recording cvs-1.6 file death
This commit is contained in:
-49
@@ -1,49 +0,0 @@
|
||||
$Id$
|
||||
|
||||
This file lists hardware, which doesn't do what it should do.
|
||||
|
||||
Due to the nature of FreeBSD, we do not have the resources to test all
|
||||
possible kinds of hardware. We do however every now and then find, buy
|
||||
or hear about hardware which doesn't work with FreeBSD or in general.
|
||||
|
||||
This is that list.
|
||||
|
||||
To be added to this list, a piece of hardware has to:
|
||||
A: not do what it claims.
|
||||
or
|
||||
B: not do what common sense would expect it to.
|
||||
|
||||
Only if performance claims are wildly of the mark will it be listed here.
|
||||
|
||||
All entries must have a date and a mail-address associated with them, to
|
||||
reflect when and by whom they were added.
|
||||
For multifunctional devices, please indicate if other parts of the device
|
||||
work OK, or are untested.
|
||||
For mutual incompabilities, list both devices.
|
||||
For SCSI and IDE-devices, list the string seen on boot of FreeBSD, if
|
||||
possible, and trade name.
|
||||
Infer format from other entries, Keep sorted by first line.
|
||||
|
||||
Thankyou.
|
||||
|
||||
---
|
||||
Controller, Data Technology DTC2280, "PC/AT Super I/O Card"
|
||||
IDE interface can be set to secondary address, but doesn't work there. Suspect
|
||||
Interrupt isn't moved along. Works fine on primary address. Other parts of
|
||||
card not tested.
|
||||
19940828 phk@freefall.cdrom.com
|
||||
---
|
||||
IDE-disk, <Maxtor 7345 AT>, "Maxtor 7345"
|
||||
Cannot coexist on the same IDE-controller with a <WDC AC2540H>, "Western
|
||||
Digital Caviar 2540" disk. Jumpers not exhaustively experimented with, as
|
||||
neither of the companies make sufficient information available. Disk works
|
||||
fine when alone on IDE-controller.
|
||||
19940828 phk@freefall.cdrom.com
|
||||
---
|
||||
IDE-disk, <WDC AC2540H>, "Western Digital Caviar 2540"
|
||||
Cannot coexist on the same IDE-controller with a <Maxtor 7345 AT>, "Maxtor
|
||||
7345" disk. Jumpers not exhaustively experimented with, as neither of the
|
||||
companies make sufficient information available. Disk works fine when alone
|
||||
on IDE-controller.
|
||||
19940828 phk@freefall.cdrom.com
|
||||
---
|
||||
@@ -1,69 +0,0 @@
|
||||
-----------------------------------------
|
||||
FreeBSD 2.0 --- ALPHA Release , ,
|
||||
----------------------------------------- /( )`
|
||||
\ \___ / |
|
||||
Welcome to the ALPHA release of FreeBSD 2.0 - the /- _ `-/ '
|
||||
first public snapshot of our new 4.4BSD Lite based (/\/ \ \ /\
|
||||
operating system environment. This install proce- / / | ` \
|
||||
dure is also at the ALPHA stage, and contains only O O ) / |
|
||||
the minimum functionality required by an `-^--'`< '
|
||||
*EXPERIENCED* person to install the system. (_.) _ ) /
|
||||
It is our hope, of course, that the feedback `.___/` /
|
||||
provided from this snapshot will `-----' /
|
||||
greatly assist us in making the release <----. __ / __ \
|
||||
of 2.0 much more user friendly. Your <----|====O)))==) \) /====
|
||||
comments and criticisms are very <----' `--' `.__,' \
|
||||
valuable to us, so please don't hesitate | |
|
||||
in contacting us! Full details on where and \ / /\
|
||||
how to provide feedback are given below. ______( (_ / \______/
|
||||
,' ,-----' |
|
||||
This install procedure is ALPHA code, and `--{__________)
|
||||
may very possibly *DESTROY* the contents of your
|
||||
ENTIRE DISK! Please do not proceed with this installation
|
||||
unless you've adequately backed up your data first!
|
||||
|
||||
If any errors occur during this installation, you can see them
|
||||
by toggling over to the alternate screen - type ALT-F2 to switch
|
||||
over, ALT-F1 to switch back to the install screen. The debugging
|
||||
output on the second screen may be very valuable to us in understanding
|
||||
your bug report, so please be sure to take note of it when reporting
|
||||
any failures in the installation! Thanks!
|
||||
|
||||
Menus and scrolling output windows may be traversed with the arrow
|
||||
and Page Up/Page Down keys. To suspend the installation at any point,
|
||||
hit ESC twice. Hitting TAB will move the focus to different controls.
|
||||
If you've ever dealt with a DOS installation, you'll know how to deal
|
||||
with this.
|
||||
|
||||
For a more complete description of what's new in this release, please
|
||||
see the release notes.
|
||||
|
||||
For more documentation on this system, it is recommended that you purchase
|
||||
the 4.4BSD Document Set from O'Reilly Associates and the USENIX Association.
|
||||
ISBN 1-56592-082-1 We have no connection with O'Reilly, we're just
|
||||
satisfied customers!
|
||||
|
||||
Have fun, and please let us know of any problems you encounter with
|
||||
this release!
|
||||
|
||||
Comments should be sent to:
|
||||
|
||||
hackers@FreeBSD.org
|
||||
|
||||
Bug reports should be sent using the `send-pr' utility, if you
|
||||
were able to get the system installed, otherwise to:
|
||||
|
||||
bugs@FreeBSD.org
|
||||
|
||||
And general questions to:
|
||||
|
||||
questions@FreeBSD.org
|
||||
|
||||
|
||||
Please have patience if your questions are not answered right away -
|
||||
this is an especially busy time for us, and our volunteer resources
|
||||
are often strained to the limit (if not somewhat past!).
|
||||
|
||||
Thanks!
|
||||
|
||||
The FreeBSD Project
|
||||
@@ -1,14 +0,0 @@
|
||||
# From: @(#)Makefile 5.1 (Berkeley) 6/25/90
|
||||
# $Id: Makefile,v 1.4 1995/07/18 16:34:47 mark Exp $
|
||||
|
||||
LIB= acl
|
||||
SHLIB_MAJOR= 2
|
||||
SHLIB_MINOR= 0
|
||||
CFLAGS+=-DDEBUG -DKERBEROS -I${.CURDIR}/../include -Wall
|
||||
SRCS= acl_files.c
|
||||
MAN3= acl_check.3
|
||||
MLINKS= acl_check.3 acl_canonicalize_principal.3 \
|
||||
acl_check.3 acl_exact_match.3 acl_check.3 acl_add.3 \
|
||||
acl_check.3 acl_delete.3 acl_check.3 acl_initialize.3
|
||||
|
||||
.include <bsd.lib.mk>
|
||||
@@ -1,183 +0,0 @@
|
||||
.\" from: acl_check.3,v 4.1 89/01/23 11:06:54 jtkohl Exp $
|
||||
.\" $Id: acl_check.3,v 1.1.1.1 1994/09/30 14:50:05 csgr Exp $
|
||||
.\" Copyright 1989 by the Massachusetts Institute of Technology.
|
||||
.\"
|
||||
.\" For copying and distribution information,
|
||||
.\" please see the file <Copyright.MIT>.
|
||||
.\"
|
||||
.TH ACL_CHECK 3 "Kerberos Version 4.0" "MIT Project Athena"
|
||||
.SH NAME
|
||||
acl_canonicalize_principal, acl_check, acl_exact_match, acl_add,
|
||||
acl_delete, acl_initialize \- Access control list routines
|
||||
.SH SYNOPSIS
|
||||
.nf
|
||||
.nj
|
||||
.ft B
|
||||
cc <files> \-lacl \-lkrb
|
||||
.PP
|
||||
.ft B
|
||||
#include <kerberosIV/krb.h>
|
||||
.PP
|
||||
.ft B
|
||||
acl_canonicalize_principal(principal, buf)
|
||||
char *principal;
|
||||
char *buf;
|
||||
.PP
|
||||
.ft B
|
||||
acl_check(acl, principal)
|
||||
char *acl;
|
||||
char *principal;
|
||||
.PP
|
||||
.ft B
|
||||
acl_exact_match(acl, principal)
|
||||
char *acl;
|
||||
char *principal;
|
||||
.PP
|
||||
.ft B
|
||||
acl_add(acl, principal)
|
||||
char *acl;
|
||||
char *principal;
|
||||
.PP
|
||||
.ft B
|
||||
acl_delete(acl, principal)
|
||||
char *acl;
|
||||
char *principal;
|
||||
.PP
|
||||
.ft B
|
||||
acl_initialize(acl_file, mode)
|
||||
char *acl_file;
|
||||
int mode;
|
||||
.fi
|
||||
.ft R
|
||||
.SH DESCRIPTION
|
||||
.SS Introduction
|
||||
.PP
|
||||
An access control list (ACL) is a list of principals, where each
|
||||
principal is represented by a text string which cannot contain
|
||||
whitespace. The library allows application programs to refer to named
|
||||
access control lists to test membership and to atomically add and
|
||||
delete principals using a natural and intuitive interface. At
|
||||
present, the names of access control lists are required to be Unix
|
||||
filenames, and refer to human-readable Unix files; in the future, when
|
||||
a networked ACL server is implemented, the names may refer to a
|
||||
different namespace specific to the ACL service.
|
||||
.PP
|
||||
.SS Principal Names
|
||||
.PP
|
||||
Principal names have the form
|
||||
.nf
|
||||
.in +5n
|
||||
<name>[.<instance>][@<realm>]
|
||||
.in -5n
|
||||
e.g.:
|
||||
.in +5n
|
||||
asp
|
||||
asp.root
|
||||
asp@ATHENA.MIT.EDU
|
||||
asp.@ATHENA.MIT.EDU
|
||||
asp.root@ATHENA.MIT.EDU
|
||||
.in -5n
|
||||
.fi
|
||||
It is possible for principals to be underspecified. If an instance is
|
||||
missing, it is assumed to be "". If realm is missing, it is assumed
|
||||
to be the local realm as determined by
|
||||
.IR krb_get_lrealm (3).
|
||||
The canonical form contains all of name, instance,
|
||||
and realm; the acl_add and acl_delete routines will always
|
||||
leave the file in that form. Note that the canonical form of
|
||||
asp@ATHENA.MIT.EDU is actually asp.@ATHENA.MIT.EDU.
|
||||
.SS Routines
|
||||
.PP
|
||||
.I acl_canonicalize_principal
|
||||
stores the canonical form of
|
||||
.I principal
|
||||
in
|
||||
.IR buf .
|
||||
.I Buf
|
||||
must contain enough
|
||||
space to store a principal, given the limits on the sizes of name,
|
||||
instance, and realm specified as ANAME_SZ, INST_SZ, and REALM_SZ,
|
||||
respectively, in
|
||||
.IR /usr/include/kerberosIV/krb.h .
|
||||
.PP
|
||||
.I acl_check
|
||||
returns nonzero if
|
||||
.I principal
|
||||
appears in
|
||||
.IR acl .
|
||||
Returns 0 if principal
|
||||
does not appear in acl, or if an error occurs. Canonicalizes
|
||||
principal before checking, and allows the ACL to contain wildcards. The
|
||||
only supported wildcards are entries of the form
|
||||
name.*@realm, *.*@realm, and *.*@*. An asterisk matches any value for the
|
||||
its component field. For example, "jtkohl.*@*" would match principal
|
||||
jtkohl, with any instance and any realm.
|
||||
.PP
|
||||
.I acl_exact_match
|
||||
performs like
|
||||
.IR acl_check ,
|
||||
but does no canonicalization or wildcard matching.
|
||||
.PP
|
||||
.I acl_add
|
||||
atomically adds
|
||||
.I principal
|
||||
to
|
||||
.IR acl .
|
||||
Returns 0 if successful, nonzero otherwise. It is considered a failure
|
||||
if
|
||||
.I principal
|
||||
is already in
|
||||
.IR acl .
|
||||
This routine will canonicalize
|
||||
.IR principal ,
|
||||
but will treat wildcards literally.
|
||||
.PP
|
||||
.I acl_delete
|
||||
atomically deletes
|
||||
.I principal
|
||||
from
|
||||
.IR acl .
|
||||
Returns 0 if successful,
|
||||
nonzero otherwise. It is considered a failure if
|
||||
.I principal
|
||||
is not
|
||||
already in
|
||||
.IR acl .
|
||||
This routine will canonicalize
|
||||
.IR principal ,
|
||||
but will treat wildcards literally.
|
||||
.PP
|
||||
.I acl_initialize
|
||||
initializes
|
||||
.IR acl_file .
|
||||
If the file
|
||||
.I acl_file
|
||||
does not exist,
|
||||
.I acl_initialize
|
||||
creates it with mode
|
||||
.IR mode .
|
||||
If the file
|
||||
.I acl_file
|
||||
exists,
|
||||
.I acl_initialize
|
||||
removes all members. Returns 0 if successful,
|
||||
nonzero otherwise. WARNING: Mode argument is likely to change with
|
||||
the eventual introduction of an ACL service.
|
||||
.SH NOTES
|
||||
In the presence of concurrency, there is a very small chance that
|
||||
.I acl_add
|
||||
or
|
||||
.I acl_delete
|
||||
could report success even though it would have
|
||||
had no effect. This is a necessary side effect of using lock files
|
||||
for concurrency control rather than flock(2), which is not supported
|
||||
by NFS.
|
||||
.PP
|
||||
The current implementation caches ACLs in memory in a hash-table
|
||||
format for increased efficiency in checking membership; one effect of
|
||||
the caching scheme is that one file descriptor will be kept open for
|
||||
each ACL cached, up to a maximum of 8.
|
||||
.SH SEE ALSO
|
||||
kerberos(3), krb_get_lrealm(3)
|
||||
.SH AUTHOR
|
||||
James Aspnes (MIT Project Athena)
|
||||
@@ -1,555 +0,0 @@
|
||||
/*
|
||||
*
|
||||
* Copyright 1987,1989 by the Massachusetts Institute of Technology.
|
||||
*
|
||||
* For copying and distribution information, please see the file
|
||||
* <mit-copyright.h>.
|
||||
*
|
||||
* from: acl_files.c,v 4.4 89/12/19 13:30:53 jtkohl Exp $
|
||||
* $Id: acl_files.c,v 1.3 1995/07/18 16:34:49 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: acl_files.c,v 1.3 1995/07/18 16:34:49 mark Exp $";
|
||||
#endif lint
|
||||
#endif
|
||||
|
||||
|
||||
/*** Routines for manipulating access control list files ***/
|
||||
|
||||
#include <unistd.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <strings.h>
|
||||
#include <sys/file.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/errno.h>
|
||||
#include <ctype.h>
|
||||
#include "krb.h"
|
||||
|
||||
__BEGIN_DECLS
|
||||
static int acl_abort __P((char *, FILE *));
|
||||
__END_DECLS
|
||||
|
||||
#ifndef KRB_REALM
|
||||
#define KRB_REALM "ATHENA.MIT.EDU"
|
||||
#endif
|
||||
|
||||
/* "aname.inst@realm" */
|
||||
#define MAX_PRINCIPAL_SIZE (ANAME_SZ + INST_SZ + REALM_SZ + 3)
|
||||
#define INST_SEP '.'
|
||||
#define REALM_SEP '@'
|
||||
|
||||
#define LINESIZE 2048 /* Maximum line length in an acl file */
|
||||
|
||||
#define NEW_FILE "%s.~NEWACL~" /* Format for name of altered acl file */
|
||||
#define WAIT_TIME 300 /* Maximum time allowed write acl file */
|
||||
|
||||
#define CACHED_ACLS 8 /* How many acls to cache */
|
||||
/* Each acl costs 1 open file descriptor */
|
||||
#define ACL_LEN 16 /* Twice a reasonable acl length */
|
||||
|
||||
#define MAX(a,b) (((a)>(b))?(a):(b))
|
||||
#define MIN(a,b) (((a)<(b))?(a):(b))
|
||||
|
||||
#define COR(a,b) ((a!=NULL)?(a):(b))
|
||||
|
||||
/* Canonicalize a principal name */
|
||||
/* If instance is missing, it becomes "" */
|
||||
/* If realm is missing, it becomes the local realm */
|
||||
/* Canonicalized form is put in canon, which must be big enough to hold
|
||||
MAX_PRINCIPAL_SIZE characters */
|
||||
void
|
||||
acl_canonicalize_principal(principal, canon)
|
||||
char *principal;
|
||||
char *canon;
|
||||
{
|
||||
char *dot, *atsign, *end;
|
||||
int len;
|
||||
|
||||
dot = index(principal, INST_SEP);
|
||||
atsign = index(principal, REALM_SEP);
|
||||
|
||||
/* Maybe we're done already */
|
||||
if(dot != NULL && atsign != NULL) {
|
||||
if(dot < atsign) {
|
||||
/* It's for real */
|
||||
/* Copy into canon */
|
||||
strncpy(canon, principal, MAX_PRINCIPAL_SIZE);
|
||||
canon[MAX_PRINCIPAL_SIZE-1] = '\0';
|
||||
return;
|
||||
} else {
|
||||
/* Nope, it's part of the realm */
|
||||
dot = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
/* No such luck */
|
||||
end = principal + strlen(principal);
|
||||
|
||||
/* Get the principal name */
|
||||
len = MIN(ANAME_SZ, COR(dot, COR(atsign, end)) - principal);
|
||||
strncpy(canon, principal, len);
|
||||
canon += len;
|
||||
|
||||
/* Add INST_SEP */
|
||||
*canon++ = INST_SEP;
|
||||
|
||||
/* Get the instance, if it exists */
|
||||
if(dot != NULL) {
|
||||
++dot;
|
||||
len = MIN(INST_SZ, COR(atsign, end) - dot);
|
||||
strncpy(canon, dot, len);
|
||||
canon += len;
|
||||
}
|
||||
|
||||
/* Add REALM_SEP */
|
||||
*canon++ = REALM_SEP;
|
||||
|
||||
/* Get the realm, if it exists */
|
||||
/* Otherwise, default to local realm */
|
||||
if(atsign != NULL) {
|
||||
++atsign;
|
||||
len = MIN(REALM_SZ, end - atsign);
|
||||
strncpy(canon, atsign, len);
|
||||
canon += len;
|
||||
*canon++ = '\0';
|
||||
} else if(krb_get_lrealm(canon, 1) != KSUCCESS) {
|
||||
strcpy(canon, KRB_REALM);
|
||||
}
|
||||
}
|
||||
|
||||
/* Get a lock to modify acl_file */
|
||||
/* Return new FILE pointer */
|
||||
/* or NULL if file cannot be modified */
|
||||
/* REQUIRES WRITE PERMISSION TO CONTAINING DIRECTORY */
|
||||
static FILE *
|
||||
acl_lock_file(acl_file)
|
||||
char *acl_file;
|
||||
{
|
||||
struct stat s;
|
||||
char new[LINESIZE];
|
||||
int nfd;
|
||||
FILE *nf;
|
||||
int mode;
|
||||
|
||||
if(stat(acl_file, &s) < 0) return(NULL);
|
||||
mode = s.st_mode;
|
||||
sprintf(new, NEW_FILE, acl_file);
|
||||
for(;;) {
|
||||
/* Open the new file */
|
||||
if((nfd = open(new, O_WRONLY|O_CREAT|O_EXCL, mode)) < 0) {
|
||||
if(errno == EEXIST) {
|
||||
/* Maybe somebody got here already, maybe it's just old */
|
||||
if(stat(new, &s) < 0) return(NULL);
|
||||
if(time(0) - s.st_ctime > WAIT_TIME) {
|
||||
/* File is stale, kill it */
|
||||
unlink(new);
|
||||
continue;
|
||||
} else {
|
||||
/* Wait and try again */
|
||||
sleep(1);
|
||||
continue;
|
||||
}
|
||||
} else {
|
||||
/* Some other error, we lose */
|
||||
return(NULL);
|
||||
}
|
||||
}
|
||||
|
||||
/* If we got to here, the lock file is ours and ok */
|
||||
/* Reopen it under stdio */
|
||||
if((nf = fdopen(nfd, "w")) == NULL) {
|
||||
/* Oops, clean up */
|
||||
unlink(new);
|
||||
}
|
||||
return(nf);
|
||||
}
|
||||
}
|
||||
|
||||
/* Commit changes to acl_file written onto FILE *f */
|
||||
/* Returns zero if successful */
|
||||
/* Returns > 0 if lock was broken */
|
||||
/* Returns < 0 if some other error occurs */
|
||||
/* Closes f */
|
||||
static int
|
||||
acl_commit(acl_file, f)
|
||||
char *acl_file;
|
||||
FILE *f;
|
||||
{
|
||||
char new[LINESIZE];
|
||||
int ret;
|
||||
struct stat s;
|
||||
|
||||
sprintf(new, NEW_FILE, acl_file);
|
||||
if(fflush(f) < 0
|
||||
|| fstat(fileno(f), &s) < 0
|
||||
|| s.st_nlink == 0) {
|
||||
acl_abort(acl_file, f);
|
||||
return(-1);
|
||||
}
|
||||
|
||||
ret = rename(new, acl_file);
|
||||
fclose(f);
|
||||
return(ret);
|
||||
}
|
||||
|
||||
/*
|
||||
* Abort changes to acl_file written onto FILE *f
|
||||
* Returns 0 if successful, < 0 otherwise
|
||||
* Closes f
|
||||
*/
|
||||
static int
|
||||
acl_abort(acl_file, f)
|
||||
char *acl_file;
|
||||
FILE *f;
|
||||
{
|
||||
char new[LINESIZE];
|
||||
int ret;
|
||||
struct stat s;
|
||||
|
||||
/* make sure we aren't nuking someone else's file */
|
||||
if(fstat(fileno(f), &s) < 0 || s.st_nlink == 0) {
|
||||
fclose(f);
|
||||
return(-1);
|
||||
} else {
|
||||
sprintf(new, NEW_FILE, acl_file);
|
||||
ret = unlink(new);
|
||||
fclose(f);
|
||||
return(ret);
|
||||
}
|
||||
}
|
||||
|
||||
/* Initialize an acl_file */
|
||||
/* Creates the file with permissions perm if it does not exist */
|
||||
/* Erases it if it does */
|
||||
/* Returns return value of acl_commit */
|
||||
int
|
||||
acl_initialize(acl_file, perm)
|
||||
char *acl_file;
|
||||
int perm;
|
||||
{
|
||||
FILE *new;
|
||||
int fd;
|
||||
|
||||
/* Check if the file exists already */
|
||||
if((new = acl_lock_file(acl_file)) != NULL) {
|
||||
return(acl_commit(acl_file, new));
|
||||
} else {
|
||||
/* File must be readable and writable by owner */
|
||||
if((fd = open(acl_file, O_CREAT|O_EXCL, perm|0600)) < 0) {
|
||||
return(-1);
|
||||
} else {
|
||||
close(fd);
|
||||
return(0);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Eliminate all whitespace character in buf */
|
||||
/* Modifies its argument */
|
||||
static void
|
||||
nuke_whitespace(buf)
|
||||
char *buf;
|
||||
{
|
||||
register char *pin, *pout;
|
||||
|
||||
for(pin = pout = buf; *pin != '\0'; pin++)
|
||||
if(!isspace(*pin)) *pout++ = *pin;
|
||||
*pout = '\0'; /* Terminate the string */
|
||||
}
|
||||
|
||||
/* Hash table stuff */
|
||||
|
||||
struct hashtbl {
|
||||
int size; /* Max number of entries */
|
||||
int entries; /* Actual number of entries */
|
||||
char **tbl; /* Pointer to start of table */
|
||||
};
|
||||
|
||||
/* Make an empty hash table of size s */
|
||||
static struct hashtbl *
|
||||
make_hash(size)
|
||||
int size;
|
||||
{
|
||||
struct hashtbl *h;
|
||||
|
||||
if(size < 1) size = 1;
|
||||
h = (struct hashtbl *) malloc(sizeof(struct hashtbl));
|
||||
h->size = size;
|
||||
h->entries = 0;
|
||||
h->tbl = (char **) calloc(size, sizeof(char *));
|
||||
return(h);
|
||||
}
|
||||
|
||||
/* Destroy a hash table */
|
||||
static void
|
||||
destroy_hash(h)
|
||||
struct hashtbl *h;
|
||||
{
|
||||
int i;
|
||||
|
||||
for(i = 0; i < h->size; i++) {
|
||||
if(h->tbl[i] != NULL) free(h->tbl[i]);
|
||||
}
|
||||
free(h->tbl);
|
||||
free(h);
|
||||
}
|
||||
|
||||
/* Compute hash value for a string */
|
||||
static unsigned
|
||||
hashval(s)
|
||||
register char *s;
|
||||
{
|
||||
register unsigned hv;
|
||||
|
||||
for(hv = 0; *s != '\0'; s++) {
|
||||
hv ^= ((hv << 3) ^ *s);
|
||||
}
|
||||
return(hv);
|
||||
}
|
||||
|
||||
/* Add an element to a hash table */
|
||||
static void
|
||||
add_hash(h, el)
|
||||
struct hashtbl *h;
|
||||
char *el;
|
||||
{
|
||||
unsigned hv;
|
||||
char *s;
|
||||
char **old;
|
||||
int i;
|
||||
|
||||
/* Make space if it isn't there already */
|
||||
if(h->entries + 1 > (h->size >> 1)) {
|
||||
old = h->tbl;
|
||||
h->tbl = (char **) calloc(h->size << 1, sizeof(char *));
|
||||
for(i = 0; i < h->size; i++) {
|
||||
if(old[i] != NULL) {
|
||||
hv = hashval(old[i]) % (h->size << 1);
|
||||
while(h->tbl[hv] != NULL) hv = (hv+1) % (h->size << 1);
|
||||
h->tbl[hv] = old[i];
|
||||
}
|
||||
}
|
||||
h->size = h->size << 1;
|
||||
free(old);
|
||||
}
|
||||
|
||||
hv = hashval(el) % h->size;
|
||||
while(h->tbl[hv] != NULL && strcmp(h->tbl[hv], el)) hv = (hv+1) % h->size;
|
||||
s = malloc(strlen(el)+1);
|
||||
strcpy(s, el);
|
||||
h->tbl[hv] = s;
|
||||
h->entries++;
|
||||
}
|
||||
|
||||
/* Returns nonzero if el is in h */
|
||||
static int
|
||||
check_hash(h, el)
|
||||
struct hashtbl *h;
|
||||
char *el;
|
||||
{
|
||||
unsigned hv;
|
||||
|
||||
for(hv = hashval(el) % h->size;
|
||||
h->tbl[hv] != NULL;
|
||||
hv = (hv + 1) % h->size) {
|
||||
if(!strcmp(h->tbl[hv], el)) return(1);
|
||||
}
|
||||
return(0);
|
||||
}
|
||||
|
||||
struct acl {
|
||||
char filename[LINESIZE]; /* Name of acl file */
|
||||
int fd; /* File descriptor for acl file */
|
||||
struct stat status; /* File status at last read */
|
||||
struct hashtbl *acl; /* Acl entries */
|
||||
};
|
||||
|
||||
static struct acl acl_cache[CACHED_ACLS];
|
||||
|
||||
static int acl_cache_count = 0;
|
||||
static int acl_cache_next = 0;
|
||||
|
||||
/* Returns < 0 if unsuccessful in loading acl */
|
||||
/* Returns index into acl_cache otherwise */
|
||||
/* Note that if acl is already loaded, this is just a lookup */
|
||||
static int
|
||||
acl_load(name)
|
||||
char *name;
|
||||
{
|
||||
int i;
|
||||
FILE *f;
|
||||
struct stat s;
|
||||
char buf[MAX_PRINCIPAL_SIZE];
|
||||
char canon[MAX_PRINCIPAL_SIZE];
|
||||
|
||||
/* See if it's there already */
|
||||
for(i = 0; i < acl_cache_count; i++) {
|
||||
if(!strcmp(acl_cache[i].filename, name)
|
||||
&& acl_cache[i].fd >= 0) goto got_it;
|
||||
}
|
||||
|
||||
/* It isn't, load it in */
|
||||
/* maybe there's still room */
|
||||
if(acl_cache_count < CACHED_ACLS) {
|
||||
i = acl_cache_count++;
|
||||
} else {
|
||||
/* No room, clean one out */
|
||||
i = acl_cache_next;
|
||||
acl_cache_next = (acl_cache_next + 1) % CACHED_ACLS;
|
||||
close(acl_cache[i].fd);
|
||||
if(acl_cache[i].acl) {
|
||||
destroy_hash(acl_cache[i].acl);
|
||||
acl_cache[i].acl = (struct hashtbl *) 0;
|
||||
}
|
||||
}
|
||||
|
||||
/* Set up the acl */
|
||||
strcpy(acl_cache[i].filename, name);
|
||||
if((acl_cache[i].fd = open(name, O_RDONLY, 0)) < 0) return(-1);
|
||||
/* Force reload */
|
||||
acl_cache[i].acl = (struct hashtbl *) 0;
|
||||
|
||||
got_it:
|
||||
/*
|
||||
* See if the stat matches
|
||||
*
|
||||
* Use stat(), not fstat(), as the file may have been re-created by
|
||||
* acl_add or acl_delete. If this happens, the old inode will have
|
||||
* no changes in the mod-time and the following test will fail.
