From: Ezra Peisach Date: Wed, 8 May 1996 20:48:45 +0000 (+0000) Subject: Removing unbuilt directory from source tree. The functionality was X-Git-Tag: krb5-1.0-beta6~122 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=66fc8c5b0e1ac3eb39f248129b4e67c189a735ee;p=krb5.git Removing unbuilt directory from source tree. The functionality was merged with kdb5_edit August 1995. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7944 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/admin/convert/.Sanitize b/src/admin/convert/.Sanitize deleted file mode 100644 index e6c7914b2..000000000 --- a/src/admin/convert/.Sanitize +++ /dev/null @@ -1,38 +0,0 @@ -# Sanitize.in for Kerberos V5 - -# Each directory to survive it's way into a release will need a file -# like this one called "./.Sanitize". All keyword lines must exist, -# and must exist in the order specified by this file. Each directory -# in the tree will be processed, top down, in the following order. - -# Hash started lines like this one are comments and will be deleted -# before anything else is done. Blank lines will also be squashed -# out. - -# The lines between the "Do-first:" line and the "Things-to-keep:" -# line are executed as a /bin/sh shell script before anything else is -# done in this - -Do-first: - -# All files listed between the "Things-to-keep:" line and the -# "Files-to-sed:" line will be kept. All other files will be removed. -# Directories listed in this section will have their own Sanitize -# called. Directories not listed will be removed in their entirety -# with rm -rf. - -Things-to-keep: - -.cvsignore -ChangeLog -Makefile.in -configure -configure.in -kdb5_convert.M -kdb5_convert.c - -Things-to-lose: - -Do-last: - -# End of file. diff --git a/src/admin/convert/.cvsignore b/src/admin/convert/.cvsignore deleted file mode 100644 index e8c05a6b1..000000000 --- a/src/admin/convert/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -configure diff --git a/src/admin/convert/ChangeLog b/src/admin/convert/ChangeLog deleted file mode 100644 index 2273a346c..000000000 --- a/src/admin/convert/ChangeLog +++ /dev/null @@ -1,98 +0,0 @@ -Mon Aug 21 16:44:07 EDT 1995 Paul Park (pjpark@mit.edu) - * kdb5_convert.c - Interpret -k and -e arguments as strings instead of - string representations of integers (e.g. -e des-cbc-md5). - * kdb5_convert.M - Remove "ascii representation of a decimal number". - - -Thu Jul 27 14:59:53 EDT 1995 Paul Park (pjpark@mit.edu) - * configure.in - Add --with-dbm and check for already checking for dbm. - - -Mon Jul 17 14:55:58 EDT 1995 Paul Park (pjpark@mit.edu) - * configure.in - Add KADM library. - * kdb5_convert.c - Change calling sequence to krb5_db_fetch_mkey(), - using the stash file. Add KDC profile reading/handling as - a supplement to command line supplied arguments. - - -Wed Jul 12 11:55:44 EDT 1995 Paul Park (pjpark@mit.edu) - * configure.in - Temporarily add --with-kdb4 option. Default is without - kdb4. Without kdb4 enables a define. With kdb4 uses -lkdb4 and - -l[n]dbm libraries. - * kdb5_convert.c - Conditionalize references to kdb4 routines with - KDB4_DISABLE. Replace two required routines: - kdb_encrypt_key -> pcbc_encrypt - kdb_get_master_key -> des_read_password/printf/key_sched - - -Fri Jul 7 15:35:07 EDT 1995 Paul Park (pjpark@mit.edu) - * Makefile.in - Remove all explicit library handling and LDFLAGS. - * configure.in - Add appropriate USE_ and KRB5_LIBRARIES. - - -Thu Jun 15 15:27:36 EDT 1995 Paul Park (pjpark@mit.edu) - * Makefile.in - Change explicit library names to -l form, and - change target link line to use $(LD) and associated flags. - Also, for K4, use KRB4_LIB and KRB4_CRYPTO_LIB, these wer - split out. - * configure.in - Add shared library usage check. - -Fri Jun 9 18:14:06 1995 - - * configure.in: Remove standardized set of autoconf macros, which - are now handled by CONFIG_RULES. - -Fri Apr 28 18:02:53 1995 Mark Eichin - - * Makefile.in (LOCAL_LIBRARIES): put KRB4_LIB inside KLIB, and put - KDB4_LIB ahead of them both. - -Thu Apr 27 13:45:46 1995 Mark Eichin - - * Makefile.in (LOCAL_LIBRARIES): use KDB4_LIB and KRB4_LIB directly. - -Tue Mar 28 16:41:52 1995 - - * kdb5_convert.c (fixup_database, main): Set SUPPORT_DESMD5 - attribute for the krbtgt entry. - -Thu Mar 2 12:23:51 1995 Theodore Y. Ts'o - - * Makefile.in (ISODELIB): Remove reference to $(ISODELIB). - -Wed Mar 1 11:51:54 1995 Theodore Y. Ts'o - - * configure.in: Remove ISODE_INCLUDE, replace check for -lsocket - and -lnsl with WITH_NETLIB check. - -Tue Feb 28 02:04:57 1995 John Gilmore (gnu at toad.com) - - * kdb5_convert.c: Avoid and includes. - -Tue Nov 15 23:55:56 1994 Mark Eichin (eichin@cygnus.com) - - * kdb5_convert.c (enter_in_v5_db): use the correct instance for - the mod_name field. - -Thu Nov 10 17:07:54 1994 Theodore Y. Ts'o (tytso@dcl) - - * kdb5_convert.c (enter_in_v5_db): Set the keyblock magic number - and encryption type. - -Mon Oct 3 19:12:02 1994 Theodore Y. Ts'o (tytso@dcl) - - * Makefile.in: Use $(srcdir) to find manual page for make install. - -Fri Sep 30 22:06:03 1994 Theodore Y. Ts'o (tytso@dcl) - - * kdb5_convert.c: Add placeholders for magic numbers - -Thu Sep 29 22:21:21 1994 Theodore Y. Ts'o (tytso@dcl) - - * Makefile.in: Relink executable when libraries change. - -Thu Sep 15 17:11:30 1994 Theodore Y. Ts'o (tytso@dcl) - - * kdb5_convert.c (add_principal, enter_in_v5_db): Make the key - version numbers entered into the database be 1. - diff --git a/src/admin/convert/Makefile.in b/src/admin/convert/Makefile.in deleted file mode 100644 index 9a2997154..000000000 --- a/src/admin/convert/Makefile.in +++ /dev/null @@ -1,18 +0,0 @@ -CFLAGS = $(CCOPTS) $(DEFS) $(LOCALINCLUDE) - -all:: - -LOCALINCLUDE=-I$(SRCTOP)/include/kerberosIV -I$(BUILDTOP)/include/kerberosIV - -all:: kdb5_convert - -kdb5_convert: kdb5_convert.o $(DEPLIBS) - $(LD) $(LDFLAGS) $(LDARGS) -o kdb5_convert kdb5_convert.o $(LIBS) - -install:: - $(INSTALL_PROGRAM) kdb5_convert ${DESTDIR}$(ADMIN_BINDIR)/kdb5_convert - $(INSTALL_DATA) $(srcdir)/kdb5_convert.M ${DESTDIR}$(ADMIN_MANDIR)/kdb5_convert.8 - -clean:: - $(RM) kdb5_convert kdb5_convert.o - diff --git a/src/admin/convert/configure.in b/src/admin/convert/configure.in deleted file mode 100644 index c72ceb418..000000000 --- a/src/admin/convert/configure.in +++ /dev/null @@ -1,10 +0,0 @@ -AC_INIT(kdb5_convert.c) -CONFIG_RULES -AC_PROG_INSTALL -WITH_KDB4(USE_KDB4_LIBRARY,AC_DEFINE(KDB4_DISABLE)) -USE_KADM_LIBRARY -USE_KDB5_LIBRARY -USE_KRB4_LIBRARY -KRB5_LIBRARIES -V5_USE_SHARED_LIB -V5_AC_OUTPUT_MAKEFILE diff --git a/src/admin/convert/kdb5_convert.M b/src/admin/convert/kdb5_convert.M deleted file mode 100644 index 802df4a36..000000000 --- a/src/admin/convert/kdb5_convert.M +++ /dev/null @@ -1,155 +0,0 @@ -.\" admin/convert/kdb5_convert.M -.\" -.\" Copyright 1991 by the Massachusetts Institute of Technology. -.\" -.\" Export of this software from the United States of America may -.\" require a specific license from the United States Government. -.\" It is the responsibility of any person or organization contemplating -.\" export to obtain such a license before exporting. -.\" -.\" WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -.\" distribute this software and its documentation for any purpose and -.\" without fee is hereby granted, provided that the above copyright -.\" notice appear in all copies and that both that copyright notice and -.\" this permission notice appear in supporting documentation, and that -.\" the name of M.I.T. not be used in advertising or publicity pertaining -.\" to distribution of the software without specific, written prior -.\" permission. M.I.T. makes no representations about the suitability of -.\" this software for any purpose. It is provided "as is" without express -.\" or implied warranty. -.\" -.\" -.TH KDB5_CONVERT 8 "Kerberos Version 5.0" "MIT Project Athena" -.SH NAME -kdb5_convert \- convert a v4 Kerberos principal database to a v5 database -.SH SYNOPSIS -.B kdb5_convert -[ -.B \-r -.I realm -] [ -.B \-d -.I v5dbname -] [ -.B \-k -.I keytype -] [ -.B \-M -.I mkeyname -] [ -.B \-e -.I enctype -] [ -.B \-n -] -.B \-D -.I v4dbname -.br -.B kdb5_convert -[ -.B \-r -.I realm -] [ -.B \-d -.I v5dbname -] [ -.B \-k -.I keytype -] [ -.B \-M -.I mkeyname -] [ -.B \-e -.I enctype -] [ -.B \-n -] -.B \-f -.I v4dumpfile -.br -.SH DESCRIPTION -.I kdb5_convert -is used to create a Kerberos version 5 principal database and fill it -with entries from a Kerberos version 4 principal database. The user is -normally prompted two passwords: the version 5 master password, which -will be used to generate an encryption key under which all entries are -stored (in order to provide some security against database theft), and -the version 4 master password, which is used to access the entries in -the version 4 database. -.PP -The -.B \-r -.I realm -option specifies the realm for which the database should be created; -by default the realm returned by -.IR krb5_default_local_realm (3) -is used. -.PP -The -.B \-d -.I v5dbname -option specifies the name under which the version 5 principal database is to be -created; by default the database is in DEFAULT_DBM_FILE (normally -/krb5/principal). -.PP -If the -.B \-t -option is used \fIkdb5_convert\fR will create a temporary database and -rename it into place after it is loaded so that a server using the database -can continue running. It is an error for the target database to exist -if this option is not used. -.PP -The -.B \-D -.I v4dbname -option specifies the name under which the version 4 principal database -is to be found. -.PP -The -.B \-f -.I v4dumpfile -option specifies that the version 4 database should be loaded from the -dump file rather than from a principal database. -.PP -The -.B \-k -.I keytype -option specifies the key type of the master key in the database; the default -is KEYTYPE_DES. -.PP -The -.B \-M -.I mkeyname -option specifies the principal name for the master key in the database; -the default is KRB5_KDB_M_NAME (usually "K/M" in the local realm). -.PP -The -.B \-e -.I enctype -option specifies the encryption type to be used when placing entries in -the database; the default is the default encryption type for the master -keytype. -.PP -The -.B \-n -option specifies that the master key for the v4 database should be -entered manually rather than fetched from the normal v5 master key file. -The -.B \-K -option specifies that the master key for the v5 (new) database should -be entered manually rather than fetched from the normal v4 master key file. -When the -.B \-v -option is used, \fIkdb5_convert\fR prints the name of each principal it -encounters in the old database and whether the principal is being copied -to the new database or ignored. -.SH SEE ALSO -krb5(3), krb5kdc(8) -.SH BUGS -Doesn't have flexibility about expiration times. -.sp -When the underlying databases are built on the old DBM (not NDBM), the -.B \-D -option is not allowed, i.e. the -conversion must be done from a dump file rather than from a DBM -database, due to restrictions in the old DBM implementation. diff --git a/src/admin/convert/kdb5_convert.c b/src/admin/convert/kdb5_convert.c deleted file mode 100644 index 73e6f8a87..000000000 --- a/src/admin/convert/kdb5_convert.c +++ /dev/null @@ -1,931 +0,0 @@ -/* - * admin/convert/kdb5_convert.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * Generate (from scratch) a Kerberos V5 KDC database, filling it in with the - * entries from a V4 database. - * - * Code lifted from kdb5_create, kdb5_edit (v5 utilities), - * kdb_util, kdb_edit, libkdb (v4 utilities/libraries), put into a blender, - * and this is the result. - */ - -#include -#include -#include -/* MKEYFILE is now defined in kdc.h */ -#include - -static C_Block master_key; -static Key_schedule master_key_schedule; -static long master_key_version; - -#include "k5-int.h" -#include "com_err.h" -#include "adm.h" -#include "adm_proto.h" -#include - -#include /* ntohl */ - -#define PROGNAME argv[0] - -enum ap_op { - NULL_KEY, /* setup null keys */ - MASTER_KEY, /* use master key as new key */ - RANDOM_KEY /* choose a random key */ -}; - -struct realm_info { - krb5_deltat max_life; - krb5_deltat max_rlife; - krb5_timestamp expiration; - krb5_flags flags; - krb5_encrypt_block *eblock; - krb5_pointer rseed; -} rblock = { /* XXX */ - KRB5_KDB_MAX_LIFE, - KRB5_KDB_MAX_RLIFE, - KRB5_KDB_EXPIRATION, - KRB5_KDB_DEF_FLAGS, - 0 -}; - -static int verbose = 0; - -static krb5_error_code add_principal - PROTOTYPE((krb5_context, - krb5_principal, - enum ap_op, - struct realm_info *)); - -void v4fini PROTOTYPE((void)); -int v4init PROTOTYPE((char *, char *, int, char *)); -krb5_error_code enter_in_v5_db PROTOTYPE((krb5_context, char *, Principal *)); -krb5_error_code process_v4_dump PROTOTYPE((krb5_context, char *, char *)); -krb5_error_code fixup_database PROTOTYPE((krb5_context, char *)); - -int create_local_tgt = 0; - -/* - * I can't say for sure what ODBM is for, but when KDB4_DISABLE is defined, - * we are to avoid compiling any references to KDB4 functions. - */ -#if defined(ODBM) || defined(KDB4_DISABLE) -static void -usage(who, status) -char *who; -int status; -{ - fprintf(stderr, "usage: %s [-d v5dbpathname] [-t] [-n] [-r