![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to krb_kdb_utils.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / kdb|
Return to krb_kdb_utils.c CVS log | Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / kdb |
1.1 ! root 1: /* ! 2: * $Source: /mit/kerberos/src/lib/kdb/RCS/krb_kdb_utils.c,v $ ! 3: * $Author: jtkohl $ ! 4: * ! 5: * Copyright 1988 by the Massachusetts Institute of Technology. ! 6: * ! 7: * For copying and distribution information, please see the file ! 8: * <mit-copyright.h>. ! 9: * ! 10: * Utility routines for Kerberos programs which directly access ! 11: * the database. This code was duplicated in too many places ! 12: * before I gathered it here. ! 13: * ! 14: * Jon Rochlis, MIT Telecom, March 1988 ! 15: */ ! 16: ! 17: #ifndef lint ! 18: static char rcsid_krb_kdb_utils_c[] = ! 19: "$Header: /mit/kerberos/src/lib/kdb/RCS/krb_kdb_utils.c,v 4.1 89/07/26 11:01:12 jtkohl Exp $"; ! 20: #endif lint ! 21: ! 22: #include <mit-copyright.h> ! 23: #include <des.h> ! 24: #include <krb.h> ! 25: #include <krb_db.h> ! 26: #include <kdc.h> ! 27: #include <stdio.h> ! 28: #include <sys/file.h> ! 29: ! 30: long kdb_get_master_key(prompt, master_key, master_key_sched) ! 31: int prompt; ! 32: C_Block master_key; ! 33: Key_schedule master_key_sched; ! 34: { ! 35: int kfile; ! 36: ! 37: if (prompt) { ! 38: #ifdef NOENCRYPTION ! 39: placebo_read_password(master_key, ! 40: "\nEnter Kerberos master key: ", 0); ! 41: #else ! 42: des_read_password(master_key, ! 43: "\nEnter Kerberos master key: ", 0); ! 44: #endif ! 45: printf ("\n"); ! 46: } ! 47: else { ! 48: kfile = open(MKEYFILE, O_RDONLY, 0600); ! 49: if (kfile < 0) { ! 50: /* oh, for com_err_ */ ! 51: return (-1); ! 52: } ! 53: if (read(kfile, (char *) master_key, 8) != 8) { ! 54: return (-1); ! 55: } ! 56: close(kfile); ! 57: } ! 58: ! 59: #ifndef NOENCRYPTION ! 60: key_sched(master_key, master_key_sched); ! 61: #endif ! 62: return (0); ! 63: } ! 64: ! 65: /* The caller is reasponsible for cleaning up the master key and sched, ! 66: even if we can't verify the master key */ ! 67: ! 68: /* Returns master key version if successful, otherwise -1 */ ! 69: ! 70: long kdb_verify_master_key (master_key, master_key_sched, out) ! 71: C_Block master_key; ! 72: Key_schedule master_key_sched; ! 73: FILE *out; /* setting this to non-null be do output */ ! 74: { ! 75: C_Block key_from_db; ! 76: Principal principal_data[1]; ! 77: int n, more = 0; ! 78: long master_key_version; ! 79: ! 80: /* lookup the master key version */ ! 81: n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data, ! 82: 1 /* only one please */, &more); ! 83: if ((n != 1) || more) { ! 84: if (out != (FILE *) NULL) ! 85: fprintf(out, ! 86: "verify_master_key: %s, %d found.\n", ! 87: "Kerberos error on master key version lookup", ! 88: n); ! 89: return (-1); ! 90: } ! 91: ! 92: master_key_version = (long) principal_data[0].key_version; ! 93: ! 94: /* set up the master key */ ! 95: if (out != (FILE *) NULL) /* should we punt this? */ ! 96: fprintf(out, "Current Kerberos master key version is %d.\n", ! 97: principal_data[0].kdc_key_ver); ! 98: ! 99: /* ! 100: * now use the master key to decrypt the key in the db, had better ! 101: * be the same! ! 102: */ ! 103: bcopy(&principal_data[0].key_low, key_from_db, 4); ! 104: bcopy(&principal_data[0].key_high, ((long *) key_from_db) + 1, 4); ! 105: kdb_encrypt_key (key_from_db, key_from_db, ! 106: master_key, master_key_sched, DECRYPT); ! 107: ! 108: /* the decrypted database key had better equal the master key */ ! 109: n = bcmp((char *) master_key, (char *) key_from_db, ! 110: sizeof(master_key)); ! 111: /* this used to zero the master key here! */ ! 112: bzero(key_from_db, sizeof(key_from_db)); ! 113: bzero(principal_data, sizeof (principal_data)); ! 114: ! 115: if (n && (out != (FILE *) NULL)) { ! 116: fprintf(out, "\n\07\07verify_master_key: Invalid master key; "); ! 117: fprintf(out, "does not match database.\n"); ! 118: return (-1); ! 119: } ! 120: if (out != (FILE *) NULL) { ! 121: fprintf(out, "\nMaster key entered. BEWARE!\07\07\n"); ! 122: fflush(out); ! 123: } ! 124: ! 125: return (master_key_version); ! 126: } ! 127: ! 128: /* The old algorithm used the key schedule as the initial vector which ! 129: was byte order depedent ... */ ! 130: ! 131: kdb_encrypt_key (in, out, master_key, master_key_sched, e_d_flag) ! 132: C_Block in, out, master_key; ! 133: Key_schedule master_key_sched; ! 134: int e_d_flag; ! 135: { ! 136: ! 137: #ifdef NOENCRYPTION ! 138: bcopy(in, out, sizeof(C_Block)); ! 139: #else ! 140: pcbc_encrypt(in, out, (long) sizeof(C_Block), ! 141: master_key_sched, master_key, e_d_flag); ! 142: #endif ! 143: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.