+++ /dev/null
-Wed Nov 15 20:37:30 1995 Mark Eichin <eichin@cygnus.com>
-
- * krb_dbm.c (kerb_dbl_lock): initialize f to a copy of a static
- (thus zero) struct flock, to avoid panic'ing sunos 4.1.4.
- (kerb_dbl_unlocK): ditto.
-
-Thu Jun 15 18:06:24 EDT 1995 Paul Park (pjpark@mit.edu)
- * configure.in - Create symlink for archive when we build it.
-
-Fri Jun 9 19:26:57 1995 <tytso@rsx-11.mit.edu>
-
- * configure.in: Remove standardized set of autoconf macros, which
- are now handled by CONFIG_RULES.
-
-Mon May 22 15:14:17 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
-
- * krb_dbm.c (kerb_end_update): Use the POSIX utime instead of utimes.
-
-Fri Apr 28 16:24:20 1995 Theodore Y. Ts'o <tytso@dcl>
-
- * configure.in: Add check for KRB5_POSIX_LOCKS
-
- * krb_dbm.c: Add #include of fcntl.h; if POSIX_FILE_LOCKS is
- defined, use POSIX-style locking.
-
-Fri Jan 13 18:24:26 1995 Ian Lance Taylor <ian@sanguine.cygnus.com>
-
- * krb_kdb_utils.c (kdb_verify_master_key): Don't say ``BEWARE!'',
- since it's not clear what to be wary of.
-
-Tue Jan 10 01:16:22 1995 Mark Eichin <eichin@cygnus.com>
-
- * krb_dbm.c: add macro for dbm_delete under dbm.
- (kerb_db_del_principal): dbm_delete the key, and handle database
- locking correctly.
- * krb_lib.c (kerb_del_principal): get the principal, to sanity
- check, and then delete it.
-
-Wed Jan 4 17:44:26 1995 Ian Lance Taylor <ian@sanguine.cygnus.com>
-
- * krb_kdb_utils.c (kdb_get_master_key_from): Add verify argument,
- and pass it to read_password routine.
- (kdb_get_master_key): Add verify argument, and pass it to
- kdb_get_master_key_from.
-
-Thu Nov 3 16:33:34 1994 Ian Lance Taylor <ian@sanguine.cygnus.com>
-
- * krb_dbm.c (kerb_db_rename): Initialize local variable ok.
-
-Tue Nov 1 16:29:32 1994 Ian Lance Taylor <ian@sanguine.cygnus.com>
-
- * krb_lib.c: Don't bother to declare strncpy or ctime. Declare
- getenv only if it is needed.
- (kerb_put_principal): Pass the address of a local time_t variable
- to localtime, rather than principal->mod_date which has type
- unsigned long.
- * krb_cache.c: Don't declare strncpy.
- * print_princ.c: Don't declare strncpy or ctime.
-
-Mon Oct 31 19:40:43 1994 Ian Lance Taylor <ian@sanguine.cygnus.com>
-
- * Makefile.in (CODE): Remove Imakefile.
-
-Thu Jul 21 17:40:14 1994 Mark Eichin (eichin@cygnus.com)
-
- * krb_kdb_utils.c (kdb_get_master_key_from): new function.
- Modification of kdb_get_master_key (which is now only called by
- things that force a prompt anyway, but is kept for compatibility.)
- Takes an extra argument, optional filename to get the key from.
-
-Tue Jul 5 11:21:18 1994 Ken Raeburn (raeburn@cujo.cygnus.com)
-
- * print_princ.c (krb_print_principal): Arg to localtime() should
- be time_t*.
- * krb_lib.c (kerb_put_principal): Arg to time() should be time_t*.
-
- * krb_kdb_utils.c: Include string.h.
-
-Tue Jun 21 00:19:04 1994 John Gilmore (gnu@cygnus.com)
-
- * krb_kdb_utils.c: Lint.
-
-Fri May 20 01:31:04 1994 John Gilmore (gnu@cygnus.com)
-
- * Makefile.in: Don't keep backup files of libraries. Use LIBEXT.
-
-Fri May 13 02:01:36 1994 John Gilmore (gnu@cygnus.com)
-
- * krb_dbm.c: Move <krb.h> to where it can control #if NDBM.
-
-Mon May 9 00:14:50 1994 John Gilmore (gnu@cygnus.com)
-
- * krb_lib.c: Lint.
+++ /dev/null
-CFLAGS = $(CCOPTS) $(DEFS) $(DEFINES)
-DEFINES=-I$(srcdir)/../../include/kerberosIV
-
-LIBNAME=libkdb4.$(LIBEXT)
-
-BUILDTOP=$(C)$(S)$(U)$(U)
-SRCS = \
- $(srcdir)/krb_dbm.c \
- $(srcdir)/krb_lib.c \
- $(srcdir)/krb_cache.c \
- $(srcdir)/print_princ.c \
- $(srcdir)/krb_kdb_utils.c
-
-OBJS = \
- krb_dbm.$(OBJEXT) \
- krb_lib.$(OBJEXT) \
- krb_cache.$(OBJEXT) \
- print_princ.$(OBJEXT) \
- krb_kdb_utils.$(OBJEXT)
-
-CODE= ${SRCS} Makefile.in
-
-all:: $(LIBNAME)
-
-$(LIBNAME): $(OBJS)
- $(RM) $@
- $(ARCHIVE) $@ $(OBJS)
- $(RANLIB) $@
-
-clean::
- $(RM) $(LIBNAME)
- $(RM) $(OBJS)
-
-install::
- $(INSTALL_DATA) $(LIBNAME) $(DESTDIR)$(KRB5_LIBDIR)/$(LIBNAME)
- $(CHMOD) 644 $(DESTDIR)$(KRB5_LIBDIR)/$(LIBNAME)
- $(RANLIB) $(DESTDIR)$(KRB5_LIBDIR)/$(LIBNAME)
- $(CHMOD) 444 $(DESTDIR)$(KRB5_LIBDIR)/$(LIBNAME)
-##
+++ /dev/null
-AC_INIT(configure.in)
-CONFIG_RULES
-AC_PROG_ARCHIVE
-AC_PROG_ARCHIVE_ADD
-AC_PROG_RANLIB
-AC_PROG_INSTALL
-AC_HEADER_CHECK(ndbm.h,AC_DEFINE(NDBM))
-AC_CONST
-KRB5_POSIX_LOCKS
-AC_HEADER_CHECK(unistd.h,AC_DEFINE(HAS_UNISTD_H))
-ET_RULES
-SubdirLibraryRule([$(OBJS)])
-LinkFileDir(../libkdb4.a, libkdb4.a, ./kdb4)
-AppendRule([all-unix:: ../libkdb4.a])
-AppendRule([all:: all-$(WHAT)])
-V5_AC_OUTPUT_MAKEFILE
+++ /dev/null
-/*
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * This is where a cache would be implemented, if it were necessary.