realmname] [-K] [-k keytype]\n\ -\t[-e etype] [-M mkeyname] -f inputfile\n", - who); - fprintf(stderr, "\t(You must supply a v4 database dump file for this version of %s)\n",who); - exit(status); -} -#else -static void -usage(who, status) -char *who; -int status; -{ - fprintf(stderr, "usage: %s [-d v5dbpathname] [-t] [-n] [-r realmname] [-K] [-k keytype]\n\ -\t[-e etype] [-M mkeyname] [-D v4dbpathname | -f inputfile]\n", - who); - exit(status); -} -#endif - -krb5_keyblock master_keyblock; -krb5_principal master_princ; -krb5_encrypt_block master_encblock; - -krb5_data tgt_princ_entries[] = { - {0, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME}, - {0, 0, 0} }; - -krb5_data db_creator_entries[] = { - {0, sizeof("db_creation")-1, "db_creation"} }; - -/* XXX knows about contents of krb5_principal, and that tgt names - are of form TGT/REALM@REALM */ -krb5_principal_data tgt_princ = { - 0, /* magic number */ - {0, 0, 0}, /* krb5_data realm */ - tgt_princ_entries, /* krb5_data *data */ - 2, /* int length */ - KRB5_NT_SRV_INST /* int type */ -}; - -krb5_principal_data db_create_princ = { - 0, /* magic number */ - {0, 0, 0}, /* krb5_data realm */ - db_creator_entries, /* krb5_data *data */ - 1, /* int length */ - KRB5_NT_SRV_INST /* int type */ -}; - - -void -main(argc, argv) -int argc; -char *argv[]; -{ - extern char *optarg; - int optchar; - - krb5_error_code retval; - /* The kdb library will default to this, but it is convenient to - make it explicit (error reporting and temporary filename generation - use it). */ - char *dbname = DEFAULT_KDB_FILE; - char *v4dbname = 0; - char *v4dumpfile = 0; - char *realm = 0; - char *mkey_name = 0; - char *mkey_fullname; - char *defrealm; - int keytypedone = 0; - int v4manual = 0; - int read_mkey = 0; - int tempdb = 0; - char *tempdbname; - krb5_context context; - char *stash_file = (char *) NULL; - krb5_realm_params *rparams; - - krb5_enctype etype = 0xffff; - - krb5_init_context(&context); - - krb5_init_ets(context); - - if (strrchr(argv[0], '/')) - argv[0] = strrchr(argv[0], '/')+1; - - while ((optchar = getopt(argc, argv, "d:tD:r:Kvk:M:e:nf:")) != EOF) { - switch(optchar) { - case 'd': /* set db name */ - dbname = optarg; - break; - case 'T': - create_local_tgt = 1; - break; - case 't': - tempdb = 1; - break; - case 'D': /* set db name */ -#if defined(ODBM) || defined(KDB4_DISABLE) - usage(PROGNAME, 1); -#else - if (v4dumpfile) - usage(PROGNAME, 1); - v4dbname = optarg; - break; -#endif - case 'r': - realm = optarg; - break; - case 'K': - read_mkey = 1; - break; - case 'v': - verbose = 1; - break; - case 'k': - if (!krb5_string_to_keytype(optarg, &master_keyblock.keytype)) - keytypedone++; - else - com_err(argv[0], 0, "%s is an invalid keytype", optarg); - break; - case 'M': /* master key name in DB */ - mkey_name = optarg; - break; - case 'e': - if (krb5_string_to_enctype(optarg, &etype)) - com_err(argv[0], 0, "%s is an invalid encryption type", - optarg); - break; - case 'n': - v4manual++; - break; - case 'f': - if (v4dbname) - usage(PROGNAME, 1); - v4dumpfile = optarg; - break; - case '?': - default: - usage(PROGNAME, 1); - /*NOTREACHED*/ - } - } - - /* - * Attempt to read the KDC profile. If we do, then read appropriate values - * from it and augment values supplied on the command line. - */ - if (!(retval = krb5_read_realm_params(context, - realm, - (char *) NULL, - (char *) NULL, - &rparams))) { - /* Get the value for the database */ - if (rparams->realm_dbname && !dbname) - dbname = strdup(rparams->realm_dbname); - - /* Get the value for the master key name */ - if (rparams->realm_mkey_name && !mkey_name) - mkey_name = strdup(rparams->realm_mkey_name); - - /* Get the value for the master key type */ - if (rparams->realm_keytype_valid && !keytypedone) { - master_keyblock.keytype = rparams->realm_keytype; - keytypedone++; - } - - /* Get the value for the encryption type */ - if (rparams->realm_enctype_valid && (etype == 0xffff)) - etype = rparams->realm_enctype; - - /* Get the value for the stashfile */ - if (rparams->realm_stash_file) - stash_file = strdup(rparams->realm_stash_file); - - /* Get the value for maximum ticket lifetime. */ - if (rparams->realm_max_life_valid) - rblock.max_life = rparams->realm_max_life; - - /* Get the value for maximum renewable ticket lifetime. */ - if (rparams->realm_max_rlife_valid) - rblock.max_rlife = rparams->realm_max_rlife; - - /* Get the