![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to kdb_edit.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / kdb_edit|
Return to kdb_edit.c CVS log | Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / kdb_edit |
1.1 root 1: /*
2: * $Source: /mit/kerberos/src/admin/RCS/kdb_edit.c,v $
3: * $Author: jtkohl $
4: *
5: * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
6: * of Technology.
7: *
8: * For copying and distribution information, please see the file
9: * <mit-copyright.h>.
10: *
11: * This routine changes the Kerberos encryption keys for principals,
12: * i.e., users or services.
13: */
14:
15: /*
16: * exit returns 0 ==> success -1 ==> error
17: */
18:
19: #ifndef lint
20: static char rcsid_kdb_edit_c[] =
21: "$Header: kdb_edit.c,v 4.1 89/03/23 09:58:18 jtkohl Exp $";
22: #endif lint
23:
24: #include <mit-copyright.h>
25:
26: #include <stdio.h>
27: #include <signal.h>
28: #include <errno.h>
29: #include <strings.h>
30: #include <sys/ioctl.h>
31: #include <sys/file.h>
32: #include "time.h"
33: #include <des.h>
34: #include <krb.h>
35: #include <krb_db.h>
36: /* MKEYFILE is now defined in kdc.h */
37: #include <kdc.h>
38:
39: extern char *errmsg();
40: extern int errno;
41: extern char *strcpy();
42:
43: void sig_exit();
44:
45: char prog[32];
46: char *progname = prog;
47: int nflag = 0;
48: int cflag;
49: int lflag;
50: int uflag;
51: int debug;
52: extern kerb_debug;
53: extern char *sys_errlist[];
54:
55: Key_schedule KS;
56: C_Block new_key;
57: unsigned char *input;
58:
59: unsigned char *ivec;
60: int i, j;
61: int more;
62:
63: char *in_ptr;
64: char input_name[ANAME_SZ];
65: char input_instance[INST_SZ];
66: char input_string[ANAME_SZ];
67:
68: #define MAX_PRINCIPAL 10
69: Principal principal_data[MAX_PRINCIPAL];
70:
71: static Principal old_principal;
72: static Principal default_princ;
73:
74: static C_Block master_key;
75: static C_Block session_key;
76: static Key_schedule master_key_schedule;
77: static char pw_str[255];
78: static long master_key_version;
79:
80: main(argc, argv)
81: int argc;
82: char *argv[];
83:
84: {
85: /* Local Declarations */
86:
87: long n;
88:
89: prog[sizeof prog - 1] = '\0'; /* make sure terminated */
90: strncpy(prog, argv[0], sizeof prog - 1); /* salt away invoking
91: * program */
92:
93: /* Assume a long is four bytes */
94: if (sizeof(long) != 4) {
95: fprintf(stdout, "%s: size of long is %d.\n", sizeof(long), prog);
96: exit(-1);
97: }
98: /* Assume <=32 signals */
99: if (NSIG > 32) {
100: fprintf(stderr, "%s: more than 32 signals defined.\n", prog);
101: exit(-1);
102: }
103: while (--argc > 0 && (*++argv)[0] == '-')
104: for (i = 1; argv[0][i] != '\0'; i++) {
105: switch (argv[0][i]) {
106:
107: /* debug flag */
108: case 'd':
109: debug = 1;
110: continue;
111:
112: /* debug flag */
113: case 'l':
114: kerb_debug |= 1;
115: continue;
116:
117: case 'n': /* read MKEYFILE for master key */
118: nflag = 1;
119: continue;
120:
121: default:
122: fprintf(stderr, "%s: illegal flag \"%c\"\n",
123: progname, argv[0][i]);
124: Usage(); /* Give message and die */
125: }
126: };
127:
128: fprintf(stdout, "Opening database...\n");
129: fflush(stdout);
130: kerb_init();
131: if (argc > 0) {
132: if (kerb_db_set_name(*argv) != 0) {
133: fprintf(stderr, "Could not open altername database name\n");
134: exit(1);
135: }
136: }
137:
138: #ifdef notdef
139: no_core_dumps(); /* diddle signals to avoid core dumps! */
140:
141: /* ignore whatever is reasonable */
142: signal(SIGHUP, SIG_IGN);
143: signal(SIGINT, SIG_IGN);
144: signal(SIGTSTP, SIG_IGN);
145:
146: #endif
147:
148: if (kdb_get_master_key ((nflag == 0),
149: master_key, master_key_schedule) != 0) {
150: fprintf (stdout, "Couldn't read master key.\n");
151: fflush (stdout);
152: exit (-1);
153: }
154:
155: if ((master_key_version = kdb_verify_master_key(master_key,
156: master_key_schedule,
157: stdout)) < 0)
158: exit (-1);
159:
160: /* lookup the default values */
161: n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST,
162: &default_princ, 1, &more);
163: if (n != 1) {
164: fprintf(stderr,
165: "%s: Kerberos error on default value lookup, %d found.\n",
166: progname, n);
167: exit(-1);
168: }
169: fprintf(stdout, "Previous or default values are in [brackets] ,\n");
170: fprintf(stdout, "enter return to leave the same, or new value.\n");
171:
172: while (change_principal()) {
173: }
174:
175: cleanup();
176: }
177:
178: change_principal()
179: {
180: static char temp[255];
181: int creating = 0;
182: int editpw = 0;
183: int changed = 0;
184: long temp_long;
185: int n;
186: struct tm *tp, edate, *localtime();
187: long maketime();
188:
189: fprintf(stdout, "\nPrincipal name: ");
190: fflush(stdout);
191: if (!gets(input_name) || *input_name == '\0')
192: return 0;
193: fprintf(stdout, "Instance: ");
194: fflush(stdout);
195: /* instance can be null */
196: gets(input_instance);
197: j = kerb_get_principal(input_name, input_instance, principal_data,
198: MAX_PRINCIPAL, &more);
199: if (!j) {
200: fprintf(stdout, "\n\07\07<Not found>, Create [y] ? ");
201: gets(temp); /* Default case should work, it didn't */
202: if (temp[0] != 'y' && temp[0] != 'Y' && temp[0] != '\0')
203: return -1;
204: /* make a new principal, fill in defaults */
205: j = 1;
206: creating = 1;
207: strcpy(principal_data[0].name, input_name);
208: strcpy(principal_data[0].instance, input_instance);
209: principal_data[0].old = NULL;
210: principal_data[0].exp_date = default_princ.exp_date;
211: principal_data[0].max_life = default_princ.max_life;
212: principal_data[0].attributes = default_princ.attributes;
213: principal_data[0].kdc_key_ver = (unsigned char) master_key_version;
214: principal_data[0].key_version = 0; /* bumped up later */
215: }
216: tp = localtime(&principal_data[0].exp_date);
217: (void) sprintf(principal_data[0].exp_date_txt, "%4d-%02d-%02d",
218: tp->tm_year > 1900 ? tp->tm_year : tp->tm_year + 1900,
219: tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */
220: for (i = 0; i < j; i++) {
221: for (;;) {
222: fprintf(stdout,
223: "\nPrincipal: %s, Instance: %s, kdc_key_ver: %d",
224: principal_data[i].name, principal_data[i].instance,
225: principal_data[i].kdc_key_ver);
226: editpw = 1;
227: changed = 0;
228: if (!creating) {
229: /*
230: * copy the existing data so we can use the old values
231: * for the qualifier clause of the replace
232: */
233: principal_data[i].old = (char *) &old_principal;
234: bcopy(&principal_data[i], &old_principal,
235: sizeof(old_principal));
236: printf("\nChange password [n] ? ");
237: gets(temp);
238: if (strcmp("y", temp) && strcmp("Y", temp))
239: editpw = 0;
240: }
241: /* password */
242: if (editpw) {
243: #ifdef NOENCRYPTION
244: placebo_read_pw_string(pw_str, sizeof pw_str,
245: "\nNew Password: ", TRUE);
246: #else
247: des_read_pw_string(pw_str, sizeof pw_str,
248: "\nNew Password: ", TRUE);