- */
-
-#include <mit-copyright.h>
-#include <stdio.h>
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <sys/uio.h>
-#include <sys/time.h>
-#include <sys/resource.h>
-#include <string.h>
-#include <des.h>
-#include <krb.h>
-#include <krb_db.h>
-
-#ifdef DEBUG
-extern int debug;
-extern long kerb_debug;
-#endif
-static init = 0;
-
-/*
- * initialization routine for cache
- */
-
-int
-kerb_cache_init()
-{
- init = 1;
- return (0);
-}
-
-/*
- * look up a principal in the cache returns number of principals found
- */
-
-int
-kerb_cache_get_principal(serv, inst, principal, max)
- char *serv; /* could have wild card */
- char *inst; /* could have wild card */
- Principal *principal;
- unsigned int max; /* max number of name structs to return */
-
-{
- int found = 0;
-
- if (!init)
- kerb_cache_init();
-#ifdef DEBUG
- if (kerb_debug & 2)
- fprintf(stderr, "cache_get_principal for %s %s max = %d\n",
- serv, inst, max);
-#endif /* DEBUG */
-
-#ifdef DEBUG
- if (kerb_debug & 2) {
- if (found) {
- fprintf(stderr, "cache get %s %s found %s %s sid = %d\n",
- serv, inst, principal->name, principal->instance);
- } else {
- fprintf(stderr, "cache %s %s not found\n", serv,
- inst);
- }
- }
-#endif
- return (found);
-}
-
-/*
- * insert/replace a principal in the cache returns number of principals
- * inserted
- */
-
-int
-kerb_cache_put_principal(principal, max)
- Principal *principal;
- unsigned int max; /* max number of principal structs to
- * insert */
-
-{
- u_long i;
- int count = 0;
-
- if (!init)
- kerb_cache_init();
-
-#ifdef DEBUG
- if (kerb_debug & 2) {
- fprintf(stderr, "kerb_cache_put_principal max = %d",
- max);
- }
-#endif
-
- for (i = 0; i < max; i++) {
-#ifdef DEBUG
- if (kerb_debug & 2)
- fprintf(stderr, "\n %s %s",
- principal->name, principal->instance);
-#endif
- /* DO IT */
- count++;
- principal++;
- }
- return count;
-}
-
-/*
- * look up a dba in the cache returns number of dbas found
- */
-
-int
-kerb_cache_get_dba(serv, inst, dba, max)
- char *serv; /* could have wild card */
- char *inst; /* could have wild card */
- Dba *dba;
- unsigned int max; /* max number of name structs to return */
-
-{
- int found = 0;
-
- if (!init)
- kerb_cache_init();
-
-#ifdef DEBUG
- if (kerb_debug & 2)
- fprintf(stderr, "cache_get_dba for %s %s max = %d\n",
- serv, inst, max);
-#endif
-
-#ifdef DEBUG
- if (kerb_debug & 2) {
- if (found) {
- fprintf(stderr, "cache get %s %s found %s %s sid = %d\n",
- serv, inst, dba->name, dba->instance);
- } else {
- fprintf(stderr, "cache %s %s not found\n", serv, inst);
- }
- }
-#endif
- return (found);
-}
-
-/*
- * insert/replace a dba in the cache returns number of dbas inserted
- */
-
-int
-kerb_cache_put_dba(dba, max)
- Dba *dba;
- unsigned int max; /* max number of dba structs to insert */
-
-{
- u_long i;
- int count = 0;
-
- if (!init)
- kerb_cache_init();
-#ifdef DEBUG
- if (kerb_debug & 2) {
- fprintf(stderr, "kerb_cache_put_dba max = %d", max);
- }
-#endif
- for (i = 0; i < max; i++) {
-#ifdef DEBUG
- if (kerb_debug & 2)
- fprintf(stderr, "\n %s %s",
- dba->name, dba->instance);
-#endif
- /* DO IT */
- count++;
- dba++;
- }
- return count;
-}
-
+++ /dev/null
-This file is now obsolete.
