![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to kdb_util.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / kdb_util|
Return to kdb_util.c CVS log | Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / kdb_util |
1.1 root 1: /*
2: * $Source: /usr/src/kerberosIV/kdb_util/RCS/kdb_util.c,v $
3: * $Author: kfall $
4: *
5: * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
6: *
7: * For copying and distribution information, please see the file
8: * <mit-copyright.h>.
9: *
10: * Kerberos database manipulation utility. This program allows you to
11: * dump a kerberos database to an ascii readable file and load this
12: * file into the database. Read locking of the database is done during a
13: * dump operation. NO LOCKING is done during a load operation. Loads
14: * should happen with other processes shutdown.
15: *
16: * Written July 9, 1987 by Jeffrey I. Schiller
17: */
18:
19: #ifndef lint
20: static char rcsid_kdb_util_c[] =
21: "$Id: kdb_util.c,v 4.5 90/06/25 22:12:42 kfall Exp $";
22: #endif lint
23:
24: #include <mit-copyright.h>
25: #include <sys/types.h>
26: #include <sys/file.h>
27: #include <netinet/in.h>
28: #include <string.h>
29: #include <stdio.h>
30: #include "time.h"
31: #include <des.h>
32: #include <krb.h>
33: #include <krb_db.h>
34:
35: #define TRUE 1
36:
37: Principal aprinc;
38:
39: static des_cblock master_key, new_master_key;
40: static des_key_schedule master_key_schedule, new_master_key_schedule;
41:
42: #define zaptime(foo) bzero((char *)(foo), sizeof(*(foo)))
43:
44: extern long kdb_get_master_key(), kdb_verify_master_key();
45: extern char *malloc();
46: extern int errno;
47:
48: char *progname;
49:
50: main(argc, argv)
51: int argc;
52: char **argv;
53: {
54: FILE *file;
55: enum {
56: OP_LOAD,
57: OP_DUMP,
58: OP_SLAVE_DUMP,
59: OP_NEW_MASTER,
60: OP_CONVERT_OLD_DB,
61: } op;
62: char *file_name;
63: char *prog = argv[0];
64: char *db_name;
65:
66: progname = prog; /* required by libkdb (yuck!) */
67:
68: if (argc != 3 && argc != 4) {
69: fprintf(stderr, "Usage: %s operation file-name [database name].\n",
70: argv[0]);
71: exit(1);
72: }
73: if (argc == 3)
74: db_name = DBM_FILE;
75: else
76: db_name = argv[3];
77:
78: if (kerb_db_set_name (db_name) != 0) {
79: perror("Can't open database");
80: exit(1);
81: }
82:
83: if (!strcmp(argv[1], "load"))
84: op = OP_LOAD;
85: else if (!strcmp(argv[1], "dump"))
86: op = OP_DUMP;
87: else if (!strcmp(argv[1], "slave_dump"))
88: op = OP_SLAVE_DUMP;
89: else if (!strcmp(argv[1], "new_master_key"))
90: op = OP_NEW_MASTER;
91: else if (!strcmp(argv[1], "convert_old_db"))
92: op = OP_CONVERT_OLD_DB;
93: else {
94: fprintf(stderr,
95: "%s: %s is an invalid operation.\n", prog, argv[1]);
96: fprintf(stderr,
97: "%s: Valid operations are \"dump\", \"slave_dump\",", argv[0]);
98: fprintf(stderr,
99: "\"load\", \"new_master_key\", and \"convert_old_db\".\n");
100: exit(1);
101: }
102:
103: file_name = argv[2];
104: file = fopen(file_name, op == OP_LOAD ? "r" : "w");
105: if (file == NULL) {
106: fprintf(stderr, "%s: Unable to open %s\n", prog, argv[2]);
107: (void) fflush(stderr);
108: perror("open");
109: exit(1);
110: }
111:
112: switch (op) {
113: case OP_DUMP:
114: if ((dump_db (db_name, file, (void (*)()) 0) == EOF) ||
115: (fclose(file) == EOF)) {
116: fprintf(stderr, "error on file %s:", file_name);
117: perror("");
118: exit(1);
119: }
120: break;
121: case OP_SLAVE_DUMP:
122: if ((dump_db (db_name, file, (void (*)()) 0) == EOF) ||
123: (fclose(file) == EOF)) {
124: fprintf(stderr, "error on file %s:", file_name);
125: perror("");
126: exit(1);
127: }
128: update_ok_file (file_name);
129: break;
130: case OP_LOAD:
131: load_db (db_name, file);
132: break;
133: case OP_NEW_MASTER:
134: convert_new_master_key (db_name, file);
135: printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name);
136: break;
137: case OP_CONVERT_OLD_DB:
138: convert_old_format_db (db_name, file);
139: printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name);
140: break;
141: }
142: exit(0);
143: }
144:
145: clear_secrets ()
146: {
147: bzero((char *)master_key, sizeof (des_cblock));
148: bzero((char *)master_key_schedule, sizeof (Key_schedule));
149: bzero((char *)new_master_key, sizeof (des_cblock));
150: bzero((char *)new_master_key_schedule, sizeof (Key_schedule));
151: }
152:
153: /* cv_key is a procedure which takes a principle and changes its key,
154: either for a new method of encrypting the keys, or a new master key.
