From: Richard Basch <probe@mit.edu>
Date: Wed, 6 Mar 1996 21:37:24 +0000 (+0000)
Subject: * dumpv4.c:
X-Git-Tag: krb5-1.0-beta6~404
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=b23f955bcf38b07919bcbc22bb51e735b0dd7081;p=krb5.git

* dumpv4.c:
	  The V4 master key & schedule was never initialized,
	so the dump created by dump_v4db was garbage.   Read the V4
	master key from /.k or prompt for the V4 master key password.
	  If there is no V4-salt key in the database, but there is a DES
	key, include it in the V4 dump, in case it is merely a random
	service key for which there is no associated password.
	  Skip over K/M in the V5 database (use the entered V4 master key).
	  Both krbtgt and afs keys often have domain-qualifed instances.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7596 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/admin/edit/ChangeLog b/src/admin/edit/ChangeLog
index 9c2a77fde..7cf8b1c72 100644
--- a/src/admin/edit/ChangeLog
+++ b/src/admin/edit/ChangeLog
@@ -1,3 +1,18 @@
+Wed Mar  6 16:17:20 1996  Richard Basch  <basch@lehman.com>
+
+	* dumpv4.c: The V4 master key & schedule was never initialized,
+	so the dump created by dump_v4db was garbage.	Read the V4
+	master key from /.k or prompt for the V4 master key password.
+	  If there is no V4-salt key in the database, but there is a DES
+	key, include it in the V4 dump, in case it is merely a random 
+	service key for which there is no associated password.
+	  Skip over K/M in the V5 database (use the entered V4 master key).
+	  Both krbtgt and afs keys often have domain-qualifed instances.
+
+Tue Mar  5 12:18:22 1996  Richard Basch  <basch@lehman.com>
+
+	* dump.c: POSIX locking requires that the file be opened read-write.
+
 Mon Feb 26 22:42:09 1996  Mark Eichin  <eichin@cygnus.com>
 
 	* kdb5_edit.c: new command line option -f stashfile.
diff --git a/src/admin/edit/dumpv4.c b/src/admin/edit/dumpv4.c
index f26ef7b88..0c4cacbae 100644
--- a/src/admin/edit/dumpv4.c
+++ b/src/admin/edit/dumpv4.c
@@ -61,6 +61,34 @@ void update_ok_file();
 #define ANAME_SZ 40
 #define INST_SZ 40
 
+static char *v4_mkeyfile = "/.k";
+
+static int
+v4init(arg, manual)
+    struct dump_record *arg;
+    int manual;
+{
+    int fd;
+    int ok = 0;
+
+    if (!manual) {
+	fd = open(v4_mkeyfile, O_RDONLY, 0600);
+	if (fd >= 0) {
+	    if (read(fd,arg->v4_master_key,sizeof(C_Block)) == sizeof(C_Block))
+		ok = 1;
+	    close(fd);
+	}
+    }
+    if (!ok) {
+	des_read_password(arg->v4_master_key, "V4 Kerberos master key: ", 1);
+	printf("\n");
+    }
+    arg->master_key_version = 1;
+    key_sched(arg->v4_master_key, arg->v4_master_key_schedule);
+
+    return 0;
+}
+
 v4_print_time(file, timeval)
     FILE   *file;
     unsigned long timeval;
@@ -130,17 +158,28 @@ dump_v4_iterator(ptr, entry)
     if (!principal->name[0]) {
         strcpy(principal->name, "*");
     }
-      
-    if (entry->princ->length > 1) {
+
+    if (entry->princ->length > 2) {
+	free(name);
+	return 0;
+    } else if (entry->princ->length > 1) {
         char *inst;
         strncpy(principal->instance,
 	        krb5_princ_component(edit_context, entry->princ, 1)->data, 
 	        INST_SZ);
-        inst = strchr(principal->instance, '.');
-        if (inst && strcmp(principal->name, "krbtgt")) {
+        if ((inst = strchr(principal->instance, '.')) &&
+	    strcmp(principal->name, "krbtgt") &&
+	    strcmp(principal->name, "afs"))
+	{
 	    /* nuke domain off the end of anything that isn't a tgt */
 	    *inst = '\0';
         }
+	if (!strcmp(principal->name, "K") && !strcmp(principal->instance, "M"))
+	{
+	    /* The V4 master key is handled specially */
+	    free(name);
+	    return 0;
+	}
     } else {
         principal->instance[0] = '*';
         principal->instance[1] = '\0';
@@ -182,6 +221,8 @@ dump_v4_iterator(ptr, entry)
 	     ok_key = i;
 	}
     }
+
+    i = ok_key;
     while (ok_key < entry->n_key_data) {
 	if (max_kvno == entry->key_data[ok_key].key_data_kvno) {
 	    if (entry->key_data[ok_key].key_data_type[1]
@@ -191,13 +232,27 @@ dump_v4_iterator(ptr, entry)
 	}
 	ok_key++;
     }
+
+    /* See if there are any DES keys that may be suitable */
+    ok_key = i;
+    while (ok_key < entry->n_key_data) {
+	if (max_kvno == entry->key_data[ok_key].key_data_kvno) {
+	    krb5_enctype enctype = entry->key_data[ok_key].key_data_type[0];
+	    if ((enctype == ENCTYPE_DES_CBC_CRC) ||
+		(enctype == ENCTYPE_DES_CBC_MD5) ||
+		(enctype == ENCTYPE_DES_CBC_RAW))
+		goto found_one;
+	}
+	ok_key++;
+    }
     /* skip this because it's a new style key and we can't help it */
     return 0;
 
 found_one:;
     principal->key_version = max_kvno;
-    principal->max_life = entry->max_life / (60 * 5);
-    principal->kdc_key_ver = 1; /* ??? not preserved incoming */
+    if ((principal->max_life = entry->max_life / (60 * 5)) > 255)
+	principal->max_life = 255;
+    principal->kdc_key_ver = arg->master_key_version;
     principal->attributes = 0;	/* ??? not preserved either */
 
     fprintf(arg->f, "%s %s %d %d %d %d ",
@@ -261,8 +316,10 @@ void dump_v4db(argc, argv)
 	} else {
 		f = stdout;
 	}
+
 	arg.comerr_name = argv[0];
 	arg.f = f;
+	v4init(&arg, 0);
 	handle_keys(&arg);
 
 	/* special handling for K.M since it isn't preserved */