Copyright 1987 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, + * please see the file <mit-copyright.h>. + * + * $Revision: 4.7 $ + * $Date: 92/11/10 23:01:06 $ + * $State: Exp $ + * $Source: /afs/net.mit.edu/project/krb4/src/slave/RCS/kprop.c,v $ + * $Author: tytso $ + * $Locker: $ + * + * $Log: kprop.c,v $ + * Revision 4.7 92/11/10 23:01:06 tytso + * Removed incompatible #include + * + * Revision 4.6 91/02/28 22:49:34 probe + * Fixed header file inclusion + * + * Revision 4.5 90/03/20 15:37:57 jon + * Stop kpropd port number from being bashed (static buffers) + * Programmer: jtkohl + * Auditor: jon + * + * Revision 4.4 90/01/02 13:42:40 jtkohl + * add back in accidentally deleted $ in rcsid string + * + * Revision 4.3 89/12/30 21:22:27 qjb + * Added #define MAXHOSTNAMELEN if not already defined for the benifit + * of Unixes that don't have this variable in sys/param.h. + * + * Revision 4.2 89/03/23 10:23:43 jtkohl + * fix misuse of mkstemp to use mktemp + * NOENCRYPTION changes + * + * Revision 4.1 89/01/24 20:35:17 root + * name change + * + * Revision 4.0 89/01/24 18:44:38 wesommer + * Original version; programmer: wesommer + * auditor: jon. + * + * Revision 4.4 88/01/08 18:05:21 jon + * formating changes and rcs header info + * + * + */ + +#ifndef lint +static char rcsid_kprop_c[] = +"$Id: kprop.c,v 4.7 92/11/10 23:01:06 tytso Exp $"; +#endif lint + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include <sys/types.h> +#include <sys/file.h> +#include <signal.h> +#include <sys/stat.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <sys/param.h> +#include <netdb.h> +#include <krb.h> +#include <des.h> + +#include "kprop.h" + +/* for those broken Unixes without this defined... should be in sys/param.h */ +#ifndef MAXHOSTNAMELEN +#define MAXHOSTNAMELEN 64 +#endif + +static char kprop_version[KPROP_PROT_VERSION_LEN] = KPROP_PROT_VERSION; + +int debug = 0; + +char my_realm[REALM_SZ]; +int princ_data_size = 3 * sizeof(long) + 3 * sizeof(unsigned char); +short transfer_mode, net_transfer_mode; +int force_flag; +static char ok[] = ".dump_ok"; + +extern char *krb_get_phost(char *); + +struct slave_host { + u_long net_addr; + char *name; + char *instance; + char *realm; + int not_time_yet; + int succeeded; + struct slave_host *next; +}; + +main(argc, argv) + int argc; + char *argv[]; +{ + int fd, i; + char *floc, *floc_ok; + char *fslv; + struct stat stbuf, stbuf_ok; + long l_init, l_final; + char *pc; + int l_diff, prop_to_slaves(), get_slaves(); + static struct slave_host *slave_host_list = NULL; + struct slave_host *sh; + + transfer_mode = KPROP_TRANSFER_PRIVATE; + + time(&l_init); + pc = ctime(&l_init); + pc[strlen(pc) - 1] = '\0'; + printf("\nStart slave propagation: %s\n", pc); + + floc = (char *) NULL; + fslv = (char *) NULL; + + if (krb_get_lrealm(my_realm,1) != KSUCCESS) + Death ("Getting my kerberos realm. Check krb.conf"); + + for (i = 1; i < argc; i++) + switch (argv[i][0]) { + case '-': + if (strcmp (argv[i], "-private") == 0) + transfer_mode = KPROP_TRANSFER_PRIVATE; +#ifdef not_safe_yet + else if (strcmp (argv[i], "-safe") == 0) + transfer_mode = KPROP_TRANSFER_SAFE; + else if (strcmp (argv[i], "-clear") == 0) + transfer_mode = KPROP_TRANSFER_CLEAR; +#endif + else if (strcmp (argv[i], "-realm") == 0) { + i++; + if (i < argc) + strcpy(my_realm, argv[i]); + else + goto usage; + } else if (strcmp (argv[i], "-force") == 0) + force_flag++; + else { + fprintf (stderr, "kprop: unknown control argument %s.