3 * Copyright (C) 1988-1998 by the Massachusetts Institute of Technology.
4 * For copying and distribution information, please see the file
8 #include <mit-copyright.h>
10 #include <moira_site.h>
11 #include "ureg_proto.h"
14 #include <sys/types.h>
15 #include <sys/socket.h>
18 #include <netinet/in.h>
34 int do_operation(char *first, char *last, char *idnumber, char *hashidnumber,
35 char *data, u_long opcode);
36 int do_secure_operation(char *login, char *idnumber, char *passwd,
37 char *newpasswd, u_long opcode);
38 int do_call(char *buf, int len, int seq_no, char *login);
40 char *krb_realmofhost(char *);
42 static int reg_sock = -1;
43 static int seq_no = 0;
45 #define UNKNOWN_HOST -1
46 #define UNKNOWN_SERVICE -2
49 #define FD_ZERO(p) ((p)->fds_bits[0] = 0)
50 #define FD_SET(n, p) ((p)->fds_bits[0] |= (1 << (n)))
51 #define FD_ISSET(n, p) ((p)->fds_bits[0] & (1 << (n)))
59 struct sockaddr_in s_in;
61 initialize_ureg_error_table();
62 initialize_krb_error_table();
63 initialize_sms_error_table();
64 initialize_kadm_error_table();
69 host = getenv("REGSERVER");
71 if (!host || (strlen(host) == 0))
73 p = hes_resolve("registration", "sloc");
78 if (!host || (strlen(host) == 0))
80 host = strdup(MOIRA_SERVER);
81 s = strchr(host, ':');
85 hp = gethostbyname(host);
86 host = strdup(hp->h_name);
90 sp = getservbyname("moira_ureg", "udp");
93 return UNKNOWN_SERVICE;
96 reg_sock = socket(AF_INET, SOCK_DGRAM, 0);
100 memset(&s_in, 0, sizeof(s_in));
101 s_in.sin_port = sp->s_port;
102 memcpy(&s_in.sin_addr, hp->h_addr, sizeof(struct in_addr));
103 s_in.sin_family = AF_INET;
105 if (connect(reg_sock, (struct sockaddr *)&s_in, sizeof(s_in)) < 0)
110 int verify_user(char *first, char *last, char *idnumber,
111 char *hashidnumber, char *login)
114 int version = ntohl((u_long)1);
115 int call = ntohl((u_long)UREG_VERIFY_USER);
120 char crypt_src[1024];
122 memcpy(bp, &version, sizeof(int));
125 memcpy(bp, &seq_no, sizeof(int));
129 memcpy(bp, &call, sizeof(int));
134 bp += strlen(bp) + 1;
137 bp += strlen(bp) + 1;
139 len = strlen(idnumber) + 1;
140 memcpy(crypt_src, idnumber, len);
142 memcpy(crypt_src + len, hashidnumber, 13);
144 des_string_to_key(hashidnumber, key);
145 des_key_sched(key, ks);
146 des_pcbc_encrypt(crypt_src, bp, len + 13, ks, key, DES_ENCRYPT);
149 return do_call(buf, len, seq_no, login);
152 int do_operation(char *first, char *last, char *idnumber, char *hashidnumber,
153 char *data, u_long opcode)
156 int version = ntohl((u_long)1);
157 int call = ntohl(opcode);
163 char crypt_src[1024];
166 memcpy(bp, &version, sizeof(int));
169 memcpy(bp, &seq_no, sizeof(int));
173 memcpy(bp, &call, sizeof(int));
178 bp += strlen(bp) + 1;
181 bp += strlen(bp) + 1;
183 len = strlen(idnumber) + 1;
186 memcpy(crypt_src, idnumber, len);
189 memcpy(cbp, hashidnumber, 14);
192 len = strlen(data) + 1;
193 memcpy(cbp, data, len);
196 len = cbp - crypt_src;
197 des_string_to_key(hashidnumber, key);
198 des_key_sched(key, ks);
199 des_pcbc_encrypt(crypt_src, bp, len, ks, key, 1);
200 len = ((len + 7) >> 3) << 3;
204 return do_call(buf, len, seq_no, 0);
207 int grab_login(char *first, char *last, char *idnumber, char *hashidnumber,
210 return do_operation(first, last, idnumber, hashidnumber, login,
214 int enroll_login(char *first, char *last, char *idnumber, char *hashidnumber,
217 return do_operation(first, last, idnumber, hashidnumber, login,
221 int set_password(char *first, char *last, char *idnumber, char *hashidnumber,
224 return do_operation(first, last, idnumber, hashidnumber, password,
228 int get_krb(char *first, char *last, char *idnumber, char *hashidnumber,
231 return do_operation(first, last, idnumber, hashidnumber, password,
236 /* The handles the operations for secure passwords.