|
||||
*/
|
||||
if(stat(acl_cache[i].filename, &s) < 0) return(-1);
|
||||
if(acl_cache[i].acl == (struct hashtbl *) 0
|
||||
|| s.st_nlink != acl_cache[i].status.st_nlink
|
||||
|| s.st_mtime != acl_cache[i].status.st_mtime
|
||||
|| s.st_ctime != acl_cache[i].status.st_ctime) {
|
||||
/* Gotta reload */
|
||||
if(acl_cache[i].fd >= 0) close(acl_cache[i].fd);
|
||||
if((acl_cache[i].fd = open(name, O_RDONLY, 0)) < 0) return(-1);
|
||||
if((f = fdopen(acl_cache[i].fd, "r")) == NULL) return(-1);
|
||||
if(acl_cache[i].acl) destroy_hash(acl_cache[i].acl);
|
||||
acl_cache[i].acl = make_hash(ACL_LEN);
|
||||
while(fgets(buf, sizeof(buf), f) != NULL) {
|
||||
nuke_whitespace(buf);
|
||||
acl_canonicalize_principal(buf, canon);
|
||||
add_hash(acl_cache[i].acl, canon);
|
||||
}
|
||||
fclose(f);
|
||||
acl_cache[i].status = s;
|
||||
}
|
||||
return(i);
|
||||
}
|
||||
|
||||
/* Returns nonzero if it can be determined that acl contains principal */
|
||||
/* Principal is not canonicalized, and no wildcarding is done */
|
||||
int
|
||||
acl_exact_match(acl, principal)
|
||||
char *acl;
|
||||
char *principal;
|
||||
{
|
||||
int idx;
|
||||
|
||||
return((idx = acl_load(acl)) >= 0
|
||||
&& check_hash(acl_cache[idx].acl, principal));
|
||||
}
|
||||
|
||||
/* Returns nonzero if it can be determined that acl contains principal */
|
||||
/* Recognizes wildcards in acl of the form
|
||||
name.*@realm, *.*@realm, and *.*@* */
|
||||
int
|
||||
acl_check(acl, principal)
|
||||
char *acl;
|
||||
char *principal;
|
||||
{
|
||||
char buf[MAX_PRINCIPAL_SIZE];
|
||||
char canon[MAX_PRINCIPAL_SIZE];
|
||||
char *realm;
|
||||
|
||||
acl_canonicalize_principal(principal, canon);
|
||||
|
||||
/* Is it there? */
|
||||
if(acl_exact_match(acl, canon)) return(1);
|
||||
|
||||
/* Try the wildcards */
|
||||
realm = index(canon, REALM_SEP);
|
||||
*index(canon, INST_SEP) = '\0'; /* Chuck the instance */
|
||||
|
||||
sprintf(buf, "%s.*%s", canon, realm);
|
||||
if(acl_exact_match(acl, buf)) return(1);
|
||||
|
||||
sprintf(buf, "*.*%s", realm);
|
||||
if(acl_exact_match(acl, buf) || acl_exact_match(acl, "*.*@*")) return(1);
|
||||
|
||||
return(0);
|
||||
}
|
||||
|
||||
/* Adds principal to acl */
|
||||
/* Wildcards are interpreted literally */
|
||||
int
|
||||
acl_add(acl, principal)
|
||||
char *acl;
|
||||
char *principal;
|
||||
{
|
||||
int idx;
|
||||
int i;
|
||||
FILE *new;
|
||||
char canon[MAX_PRINCIPAL_SIZE];
|
||||
|
||||
acl_canonicalize_principal(principal, canon);
|
||||
|
||||
if((new = acl_lock_file(acl)) == NULL) return(-1);
|
||||
if((acl_exact_match(acl, canon))
|
||||
|| (idx = acl_load(acl)) < 0) {
|
||||
acl_abort(acl, new);
|
||||
return(-1);
|
||||
}
|
||||
/* It isn't there yet, copy the file and put it in */
|
||||
for(i = 0; i < acl_cache[idx].acl->size; i++) {
|
||||
if(acl_cache[idx].acl->tbl[i] != NULL) {
|
||||
if(fputs(acl_cache[idx].acl->tbl[i], new) == NULL
|
||||
|| putc('\n', new) != '\n') {
|
||||
acl_abort(acl, new);
|
||||
return(-1);
|
||||
}
|
||||
}
|
||||
}
|
||||
fputs(canon, new);
|
||||
putc('\n', new);
|
||||
return(acl_commit(acl, new));
|
||||
}
|
||||
|
||||
/* Removes principal from acl */
|
||||
/* Wildcards are interpreted literally */
|
||||
int
|
||||
acl_delete(acl, principal)
|
||||
char *acl;
|
||||
char *principal;
|
||||
{
|
||||
int idx;
|
||||
int i;
|
||||
FILE *new;
|
||||
char canon[MAX_PRINCIPAL_SIZE];
|
||||
|
||||
acl_canonicalize_principal(principal, canon);
|
||||
|
||||
if((new = acl_lock_file(acl)) == NULL) return(-1);
|
||||
if((!acl_exact_match(acl, canon))
|
||||
|| (idx = acl_load(acl)) < 0) {
|
||||
acl_abort(acl, new);
|
||||
return(-1);
|
||||
}
|
||||
/* It isn't there yet, copy the file and put it in */
|
||||
for(i = 0; i < acl_cache[idx].acl->size; i++) {
|
||||
if(acl_cache[idx].acl->tbl[i] != NULL
|
||||
&& strcmp(acl_cache[idx].acl->tbl[i], canon)) {
|
||||
fputs(acl_cache[idx].acl->tbl[i], new);
|
||||
putc('\n', new);
|
||||
}
|
||||
}
|
||||
return(acl_commit(acl, new));
|
||||
}
|
||||
|
||||
@@ -1,107 +0,0 @@
|
||||
PROTOTYPE ACL LIBRARY
|
||||
|
||||
Introduction
|
||||
|
||||
An access control list (ACL) is a list of principals, where each
|
||||
principal is is represented by a text string which cannot contain
|
||||
whitespace. The library allows application programs to refer to named
|
||||
access control lists to test membership and to atomically add and
|
||||
delete principals using a natural and intuitive interface. At
|
||||
present, the names of access control lists are required to be Unix
|
||||
filenames, and refer to human-readable Unix files; in the future, when
|
||||
a networked ACL server is implemented, the names may refer to a
|
||||
different namespace specific to the ACL service.
|
||||
|
||||
|
||||
Usage
|
||||
|
||||
cc <files> -lacl -lkrb.
|
||||
|
||||
|
||||
|
||||
Principal Names
|
||||
|
||||
Principal names have the form
|
||||
|
||||
<name>[.<instance>][@<realm>]
|
||||
|
||||
e.g.
|
||||
|
||||
asp
|
||||
asp.root
|
||||
asp@ATHENA.MIT.EDU
|
||||
asp.@ATHENA.MIT.EDU
|
||||
asp.root@ATHENA.MIT.EDU
|
||||
|
||||
It is possible for principals to be underspecified. If instance is
|
||||
missing, it is assumed to be "". If realm is missing, it is assumed
|
||||
to be local_realm. The canonical form contains all of name, instance,
|
||||
and realm; the acl_add and acl_delete routines will always
|
||||
leave the file in that form. Note that the canonical form of
|
||||
asp@ATHENA.MIT.EDU is actually asp.@ATHENA.MIT.EDU.
|
||||
|
||||
|
||||
Routines
|
||||
|
||||
acl_canonicalize_principal(principal, buf)
|
||||
char *principal;
|
||||
char *buf; /*RETVAL*/
|
||||
|
||||
Store the canonical form of principal in buf. Buf must contain enough
|
||||
space to store a principal, given the limits on the sizes of name,
|
||||
instance, and realm specified in /usr/include/krb.h.
|
||||
|
||||
acl_check(acl, principal)
|
||||
char *acl;
|
||||
char *principal;
|
||||
|
||||
Returns nonzero if principal appears in acl. Returns 0 if principal
|
||||
does not appear in acl, or if an error occurs. Canonicalizes
|
||||
principal before checking, and allows the ACL to contain wildcards.
|
||||
|
||||
acl_exact_match(acl, principal)
|
||||
char *acl;
|
||||
char *principal;
|
||||
|
||||
Like acl_check, but does no canonicalization or wildcarding.
|
||||
|
||||
acl_add(acl, principal)
|
||||
char *acl;
|
||||
char *principal;
|
||||
|
||||
Atomically adds principal to acl. Returns 0 if successful, nonzero
|
||||
otherwise. It is considered a failure if principal is already in acl.
|
||||
This routine will canonicalize principal, but will treat wildcards
|
||||
literally.
|
||||
|
||||
acl_delete(acl, principal)
|
||||
char *acl;
|
||||
char *principal;
|
||||
|
||||
Atomically deletes principal from acl. Returns 0 if successful,
|
||||
nonzero otherwise. It is consider a failure if principal is not
|
||||
already in acl. This routine will canonicalize principal, but will
|
||||
treat wildcards literally.
|
||||
|
||||
acl_initialize(acl, mode)
|
||||
char *acl;
|
||||
int mode;
|
||||
|
||||
Initialize acl. If acl file does not exist, creates it with mode
|
||||
mode. If acl exists, removes all members. Returns 0 if successful,
|
||||
nonzero otherwise. WARNING: Mode argument is likely to change with
|
||||
the eventual introduction of an ACL service.
|
||||
|
||||
|
||||
Known problems
|
||||
|
||||
In the presence of concurrency, there is a very small chance that
|
||||
acl_add or acl_delete could report success even though it would have
|
||||
had no effect. This is a necessary side effect of using lock files
|
||||
for concurrency control rather than flock(2), which is not supported
|
||||
by NFS.
|
||||
|
||||
The current implementation caches ACLs in memory in a hash-table
|
||||
format for increased efficiency in checking membership; one effect of
|
||||
the caching scheme is that one file descriptor will be kept open for
|
||||
each ACL cached, up to a maximum of 8.
|
||||
@@ -1,15 +0,0 @@
|
||||
# From: @(#)Makefile 5.1 (Berkeley) 6/25/90
|
||||
# $Id: Makefile,v 1.2 1994/07/19 19:21:23 g89r4222 Exp $
|
||||
|
||||
PROG= compile_et
|
||||
CFLAGS+=-I. -I${.CURDIR}
|
||||
SRCS= compile_et.c error_message.c et_name.c init_et.c perror.c
|
||||
OBJS+= error_table.o
|
||||
DPADD= ${LIBL}
|
||||
LDADD= -ll
|
||||
CLEANFILES=et_lex.lex.c y.tab.c y.tab.h error_table.c
|
||||
NOMAN= noman
|
||||
|
||||
error_table.c: et_lex.lex.c
|
||||
|
||||
.include <bsd.prog.mk>
|
||||
@@ -1,172 +0,0 @@
|
||||
/*
|
||||
*
|
||||
* Copyright 1986, 1987 by MIT Student Information Processing Board
|
||||
* For copyright info, see "Copyright.SIPB".
|
||||
*
|
||||
* $Id: compile_et.c,v 1.2 1994/07/19 19:21:24 g89r4222 Exp $
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <sys/file.h>
|
||||
#include <strings.h>
|
||||
#include <sys/param.h>
|
||||
|
||||
static char copyright[] = "Copyright 1987 by MIT Student Information Processing Board";
|
||||
|
||||
extern char *gensym();
|
||||
extern char *current_token;
|
||||
extern int table_number, current;
|
||||
char buffer[BUFSIZ];
|
||||
char *table_name = (char *)NULL;
|
||||
FILE *hfile, *cfile;
|
||||
|
||||
/* C library */
|
||||
extern char *malloc();
|
||||
extern int errno;
|
||||
|
||||
/* lex stuff */
|
||||
extern FILE *yyin;
|
||||
extern int yylineno;
|
||||
|
||||
/* pathnames */
|
||||
char c_file[MAXPATHLEN]; /* temporary file */
|
||||
char h_file[MAXPATHLEN]; /* output */
|
||||
char o_file[MAXPATHLEN]; /* output */
|
||||
char et_file[MAXPATHLEN]; /* input */
|
||||
|
||||
main(argc, argv)
|
||||
int argc;
|
||||
char **argv;
|
||||
{
|
||||
register char *p;
|
||||
int n_flag = 0, debug = 0;
|
||||
|
||||
while (argc > 2) {
|
||||
register char *arg, ch;
|
||||
arg = argv[--argc];
|
||||
if (strlen(arg) != 2 || arg[0] != '-')
|
||||
goto usage;
|
||||
ch = arg[1];
|
||||
if (ch == 'n')
|
||||
n_flag++;
|
||||
else if (ch == 'd')
|
||||
debug++;
|
||||
else
|
||||
goto usage;
|
||||
}
|
||||
|
||||
if (argc != 2) {
|
||||
usage:
|
||||
fprintf(stderr, "Usage: %s et_file [-n]\n", argv[0]);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
strcpy(et_file, argv[1]);
|
||||
p = rindex(et_file, '/');
|
||||
if (p == (char *)NULL)
|
||||
p = et_file;
|
||||
else
|
||||
p++;
|
||||
p = rindex(p, '.');
|
||||
if (!strcmp(p, ".et"))
|
||||
*++p = '\0';
|
||||
else {
|
||||
if (!p)
|
||||
p = et_file;
|
||||
while (*p)
|
||||
p++;
|
||||
*p++ = '.';
|
||||
*p = '\0';
|
||||
}
|
||||
/* p points at null where suffix should be */
|
||||
strcpy(p, "et.c");
|
||||
strcpy(c_file, et_file);
|
||||
p[0] = 'h';
|
||||
p[1] = '\0';
|
||||
strcpy(h_file, et_file);
|
||||
p[0] = 'o';
|
||||
strcpy(o_file, et_file);
|
||||
p[0] = 'e';
|
||||
p[1] = 't';
|
||||
p[2] = '\0';
|
||||
|
||||
yyin = fopen(et_file, "r");
|
||||
if (!yyin) {
|
||||
perror(et_file);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
hfile = fopen(h_file, "w");
|
||||
if (hfile == (FILE *)NULL) {
|
||||
perror(h_file);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
cfile = fopen(c_file, "w");
|
||||
if (cfile == (FILE *)NULL) {
|
||||
perror("Can't open temp file");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
/* parse it */
|
||||
fputs("#define NULL 0\n", cfile);
|
||||
fputs("static char *_et[] = {\n", cfile);
|
||||
|
||||
yyparse();
|
||||
fclose(yyin); /* bye bye input file */
|
||||
|
||||
fputs("\t(char *)0\n};\n", cfile);
|
||||
fputs("extern int init_error_table();\n\n", cfile);
|
||||
fprintf(cfile, "int %s_err_base = %d;\n\n", table_name, table_number);
|
||||
fprintf(cfile, "int\ninit_%s_err_tbl()\n", table_name);
|
||||
fprintf(cfile, "{\n\treturn(init_error_table(_et, %d, %d));\n}\n",
|
||||
table_number, current);
|
||||
fclose(cfile);
|
||||
|
||||
fputs("extern int init_", hfile);
|
||||
fputs(table_name, hfile);
|
||||
fputs("_err_tbl();\nextern int ", hfile);
|
||||
fputs(table_name, hfile);
|
||||
fputs("_err_base;\n", hfile);
|
||||
fclose(hfile); /* bye bye hfile */
|
||||
|
||||
if (n_flag)
|
||||
exit(0);
|
||||
|
||||
if (!fork()) {
|
||||
p = rindex(c_file, '/');
|
||||
if (p) {
|
||||
*p++ = '\0';
|
||||
chdir(c_file);
|
||||
}
|
||||
else
|
||||
p = c_file;
|
||||
execlp("cc", "cc", "-c", "-R", "-O", p, 0);
|
||||
perror("cc");
|
||||
exit(1);
|
||||
}
|
||||
else wait(0);
|
||||
|
||||
if (!debug)
|
||||
(void) unlink(c_file);
|
||||
/* make it .o file name */
|
||||
c_file[strlen(c_file)-1] = 'o';
|
||||
if (!fork()) {
|
||||
execlp("cp", "cp", c_file, o_file, 0);
|
||||
perror("cp");
|
||||
exit(1);
|
||||
}
|
||||
else wait(0);
|
||||
if (!debug)
|
||||
(void) unlink(c_file);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
||||
yyerror(s)
|
||||
char *s;
|
||||
{
|
||||
fputs(s, stderr);
|
||||
fprintf(stderr, "\nLine number %d; last token was '%s'\n",
|
||||
yylineno, current_token);
|
||||
}
|
||||
@@ -1,77 +0,0 @@
|
||||
/*
|
||||
* Copyright 1987 by the Student Information Processing Board
|
||||
* of the Massachusetts Institute of Technology
|
||||
* For copyright info, see "Copyright.SIPB".
|
||||
*
|
||||
* from: error_message.c,v 1.1 86/11/10 21:34:34 spook Exp $
|
||||
* $Id: error_message.c,v 1.3 1994/09/09 21:43:22 g89r4222 Exp $
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include "error_table.h"
|
||||
extern int sys_nerr;
|
||||
|
||||
static char buffer[25];
|
||||
|
||||
char *
|
||||
error_message(code)
|
||||
int code;
|
||||
{
|
||||
register int offset;
|
||||
register error_table **et;
|
||||
register int table_num;
|
||||
register int div;
|
||||
register char *cp;
|
||||
|
||||
offset = code & ((1<<ERRCODE_RANGE)-1);
|
||||
table_num = code - offset;
|
||||
if ((_et_list == (error_table **)NULL) && table_num)
|
||||
goto oops;
|
||||
if (!table_num) {
|
||||
if (offset < sys_nerr)
|
||||
return(sys_errlist[offset]);
|
||||
else
|
||||
goto oops;
|
||||
}
|
||||
for (et = _et_list; *et != (error_table *)NULL; et++) {
|
||||
if ((*et)->base == table_num) {
|
||||
/* This is the right table */
|
||||
if ((*et)->n_msgs <= offset)
|
||||
goto oops;
|
||||
return((*et)->msgs[offset]);
|
||||
}
|
||||
}
|
||||
oops:
|
||||
cp = buffer;
|
||||
{
|
||||
register char *cp1;
|
||||
for (cp1 = "Unknown code "; *cp1; cp1++, cp++)
|
||||
*cp = *cp1;
|
||||
if (table_num) {
|
||||
for (cp1 = error_table_name(table_num); *cp1; cp1++, cp++)
|
||||
*cp = *cp1;
|
||||
*cp++ = ' ';
|
||||
*cp = '\0';
|
||||
}
|
||||
}
|
||||
div = 1000000000;
|
||||
if (offset == 0) {
|
||||
*cp++ = '0';
|
||||
*cp = '\0';
|
||||
return(buffer);
|
||||
}
|
||||
while (div > offset)
|
||||
div /= 10;
|
||||
do {
|
||||
register int n = offset / div;
|
||||
*cp++ = '0' + n;
|
||||
offset -= n * div;
|
||||
div /= 10;
|
||||
} while (offset && div);
|
||||
while (div) {
|
||||
*cp++ = '0';
|
||||
div /= 10;
|
||||
}
|
||||
*cp = '\0';
|
||||
return(buffer);
|
||||
}
|
||||
@@ -1,17 +0,0 @@
|
||||
#ifndef _ET
|
||||
extern int errno;
|
||||
typedef struct {
|
||||
char **msgs;
|
||||
int base;
|
||||
int n_msgs;
|
||||
} error_table;
|
||||
extern error_table **_et_list;
|
||||
|
||||
#define ERROR_CODE "int" /* type used for error codes */
|
||||
|
||||
#define ERRCODE_RANGE 8 /* # of bits to shift table number */
|
||||
#define BITS_PER_CHAR 6 /* # bits to shift per character in name */
|
||||
|
||||
extern char *error_table_name();
|
||||
#define _ET
|
||||
#endif
|
||||
@@ -1,205 +0,0 @@
|
||||
%{
|
||||
#include <stdio.h>
|
||||
char *str_concat(), *ds(), *quote(), *malloc(), *realloc();
|
||||
char *current_token = (char *)NULL;
|
||||
extern char *table_name;
|
||||
%}
|
||||
%union {
|
||||
char *dynstr;
|
||||
}
|
||||
|
||||
%token ERROR_TABLE ERROR_CODE_ENTRY END
|
||||
%token <dynstr> STRING QUOTED_STRING
|
||||
%type <dynstr> ec_name description table_id
|
||||
%{
|
||||
%}
|
||||
%start error_table
|
||||
%%
|
||||
|
||||
error_table : ERROR_TABLE table_id error_codes END
|
||||
{ table_name = ds($2);
|
||||
current_token = table_name;
|
||||
put_ecs(); }
|
||||
;
|
||||
|
||||
table_id : STRING
|
||||
{ current_token = $1;
|
||||
set_table_num($1);
|
||||
$$ = $1; }
|
||||
;
|
||||
|
||||
error_codes : error_codes ec_entry
|
||||
| ec_entry
|
||||
;
|
||||
|
||||
ec_entry : ERROR_CODE_ENTRY ec_name ',' description
|
||||
{ add_ec($2, $4);
|
||||
free($2);
|
||||
free($4); }
|
||||
| ERROR_CODE_ENTRY ec_name '=' STRING ',' description
|
||||
{ add_ec_val($2, $4, $6);
|
||||
free($2);
|
||||
free($4);
|
||||
free($6);
|
||||
}
|
||||
;
|
||||
|
||||
ec_name : STRING
|
||||
{ $$ = ds($1);
|
||||
current_token = $$; }
|
||||
;
|
||||
|
||||
description : QUOTED_STRING
|
||||
{ $$ = ds($1);
|
||||
current_token = $$; }
|
||||
;
|
||||
|
||||
%%
|
||||
/*
|
||||
* Copyright 1986, 1987 by the MIT Student Information Processing Board
|
||||
* For copyright info, see Copyright.SIPB.
|
||||
*/
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <strings.h>
|
||||
#include <ctype.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/time.h>
|
||||
#include "error_table.h"
|
||||
|
||||
extern FILE *hfile, *cfile;
|
||||
|
||||
static long gensym_n = 0;
|
||||
char *
|
||||
gensym(x)
|
||||
char *x;
|
||||
{
|
||||
char *symbol;
|
||||
if (!gensym_n) {
|
||||
struct timeval tv;
|
||||
struct timezone tzp;
|
||||
gettimeofday(&tv, &tzp);
|
||||
gensym_n = (tv.tv_sec%10000)*100 + tv.tv_usec/10000;
|
||||
}
|
||||
symbol = malloc(32 * sizeof(char));
|
||||
gensym_n++;
|
||||
sprintf(symbol, "et%ld", gensym_n);
|
||||
return(symbol);
|
||||
}
|
||||
|
||||
char *
|
||||
ds(string)
|
||||
char *string;
|
||||
{
|
||||
char *rv;
|
||||
rv = malloc(strlen(string)+1);
|
||||
strcpy(rv, string);
|
||||
return(rv);
|
||||
}
|
||||
|
||||
char *
|
||||
quote(string)
|
||||
char *string;
|
||||
{
|
||||
char *rv;
|
||||
rv = malloc(strlen(string)+3);
|
||||
strcpy(rv, "\"");
|
||||
strcat(rv, string);
|
||||
strcat(rv, "\"");
|
||||
return(rv);
|
||||
}
|
||||
|
||||
int table_number;
|
||||
int current = 0;
|
||||
char **error_codes = (char **)NULL;
|
||||
|
||||
add_ec(name, description)
|
||||
char *name, *description;
|
||||
{
|
||||
fprintf(cfile, "\t\"%s\",\n", description);
|
||||
if (error_codes == (char **)NULL) {
|
||||
error_codes = (char **)malloc(sizeof(char *));
|
||||
*error_codes = (char *)NULL;
|
||||
}
|
||||
error_codes = (char **)realloc((char *)error_codes,
|
||||
(current + 2)*sizeof(char *));
|
||||
error_codes[current++] = ds(name);
|
||||
error_codes[current] = (char *)NULL;
|
||||
}
|
||||
|
||||
add_ec_val(name, val, description)
|
||||
char *name, *val, *description;
|
||||
{
|
||||
int ncurrent = atoi(val);
|
||||
if (ncurrent < current) {
|
||||
printf("Error code %s (%d) out of order", name,
|
||||
current);
|
||||
return;
|
||||
}
|
||||
|
||||
while (ncurrent > current)
|
||||
fputs("\t(char *)NULL,\n", cfile), current++;
|
||||
|
||||
fprintf(cfile, "\t\"%s\",\n", description);
|
||||
if (error_codes == (char **)NULL) {
|
||||
error_codes = (char **)malloc(sizeof(char *));
|
||||
*error_codes = (char *)NULL;
|
||||
}
|
||||
error_codes = (char **)realloc((char *)error_codes,
|
||||
(current + 2)*sizeof(char *));
|
||||
error_codes[current++] = ds(name);
|
||||
error_codes[current] = (char *)NULL;
|
||||
}
|
||||
|
||||
put_ecs()
|
||||
{
|
||||
int i;
|
||||
for (i = 0; i < current; i++) {
|
||||
if (error_codes[i] != (char *)NULL)
|
||||
fprintf(hfile, "#define %-40s ((%s)%d)\n",
|
||||
error_codes[i], ERROR_CODE, table_number + i);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* char_to_num -- maps letters and numbers into a small numbering space
|
||||
* uppercase -> 1-26
|
||||
* lowercase -> 27-52
|
||||
* digits -> 53-62
|
||||
* underscore-> 63
|
||||
*/
|
||||
int
|
||||
char_to_num(c)
|
||||
char c;
|
||||
{
|
||||
if (isupper(c))
|
||||
return(c-'A'+1);
|
||||
else if (islower(c))
|
||||
return(c-'a'+27);
|
||||
else if (isdigit(c))
|
||||
return(c-'0'+53);
|
||||
else {
|
||||
fprintf(stderr, "Illegal character in name: %c\n", c);
|
||||
exit(1);
|
||||
/*NOTREACHED*/
|
||||
}
|
||||
}
|
||||
|
||||
set_table_num(string)
|
||||
char *string;
|
||||
{
|
||||
if (strlen(string) > 4) {
|
||||
fprintf(stderr, "Table name %s too long, truncated ",
|
||||
string);
|
||||
string[4] = '\0';
|
||||
fprintf(stderr, "to %s\n", string);
|
||||
}
|
||||
while (*string != '\0') {
|
||||
table_number = (table_number << BITS_PER_CHAR)
|
||||
+ char_to_num(*string);
|
||||
string++;
|
||||
}
|
||||
table_number = table_number << ERRCODE_RANGE;
|
||||
}
|
||||
|
||||
#include "et_lex.lex.c"
|
||||
@@ -1,29 +0,0 @@
|
||||
%{
|
||||
extern int yylineno;
|
||||
int yylineno = 1;
|
||||
%}
|
||||
|
||||
PC [^\"\n]
|
||||
AN [A-Z_a-z0-9]
|
||||
%%
|
||||
|
||||
error_table return ERROR_TABLE;
|
||||
et return ERROR_TABLE;
|
||||
error_code return ERROR_CODE_ENTRY;
|
||||
ec return ERROR_CODE_ENTRY;
|
||||
end return END;
|
||||
|
||||
[\t ]+ ;
|
||||
\n ++yylineno;
|
||||
|
||||
\"{PC}*\" { register char *p; yylval.dynstr = ds(yytext+1);
|
||||
if (p=rindex(yylval.dynstr, '"')) *p='\0';
|
||||
return QUOTED_STRING;
|
||||
}
|
||||
|
||||
{AN}* { yylval.dynstr = ds(yytext); return STRING; }
|
||||
|
||||
#.*\n ++yylineno;
|
||||
|
||||
. { return (*yytext); }
|
||||
%%
|
||||
@@ -1,44 +0,0 @@
|
||||
/*
|
||||
* Copyright 1987 by MIT Student Information Processing Board
|
||||
* For copyright info, see Copyright.SIPB.
|
||||
*
|
||||
* $Id: et_name.c,v 1.2 1994/07/19 19:21:27 g89r4222 Exp $
|
||||
*/
|
||||
|
||||
#include "error_table.h"
|
||||
|
||||
static char copyright[] = "Copyright 1987 by MIT Student Information Processing Board";
|
||||
|
||||
char *malloc();
|
||||
|
||||
char *
|
||||
error_table_name(num)
|
||||
int num;
|
||||
{
|
||||
register int ch;
|
||||
register int i;
|
||||
register char *buf, *p;
|
||||
|
||||
/* num = aa aaa abb bbb bcc ccc cdd ddd d?? ??? ??? */
|
||||
buf = malloc(5);
|
||||
p = buf;
|
||||
num >>= ERRCODE_RANGE;
|
||||
/* num = ?? ??? ??? aaa aaa bbb bbb ccc ccc ddd ddd */
|
||||
num &= 077777777;
|
||||
/* num = 00 000 000 aaa aaa bbb bbb ccc ccc ddd ddd */
|
||||
for (i = 0; i < 5; i++) {
|
||||
ch = (num >> 24-6*i) & 077;
|
||||
if (ch == 0)
|
||||
continue;
|
||||
else if (ch < 27)
|
||||
*p++ = ch - 1 + 'A';
|
||||
else if (ch < 53)
|
||||
*p++ = ch - 27 + 'a';
|
||||
else if (ch < 63)
|
||||
*p++ = ch - 53 + '0';
|
||||
else /* ch == 63 */
|
||||
*p++ = '_';
|
||||
}
|
||||
return(buf);
|
||||
}
|
||||
|
||||
@@ -1,67 +0,0 @@
|
||||
/*
|
||||
* Copyright 1986 by MIT Information Systems and
|
||||
* MIT Student Information Processing Board
|
||||
* For copyright info, see Copyright.SIPB.