+++ /dev/null
-/*
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include <mit-copyright.h>
-#include <stdio.h>
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <sys/uio.h>
-#include <sys/time.h>
-#include <sys/stat.h>
-#include <sys/resource.h>
-#include <sys/errno.h>
-#include <string.h>
-#include <des.h>
-#include <sys/file.h>
-#include <fcntl.h>
-/* before krb_db.h */
-#include <krb.h>
-#include <krb_db.h>
-#include <utime.h>
-
-#ifdef NDBM
-#include <ndbm.h>
-#else /*NDBM*/
-#include <dbm.h>
-#endif /*NDBM*/
-
-#ifdef POSIX_FILE_LOCKS
-#include <fcntl.h>
-#endif
-
-#define KERB_DB_MAX_RETRY 5
-
-#ifdef DEBUG
-extern int debug;
-extern long kerb_debug;
-extern char *progname;
-#endif
-extern char *malloc();
-extern int errno;
-
-static init = 0;
-static char default_db_name[] = DBM_FILE;
-static char *current_db_name = default_db_name;
-static void encode_princ_key(), decode_princ_key();
-static void encode_princ_contents(), decode_princ_contents();
-static void kerb_dbl_fini();
-static int kerb_dbl_lock();
-static void kerb_dbl_unlock();
-
-static struct timeval timestamp;/* current time of request */
-static int non_blocking = 0;
-
-/*
- * This module contains all of the code which directly interfaces to
- * the underlying representation of the Kerberos database; this
- * implementation uses a DBM or NDBM indexed "file" (actually
- * implemented as two separate files) to store the relations, plus a
- * third file as a semaphore to allow the database to be replaced out
- * from underneath the KDC server.
- */
-
-/*
- * Locking:
- *
- * There are two distinct locking protocols used. One is designed to
- * lock against processes (the admin_server, for one) which make
- * incremental changes to the database; the other is designed to lock
- * against utilities (kdb_util, kpropd) which replace the entire
- * database in one fell swoop.
- *
- * The first locking protocol is implemented using flock() in the
- * krb_dbl_lock() and krb_dbl_unlock routines.
- *
- * The second locking protocol is necessary because DBM "files" are
- * actually implemented as two separate files, and it is impossible to
- * atomically rename two files simultaneously. It assumes that the
- * database is replaced only very infrequently in comparison to the time
- * needed to do a database read operation.
- *
- * A third file is used as a "version" semaphore; the modification
- * time of this file is the "version number" of the database.
- * At the start of a read operation, the reader checks the version
- * number; at the end of the read operation, it checks again. If the
- * version number changed, or if the semaphore was nonexistant at
- * either time, the reader sleeps for a second to let things
- * stabilize, and then tries again; if it does not succeed after
- * KERB_DB_MAX_RETRY attempts, it gives up.
- *
- * On update, the semaphore file is deleted (if it exists) before any
- * update takes place; at the end of the update, it is replaced, with
- * a version number strictly greater than the version number which
- * existed at the start of the update.
- *
- * If the system crashes in the middle of an update, the semaphore
- * file is not automatically created on reboot; this is a feature, not
- * a bug, since the database may be inconsistant. Note that the
- * absence of a semaphore file does not prevent another _update_ from
- * taking place later. Database replacements take place automatically
- * only on slave servers; a crash in the middle of an update will be
- * fixed by the next slave propagation. A crash in the middle of an
- * update on the master would be somewhat more serious, but this would
- * likely be noticed by an administrator, who could fix the problem and
- * retry the operation.
- */
-
-/* Macros to convert ndbm names to dbm names.
- * Note that dbm_nextkey() cannot be simply converted using a macro, since
- * it is invoked giving the database, and nextkey() needs the previous key.
- *
- * Instead, all routines call "dbm_next" instead.
- */
-
-#ifndef NDBM
-typedef char DBM;
-
-#define dbm_open(file, flags, mode) ((dbminit(file) == 0)?"":((char *)0))
-#define dbm_fetch(db, key) fetch(key)
-#define dbm_delete(db, key) delete(key)
-#define dbm_store(db, key, content, flag) store(key, content)
-#define dbm_firstkey(db) firstkey()
-#define dbm_next(db,key) nextkey(key)
-#define dbm_close(db) dbmclose()
-#else
-#define dbm_next(db,key) dbm_nextkey(db)
-#endif
-
-/*
- * Utility routine: generate name of database file.
- */
-
-static char *gen_dbsuffix(db_name, sfx)
- char *db_name;
- char *sfx;
-{
- char *dbsuffix;
-
- if (sfx == NULL)
- sfx = ".ok";
-
- dbsuffix = malloc (strlen(db_name) + strlen(sfx) + 1);
- strcpy(dbsuffix, db_name);
- strcat(dbsuffix, sfx);
- return dbsuffix;
-}
-
-/*
- * initialization for data base routines.
- */
-
-int kerb_db_init()
-{
- init = 1;
- return (0);
-}
-
-/*
- * gracefully shut down database--must be called by ANY program that does
- * a kerb_db_init
- */
-
-kerb_db_fini()
-{
-}
-
-/*
- * Set the "name" of the current database to some alternate value.
- *
- * Passing a null pointer as "name" will set back to the default.
- * If the alternate database doesn't exist, nothing is changed.
- */
-
-int kerb_db_set_name(name)
- char *name;
-{
- DBM *db;
-
- if (name == NULL)
- name = default_db_name;
- db = dbm_open(name, 0, 0);
- if (db == NULL)
- return errno;
- dbm_close(db);
- kerb_dbl_fini();
- current_db_name = name;
- return 0;
-}
-
-/*
- * Return the last modification time of the database.
- */
-
-long kerb_get_db_age()
-{
- struct stat st;
- char *okname;
- long age;
-
- okname = gen_dbsuffix(current_db_name, ".ok");
-
- if (stat (okname, &st) < 0)
- age = 0;
- else
- age = st.st_mtime;
-
- free (okname);
- return age;
-}
-
-/*
- * Remove the semaphore file; indicates that database is currently
- * under renovation.
- *
- * This is only for use when moving the database out from underneath
- * the server (for example, during slave updates).