\n", + argv[i]); + exit (1); + } + break; + default: + /* positional arguments are marginal at best ... */ + if (floc == (char *) NULL) + floc = argv[i]; + else { + if (fslv == (char *) NULL) + fslv = argv[i]; + else { + usage: + /* already got floc and fslv, what is this? */ + fprintf(stderr, + "\nUsage: kprop [-force] [-realm realm] [-private|-safe|-clear] data_file slaves_file\n\n"); + exit(1); + } + } + } + if ((floc == (char *)NULL) || (fslv == (char *)NULL)) + goto usage; + + if ((floc_ok = (char *) malloc(strlen(floc) + strlen(ok) + 1)) + == NULL) { + Death(floc); + } + strcat(strcpy(floc_ok, floc), ok); + + if ((fd = open(floc, O_RDONLY)) < 0) { + Death(floc); + } + if (flock(fd, LOCK_EX | LOCK_NB)) { + Death(floc); + } + if (stat(floc, &stbuf)) { + Death(floc); + } + if (stat(floc_ok, &stbuf_ok)) { + Death(floc_ok); + } + if (stbuf.st_mtime > stbuf_ok.st_mtime) { + fprintf(stderr, "kprop: '%s' more recent than '%s'.\n", + floc, floc_ok); + exit(1); + } + if (!get_slaves(&slave_host_list, fslv, stbuf_ok.st_mtime)) { + fprintf(stderr, + "kprop: can't read slave host file '%s'.\n", fslv); + exit(1); + } +#ifdef KPROP_DBG + { + struct slave_host *sh; + int i; + fprintf(stderr, "\n\n"); + fflush(stderr); + for (sh = slave_host_list; sh; sh = sh->next) { + fprintf(stderr, "slave %d: %s, %s", i++, sh->name, + inet_ntoa(sh->net_addr)); + fflush(stderr); + } + } +#endif /* KPROP_DBG */ + + if (!prop_to_slaves(slave_host_list, fd, fslv)) { + fprintf(stderr, + "kprop: propagation failed.\n"); + exit(1); + } + if (flock(fd, LOCK_UN)) { + Death(floc); + } + fprintf(stderr, "\n\n"); + for (sh = slave_host_list; sh; sh = sh->next) { + fprintf(stderr, "%s:\t\t%s\n", sh->name, + (sh->not_time_yet? "Not time yet" : (sh->succeeded ? "Succeeded" : "FAILED"))); + } + + time(&l_final); + l_diff = l_final - l_init; + printf("propagation finished, %d:%02d:%02d elapsed\n", + l_diff / 3600, (l_diff % 3600) / 60, l_diff % 60); + + exit(0); +} + +Death(s) + char *s; +{ + fprintf(stderr, "kprop: "); + perror(s); + exit(1); +} + +/* The master -> slave protocol looks like this: + 1) 8 byte version string + 2) 2 bytes of "transfer mode" (net byte order of course) + 3) ticket/authentication send by sendauth + 4) 4 bytes of "block" length (u_long) + 5) data + + 4 and 5 repeat til EOF ... +*/ + +int prop_to_slaves(sl, fd, fslv) + struct slave_host *sl; + int fd; + char *fslv; +{ + char buf[KPROP_BUFSIZ]; + char obuf[KPROP_BUFSIZ + 64 /* leave room for private msg overhead */ ]; + struct servent *sp; + struct sockaddr_in sin, my_sin; + int i, n, s; + struct slave_host *cs; /* current slave */ + char path[256], my_host_name[MAXHOSTNAMELEN], *p_my_host_name; + char kprop_service_instance[INST_SZ]; + char *pc; + u_long cksum, get_data_checksum(); + u_long length, nlength; + long kerror; + KTEXT_ST ticket; + CREDENTIALS cred; + MSG_DAT msg_dat; + static char tkstring[] = "/tmp/kproptktXXXXXX"; + + Key_schedule session_sched; + + (void) mktemp(tkstring); + krb_set_tkt_string(tkstring); + + if ((sp = getservbyname("krb_prop", "tcp")) == 0) { + fprintf(stderr, "tcp/krb_prop: service unknown.