237 * To find out if a user has a secure instance, the newpasswd
238 * field is ignored (but must be a valid char *)
239 * and the opcode = UREG_GET_SECURE need to be specified (but the
240 * other strings must be valid char*'s). This will return
241 * UREG_ALREADY_REGISTERED if it is set, or SUCCESS if not.
242 * To set the password, fill in the rest of the fields, and
243 * use opcode = UREG_SET_SECURE. This returns SUCCESS or any number
247 int do_secure_operation(char *login, char *idnumber, char *passwd,
248 char *newpasswd, u_long opcode)
250 char buf[1500], data[128], tktstring[128];
251 int version = ntohl((u_long)1);
252 int call = ntohl(opcode);
253 char inst[INST_SZ], hosti[INST_SZ];
254 char *bp = buf, *src, *dst, *realm;
260 memmove(bp, &version, sizeof(int));
263 memmove(bp, &seq_no, sizeof(int));
266 memmove(bp, &call, sizeof(int));
270 /* put the login name in the firstname field */
272 bp += strlen(bp) + 1;
274 /* the old lastname field */
276 bp += strlen(bp) + 1;
278 /* don't overwrite existing ticket file */
279 sprintf(tktstring, "/tmp/tkt_cpw_%ld", (long)getpid());
280 krb_set_tkt_string(tktstring);
282 /* get realm and canonizalized hostname of server */
283 realm = krb_realmofhost(host);
284 for (src = host, dst = hosti; *src && *src != '.'; src++)
287 *dst++ = tolower(*src);
294 /* get changepw tickets. We use this service because it's the
295 * only one that guarantees we used the password rather than a
296 * ticket granting ticket.
298 status = krb_get_pw_in_tkt(login, inst, realm, "changepw", hosti, 5, passwd);
300 return status + krb_err_base;
302 status = krb_mk_req(&cred, "changepw", hosti, realm, 0);
304 return status + krb_err_base;
306 /* round up to word boundry */
307 bp = (char *)((((u_long)bp) + 3) & 0xfffffffc);
309 /* put the ticket in the packet */
311 cred.length = htonl(cred.length);
312 memmove(bp, &(cred), sizeof(int) + len);
313 bp += sizeof(int) + len;
315 /* encrypt the data in the session key */
316 sprintf(data, "%s,%s", idnumber, newpasswd);
318 len = ((len + 7) >> 3) << 3;
320 status = krb_get_cred("changepw", hosti, realm, &creds);
323 memset(data, 0, strlen(data));
324 return status + krb_err_base;
328 des_key_sched(creds.session, keys);
329 des_pcbc_encrypt(data, bp + sizeof(int), len, keys, creds.session, 1);
330 *((int *)bp) = htonl(len);
331 memset(data, 0, strlen(data));
333 bp += len + sizeof(int);
336 return do_call(buf, len, seq_no, 0);
339 int do_call(char *buf, int len, int seq_no, char *login)
341 struct timeval timeout;
349 if (write(reg_sock, buf, len) != len)
353 FD_SET(reg_sock, &set);
359 struct sockaddr_in s_in;
360 int addrlen = sizeof(s_in);
365 rtn = select(reg_sock + 1, &set, NULL, NULL, &timeout);
371 len = recvfrom(reg_sock, ibuf, BUFSIZ, 0,
372 (struct sockaddr *)&s_in, &addrlen);
376 return UREG_BROKEN_PACKET;
377 memcpy(&vno, ibuf, sizeof(long));
378 vno = ntohl((u_long)vno);
381 memcpy(&sno, ibuf + 4, sizeof(long));
386 memcpy(&stat, ibuf + 8, sizeof(long));
387 stat = ntohl((u_long)stat);
388 if (login && len > 12)
390 memcpy(login, ibuf + 12, len - 12);
391 login[len - 12] = '\0';
399 while (++retry < 10);