- */
-
-static long kerb_start_update(db_name)
- char *db_name;
-{
- char *okname = gen_dbsuffix(db_name, ".ok");
- long age = kerb_get_db_age();
-
- if (unlink(okname) < 0
- && errno != ENOENT) {
- age = -1;
- }
- free (okname);
- return age;
-}
-
-static long kerb_end_update(db_name, age)
- char *db_name;
- long age;
-{
- int fd;
- int retval = 0;
- char *new_okname = gen_dbsuffix(db_name, ".ok#");
- char *okname = gen_dbsuffix(db_name, ".ok");
-
- fd = open (new_okname, O_CREAT|O_RDWR|O_TRUNC, 0600);
- if (fd < 0)
- retval = errno;
- else {
- struct stat st;
- struct utimbuf times;
- /* make sure that semaphore is "after" previous value. */
- if (fstat (fd, &st) == 0
- && st.st_mtime <= age) {
- times.actime = st.st_atime;
- times.modtime = age;
- /* set times.. */
- utime (new_okname, ×);
-#ifndef NO_FSYNC
- fsync(fd);
-#endif
- }
- close(fd);
- if (rename (new_okname, okname) < 0)
- retval = errno;
- }
-
- free (new_okname);
- free (okname);
-
- return retval;
-}
-
-static long kerb_start_read()
-{
- return kerb_get_db_age();
-}
-
-static long kerb_end_read(age)
- u_long age;
-{
- if (kerb_get_db_age() != age || age == -1) {
- return -1;
- }
- return 0;
-}
-
-/*
- * Create the database, assuming it's not there.
- */
-
-int kerb_db_create(db_name)
- char *db_name;
-{
- char *okname = gen_dbsuffix(db_name, ".ok");
- int fd;
- register int ret = 0;
-#ifdef NDBM
- DBM *db;
-
- db = dbm_open(db_name, O_RDWR|O_CREAT|O_EXCL, 0600);
- if (db == NULL)
- ret = errno;
- else
- dbm_close(db);
-#else
- char *dirname = gen_dbsuffix(db_name, ".dir");
- char *pagname = gen_dbsuffix(db_name, ".pag");
-
- fd = open(dirname, O_RDWR|O_CREAT|O_EXCL, 0600);
- if (fd < 0)
- ret = errno;
- else {
- close(fd);
- fd = open (pagname, O_RDWR|O_CREAT|O_EXCL, 0600);
- if (fd < 0)
- ret = errno;
- else
- close(fd);
- }
- if (dbminit(db_name) < 0)
- ret = errno;
-#endif
- if (ret == 0) {
- fd = open (okname, O_CREAT|O_RDWR|O_TRUNC, 0600);
- if (fd < 0)
- ret = errno;
- close(fd);
- }
- return ret;
-}
-
-/*
- * "Atomically" rename the database in a way that locks out read
- * access in the middle of the rename.
- *
- * Not perfect; if we crash in the middle of an update, we don't
- * necessarily know to complete the transaction the rename, but...
- */
-
-int kerb_db_rename(from, to)
- char *from;
- char *to;
-{
- char *fromdir = gen_dbsuffix (from, ".dir");
- char *todir = gen_dbsuffix (to, ".dir");
- char *frompag = gen_dbsuffix (from , ".pag");
- char *topag = gen_dbsuffix (to, ".pag");
- char *fromok = gen_dbsuffix(from, ".ok");
- long trans = kerb_start_update(to);
- int ok = 0;
-
- if ((rename (fromdir, todir) == 0)
- && (rename (frompag, topag) == 0)) {
- (void) unlink (fromok);
- ok = 1;
- }
-
- free (fromok);
- free (fromdir);
- free (todir);
- free (frompag);
- free (topag);
- if (ok)
- return kerb_end_update(to, trans);
- else
- return -1;
-}
-
-/*
- * look up a principal in the data base returns number of principals
- * found, and whether there were more than requested.
- */
-
-int kerb_db_get_principal(name, inst, principal, max, more)
- char *name; /* could have wild card */
- char *inst; /* could have wild card */
- Principal *principal;
- unsigned int max; /* max number of name structs to return */
- int *more; /* where there more than 'max' tuples? */
-
-{
- int found = 0, code;
- extern int errorproc();
- int wildp, wildi;
- datum key, contents;
- char testname[ANAME_SZ], testinst[INST_SZ];
- u_long trans;
- int try;
- DBM *db;
-
- if (!init)
- kerb_db_init(); /* initialize database routines */
-
- for (try = 0; try < KERB_DB_MAX_RETRY; try++) {
- trans = kerb_start_read();
-
- if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0)
- return -1;
-
- db = dbm_open(current_db_name, O_RDONLY, 0600);
-
- *more = 0;
-
-#ifdef DEBUG
- if (kerb_debug & 2)
- fprintf(stderr,
- "%s: db_get_principal for %s %s max = %d",
- progname, name, inst, max);
-#endif
-
- wildp = !strcmp(name, "*");
- wildi = !strcmp(inst, "*");
-
- if (!wildi && !wildp) { /* nothing's wild */
- encode_princ_key(&key, name, inst);
- contents = dbm_fetch(db, key);
- if (contents.dptr == NULL) {
- found = 0;
- goto done;
- }
- decode_princ_contents(&contents, principal);
-#ifdef DEBUG
- if (kerb_debug & 1) {
- fprintf(stderr, "\t found %s %s p_n length %d t_n length %d\n",
- principal->name, principal->instance,
- strlen(principal->name),
- strlen(principal->instance));
- }
-#endif
- found = 1;
- goto done;
- }
- /* process wild cards by looping through entire database */
-
- for (key = dbm_firstkey(db); key.dptr != NULL;
- key = dbm_next(db, key)) {
- decode_princ_key(&key, testname, testinst);
- if ((wildp || !strcmp(testname, name)) &&
- (wildi || !strcmp(testinst, inst))) { /* have a match */
- if (found >= max) {
- *more = 1;
- goto done;
- } else {
- found++;
- contents = dbm_fetch(db, key);
- decode_princ_contents(&contents, principal);
-#ifdef DEBUG
- if (kerb_debug & 1) {
- fprintf(stderr,
- "\tfound %s %s p_n length %d t_n length %d\n",
- principal->name, principal->instance,
- strlen(principal->name),
- strlen(principal->instance));
- }
-#endif
- principal++; /* point to next */
- }
- }
- }
-
- done:
- kerb_dbl_unlock(); /* unlock read lock */
- dbm_close(db);
- if (kerb_end_read(trans) == 0)
- break;
- found = -1;
- if (!non_blocking)
- sleep(1);
- }
- return (found);
-}
-
-/*
- * delete a principal from the data base returns number of principals
- * found, and whether there were more than requested.