|
||||
*
|
||||
* form: init_et.c,v 1.1 86/11/10 21:42:26 spook Exp $
|
||||
* $Id: init_et.c,v 1.2 1994/07/19 19:21:28 g89r4222 Exp $
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include "error_table.h"
|
||||
|
||||
static char copyright[] = "Copyright 1987 by MIT Student Information Processing Board";
|
||||
|
||||
extern char *malloc(), *realloc();
|
||||
|
||||
/* useful */
|
||||
typedef error_table *etp;
|
||||
typedef etp *etpp;
|
||||
|
||||
etpp _et_list = (etpp)NULL;
|
||||
static int n_allocated = 0, n_used = 0;
|
||||
|
||||
int
|
||||
init_error_table(msgs, base, count)
|
||||
char **msgs;
|
||||
register int base;
|
||||
int count;
|
||||
{
|
||||
register int i;
|
||||
register etp new_et;
|
||||
register etpp list;
|
||||
|
||||
if (!base || !count || !msgs)
|
||||
return;
|
||||
|
||||
new_et = (etp)malloc(sizeof(error_table));
|
||||
new_et->msgs = msgs;
|
||||
new_et->base = base;
|
||||
new_et->n_msgs= count;
|
||||
|
||||
list = _et_list;
|
||||
if (list == (etpp)NULL) {
|
||||
_et_list = (etpp) malloc(10*sizeof(etp));
|
||||
list = _et_list;
|
||||
if (list == (etpp)NULL)
|
||||
return; /* oops */
|
||||
list[0] = new_et;
|
||||
list[1] = (etp)NULL;
|
||||
n_allocated = 10;
|
||||
n_used = 1;
|
||||
return;
|
||||
}
|
||||
for (i = 0; i < n_used; i++)
|
||||
if (list[i]->base == base)
|
||||
return; /* avoid duplicates */
|
||||
if (n_used+2 > n_allocated) {
|
||||
n_allocated += 10; /* don't re-allocate too often */
|
||||
list = (etpp) realloc((char *)list,
|
||||
(unsigned)n_allocated * sizeof(etp));
|
||||
_et_list = list;
|
||||
if (list == (etpp)NULL)
|
||||
return; /* oops */
|
||||
}
|
||||
list[n_used++] = new_et;
|
||||
list[n_used] = (etp)NULL;
|
||||
}
|
||||
@@ -1,76 +0,0 @@
|
||||
/*
|
||||
* Copyright 1987 by MIT Student Information Processing Board
|
||||
* For copyright info, see Copyright.SIPB
|
||||
*
|
||||
* $Id: perror.c,v 1.2 1994/07/19 19:21:30 g89r4222 Exp $
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/uio.h>
|
||||
#include "error_table.h"
|
||||
|
||||
typedef int (*int_func)();
|
||||
|
||||
#if defined(mips) && defined(ultrix)
|
||||
int errno; /* this is needed to keep the loader from complaining */
|
||||
#endif
|
||||
|
||||
int_func com_err_hook = (int_func) NULL;
|
||||
char *error_message();
|
||||
|
||||
void
|
||||
com_err(whoami, code, message)
|
||||
char *whoami;
|
||||
int code;
|
||||
char *message;
|
||||
{
|
||||
struct iovec strings[6];
|
||||
|
||||
if (com_err_hook) {
|
||||
(*com_err_hook)(whoami, code, message);
|
||||
return;
|
||||
}
|
||||
|
||||
strings[0].iov_base = whoami;
|
||||
strings[0].iov_len = strlen(whoami);
|
||||
if (whoami) {
|
||||
strings[1].iov_base = ": ";
|
||||
strings[1].iov_len = 2;
|
||||
} else
|
||||
strings[1].iov_len = 0;
|
||||
if (code) {
|
||||
register char *errmsg = error_message(code);
|
||||
strings[2].iov_base = errmsg;
|
||||
strings[2].iov_len = strlen(errmsg);
|
||||
} else
|
||||
strings[2].iov_len = 0;
|
||||
strings[3].iov_base = " ";
|
||||
strings[3].iov_len = 1;
|
||||
strings[4].iov_base = message;
|
||||
strings[4].iov_len = strlen(message);
|
||||
strings[5].iov_base = "\n";
|
||||
strings[5].iov_len = 1;
|
||||
(void) writev(2, strings, 6);
|
||||
}
|
||||
|
||||
int_func
|
||||
set_com_err_hook(new_proc)
|
||||
int_func new_proc;
|
||||
{
|
||||
register int_func x = com_err_hook;
|
||||
com_err_hook = new_proc;
|
||||
return (x);
|
||||
}
|
||||
|
||||
reset_com_err_hook()
|
||||
{
|
||||
com_err_hook = (int_func) NULL;
|
||||
}
|
||||
|
||||
void
|
||||
perror(msg)
|
||||
register const char *msg;
|
||||
{
|
||||
com_err(msg, errno, (char *)NULL);
|
||||
}
|
||||
@@ -1,43 +0,0 @@
|
||||
#include <stdio.h>
|
||||
#include <errno.h>
|
||||
#include "test1.h"
|
||||
#include "test2.h"
|
||||
char *error_message();
|
||||
extern int sys_nerr, errno;
|
||||
|
||||
main()
|
||||
{
|
||||
printf("\nBefore initiating error table:\n\n");
|
||||
printf("Table name '%s'\n", error_table_name(KRB_MK_AP_TGTEXP));
|
||||
printf("UNIX name '%s'\n", error_table_name(EPERM));
|
||||
printf("Msg TGT-expired is '%s'\n", error_message(KRB_MK_AP_TGTEXP));
|
||||
printf("Msg EPERM is '%s'\n", error_message(EPERM));
|
||||
printf("Msg FOO_ERR is '%s'\n", error_message(FOO_ERR));
|
||||
printf("Msg {sys_nerr-1} is '%s'\n", error_message(sys_nerr-1));
|
||||
printf("Msg {sys_nerr} is '%s'\n", error_message(sys_nerr));
|
||||
|
||||
init_error_table(0, 0, 0);
|
||||
printf("With 0: tgt-expired -> %s\n", error_message(KRB_MK_AP_TGTEXP));
|
||||
|
||||
init_krb_err_tbl();
|
||||
printf("KRB error table initialized: base %d (%s), name %s\n",
|
||||
krb_err_base, error_message(krb_err_base),
|
||||
error_table_name(krb_err_base));
|
||||
printf("With krb: tgt-expired -> %s\n",
|
||||
error_message(KRB_MK_AP_TGTEXP));
|
||||
|
||||
init_quux_err_tbl();
|
||||
printf("QUUX error table initialized: base %d (%s), name %s\n",
|
||||
quux_err_base, error_message(quux_err_base),
|
||||
error_table_name(quux_err_base));
|
||||
|
||||
printf("Msg for TGT-expired is '%s'\n",
|
||||
error_message(KRB_MK_AP_TGTEXP));
|
||||
printf("Msg {sys_nerr-1} is '%s'\n", error_message(sys_nerr-1));
|
||||
printf("Msg FOO_ERR is '%s'\n", error_message(FOO_ERR));
|
||||
printf("Msg KRB_SKDC_CANT is '%s'\n",
|
||||
error_message(KRB_SKDC_CANT));
|
||||
printf("Msg 1e6 is '%s'\n", error_message(1000000));
|
||||
errno = FOO_ERR;
|
||||
perror("FOO_ERR");
|
||||
}
|
||||
@@ -1,69 +0,0 @@
|
||||
error_table krb
|
||||
|
||||
error_code KRB_MK_AP_TKFIL,
|
||||
"Can't read ticket file"
|
||||
|
||||
ec KRB_MK_AP_NOTKT,
|
||||
"Can't find ticket or TGT"
|
||||
|
||||
ec KRB_MK_AP_TGTEXP,
|
||||
"TGT expired"
|
||||
|
||||
ec KRB_RD_AP_UNDEC,
|
||||
"Can't decode authenticator"
|
||||
|
||||
ec KRB_RD_AP_EXP,
|
||||
"Ticket expired"
|
||||
|
||||
ec KRB_RD_AP_REPEAT,
|
||||
"Repeated request"
|
||||
|
||||
ec KRB_RD_AP_NOT_US,
|
||||
"The ticket isn't for us"
|
||||
|
||||
ec KRB_RD_AP_INCON,
|
||||
"Request is inconsistent"
|
||||
|
||||
ec KRB_RD_AP_TIME,
|
||||
"Delta-T too big"
|
||||
|
||||
ec KRB_RD_AP_BADD,
|
||||
"Incorrect net address"
|
||||
|
||||
ec KRB_RD_AP_VERSION,
|
||||
"Protocol version mismatch"
|
||||
|
||||
ec KRB_RD_AP_MSG_TYPE,
|
||||
"Invalid message type"
|
||||
|
||||
ec KRB_RD_AP_MODIFIED,
|
||||
"Message stream modified"
|
||||
|
||||
ec KRB_RD_AP_ORDER,
|
||||
"Message out of order"
|
||||
|
||||
ec KRB_RD_AP_UNAUTHOR,
|
||||
"Unauthorized request"
|
||||
|
||||
ec KRB_GT_PW_NULL,
|
||||
"Current password is null"
|
||||
|
||||
ec KRB_GT_PW_BADPW,
|
||||
"Incorrect current password"
|
||||
|
||||
ec KRB_GT_PW_PROT,
|
||||
"Protocol error"
|
||||
|
||||
ec KRB_GT_PW_KDCERR,
|
||||
"Error returned by KDC"
|
||||
|
||||
ec KRB_GT_PW_NULLTKT,
|
||||
"Null ticket returned by KDC"
|
||||
|
||||
ec KRB_SKDC_RETRY,
|
||||
"Retry count exceeded"
|
||||
|
||||
ec KRB_SKDC_CANT,
|
||||
"Can't send request"
|
||||
|
||||
end
|
||||
@@ -1,9 +0,0 @@
|
||||
error_table quux
|
||||
|
||||
ec FOO_ERR, "foo"
|
||||
|
||||
ec BAR_ERR, "bar"
|
||||
|
||||
ec BAZ_ERR, "meow"
|
||||
|
||||
end
|
||||
@@ -1,15 +0,0 @@
|
||||
# $Id: MISSING,v 1.1.1.1 1994/09/30 14:49:50 csgr Exp $
|
||||
|
||||
The following symbols (you can find in the USA libdes) are still missing
|
||||
in this source.
|
||||
|
||||
_des_cblock_print_file
|
||||
_des_generate_random_block
|
||||
_des_init_random_number_generator
|
||||
_des_new_random_key
|
||||
_des_set_random_generator_seed
|
||||
_des_set_sequence_number
|
||||
_des_debug
|
||||
|
||||
# END
|
||||
|
||||
@@ -1,121 +0,0 @@
|
||||
/* des.h */
|
||||
/* Copyright (C) 1993 Eric Young - see README for more details */
|
||||
|
||||
/*-
|
||||
* $Id: des.h,v 1.2 1994/07/19 19:22:17 g89r4222 Exp $
|
||||
*/
|
||||
|
||||
#ifndef DES_DEFS
|
||||
#define DES_DEFS
|
||||
|
||||
typedef unsigned char des_cblock[8];
|
||||
typedef struct des_ks_struct
|
||||
{
|
||||
union {
|
||||
des_cblock _;
|
||||
/* make sure things are correct size on machines with
|
||||
* 8 byte longs */
|
||||
unsigned long pad[2];
|
||||
} ks;
|
||||
#define _ ks._
|
||||
} des_key_schedule[16];
|
||||
|
||||
#define DES_KEY_SZ (sizeof(des_cblock))
|
||||
#define DES_ENCRYPT 1
|
||||
#define DES_DECRYPT 0
|
||||
|
||||
#define DES_CBC_MODE 0
|
||||
#define DES_PCBC_MODE 1
|
||||
|
||||
#define C_Block des_cblock
|
||||
#define Key_schedule des_key_schedule
|
||||
#define ENCRYPT DES_ENCRYPT
|
||||
#define DECRYPT DES_DECRYPT
|
||||
#define KEY_SZ DES_KEY_SZ
|
||||
#define string_to_key des_string_to_key
|
||||
#define read_pw_string des_read_pw_string
|
||||
#define random_key des_random_key
|
||||
#define pcbc_encrypt des_pcbc_encrypt
|
||||
#define set_key des_set__key
|
||||
#define key_sched des_key_sched
|
||||
#define ecb_encrypt des_ecb_encrypt
|
||||
#define cbc_encrypt des_cbc_encrypt
|
||||
#define cbc_cksum des_cbc_cksum
|
||||
#define quad_cksum des_quad_cksum
|
||||
|
||||
/* For compatibility with the MIT lib - eay 20/05/92 */
|
||||
typedef struct des_ks_struct bit_64;
|
||||
|
||||
extern int des_check_key; /* defaults to false */
|
||||
extern int des_rw_mode; /* defaults to DES_PCBC_MODE */
|
||||
|
||||
/* The next line is used to disable full ANSI prototypes, if your
|
||||
* compiler has problems with the prototypes, make sure this line always
|
||||
* evaluates to true :-) */
|
||||
#if !defined(MSDOS) && !defined(__STDC__)
|
||||
#ifndef KERBEROS
|
||||
int des_3ecb_encrypt();
|
||||
int des_cbc_encrypt();
|
||||
int des_3cbc_encrypt();
|
||||
int des_cfb_encrypt();
|
||||
int des_ecb_encrypt();
|
||||
int des_encrypt();
|
||||
int des_enc_read();
|
||||
int des_enc_write();
|
||||
int des_ofb_encrypt();
|
||||
int des_pcbc_encrypt();
|
||||
int des_random_key();
|
||||
int des_read_password();
|
||||
int des_read_2passwords();
|
||||
int des_read_pw_string();
|
||||
int des_is_weak_key();
|
||||
int des_set__key();
|
||||
int des_key_sched();
|
||||
int des_string_to_key();
|
||||
int des_string_to_2keys();
|
||||
#endif
|
||||
char *crypt();
|
||||
unsigned long des_cbc_cksum();
|
||||
unsigned long des_quad_cksum();
|
||||
unsigned long des_cbc_cksum();
|
||||
void des_set_odd_parity();
|
||||
#else /* PROTO */
|
||||
int des_3ecb_encrypt(des_cblock *input,des_cblock *output,\
|
||||
des_key_schedule ks1,des_key_schedule ks2,int encrypt);
|
||||
unsigned long des_cbc_cksum(des_cblock *input,des_cblock *output,\
|
||||
long length,des_key_schedule schedule,des_cblock *ivec);
|
||||
int des_cbc_encrypt(des_cblock *input,des_cblock *output,long length,\
|
||||
des_key_schedule schedule,des_cblock *ivec,int encrypt);
|
||||
int des_3cbc_encrypt(des_cblock *input,des_cblock *output,long length,\
|
||||
des_key_schedule sk1,des_key_schedule sk2,\
|
||||
des_cblock *ivec1,des_cblock *ivec2,int encrypt);
|
||||
int des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,\
|
||||
long length,des_key_schedule schedule,des_cblock *ivec,int encrypt);
|
||||
int des_ecb_encrypt(des_cblock *input,des_cblock *output,\
|
||||
des_key_schedule ks,int encrypt);
|
||||
int des_encrypt(unsigned long *input,unsigned long *output,
|
||||
des_key_schedule ks, int encrypt);
|
||||
int des_enc_read(int fd,char *buf,int len,des_key_schedule sched,\
|
||||
des_cblock *iv);
|
||||
int des_enc_write(int fd,char *buf,int len,des_key_schedule sched,\
|
||||
des_cblock *iv);
|
||||
char *crypt(char *buf,char *salt);
|
||||
int des_ofb_encrypt(unsigned char *in,unsigned char *out,\
|
||||
int numbits,long length,des_key_schedule schedule,des_cblock *ivec);
|
||||
int des_pcbc_encrypt(des_cblock *input,des_cblock *output,long length,\
|
||||
des_key_schedule schedule,des_cblock *ivec,int encrypt);
|
||||
unsigned long des_quad_cksum(des_cblock *input,des_cblock *output,\
|
||||
long length,int out_count,des_cblock *seed);
|
||||
int des_random_key(des_cblock ret);
|
||||
int des_read_password(des_cblock *key,char *prompt,int verify);
|
||||
int des_read_2passwords(des_cblock *key1,des_cblock *key2, \
|
||||
char *prompt,int verify);
|
||||
int des_read_pw_string(char *buf,int length,char *prompt,int verify);
|
||||
void des_set_odd_parity(des_cblock *key);
|
||||
int des_is_weak_key(des_cblock *key);
|
||||
int des_set__key(des_cblock *key,des_key_schedule schedule);
|
||||
int des_key_sched(des_cblock *key,des_key_schedule schedule);
|
||||
int des_string_to_key(char *str,des_cblock *key);
|
||||
int des_string_to_2keys(char *str,des_cblock *key1,des_cblock *key2);
|
||||
#endif
|
||||
#endif
|
||||
@@ -1,10 +0,0 @@
|
||||
# From: @(#)Makefile 5.1 (Berkeley) 6/25/90
|
||||
# $Id: Makefile,v 1.3 1995/07/18 16:35:54 mark Exp $
|
||||
|
||||
PROG= ext_srvtab
|
||||
CFLAGS+=-DKERBEROS -I${.CURDIR}/../include -Wall
|
||||
DPADD= ${LIBKDB} ${LIBKRB}
|
||||
LDADD+= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -ldes
|
||||
MAN8= ext_srvtab.8
|
||||
|
||||
.include <bsd.prog.mk>
|
||||
@@ -1,62 +0,0 @@
|
||||
.\" from: ext_srvtab.8,v 4.2 89/07/18 16:53:18 jtkohl Exp $
|
||||
.\" $Id: ext_srvtab.8,v 1.1.1.1 1994/09/30 14:50:05 csgr Exp $
|
||||
.\" Copyright 1989 by the Massachusetts Institute of Technology.
|
||||
.\"
|
||||
.\" For copying and distribution information,
|
||||
.\" please see the file <Copyright.MIT>.
|
||||
.\"
|
||||
.TH EXT_SRVTAB 8 "Kerberos Version 4.0" "MIT Project Athena"
|
||||
.SH NAME
|
||||
ext_srvtab \- extract service key files from Kerberos key distribution center database
|
||||
.SH SYNOPSIS
|
||||
ext_srvtab [
|
||||
.B \-n
|
||||
] [
|
||||
.B \-r realm
|
||||
] [
|
||||
.B hostname ...
|
||||
]
|
||||
.SH DESCRIPTION
|
||||
.I ext_srvtab
|
||||
extracts service key files from the Kerberos key distribution center
|
||||
(KDC) database.
|
||||
.PP
|
||||
Upon execution, it prompts the user to enter the master key string for
|
||||
the database. If the
|
||||
.B \-n
|
||||
option is specified, the master key is instead fetched from the master
|
||||
key cache file.
|
||||
.PP
|
||||
For each
|
||||
.I hostname
|
||||
specified on the command line,
|
||||
.I ext_srvtab
|
||||
creates the service key file
|
||||
.IR hostname -new-srvtab,
|
||||
containing all the entries in the database with an instance field of
|
||||
.I hostname.
|
||||
This new file contains all the keys registered for Kerberos-mediated
|
||||
service providing programs which use the
|
||||
.IR krb_get_phost (3)
|
||||
principal and instance conventions to run on the host
|
||||
.IR hostname .
|
||||
If the
|
||||
.B \-r
|
||||
option is specified, the realm fields in the extracted file will
|
||||
match the given realm rather than the local realm.
|
||||
.SH DIAGNOSTICS
|
||||
.TP 20n
|
||||
"verify_master_key: Invalid master key, does not match database."
|
||||
The master key string entered was incorrect.
|
||||
.SH FILES
|
||||
.TP 20n
|
||||
/etc/kerberosIV/principal.db
|
||||
DBM file containing database
|
||||
.TP
|
||||
/etc/kerberosIV/principal.ok
|
||||
Semaphore indicating that the DBM database is not being modified.
|
||||
.TP
|
||||
/etc/kerberosIV/master_key
|
||||
Master key cache file.
|
||||
.SH SEE ALSO
|
||||
read_service_key(3), krb_get_phost(3)
|
||||
@@ -1,176 +0,0 @@
|
||||
/*
|
||||
* Copyright 1987, 1988 by the Massachusetts Institute of Technology.
|
||||
*
|
||||
* from: ext_srvtab.c,v 4.1 89/07/18 16:49:30 jtkohl Exp $
|
||||
* $Id: ext_srvtab.c,v 1.3 1995/07/18 16:35:55 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: ext_srvtab.c,v 1.3 1995/07/18 16:35:55 mark Exp $";
|
||||
#endif lint
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <sys/file.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/wait.h>
|
||||
#include <signal.h>
|
||||
#include <des.h>
|
||||
#include <krb.h>
|
||||
#include <krb_db.h>
|
||||
|
||||
#define TRUE 1
|
||||
#define FALSE 0
|
||||
|
||||
static C_Block master_key;
|
||||
static C_Block session_key;
|
||||
static Key_schedule master_key_schedule;
|
||||
char progname[] = "ext_srvtab";
|
||||
char realm[REALM_SZ];
|
||||
|
||||
void FWrite(char *p, int size, int n, FILE *f);
|
||||
void StampOutSecrets(void);
|
||||
void usage(void);
|
||||
|
||||
int
|
||||
main(argc, argv)
|
||||
int argc;
|
||||
char *argv[];
|
||||
{
|
||||
FILE *fout;
|
||||
char fname[1024];
|
||||
int fopen_errs = 0;
|
||||
int arg;
|
||||
Principal princs[40];
|
||||
int more;
|
||||
int prompt = TRUE;
|
||||
register int n, i;
|
||||
|
||||
bzero(realm, sizeof(realm));
|
||||
|
||||
/* Parse commandline arguments */
|
||||
if (argc < 2)
|
||||
usage();
|
||||
else {
|
||||
for (i = 1; i < argc; i++) {
|
||||
if (strcmp(argv[i], "-n") == 0)
|
||||
prompt = FALSE;
|
||||
else if (strcmp(argv[i], "-r") == 0) {
|
||||
if (++i >= argc)
|
||||
usage();
|
||||
else {
|
||||
strcpy(realm, argv[i]);
|
||||
/*
|
||||
* This is to humor the broken way commandline
|
||||
* argument parsing is done. Later, this
|
||||
* program ignores everything that starts with -.
|
||||
*/
|
||||
argv[i][0] = '-';
|
||||
}
|
||||
}
|
||||
else if (argv[i][0] == '-')
|
||||
usage();
|
||||
else
|
||||
if (!k_isinst(argv[i])) {
|
||||
fprintf(stderr, "%s: bad instance name: %s\n",
|
||||
progname, argv[i]);
|
||||
usage();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (kdb_get_master_key (prompt, master_key, master_key_schedule) != 0) {
|
||||
fprintf (stderr, "Couldn't read master key.\n");
|
||||
fflush (stderr);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (kdb_verify_master_key (master_key, master_key_schedule, stderr) < 0) {
|
||||
exit(1);
|
||||
}
|
||||
|
||||
/* For each arg, search for instances of arg, and produce */
|
||||
/* srvtab file */
|
||||
if (!realm[0])
|
||||
if (krb_get_lrealm(realm, 1) != KSUCCESS) {
|
||||
fprintf(stderr, "%s: couldn't get local realm\n", progname);
|
||||
exit(1);
|
||||
}
|
||||
(void) umask(077);
|
||||
|
||||
for (arg = 1; arg < argc; arg++) {
|
||||
if (argv[arg][0] == '-')
|
||||
continue;
|
||||
sprintf(fname, "%s-new-srvtab", argv[arg]);
|
||||
if ((fout = fopen(fname, "w")) == NULL) {
|
||||
fprintf(stderr, "Couldn't create file '%s'.\n", fname);
|
||||
fopen_errs++;
|
||||
continue;
|
||||
}
|
||||
printf("Generating '%s'....\n", fname);
|
||||
n = kerb_get_principal("*", argv[arg], &princs[0], 40, &more);
|
||||
if (more)
|
||||
fprintf(stderr, "More than 40 found...\n");
|
||||
for (i = 0; i < n; i++) {
|
||||
FWrite(princs[i].name, strlen(princs[i].name) + 1, 1, fout);
|
||||
FWrite(princs[i].instance, strlen(princs[i].instance) + 1,
|
||||
1, fout);
|
||||
FWrite(realm, strlen(realm) + 1, 1, fout);
|
||||
FWrite(&princs[i].key_version,
|
||||
sizeof(princs[i].key_version), 1, fout);
|
||||
bcopy(&princs[i].key_low, session_key, sizeof(long));
|
||||
bcopy(&princs[i].key_high, session_key + sizeof(long),
|
||||
sizeof(long));
|
||||
kdb_encrypt_key (session_key, session_key,
|
||||
master_key, master_key_schedule, DES_DECRYPT);
|
||||
FWrite(session_key, sizeof session_key, 1, fout);
|
||||
}
|
||||
fclose(fout);
|
||||
}
|
||||
|
||||
StampOutSecrets();
|
||||
|
||||
exit(fopen_errs); /* 0 errors if successful */
|
||||
|
||||
}
|
||||
|
||||
void
|
||||
Die()
|
||||
{
|
||||
StampOutSecrets();
|
||||
exit(1);
|
||||
}
|
||||
|
||||
void
|
||||
FWrite(p, size, n, f)
|
||||
char *p;
|
||||
int size;
|
||||
int n;
|
||||
FILE *f;
|
||||
{
|
||||
if (fwrite(p, size, n, f) != n) {
|
||||
printf("Error writing output file. Terminating.\n");
|
||||
Die();
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
StampOutSecrets()
|
||||
{
|
||||
bzero(master_key, sizeof master_key);
|
||||
bzero(session_key, sizeof session_key);
|
||||
bzero(master_key_schedule, sizeof master_key_schedule);
|
||||
}
|
||||
|
||||
void
|
||||
usage()
|
||||
{
|
||||
fprintf(stderr,
|
||||
"Usage: %s [-n] [-r realm] instance [instance ...]\n", progname);
|
||||
exit(1);
|
||||
}
|
||||
@@ -1,138 +0,0 @@
|
||||
/*
|
||||
* Copyright 1988 by the Massachusetts Institute of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* Definitions for Kerberos administration server & client
|
||||
*
|
||||
* from: kadm.h,v 4.2 89/09/26 09:15:20 jtkohl Exp $
|
||||
* $Id: kadm.h,v 1.2 1994/07/19 19:23:09 g89r4222 Exp $
|
||||
*/
|
||||
|
||||
#ifndef KADM_DEFS
|
||||
#define KADM_DEFS
|
||||
|
||||
/*
|
||||
* kadm.h
|
||||
* Header file for the fourth attempt at an admin server
|
||||
* Doug Church, December 28, 1989, MIT Project Athena
|
||||
*/
|
||||
|
||||
/* for those broken Unixes without this defined... should be in sys/param.h */
|
||||
#ifndef MAXHOSTNAMELEN
|
||||
#define MAXHOSTNAMELEN 64
|
||||
#endif
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <netinet/in.h>
|
||||
#include <krb.h>
|
||||
#include <des.h>
|
||||
|
||||
/* The global structures for the client and server */
|
||||
typedef struct {
|
||||
struct sockaddr_in admin_addr;
|
||||
struct sockaddr_in my_addr;
|
||||
int my_addr_len;
|
||||
int admin_fd; /* file descriptor for link to admin server */
|
||||
char sname[ANAME_SZ]; /* the service name */
|
||||
char sinst[INST_SZ]; /* the services instance */
|
||||
char krbrlm[REALM_SZ];
|
||||
} Kadm_Client;
|
||||
|
||||
typedef struct { /* status of the server, i.e the parameters */
|
||||
int inter; /* Space for command line flags */
|
||||
char *sysfile; /* filename of server */
|
||||
} admin_params; /* Well... it's the admin's parameters */
|
||||
|
||||
/* Largest password length to be supported */
|
||||
#define MAX_KPW_LEN 128
|
||||
|
||||
/* Largest packet the admin server will ever allow itself to return */
|
||||
#define KADM_RET_MAX 2048
|
||||
|
||||
/* That's right, versions are 8 byte strings */
|
||||
#define KADM_VERSTR "KADM0.0A"
|
||||
#define KADM_ULOSE "KYOULOSE" /* sent back when server can't
|
||||
decrypt client's msg */
|
||||
#define KADM_VERSIZE strlen(KADM_VERSTR)
|
||||
|
||||
/* the lookups for the server instances */
|
||||
#define PWSERV_NAME "changepw"
|
||||
#define KADM_SNAME "kerberos_master"
|
||||
#define KADM_SINST "kerberos"
|
||||
|
||||
/* Attributes fields constants and macros */
|
||||
#define ALLOC 2
|
||||
#define RESERVED 3
|
||||
#define DEALLOC 4
|
||||
#define DEACTIVATED 5
|
||||
#define ACTIVE 6
|
||||
|
||||
/* Kadm_vals structure for passing db fields into the server routines */
|
||||
#define FLDSZ 4
|
||||
|
||||
typedef struct {
|
||||
u_char fields[FLDSZ]; /* The active fields in this struct */
|
||||
char name[ANAME_SZ];
|
||||
char instance[INST_SZ];
|
||||
unsigned long key_low;
|
||||
unsigned long key_high;
|
||||
unsigned long exp_date;
|
||||
unsigned short attributes;
|
||||
unsigned char max_life;
|
||||
} Kadm_vals; /* The basic values structure in Kadm */
|
||||
|
||||
/* Kadm_vals structure for passing db fields into the server routines */
|
||||
#define FLDSZ 4
|
||||
|
||||
/* Need to define fields types here */
|
||||
#define KADM_NAME 31
|
||||
#define KADM_INST 30
|
||||
#define KADM_EXPDATE 29
|
||||
#define KADM_ATTR 28
|
||||
#define KADM_MAXLIFE 27
|
||||
#define KADM_DESKEY 26
|
||||
|
||||
/* To set a field entry f in a fields structure d */
|
||||
#define SET_FIELD(f,d) (d[3-(f/8)]|=(1<<(f%8)))
|
||||
|
||||
/* To set a field entry f in a fields structure d */
|
||||
#define CLEAR_FIELD(f,d) (d[3-(f/8)]&=(~(1<<(f%8))))
|
||||
|
||||
/* Is field f in fields structure d */
|
||||
#define IS_FIELD(f,d) (d[3-(f/8)]&(1<<(f%8)))
|
||||
|
||||
/* Various return codes */
|
||||
#define KADM_SUCCESS 0
|
||||
|
||||
#define WILDCARD_STR "*"
|
||||
|
||||
enum acl_types {
|
||||
ADDACL,
|
||||
GETACL,
|
||||
MODACL
|
||||
};
|
||||
|
||||
/* Various opcodes for the admin server's functions */
|
||||
#define CHANGE_PW 2
|
||||
#define ADD_ENT 3
|
||||
#define MOD_ENT 4
|
||||
#define GET_ENT 5
|
||||
|
||||
extern long kdb_get_master_key(); /* XXX should be in krb_db.h */
|
||||
extern long kdb_verify_master_key(); /* XXX ditto */
|
||||
|
||||
extern long krb_mk_priv(), krb_rd_priv(); /* XXX should be in krb.h */
|
||||
extern void krb_set_tkt_string(); /* XXX ditto */
|
||||
|
||||
extern unsigned long quad_cksum(); /* XXX should be in des.h */
|
||||
|
||||
/* XXX This doesn't belong here!!! */
|
||||
char *malloc(), *realloc();
|
||||
#ifdef POSIX
|
||||
typedef void sigtype;
|
||||
#else
|
||||
typedef int sigtype;
|
||||
#endif
|
||||
|
||||
#endif KADM_DEFS
|
||||
@@ -1,20 +0,0 @@
|
||||
/*
|
||||
Copyright (C) 1989 by the Massachusetts Institute of Technology
|
||||
|
||||
Export of this software from the United States of America is assumed
|
||||
to require a specific license from the United States Government.