value for the default principal expiration */ - if (rparams->realm_expiration_valid) - rblock.expiration = rparams->realm_expiration; - - /* Get the value for the default principal flags */ - if (rparams->realm_flags_valid) - rblock.flags = rparams->realm_flags; - - krb5_free_realm_params(context, rparams); - } - -#if defined(ODBM) || defined(KDB4_DISABLE) - if (!v4dumpfile) { - usage(PROGNAME, 1); - } -#endif - - if (!keytypedone) - master_keyblock.keytype = DEFAULT_KDC_KEYTYPE; - - if (!valid_keytype(master_keyblock.keytype)) { - com_err(PROGNAME, KRB5_PROG_KEYTYPE_NOSUPP, - "while setting up keytype %d", master_keyblock.keytype); - exit(1); - } - - if (etype == 0xffff) - etype = DEFAULT_KDC_ETYPE; - - if (!valid_etype(etype)) { - com_err(PROGNAME, KRB5_PROG_ETYPE_NOSUPP, - "while setting up etype %d", etype); - exit(1); - } - krb5_use_cstype(context, &master_encblock, etype); - - /* If the user has not requested locking, don't modify an existing database. */ - if (! tempdb) { - retval = krb5_db_set_name(context, dbname); - if (retval != ENOENT) { - fprintf(stderr, - "%s: The v5 database appears to already exist.\n", - PROGNAME); - exit(1); - } - tempdbname = dbname; - } else { - int dbnamelen = strlen(dbname); - tempdbname = malloc(dbnamelen + 2); - if (tempdbname == 0) { - com_err(PROGNAME, ENOMEM, "allocating temporary filename"); - exit(1); - } - strcpy(tempdbname, dbname); - tempdbname[dbnamelen] = '~'; - tempdbname[dbnamelen+1] = 0; - (void) kdb5_db_destroy(context, tempdbname); - } - - - if (!realm) { - if (retval = krb5_get_default_realm(context, &defrealm)) { - com_err(PROGNAME, retval, "while retrieving default realm name"); - exit(1); - } - realm = defrealm; - } - - /* assemble & parse the master key name */ - - if (retval = krb5_db_setup_mkey_name(context, mkey_name, realm, - &mkey_fullname, &master_princ)) { - com_err(PROGNAME, retval, "while setting up master key name"); - exit(1); - } - - krb5_princ_set_realm_data(context, &db_create_princ, realm); - krb5_princ_set_realm_length(context, &db_create_princ, strlen(realm)); - krb5_princ_set_realm_data(context, &tgt_princ, realm); - krb5_princ_set_realm_length(context, &tgt_princ, strlen(realm)); - krb5_princ_component(context, &tgt_princ,1)->data = realm; - krb5_princ_component(context, &tgt_princ,1)->length = strlen(realm); - - printf("Initializing database '%s' for realm '%s',\n\ -master key name '%s'\n", - dbname, realm, mkey_fullname); - - if (read_mkey) { - puts("You will be prompted for the version 5 database Master Password."); - puts("It is important that you NOT FORGET this password."); - fflush(stdout); - } - - if (retval = krb5_db_fetch_mkey(context, master_princ, &master_encblock, - read_mkey, read_mkey, stash_file, 0, - &master_keyblock)) { - com_err(PROGNAME, retval, "while reading master key"); - exit(1); - } - if (retval = krb5_process_key(context, &master_encblock, &master_keyblock)) { - com_err(PROGNAME, retval, "while processing master key"); - exit(1); - } - - rblock.eblock = &master_encblock; - if (retval = krb5_init_random_key(context, &master_encblock, - &master_keyblock, &rblock.rseed)) { - com_err(PROGNAME, retval, "while initializing random key generator"); - (void) krb5_finish_key(context, &master_encblock); - exit(1); - } - if (retval = krb5_db_create(context, tempdbname)) { - (void) krb5_finish_key(context, &master_encblock); - (void) krb5_finish_random_key(context, &master_encblock, &rblock.rseed); - (void) krb5_dbm_db_destroy(context, tempdbname); - com_err(PROGNAME, retval, "while creating %sdatabase '%s'", - tempdb ? "temporary " : "", tempdbname); - exit(1); - } - if (retval = krb5_db_set_name(context, tempdbname)) { - (void) krb5_finish_key(context, &master_encblock); - (void) krb5_finish_random_key(context, &master_encblock, &rblock.rseed); - (void) krb5_dbm_db_destroy(context, tempdbname); - com_err(PROGNAME, retval, "while setting active database to '%s'", - tempdbname); - exit(1); - } - if (v4init(PROGNAME, v4dbname, v4manual, v4dumpfile)) { - (void) krb5_finish_key(context, &master_encblock); - (void) krb5_finish_random_key(context, &master_encblock, &rblock.rseed); - (void) krb5_dbm_db_destroy(context, tempdbname); - exit(1); - } - if ((retval = krb5_db_init(context)) || - (retval = krb5_dbm_db_open_database(context))) { - (void) krb5_finish_key(context, &master_encblock); - (void) krb5_finish_random_key(context, &master_encblock, &rblock.rseed); - (void) krb5_dbm_db_destroy(context, tempdbname); - v4fini(); - com_err(PROGNAME, retval, "while