+Wed Mar 6 16:17:20 1996 Richard Basch <basch@lehman.com>
+
+ * dumpv4.c: The V4 master key & schedule was never initialized,
+ so the dump created by dump_v4db was garbage. Read the V4
+ master key from /.k or prompt for the V4 master key password.
+ If there is no V4-salt key in the database, but there is a DES
+ key, include it in the V4 dump, in case it is merely a random
+ service key for which there is no associated password.
+ Skip over K/M in the V5 database (use the entered V4 master key).
+ Both krbtgt and afs keys often have domain-qualifed instances.
+
+Tue Mar 5 12:18:22 1996 Richard Basch <basch@lehman.com>
+
+ * dump.c: POSIX locking requires that the file be opened read-write.
+
Mon Feb 26 22:42:09 1996 Mark Eichin <eichin@cygnus.com>
* kdb5_edit.c: new command line option -f stashfile.
#define ANAME_SZ 40
#define INST_SZ 40
+static char *v4_mkeyfile = "/.k";
+
+static int
+v4init(arg, manual)
+ struct dump_record *arg;
+ int manual;
+{
+ int fd;
+ int ok = 0;
+
+ if (!manual) {
+ fd = open(v4_mkeyfile, O_RDONLY, 0600);
+ if (fd >= 0) {
+ if (read(fd,arg->v4_master_key,sizeof(C_Block)) == sizeof(C_Block))
+ ok = 1;
+ close(fd);
+ }
+ }
+ if (!ok) {
+ des_read_password(arg->v4_master_key, "V4 Kerberos master key: ", 1);
+ printf("\n");
+ }
+ arg->master_key_version = 1;
+ key_sched(arg->v4_master_key, arg->v4_master_key_schedule);
+
+ return 0;
+}
+
v4_print_time(file, timeval)
FILE *file;
unsigned long timeval;
if (!principal->name[0]) {
strcpy(principal->name, "*");
}
-
- if (entry->princ->length > 1) {
+
+ if (entry->princ->length > 2) {
+ free(name);
+ return 0;
+ } else if (entry->princ->length > 1) {
char *inst;
strncpy(principal->instance,
krb5_princ_component(edit_context, entry->princ, 1)->data,
INST_SZ);
- inst = strchr(principal->instance, '.');
- if (inst && strcmp(principal->name, "krbtgt")) {
+ if ((inst = strchr(principal->instance, '.')) &&
+ strcmp(principal->name, "krbtgt") &&
+ strcmp(principal->name, "afs"))
+ {
/* nuke domain off the end of anything that isn't a tgt */
*inst = '\0';
}
+ if (!strcmp(principal->name, "K") && !strcmp(principal->instance, "M"))
+ {
+ /* The V4 master key is handled specially */
+ free(name);
+ return 0;
+ }
} else {
principal->instance[0] = '*';
principal->instance[1] = '\0';
ok_key = i;
}
}
+
+ i = ok_key;
while (ok_key < entry->n_key_data) {
if (max_kvno == entry->key_data[ok_key].key_data_kvno) {
if (entry->key_data[ok_key].key_data_type[1]
}
ok_key++;
}
+
+ /* See if there are any DES keys that may be suitable */
+ ok_key = i;
+ while (ok_key < entry->n_key_data) {
+ if (max_kvno == entry->key_data[ok_key].key_data_kvno) {
+ krb5_enctype enctype = entry->key_data[ok_key].key_data_type[0];
+ if ((enctype == ENCTYPE_DES_CBC_CRC) ||
+ (enctype == ENCTYPE_DES_CBC_MD5) ||
+ (enctype == ENCTYPE_DES_CBC_RAW))
+ goto found_one;
+ }
+ ok_key++;
+ }
/* skip this because it's a new style key and we can't help it */
return 0;
found_one:;
principal->key_version = max_kvno;
- principal->max_life = entry->max_life / (60 * 5);
- principal->kdc_key_ver = 1; /* ??? not preserved incoming */
+ if ((principal->max_life = entry->max_life / (60 * 5)) > 255)
+ principal->max_life = 255;
+ principal->kdc_key_ver = arg->master_key_version;
principal->attributes = 0; /* ??? not preserved either */
fprintf(arg->f, "%s %s %d %d %d %d ",
} else {
f = stdout;
}
+
arg.comerr_name = argv[0];
arg.f = f;
+ v4init(&arg, 0);
handle_keys(&arg);
/* special handling for K.M since it isn't preserved */