|
||||
It is the responsibility of any person or organization contemplating
|
||||
export to obtain such a license before exporting.
|
||||
|
||||
WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
|
||||
distribute this software and its documentation for any purpose and
|
||||
without fee is hereby granted, provided that the above copyright
|
||||
notice appear in all copies and that both that copyright notice and
|
||||
this permission notice appear in supporting documentation, and that
|
||||
the name of M.I.T. not be used in advertising or publicity pertaining
|
||||
to distribution of the software without specific, written prior
|
||||
permission. M.I.T. makes no representations about the suitability of
|
||||
this software for any purpose. It is provided "as is" without express
|
||||
or implied warranty.
|
||||
|
||||
*/
|
||||
@@ -1,8 +0,0 @@
|
||||
# $Id$
|
||||
|
||||
To re-create this directory from outside the US, take the Makefile
|
||||
(provided), get the two source files from the original eBones distribution,
|
||||
do a `perl -spi.bak -e 's/\$(Header[^\$])\$/$1/g' *.{c,ct}', and then
|
||||
edit the #includes in kadmin.c to make things compile.
|
||||
|
||||
Unfortunately, this program is not exportable.
|
||||
@@ -1,19 +0,0 @@
|
||||
# $Id: Makefile,v 1.1 1995/07/18 16:36:53 mark Exp $
|
||||
|
||||
BINDIR= /usr/bin
|
||||
PROG= kadmin
|
||||
SRCS= kadmin.c kadmin_cmds.c
|
||||
CLEANFILES+= kadmin_cmds.c
|
||||
CFLAGS+= -DPOSIX -I${.CURDIR}/../include -I${KRBOBJDIR}
|
||||
CFLAGS+= -I${.CURDIR}/../libkadm -Wall
|
||||
LDADD+= -L${KADMOBJDIR} -lkadm -L${KRBOBJDIR} -lkrb -ldes
|
||||
LDADD+= -lss -lcom_err
|
||||
MAN8= kadmin.8
|
||||
|
||||
kadmin_cmds.c: kadmin_cmds.ct
|
||||
test -e kadmin_cmds.ct || ln -s ${.CURDIR}/kadmin_cmds.ct .
|
||||
mk_cmds kadmin_cmds.ct
|
||||
|
||||
.include <bsd.prog.mk>
|
||||
|
||||
|
||||
@@ -1,158 +0,0 @@
|
||||
.\" from: kadmin.8,v 4.2 89/07/25 17:20:02 jtkohl Exp $
|
||||
.\" $Id: kadmin.8,v 1.2 1994/07/19 19:27:22 g89r4222 Exp $
|
||||
.\" Copyright 1989 by the Massachusetts Institute of Technology.
|
||||
.\"
|
||||
.\" For copying and distribution information,
|
||||
.\" please see the file <Copyright.MIT>.
|
||||
.\"
|
||||
.TH KADMIN 8 "Kerberos Version 4.0" "MIT Project Athena"
|
||||
.SH NAME
|
||||
kadmin \- network utility for Kerberos database administration
|
||||
.SH SYNOPSIS
|
||||
.B kadmin [-u user] [-r default_realm] [-m]
|
||||
.SH DESCRIPTION
|
||||
This utility provides a unified administration interface to
|
||||
the
|
||||
Kerberos
|
||||
master database.
|
||||
Kerberos
|
||||
administrators
|
||||
use
|
||||
.I kadmin
|
||||
to register new users and services to the master database,
|
||||
and to change information about existing database entries.
|
||||
For instance, an administrator can use
|
||||
.I kadmin
|
||||
to change a user's
|
||||
Kerberos
|
||||
password.
|
||||
A Kerberos administrator is a user with an ``admin'' instance
|
||||
whose name appears on one of the Kerberos administration access control
|
||||
lists. If the \-u option is used,
|
||||
.I user
|
||||
will be used as the administrator instead of the local user.
|
||||
If the \-r option is used,
|
||||
.I default_realm
|
||||
will be used as the default realm for transactions. Otherwise,
|
||||
the local realm will be used by default.
|
||||
If the \-m option is used, multiple requests will be permitted
|
||||
on only one entry of the admin password. Some sites won't
|
||||
support this option.
|
||||
|
||||
The
|
||||
.I kadmin
|
||||
program communicates over the network with the
|
||||
.I kadmind
|
||||
program, which runs on the machine housing the Kerberos master
|
||||
database.
|
||||
The
|
||||
.I kadmind
|
||||
creates new entries and makes modifications to the database.
|
||||
|
||||
When you enter the
|
||||
.I kadmin
|
||||
command,
|
||||
the program displays a message that welcomes you and explains
|
||||
how to ask for help.
|
||||
Then
|
||||
.I kadmin
|
||||
waits for you to enter commands (which are described below).
|
||||
It then asks you for your
|
||||
.I admin
|
||||
password before accessing the database.
|
||||
|
||||
Use the
|
||||
.I add_new_key
|
||||
(or
|
||||
.I ank
|
||||
for short)
|
||||
command to register a new principal
|
||||
with the master database.
|
||||
The command requires one argument,
|
||||
the principal's name. The name
|
||||
given can be fully qualified using
|
||||
the standard
|
||||
.I name.instance@realm
|
||||
convention.
|
||||
You are asked to enter your
|
||||
.I admin
|
||||
password,
|
||||
then prompted twice to enter the principal's
|
||||
new password. If no realm is specified,
|
||||
the local realm is used unless another was
|
||||
given on the commandline with the \-r flag.
|
||||
If no instance is
|
||||
specified, a null instance is used. If
|
||||
a realm other than the default realm is specified,
|
||||
you will need to supply your admin password for
|
||||
the other realm.
|
||||
|
||||
Use the
|
||||
.I change_password (cpw)
|
||||
to change a principal's
|
||||
Kerberos
|
||||
password.
|
||||
The command requires one argument,
|
||||
the principal's
|
||||
name.
|
||||
You are asked to enter your
|
||||
.I admin
|
||||
password,
|
||||
then prompted twice to enter the principal's new password.
|
||||
The name
|
||||
given can be fully qualified using
|
||||
the standard
|
||||
.I name.instance@realm
|
||||
convention.
|
||||
|
||||
Use the
|
||||
.I change_admin_password (cap)
|
||||
to change your
|
||||
.I admin
|
||||
instance password.
|
||||
This command requires no arguments.
|
||||
It prompts you for your old
|
||||
.I admin
|
||||
password, then prompts you twice to enter the new
|
||||
.I admin
|
||||
password. If this is your first command,
|
||||
the default realm is used. Otherwise, the realm
|
||||
used in the last command is used.
|
||||
|
||||
Use the
|
||||
.I destroy_tickets (dest)
|
||||
command to destroy your admin tickets explicitly.
|
||||
|
||||
Use the
|
||||
.I list_requests (lr)
|
||||
command to get a list of possible commands.
|
||||
|
||||
Use the
|
||||
.I help
|
||||
command to display
|
||||
.IR kadmin's
|
||||
various help messages.
|
||||
If entered without an argument,
|
||||
.I help
|
||||
displays a general help message.
|
||||
You can get detailed information on specific
|
||||
.I kadmin
|
||||
commands
|
||||
by entering
|
||||
.I help
|
||||
.IR command_name .
|
||||
|
||||
To quit the program, type
|
||||
.IR quit .
|
||||
|
||||
.SH BUGS
|
||||
The user interface is primitive, and the command names could be better.
|
||||
|
||||
.SH "SEE ALSO"
|
||||
kerberos(1), kadmind(8), kpasswd(1), ksrvutil(8)
|
||||
.br
|
||||
``A Subsystem Utilities Package for UNIX'' by Ken Raeburn
|
||||
.SH AUTHORS
|
||||
Jeffrey I. Schiller, MIT Project Athena
|
||||
.br
|
||||
Emanuel Jay Berkenbilt, MIT Project Athena
|
||||
@@ -1,636 +0,0 @@
|
||||
/*
|
||||
* $Source: /usr/cvs/src/eBones/kadmin/kadmin.c,v $
|
||||
* $Author: mark $
|
||||
*
|
||||
* Copyright 1988 by the Massachusetts Institute of Technology.
|
||||
*
|
||||
* For copying and distribution information, please see the file
|
||||
* Copyright.MIT.
|
||||
*
|
||||
* Kerberos database administrator's tool.
|
||||
*
|
||||
* The default behavior of kadmin is if the -m option is given
|
||||
* on the commandline, multiple requests are allowed to be given
|
||||
* with one entry of the admin password (until the tickets expire).
|
||||
* If you do not want this to be an available option, compile with
|
||||
* NO_MULTIPLE defined.
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid_kadmin_c[] =
|
||||
"BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadmin.c,v 4.5 89/09/26 14:17:54 qjb Exp ";
|
||||
#endif lint
|
||||
#endif
|
||||
|
||||
#include <unistd.h>
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <time.h>
|
||||
#include <sys/param.h>
|
||||
#include <pwd.h>
|
||||
#include <ss/ss.h>
|
||||
#include <com_err.h>
|
||||
#include <krb_err.h>
|
||||
#include <kadm.h>
|
||||
|
||||
#define BAD_PW 1
|
||||
#define GOOD_PW 0
|
||||
#define FUDGE_VALUE 15 /* for ticket expiration time */
|
||||
#define PE_NO 0
|
||||
#define PE_YES 1
|
||||
#define PE_UNSURE 2
|
||||
|
||||
/* for get_password, whether it should do the swapping...necessary for
|
||||
using vals structure, unnecessary for change_pw requests */
|
||||
#define DONTSWAP 0
|
||||
#define SWAP 1
|
||||
|
||||
static void do_init(int argc, char *argv[]);
|
||||
void clean_up(void);
|
||||
int get_password(unsigned long *low, unsigned long *high, char *prompt,
|
||||
int byteswap);
|
||||
int get_admin_password(void);
|
||||
int princ_exists(char *name, char *instance, char *realm);
|
||||
|
||||
extern ss_request_table admin_cmds;
|
||||
|
||||
static char myname[ANAME_SZ];
|
||||
static char default_realm[REALM_SZ]; /* default kerberos realm */
|
||||
static char krbrlm[REALM_SZ]; /* current realm being administered */
|
||||
#ifndef NO_MULTIPLE
|
||||
static int multiple = 0; /* Allow multiple requests per ticket */
|
||||
#endif
|
||||
|
||||
int
|
||||
main(argc, argv)
|
||||
int argc;
|
||||
char *argv[];
|
||||
{
|
||||
int sci_idx;
|
||||
int code;
|
||||
char tktstring[MAXPATHLEN];
|
||||
|
||||
void quit();
|
||||
|
||||
sci_idx = ss_create_invocation("admin", "2.0", (char *) NULL,
|
||||
&admin_cmds, &code);
|
||||
if (code) {
|
||||
ss_perror(sci_idx, code, "creating invocation");
|
||||
exit(1);
|
||||
}
|
||||
(void) sprintf(tktstring, "/tmp/tkt_adm_%d",getpid());
|
||||
krb_set_tkt_string(tktstring);
|
||||
|
||||
do_init(argc, argv);
|
||||
|
||||
printf("Welcome to the Kerberos Administration Program, version 2\n");
|
||||
printf("Type \"help\" if you need it.\n");
|
||||
ss_listen(sci_idx, &code);
|
||||
printf("\n");
|
||||
quit();
|
||||
exit(0);
|
||||
}
|
||||
|
||||
int
|
||||
setvals(vals, string)
|
||||
Kadm_vals *vals;
|
||||
char *string;
|
||||
{
|
||||
char realm[REALM_SZ];
|
||||
int status = KADM_SUCCESS;
|
||||
|
||||
bzero(vals, sizeof(*vals));
|
||||
bzero(realm, sizeof(realm));
|
||||
|
||||
SET_FIELD(KADM_NAME,vals->fields);
|
||||
SET_FIELD(KADM_INST,vals->fields);
|
||||
if ((status = kname_parse(vals->name, vals->instance, realm, string))) {
|
||||
printf("kerberos error: %s\n", krb_err_txt[status]);
|
||||
return status;
|
||||
}
|
||||
if (!realm[0])
|
||||
strcpy(realm, default_realm);
|
||||
if (strcmp(realm, krbrlm)) {
|
||||
strcpy(krbrlm, realm);
|
||||
if ((status = kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm))
|
||||
!= KADM_SUCCESS)
|
||||
printf("kadm error for realm %s: %s\n",
|
||||
krbrlm, error_message(status));
|
||||
}
|
||||
if (status)
|
||||
return 1;
|
||||
else
|
||||
return KADM_SUCCESS;
|
||||
}
|
||||
|
||||
void
|
||||
change_password(argc, argv)
|
||||
int argc;
|
||||
char *argv[];
|
||||
{
|
||||
Kadm_vals old, new;
|
||||
int status;
|
||||
char pw_prompt[BUFSIZ];
|
||||
|
||||
if (argc != 2) {
|
||||
printf("Usage: change_password loginname\n");
|
||||
return;
|
||||
}
|
||||
|
||||
if (setvals(&old, argv[1]) != KADM_SUCCESS)
|
||||
return;
|
||||
|
||||
new = old;
|
||||
|
||||
SET_FIELD(KADM_DESKEY,new.fields);
|
||||
|
||||
if (princ_exists(old.name, old.instance, krbrlm) != PE_NO) {
|
||||
/* get the admin's password */
|
||||
if (get_admin_password() != GOOD_PW)
|
||||
return;
|
||||
|
||||
/* get the new password */
|
||||
(void) sprintf(pw_prompt, "New password for %s:", argv[1]);
|
||||
|
||||
if (get_password(&new.key_low, &new.key_high,
|
||||
pw_prompt, SWAP) == GOOD_PW) {
|
||||
status = kadm_mod(&old, &new);
|
||||
if (status == KADM_SUCCESS) {
|
||||
printf("Password changed for %s.\n", argv[1]);
|
||||
} else {
|
||||
printf("kadmin: %s\nwhile changing password for %s",
|
||||
error_message(status), argv[1]);
|
||||
}
|
||||
} else
|
||||
printf("Error reading password; password unchanged\n");
|
||||
bzero((char *)&new, sizeof(new));
|
||||
#ifndef NO_MULTIPLE
|
||||
if (!multiple)
|
||||
clean_up();
|
||||
#endif
|
||||
}
|
||||
else
|
||||
printf("kadmin: Principal does not exist.\n");
|
||||
return;
|
||||
}
|
||||
|
||||
/*ARGSUSED*/
|
||||
void
|
||||
change_admin_password(argc, argv)
|
||||
int argc;
|
||||
char *argv[];
|
||||
{
|
||||
des_cblock newkey;
|
||||
unsigned long low, high;
|
||||
int status;
|
||||
char prompt_pw[BUFSIZ];
|
||||
|
||||
if (argc != 1) {
|
||||
printf("Usage: change_admin_password\n");
|
||||
return;
|
||||
}
|
||||
/* get the admin's password */
|
||||
if (get_admin_password() != GOOD_PW)
|
||||
return;
|
||||
|
||||
(void) sprintf(prompt_pw, "New password for %s.admin:",myname);
|
||||
if (get_password(&low, &high, prompt_pw, DONTSWAP) == GOOD_PW) {
|
||||
bcopy((char *)&low,(char *) newkey,4);
|
||||
bcopy((char *)&high, (char *)(((long *) newkey) + 1),4);
|
||||
low = high = 0L;
|
||||
if ((status = kadm_change_pw(newkey)) == KADM_SUCCESS)
|
||||
printf("Admin password changed\n");
|
||||
else
|
||||
printf("kadm error: %s\n",error_message(status));
|
||||
bzero((char *)newkey, sizeof(newkey));
|
||||
} else
|
||||
printf("Error reading password; password unchanged\n");
|
||||
#ifndef NO_MULTIPLE
|
||||
if (!multiple)
|
||||
clean_up();
|
||||
#endif
|
||||
return;
|
||||
}
|
||||
|
||||
void
|
||||
add_new_key(argc, argv)
|
||||
int argc;
|
||||
char *argv[];
|
||||
{
|
||||
Kadm_vals new;
|
||||
char pw_prompt[BUFSIZ];
|
||||
int status;
|
||||
|
||||
if (argc != 2) {
|
||||
printf("Usage: add_new_key user_name.\n");
|
||||
return;
|
||||
}
|
||||
if (setvals(&new, argv[1]) != KADM_SUCCESS)
|
||||
return;
|
||||
|
||||
SET_FIELD(KADM_DESKEY,new.fields);
|
||||
|
||||
if (princ_exists(new.name, new.instance, krbrlm) != PE_YES) {
|
||||
/* get the admin's password */
|
||||
if (get_admin_password() != GOOD_PW)
|
||||
return;
|
||||
|
||||
/* get the new password */
|
||||
(void) sprintf(pw_prompt, "Password for %s:", argv[1]);
|
||||
|
||||
if (get_password(&new.key_low, &new.key_high,
|
||||
pw_prompt, SWAP) == GOOD_PW) {
|
||||
status = kadm_add(&new);
|
||||
if (status == KADM_SUCCESS) {
|
||||
printf("%s added to database.\n", argv[1]);
|
||||
} else {
|
||||
printf("kadm error: %s\n",error_message(status));
|
||||
}
|
||||
} else
|
||||
printf("Error reading password; %s not added\n",argv[1]);
|
||||
bzero((char *)&new, sizeof(new));
|
||||
#ifndef NO_MULTIPLE
|
||||
if (!multiple)
|
||||
clean_up();
|
||||
#endif
|
||||
}
|
||||
else
|
||||
printf("kadmin: Principal already exists.\n");
|
||||
return;
|
||||
}
|
||||
|
||||
void
|
||||
get_entry(argc, argv)
|
||||
int argc;
|
||||
char *argv[];
|
||||
{
|
||||
int status;
|
||||
u_char fields[4];
|
||||
Kadm_vals vals;
|
||||
|
||||
if (argc != 2) {
|
||||
printf("Usage: get_entry username\n");
|
||||
return;
|
||||
}
|
||||
|
||||
bzero(fields, sizeof(fields));
|
||||
|
||||
SET_FIELD(KADM_NAME,fields);
|
||||
SET_FIELD(KADM_INST,fields);
|
||||
SET_FIELD(KADM_EXPDATE,fields);
|
||||
SET_FIELD(KADM_ATTR,fields);
|
||||
SET_FIELD(KADM_MAXLIFE,fields);
|
||||
|
||||
if (setvals(&vals, argv[1]) != KADM_SUCCESS)
|
||||
return;
|
||||
|
||||
|
||||
if (princ_exists(vals.name, vals.instance, krbrlm) != PE_NO) {
|
||||
/* get the admin's password */
|
||||
if (get_admin_password() != GOOD_PW)
|
||||
return;
|
||||
|
||||
if ((status = kadm_get(&vals, fields)) == KADM_SUCCESS)
|
||||
prin_vals(&vals);
|
||||
else
|
||||
printf("kadm error: %s\n",error_message(status));
|
||||
|
||||
#ifndef NO_MULTIPLE
|
||||
if (!multiple)
|
||||
clean_up();
|
||||
#endif
|
||||
}
|
||||
else
|
||||
printf("kadmin: Principal does not exist.\n");
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
help(argc, argv)
|
||||
int argc;
|
||||
char *argv[];
|
||||
{
|
||||
if (argc == 1) {
|
||||
printf("Welcome to the Kerberos administration program.");
|
||||
printf("Type \"?\" to get\n");
|
||||
printf("a list of requests that are available. You can");
|
||||
printf(" get help on each of\n");
|
||||
printf("the commands by typing \"help command_name\".");
|
||||
printf(" Some functions of this\n");
|
||||
printf("program will require an \"admin\" password");
|
||||
printf(" from you. This is a password\n");
|
||||
printf("private to you, that is used to authenticate");
|
||||
printf(" requests from this\n");
|
||||
printf("program. You can change this password with");
|
||||
printf(" the \"change_admin_password\"\n");
|
||||
printf("(or short form \"cap\") command. Good Luck! \n");
|
||||
} else if (!strcmp(argv[1], "change_password") ||
|
||||
!strcmp(argv[1], "cpw")) {
|
||||
printf("Usage: change_password user_name.\n");
|
||||
printf("\n");
|
||||
printf("user_name is the name of the user whose password");
|
||||
printf(" you wish to change. \n");
|
||||
printf("His/her password is changed in the kerberos database\n");
|
||||
printf("When this command is issued, first the \"Admin\"");
|
||||
printf(" password will be prompted\n");
|
||||
printf("for and if correct the user's new password will");
|
||||
printf(" be prompted for (twice with\n");
|
||||
printf("appropriate comparison). Note: No minimum password");
|
||||
printf(" length restrictions apply, but\n");
|
||||
printf("longer passwords are more secure.\n");
|
||||
} else if (!strcmp(argv[1], "change_admin_password") ||
|
||||
!strcmp(argv[1], "cap")) {
|
||||
printf("Usage: change_admin_password.\n");
|
||||
printf("\n");
|
||||
printf("This command takes no arguments and is used");
|
||||
printf(" to change your private\n");
|
||||
printf("\"Admin\" password. It will first prompt for");
|
||||
printf(" the (current) \"Admin\"\n");
|
||||
printf("password and then ask for the new password");
|
||||
printf(" by prompting:\n");
|
||||
printf("\n");
|
||||
printf("New password for <Your User Name>.admin:\n");
|
||||
printf("\n");
|
||||
printf("Enter the new admin password that you desire");
|
||||
printf(" (it will be asked for\n");
|
||||
printf("twice to avoid errors).\n");
|
||||
} else if (!strcmp(argv[1], "add_new_key") ||
|
||||
!strcmp(argv[1], "ank")) {
|
||||
printf("Usage: add_new_key user_name.\n");
|
||||
printf("\n");
|
||||
printf("user_name is the name of a new user to put");
|
||||
printf(" in the kerberos database. Your\n");
|
||||
printf("\"Admin\" password and the user's password");
|
||||
printf(" are prompted for. The user's\n");
|
||||
printf("password will be asked for");
|
||||
printf(" twice to avoid errors.\n");
|
||||
} else if (!strcmp(argv[1], "get_entry") ||
|
||||
!strcmp(argv[1], "get")) {
|
||||
printf("Usage: get_entry user_name.\n");
|
||||
printf("\n");
|
||||
printf("user_name is the name of a user whose");
|
||||
printf(" entry you wish to review. Your\n");
|
||||
printf("\"Admin\" password is prompted for. ");
|
||||
printf(" The key field is not filled in, for\n");
|
||||
printf("security reasons.\n");
|
||||
} else if (!strcmp(argv[1], "destroy_tickets") ||
|
||||
!strcmp(argv[1], "dest")) {
|
||||
printf("Usage: destroy_tickets\n");
|
||||
printf("\n");
|
||||
printf("Destroy your admin tickets. This will");
|
||||
printf(" cause you to be prompted for your\n");
|
||||
printf("admin password on your next request.\n");
|
||||
} else if (!strcmp(argv[1], "list_requests") ||
|
||||
!strcmp(argv[1], "lr") ||
|
||||
!strcmp(argv[1], "?")) {
|
||||
printf("Usage: list_requests\n");
|
||||
printf("\n");
|
||||
printf("This command lists what other commands are");
|
||||
printf(" currently available.\n");
|
||||
} else if (!strcmp(argv[1], "exit") ||
|
||||
!strcmp(argv[1], "quit") ||
|
||||
!strcmp(argv[1], "q")) {
|
||||
printf("Usage: quit\n");
|
||||
printf("\n");
|
||||
printf("This command exits this program.\n");
|
||||
} else {
|
||||
printf("Sorry there is no such command as %s.", argv[1]);
|
||||
printf(" Type \"help\" for more information. \n");
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
void
|
||||
go_home(str,x)
|
||||
char *str;
|
||||
int x;
|
||||
{
|
||||
fprintf(stderr, "%s: %s\n", str, error_message(x));
|
||||
clean_up();
|
||||
exit(1);
|
||||
}
|
||||
|
||||
static int inited = 0;
|
||||
|
||||
void
|
||||
usage()
|
||||
{
|
||||
fprintf(stderr, "Usage: kadmin [-u admin_name] [-r default_realm]");
|
||||
#ifndef NO_MULTIPLE
|
||||
fprintf(stderr, " [-m]");
|
||||
#endif
|
||||
fprintf(stderr, "\n");
|
||||
#ifndef NO_MULTIPLE
|
||||
fprintf(stderr, " -m allows multiple admin requests to be ");
|
||||
fprintf(stderr, "serviced with one entry of admin\n");
|
||||
fprintf(stderr, " password.\n");
|
||||
#endif
|
||||
exit(1);
|
||||
}
|
||||
|
||||
static void
|
||||
do_init(argc, argv)
|
||||
int argc;
|
||||
char *argv[];
|
||||
{
|
||||
struct passwd *pw;
|
||||
extern char *optarg;
|
||||
extern int optind;
|
||||
int c;
|
||||
#ifndef NO_MULTIPLE
|
||||
#define OPTION_STRING "u:r:m"
|
||||
#else
|
||||
#define OPTION_STRING "u:r:"
|
||||
#endif
|
||||
|
||||
bzero(myname, sizeof(myname));
|
||||
|
||||
if (!inited) {
|
||||
/*
|
||||
* This is only as a default/initial realm; we don't care
|
||||
* about failure.
|
||||
*/
|
||||
if (krb_get_lrealm(default_realm, 1) != KSUCCESS)
|
||||
strcpy(default_realm, KRB_REALM);
|
||||
|
||||
/*
|
||||
* If we can reach the local realm, initialize to it. Otherwise,
|
||||
* don't initialize.
|
||||
*/
|
||||
if (kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm) != KADM_SUCCESS)
|
||||
bzero(krbrlm, sizeof(krbrlm));
|
||||
else
|
||||
strcpy(krbrlm, default_realm);
|
||||
|
||||
while ((c = getopt(argc, argv, OPTION_STRING)) != EOF)
|
||||
switch (c) {
|
||||
case 'u':
|
||||
strncpy(myname, optarg, sizeof(myname) - 1);
|
||||
break;
|
||||
case 'r':
|
||||
bzero(default_realm, sizeof(default_realm));
|
||||
strncpy(default_realm, optarg, sizeof(default_realm) - 1);
|
||||
break;
|
||||
#ifndef NO_MULTIPLE
|
||||
case 'm':
|
||||
multiple++;
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
usage();
|
||||
break;
|
||||
}
|
||||
if (optind < argc)
|
||||
usage();
|
||||
if (!myname[0]) {
|
||||
pw = getpwuid((int) getuid());
|
||||
if (!pw) {
|
||||
fprintf(stderr,
|
||||
"You aren't in the password file. Who are you?\n");
|
||||
exit(1);
|
||||
}
|
||||
(void) strcpy(myname, pw->pw_name);
|
||||
}
|
||||
inited = 1;
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef NOENCRYPTION
|
||||
#define read_long_pw_string placebo_read_pw_string
|
||||
#else
|
||||
#define read_long_pw_string des_read_pw_string
|
||||
#endif
|
||||
extern int read_long_pw_string();
|
||||
|
||||
int
|
||||
get_admin_password()
|
||||
{
|
||||
int status;
|
||||
char admin_passwd[MAX_KPW_LEN]; /* Admin's password */
|
||||
int ticket_life = 1; /* minimum ticket lifetime */
|
||||
#ifndef NO_MULTIPLE
|
||||
CREDENTIALS c;
|
||||
|
||||
if (multiple) {
|
||||
/* If admin tickets exist and are valid, just exit. */
|
||||
bzero(&c, sizeof(c));
|
||||
if (krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c) == KSUCCESS)
|
||||
/*
|
||||
* If time is less than lifetime - FUDGE_VALUE after issue date,
|
||||
* tickets will probably last long enough for the next
|
||||
* transaction.