- */
-
-int kerb_db_del_principal(principal, n)
- Principal *principal;
- int n;
-{
- int found = 0, code;
- DBM *db;
- u_long trans;
- int try;
- datum key;
-
- if (!init)
- kerb_db_init(); /* initialize database routines */
-
- for (try = 0; try < KERB_DB_MAX_RETRY; try++) {
- trans = kerb_start_read();
-
- if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0)
- return -1;
-
- db = dbm_open(current_db_name, O_RDWR, 0600);
-
- encode_princ_key(&key, principal->name, principal->instance);
- if (!dbm_delete(db, key)) {
- found = 1;
- } else {
- krb_log("kerb_db_del_principal failed on %s %s <%s>",
- principal->name, principal->instance, key.dptr);
- }
-
- kerb_dbl_unlock(); /* unlock read lock */
- dbm_close(db);
- if (kerb_end_read(trans) == 0)
- break;
- if (found) break;
- found = -1;
- if (!non_blocking)
- sleep(1);
- }
- return (found);
-}
-
-/*
- * Update a name in the data base. Returns number of names
- * successfully updated.
- */
-
-int kerb_db_put_principal(principal, max)
- Principal *principal;
- unsigned int max; /* number of principal structs to
- * update */
-
-{
- int found = 0, code;
- u_long i;
- extern int errorproc();
- datum key, contents;
- DBM *db;
-
- gettimeofday(×tamp, NULL);
-
- if (!init)
- kerb_db_init();
-
- if ((code = kerb_dbl_lock(KERB_DBL_EXCLUSIVE)) != 0)
- return -1;
-
- db = dbm_open(current_db_name, O_RDWR, 0600);
-
-#ifdef DEBUG
- if (kerb_debug & 2)
- fprintf(stderr, "%s: kerb_db_put_principal max = %d",
- progname, max);
-#endif
-
- /* for each one, stuff temps, and do replace/append */
- for (i = 0; i < max; i++) {
- encode_princ_contents(&contents, principal);
- encode_princ_key(&key, principal->name, principal->instance);
- dbm_store(db, key, contents, DBM_REPLACE);
-#ifdef DEBUG
- if (kerb_debug & 1) {
- fprintf(stderr, "\n put %s %s\n",
- principal->name, principal->instance);
- }
-#endif
- found++;
- principal++; /* bump to next struct */
- }
-
- dbm_close(db);
- kerb_dbl_unlock(); /* unlock database */
- return (found);
-}
-
-static void
-encode_princ_key(key, name, instance)
- datum *key;
- char *name, *instance;
-{
- static char keystring[ANAME_SZ + INST_SZ];
-
- memset(keystring, 0, ANAME_SZ + INST_SZ);
- strncpy(keystring, name, ANAME_SZ);
- strncpy(&keystring[ANAME_SZ], instance, INST_SZ);
- key->dptr = keystring;
- key->dsize = ANAME_SZ + INST_SZ;
-}
-
-static void
-decode_princ_key(key, name, instance)
- datum *key;
- char *name, *instance;
-{
- strncpy(name, key->dptr, ANAME_SZ);
- strncpy(instance, key->dptr + ANAME_SZ, INST_SZ);
- name[ANAME_SZ - 1] = '\0';
- instance[INST_SZ - 1] = '\0';
-}
-
-static void
-encode_princ_contents(contents, principal)
- datum *contents;
- Principal *principal;
-{
- contents->dsize = sizeof(*principal);
- contents->dptr = (char *) principal;
-}
-
-static void
-decode_princ_contents(contents, principal)
- datum *contents;
- Principal *principal;
-{
- memcpy((char *) principal, contents->dptr, sizeof(*principal));
-}
-
-kerb_db_get_stat(s)
- DB_stat *s;
-{
- gettimeofday(×tamp, NULL);
-
-
- s->cpu = 0;
- s->elapsed = 0;
- s->dio = 0;
- s->pfault = 0;
- s->t_stamp = timestamp.tv_sec;
- s->n_retrieve = 0;
- s->n_replace = 0;
- s->n_append = 0;
- s->n_get_stat = 0;
- s->n_put_stat = 0;
- /* update local copy too */
-}
-
-kerb_db_put_stat(s)
- DB_stat *s;
-{
-}
-
-delta_stat(a, b, c)
- DB_stat *a, *b, *c;
-{
- /* c = a - b then b = a for the next time */
-
- c->cpu = a->cpu - b->cpu;
- c->elapsed = a->elapsed - b->elapsed;
- c->dio = a->dio - b->dio;
- c->pfault = a->pfault - b->pfault;
- c->t_stamp = a->t_stamp - b->t_stamp;
- c->n_retrieve = a->n_retrieve - b->n_retrieve;
- c->n_replace = a->n_replace - b->n_replace;
- c->n_append = a->n_append - b->n_append;
- c->n_get_stat = a->n_get_stat - b->n_get_stat;
- c->n_put_stat = a->n_put_stat - b->n_put_stat;
-
- memcpy(b, a, sizeof(DB_stat));
- return;
-}
-
-/*
- * look up a dba in the data base returns number of dbas found , and
- * whether there were more than requested.