155: if cv_key is null no transformation of key is done (other than net byte
156: order). */
157:
158: struct callback_args {
159: void (*cv_key)();
160: FILE *output_file;
161: };
162:
163: static int dump_db_1(arg, principal)
164: char *arg;
165: Principal *principal;
166: { /* replace null strings with "*" */
167: struct callback_args *a = (struct callback_args *)arg;
168:
169: if (principal->instance[0] == '\0') {
170: principal->instance[0] = '*';
171: principal->instance[1] = '\0';
172: }
173: if (principal->mod_name[0] == '\0') {
174: principal->mod_name[0] = '*';
175: principal->mod_name[1] = '\0';
176: }
177: if (principal->mod_instance[0] == '\0') {
178: principal->mod_instance[0] = '*';
179: principal->mod_instance[1] = '\0';
180: }
181: if (a->cv_key != NULL) {
182: (*a->cv_key) (principal);
183: }
184: fprintf(a->output_file, "%s %s %d %d %d %d %x %x",
185: principal->name,
186: principal->instance,
187: principal->max_life,
188: principal->kdc_key_ver,
189: principal->key_version,
190: principal->attributes,
191: htonl (principal->key_low),
192: htonl (principal->key_high));
193: print_time(a->output_file, principal->exp_date);
194: print_time(a->output_file, principal->mod_date);
195: fprintf(a->output_file, " %s %s\n",
196: principal->mod_name,
197: principal->mod_instance);
198: return 0;
199: }
200:
201: dump_db (db_file, output_file, cv_key)
202: char *db_file;
203: FILE *output_file;
204: void (*cv_key)();
205: {
206: struct callback_args a;
207:
208: a.cv_key = cv_key;
209: a.output_file = output_file;
210:
211: kerb_db_iterate (dump_db_1, (char *)&a);
212: return fflush(output_file);
213: }
214:
215: load_db (db_file, input_file)
216: char *db_file;
217: FILE *input_file;
218: {
219: char exp_date_str[50];
220: char mod_date_str[50];
221: int temp1, temp2, temp3;
222: long time_explode();
223: int code;
224: extern char *sys_errlist[];
225: char *temp_db_file;
226: temp1 = strlen(db_file+2);
227: temp_db_file = malloc (temp1);
228: strcpy(temp_db_file, db_file);
229: strcat(temp_db_file, "~");
230:
231: /* Create the database */
232: if ((code = kerb_db_create(temp_db_file)) != 0) {
233: fprintf(stderr, "Couldn't create temp database %s: %s\n",
234: temp_db_file, sys_errlist[code]);
235: exit(1);
236: }
237: kerb_db_set_name(temp_db_file);
238: for (;;) { /* explicit break on eof from fscanf */
239: bzero((char *)&aprinc, sizeof(aprinc));
240: if (fscanf(input_file,
241: "%s %s %d %d %d %hd %x %x %s %s %s %s\n",
242: aprinc.name,
243: aprinc.instance,
244: &temp1,
245: &temp2,
246: &temp3,
247: &aprinc.attributes,
248: &aprinc.key_low,
249: &aprinc.key_high,
250: exp_date_str,
251: mod_date_str,
252: aprinc.mod_name,
253: aprinc.mod_instance) == EOF)
254: break;
255: aprinc.key_low = ntohl (aprinc.key_low);
256: aprinc.key_high = ntohl (aprinc.key_high);
257: aprinc.max_life = (unsigned char) temp1;
258: aprinc.kdc_key_ver = (unsigned char) temp2;
259: aprinc.key_version = (unsigned char) temp3;
260: aprinc.exp_date = time_explode(exp_date_str);
261: aprinc.mod_date = time_explode(mod_date_str);
262: if (aprinc.instance[0] == '*')
263: aprinc.instance[0] = '\0';
264: if (aprinc.mod_name[0] == '*')
265: aprinc.mod_name[0] = '\0';
266: if (aprinc.mod_instance[0] == '*')
267: aprinc.mod_instance[0] = '\0';
268: if (kerb_db_put_principal(&aprinc, 1) != 1) {
269: fprintf(stderr, "Couldn't store %s.%s: %s; load aborted\n",
270: aprinc.name, aprinc.instance,
271: sys_errlist[errno]);