|
||||
*/
|
||||
if (time(0) < (c.issue_date + (5 * 60 * c.lifetime) - FUDGE_VALUE))
|
||||
return(KADM_SUCCESS);
|
||||
ticket_life = DEFAULT_TKT_LIFE;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (princ_exists(myname, "admin", krbrlm) != PE_NO) {
|
||||
if (read_long_pw_string(admin_passwd, sizeof(admin_passwd)-1,
|
||||
"Admin password:", 0)) {
|
||||
fprintf(stderr, "Error reading admin password.\n");
|
||||
goto bad;
|
||||
}
|
||||
status = krb_get_pw_in_tkt(myname, "admin", krbrlm, PWSERV_NAME,
|
||||
KADM_SINST, ticket_life, admin_passwd);
|
||||
bzero(admin_passwd, sizeof(admin_passwd));
|
||||
}
|
||||
else
|
||||
status = KDC_PR_UNKNOWN;
|
||||
|
||||
switch(status) {
|
||||
case GT_PW_OK:
|
||||
return(GOOD_PW);
|
||||
case KDC_PR_UNKNOWN:
|
||||
printf("Principal %s.admin@%s does not exist.\n", myname, krbrlm);
|
||||
goto bad;
|
||||
case GT_PW_BADPW:
|
||||
printf("Incorrect admin password.\n");
|
||||
goto bad;
|
||||
default:
|
||||
com_err("kadmin", status+krb_err_base,
|
||||
"while getting password tickets");
|
||||
goto bad;
|
||||
}
|
||||
|
||||
bad:
|
||||
bzero(admin_passwd, sizeof(admin_passwd));
|
||||
(void) dest_tkt();
|
||||
return(BAD_PW);
|
||||
}
|
||||
|
||||
void
|
||||
clean_up()
|
||||
{
|
||||
(void) dest_tkt();
|
||||
return;
|
||||
}
|
||||
|
||||
void
|
||||
quit()
|
||||
{
|
||||
printf("Cleaning up and exiting.\n");
|
||||
clean_up();
|
||||
exit(0);
|
||||
}
|
||||
|
||||
int
|
||||
princ_exists(name, instance, realm)
|
||||
char *name;
|
||||
char *instance;
|
||||
char *realm;
|
||||
{
|
||||
int status;
|
||||
|
||||
status = krb_get_pw_in_tkt(name, instance, realm, "krbtgt", realm, 1, "");
|
||||
|
||||
if ((status == KSUCCESS) || (status == INTK_BADPW))
|
||||
return(PE_YES);
|
||||
else if (status == KDC_PR_UNKNOWN)
|
||||
return(PE_NO);
|
||||
else
|
||||
return(PE_UNSURE);
|
||||
}
|
||||
|
||||
int
|
||||
get_password(low, high, prompt, byteswap)
|
||||
unsigned long *low, *high;
|
||||
char *prompt;
|
||||
int byteswap;
|
||||
{
|
||||
char new_passwd[MAX_KPW_LEN]; /* new password */
|
||||
des_cblock newkey;
|
||||
|
||||
do {
|
||||
if (read_long_pw_string(new_passwd, sizeof(new_passwd)-1, prompt, 1))
|
||||
return(BAD_PW);
|
||||
if (strlen(new_passwd) == 0)
|
||||
printf("Null passwords are not allowed; try again.\n");
|
||||
} while (strlen(new_passwd) == 0);
|
||||
|
||||
#ifdef NOENCRYPTION
|
||||
bzero((char *) newkey, sizeof(newkey));
|
||||
#else
|
||||
des_string_to_key(new_passwd, &newkey);
|
||||
#endif
|
||||
bzero(new_passwd, sizeof(new_passwd));
|
||||
|
||||
bcopy((char *) newkey,(char *)low,4);
|
||||
bcopy((char *)(((long *) newkey) + 1), (char *)high,4);
|
||||
|
||||
bzero((char *) newkey, sizeof(newkey));
|
||||
|
||||
#ifdef NOENCRYPTION
|
||||
*low = 1;
|
||||
#endif
|
||||
|
||||
if (byteswap != DONTSWAP) {
|
||||
*low = htonl(*low);
|
||||
*high = htonl(*high);
|
||||
}
|
||||
return(GOOD_PW);
|
||||
}
|
||||
@@ -1,41 +0,0 @@
|
||||
# $Source: /usr/cvs/src/eBones/kadmin/kadmin_cmds.ct,v $
|
||||
# $Author: mark $
|
||||
# $Header: /usr/cvs/src/eBones/kadmin/kadmin_cmds.ct,v 1.1 1995/07/18 16:36:56 mark Exp $
|
||||
#
|
||||
# Copyright 1988 by the Massachusetts Institute of Technology.
|
||||
#
|
||||
# For copying and distribution information, please see the file
|
||||
# <mit-copyright.h>.
|
||||
#
|
||||
# Command table for Kerberos administration tool
|
||||
#
|
||||
command_table admin_cmds;
|
||||
|
||||
request change_password,
|
||||
"Change a user's password",
|
||||
change_password, cpw;
|
||||
|
||||
request change_admin_password, "Change your admin password",
|
||||
change_admin_password, cap;
|
||||
|
||||
request add_new_key, "Add new user to kerberos database",
|
||||
add_new_key, ank;
|
||||
|
||||
request get_entry, "Get entry from kerberos database",
|
||||
get_entry, get;
|
||||
|
||||
request clean_up, "Destroy admin tickets",
|
||||
destroy_tickets, dest;
|
||||
|
||||
request help,"Request help with this program",
|
||||
help;
|
||||
|
||||
# list_requests is generic -- unrelated to Kerberos
|
||||
|
||||
request ss_list_requests, "List available requests.",
|
||||
list_requests, lr, "?";
|
||||
|
||||
request quit, "Exit program.",
|
||||
quit, exit, q;
|
||||
|
||||
end;
|
||||
@@ -1,267 +0,0 @@
|
||||
This directory was created from eBones by the following procedure:
|
||||
|
||||
1) Get the files listed in the Makefile
|
||||
|
||||
2) perl -spi.bak -e 's/\$(Header[^\$]*)\$/$1/g'
|
||||
|
||||
3) Apply the patch listed below.
|
||||
|
||||
diff -rc2 ../kadmind.orig/admin_server.c ./admin_server.c
|
||||
*** ../kadmind.orig/admin_server.c Thu Jan 19 18:04:04 1995
|
||||
--- ./admin_server.c Thu Jan 19 21:58:51 1995
|
||||
***************
|
||||
*** 1,10 ****
|
||||
/*
|
||||
- * $Source: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/admin_server.c,v $
|
||||
- * $Author: jtkohl $
|
||||
- *
|
||||
* Copyright 1988 by the Massachusetts Institute of Technology.
|
||||
*
|
||||
* For copying and distribution information, please see the file
|
||||
! * <mit-copyright.h>.
|
||||
*
|
||||
* Top-level loop of the kerberos Administration server
|
||||
--- 1,7 ----
|
||||
/*
|
||||
* Copyright 1988 by the Massachusetts Institute of Technology.
|
||||
*
|
||||
* For copying and distribution information, please see the file
|
||||
! * Copyright.MIT.
|
||||
*
|
||||
* Top-level loop of the kerberos Administration server
|
||||
***************
|
||||
*** 12,20 ****
|
||||
|
||||
#ifndef lint
|
||||
static char rcsid_admin_server_c[] =
|
||||
! "$Id: admin_server.c,v 4.8 90/01/02 13:50:38 jtkohl Exp $";
|
||||
#endif lint
|
||||
|
||||
- #include <mit-copyright.h>
|
||||
/*
|
||||
admin_server.c
|
||||
--- 9,20 ----
|
||||
|
||||
#ifndef lint
|
||||
+ #if 0
|
||||
static char rcsid_admin_server_c[] =
|
||||
! "Id: admin_server.c,v 4.8 90/01/02 13:50:38 jtkohl Exp ";
|
||||
! #endif
|
||||
! static const char rcsid[] =
|
||||
! "$Id";
|
||||
#endif lint
|
||||
|
||||
/*
|
||||
admin_server.c
|
||||
***************
|
||||
*** 389,393 ****
|
||||
--- 389,397 ----
|
||||
register int i, j;
|
||||
|
||||
+ #ifdef POSIX
|
||||
+ int status;
|
||||
+ #else
|
||||
union wait status;
|
||||
+ #endif
|
||||
|
||||
pid = wait(&status);
|
||||
***************
|
||||
*** 400,406 ****
|
||||
pidarray[j] = pidarray[j+1];
|
||||
pidarraysize--;
|
||||
! if (status.w_retcode || status.w_coredump || status.w_termsig)
|
||||
log("child %d: termsig %d, coredump %d, retcode %d", pid,
|
||||
! status.w_termsig, status.w_coredump, status.w_retcode);
|
||||
#ifdef POSIX
|
||||
return;
|
||||
--- 404,410 ----
|
||||
pidarray[j] = pidarray[j+1];
|
||||
pidarraysize--;
|
||||
! if (WEXITSTATUS(status) || WCOREDUMP(status) || WIFSIGNALED(status))
|
||||
log("child %d: termsig %d, coredump %d, retcode %d", pid,
|
||||
! WTERMSIG(status), WCOREDUMP(status), WEXITSTATUS(status));
|
||||
#ifdef POSIX
|
||||
return;
|
||||
***************
|
||||
*** 410,414 ****
|
||||
}
|
||||
log("child %d not in list: termsig %d, coredump %d, retcode %d", pid,
|
||||
! status.w_termsig, status.w_coredump, status.w_retcode);
|
||||
#ifdef POSIX
|
||||
return;
|
||||
--- 414,418 ----
|
||||
}
|
||||
log("child %d not in list: termsig %d, coredump %d, retcode %d", pid,
|
||||
! WTERMSIG(status), WCOREDUMP(status), WEXITSTATUS(status));
|
||||
#ifdef POSIX
|
||||
return;
|
||||
Only in .: admin_server.c~
|
||||
diff -rc2 ../kadmind.orig/kadm_funcs.c ./kadm_funcs.c
|
||||
*** ../kadmind.orig/kadm_funcs.c Thu Jan 19 18:04:04 1995
|
||||
--- ./kadm_funcs.c Thu Jan 19 21:56:31 1995
|
||||
***************
|
||||
*** 1,10 ****
|
||||
/*
|
||||
- * $Source: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_funcs.c,v $
|
||||
- * $Author: jon $
|
||||
- *
|
||||
* Copyright 1988 by the Massachusetts Institute of Technology.
|
||||
*
|
||||
* For copying and distribution information, please see the file
|
||||
! * <mit-copyright.h>.
|
||||
*
|
||||
* Kerberos administration server-side database manipulation routines
|
||||
--- 1,7 ----
|
||||
/*
|
||||
* Copyright 1988 by the Massachusetts Institute of Technology.
|
||||
*
|
||||
* For copying and distribution information, please see the file
|
||||
! * Copyright.MIT
|
||||
*
|
||||
* Kerberos administration server-side database manipulation routines
|
||||
***************
|
||||
*** 12,20 ****
|
||||
|
||||
#ifndef lint
|
||||
static char rcsid_kadm_funcs_c[] =
|
||||
! "$Id: kadm_funcs.c,v 4.3 90/03/20 01:39:51 jon Exp $";
|
||||
#endif lint
|
||||
|
||||
- #include <mit-copyright.h>
|
||||
/*
|
||||
kadm_funcs.c
|
||||
--- 9,20 ----
|
||||
|
||||
#ifndef lint
|
||||
+ #if 0
|
||||
static char rcsid_kadm_funcs_c[] =
|
||||
! "Id: kadm_funcs.c,v 4.3 90/03/20 01:39:51 jon Exp ";
|
||||
! #endif
|
||||
! static const char rcsid[] =
|
||||
! "$Id$";
|
||||
#endif lint
|
||||
|
||||
/*
|
||||
kadm_funcs.c
|
||||
Only in .: kadm_funcs.c~
|
||||
diff -rc2 ../kadmind.orig/kadm_ser_wrap.c ./kadm_ser_wrap.c
|
||||
*** ../kadmind.orig/kadm_ser_wrap.c Thu Jan 19 18:04:04 1995
|
||||
--- ./kadm_ser_wrap.c Thu Jan 19 21:59:15 1995
|
||||
***************
|
||||
*** 1,10 ****
|
||||
/*
|
||||
- * $Source: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_ser_wrap.c,v $
|
||||
- * $Author: jtkohl $
|
||||
- *
|
||||
* Copyright 1988 by the Massachusetts Institute of Technology.
|
||||
*
|
||||
* For copying and distribution information, please see the file
|
||||
! * <mit-copyright.h>.
|
||||
*
|
||||
* Kerberos administration server-side support functions
|
||||
--- 1,7 ----
|
||||
/*
|
||||
* Copyright 1988 by the Massachusetts Institute of Technology.
|
||||
*
|
||||
* For copying and distribution information, please see the file
|
||||
! * Copyright.MIT.
|
||||
*
|
||||
* Kerberos administration server-side support functions
|
||||
***************
|
||||
*** 16,20 ****
|
||||
#endif lint
|
||||
|
||||
- #include <mit-copyright.h>
|
||||
/*
|
||||
kadm_ser_wrap.c
|
||||
--- 13,16 ----
|
||||
Only in .: kadm_ser_wrap.c~
|
||||
diff -rc2 ../kadmind.orig/kadm_server.c ./kadm_server.c
|
||||
*** ../kadmind.orig/kadm_server.c Thu Jan 19 18:04:04 1995
|
||||
--- ./kadm_server.c Thu Jan 19 21:59:31 1995
|
||||
***************
|
||||
*** 1,10 ****
|
||||
/*
|
||||
- * $Source: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_server.c,v $
|
||||
- * $Author: jtkohl $
|
||||
- *
|
||||
* Copyright 1988 by the Massachusetts Institute of Technology.
|
||||
*
|
||||
* For copying and distribution information, please see the file
|
||||
! * <mit-copyright.h>.
|
||||
*
|
||||
* Kerberos administration server-side subroutines
|
||||
--- 1,7 ----
|
||||
/*
|
||||
* Copyright 1988 by the Massachusetts Institute of Technology.
|
||||
*
|
||||
* For copying and distribution information, please see the file
|
||||
! * Copyright.MIT.
|
||||
*
|
||||
* Kerberos administration server-side subroutines
|
||||
***************
|
||||
*** 15,20 ****
|
||||
"Header: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_server.c,v 4.2 89/09/26 09:30:23 jtkohl Exp ";
|
||||
#endif lint
|
||||
-
|
||||
- #include <mit-copyright.h>
|
||||
|
||||
#include <kadm.h>
|
||||
--- 12,15 ----
|
||||
Only in .: kadm_server.c~
|
||||
diff -rc2 ../kadmind.orig/kadm_server.h ./kadm_server.h
|
||||
*** ../kadmind.orig/kadm_server.h Thu Jan 19 18:04:05 1995
|
||||
--- ./kadm_server.h Thu Jan 19 18:06:36 1995
|
||||
***************
|
||||
*** 7,11 ****
|
||||
*
|
||||
* For copying and distribution information, please see the file
|
||||
! * <mit-copyright.h>.
|
||||
*
|
||||
* Definitions for Kerberos administration server & client
|
||||
--- 7,11 ----
|
||||
*
|
||||
* For copying and distribution information, please see the file
|
||||
! * Copyright.MIT.
|
||||
*
|
||||
* Definitions for Kerberos administration server & client
|
||||
***************
|
||||
*** 15,19 ****
|
||||
#define KADM_SERVER_DEFS
|
||||
|
||||
- #include <mit-copyright.h>
|
||||
/*
|
||||
* kadm_server.h
|
||||
--- 15,18 ----
|
||||
***************
|
||||
*** 25,30 ****
|
||||
|
||||
#include <sys/types.h>
|
||||
! #include <krb.h>
|
||||
! #include <des.h>
|
||||
|
||||
typedef struct {
|
||||
--- 24,29 ----
|
||||
|
||||
#include <sys/types.h>
|
||||
! #include <kerberosIV/krb.h>
|
||||
! #include <kerberosIV/des.h>
|
||||
|
||||
typedef struct {
|
||||
***************
|
||||
*** 43,49 ****
|
||||
|
||||
/* the default syslog file */
|
||||
! #define KADM_SYSLOG "/kerberos/admin_server.syslog"
|
||||
|
||||
! #define DEFAULT_ACL_DIR "/kerberos"
|
||||
#define ADD_ACL_FILE "/admin_acl.add"
|
||||
#define GET_ACL_FILE "/admin_acl.get"
|
||||
--- 42,48 ----
|
||||
|
||||
/* the default syslog file */
|
||||
! #define KADM_SYSLOG "/var/log/kadmind.syslog"
|
||||
|
||||
! #define DEFAULT_ACL_DIR "/etc/kerberosIV"
|
||||
#define ADD_ACL_FILE "/admin_acl.add"
|
||||
#define GET_ACL_FILE "/admin_acl.get"
|
||||
@@ -1,11 +0,0 @@
|
||||
# $Id: Makefile,v 1.1 1995/07/18 16:36:59 mark Exp $
|
||||
|
||||
PROG= kadmind
|
||||
SRCS= admin_server.c kadm_funcs.c kadm_ser_wrap.c kadm_server.c
|
||||
CFLAGS+=-DPOSIX -I${.CURDIR}/../include -I${KRBOBJDIR} \
|
||||
-I${.CURDIR}/../libkadm -I${KADMOBJDIR} -Wall
|
||||
LDADD+= -L${KADMOBJDIR} -lkadm -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb \
|
||||
-ldes -L${ACLOBJDIR} -lacl -lcom_err
|
||||
MAN8= kadmind.8
|
||||
|
||||
.include <bsd.prog.mk>
|
||||
@@ -1,474 +0,0 @@
|
||||
/*
|
||||
* Copyright 1988 by the Massachusetts Institute of Technology.
|
||||
*
|
||||
* For copying and distribution information, please see the file
|
||||
* Copyright.MIT.
|
||||
*
|
||||
* Top-level loop of the kerberos Administration server
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid_admin_server_c[] =
|
||||
"Id: admin_server.c,v 4.8 90/01/02 13:50:38 jtkohl Exp ";
|
||||
static const char rcsid[] =
|
||||
"$Id";
|
||||
#endif lint
|
||||
#endif
|
||||
|
||||
/*
|
||||
admin_server.c
|
||||
this holds the main loop and initialization and cleanup code for the server
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <sys/types.h>
|
||||
#include <signal.h>
|
||||
#ifndef sigmask
|
||||
#define sigmask(m) (1 <<((m)-1))
|
||||
#endif
|
||||
#include <sys/wait.h>
|
||||
#include <errno.h>
|
||||
#include <sys/socket.h>
|
||||
#include <syslog.h>
|
||||
#include <com_err.h>
|
||||
#include <kadm.h>
|
||||
#include <kadm_err.h>
|
||||
#include <krb_db.h>
|
||||
#include "kadm_server.h"
|
||||
|
||||
/* Almost all procs and such need this, so it is global */
|
||||
admin_params prm; /* The command line parameters struct */
|
||||
|
||||
char prog[32]; /* WHY IS THIS NEEDED??????? */
|
||||
char *progname = prog;
|
||||
char *acldir = DEFAULT_ACL_DIR;
|
||||
char krbrlm[REALM_SZ];
|
||||
extern Kadm_Server server_parm;
|
||||
|
||||
void cleanexit(int val);
|
||||
void process_client(int fd, struct sockaddr_in *who);
|
||||
void kill_children(void);
|
||||
static void clear_secrets(void);
|
||||
void byebye(void);
|
||||
void close_syslog(void);
|
||||
int kadm_listen(void);
|
||||
|
||||
/*
|
||||
** Main does the logical thing, it sets up the database and RPC interface,
|
||||
** as well as handling the creation and maintenance of the syslog file...
|
||||
*/
|
||||
void
|
||||
main(argc, argv) /* admin_server main routine */
|
||||
int argc;
|
||||
char *argv[];
|
||||
{
|
||||
int errval;
|
||||
int c;
|
||||
extern char *optarg;
|
||||
|
||||
prog[sizeof(prog)-1]='\0'; /* Terminate... */
|
||||
(void) strncpy(prog, argv[0], sizeof(prog)-1);
|
||||
|
||||
/* initialize the admin_params structure */
|
||||
prm.sysfile = KADM_SYSLOG; /* default file name */
|
||||
prm.inter = 1;
|
||||
|
||||
bzero(krbrlm, sizeof(krbrlm));
|
||||
|
||||
while ((c = getopt(argc, argv, "f:hnd:a:r:")) != EOF)
|
||||
switch(c) {
|
||||
case 'f': /* Syslog file name change */
|
||||
prm.sysfile = optarg;
|
||||
break;
|
||||
case 'n':
|
||||
prm.inter = 0;
|
||||
break;
|
||||
case 'a': /* new acl directory */
|
||||
acldir = optarg;
|
||||
break;
|
||||
case 'd':
|
||||
/* put code to deal with alt database place */
|
||||
if ((errval = kerb_db_set_name(optarg))) {
|
||||
fprintf(stderr, "opening database %s: %s",
|
||||
optarg, error_message(errval));
|
||||
exit(1);
|
||||
}
|
||||
break;
|
||||
case 'r':
|
||||
(void) strncpy(krbrlm, optarg, sizeof(krbrlm) - 1);
|
||||
break;
|
||||
case 'h': /* get help on using admin_server */
|
||||
default:
|
||||
printf("Usage: admin_server [-h] [-n] [-r realm] [-d dbname] [-f filename] [-a acldir]\n");
|
||||
exit(-1); /* failure */
|
||||
}
|
||||
|
||||
if (krbrlm[0] == 0)
|
||||
if (krb_get_lrealm(krbrlm, 0) != KSUCCESS) {
|
||||
fprintf(stderr,
|
||||
"Unable to get local realm. Fix krb.conf or use -r.\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
printf("KADM Server %s initializing\n",KADM_VERSTR);
|
||||
printf("Please do not use 'kill -9' to kill this job, use a\n");
|
||||
printf("regular kill instead\n\n");
|
||||
|
||||
set_logfile(prm.sysfile);
|
||||
log("Admin server starting");
|
||||
|
||||
(void) kerb_db_set_lockmode(KERB_DBL_NONBLOCKING);
|
||||
errval = kerb_init(); /* Open the Kerberos database */
|
||||
if (errval) {
|
||||
fprintf(stderr, "error: kerb_init() failed");
|
||||
close_syslog();
|
||||
byebye();
|
||||
}
|
||||
/* set up the server_parm struct */
|
||||
if ((errval = kadm_ser_init(prm.inter, krbrlm))==KADM_SUCCESS) {
|
||||
kerb_fini(); /* Close the Kerberos database--
|
||||
will re-open later */
|
||||
errval = kadm_listen(); /* listen for calls to server from
|
||||
clients */
|
||||
}
|
||||
if (errval != KADM_SUCCESS) {
|
||||
fprintf(stderr,"error: %s\n",error_message(errval));
|
||||
kerb_fini(); /* Close if error */
|
||||
}
|
||||
close_syslog(); /* Close syslog file, print
|
||||
closing note */
|
||||
byebye(); /* Say bye bye on the terminal
|
||||
in use */
|
||||
} /* procedure main */
|
||||
|
||||
|
||||
/* close the system log file */
|
||||
void
|
||||
close_syslog()
|
||||
{
|
||||
log("Shutting down admin server");
|
||||
}
|
||||
|
||||
void
|
||||
byebye() /* say goodnight gracie */
|
||||
{
|
||||
printf("Admin Server (kadm server) has completed operation.\n");
|
||||
}
|
||||
|
||||
static void
|
||||
clear_secrets()
|
||||
{
|
||||
bzero((char *)server_parm.master_key, sizeof(server_parm.master_key));
|
||||
bzero((char *)server_parm.master_key_schedule,
|
||||
sizeof(server_parm.master_key_schedule));
|
||||
server_parm.master_key_version = 0L;
|
||||
}
|
||||
|
||||
static exit_now = 0;
|
||||
|
||||
sigtype
|
||||
doexit()
|
||||
{
|
||||
exit_now = 1;
|
||||
#ifdef POSIX
|
||||
return;
|
||||
#else /* !POSIX */
|
||||
return(0);
|
||||
#endif /* POSIX */
|
||||
}
|
||||
|
||||
unsigned pidarraysize = 0;
|
||||
int *pidarray = (int *)0;
|
||||
|
||||
/*
|
||||
kadm_listen
|
||||
listen on the admin servers port for a request
|
||||
*/
|
||||
int
|
||||
kadm_listen()
|
||||
{
|
||||
extern int errno;
|
||||
int found;
|
||||
int admin_fd;
|
||||
int peer_fd;
|
||||
fd_set mask, readfds;
|
||||
struct sockaddr_in peer;
|
||||
int addrlen;
|
||||
int pid;
|
||||
sigtype do_child();
|
||||
|
||||
(void) signal(SIGINT, doexit);
|
||||
(void) signal(SIGTERM, doexit);
|
||||
(void) signal(SIGHUP, doexit);
|
||||
(void) signal(SIGQUIT, doexit);
|
||||
(void) signal(SIGPIPE, SIG_IGN); /* get errors on write() */
|
||||
(void) signal(SIGALRM, doexit);
|
||||
(void) signal(SIGCHLD, do_child);
|
||||
|
||||
if ((admin_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
|
||||
return KADM_NO_SOCK;
|
||||
if (bind(admin_fd, (struct sockaddr *)&server_parm.admin_addr,
|
||||
sizeof(struct sockaddr_in)) < 0)
|
||||
return KADM_NO_BIND;
|
||||
(void) listen(admin_fd, 1);
|
||||
FD_ZERO(&mask);
|
||||
FD_SET(admin_fd, &mask);
|
||||
|
||||
for (;;) { /* loop nearly forever */
|
||||
if (exit_now) {
|
||||
clear_secrets();
|
||||
kill_children();
|
||||
return(0);
|
||||
}
|
||||
readfds = mask;
|
||||
if ((found = select(admin_fd+1,&readfds,(fd_set *)0,
|
||||
(fd_set *)0, (struct timeval *)0)) == 0)
|
||||
continue; /* no things read */
|
||||
if (found < 0) {
|
||||
if (errno != EINTR)
|
||||
log("select: %s",error_message(errno));
|
||||
continue;
|
||||
}
|
||||
if (FD_ISSET(admin_fd, &readfds)) {
|
||||
/* accept the conn */
|
||||
addrlen = sizeof(peer);
|
||||
if ((peer_fd = accept(admin_fd, (struct sockaddr *)&peer,
|
||||
&addrlen)) < 0) {
|
||||
log("accept: %s",error_message(errno));
|
||||
continue;
|
||||
}
|
||||
addrlen = sizeof(server_parm.admin_addr);
|
||||
if (getsockname(peer_fd, (struct sockaddr *)&server_parm.admin_addr,
|
||||
&addrlen)) {
|
||||
log("getsockname: %s",error_message(errno));
|
||||
continue;
|
||||
}
|
||||
#ifdef DEBUG
|
||||
printf("Connection recieved on %s\n",
|
||||
inet_ntoa(server_parm.admin_addr.sin_addr));
|
||||
#endif /* DEBUG */
|
||||
#ifndef DEBUG
|
||||
/* if you want a sep daemon for each server */
|
||||
if ((pid = fork())) {
|
||||
/* parent */
|
||||
if (pid < 0) {
|
||||
log("fork: %s",error_message(errno));
|
||||
(void) close(peer_fd);
|
||||
continue;
|
||||
}
|
||||
/* fork succeded: keep tabs on child */
|
||||
(void) close(peer_fd);
|
||||
if (pidarray) {
|
||||
pidarray = (int *)realloc((char *)pidarray, ++pidarraysize);
|
||||
pidarray[pidarraysize-1] = pid;
|
||||
} else {
|
||||
pidarray = (int *)malloc(pidarraysize = 1);
|
||||
pidarray[0] = pid;
|
||||
}
|
||||
} else {
|
||||
/* child */
|
||||
(void) close(admin_fd);
|
||||
#endif /* DEBUG */
|
||||
/* do stuff */
|
||||
process_client (peer_fd, &peer);
|
||||
#ifndef DEBUG
|
||||
}
|
||||
#endif
|
||||
} else {
|
||||
log("something else woke me up!");
|
||||
return(0);
|
||||
}
|
||||
}
|
||||
/*NOTREACHED*/
|
||||
return(0); /* Shut -Wall up - markm */
|
||||
}
|
||||
|
||||
#ifdef DEBUG
|
||||
#define cleanexit(code) {kerb_fini(); return;}
|
||||
#endif
|
||||
|
||||
void
|
||||
process_client(fd, who)
|
||||
int fd;
|
||||
struct sockaddr_in *who;
|
||||
{
|
||||
u_char *dat;
|
||||
int dat_len;
|
||||
u_short dlen;
|
||||
int retval;
|
||||
int on = 1;
|
||||
Principal service;
|
||||
des_cblock skey;
|
||||
int more;
|
||||
int status;
|
||||
|
||||
if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0)
|
||||
log("setsockopt keepalive: %d",errno);
|
||||
|
||||
server_parm.recv_addr = *who;
|
||||
|
||||
if (kerb_init()) { /* Open as client */
|
||||
log("can't open krb db");
|
||||
cleanexit(1);
|
||||
}
|
||||
/* need to set service key to changepw.KRB_MASTER */
|
||||
|
||||
status = kerb_get_principal(server_parm.sname, server_parm.sinst, &service,
|
||||
1, &more);
|
||||
if (status == -1) {
|
||||
/* db locked */
|
||||
u_long retcode = KADM_DB_INUSE;
|
||||
char *pdat;
|
||||
|
||||
dat_len = KADM_VERSIZE + sizeof(u_long);
|
||||
dat = (u_char *) malloc((unsigned)dat_len);
|
||||
pdat = (char *) dat;
|
||||
retcode = htonl((u_long) KADM_DB_INUSE);
|
||||
(void) strncpy(pdat, KADM_ULOSE, KADM_VERSIZE);
|
||||
bcopy((char *)&retcode, &pdat[KADM_VERSIZE], sizeof(u_long));
|
||||
goto out;
|
||||
} else if (!status) {
|
||||
log("no service %s.%s",server_parm.sname, server_parm.sinst);
|
||||
cleanexit(2);
|
||||
}
|
||||
|
||||
bcopy((char *)&service.key_low, (char *)skey, 4);
|
||||
bcopy((char *)&service.key_high, (char *)(((long *) skey) + 1), 4);
|
||||
bzero((char *)&service, sizeof(service));
|
||||
kdb_encrypt_key (skey, skey, server_parm.master_key,
|
||||
server_parm.master_key_schedule, DECRYPT);
|
||||
(void) krb_set_key((char *)skey, 0); /* if error, will show up when
|
||||
rd_req fails */
|
||||
bzero((char *)skey, sizeof(skey));
|
||||
|
||||
while (1) {
|
||||
if ((retval = krb_net_read(fd, (char *)&dlen, sizeof(u_short))) !=
|
||||
sizeof(u_short)) {
|
||||
if (retval < 0)
|
||||
log("dlen read: %s",error_message(errno));
|
||||
else if (retval)
|
||||
log("short dlen read: %d",retval);
|
||||
(void) close(fd);
|
||||
cleanexit(retval ? 3 : 0);
|
||||
}
|
||||
if (exit_now) {
|
||||
cleanexit(0);
|
||||
}
|
||||
dat_len = (int) ntohs(dlen);
|
||||
dat = (u_char *) malloc((unsigned)dat_len);
|
||||
if (!dat) {
|
||||
log("malloc: No memory");
|
||||
(void) close(fd);
|
||||
cleanexit(4);
|
||||
}
|
||||
if ((retval = krb_net_read(fd, (char *)dat, dat_len)) != dat_len) {
|
||||
if (retval < 0)
|
||||
log("data read: %s",error_message(errno));
|
||||
else
|
||||
log("short read: %d vs. %d", dat_len, retval);
|
||||
(void) close(fd);
|
||||
cleanexit(5);
|
||||
}
|
||||
if (exit_now) {
|
||||
cleanexit(0);
|
||||
}
|
||||
if ((retval = kadm_ser_in(&dat,&dat_len)) != KADM_SUCCESS)
|
||||
log("processing request: %s", error_message(retval));
|
||||
|
||||
/* kadm_ser_in did the processing and returned stuff in
|
||||
dat & dat_len , return the appropriate data */
|
||||
|
||||
out:
|
||||
dlen = (u_short) dat_len;
|
||||
|
||||
if (dat_len != (int)dlen) {
|
||||
clear_secrets();
|
||||
abort(); /* XXX */
|
||||
}
|
||||
dlen = htons(dlen);
|
||||
|
||||
if (krb_net_write(fd, (char *)&dlen, sizeof(u_short)) < 0) {
|
||||
log("writing dlen to client: %s",error_message(errno));
|
||||
(void) close(fd);
|
||||
cleanexit(6);
|
||||
}
|
||||
|
||||
if (krb_net_write(fd, (char *)dat, dat_len) < 0) {
|
||||
log(LOG_ERR, "writing to client: %s",error_message(errno));
|
||||
(void) close(fd);
|
||||
cleanexit(7);
|
||||
}
|
||||
free((char *)dat);
|
||||
}
|
||||
/*NOTREACHED*/
|
||||
}
|
||||
|
||||
sigtype
|
||||
do_child()
|
||||
{
|
||||
/* SIGCHLD brings us here */
|
||||
int pid;
|
||||
register int i, j;
|
||||
|
||||
#ifdef POSIX
|
||||
int status;
|
||||
#else
|
||||
union wait status;
|
||||
#endif
|
||||
|
||||
pid = wait(&status);
|
||||
|
||||
for (i = 0; i < pidarraysize; i++)
|
||||
if (pidarray[i] == pid) {
|
||||
/* found it */
|
||||
for (j = i; j < pidarraysize-1; j++)
|
||||
/* copy others down */
|
||||
pidarray[j] = pidarray[j+1];
|
||||
pidarraysize--;
|
||||
if (WEXITSTATUS(status) || WCOREDUMP(status) || WIFSIGNALED(status))
|
||||
log("child %d: termsig %d, coredump %d, retcode %d", pid,
|
||||
WTERMSIG(status), WCOREDUMP(status), WEXITSTATUS(status));
|
||||
#ifdef POSIX
|
||||
return;
|
||||
#else /* !POSIX */
|
||||
return(0);
|
||||
#endif /* POSIX */
|
||||
}
|
||||
log("child %d not in list: termsig %d, coredump %d, retcode %d", pid,
|
||||
WTERMSIG(status), WCOREDUMP(status), WEXITSTATUS(status));
|
||||
#ifdef POSIX
|
||||
return;
|
||||
#else /* !POSIX */
|
||||
return(0);
|
||||
#endif /* POSIX */
|
||||
}
|
||||
|
||||
#ifndef DEBUG
|
||||
void
|
||||
cleanexit(val)
|
||||
int val;
|
||||
{
|
||||
kerb_fini();
|
||||
clear_secrets();
|
||||
exit(val);
|
||||
}
|
||||
#endif
|
||||
|
||||
void
|
||||
kill_children()
|
||||
{
|
||||
register int i;
|
||||
int osigmask;
|
||||
|
||||
osigmask = sigblock(sigmask(SIGCHLD));
|
||||
|
||||
for (i = 0; i < pidarraysize; i++) {
|
||||
kill(pidarray[i], SIGINT);
|
||||
log("killing child %d", pidarray[i]);
|
||||
}
|
||||
sigsetmask(osigmask);
|
||||
return;
|
||||
}
|
||||
@@ -1,381 +0,0 @@
|
||||
/*
|
||||
* Copyright 1988 by the Massachusetts Institute of Technology.