- */
-
-int kerb_db_get_dba(dba_name, dba_inst, dba, max, more)
- char *dba_name; /* could have wild card */
- char *dba_inst; /* could have wild card */
- Dba *dba;
- unsigned int max; /* max number of name structs to return */
- int *more; /* where there more than 'max' tuples? */
-
-{
- *more = 0;
- return (0);
-}
-
-int kerb_db_iterate (func, arg)
- int (*func)();
- char *arg; /* void *, really */
-{
- datum key, contents;
- Principal *principal;
- int code;
- DBM *db;
-
- kerb_db_init(); /* initialize and open the database */
- if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0)
- return code;
-
- db = dbm_open(current_db_name, O_RDONLY, 0600);
-
- for (key = dbm_firstkey (db); key.dptr != NULL; key = dbm_next(db, key)) {
- contents = dbm_fetch (db, key);
- /* XXX may not be properly aligned */
- principal = (Principal *) contents.dptr;
- if ((code = (*func)(arg, principal)) != 0)
- return code;
- }
- dbm_close(db);
- kerb_dbl_unlock();
- return 0;
-}
-
-static int dblfd = -1;
-static int mylock = 0;
-static int inited = 0;
-
-static int kerb_dbl_init()
-{
- if (!inited) {
- char *filename = gen_dbsuffix (current_db_name, ".ok");
- if ((dblfd = open(filename, O_RDWR)) < 0) {
- fprintf(stderr, "kerb_dbl_init: couldn't open %s\n", filename);
- fflush(stderr);
- perror("open");
- exit(1);
- }
- free(filename);
- inited++;
- }
- return (0);
-}
-
-static void kerb_dbl_fini()
-{
- close(dblfd);
- dblfd = -1;
- inited = 0;
- mylock = 0;
-}
-
-static int kerb_dbl_lock(mode)
- int mode;
-{
-#ifdef POSIX_FILE_LOCKS
- static struct flock flock_zero;
- struct flock f;
- int rv;
-
- f = flock_zero;
-#else
- int flock_mode;
-#endif
-
- if (!inited)
- kerb_dbl_init();
- if (mylock) { /* Detect lock call when lock already
- * locked */
- fprintf(stderr, "Kerberos locking error (mylock)\n");
- fflush(stderr);
- exit(1);
- }
-#ifdef POSIX_FILE_LOCKS
- memset(&f, 0, sizeof(f));
-#endif
-
- switch (mode) {
- case KERB_DBL_EXCLUSIVE:
-#ifdef POSIX_FILE_LOCKS
- f.l_type = F_WRLCK;
-#else
- flock_mode = LOCK_EX;
-#endif
- break;
-
- case KERB_DBL_SHARED:
-#ifdef POSIX_FILE_LOCKS
- f.l_type = F_RDLCK;
-#else
- flock_mode = LOCK_SH;
-#endif
- break;
-
- default:
- fprintf(stderr, "invalid lock mode %d\n", mode);
- abort();
- }
-
-#ifdef POSIX_FILE_LOCKS
- if (non_blocking)
- rv = fcntl (dblfd, F_SETLK, &f);
- else
- rv = fcntl (dblfd, F_SETLKW, &f);
- if (rv == -1)
- return errno;
-#else
- if (non_blocking)
- flock_mode |= LOCK_NB;
- if (flock(dblfd, flock_mode) < 0)
- return errno;
-#endif
-
- mylock++;
- return 0;
-}
-
-static void kerb_dbl_unlock()
-{
-#ifdef POSIX_FILE_LOCKS
- static struct flock flock_zero;
- struct flock f;
-
- f = flock_zero;
-#endif
-
- if (!mylock) { /* lock already unlocked */
- fprintf(stderr, "Kerberos database lock not locked when unlocking.\n");
- fflush(stderr);
- exit(1);
- }
-#ifdef POSIX_FILE_LOCKS
- memset(&f, 0, sizeof (f));
- f.l_type = F_UNLCK;
- if (fcntl(dblfd, F_SETLK, &f) < 0) {
- fprintf(stderr, "Kerberos database lock error. (unlocking)\n");
- fflush(stderr);
- perror("fcntl");
- exit(1);
- }
-#else
- if (flock(dblfd, LOCK_UN) < 0) {
- fprintf(stderr, "Kerberos database lock error. (unlocking)\n");
- fflush(stderr);
- perror("flock");
- exit(1);
- }
-#endif
- mylock = 0;
-}
-
-int kerb_db_set_lockmode(mode)
- int mode;
-{
- int old = non_blocking;
- non_blocking = mode;
- return old;
-}
+++ /dev/null
-/*
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * Utility routines for Kerberos programs which directly access
- * the database. This code was duplicated in too many places
- * before I gathered it here.