\n"); + exit(1); + } + + bzero(&sin, sizeof sin); + sin.sin_family = AF_INET; + sin.sin_port = sp->s_port; + + strcpy(path, fslv); + if (pc = rindex(path, '/')) { + pc += 1; + } else { + pc = path; + } + + for (i = 0; i < 5; i++) { /* try each slave five times max */ + for (cs = sl; cs; cs = cs->next) { + if (!cs->succeeded) { + if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { + perror("kprop: socket"); + exit(1); + } + bcopy(&cs->net_addr, &sin.sin_addr, + sizeof cs->net_addr); + + if (connect(s, (struct sockaddr *) &sin, sizeof sin) < 0) { + fprintf(stderr, "%s: ", cs->name); + perror("connect"); + close(s); + continue; /*** NEXT SLAVE ***/ + } + + /* for krb_mk_{priv, safe} */ + bzero (&my_sin, sizeof my_sin); + n = sizeof my_sin; + if (getsockname (s, (struct sockaddr *) &my_sin, &n) != 0) { + fprintf (stderr, "kprop: can't get socketname."); + perror ("getsockname"); + close (s); + continue; /*** NEXT SLAVE ***/ + } + if (n != sizeof (my_sin)) { + fprintf (stderr, "kprop: can't get socketname. len"); + close (s); + continue; /*** NEXT SLAVE ***/ + } + + /* Get ticket */ + kerror = krb_mk_req (&ticket, KPROP_SERVICE_NAME, + cs->instance, cs->realm, (u_long) 0); + /* if ticket has expired try to get a new one, but + * first get a TGT ... + */ + if (kerror != MK_AP_OK) { + if (gethostname (my_host_name, sizeof(my_host_name)) != 0) { + fprintf (stderr, "%s:", cs->name); + perror ("getting my hostname"); + close (s); + break; /* next one can't work either! */ + } + /* get canonical kerberos service instance name */ + p_my_host_name = krb_get_phost (my_host_name); + /* copy it to make sure gethostbyname static doesn't + * screw us. */ + strcpy (kprop_service_instance, p_my_host_name); + kerror = krb_get_svc_in_tkt (KPROP_SERVICE_NAME, +#if 0 + kprop_service_instance, +#else + KRB_MASTER, +#endif + my_realm, + TGT_SERVICE_NAME, + my_realm, + 96, + KPROP_SRVTAB); + if (kerror != INTK_OK) { + fprintf (stderr, + "%s: %s. While getting initial ticket\n", + cs->name, krb_err_txt[kerror]); + close (s); + goto punt; + } + kerror = krb_mk_req (&ticket, KPROP_SERVICE_NAME, + cs->instance, cs->realm, (u_long) 0); + } + if (kerror != MK_AP_OK) { + fprintf (stderr, "%s: %s. Calling krb_mk_req.", + cs->name, krb_err_txt[kerror]); + close (s); + continue; /*** NEXT SLAVE ***/ + } + + if (write(s, kprop_version, sizeof(kprop_version)) + != sizeof(kprop_version)) { + fprintf (stderr, "%s: ", cs->name); + perror ("write (version) error"); + close (s); + continue; /*** NEXT SLAVE ***/ + } + + net_transfer_mode = htons (transfer_mode); + if (write(s, &net_transfer_mode, sizeof(net_transfer_mode)) + != sizeof(net_transfer_mode)) { + fprintf (stderr, "%s: ", cs->name); + perror ("write (transfer_mode) error"); + close (s); + continue; /*** NEXT SLAVE ***/ + } + + kerror = krb_get_cred (KPROP_SERVICE_NAME, cs->instance, + cs->realm, &cred); + if (kerror != KSUCCESS) { + fprintf (stderr, "%s: %s. Getting session key.", + cs->name, krb_err_txt[kerror]); + close (s); + continue; /*** NEXT SLAVE ***/ + } +#ifdef NOENCRYPTION + bzero((char *)session_sched, sizeof(session_sched)); +#else + if (key_sched (cred.session, session_sched)) { + fprintf (stderr, "%s: can't make key schedule.", + cs->name); + close (s); + continue; /*** NEXT SLAVE ***/ + } +#endif + /* SAFE (quad_cksum) and CLEAR are just not good enough */ + cksum = 0; +#ifdef not_working_yet + if (transfer_mode != KPROP_TRANSFER_PRIVATE) { + cksum = get_data_checksum(fd, session_sched); + lseek(fd, 0L, 0); + } + else +#endif + { + struct stat st; + fstat (fd, &st); + cksum = st.st_size; + } + kerror = krb_sendauth(KOPT_DO_MUTUAL, + s, + &ticket, + KPROP_SERVICE_NAME, + cs->instance, + cs->realm, + cksum, + &msg_dat, + &cred, + session_sched, + &my_sin, + &sin, + KPROP_PROT_VERSION); + if (kerror != KSUCCESS) { + fprintf (stderr, "%s: %s. Calling krb_sendauth.", + cs->name, krb_err_txt[kerror]); + close (s); + continue; /*** NEXT SLAVE ***/ + } + + while (n = read(fd, buf, sizeof buf)) { + if (n < 0) { + perror("input file read error"); + exit(1); + } + switch (transfer_mode) { + case KPROP_TRANSFER_PRIVATE: + case KPROP_TRANSFER_SAFE: + if (transfer_mode == KPROP_TRANSFER_PRIVATE) + length = krb_mk_priv (buf, obuf, n, + session_sched, cred.session, + &my_sin, &sin); + else + length = krb_mk_safe (buf, obuf, n, + cred.session, + &my_sin, &sin); + if (length == -1) { + fprintf (stderr, "%s: %s failed.", + cs->name, + (transfer_mode == KPROP_TRANSFER_PRIVATE) + ? "krb_rd_priv" : "krb_rd_safe"); + close (s); + continue; /*** NEXT SLAVE ***/ + } + nlength = htonl(length); + if (write(s, &nlength, sizeof nlength) + != sizeof nlength) { + fprintf (stderr, "%s: ", cs->name); + perror ("write error"); + close (s); + continue; /*** NEXT SLAVE ***/ + } + if (write(s, obuf, length) != length) { + fprintf(stderr, "%s: ", cs->name); + perror("write error"); + close(s); + continue; /*** NEXT SLAVE ***/ + } + break; + case KPROP_TRANSFER_CLEAR: + if (write(s, buf, n) != n) { + fprintf(stderr, "%s: ", cs->name); + perror("write error"); + close(s); + continue; /*** NEXT SLAVE ***/ + } + break; + } + } + close(s); + cs->succeeded = 1; + fprintf(stderr, "%s: success.\n", cs->name); + strcat(strcpy(pc, cs->name), "-last-prop"); + close(creat(path, 0600)); + } + } + } +punt: + + dest_tkt(); + for (cs = sl; cs; cs = cs->next) { + if (!cs->succeeded) + return (0); /* didn't get this slave */ + } + return (1); +} + +int get_slaves(psl, file, ok_mtime) + struct slave_host **psl; + char *file; + time_t ok_mtime; +{ + FILE *fin; + char namebuf[128], *inst; + char *pc; + struct hostent *host; + struct slave_host **th; + char path[256]; + char *ppath; + struct stat stbuf; + + if ((fin = fopen(file, "r")) == NULL) { + fprintf(stderr, "Can't open slave host file, '%s'.