|
||||
*
|
||||
* For copying and distribution information, please see the file
|
||||
* Copyright.MIT
|
||||
*
|
||||
* Kerberos administration server-side database manipulation routines
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid_kadm_funcs_c[] =
|
||||
"Id: kadm_funcs.c,v 4.3 90/03/20 01:39:51 jon Exp ";
|
||||
static const char rcsid[] =
|
||||
"$Id: kadm_funcs.c,v 1.1 1995/07/18 16:37:02 mark Exp $";
|
||||
#endif lint
|
||||
#endif
|
||||
|
||||
/*
|
||||
kadm_funcs.c
|
||||
the actual database manipulation code
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <com_err.h>
|
||||
#include <sys/param.h>
|
||||
#include <kadm.h>
|
||||
#include <kadm_err.h>
|
||||
#include <krb_db.h>
|
||||
#include "kadm_server.h"
|
||||
|
||||
extern Kadm_Server server_parm;
|
||||
|
||||
int
|
||||
check_access(pname, pinst, prealm, acltype)
|
||||
char *pname;
|
||||
char *pinst;
|
||||
char *prealm;
|
||||
enum acl_types acltype;
|
||||
{
|
||||
char checkname[MAX_K_NAME_SZ];
|
||||
char filename[MAXPATHLEN];
|
||||
extern char *acldir;
|
||||
|
||||
sprintf(checkname, "%s.%s@%s", pname, pinst, prealm);
|
||||
|
||||
switch (acltype) {
|
||||
case ADDACL:
|
||||
sprintf(filename, "%s%s", acldir, ADD_ACL_FILE);
|
||||
break;
|
||||
case GETACL:
|
||||
sprintf(filename, "%s%s", acldir, GET_ACL_FILE);
|
||||
break;
|
||||
case MODACL:
|
||||
sprintf(filename, "%s%s", acldir, MOD_ACL_FILE);
|
||||
break;
|
||||
}
|
||||
return(acl_check(filename, checkname));
|
||||
}
|
||||
|
||||
int
|
||||
wildcard(str)
|
||||
char *str;
|
||||
{
|
||||
if (!strcmp(str, WILDCARD_STR))
|
||||
return(1);
|
||||
return(0);
|
||||
}
|
||||
|
||||
#define failadd(code) { (void) log("FAILED addding '%s.%s' (%s)", valsin->name, valsin->instance, error_message(code)); return code; }
|
||||
|
||||
int
|
||||
kadm_add_entry (rname, rinstance, rrealm, valsin, valsout)
|
||||
char *rname; /* requestors name */
|
||||
char *rinstance; /* requestors instance */
|
||||
char *rrealm; /* requestors realm */
|
||||
Kadm_vals *valsin;
|
||||
Kadm_vals *valsout;
|
||||
{
|
||||
long numfound; /* check how many we get written */
|
||||
int more; /* pointer to more grabbed records */
|
||||
Principal data_i, data_o; /* temporary principal */
|
||||
u_char flags[4];
|
||||
des_cblock newpw;
|
||||
Principal default_princ;
|
||||
|
||||
if (!check_access(rname, rinstance, rrealm, ADDACL)) {
|
||||
(void) log("WARNING: '%s.%s@%s' tried to add an entry for '%s.%s'",
|
||||
rname, rinstance, rrealm, valsin->name, valsin->instance);
|
||||
return KADM_UNAUTH;
|
||||
}
|
||||
|
||||
/* Need to check here for "legal" name and instance */
|
||||
if (wildcard(valsin->name) || wildcard(valsin->instance)) {
|
||||
failadd(KADM_ILL_WILDCARD);
|
||||
}
|
||||
|
||||
(void) log("request to add an entry for '%s.%s' from '%s.%s@%s'",
|
||||
valsin->name, valsin->instance, rname, rinstance, rrealm);
|
||||
|
||||
numfound = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST,
|
||||
&default_princ, 1, &more);
|
||||
if (numfound == -1) {
|
||||
failadd(KADM_DB_INUSE);
|
||||
} else if (numfound != 1) {
|
||||
failadd(KADM_UK_RERROR);
|
||||
}
|
||||
|
||||
kadm_vals_to_prin(valsin->fields, &data_i, valsin);
|
||||
(void) strncpy(data_i.name, valsin->name, ANAME_SZ);
|
||||
(void) strncpy(data_i.instance, valsin->instance, INST_SZ);
|
||||
|
||||
if (!IS_FIELD(KADM_EXPDATE,valsin->fields))
|
||||
data_i.exp_date = default_princ.exp_date;
|
||||
if (!IS_FIELD(KADM_ATTR,valsin->fields))
|
||||
data_i.attributes = default_princ.attributes;
|
||||
if (!IS_FIELD(KADM_MAXLIFE,valsin->fields))
|
||||
data_i.max_life = default_princ.max_life;
|
||||
|
||||
bzero((char *)&default_princ, sizeof(default_princ));
|
||||
|
||||
/* convert to host order */
|
||||
data_i.key_low = ntohl(data_i.key_low);
|
||||
data_i.key_high = ntohl(data_i.key_high);
|
||||
|
||||
|
||||
bcopy(&data_i.key_low,newpw,4);
|
||||
bcopy(&data_i.key_high,(char *)(((long *) newpw) + 1),4);
|
||||
|
||||
/* encrypt new key in master key */
|
||||
kdb_encrypt_key (newpw, newpw, server_parm.master_key,
|
||||
server_parm.master_key_schedule, ENCRYPT);
|
||||
bcopy(newpw,&data_i.key_low,4);
|
||||
bcopy((char *)(((long *) newpw) + 1), &data_i.key_high,4);
|
||||
bzero((char *)newpw, sizeof(newpw));
|
||||
|
||||
data_o = data_i;
|
||||
numfound = kerb_get_principal(valsin->name, valsin->instance,
|
||||
&data_o, 1, &more);
|
||||
if (numfound == -1) {
|
||||
failadd(KADM_DB_INUSE);
|
||||
} else if (numfound) {
|
||||
failadd(KADM_INUSE);
|
||||
} else {
|
||||
data_i.key_version++;
|
||||
data_i.kdc_key_ver = server_parm.master_key_version;
|
||||
(void) strncpy(data_i.mod_name, rname, sizeof(data_i.mod_name)-1);
|
||||
(void) strncpy(data_i.mod_instance, rinstance,
|
||||
sizeof(data_i.mod_instance)-1);
|
||||
|
||||
numfound = kerb_put_principal(&data_i, 1);
|
||||
if (numfound == -1) {
|
||||
failadd(KADM_DB_INUSE);
|
||||
} else if (numfound) {
|
||||
failadd(KADM_UK_SERROR);
|
||||
} else {
|
||||
numfound = kerb_get_principal(valsin->name, valsin->instance,
|
||||
&data_o, 1, &more);
|
||||
if ((numfound!=1) || (more!=0)) {
|
||||
failadd(KADM_UK_RERROR);
|
||||
}
|
||||
bzero((char *)flags, sizeof(flags));
|
||||
SET_FIELD(KADM_NAME,flags);
|
||||
SET_FIELD(KADM_INST,flags);
|
||||
SET_FIELD(KADM_EXPDATE,flags);
|
||||
SET_FIELD(KADM_ATTR,flags);
|
||||
SET_FIELD(KADM_MAXLIFE,flags);
|
||||
kadm_prin_to_vals(flags, valsout, &data_o);
|
||||
(void) log("'%s.%s' added.", valsin->name, valsin->instance);
|
||||
return KADM_DATA; /* Set all the appropriate fields */
|
||||
}
|
||||
}
|
||||
}
|
||||
#undef failadd
|
||||
|
||||
#define failget(code) { (void) log("FAILED retrieving '%s.%s' (%s)", valsin->name, valsin->instance, error_message(code)); return code; }
|
||||
|
||||
int
|
||||
kadm_get_entry (rname, rinstance, rrealm, valsin, flags, valsout)
|
||||
char *rname; /* requestors name */
|
||||
char *rinstance; /* requestors instance */
|
||||
char *rrealm; /* requestors realm */
|
||||
Kadm_vals *valsin; /* what they wannt to get */
|
||||
u_char *flags; /* which fields we want */
|
||||
Kadm_vals *valsout; /* what data is there */
|
||||
{
|
||||
long numfound; /* check how many were returned */
|
||||
int more; /* To point to more name.instances */
|
||||
Principal data_o; /* Data object to hold Principal */
|
||||
|
||||
|
||||
if (!check_access(rname, rinstance, rrealm, GETACL)) {
|
||||
(void) log("WARNING: '%s.%s@%s' tried to get '%s.%s's entry",
|
||||
rname, rinstance, rrealm, valsin->name, valsin->instance);
|
||||
return KADM_UNAUTH;
|
||||
}
|
||||
|
||||
if (wildcard(valsin->name) || wildcard(valsin->instance)) {
|
||||
failget(KADM_ILL_WILDCARD);
|
||||
}
|
||||
|
||||
(void) log("retrieve '%s.%s's entry for '%s.%s@%s'",
|
||||
valsin->name, valsin->instance, rname, rinstance, rrealm);
|
||||
|
||||
/* Look up the record in the database */
|
||||
numfound = kerb_get_principal(valsin->name, valsin->instance,
|
||||
&data_o, 1, &more);
|
||||
if (numfound == -1) {
|
||||
failget(KADM_DB_INUSE);
|
||||
} else if (numfound) { /* We got the record, let's return it */
|
||||
kadm_prin_to_vals(flags, valsout, &data_o);
|
||||
(void) log("'%s.%s' retrieved.", valsin->name, valsin->instance);
|
||||
return KADM_DATA; /* Set all the appropriate fields */
|
||||
} else {
|
||||
failget(KADM_NOENTRY); /* Else whimper and moan */
|
||||
}
|
||||
}
|
||||
#undef failget
|
||||
|
||||
#define failmod(code) { (void) log("FAILED modifying '%s.%s' (%s)", valsin1->name, valsin1->instance, error_message(code)); return code; }
|
||||
|
||||
int
|
||||
kadm_mod_entry (rname, rinstance, rrealm, valsin1, valsin2, valsout)
|
||||
char *rname; /* requestors name */
|
||||
char *rinstance; /* requestors instance */
|
||||
char *rrealm; /* requestors realm */
|
||||
Kadm_vals *valsin1, *valsin2; /* holds the parameters being
|
||||
passed in */
|
||||
Kadm_vals *valsout; /* the actual record which is returned */
|
||||
{
|
||||
long numfound;
|
||||
int more;
|
||||
Principal data_o, temp_key;
|
||||
u_char fields[4];
|
||||
des_cblock newpw;
|
||||
|
||||
if (wildcard(valsin1->name) || wildcard(valsin1->instance)) {
|
||||
failmod(KADM_ILL_WILDCARD);
|
||||
}
|
||||
|
||||
if (!check_access(rname, rinstance, rrealm, MODACL)) {
|
||||
(void) log("WARNING: '%s.%s@%s' tried to change '%s.%s's entry",
|
||||
rname, rinstance, rrealm, valsin1->name, valsin1->instance);
|
||||
return KADM_UNAUTH;
|
||||
}
|
||||
|
||||
(void) log("request to modify '%s.%s's entry from '%s.%s@%s' ",
|
||||
valsin1->name, valsin1->instance, rname, rinstance, rrealm);
|
||||
|
||||
numfound = kerb_get_principal(valsin1->name, valsin1->instance,
|
||||
&data_o, 1, &more);
|
||||
if (numfound == -1) {
|
||||
failmod(KADM_DB_INUSE);
|
||||
} else if (numfound) {
|
||||
kadm_vals_to_prin(valsin2->fields, &temp_key, valsin2);
|
||||
(void) strncpy(data_o.name, valsin1->name, ANAME_SZ);
|
||||
(void) strncpy(data_o.instance, valsin1->instance, INST_SZ);
|
||||
if (IS_FIELD(KADM_EXPDATE,valsin2->fields))
|
||||
data_o.exp_date = temp_key.exp_date;
|
||||
if (IS_FIELD(KADM_ATTR,valsin2->fields))
|
||||
data_o.attributes = temp_key.attributes;
|
||||
if (IS_FIELD(KADM_MAXLIFE,valsin2->fields))
|
||||
data_o.max_life = temp_key.max_life;
|
||||
if (IS_FIELD(KADM_DESKEY,valsin2->fields)) {
|
||||
data_o.key_version++;
|
||||
data_o.kdc_key_ver = server_parm.master_key_version;
|
||||
|
||||
|
||||
/* convert to host order */
|
||||
temp_key.key_low = ntohl(temp_key.key_low);
|
||||
temp_key.key_high = ntohl(temp_key.key_high);
|
||||
|
||||
|
||||
bcopy(&temp_key.key_low,newpw,4);
|
||||
bcopy(&temp_key.key_high,(char *)(((long *) newpw) + 1),4);
|
||||
|
||||
/* encrypt new key in master key */
|
||||
kdb_encrypt_key (newpw, newpw, server_parm.master_key,
|
||||
server_parm.master_key_schedule, ENCRYPT);
|
||||
bcopy(newpw,&data_o.key_low,4);
|
||||
bcopy((char *)(((long *) newpw) + 1), &data_o.key_high,4);
|
||||
bzero((char *)newpw, sizeof(newpw));
|
||||
}
|
||||
bzero((char *)&temp_key, sizeof(temp_key));
|
||||
|
||||
(void) strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1);
|
||||
(void) strncpy(data_o.mod_instance, rinstance,
|
||||
sizeof(data_o.mod_instance)-1);
|
||||
more = kerb_put_principal(&data_o, 1);
|
||||
|
||||
bzero((char *)&data_o, sizeof(data_o));
|
||||
|
||||
if (more == -1) {
|
||||
failmod(KADM_DB_INUSE);
|
||||
} else if (more) {
|
||||
failmod(KADM_UK_SERROR);
|
||||
} else {
|
||||
numfound = kerb_get_principal(valsin1->name, valsin1->instance,
|
||||
&data_o, 1, &more);
|
||||
if ((more!=0)||(numfound!=1)) {
|
||||
failmod(KADM_UK_RERROR);
|
||||
}
|
||||
bzero((char *) fields, sizeof(fields));
|
||||
SET_FIELD(KADM_NAME,fields);
|
||||
SET_FIELD(KADM_INST,fields);
|
||||
SET_FIELD(KADM_EXPDATE,fields);
|
||||
SET_FIELD(KADM_ATTR,fields);
|
||||
SET_FIELD(KADM_MAXLIFE,fields);
|
||||
kadm_prin_to_vals(fields, valsout, &data_o);
|
||||
(void) log("'%s.%s' modified.", valsin1->name, valsin1->instance);
|
||||
return KADM_DATA; /* Set all the appropriate fields */
|
||||
}
|
||||
}
|
||||
else {
|
||||
failmod(KADM_NOENTRY);
|
||||
}
|
||||
}
|
||||
#undef failmod
|
||||
|
||||
#define failchange(code) { (void) log("FAILED changing key for '%s.%s@%s' (%s)", rname, rinstance, rrealm, error_message(code)); return code; }
|
||||
|
||||
int
|
||||
kadm_change (rname, rinstance, rrealm, newpw)
|
||||
char *rname;
|
||||
char *rinstance;
|
||||
char *rrealm;
|
||||
des_cblock newpw;
|
||||
{
|
||||
long numfound;
|
||||
int more;
|
||||
Principal data_o;
|
||||
des_cblock local_pw;
|
||||
|
||||
if (strcmp(server_parm.krbrlm, rrealm)) {
|
||||
(void) log("change key request from wrong realm, '%s.%s@%s'!\n",
|
||||
rname, rinstance, rrealm);
|
||||
return(KADM_WRONG_REALM);
|
||||
}
|
||||
|
||||
if (wildcard(rname) || wildcard(rinstance)) {
|
||||
failchange(KADM_ILL_WILDCARD);
|
||||
}
|
||||
(void) log("'%s.%s@%s' wants to change its password",
|
||||
rname, rinstance, rrealm);
|
||||
|
||||
bcopy(newpw, local_pw, sizeof(local_pw));
|
||||
|
||||
/* encrypt new key in master key */
|
||||
kdb_encrypt_key (local_pw, local_pw, server_parm.master_key,
|
||||
server_parm.master_key_schedule, ENCRYPT);
|
||||
|
||||
numfound = kerb_get_principal(rname, rinstance,
|
||||
&data_o, 1, &more);
|
||||
if (numfound == -1) {
|
||||
failchange(KADM_DB_INUSE);
|
||||
} else if (numfound) {
|
||||
bcopy(local_pw,&data_o.key_low,4);
|
||||
bcopy((char *)(((long *) local_pw) + 1), &data_o.key_high,4);
|
||||
data_o.key_version++;
|
||||
data_o.kdc_key_ver = server_parm.master_key_version;
|
||||
(void) strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1);
|
||||
(void) strncpy(data_o.mod_instance, rinstance,
|
||||
sizeof(data_o.mod_instance)-1);
|
||||
more = kerb_put_principal(&data_o, 1);
|
||||
bzero((char *) local_pw, sizeof(local_pw));
|
||||
bzero((char *) &data_o, sizeof(data_o));
|
||||
if (more == -1) {
|
||||
failchange(KADM_DB_INUSE);
|
||||
} else if (more) {
|
||||
failchange(KADM_UK_SERROR);
|
||||
} else {
|
||||
(void) log("'%s.%s@%s' password changed.", rname, rinstance, rrealm);
|
||||
return KADM_SUCCESS;
|
||||
}
|
||||
}
|
||||
else {
|
||||
failchange(KADM_NOENTRY);
|
||||
}
|
||||
}
|
||||
#undef failchange
|
||||
@@ -1,213 +0,0 @@
|
||||
/*
|
||||
* Copyright 1988 by the Massachusetts Institute of Technology.
|
||||
*
|
||||
* For copying and distribution information, please see the file
|
||||
* Copyright.MIT.
|
||||
*
|
||||
* Kerberos administration server-side support functions
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid_module_c[] =
|
||||
"BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_ser_wrap.c,v 4.4 89/09/26 09:29:36 jtkohl Exp ";
|
||||
#endif lint
|
||||
#endif
|
||||
|
||||
/*
|
||||
kadm_ser_wrap.c
|
||||
unwraps wrapped packets and calls the appropriate server subroutine
|
||||
*/
|
||||
|
||||
#include <unistd.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <sys/types.h>
|
||||
#include <netdb.h>
|
||||
#include <sys/socket.h>
|
||||
#include <kadm.h>
|
||||
#include <kadm_err.h>
|
||||
#include <krb_err.h>
|
||||
#include "kadm_server.h"
|
||||
|
||||
Kadm_Server server_parm;
|
||||
|
||||
/*
|
||||
kadm_ser_init
|
||||
set up the server_parm structure
|
||||
*/
|
||||
int
|
||||
kadm_ser_init(inter, realm)
|
||||
int inter; /* interactive or from file */
|
||||
char realm[];
|
||||
{
|
||||
struct servent *sep;
|
||||
struct hostent *hp;
|
||||
char hostname[MAXHOSTNAMELEN];
|
||||
|
||||
init_kadm_err_tbl();
|
||||
init_krb_err_tbl();
|
||||
if (gethostname(hostname, sizeof(hostname)))
|
||||
return KADM_NO_HOSTNAME;
|
||||
|
||||
strcpy(server_parm.sname, PWSERV_NAME);
|
||||
strcpy(server_parm.sinst, KRB_MASTER);
|
||||
strcpy(server_parm.krbrlm, realm);
|
||||
|
||||
server_parm.admin_fd = -1;
|
||||
/* setting up the addrs */
|
||||
if ((sep = getservbyname(KADM_SNAME, "tcp")) == NULL)
|
||||
return KADM_NO_SERV;
|
||||
bzero((char *)&server_parm.admin_addr,sizeof(server_parm.admin_addr));
|
||||
server_parm.admin_addr.sin_family = AF_INET;
|
||||
if ((hp = gethostbyname(hostname)) == NULL)
|
||||
return KADM_NO_HOSTNAME;
|
||||
server_parm.admin_addr.sin_addr.s_addr = INADDR_ANY;
|
||||
server_parm.admin_addr.sin_port = sep->s_port;
|
||||
/* setting up the database */
|
||||
if (kdb_get_master_key((inter==1),server_parm.master_key,
|
||||
server_parm.master_key_schedule) != 0)
|
||||
return KADM_NO_MAST;
|
||||
if ((server_parm.master_key_version =
|
||||
kdb_verify_master_key(server_parm.master_key,
|
||||
server_parm.master_key_schedule,stderr))<0)
|
||||
return KADM_NO_VERI;
|
||||
return KADM_SUCCESS;
|
||||
}
|
||||
|
||||
static void
|
||||
errpkt(dat, dat_len, code)
|
||||
u_char **dat;
|
||||
int *dat_len;
|
||||
int code;
|
||||
{
|
||||
u_long retcode;
|
||||
char *pdat;
|
||||
|
||||
free((char *)*dat); /* free up req */
|
||||
*dat_len = KADM_VERSIZE + sizeof(u_long);
|
||||
*dat = (u_char *) malloc((unsigned)*dat_len);
|
||||
pdat = (char *) *dat;
|
||||
retcode = htonl((u_long) code);
|
||||
(void) strncpy(pdat, KADM_ULOSE, KADM_VERSIZE);
|
||||
bcopy((char *)&retcode, &pdat[KADM_VERSIZE], sizeof(u_long));
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
kadm_ser_in
|
||||
unwrap the data stored in dat, process, and return it.