- *
- * Jon Rochlis, MIT Telecom, March 1988
- */
-
-#include <mit-copyright.h>
-#include <des.h>
-#include <krb.h>
-#include <krb_db.h>
-#include <kdc.h>
-#include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/file.h>
-#include <fcntl.h> /* just for O_* for sco */
-
-long kdb_get_master_key_from(prompt, master_key, master_key_sched, verify,
- kfilename)
- int prompt;
- C_Block master_key;
- Key_schedule master_key_sched;
- int verify;
- char *kfilename;
-{
- int kfile;
-
- if (prompt) {
-#ifdef NOENCRYPTION
- placebo_read_password(master_key,
- "Kerberos master key: ", verify);
-#else
- des_read_password(master_key,
- "Kerberos master key: ", verify);
-#endif
- printf ("\n");
- }
- else {
- kfile = open(kfilename?kfilename:MKEYFILE, O_RDONLY, 0600);
- if (kfile < 0) {
- /* oh, for com_err_ */
- return (-1);
- }
- if (read(kfile, (char *) master_key, 8) != 8) {
- return (-1);
- }
- close(kfile);
- }
-
-#ifndef NOENCRYPTION
- key_sched(master_key, master_key_sched);
-#endif
- return (0);
-}
-
-long kdb_get_master_key(prompt, master_key, master_key_sched, verify)
- int prompt;
- C_Block master_key;
- Key_schedule master_key_sched;
- int verify;
-{
- return kdb_get_master_key_from(prompt, master_key, master_key_sched,
- verify, NULL);
-}
-
-/* The caller is reasponsible for cleaning up the master key and sched,
- even if we can't verify the master key */
-
-/* Returns master key version if successful, otherwise -1 */
-
-long kdb_verify_master_key (master_key, master_key_sched, out)
- C_Block master_key;
- Key_schedule master_key_sched;
- FILE *out; /* setting this to non-null be do output */
-{
- C_Block key_from_db;
- Principal principal_data[1];
- int n, more = 0;
- long master_key_version;
-
- /* lookup the master key version */
- n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data,
- 1 /* only one please */, &more);
- if ((n != 1) || more) {
- if (out != (FILE *) NULL)
- fprintf(out,
- "verify_master_key: %s, %d found.\n",
- "Kerberos error on master key version lookup",
- n);
- return (-1);
- }
-
- master_key_version = (long) principal_data[0].key_version;
-
- /* set up the master key */
- if (out != (FILE *) NULL) /* should we punt this? */
- fprintf(out, "Current Kerberos master key version is %d.\n",
- principal_data[0].kdc_key_ver);
-
- /*
- * now use the master key to decrypt the key in the db, had better
- * be the same!
- */
- memcpy(key_from_db, &principal_data[0].key_low, sizeof(KRB4_32));
- memcpy(((KRB4_32 *) key_from_db) + 1, &principal_data[0].key_high, sizeof(KRB4_32));
- kdb_encrypt_key (key_from_db, key_from_db,
- master_key, master_key_sched, DECRYPT);
-
- /* the decrypted database key had better equal the master key */
- n = memcmp((char *) master_key, (char *) key_from_db,
- sizeof(master_key));
- /* this used to zero the master key here! */
- memset(key_from_db, 0, sizeof(key_from_db));
- memset(principal_data, 0, sizeof (principal_data));
-
- if (n && (out != (FILE *) NULL)) {
- fprintf(out, "\n\07\07verify_master_key: Invalid master key; ");
- fprintf(out, "does not match database.\n");
- return (-1);
- }
- if (out != (FILE *) NULL) {
- fprintf(out, "\nMaster key entered.\n");
- fflush(out);
- }
-
- return (master_key_version);
-}
-
-/* The old algorithm used the key schedule as the initial vector which
- was byte order depedent ... */
-
-kdb_encrypt_key (in, out, master_key, master_key_sched, e_d_flag)
- C_Block in, out, master_key;
- Key_schedule master_key_sched;
- int e_d_flag;
-{
-
-#ifdef NOENCRYPTION
- memcpy(out, in, sizeof(C_Block));
-#else
- pcbc_encrypt((C_Block *)in, (C_Block *)out, (long) sizeof(C_Block),
- master_key_sched, (C_Block *)master_key, e_d_flag);
-#endif
-}
+++ /dev/null
-/*
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include <mit-copyright.h>
-#include <stdio.h>
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <sys/uio.h>
-#ifdef NEED_TIME_H
-#include <time.h>
-#else
-#include <sys/time.h>
-#endif
-#ifdef NEED_SYS_TIME_H
-/* for timeval */
-#include <sys/time.h>
-#endif
-#include <sys/resource.h>
-#include <string.h>
-#include <des.h>
-#include <krb.h>
-#include <krb_db.h>
-
-#ifdef DEBUG
-extern int debug;
-extern char *progname;
-long kerb_debug;
-#endif
-
-static init = 0;
-
-/*
- * initialization routine for data base
- */
-
-int
-kerb_init()
-{
-#ifdef DEBUG
- if (!init) {
- extern char *getenv ();
- char *dbg = getenv("KERB_DBG");
- if (dbg)
- sscanf(dbg, "%d", &kerb_debug);
- init = 1;
- }
-#endif
- kerb_db_init();
-
-#ifdef CACHE
- kerb_cache_init();
-#endif
-
- /* successful init, return 0, else errcode */
- return (0);
-}
-
-/*
- * finalization routine for database -- NOTE: MUST be called by any
- * program using kerb_init. ALSO will have to be modified to finalize
- * caches, if they're ever really implemented.
- */
-
-int
-kerb_fini()
-{
- kerb_db_fini();
- return 0;
-}
-
-/*
- * look up a principal in the cache or data base returns number of
- * principals found
- */
-
-int
-kerb_get_principal(name, inst, principal, max, more)
- char *name; /* could have wild card */
- char *inst; /* could have wild card */
- Principal *principal;
- unsigned int max; /* max number of name structs to return */
- int *more; /* more tuples than room for */
-
-{
- int found = 0;
-#ifdef CACHE
- static int wild = 0;
-#endif
- if (!init)
- kerb_init();
-
-#ifdef DEBUG
- if (kerb_debug & 1)
- fprintf(stderr, "\n%s: kerb_get_principal for %s %s max = %d\n",
- progname, name, inst, max);
-#endif
-
- /*
- * if this is a request including a wild card, have to go to db
- * since the cache may not be exhaustive.
- */
-
- /* clear the principal area */
- memset((char *) principal, 0, max * sizeof(Principal));
-
-#ifdef CACHE
- /*
- * so check to see if the name contains a wildcard "*" or "?", not
- * preceeded by a backslash.
