![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to krb_kdb_utils.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / kdb|
Return to krb_kdb_utils.c CVS log | Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / kdb |
1.1 root 1: /*
2: * $Source: /mit/kerberos/src/lib/kdb/RCS/krb_kdb_utils.c,v $
3: * $Author: jtkohl $
4: *
5: * Copyright 1988 by the Massachusetts Institute of Technology.
6: *
7: * For copying and distribution information, please see the file
8: * <mit-copyright.h>.
9: *
10: * Utility routines for Kerberos programs which directly access
11: * the database. This code was duplicated in too many places
12: * before I gathered it here.
13: *
14: * Jon Rochlis, MIT Telecom, March 1988
15: */
16:
17: #ifndef lint
18: static char rcsid_krb_kdb_utils_c[] =
19: "$Header: /mit/kerberos/src/lib/kdb/RCS/krb_kdb_utils.c,v 4.1 89/07/26 11:01:12 jtkohl Exp $";
20: #endif lint
21:
22: #include <mit-copyright.h>
23: #include <des.h>
24: #include <krb.h>
25: #include <krb_db.h>
26: #include <kdc.h>
27: #include <stdio.h>
28: #include <sys/file.h>
29:
30: long kdb_get_master_key(prompt, master_key, master_key_sched)
31: int prompt;
32: C_Block master_key;
33: Key_schedule master_key_sched;
34: {
35: int kfile;
36:
37: if (prompt) {
38: #ifdef NOENCRYPTION
39: placebo_read_password(master_key,
40: "\nEnter Kerberos master key: ", 0);
41: #else
42: des_read_password(master_key,
43: "\nEnter Kerberos master key: ", 0);
44: #endif
45: printf ("\n");
46: }
47: else {
48: kfile = open(MKEYFILE, O_RDONLY, 0600);
49: if (kfile < 0) {
50: /* oh, for com_err_ */
51: return (-1);
52: }
53: if (read(kfile, (char *) master_key, 8) != 8) {
54: return (-1);
55: }
56: close(kfile);
57: }
58:
59: #ifndef NOENCRYPTION
60: key_sched(master_key, master_key_sched);
61: #endif
62: return (0);
63: }
64:
65: /* The caller is reasponsible for cleaning up the master key and sched,
66: even if we can't verify the master key */
67:
68: /* Returns master key version if successful, otherwise -1 */
69:
70: long kdb_verify_master_key (master_key, master_key_sched, out)
71: C_Block master_key;
72: Key_schedule master_key_sched;
73: FILE *out; /* setting this to non-null be do output */
74: {
75: C_Block key_from_db;
76: Principal principal_data[1];
77: int n, more = 0;
78: long master_key_version;
79:
80: /* lookup the master key version */
81: n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data,
82: 1 /* only one please */, &more);
83: if ((n != 1) || more) {
84: if (out != (FILE *) NULL)
85: fprintf(out,
86: "verify_master_key: %s, %d found.\n",
87: "Kerberos error on master key version lookup",
88: n);
89: return (-1);
90: }
91:
92: master_key_version = (long) principal_data[0].key_version;
93:
94: /* set up the master key */
95: if (out != (FILE *) NULL) /* should we punt this? */
96: fprintf(out, "Current Kerberos master key version is %d.\n",
97: principal_data[0].kdc_key_ver);
98:
99: /*
100: * now use the master key to decrypt the key in the db, had better
101: * be the same!
102: */
103: bcopy(&principal_data[0].key_low, key_from_db, 4);
104: bcopy(&principal_data[0].key_high, ((long *) key_from_db) + 1, 4);
105: kdb_encrypt_key (key_from_db, key_from_db,
106: master_key, master_key_sched, DECRYPT);
107:
108: /* the decrypted database key had better equal the master key */
109: n = bcmp((char *) master_key, (char *) key_from_db,
110: sizeof(master_key));
111: /* this used to zero the master key here! */
112: bzero(key_from_db, sizeof(key_from_db));
113: bzero(principal_data, sizeof (principal_data));
114:
115: if (n && (out != (FILE *) NULL)) {
116: fprintf(out, "\n\07\07verify_master_key: Invalid master key; ");
117: fprintf(out, "does not match database.\n");
118: return (-1);
119: }
120: if (out != (FILE *) NULL) {
121: fprintf(out, "\nMaster key entered. BEWARE!\07\07\n");
122: fflush(out);
123: }
124:
125: return (master_key_version);
126: }
127:
128: /* The old algorithm used the key schedule as the initial vector which
129: was byte order depedent ... */
130:
131: kdb_encrypt_key (in, out, master_key, master_key_sched, e_d_flag)
132: C_Block in, out, master_key;
133: Key_schedule master_key_sched;
134: int e_d_flag;
135: {
136:
137: #ifdef NOENCRYPTION
138: bcopy(in, out, sizeof(C_Block));
139: #else
140: pcbc_encrypt(in, out, (long) sizeof(C_Block),
141: master_key_sched, master_key, e_d_flag);
142: #endif
143: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.