|
||||
*/
|
||||
int
|
||||
kadm_ser_in(dat,dat_len)
|
||||
u_char **dat;
|
||||
int *dat_len;
|
||||
{
|
||||
u_char *in_st; /* pointer into the sent packet */
|
||||
int in_len,retc; /* where in packet we are, for
|
||||
returns */
|
||||
u_long r_len; /* length of the actual packet */
|
||||
KTEXT_ST authent; /* the authenticator */
|
||||
AUTH_DAT ad; /* who is this, klink */
|
||||
u_long ncksum; /* checksum of encrypted data */
|
||||
des_key_schedule sess_sched; /* our schedule */
|
||||
MSG_DAT msg_st;
|
||||
u_char *retdat, *tmpdat;
|
||||
int retval, retlen;
|
||||
|
||||
if (strncmp(KADM_VERSTR, (char *)*dat, KADM_VERSIZE)) {
|
||||
errpkt(dat, dat_len, KADM_BAD_VER);
|
||||
return KADM_BAD_VER;
|
||||
}
|
||||
in_len = KADM_VERSIZE;
|
||||
/* get the length */
|
||||
if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0)
|
||||
return KADM_LENGTH_ERROR;
|
||||
in_len += retc;
|
||||
authent.length = *dat_len - r_len - KADM_VERSIZE - sizeof(u_long);
|
||||
bcopy((char *)(*dat) + in_len, (char *)authent.dat, authent.length);
|
||||
authent.mbz = 0;
|
||||
/* service key should be set before here */
|
||||
if ((retc = krb_rd_req(&authent, server_parm.sname, server_parm.sinst,
|
||||
server_parm.recv_addr.sin_addr.s_addr, &ad, (char *)0)))
|
||||
{
|
||||
errpkt(dat, dat_len,retc + krb_err_base);
|
||||
return retc + krb_err_base;
|
||||
}
|
||||
|
||||
#define clr_cli_secrets() {bzero((char *)sess_sched, sizeof(sess_sched)); bzero((char *)ad.session, sizeof(ad.session));}
|
||||
|
||||
in_st = *dat + *dat_len - r_len;
|
||||
#ifdef NOENCRYPTION
|
||||
ncksum = 0;
|
||||
#else
|
||||
ncksum = quad_cksum((des_cblock *)in_st, (des_cblock *)0, (long) r_len,
|
||||
0, (des_cblock *)ad.session);
|
||||
#endif
|
||||
if (ncksum!=ad.checksum) { /* yow, are we correct yet */
|
||||
clr_cli_secrets();
|
||||
errpkt(dat, dat_len,KADM_BAD_CHK);
|
||||
return KADM_BAD_CHK;
|
||||
}
|
||||
#ifdef NOENCRYPTION
|
||||
bzero(sess_sched, sizeof(sess_sched));
|
||||
#else
|
||||
des_key_sched((des_cblock *)ad.session, sess_sched);
|
||||
#endif
|
||||
if ((retc = (int) krb_rd_priv(in_st, r_len, sess_sched, ad.session,
|
||||
&server_parm.recv_addr,
|
||||
&server_parm.admin_addr, &msg_st))) {
|
||||
clr_cli_secrets();
|
||||
errpkt(dat, dat_len,retc + krb_err_base);
|
||||
return retc + krb_err_base;
|
||||
}
|
||||
switch (msg_st.app_data[0]) {
|
||||
case CHANGE_PW:
|
||||
retval = kadm_ser_cpw(msg_st.app_data+1,(int) msg_st.app_length,&ad,
|
||||
&retdat, &retlen);
|
||||
break;
|
||||
case ADD_ENT:
|
||||
retval = kadm_ser_add(msg_st.app_data+1,(int) msg_st.app_length,&ad,
|
||||
&retdat, &retlen);
|
||||
break;
|
||||
case GET_ENT:
|
||||
retval = kadm_ser_get(msg_st.app_data+1,(int) msg_st.app_length,&ad,
|
||||
&retdat, &retlen);
|
||||
break;
|
||||
case MOD_ENT:
|
||||
retval = kadm_ser_mod(msg_st.app_data+1,(int) msg_st.app_length,&ad,
|
||||
&retdat, &retlen);
|
||||
break;
|
||||
default:
|
||||
clr_cli_secrets();
|
||||
errpkt(dat, dat_len, KADM_NO_OPCODE);
|
||||
return KADM_NO_OPCODE;
|
||||
}
|
||||
/* Now seal the response back into a priv msg */
|
||||
free((char *)*dat);
|
||||
tmpdat = (u_char *) malloc((unsigned)(retlen + KADM_VERSIZE +
|
||||
sizeof(u_long)));
|
||||
(void) strncpy((char *)tmpdat, KADM_VERSTR, KADM_VERSIZE);
|
||||
retval = htonl((u_long)retval);
|
||||
bcopy((char *)&retval, (char *)tmpdat + KADM_VERSIZE, sizeof(u_long));
|
||||
if (retlen) {
|
||||
bcopy((char *)retdat, (char *)tmpdat + KADM_VERSIZE + sizeof(u_long),
|
||||
retlen);
|
||||
free((char *)retdat);
|
||||
}
|
||||
/* slop for mk_priv stuff */
|
||||
*dat = (u_char *) malloc((unsigned) (retlen + KADM_VERSIZE +
|
||||
sizeof(u_long) + 200));
|
||||
if ((*dat_len = krb_mk_priv(tmpdat, *dat,
|
||||
(u_long) (retlen + KADM_VERSIZE +
|
||||
sizeof(u_long)),
|
||||
sess_sched,
|
||||
ad.session, &server_parm.admin_addr,
|
||||
&server_parm.recv_addr)) < 0) {
|
||||
clr_cli_secrets();
|
||||
errpkt(dat, dat_len, KADM_NO_ENCRYPT);
|
||||
return KADM_NO_ENCRYPT;
|
||||
}
|
||||
clr_cli_secrets();
|
||||
return KADM_SUCCESS;
|
||||
}
|
||||
@@ -1,167 +0,0 @@
|
||||
/*
|
||||
* Copyright 1988 by the Massachusetts Institute of Technology.
|
||||
*
|
||||
* For copying and distribution information, please see the file
|
||||
* Copyright.MIT.
|
||||
*
|
||||
* Kerberos administration server-side subroutines
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid_kadm_server_c[] =
|
||||
"Header: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_server.c,v 4.2 89/09/26 09:30:23 jtkohl Exp ";
|
||||
#endif lint
|
||||
#endif
|
||||
|
||||
#include <string.h>
|
||||
#include <kadm.h>
|
||||
#include <kadm_err.h>
|
||||
#include "kadm_server.h"
|
||||
|
||||
/*
|
||||
kadm_ser_cpw - the server side of the change_password routine
|
||||
recieves : KTEXT, {key}
|
||||
returns : CKSUM, RETCODE
|
||||
acl : caller can change only own password
|
||||
|
||||
Replaces the password (i.e. des key) of the caller with that specified in key.
|
||||
Returns no actual data from the master server, since this is called by a user
|
||||
*/
|
||||
int
|
||||
kadm_ser_cpw(dat, len, ad, datout, outlen)
|
||||
u_char *dat;
|
||||
int len;
|
||||
AUTH_DAT *ad;
|
||||
u_char **datout;
|
||||
int *outlen;
|
||||
{
|
||||
unsigned long keylow, keyhigh;
|
||||
des_cblock newkey;
|
||||
int stvlen;
|
||||
|
||||
/* take key off the stream, and change the database */
|
||||
|
||||
if ((stvlen = stv_long(dat, &keyhigh, 0, len)) < 0)
|
||||
return(KADM_LENGTH_ERROR);
|
||||
if (stv_long(dat, &keylow, stvlen, len) < 0)
|
||||
return(KADM_LENGTH_ERROR);
|
||||
|
||||
keylow = ntohl(keylow);
|
||||
keyhigh = ntohl(keyhigh);
|
||||
bcopy((char *)&keyhigh, (char *)(((long *)newkey) + 1), 4);
|
||||
bcopy((char *)&keylow, (char *)newkey, 4);
|
||||
*datout = 0;
|
||||
*outlen = 0;
|
||||
|
||||
return(kadm_change(ad->pname, ad->pinst, ad->prealm, newkey));
|
||||
}
|
||||
|
||||
/*
|
||||
kadm_ser_add - the server side of the add_entry routine
|
||||
recieves : KTEXT, {values}
|
||||
returns : CKSUM, RETCODE, {values}
|
||||
acl : su, sms (as alloc)
|
||||
|
||||
Adds and entry containing values to the database
|
||||
returns the values of the entry, so if you leave certain fields blank you will
|
||||
be able to determine the default values they are set to
|
||||
*/
|
||||
int
|
||||
kadm_ser_add(dat,len,ad, datout, outlen)
|
||||
u_char *dat;
|
||||
int len;
|
||||
AUTH_DAT *ad;
|
||||
u_char **datout;
|
||||
int *outlen;
|
||||
{
|
||||
Kadm_vals values, retvals;
|
||||
int status;
|
||||
|
||||
if ((status = stream_to_vals(dat, &values, len)) < 0)
|
||||
return(KADM_LENGTH_ERROR);
|
||||
if ((status = kadm_add_entry(ad->pname, ad->pinst, ad->prealm,
|
||||
&values, &retvals)) == KADM_DATA) {
|
||||
*outlen = vals_to_stream(&retvals,datout);
|
||||
return KADM_SUCCESS;
|
||||
} else {
|
||||
*outlen = 0;
|
||||
return status;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
kadm_ser_mod - the server side of the mod_entry routine
|
||||
recieves : KTEXT, {values, values}
|
||||
returns : CKSUM, RETCODE, {values}
|
||||
acl : su, sms (as register or dealloc)
|
||||
|
||||
Modifies all entries corresponding to the first values so they match the
|
||||
second values.
|
||||
returns the values for the changed entries
|
||||
*/
|
||||
int
|
||||
kadm_ser_mod(dat,len,ad, datout, outlen)
|
||||
u_char *dat;
|
||||
int len;
|
||||
AUTH_DAT *ad;
|
||||
u_char **datout;
|
||||
int *outlen;
|
||||
{
|
||||
Kadm_vals vals1, vals2, retvals;
|
||||
int wh;
|
||||
int status;
|
||||
|
||||
if ((wh = stream_to_vals(dat, &vals1, len)) < 0)
|
||||
return KADM_LENGTH_ERROR;
|
||||
if ((status = stream_to_vals(dat+wh,&vals2, len-wh)) < 0)
|
||||
return KADM_LENGTH_ERROR;
|
||||
if ((status = kadm_mod_entry(ad->pname, ad->pinst, ad->prealm, &vals1,
|
||||
&vals2, &retvals)) == KADM_DATA) {
|
||||
*outlen = vals_to_stream(&retvals,datout);
|
||||
return KADM_SUCCESS;
|
||||
} else {
|
||||
*outlen = 0;
|
||||
return status;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
kadm_ser_get
|
||||
recieves : KTEXT, {values, flags}
|
||||
returns : CKSUM, RETCODE, {count, values, values, values}
|
||||
acl : su
|
||||
|
||||
gets the fields requested by flags from all entries matching values
|
||||
returns this data for each matching recipient, after a count of how many such
|
||||
matches there were
|
||||
*/
|
||||
int
|
||||
kadm_ser_get(dat,len,ad, datout, outlen)
|
||||
u_char *dat;
|
||||
int len;
|
||||
AUTH_DAT *ad;
|
||||
u_char **datout;
|
||||
int *outlen;
|
||||
{
|
||||
Kadm_vals values, retvals;
|
||||
u_char fl[FLDSZ];
|
||||
int loop,wh;
|
||||
int status;
|
||||
|
||||
if ((wh = stream_to_vals(dat, &values, len)) < 0)
|
||||
return KADM_LENGTH_ERROR;
|
||||
if (wh + FLDSZ > len)
|
||||
return KADM_LENGTH_ERROR;
|
||||
for (loop=FLDSZ-1; loop>=0; loop--)
|
||||
fl[loop] = dat[wh++];
|
||||
if ((status = kadm_get_entry(ad->pname, ad->pinst, ad->prealm,
|
||||
&values, fl, &retvals)) == KADM_DATA) {
|
||||
*outlen = vals_to_stream(&retvals,datout);
|
||||
return KADM_SUCCESS;
|
||||
} else {
|
||||
*outlen = 0;
|
||||
return status;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,70 +0,0 @@
|
||||
/*
|
||||
* $Source: /usr/cvs/src/eBones/kadmind/kadm_server.h,v $
|
||||
* $Author: mark $
|
||||
* Header: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_server.h,v 4.1 89/12/21 17:46:51 jtkohl Exp
|
||||
*
|
||||
* Copyright 1988 by the Massachusetts Institute of Technology.
|
||||
*
|
||||
* For copying and distribution information, please see the file
|
||||
* Copyright.MIT.
|
||||
*
|
||||
* Definitions for Kerberos administration server & client
|
||||
*/
|
||||
|
||||
#ifndef KADM_SERVER_DEFS
|
||||
#define KADM_SERVER_DEFS
|
||||
|
||||
/*
|
||||
* kadm_server.h
|
||||
* Header file for the fourth attempt at an admin server
|
||||
* Doug Church, December 28, 1989, MIT Project Athena
|
||||
* ps. Yes that means this code belongs to athena etc...
|
||||
* as part of our ongoing attempt to copyright all greek names
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <krb.h>
|
||||
#include <des.h>
|
||||
|
||||
typedef struct {
|
||||
struct sockaddr_in admin_addr;
|
||||
struct sockaddr_in recv_addr;
|
||||
int recv_addr_len;
|
||||
int admin_fd; /* our link to clients */
|
||||
char sname[ANAME_SZ];
|
||||
char sinst[INST_SZ];
|
||||
char krbrlm[REALM_SZ];
|
||||
C_Block master_key;
|
||||
C_Block session_key;
|
||||
Key_schedule master_key_schedule;
|
||||
long master_key_version;
|
||||
} Kadm_Server;
|
||||
|
||||
/* the default syslog file */
|
||||
#define KADM_SYSLOG "/var/log/kadmind.syslog"
|
||||
|
||||
#define DEFAULT_ACL_DIR "/etc/kerberosIV"
|
||||
#define ADD_ACL_FILE "/admin_acl.add"
|
||||
#define GET_ACL_FILE "/admin_acl.get"
|
||||
#define MOD_ACL_FILE "/admin_acl.mod"
|
||||
|
||||
int kadm_ser_in(unsigned char **dat, int *dat_len);
|
||||
int kadm_ser_init(int inter, char realm[]);
|
||||
int kadm_ser_cpw(u_char *dat, int len, AUTH_DAT *ad, u_char **datout,
|
||||
int *outlen);
|
||||
int kadm_ser_add(u_char *dat, int len, AUTH_DAT *ad, u_char **datout,
|
||||
int *outlen);
|
||||
int kadm_ser_mod(u_char *dat, int len, AUTH_DAT *ad, u_char **datout,
|
||||
int *outlen);
|
||||
int kadm_ser_get(u_char *dat, int len, AUTH_DAT *ad, u_char **datout,
|
||||
int *outlen);
|
||||
int kadm_change (char *rname, char *rinstance, char *rrealm,
|
||||
des_cblock newpw);
|
||||
int kadm_add_entry(char *rname, char *rinstance, char *rrealm,
|
||||
Kadm_vals *valsin, Kadm_vals *valsout);
|
||||
int kadm_mod_entry(char *rname, char *rinstance, char *rrealm,
|
||||
Kadm_vals *valsin1, Kadm_vals *valsin2, Kadm_vals *valsout);
|
||||
int kadm_get_entry(char *rname, char *rinstance, char *rrealm,
|
||||
Kadm_vals *valsin, u_char *flags, Kadm_vals *valsout);
|
||||
|
||||
#endif KADM_SERVER_DEFS
|
||||
@@ -1,117 +0,0 @@
|
||||
.\" from: kadmind.8,v 4.1 89/07/25 17:28:33 jtkohl Exp $
|
||||
.\" $Id: kadmind.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $
|
||||
.\" Copyright 1989 by the Massachusetts Institute of Technology.
|
||||
.\"
|
||||
.\" For copying and distribution information,
|
||||
.\" please see the file <Copyright.MIT>.
|
||||
.\"
|
||||
.TH KADMIND 8 "Kerberos Version 4.0" "MIT Project Athena"
|
||||
.SH NAME
|
||||
kadmind \- network daemon for Kerberos database administration
|
||||
.SH SYNOPSIS
|
||||
.B kadmind
|
||||
[
|
||||
.B \-n
|
||||
] [
|
||||
.B \-h
|
||||
] [
|
||||
.B \-r realm
|
||||
] [
|
||||
.B \-f filename
|
||||
] [
|
||||
.B \-d dbname
|
||||
] [
|
||||
.B \-a acldir
|
||||
]
|
||||
.SH DESCRIPTION
|
||||
.I kadmind
|
||||
is the network database server for the Kerberos password-changing and
|
||||
administration tools.
|
||||
.PP
|
||||
Upon execution, it prompts the user to enter the master key string for
|
||||
the database.
|
||||
.PP
|
||||
If the
|
||||
.B \-n
|
||||
option is specified, the master key is instead fetched from the master
|
||||
key cache file.
|
||||
.PP
|
||||
If the
|
||||
.B \-r
|
||||
.I realm
|
||||
option is specified, the admin server will pretend that its
|
||||
local realm is
|
||||
.I realm
|
||||
instead of the actual local realm of the host it is running on.
|
||||
This makes it possible to run a server for a foreign kerberos
|
||||
realm.
|
||||
.PP
|
||||
If the
|
||||
.B \-f
|
||||
.I filename
|
||||
option is specified, then that file is used to hold the log information
|
||||
instead of the default.
|
||||
.PP
|
||||
If the
|
||||
.B \-d
|
||||
.I dbname
|
||||
option is specified, then that file is used as the database name instead
|
||||
of the default.
|
||||
.PP
|
||||
If the
|
||||
.B \-a
|
||||
.I acldir
|
||||
option is specified, then
|
||||
.I acldir
|
||||
is used as the directory in which to search for access control lists
|
||||
instead of the default.
|
||||
.PP
|
||||
If the
|
||||
.B \-h
|
||||
option is specified,
|
||||
.I kadmind
|
||||
prints out a short summary of the permissible control arguments, and
|
||||
then exits.
|
||||
.PP
|
||||
When performing requests on behalf of clients,
|
||||
.I kadmind
|
||||
checks access control lists (ACLs) to determine the authorization of the client
|
||||
to perform the requested action.
|
||||
Currently three distinct access types are supported:
|
||||
.TP 1i
|
||||
Addition
|
||||
(.add ACL file). If a principal is on this list, it may add new
|
||||
principals to the database.
|
||||
.TP
|
||||
Retrieval
|
||||
(.get ACL file). If a principal is on this list, it may retrieve
|
||||
database entries. NOTE: A principal's private key is never returned by
|
||||
the get functions.
|
||||
.TP
|
||||
Modification
|
||||
(.mod ACL file). If a principal is on this list, it may modify entries
|
||||
in the database.
|
||||
.PP
|
||||
A principal is always granted authorization to change its own password.
|
||||
.SH FILES
|
||||
.TP 20n
|
||||
/var/log/kadmind.syslog
|
||||
Default log file.
|
||||
.TP
|
||||
/etc/kerberosIV/admin_acl.{add,get,mod}
|
||||
Access control list files
|
||||
.TP
|
||||
/etc/kerberosIV/principal.db
|
||||
DBM file containing database
|
||||
.TP
|
||||
/etc/kerberosIV/principal.ok
|
||||
Semaphore indicating that the DBM database is not being modified.
|
||||
.TP
|
||||
/etc/kerberosIV/master_key
|
||||
Master key cache file.
|
||||
.SH "SEE ALSO"
|
||||
kerberos(1), kpasswd(1), kadmin(8), acl_check(3)
|
||||
.SH AUTHORS
|
||||
Douglas A. Church, MIT Project Athena
|
||||
.br
|
||||
John T. Kohl, Project Athena/Digital Equipment Corporation
|
||||
@@ -1,11 +0,0 @@
|
||||
# From: @(#)Makefile 5.1 (Berkeley) 6/25/90
|
||||
# $Id: Makefile,v 1.4 1995/07/18 16:37:10 mark Exp $
|
||||
|
||||
SHLIB_MAJOR= 2
|
||||
SHLIB_MINOR= 0
|
||||
|
||||
LIB= kdb
|
||||
CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include -Wall
|
||||
SRCS= krb_cache.c krb_dbm.c krb_kdb_utils.c krb_lib.c print_princ.c
|
||||
|
||||
.include <bsd.lib.mk>
|
||||
@@ -1,181 +0,0 @@
|
||||
/*
|
||||
* Copyright 1988 by the Massachusetts Institute of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* This is where a cache would be implemented, if it were necessary.
|
||||
*
|
||||
* from: krb_cache.c,v 4.5 89/01/24 18:12:34 jon Exp $
|
||||
* $Id: krb_cache.c,v 1.3 1995/07/18 16:37:12 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: krb_cache.c,v 1.3 1995/07/18 16:37:12 mark Exp $";
|
||||
#endif lint
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <sys/types.h>
|
||||
#include <netinet/in.h>
|
||||
#include <sys/uio.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/resource.h>
|
||||
#include <strings.h>
|
||||
#include <des.h>
|
||||
#include <krb.h>
|
||||
#include <krb_db.h>
|
||||
|
||||
#ifdef DEBUG
|
||||
extern int debug;
|
||||
extern long kerb_debug;
|
||||
#endif
|
||||
static init = 0;
|
||||
|
||||
/*
|
||||
* initialization routine for cache
|
||||
*/
|
||||
|
||||
int
|
||||
kerb_cache_init()
|
||||
{
|
||||
init = 1;
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* look up a principal in the cache returns number of principals found
|
||||
*/
|
||||
|
||||
int
|
||||
kerb_cache_get_principal(serv, inst, principal, max)
|
||||
char *serv; /* could have wild card */
|
||||
char *inst; /* could have wild card */
|
||||
Principal *principal;
|
||||
unsigned int max; /* max number of name structs to return */
|
||||
|
||||
{
|
||||
int found = 0;
|
||||
|
||||
if (!init)
|
||||
kerb_cache_init();
|
||||
#ifdef DEBUG
|
||||
if (kerb_debug & 2) {
|
||||
fprintf(stderr, "cache_get_principal for %s %s max = %d\n",
|
||||
serv, inst, max);
|
||||
if (found) {
|
||||
fprintf(stderr, "cache get %s %s found %s %s\n",
|
||||
serv, inst, principal->name, principal->instance);
|
||||
} else {
|
||||
fprintf(stderr, "cache %s %s not found\n", serv,
|
||||
inst);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
return (found);
|
||||
}
|
||||
|
||||
/*
|
||||
* insert/replace a principal in the cache returns number of principals
|
||||
* inserted
|
||||
*/
|
||||
|
||||
int
|
||||
kerb_cache_put_principal(principal, max)
|
||||
Principal *principal;
|
||||
unsigned int max; /* max number of principal structs to
|
||||
* insert */
|
||||
|
||||
{
|
||||
u_long i;
|
||||
int count = 0;
|
||||
|
||||
if (!init)
|
||||
kerb_cache_init();
|
||||
|
||||
#ifdef DEBUG
|
||||
if (kerb_debug & 2) {
|
||||
fprintf(stderr, "kerb_cache_put_principal max = %d",
|
||||
max);
|
||||
}
|
||||
#endif
|
||||
|
||||
for (i = 0; i < max; i++) {
|
||||
#ifdef DEBUG
|
||||
if (kerb_debug & 2)
|
||||
fprintf(stderr, "\n %s %s",
|
||||
principal->name, principal->instance);
|
||||
#endif
|
||||
/* DO IT */
|
||||
count++;
|
||||
principal++;
|
||||
}
|
||||
return count;
|
||||
}
|
||||
|
||||
/*
|
||||
* look up a dba in the cache returns number of dbas found
|
||||
*/
|
||||
|
||||
int
|
||||
kerb_cache_get_dba(serv, inst, dba, max)
|
||||
char *serv; /* could have wild card */
|
||||
char *inst; /* could have wild card */
|
||||
Dba *dba;
|
||||
unsigned int max; /* max number of name structs to return */
|
||||
|
||||
{
|
||||
int found = 0;
|
||||
|
||||
if (!init)
|
||||
kerb_cache_init();
|
||||
|
||||
#ifdef DEBUG
|
||||
if (kerb_debug & 2) {
|
||||
fprintf(stderr, "cache_get_dba for %s %s max = %d\n",
|
||||
serv, inst, max);
|
||||
if (found) {
|
||||
fprintf(stderr, "cache get %s %s found %s %s\n",
|
||||
serv, inst, dba->name, dba->instance);
|
||||
} else {
|
||||
fprintf(stderr, "cache %s %s not found\n", serv, inst);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
return (found);
|
||||
}
|
||||
|
||||
/*
|
||||
* insert/replace a dba in the cache returns number of dbas inserted
|
||||
*/
|
||||
|
||||
int
|
||||
kerb_cache_put_dba(dba, max)
|
||||
Dba *dba;
|
||||
unsigned int max; /* max number of dba structs to insert */
|
||||
|
||||
{
|
||||
u_long i;
|
||||
int count = 0;
|
||||
|
||||
if (!init)
|
||||
kerb_cache_init();
|
||||
#ifdef DEBUG
|
||||
if (kerb_debug & 2) {
|
||||
fprintf(stderr, "kerb_cache_put_dba max = %d", max);
|
||||
}
|
||||
#endif
|
||||
for (i = 0; i < max; i++) {
|
||||
#ifdef DEBUG
|
||||
if (kerb_debug & 2)
|
||||
fprintf(stderr, "\n %s %s",
|
||||
dba->name, dba->instance);
|
||||
#endif
|
||||
/* DO IT */
|
||||
count++;
|
||||
dba++;
|
||||
}
|
||||
return count;
|
||||
}
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
This file is now obsolete.
|
||||
@@ -1,789 +0,0 @@
|
||||
/*
|
||||
* Copyright 1988 by the Massachusetts Institute of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: krb_dbm.c,v 4.9 89/04/18 16:15:13 wesommer Exp $
|
||||
* $Id: krb_dbm.c,v 1.4 1995/08/03 17:15:42 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: krb_dbm.c,v 1.4 1995/08/03 17:15:42 mark Exp $";
|
||||
#endif lint
|
||||
#endif
|
||||
|
||||
#if defined(__FreeBSD__) || defined(__NetBSD__)
|
||||
#define _NDBM_
|
||||
#endif
|
||||
|
||||
#if defined(__FreeBSD__) || defined(__NetBSD__)
|
||||
#define _DBM_
|
||||
#endif
|
||||
|
||||
#include <unistd.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <sys/types.h>
|
||||
#include <netinet/in.h>
|
||||
#include <sys/uio.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/resource.h>
|
||||
#include <sys/errno.h>
|
||||
#include <strings.h>
|
||||
#include <des.h>
|
||||
#include <sys/file.h>
|
||||
#ifdef _NDBM_
|
||||
#include <ndbm.h>
|
||||
#else /*_NDBM_*/
|
||||
#include <dbm.h>
|
||||
#endif /*_NDBM_*/
|
||||
/* before krb_db.h */
|
||||
#include <krb.h>
|
||||
#include <krb_db.h>
|
||||
|
||||
#ifdef dbm_pagfno
|
||||
#define DB
|
||||
#endif
|
||||
|
||||
#define KERB_DB_MAX_RETRY 5
|
||||
|
||||
#ifdef DEBUG
|
||||
extern int debug;
|
||||
extern long kerb_debug;
|
||||
extern char *progname;
|
||||
#endif
|
||||
|
||||
static init = 0;
|
||||
static char default_db_name[] = DBM_FILE;
|
||||
static char *current_db_name = default_db_name;
|
||||
static void encode_princ_key(datum *key, char *name, char *instance);
|
||||
static void decode_princ_key(datum *key, char *name, char *instance);
|
||||
static void encode_princ_contents(datum *contents, Principal *principal);
|
||||
static void decode_princ_contents(datum *contents, Principal *principal);
|
||||
static void kerb_dbl_fini(void);
|
||||
static int kerb_dbl_lock(int mode);
|
||||
static void kerb_dbl_unlock(void);
|
||||
static long kerb_start_update(char *db_name);
|
||||
static long kerb_end_update(char *db_name, long age);
|
||||
|
||||
static struct timeval timestamp;/* current time of request */
|
||||
static int non_blocking = 0;
|
||||
|
||||
/*
|
||||
* This module contains all of the code which directly interfaces to
|
||||
* the underlying representation of the Kerberos database; this
|
||||
* implementation uses a DBM or NDBM indexed "file" (actually
|
||||
* implemented as two separate files) to store the relations, plus a
|
||||
* third file as a semaphore to allow the database to be replaced out
|
||||
* from underneath the KDC server.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Locking:
|
||||
*
|
||||
* There are two distinct locking protocols used. One is designed to
|
||||
* lock against processes (the admin_server, for one) which make
|
||||
* incremental changes to the database; the other is designed to lock
|
||||
* against utilities (kdb_util, kpropd) which replace the entire
|
||||
* database in one fell swoop.
|
||||
*
|
||||
* The first locking protocol is implemented using flock() in the
|
||||
* krb_dbl_lock() and krb_dbl_unlock routines.
|
||||
*
|
||||
* The second locking protocol is necessary because DBM "files" are
|
||||
* actually implemented as two separate files, and it is impossible to
|
||||
* atomically rename two files simultaneously. It assumes that the
|
||||
* database is replaced only very infrequently in comparison to the time
|
||||
* needed to do a database read operation.
|
||||
*
|
||||
* A third file is used as a "version" semaphore; the modification
|
||||
* time of this file is the "version number" of the database.
|
||||
* At the start of a read operation, the reader checks the version
|
||||
* number; at the end of the read operation, it checks again. If the
|
||||
* version number changed, or if the semaphore was nonexistant at
|
||||
* either time, the reader sleeps for a second to let things
|
||||
* stabilize, and then tries again; if it does not succeed after
|
||||
* KERB_DB_MAX_RETRY attempts, it gives up.
|
||||
*
|
||||
* On update, the semaphore file is deleted (if it exists) before any
|
||||
* update takes place; at the end of the update, it is replaced, with
|
||||
* a version number strictly greater than the version number which
|
||||
* existed at the start of the update.