initializing the database '%s'", - tempdbname); - exit(1); - } - - if (retval = add_principal(context, master_princ, MASTER_KEY, &rblock)) { - (void) krb5_db_fini(context); - (void) krb5_finish_key(context, &master_encblock); - (void) krb5_finish_random_key(context, &master_encblock, &rblock.rseed); - (void) krb5_dbm_db_destroy(context, tempdbname); - v4fini(); - com_err(PROGNAME, retval, "while adding K/M to the database"); - exit(1); - } - - if (create_local_tgt && - (retval = add_principal(context, &tgt_princ, RANDOM_KEY, &rblock))) { - (void) krb5_db_fini(context); - (void) krb5_finish_key(context, &master_encblock); - (void) krb5_finish_random_key(context, &master_encblock, &rblock.rseed); - (void) krb5_dbm_db_destroy(context, tempdbname); - v4fini(); - com_err(PROGNAME, retval, "while adding TGT service to the database"); - exit(1); - } - -#ifndef KDB4_DISABLE - if (v4dumpfile) - retval = process_v4_dump(context, v4dumpfile, realm); - else - retval = kerb_db_iterate(enter_in_v5_db, realm); -#else /* KDB4_DISABLE */ - retval = process_v4_dump(context, v4dumpfile, realm); -#endif /* KDB4_DISABLE */ - putchar('\n'); - if (retval) - com_err(PROGNAME, retval, "while translating entries to the database"); - else { - retval = fixup_database(context, realm); - } - - /* clean up; rename temporary database if there were no errors */ - if (retval == 0) { - if (retval = krb5_db_fini (context)) - com_err(PROGNAME, retval, "while shutting down database"); - else if (tempdb && (retval = krb5_dbm_db_rename(context, tempdbname, - dbname))) - com_err(PROGNAME, retval, "while renaming temporary database"); - } else { - (void) krb5_db_fini (context); - if (tempdb) - (void) krb5_dbm_db_destroy (context, tempdbname); - } - (void) krb5_finish_key(context, &master_encblock); - (void) krb5_finish_random_key(context, &master_encblock, &rblock.rseed); - memset((char *)master_keyblock.contents, 0, master_keyblock.length); - v4fini(); - exit(retval ? 1 : 0); -} - -void -v4fini() -{ -#if !defined(ODBM) && !defined(KDB4_DISABLE) - kerb_fini(); -#endif -} - -int -v4init(pname, name, manual, dumpfile) -char *pname, *name; -int manual; -char *dumpfile; -{ -#if !defined(ODBM) && !defined(KDB4_DISABLE) - kerb_init(); -#endif -#if !defined(KDB4_DISABLE) - if (name) { - if (kerb_db_set_name(name) != 0) { - com_err(pname, 0, - "Could not open alternate v4 database name %s\n", - name); - return 1; - } - } - if (kdb_get_master_key (manual, master_key, master_key_schedule) != 0) { - com_err(pname, 0, "Couldn't read v4 master key."); - return 1; - } -#else /* KDB4_DISABLE */ - /* - * Always reads from terminal. - */ - des_read_password(master_key, "Kerberos master key: ", 1); - printf("\n"); - key_sched(master_key, master_key_schedule); -#endif /* !KDB4_DISABLE */ -#if !defined(ODBM) && !defined(KDB4_DISABLE) - if (!dumpfile) { - if ((master_key_version = kdb_verify_master_key(master_key, - master_key_schedule, - stdout)) < 0) { - com_err(pname, 0, - "Couldn't verify v4 master key (did you type it correctly?)."); - return 1; - } - } -#endif - return 0; -} - -krb5_error_code -enter_in_v5_db(context, realm, princ) -krb5_context context; -char *realm; -Principal *princ; -{ - krb5_db_entry entry; - krb5_error_code retval; - krb5_encrypted_keyblock ekey; - krb5_keyblock v4v5key; - int nentries = 1; - des_cblock v4key; - char *name; - - /* don't convert local TGT if we created a TGT already.... */ - if (create_local_tgt && !strcmp(princ->name, "krbtgt") && - !strcmp(princ->instance, realm)) { - if (verbose) - printf("\nignoring local TGT: '%s.%s' ...", - princ->name, princ->instance); - return 0; - } - if (!strcmp(princ->name, KERB_M_NAME) && - !strcmp(princ->instance, KERB_M_INST)) { - des_cblock key_from_db; - int val; - - /* here's our chance to verify the master key */ - /* - * use the master key to decrypt the key in the db, had better - * be the same! - */ - memcpy(key_from_db, (char *)&princ->key_low, 4); - memcpy(((long *) key_from_db) + 1, (char *)&princ->key_high, 4); -#ifndef KDB4_DISABLE - kdb_encrypt_key (key_from_db, key_from_db, - master_key, master_key_schedule, DECRYPT); -#else /* KDB4_DISABLE */ - pcbc_encrypt((C_Block *) key_from_db, - (C_Block *) key_from_db, - (long) sizeof(C_Block), - master_key_schedule, - (C_Block *) master_key, - DECRYPT); -#endif /* KDB4_DISABLE */ - val = memcmp((char *) master_key, (char *) key_from_db, - sizeof(master_key)); - memset((char *)key_from_db, 0, sizeof(key_from_db)); - if (val) { - return KRB5_KDB_BADMASTERKEY; - } - if (verbose) - printf("\nignoring '%s.