272: exit(1);
273: };
274: }
275: if ((code = kerb_db_rename(temp_db_file, db_file)) != 0)
276: perror("database rename failed");
277: (void) fclose(input_file);
278: free(temp_db_file);
279: }
280:
281: print_time(file, timeval)
282: FILE *file;
283: unsigned long timeval;
284: {
285: struct tm *tm;
286: struct tm *gmtime();
287: tm = gmtime((long *)&timeval);
288: fprintf(file, " %04d%02d%02d%02d%02d",
289: tm->tm_year < 1900 ? tm->tm_year + 1900: tm->tm_year,
290: tm->tm_mon + 1,
291: tm->tm_mday,
292: tm->tm_hour,
293: tm->tm_min);
294: }
295:
296: /*ARGSUSED*/
297: update_ok_file (file_name)
298: char *file_name;
299: {
300: /* handle slave locking/failure stuff */
301: char *file_ok;
302: int fd;
303: static char ok[]=".dump_ok";
304:
305: if ((file_ok = (char *)malloc(strlen(file_name) + strlen(ok) + 1))
306: == NULL) {
307: fprintf(stderr, "kdb_util: out of memory.\n");
308: (void) fflush (stderr);
309: perror ("malloc");
310: exit (1);
311: }
312: strcpy(file_ok, file_name);
313: strcat(file_ok, ok);
314: if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0400)) < 0) {
315: fprintf(stderr, "Error creating 'ok' file, '%s'", file_ok);
316: perror("");
317: (void) fflush (stderr);
318: exit (1);
319: }
320: free(file_ok);
321: close(fd);
322: }
323:
324: void
325: convert_key_new_master (p)
326: Principal *p;
327: {
328: des_cblock key;
329:
330: /* leave null keys alone */
331: if ((p->key_low == 0) && (p->key_high == 0)) return;
332:
333: /* move current key to des_cblock for encryption, special case master key
334: since that's changing */
335: if ((strncmp (p->name, KERB_M_NAME, ANAME_SZ) == 0) &&
336: (strncmp (p->instance, KERB_M_INST, INST_SZ) == 0)) {
337: bcopy((char *)new_master_key, (char *) key, sizeof (des_cblock));
338: (p->key_version)++;
339: } else {
340: bcopy((char *)&(p->key_low), (char *)key, 4);
341: bcopy((char *)&(p->key_high), (char *) (((long *) key) + 1), 4);
342: kdb_encrypt_key (key, key, master_key, master_key_schedule, DECRYPT);
343: }
344:
345: kdb_encrypt_key (key, key, new_master_key, new_master_key_schedule, ENCRYPT);
346:
347: bcopy((char *)key, (char *)&(p->key_low), 4);
348: bcopy((char *)(((long *) key) + 1), (char *)&(p->key_high), 4);
349: bzero((char *)key, sizeof (key)); /* a little paranoia ... */
350:
351: (p->kdc_key_ver)++;
352: }
353:
354: convert_new_master_key (db_file, out)
355: char *db_file;
356: FILE *out;
357: {
358:
359: printf ("\n\nEnter the CURRENT master key.");
360: if (kdb_get_master_key (TRUE, master_key, master_key_schedule) != 0) {
361: fprintf (stderr, "%s: Couldn't get master key.\n");
362: clear_secrets ();
363: exit (-1);
364: }
365:
366: if (kdb_verify_master_key (master_key, master_key_schedule, stderr) < 0) {
367: clear_secrets ();
368: exit (-1);
369: }
370:
371: printf ("\n\nNow enter the NEW master key. Do not forget it!!");
372: if (kdb_get_master_key (TRUE, new_master_key, new_master_key_schedule) != 0) {
373: fprintf (stderr, "%s: Couldn't get new master key.\n");
374: clear_secrets ();
375: exit (-1);
376: }
377:
378: dump_db (db_file, out, convert_key_new_master);
379: }
380:
381: void
382: convert_key_old_db (p)
383: Principal *p;
384: {
385: des_cblock key;
386:
387: /* leave null keys alone */
388: if ((p->key_low == 0) && (p->key_high == 0)) return;
389:
390: bcopy((char *)&(p->key_low), (char *)key, 4);
391: bcopy((char *)&(p->key_high), (char *)(((long *) key) + 1), 4);
392:
393: #ifndef NOENCRYPTION