- */
- wild = 0;
- if (strchr(name, '*') || strchr(name, '?') ||
- strchr(inst, '*') || strchr(inst, '?'))
- wild = 1;
-
- if (!wild) {
- /* try the cache first */
- found = kerb_cache_get_principal(name, inst, principal, max, more);
- if (found)
- return (found);
- }
-#endif
- /* If we didn't try cache, or it wasn't there, try db */
- found = kerb_db_get_principal(name, inst, principal, max, more);
- /* try to insert principal(s) into cache if it was found */
-#ifdef CACHE
- if (found) {
- kerb_cache_put_principal(principal, found);
- }
-#endif
- return (found);
-}
-
-/*
- * delete a principal from the data base returns number of
- * principals deleted
- */
-
-int
-kerb_del_principal(name, inst, principal, max, more)
- char *name; /* could have wild card */
- char *inst; /* could have wild card */
- Principal *principal;
- unsigned int max; /* max number of name structs to return */
- int *more; /* more tuples than room for */
-
-{
- int found;
-
- if (!init)
- kerb_init();
-
- found = kerb_get_principal(name, inst, principal, max, more);
-
- if (found) {
- found = kerb_db_del_principal(principal, found);
- }
-
- return (found);
-}
-
-/* principals */
-int kerb_put_principal(principal, n)
- Principal *principal;
- unsigned int n; /* number of principal structs to write */
-{
- struct tm *tp, *localtime();
- time_t mod_date;
-
- /* set mod date */
- principal->mod_date = mod_date = time((time_t *)0);
- /* and mod date string */
-
- tp = localtime(&mod_date);
- (void) sprintf(principal->mod_date_txt, "%4d-%2d-%2d",
- tp->tm_year > 1900 ? tp->tm_year : tp->tm_year + 1900,
- tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */
-#ifdef DEBUG
- if (kerb_debug & 1) {
- int i;
- fprintf(stderr, "\nkerb_put_principal...");
- for (i = 0; i < n; i++) {
- krb_print_principal(&principal[i]);
- }
- }
-#endif
- /* write database */
- if (kerb_db_put_principal(principal, n) < 0) {
-#ifdef DEBUG
- if (kerb_debug & 1)
- fprintf(stderr, "\n%s: kerb_db_put_principal err", progname);
- /* watch out for cache */
-#endif
- return -1;
- }
-#ifdef CACHE
- /* write cache */
- if (!kerb_cache_put_principal(principal, n)) {
-#ifdef DEBUG
- if (kerb_debug & 1)
- fprintf(stderr, "\n%s: kerb_cache_put_principal err", progname);
-#endif
- return -1;
- }
-#endif
- return 0;
-}
-
-int
-kerb_get_dba(name, inst, dba, max, more)
- char *name; /* could have wild card */
- char *inst; /* could have wild card */
- Dba *dba;
- unsigned int max; /* max number of name structs to return */
- int *more; /* more tuples than room for */
-
-{
- int found = 0;
-#ifdef CACHE
- static int wild = 0;
-#endif
- if (!init)
- kerb_init();
-
-#ifdef DEBUG
- if (kerb_debug & 1)
- fprintf(stderr, "\n%s: kerb_get_dba for %s %s max = %d\n",
- progname, name, inst, max);
-#endif
- /*
- * if this is a request including a wild card, have to go to db
- * since the cache may not be exhaustive.
- */
-
- /* clear the dba area */
- memset((char *) dba, 0, max * sizeof(Dba));
-
-#ifdef CACHE
- /*
- * so check to see if the name contains a wildcard "*" or "?", not
- * preceeded by a backslash.
- */
-
- wild = 0;
- if (strchr(name, '*') || strchr(name, '?') ||
- strchr(inst, '*') || strchr(inst, '?'))
- wild = 1;
-
- if (!wild) {
- /* try the cache first */
- found = kerb_cache_get_dba(name, inst, dba, max, more);
- if (found)
- return (found);
- }
-#endif
- /* If we didn't try cache, or it wasn't there, try db */
- found = kerb_db_get_dba(name, inst, dba, max, more);
-#ifdef CACHE
- /* try to insert dba(s) into cache if it was found */
- if (found) {
- kerb_cache_put_dba(dba, found);
- }
-#endif
- return (found);
-}
+++ /dev/null
-/*
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include <mit-copyright.h>
-#include <stdio.h>
-#include <sys/types.h>
-#ifdef NEED_TIME_H
-#include <time.h>
-#endif
-#include <sys/time.h>
-#include <string.h>
-#include <krb.h>
-#include <krb_db.h>
-
-extern int debug;
-extern struct tm *localtime();
-struct tm *time_p;
-
-long kerb_debug;
-
-krb_print_principal(a_n)
- Principal *a_n;
-{
- /* run-time database does not contain string versions */
- time_t exp_date = a_n->exp_date;
- time_p = localtime(&exp_date);
-
- fprintf(stderr,
- "\n%s %s expires %4d-%2d-%2d %2d:%2d, max_life %d*5 = %d min attr 0x%02x",
- a_n->name, a_n->instance,
- time_p->tm_year > 1900 ? time_p->tm_year : time_p->tm_year + 1900,
- time_p->tm_mon + 1, time_p->tm_mday,
- time_p->tm_hour, time_p->tm_min,
- a_n->max_life, 5 * a_n->max_life, a_n->attributes);
-
- fprintf(stderr,
- "\n\tkey_ver %d k_low 0x%08x k_high 0x%08x akv %d exists %d\n",
- a_n->key_version, a_n->key_low, a_n->key_high,
- a_n->kdc_key_ver, a_n->old);
-
- fflush(stderr);
-}