%s' ...", princ->name, princ->instance); - return 0; - } - memset((char *) &entry, 0, sizeof(entry)); - if (retval = krb5_425_conv_principal(context, princ->name, princ->instance, - realm, &entry.principal)) - return retval; - if (verbose) { - if (retval = krb5_unparse_name(context, entry.principal, &name)) - name = strdup(""); - if (verbose) - printf("\ntranslating %s...", name); - free(name); - } - - if (retval = krb5_build_principal(context, &entry.mod_name, strlen(realm), - realm, princ->mod_name, - princ->mod_instance[0] ? princ->mod_instance : 0, - 0)) { - krb5_free_principal(context, entry.principal); - return retval; - } - - entry.kvno = princ->key_version; - entry.max_life = princ->max_life * 60 * 5; - entry.max_renewable_life = rblock.max_rlife; - entry.mkvno = 1; - entry.expiration = princ->exp_date; - entry.mod_date = princ->mod_date; - entry.attributes = rblock.flags; /* XXX is there a way to convert - the old attrs? */ - - memcpy((char *)v4key, (char *)&(princ->key_low), 4); - memcpy((char *) (((long *) v4key) + 1), (char *)&(princ->key_high), 4); -#ifndef KDB4_DISABLE - kdb_encrypt_key (v4key, v4key, master_key, master_key_schedule, DECRYPT); -#else /* KDB4_DISABLE */ - pcbc_encrypt((C_Block *) v4key, - (C_Block *) v4key, - (long) sizeof(C_Block), - master_key_schedule, - (C_Block *) master_key, - DECRYPT); -#endif /* KDB4_DISABLE */ - - v4v5key.magic = KV5M_KEYBLOCK; - v4v5key.etype = master_keyblock.etype; - v4v5key.contents = (krb5_octet *)v4key; - v4v5key.keytype = KEYTYPE_DES; - v4v5key.length = sizeof(v4key); - - retval = krb5_kdb_encrypt_key(context, rblock.eblock, &v4v5key, &ekey); - if (retval) { - krb5_free_principal(context, entry.principal); - krb5_free_principal(context, entry.mod_name); - return retval; - } - memset((char *)v4key, 0, sizeof(v4key)); - entry.key = ekey; - entry.salt_type = KRB5_KDB_SALTTYPE_V4; - entry.salt_length = 0; - entry.salt = 0; - - retval = krb5_db_put_principal(context, &entry, &nentries); - - if (!retval && !strcmp(princ->name, "krbtgt") && - strcmp(princ->instance, realm) && princ->instance[0]) { - krb5_free_principal(context, entry.principal); - if (retval = krb5_build_principal(context, &entry.principal, - strlen(princ->instance), - princ->instance, - "krbtgt", realm, 0)) - return retval; - retval = krb5_db_put_principal(context, &entry, &nentries); - } - - krb5_free_principal(context, entry.principal); - krb5_free_principal(context, entry.mod_name); - krb5_xfree(ekey.contents); - - return retval; -} - -static krb5_error_code -add_principal(context, princ, op, pblock) -krb5_context context; -krb5_principal princ; -enum ap_op op; -struct realm_info *pblock; -{ - krb5_db_entry entry; - krb5_error_code retval; - krb5_encrypted_keyblock ekey; - krb5_keyblock *rkey; - int nentries = 1; - - memset((char *) &entry, 0, sizeof(entry)); - entry.principal = princ; - entry.kvno = 1; - entry.max_life = pblock->max_life; - entry.max_renewable_life = pblock->max_rlife; - entry.mkvno = 1; - entry.expiration = pblock->expiration; - entry.mod_name = &db_create_princ; - - if (retval = krb5_timeofday(context, &entry.mod_date)) - return retval; - entry.attributes = pblock->flags; - - switch (op) { - case MASTER_KEY: - entry.attributes |= KRB5_KDB_DISALLOW_ALL_TIX; - if (retval = krb5_kdb_encrypt_key(context, pblock->eblock, - &master_keyblock, - &ekey)) - return retval; - break; - case RANDOM_KEY: - if (retval = krb5_random_key(context, pblock->eblock, pblock->rseed, &rkey)) - return retval; - retval = krb5_kdb_encrypt_key(context, pblock->eblock, rkey, &ekey); - krb5_free_keyblock(context, rkey); - if (retval) - return retval; - break; - case NULL_KEY: - return EOPNOTSUPP; - default: - break; - } - entry.key = ekey; - entry.salt_type = KRB5_KDB_SALTTYPE_NORMAL; - entry.salt_length = 0; - entry.salt = 0; - - if (retval = krb5_db_put_principal(context, &entry, &nentries)) - return retval; - - krb5_xfree(ekey.contents); - return 0; -} - -/* - * Convert a struct tm * to a UNIX time. - */ - - -#define daysinyear(y) (((y) % 4) ? 365 : (((y) % 100) ? 366 : (((y) % 400) ? 