394: /* get clear key, old style */
395: (void) des_pcbc_encrypt ((des_cblock *) key, (des_cblock *) key,
396: (long) sizeof(des_cblock),
397: master_key_schedule, (des_cblock *)master_key_schedule,
398: DECRYPT);
399: #endif
400:
401: /* make new key, new style */
402: kdb_encrypt_key (key, key, master_key, master_key_schedule, ENCRYPT);
403:
404: bcopy((char *)key, (char *)&(p->key_low), 4);
405: bcopy((char *)(((long *) key) + 1), (char *)&(p->key_high), 4);
406: bzero((char *)key, sizeof (key)); /* a little paranoia ... */
407: }
408:
409: convert_old_format_db (db_file, out)
410: char *db_file;
411: FILE *out;
412: {
413: des_cblock key_from_db;
414: Principal principal_data[1];
415: int n, more;
416:
417: if (kdb_get_master_key (TRUE, master_key, master_key_schedule) != 0L) {
418: fprintf (stderr, "%s: Couldn't get master key.\n");
419: clear_secrets();
420: exit (-1);
421: }
422:
423: /* can't call kdb_verify_master_key because this is an old style db */
424: /* lookup the master key version */
425: n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data,
426: 1 /* only one please */, &more);
427: if ((n != 1) || more) {
428: fprintf(stderr, "verify_master_key: ",
429: "Kerberos error on master key lookup, %d found.\n",
430: n);
431: exit (-1);
432: }
433:
434: /* set up the master key */
435: fprintf(stderr, "Current Kerberos master key version is %d.\n",
436: principal_data[0].kdc_key_ver);
437:
438: /*
439: * now use the master key to decrypt (old style) the key in the db, had better
440: * be the same!
441: */
442: bcopy((char *)&principal_data[0].key_low, (char *)key_from_db, 4);
443: bcopy((char *)&principal_data[0].key_high,
444: (char *)(((long *) key_from_db) + 1), 4);
445: #ifndef NOENCRYPTION
446: (void) des_pcbc_encrypt (key_from_db, key_from_db,
447: (long) sizeof(key_from_db),
448: master_key_schedule,
449: (des_cblock *) master_key_schedule, DECRYPT);
450: #endif
451: /* the decrypted database key had better equal the master key */
452: n = bcmp((char *) master_key, (char *) key_from_db,
453: sizeof(master_key));
454: bzero((char *)key_from_db, sizeof(key_from_db));
455:
456: if (n) {
457: fprintf(stderr, "\n\07\07%verify_master_key: Invalid master key, ");
458: fprintf(stderr, "does not match database.\n");
459: exit (-1);
460: }
461:
462: fprintf(stderr, "Master key verified.\n");
463: (void) fflush(stderr);
464:
465: dump_db (db_file, out, convert_key_old_db);
466: }
467:
468: long
469: time_explode(cp)
470: register char *cp;
471: {
472: char wbuf[5];
473: struct tm tp;
474: long maketime();
475: int local;
476:
477: zaptime(&tp); /* clear out the struct */
478:
479: if (strlen(cp) > 10) { /* new format */
480: (void) strncpy(wbuf, cp, 4);
481: wbuf[4] = 0;
482: tp.tm_year = atoi(wbuf);
483: cp += 4; /* step over the year */
484: local = 0; /* GMT */
485: } else { /* old format: local time,
486: year is 2 digits, assuming 19xx */
487: wbuf[0] = *cp++;
488: wbuf[1] = *cp++;
489: wbuf[2] = 0;
490: tp.tm_year = 1900 + atoi(wbuf);
491: local = 1; /* local */
492: }
493:
494: wbuf[0] = *cp++;
495: wbuf[1] = *cp++;
496: wbuf[2] = 0;
497: tp.tm_mon = atoi(wbuf)-1;
498:
499: wbuf[0] = *cp++;
500: wbuf[1] = *cp++;
501: tp.tm_mday = atoi(wbuf);
502:
503: wbuf[0] = *cp++;
504: wbuf[1] = *cp++;
505: tp.tm_hour = atoi(wbuf);
506:
507: wbuf[0] = *cp++;
508: wbuf[1] = *cp++;
509: tp.tm_min = atoi(wbuf);
510:
511:
512: return(maketime(&tp, local));
513: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.