249: #endif
250: if (!strcmp(pw_str, "RANDOM")) {
251: printf("\nRandom password [y] ? ");
252: gets(temp);
253: if (!strcmp("n", temp) || !strcmp("N", temp)) {
254: /* no, use literal */
255: #ifdef NOENCRYPTION
256: bzero(new_key, sizeof(C_Block));
257: new_key[0] = 127;
258: #else
259: string_to_key(pw_str, new_key);
260: #endif
261: bzero(pw_str, sizeof pw_str); /* "RANDOM" */
262: } else {
263: #ifdef NOENCRYPTION
264: bzero(new_key, sizeof(C_Block));
265: new_key[0] = 127;
266: #else
267: random_key(new_key); /* yes, random */
268: #endif
269: bzero(pw_str, sizeof pw_str);
270: }
271: } else if (!strcmp(pw_str, "NULL")) {
272: printf("\nNull Key [y] ? ");
273: gets(temp);
274: if (!strcmp("n", temp) || !strcmp("N", temp)) {
275: /* no, use literal */
276: #ifdef NOENCRYPTION
277: bzero(new_key, sizeof(C_Block));
278: new_key[0] = 127;
279: #else
280: string_to_key(pw_str, new_key);
281: #endif
282: bzero(pw_str, sizeof pw_str); /* "NULL" */
283: } else {
284:
285: principal_data[i].key_low = 0;
286: principal_data[i].key_high = 0;
287: goto null_key;
288: }
289: } else {
290: #ifdef NOENCRYPTION
291: bzero(new_key, sizeof(C_Block));
292: new_key[0] = 127;
293: #else
294: string_to_key(pw_str, new_key);
295: #endif
296: bzero(pw_str, sizeof pw_str);
297: }
298:
299: /* seal it under the kerberos master key */
300: kdb_encrypt_key (new_key, new_key,
301: master_key, master_key_schedule,
302: ENCRYPT);
303: bcopy(new_key, &principal_data[i].key_low, 4);
304: bcopy(((long *) new_key) + 1,
305: &principal_data[i].key_high, 4);
306: bzero(new_key, sizeof(new_key));
307: null_key:
308: /* set master key version */
309: principal_data[i].kdc_key_ver =
310: (unsigned char) master_key_version;
311: /* bump key version # */
312: principal_data[i].key_version++;
313: fprintf(stdout,
314: "\nPrincipal's new key version = %d\n",
315: principal_data[i].key_version);
316: fflush(stdout);
317: changed = 1;
318: }
319: /* expiration date */
320: fprintf(stdout, "Expiration date (enter yyyy-mm-dd) [ %s ] ? ",
321: principal_data[i].exp_date_txt);
322: zaptime(&edate);
323: while (gets(temp) && ((n = strlen(temp)) >
324: sizeof(principal_data[0].exp_date_txt))) {
325: bad_date:
326: fprintf(stdout, "\07\07Date Invalid\n");
327: fprintf(stdout,
328: "Expiration date (enter yyyy-mm-dd) [ %s ] ? ",
329: principal_data[i].exp_date_txt);
330: zaptime(&edate);
331: }
332:
333: if (*temp) {
334: if (sscanf(temp, "%d-%d-%d", &edate.tm_year,
335: &edate.tm_mon, &edate.tm_mday) != 3)
336: goto bad_date;
337: (void) strcpy(principal_data[i].exp_date_txt, temp);
338: edate.tm_mon--; /* January is 0, not 1 */
339: edate.tm_hour = 23; /* nearly midnight at the end of the */
340: edate.tm_min = 59; /* specified day */
341: edate.tm_zon = 1; /* local time, not GMT */
342: if (!(principal_data[i].exp_date = maketime(&edate)))
343: goto bad_date;
344: changed = 1;
345: }
346:
347: /* maximum lifetime */
348: fprintf(stdout, "Max ticket lifetime (*5 minutes) [ %d ] ? ",
349: principal_data[i].max_life);
350: while (gets(temp) && *temp) {
351: if (sscanf(temp, "%d", &temp_long) != 1)
352: goto bad_life;
353: if (temp_long > 255 || (temp_long < 0)) {
354: bad_life:
355: fprintf(stdout, "\07\07Invalid, choose 0-255\n");
356: fprintf(stdout,
357: "Max ticket lifetime (*5 minutes) [ %d ] ? ",
358: principal_data[i].max_life);
359: continue;
360: }
361: changed = 1;
362: /* dont clobber */
363: principal_data[i].max_life = (unsigned short) temp_long;