365 : 366))) - -#define SECSPERDAY 24*60*60 -#define SECSPERHOUR 60*60 -#define SECSPERMIN 60 - -static int cumdays[] = { 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, - 365}; - -static int leapyear[] = {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}; -static int nonleapyear[] = {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}; - -long -maketime(tp, local) -register struct tm *tp; -int local; -{ - register long retval; - int foo; - int *marray; - - if (tp->tm_mon < 0 || tp->tm_mon > 11 || - tp->tm_hour < 0 || tp->tm_hour > 23 || - tp->tm_min < 0 || tp->tm_min > 59 || - tp->tm_sec < 0 || tp->tm_sec > 59) /* out of range */ - return 0; - - retval = 0; - if (tp->tm_year < 1900) - foo = tp->tm_year + 1900; - else - foo = tp->tm_year; - - if (foo < 1901 || foo > 2038) /* year is too small/large */ - return 0; - - if (daysinyear(foo) == 366) { - if (tp->tm_mon > 1) - retval+= SECSPERDAY; /* add leap day */ - marray = leapyear; - } else - marray = nonleapyear; - - if (tp->tm_mday < 0 || tp->tm_mday > marray[tp->tm_mon]) - return 0; /* out of range */ - - while (--foo >= 1970) - retval += daysinyear(foo) * SECSPERDAY; - - retval += cumdays[tp->tm_mon] * SECSPERDAY; - retval += (tp->tm_mday-1) * SECSPERDAY; - retval += tp->tm_hour * SECSPERHOUR + tp->tm_min * SECSPERMIN + tp->tm_sec; - - if (local) { - /* need to use local time, so we retrieve timezone info */ - struct timezone tz; - struct timeval tv; - if (gettimeofday(&tv, &tz) < 0) { - /* some error--give up? */ - return(retval); - } - retval += tz.tz_minuteswest * SECSPERMIN; - } - return(retval); -} - -long -time_explode(cp) -register char *cp; -{ - char wbuf[5]; - struct tm tp; - int local; - - memset((char *)&tp, 0, sizeof(tp)); - - if (strlen(cp) > 10) { /* new format */ - (void) strncpy(wbuf, cp, 4); - wbuf[4] = 0; - tp.tm_year = atoi(wbuf); - cp += 4; /* step over the year */ - local = 0; /* GMT */ - } else { /* old format: local time, - year is 2 digits, assuming 19xx */ - wbuf[0] = *cp++; - wbuf[1] = *cp++; - wbuf[2] = 0; - tp.tm_year = 1900 + atoi(wbuf); - local = 1; /* local */ - } - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - wbuf[2] = 0; - tp.tm_mon = atoi(wbuf)-1; - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - tp.tm_mday = atoi(wbuf); - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - tp.tm_hour = atoi(wbuf); - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - tp.tm_min = atoi(wbuf); - - - return(maketime(&tp, local)); -} - -krb5_error_code -process_v4_dump(context, dumpfile, realm) -krb5_context context; -char *dumpfile; -char *realm; -{ - krb5_error_code retval; - FILE *input_file; - Principal aprinc; - char exp_date_str[50]; - char mod_date_str[50]; - int temp1, temp2, temp3; - long time_explode(); - - input_file = fopen(dumpfile, "r"); - if (!input_file) - return errno; - - for (;;) { /* explicit break on eof from fscanf */ - int nread; - - memset((char *)&aprinc, 0, sizeof(aprinc)); - nread = fscanf(input_file, - "%s %s %d %d %d %hd %x %x %s %s %s %s\n", - aprinc.name, - aprinc.instance, - &temp1, - &temp2, - &temp3, - &aprinc.attributes, - &aprinc.key_low, - &aprinc.key_high, - exp_date_str, - mod_date_str, - aprinc.mod_name, - aprinc.mod_instance); - if (nread != 12) { - retval = nread == EOF ? 0 : KRB5_KDB_DB_CORRUPT; - break; - } - aprinc.key_low = ntohl (aprinc.key_low); - aprinc.key_high = ntohl (aprinc.key_high); - aprinc.max_life = (unsigned char) temp1; - aprinc.kdc_key_ver = (unsigned char) temp2; - aprinc.key_version = (unsigned char) temp3; - aprinc.exp_date = time_explode(exp_date_str); - aprinc.mod_date = time_explode(mod_date_str); - if (aprinc.instance[0] == '*') - aprinc.instance[0] = '\0'; - if (aprinc.mod_name[0] == '*') - aprinc.mod_name[0] = '\0'; - if (aprinc.mod_instance[0] == '*') - aprinc.mod_instance[0] = '\0'; - if (retval = enter_in_v5_db(context, realm, &aprinc)) - break; - } - (void) fclose(input_file); - return retval; -} - -krb5_error_code fixup_database(context, realm) - krb5_context context; - char * realm; -{ - krb5_db_entry entry; - krb5_error_code retval; - int nprincs; - krb5_boolean more; - - nprincs = 1; - if (retval = krb5_db_get_principal(context, &tgt_princ, &entry, - &nprincs, &more)) - return retval; - - if (nprincs == 0) - return 0; - - entry.attributes |= KRB5_KDB_SUPPORT_DESMD5; - - retval = krb5_db_put_principal(context, &entry, &nprincs); - - if (nprincs) - krb5_db_free_principal(context, &entry, nprincs); - - return retval; -} - -