\n", file); + exit(-1); + } + strcpy(path, file); + if (ppath = rindex(path, '/')) { + ppath += 1; + } else { + ppath = path; + } + for (th = psl; fgets(namebuf, sizeof namebuf, fin); th = &(*th)->next) { + if (pc = index(namebuf, '\n')) { + *pc = '\0'; + } else { + fprintf(stderr, "Host name too long (>= %d chars) in '%s'.\n", + sizeof namebuf, file); + exit(-1); + } + host = gethostbyname(namebuf); + if (host == NULL) { + fprintf(stderr, "Unknown host '%s' in '%s'.\n", namebuf, file); + exit(-1); + } + (*th) = (struct slave_host *) malloc(sizeof(struct slave_host)); + if (!*th) { + fprintf(stderr, "No memory reading host list from '%s'.\n", + file); + exit(-1); + } + (*th)->name = malloc(strlen(namebuf) + 1); + if (!(*th)->name) { + fprintf(stderr, "No memory reading host list from '%s'.\n", + file); + exit(-1); + } + /* get kerberos cannonical instance name */ + strcpy((*th)->name, namebuf); + inst = krb_get_phost ((*th)->name); + (*th)->instance = malloc(strlen(inst) + 1); + if (!(*th)->instance) { + fprintf(stderr, "No memory reading host list from '%s'.\n", + file); + exit(-1); + } + strcpy((*th)->instance, inst); + /* what a concept, slave servers in different realms! */ + (*th)->realm = my_realm; + (*th)->net_addr = *(u_long *) host->h_addr; + (*th)->succeeded = 0; + (*th)->next = NULL; + strcat(strcpy(ppath, (*th)->name), "-last-prop"); + if (!force_flag && !stat(path, &stbuf) && stbuf.st_mtime > ok_mtime) { + (*th)->not_time_yet = 1; + (*th)->succeeded = 1; /* no change since last success */ + } + } + fclose(fin); + return (1); +} + +#ifdef doesnt_work_yet +u_long get_data_checksum(fd, key_sched) + int fd; + Key_schedule key_sched; +{ + unsigned long cksum = 0; + unsigned long cbc_cksum(); + int n; + char buf[BUFSIZ]; + long obuf[2]; + + while (n = read(fd, buf, sizeof buf)) { + if (n < 0) { + fprintf(stderr, "Input data file read error: "); + perror("read"); + exit(1); + } + cksum = cbc_cksum(buf, obuf, n, key_sched, key_sched); + } + return cksum; +} +#endif diff --git a/eBones/usr.sbin/kprop/kprop.h b/eBones/usr.sbin/kprop/kprop.h new file mode 100644 index 0000000..2f34e36 --- /dev/null +++ b/eBones/usr.sbin/kprop/kprop.h @@ -0,0 +1,33 @@ +/* + * Copyright 1987 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, + * please see the file <mit-copyright.h>. + * + * $Revision: 4.1 $ + * $Date: 92/10/23 15:45:13 $ + * $State: Exp $ + * $Source: /afs/net.mit.edu/project/krb4/src/slave/RCS/kprop.h,v $ + * $Author: tytso $ + * $Locker: $ + * + * $Log: kprop.h,v $ + * Revision 4.1 92/10/23 15:45:13 tytso + * Change the location of KPROP_KDBUTIL to be /kerberos/bin/kdb_util. + * + * Revision 4.0 89/01/24 18:44:46 wesommer + * Original version; programmer: wesommer + * auditor: jon + * + */ + +#define KPROP_SERVICE_NAME "rcmd" +#define KPROP_SRVTAB "/etc/kerberosIV/srvtab" +#define TGT_SERVICE_NAME "krbtgt" +#define KPROP_PROT_VERSION_LEN 8 +#define KPROP_PROT_VERSION "kprop01" +#define KPROP_TRANSFER_PRIVATE 1 +#define KPROP_TRANSFER_SAFE 2 +#define KPROP_TRANSFER_CLEAR 3 +#define KPROP_BUFSIZ 32768 +#define KPROP_KDB_UTIL "/usr/sbin/kdb_util" |