364: break;
365: }
366:
367: /* attributes */
368: fprintf(stdout, "Attributes [ %d ] ? ",
369: principal_data[i].attributes);
370: while (gets(temp) && *temp) {
371: if (sscanf(temp, "%d", &temp_long) != 1)
372: goto bad_att;
373: if (temp_long > 65535 || (temp_long < 0)) {
374: bad_att:
375: fprintf(stdout, "\07\07Invalid, choose 0-65535\n");
376: fprintf(stdout, "Attributes [ %d ] ? ",
377: principal_data[i].attributes);
378: continue;
379: }
380: changed = 1;
381: /* dont clobber */
382: principal_data[i].attributes =
383: (unsigned short) temp_long;
384: break;
385: }
386:
387: /*
388: * remaining fields -- key versions and mod info, should
389: * not be directly manipulated
390: */
391: if (changed) {
392: if (kerb_put_principal(&principal_data[i], 1)) {
393: fprintf(stdout,
394: "\nError updating Kerberos database");
395: } else {
396: fprintf(stdout, "Edit O.K.");
397: }
398: } else {
399: fprintf(stdout, "Unchanged");
400: }
401:
402:
403: bzero(&principal_data[i].key_low, 4);
404: bzero(&principal_data[i].key_high, 4);
405: fflush(stdout);
406: break;
407: }
408: }
409: if (more) {
410: fprintf(stdout, "\nThere were more tuples found ");
411: fprintf(stdout, "than there were space for");
412: }
413: return 1;
414: }
415:
416:
417: no_core_dumps()
418: {
419:
420: signal(SIGQUIT, sig_exit);
421: signal(SIGILL, sig_exit);
422: signal(SIGTRAP, sig_exit);
423: signal(SIGIOT, sig_exit);
424: signal(SIGEMT, sig_exit);
425: signal(SIGFPE, sig_exit);
426: signal(SIGBUS, sig_exit);
427: signal(SIGSEGV, sig_exit);
428: signal(SIGSYS, sig_exit);
429: }
430:
431: void
432: sig_exit(sig, code, scp)
433: int sig, code;
434: struct sigcontext *scp;
435: {
436: cleanup();
437: fprintf(stderr,
438: "\nSignal caught, sig = %d code = %d old pc = 0x%X \nexiting",
439: sig, code, scp->sc_pc);
440: exit(-1);
441: }
442:
443:
444: cleanup()
445: {
446:
447: bzero(master_key, sizeof(master_key));
448: bzero(session_key, sizeof(session_key));
449: bzero(master_key_schedule, sizeof(master_key_schedule));
450: bzero(principal_data, sizeof(principal_data));
451: bzero(new_key, sizeof(new_key));
452: bzero(pw_str, sizeof(pw_str));
453: }
454: Usage()
455: {
456: fprintf(stderr, "Usage: %s [-n]\n", progname);
457: exit(1);
458: }
459:
460: /* zaptime code taken from: */
461: /*
462: * PARTIME parse date/time string into a TM structure
463: *
464: * Usage:
465: * #include "time.h" -- expanded tm structure
466: * char *str; struct tm *tp;
467: * partime(str,tp);
468: * Returns:
469: * 0 if parsing failed
470: * else time values in specified TM structure (unspecified values
471: * set to TMNULL)
472: * Notes:
473: * This code is quasi-public; it may be used freely in like software.
474: * It is not to be sold, nor used in licensed software without
475: * permission of the author.
476: * For everyone's benefit, please report bugs and improvements!
477: * Copyright 1980 by Ken Harrenstien, SRI International.
478: * (ARPANET: KLH @ SRI)
479: */
480:
481: zaptime(atm)
482: register struct tm *atm;
483: /* clears atm */
484: {
485: atm->tm_sec = TMNULL;
486: atm->tm_min = TMNULL;
487: atm->tm_hour = TMNULL;
488: atm->tm_mday = TMNULL;
489: atm->tm_mon = TMNULL;
490: atm->tm_year = TMNULL;
491: atm->tm_wday = TMNULL;
492: atm->tm_yday = TMNULL;
493: atm->tm_isdst = TMNULL;
494: atm->tm_zon = TMNULL;
495: atm->tm_ampm = TMNULL;
496: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.