|
||||
*
|
||||
* If the system crashes in the middle of an update, the semaphore
|
||||
* file is not automatically created on reboot; this is a feature, not
|
||||
* a bug, since the database may be inconsistant. Note that the
|
||||
* absence of a semaphore file does not prevent another _update_ from
|
||||
* taking place later. Database replacements take place automatically
|
||||
* only on slave servers; a crash in the middle of an update will be
|
||||
* fixed by the next slave propagation. A crash in the middle of an
|
||||
* update on the master would be somewhat more serious, but this would
|
||||
* likely be noticed by an administrator, who could fix the problem and
|
||||
* retry the operation.
|
||||
*/
|
||||
|
||||
/* Macros to convert ndbm names to dbm names.
|
||||
* Note that dbm_nextkey() cannot be simply converted using a macro, since
|
||||
* it is invoked giving the database, and nextkey() needs the previous key.
|
||||
*
|
||||
* Instead, all routines call "dbm_next" instead.
|
||||
*/
|
||||
|
||||
#ifndef _NDBM_
|
||||
typedef char DBM;
|
||||
|
||||
#define dbm_open(file, flags, mode) ((dbminit(file) == 0)?"":((char *)0))
|
||||
#define dbm_fetch(db, key) fetch(key)
|
||||
#define dbm_store(db, key, content, flag) store(key, content)
|
||||
#define dbm_firstkey(db) firstkey()
|
||||
#define dbm_next(db,key) nextkey(key)
|
||||
#define dbm_close(db) dbmclose()
|
||||
#else
|
||||
#define dbm_next(db,key) dbm_nextkey(db)
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Utility routine: generate name of database file.
|
||||
*/
|
||||
|
||||
static char *gen_dbsuffix(db_name, sfx)
|
||||
char *db_name;
|
||||
char *sfx;
|
||||
{
|
||||
char *dbsuffix;
|
||||
|
||||
if (sfx == NULL)
|
||||
sfx = ".ok";
|
||||
|
||||
dbsuffix = malloc (strlen(db_name) + strlen(sfx) + 1);
|
||||
strcpy(dbsuffix, db_name);
|
||||
strcat(dbsuffix, sfx);
|
||||
return dbsuffix;
|
||||
}
|
||||
|
||||
/*
|
||||
* initialization for data base routines.
|
||||
*/
|
||||
|
||||
int
|
||||
kerb_db_init()
|
||||
{
|
||||
init = 1;
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* gracefully shut down database--must be called by ANY program that does
|
||||
* a kerb_db_init
|
||||
*/
|
||||
|
||||
void
|
||||
kerb_db_fini()
|
||||
{
|
||||
}
|
||||
|
||||
/*
|
||||
* Set the "name" of the current database to some alternate value.
|
||||
*
|
||||
* Passing a null pointer as "name" will set back to the default.
|
||||
* If the alternate database doesn't exist, nothing is changed.
|
||||
*/
|
||||
|
||||
int
|
||||
kerb_db_set_name(name)
|
||||
char *name;
|
||||
{
|
||||
DBM *db;
|
||||
|
||||
if (name == NULL)
|
||||
name = default_db_name;
|
||||
db = dbm_open(name, 0, 0);
|
||||
if (db == NULL)
|
||||
return errno;
|
||||
dbm_close(db);
|
||||
kerb_dbl_fini();
|
||||
current_db_name = name;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Return the last modification time of the database.
|
||||
*/
|
||||
|
||||
long
|
||||
kerb_get_db_age()
|
||||
{
|
||||
struct stat st;
|
||||
char *okname;
|
||||
long age;
|
||||
|
||||
okname = gen_dbsuffix(current_db_name, ".ok");
|
||||
|
||||
if (stat (okname, &st) < 0)
|
||||
age = 0;
|
||||
else
|
||||
age = st.st_mtime;
|
||||
|
||||
free (okname);
|
||||
return age;
|
||||
}
|
||||
|
||||
/*
|
||||
* Remove the semaphore file; indicates that database is currently
|
||||
* under renovation.
|
||||
*
|
||||
* This is only for use when moving the database out from underneath
|
||||
* the server (for example, during slave updates).
|
||||
*/
|
||||
|
||||
static long
|
||||
kerb_start_update(db_name)
|
||||
char *db_name;
|
||||
{
|
||||
char *okname = gen_dbsuffix(db_name, ".ok");
|
||||
long age = kerb_get_db_age();
|
||||
|
||||
if (unlink(okname) < 0
|
||||
&& errno != ENOENT) {
|
||||
age = -1;
|
||||
}
|
||||
free (okname);
|
||||
return age;
|
||||
}
|
||||
|
||||
static long
|
||||
kerb_end_update(db_name, age)
|
||||
char *db_name;
|
||||
long age;
|
||||
{
|
||||
int fd;
|
||||
int retval = 0;
|
||||
char *new_okname = gen_dbsuffix(db_name, ".ok#");
|
||||
char *okname = gen_dbsuffix(db_name, ".ok");
|
||||
|
||||
fd = open (new_okname, O_CREAT|O_RDWR|O_TRUNC, 0600);
|
||||
if (fd < 0)
|
||||
retval = errno;
|
||||
else {
|
||||
struct stat st;
|
||||
struct timeval tv[2];
|
||||
/* make sure that semaphore is "after" previous value. */
|
||||
if (fstat (fd, &st) == 0
|
||||
&& st.st_mtime <= age) {
|
||||
tv[0].tv_sec = st.st_atime;
|
||||
tv[0].tv_usec = 0;
|
||||
tv[1].tv_sec = age;
|
||||
tv[1].tv_usec = 0;
|
||||
/* set times.. */
|
||||
utimes (new_okname, tv);
|
||||
fsync(fd);
|
||||
}
|
||||
close(fd);
|
||||
if (rename (new_okname, okname) < 0)
|
||||
retval = errno;
|
||||
}
|
||||
|
||||
free (new_okname);
|
||||
free (okname);
|
||||
|
||||
return retval;
|
||||
}
|
||||
|
||||
static long
|
||||
kerb_start_read()
|
||||
{
|
||||
return kerb_get_db_age();
|
||||
}
|
||||
|
||||
static long
|
||||
kerb_end_read(age)
|
||||
u_long age;
|
||||
{
|
||||
if (kerb_get_db_age() != age || age == -1) {
|
||||
return -1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Create the database, assuming it's not there.
|
||||
*/
|
||||
|
||||
int
|
||||
kerb_db_create(db_name)
|
||||
char *db_name;
|
||||
{
|
||||
char *okname = gen_dbsuffix(db_name, ".ok");
|
||||
int fd;
|
||||
register int ret = 0;
|
||||
#ifdef _NDBM_
|
||||
DBM *db;
|
||||
|
||||
db = dbm_open(db_name, O_RDWR|O_CREAT|O_EXCL, 0600);
|
||||
if (db == NULL)
|
||||
ret = errno;
|
||||
else
|
||||
dbm_close(db);
|
||||
#else
|
||||
char *dirname = gen_dbsuffix(db_name, ".dir");
|
||||
char *pagname = gen_dbsuffix(db_name, ".pag");
|
||||
|
||||
fd = open(dirname, O_RDWR|O_CREAT|O_EXCL, 0600);
|
||||
if (fd < 0)
|
||||
ret = errno;
|
||||
else {
|
||||
close(fd);
|
||||
fd = open (pagname, O_RDWR|O_CREAT|O_EXCL, 0600);
|
||||
if (fd < 0)
|
||||
ret = errno;
|
||||
else
|
||||
close(fd);
|
||||
}
|
||||
if (dbminit(db_name) < 0)
|
||||
ret = errno;
|
||||
#endif
|
||||
if (ret == 0) {
|
||||
fd = open (okname, O_CREAT|O_RDWR|O_TRUNC, 0600);
|
||||
if (fd < 0)
|
||||
ret = errno;
|
||||
close(fd);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* "Atomically" rename the database in a way that locks out read
|
||||
* access in the middle of the rename.
|
||||
*
|
||||
* Not perfect; if we crash in the middle of an update, we don't
|
||||
* necessarily know to complete the transaction the rename, but...
|
||||
*/
|
||||
|
||||
int
|
||||
kerb_db_rename(from, to)
|
||||
char *from;
|
||||
char *to;
|
||||
{
|
||||
#ifdef _DBM_
|
||||
char *fromdb = gen_dbsuffix (from, ".db");
|
||||
char *todb = gen_dbsuffix (to, ".db");
|
||||
#else
|
||||
char *fromdir = gen_dbsuffix (from, ".dir");
|
||||
char *todir = gen_dbsuffix (to, ".dir");
|
||||
char *frompag = gen_dbsuffix (from , ".pag");
|
||||
char *topag = gen_dbsuffix (to, ".pag");
|
||||
#endif
|
||||
char *fromok = gen_dbsuffix(from, ".ok");
|
||||
long trans = kerb_start_update(to);
|
||||
int ok = 0;
|
||||
|
||||
#ifdef _DBM_
|
||||
if (rename (fromdb, todb) == 0) {
|
||||
#else
|
||||
if ((rename (fromdir, todir) == 0)
|
||||
&& (rename (frompag, topag) == 0)) {
|
||||
#endif
|
||||
(void) unlink (fromok);
|
||||
ok = 1;
|
||||
}
|
||||
|
||||
free (fromok);
|
||||
#ifdef _DBM_
|
||||
free (fromdb);
|
||||
free (todb);
|
||||
#else
|
||||
free (fromdir);
|
||||
free (todir);
|
||||
free (frompag);
|
||||
free (topag);
|
||||
#endif
|
||||
if (ok)
|
||||
return kerb_end_update(to, trans);
|
||||
else
|
||||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
* look up a principal in the data base returns number of principals
|
||||
* found , and whether there were more than requested.
|
||||
*/
|
||||
|
||||
int
|
||||
kerb_db_get_principal(name, inst, principal, max, more)
|
||||
char *name; /* could have wild card */
|
||||
char *inst; /* could have wild card */
|
||||
Principal *principal;
|
||||
unsigned int max; /* max number of name structs to return */
|
||||
int *more; /* where there more than 'max' tuples? */
|
||||
|
||||
{
|
||||
int found = 0, code;
|
||||
extern int errorproc();
|
||||
int wildp, wildi;
|
||||
datum key, contents;
|
||||
char testname[ANAME_SZ], testinst[INST_SZ];
|
||||
u_long trans;
|
||||
int try;
|
||||
DBM *db;
|
||||
|
||||
if (!init)
|
||||
kerb_db_init(); /* initialize database routines */
|
||||
|
||||
for (try = 0; try < KERB_DB_MAX_RETRY; try++) {
|
||||
trans = kerb_start_read();
|
||||
|
||||
if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0)
|
||||
return -1;
|
||||
|
||||
db = dbm_open(current_db_name, O_RDONLY, 0600);
|
||||
|
||||
*more = 0;
|
||||
|
||||
#ifdef DEBUG
|
||||
if (kerb_debug & 2)
|
||||
fprintf(stderr,
|
||||
"%s: db_get_principal for %s %s max = %d",
|
||||
progname, name, inst, max);
|
||||
#endif
|
||||
|
||||
wildp = !strcmp(name, "*");
|
||||
wildi = !strcmp(inst, "*");
|
||||
|
||||
if (!wildi && !wildp) { /* nothing's wild */
|
||||
encode_princ_key(&key, name, inst);
|
||||
contents = dbm_fetch(db, key);
|
||||
if (contents.dptr == NULL) {
|
||||
found = 0;
|
||||
goto done;
|
||||
}
|
||||
decode_princ_contents(&contents, principal);
|
||||
#ifdef DEBUG
|
||||
if (kerb_debug & 1) {
|
||||
fprintf(stderr, "\t found %s %s p_n length %d t_n length %d\n",
|
||||
principal->name, principal->instance,
|
||||
strlen(principal->name),
|
||||
strlen(principal->instance));
|
||||
}
|
||||
#endif
|
||||
found = 1;
|
||||
goto done;
|
||||
}
|
||||
/* process wild cards by looping through entire database */
|
||||
|
||||
for (key = dbm_firstkey(db); key.dptr != NULL;
|
||||
key = dbm_next(db, key)) {
|
||||
decode_princ_key(&key, testname, testinst);
|
||||
if ((wildp || !strcmp(testname, name)) &&
|
||||
(wildi || !strcmp(testinst, inst))) { /* have a match */
|
||||
if (found >= max) {
|
||||
*more = 1;
|
||||
goto done;
|
||||
} else {
|
||||
found++;
|
||||
contents = dbm_fetch(db, key);
|
||||
decode_princ_contents(&contents, principal);
|
||||
#ifdef DEBUG
|
||||
if (kerb_debug & 1) {
|
||||
fprintf(stderr,
|
||||
"\tfound %s %s p_n length %d t_n length %d\n",
|
||||
principal->name, principal->instance,
|
||||
strlen(principal->name),
|
||||
strlen(principal->instance));
|
||||
}
|
||||
#endif
|
||||
principal++; /* point to next */
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
done:
|
||||
kerb_dbl_unlock(); /* unlock read lock */
|
||||
dbm_close(db);
|
||||
if (kerb_end_read(trans) == 0)
|
||||
break;
|
||||
found = -1;
|
||||
if (!non_blocking)
|
||||
sleep(1);
|
||||
}
|
||||
return (found);
|
||||
}
|
||||
|
||||
/*
|
||||
* Update a name in the data base. Returns number of names
|
||||
* successfully updated.
|
||||
*/
|
||||
|
||||
int
|
||||
kerb_db_put_principal(principal, max)
|
||||
Principal *principal;
|
||||
unsigned int max; /* number of principal structs to
|
||||
* update */
|
||||
|
||||
{
|
||||
int found = 0, code;
|
||||
u_long i;
|
||||
extern int errorproc();
|
||||
datum key, contents;
|
||||
DBM *db;
|
||||
|
||||
gettimeofday(×tamp, NULL);
|
||||
|
||||
if (!init)
|
||||
kerb_db_init();
|
||||
|
||||
if ((code = kerb_dbl_lock(KERB_DBL_EXCLUSIVE)) != 0)
|
||||
return -1;
|
||||
|
||||
db = dbm_open(current_db_name, O_RDWR, 0600);
|
||||
|
||||
#ifdef DEBUG
|
||||
if (kerb_debug & 2)
|
||||
fprintf(stderr, "%s: kerb_db_put_principal max = %d",
|
||||
progname, max);
|
||||
#endif
|
||||
|
||||
/* for each one, stuff temps, and do replace/append */
|
||||
for (i = 0; i < max; i++) {
|
||||
encode_princ_contents(&contents, principal);
|
||||
encode_princ_key(&key, principal->name, principal->instance);
|
||||
dbm_store(db, key, contents, DBM_REPLACE);
|
||||
#ifdef DEBUG
|
||||
if (kerb_debug & 1) {
|
||||
fprintf(stderr, "\n put %s %s\n",
|
||||
principal->name, principal->instance);
|
||||
}
|
||||
#endif
|
||||
found++;
|
||||
principal++; /* bump to next struct */
|
||||
}
|
||||
|
||||
dbm_close(db);
|
||||
kerb_dbl_unlock(); /* unlock database */
|
||||
return (found);
|
||||
}
|
||||
|
||||
static void
|
||||
encode_princ_key(key, name, instance)
|
||||
datum *key;
|
||||
char *name, *instance;
|
||||
{
|
||||
static char keystring[ANAME_SZ + INST_SZ];
|
||||
|
||||
bzero(keystring, ANAME_SZ + INST_SZ);
|
||||
strncpy(keystring, name, ANAME_SZ);
|
||||
strncpy(&keystring[ANAME_SZ], instance, INST_SZ);
|
||||
key->dptr = keystring;
|
||||
key->dsize = ANAME_SZ + INST_SZ;
|
||||
}
|
||||
|
||||
static void
|
||||
decode_princ_key(key, name, instance)
|
||||
datum *key;
|
||||
char *name, *instance;
|
||||
{
|
||||
strncpy(name, key->dptr, ANAME_SZ);
|
||||
strncpy(instance, key->dptr + ANAME_SZ, INST_SZ);
|
||||
name[ANAME_SZ - 1] = '\0';
|
||||
instance[INST_SZ - 1] = '\0';
|
||||
}
|
||||
|
||||
static void
|
||||
encode_princ_contents(contents, principal)
|
||||
datum *contents;
|
||||
Principal *principal;
|
||||
{
|
||||
contents->dsize = sizeof(*principal);
|
||||
contents->dptr = (char *) principal;
|
||||
}
|
||||
|
||||
static void
|
||||
decode_princ_contents(contents, principal)
|
||||
datum *contents;
|
||||
Principal *principal;
|
||||
{
|
||||
bcopy(contents->dptr, (char *) principal, sizeof(*principal));
|
||||
}
|
||||
|
||||
void
|
||||
kerb_db_get_stat(s)
|
||||
DB_stat *s;
|
||||
{
|
||||
gettimeofday(×tamp, NULL);
|
||||
|
||||
|
||||
s->cpu = 0;
|
||||
s->elapsed = 0;
|
||||
s->dio = 0;
|
||||
s->pfault = 0;
|
||||
s->t_stamp = timestamp.tv_sec;
|
||||
s->n_retrieve = 0;
|
||||
s->n_replace = 0;
|
||||
s->n_append = 0;
|
||||
s->n_get_stat = 0;
|
||||
s->n_put_stat = 0;
|
||||
/* update local copy too */
|
||||
}
|
||||
|
||||
void
|
||||
kerb_db_put_stat(s)
|
||||
DB_stat *s;
|
||||
{
|
||||
}
|
||||
|
||||
void
|
||||
delta_stat(a, b, c)
|
||||
DB_stat *a, *b, *c;
|
||||
{
|
||||
/* c = a - b then b = a for the next time */
|
||||
|
||||
c->cpu = a->cpu - b->cpu;
|
||||
c->elapsed = a->elapsed - b->elapsed;
|
||||
c->dio = a->dio - b->dio;
|
||||
c->pfault = a->pfault - b->pfault;
|
||||
c->t_stamp = a->t_stamp - b->t_stamp;
|
||||
c->n_retrieve = a->n_retrieve - b->n_retrieve;
|
||||
c->n_replace = a->n_replace - b->n_replace;
|
||||
c->n_append = a->n_append - b->n_append;
|
||||
c->n_get_stat = a->n_get_stat - b->n_get_stat;
|
||||
c->n_put_stat = a->n_put_stat - b->n_put_stat;
|
||||
|
||||
bcopy(a, b, sizeof(DB_stat));
|
||||
}
|
||||
|
||||
/*
|
||||
* look up a dba in the data base returns number of dbas found , and
|
||||
* whether there were more than requested.
|
||||
*/
|
||||
|
||||
int
|
||||
kerb_db_get_dba(dba_name, dba_inst, dba, max, more)
|
||||
char *dba_name; /* could have wild card */
|
||||
char *dba_inst; /* could have wild card */
|
||||
Dba *dba;
|
||||
unsigned int max; /* max number of name structs to return */
|
||||
int *more; /* where there more than 'max' tuples? */
|
||||
|
||||
{
|
||||
*more = 0;
|
||||
return (0);
|
||||
}
|
||||
|
||||
int
|
||||
kerb_db_iterate (func, arg)
|
||||
int (*func)();
|
||||
char *arg; /* void *, really */
|
||||
{
|
||||
datum key, contents;
|
||||
Principal *principal;
|
||||
int code;
|
||||
DBM *db;
|
||||
|
||||
kerb_db_init(); /* initialize and open the database */
|
||||
if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0)
|
||||
return code;
|
||||
|
||||
db = dbm_open(current_db_name, O_RDONLY, 0600);
|
||||
|
||||
for (key = dbm_firstkey (db); key.dptr != NULL; key = dbm_next(db, key)) {
|
||||
contents = dbm_fetch (db, key);
|
||||
/* XXX may not be properly aligned */
|
||||
principal = (Principal *) contents.dptr;
|
||||
if ((code = (*func)(arg, principal)) != 0)
|
||||
return code;
|
||||
}
|
||||
dbm_close(db);
|
||||
kerb_dbl_unlock();
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int dblfd = -1;
|
||||
static int mylock = 0;
|
||||
static int inited = 0;
|
||||
|
||||
static void
|
||||
kerb_dbl_init()
|
||||
{
|
||||
if (!inited) {
|
||||
char *filename = gen_dbsuffix (current_db_name, ".ok");
|
||||
if ((dblfd = open(filename, 0)) < 0) {
|
||||
fprintf(stderr, "kerb_dbl_init: couldn't open %s\n", filename);
|
||||
fflush(stderr);
|
||||
perror("open");
|
||||
exit(1);
|
||||
}
|
||||
free(filename);
|
||||
inited++;
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
kerb_dbl_fini()
|
||||
{
|
||||
close(dblfd);
|
||||
dblfd = -1;
|
||||
inited = 0;
|
||||
mylock = 0;
|
||||
}
|
||||
|
||||
static int
|
||||
kerb_dbl_lock(mode)
|
||||
int mode;
|
||||
{
|
||||
int flock_mode;
|
||||
|
||||
if (!inited)
|
||||
kerb_dbl_init();
|
||||
if (mylock) { /* Detect lock call when lock already
|
||||
* locked */
|
||||
fprintf(stderr, "Kerberos locking error (mylock)\n");
|
||||
fflush(stderr);
|
||||
exit(1);
|
||||
}
|
||||
switch (mode) {
|
||||
case KERB_DBL_EXCLUSIVE:
|
||||
flock_mode = LOCK_EX;
|
||||
break;
|
||||
case KERB_DBL_SHARED:
|
||||
flock_mode = LOCK_SH;
|
||||
break;
|
||||
default:
|
||||
fprintf(stderr, "invalid lock mode %d\n", mode);
|
||||
abort();
|
||||
}
|
||||
if (non_blocking)
|
||||
flock_mode |= LOCK_NB;
|
||||
|
||||
if (flock(dblfd, flock_mode) < 0)
|
||||
return errno;
|
||||
mylock++;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void
|
||||
kerb_dbl_unlock()
|
||||
{
|
||||
if (!mylock) { /* lock already unlocked */
|
||||
fprintf(stderr, "Kerberos database lock not locked when unlocking.\n");
|
||||
fflush(stderr);
|
||||
exit(1);
|
||||
}
|
||||
if (flock(dblfd, LOCK_UN) < 0) {
|
||||
fprintf(stderr, "Kerberos database lock error. (unlocking)\n");
|
||||
fflush(stderr);
|
||||
perror("flock");
|
||||
exit(1);
|
||||
}
|
||||
mylock = 0;
|
||||
}
|
||||
|
||||
int
|
||||
kerb_db_set_lockmode(mode)
|
||||
int mode;
|
||||
{
|
||||
int old = non_blocking;
|
||||
non_blocking = mode;
|
||||
return old;
|
||||
}
|
||||
@@ -1,148 +0,0 @@
|
||||
/*
|
||||
* Copyright 1988 by the Massachusetts Institute of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* Utility routines for Kerberos programs which directly access
|
||||
* the database. This code was duplicated in too many places
|
||||
* before I gathered it here.
|
||||
*
|
||||
* Jon Rochlis, MIT Telecom, March 1988
|
||||
*
|
||||
* from: krb_kdb_utils.c,v 4.1 89/07/26 11:01:12 jtkohl Exp $
|
||||
* $Id: krb_kdb_utils.c,v 1.3 1995/07/18 16:37:15 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: krb_kdb_utils.c,v 1.3 1995/07/18 16:37:15 mark Exp $";
|
||||
#endif lint
|
||||
#endif
|
||||
|
||||
#include <des.h>
|
||||
#include <krb.h>
|
||||
#include <krb_db.h>
|
||||
#include <kdc.h>
|
||||
#include <stdio.h>
|
||||
#include <unistd.h>
|
||||
#include <string.h>
|
||||
#include <sys/file.h>
|
||||
|
||||
long
|
||||
kdb_get_master_key(prompt, master_key, master_key_sched)
|
||||
int prompt;
|
||||
C_Block master_key;
|
||||
Key_schedule master_key_sched;
|
||||
{
|
||||
int kfile;
|
||||
|
||||
if (prompt) {
|
||||
#ifdef NOENCRYPTION
|
||||
placebo_read_password(master_key,
|
||||
"\nEnter Kerberos master key: ", 0);
|
||||
#else
|
||||
des_read_password((des_cblock *)master_key,
|
||||
"\nEnter Kerberos master key: ", 0);
|
||||
#endif
|
||||
printf ("\n");
|
||||
}
|
||||
else {
|
||||
kfile = open(MKEYFILE, O_RDONLY, 0600);
|
||||
if (kfile < 0) {
|
||||
/* oh, for com_err_ */
|
||||
return (-1);
|
||||
}
|
||||
if (read(kfile, (char *) master_key, 8) != 8) {
|
||||
return (-1);
|
||||
}
|
||||
close(kfile);
|
||||
}
|
||||
|
||||
#ifndef NOENCRYPTION
|
||||
key_sched((des_cblock *)master_key,master_key_sched);
|
||||
#endif
|
||||
return (0);
|
||||
}
|
||||
|
||||
/* The caller is reasponsible for cleaning up the master key and sched,
|
||||
even if we can't verify the master key */
|
||||
|
||||
/* Returns master key version if successful, otherwise -1 */
|
||||
|
||||
long
|
||||
kdb_verify_master_key (master_key, master_key_sched, out)
|
||||
C_Block master_key;
|
||||
Key_schedule master_key_sched;
|
||||
FILE *out; /* setting this to non-null be do output */
|
||||
{
|
||||
C_Block key_from_db;
|
||||
Principal principal_data[1];
|
||||
int n, more = 0;
|
||||
long master_key_version;
|
||||
|
||||
/* lookup the master key version */
|
||||
n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data,
|
||||
1 /* only one please */, &more);
|
||||
if ((n != 1) || more) {
|
||||
if (out != (FILE *) NULL)
|
||||
fprintf(out,
|
||||
"verify_master_key: %s, %d found.\n",
|
||||
"Kerberos error on master key version lookup",
|
||||
n);
|
||||
return (-1);
|
||||
}
|
||||
|
||||
master_key_version = (long) principal_data[0].key_version;
|
||||
|
||||
/* set up the master key */
|
||||
if (out != (FILE *) NULL) /* should we punt this? */
|
||||
fprintf(out, "Current Kerberos master key version is %d.\n",
|
||||
principal_data[0].kdc_key_ver);
|
||||
|
||||
/*
|
||||
* now use the master key to decrypt the key in the db, had better
|
||||
* be the same!
|
||||
*/
|
||||
bcopy(&principal_data[0].key_low, key_from_db, 4);
|
||||
bcopy(&principal_data[0].key_high, ((long *) key_from_db) + 1, 4);
|
||||
kdb_encrypt_key (key_from_db, key_from_db,
|
||||
master_key, master_key_sched, DECRYPT);
|
||||
|
||||
/* the decrypted database key had better equal the master key */
|
||||
n = bcmp((char *) master_key, (char *) key_from_db,
|
||||
sizeof(master_key));
|
||||
/* this used to zero the master key here! */
|
||||
bzero(key_from_db, sizeof(key_from_db));
|
||||
bzero(principal_data, sizeof (principal_data));
|
||||
|
||||
if (n && (out != (FILE *) NULL)) {
|
||||
fprintf(out, "\n\07\07verify_master_key: Invalid master key; ");
|
||||
fprintf(out, "does not match database.\n");
|
||||
return (-1);
|
||||
}
|
||||
if (out != (FILE *) NULL) {
|
||||
fprintf(out, "\nMaster key entered. BEWARE!\07\07\n");
|
||||
fflush(out);
|
||||
}
|
||||
|
||||
return (master_key_version);
|
||||
}
|
||||
|
||||
/* The old algorithm used the key schedule as the initial vector which
|
||||
was byte order depedent ... */
|
||||
|
||||
void
|
||||
kdb_encrypt_key (in, out, master_key, master_key_sched, e_d_flag)
|
||||
C_Block in, out, master_key;
|
||||
Key_schedule master_key_sched;
|
||||
int e_d_flag;
|
||||
{
|
||||
|
||||
#ifdef NOENCRYPTION
|
||||
bcopy(in, out, sizeof(C_Block));
|
||||
#else
|
||||
pcbc_encrypt((des_cblock*)in,(des_cblock*)out,(long)sizeof(C_Block),
|
||||
master_key_sched,(des_cblock*)master_key,e_d_flag);
|
||||
#endif
|
||||
}
|
||||
@@ -1,242 +0,0 @@
|
||||
/*
|
||||
* $Source: /usr/cvs/src/eBones/kdb/krb_lib.c,v $
|
||||
* $Author: mark $
|
||||
*
|
||||
* Copyright 1988 by the Massachusetts Institute of Technology.
|
||||
*
|
||||
* For copying and distribution information, please see the file
|
||||
* <mit-copyright.h>.
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: krb_lib.c,v 1.3 1995/07/18 16:37:17 mark Exp $";
|
||||
#endif lint
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <sys/types.h>
|
||||
#include <netinet/in.h>
|
||||
#include <sys/uio.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/resource.h>
|
||||
#include <strings.h>
|
||||
#include <des.h>
|
||||
#include <krb.h>
|
||||
#include <krb_db.h>
|
||||
|
||||
#ifdef DEBUG
|
||||
extern int debug;
|
||||
extern char *progname;
|
||||
long kerb_debug;
|
||||
#endif
|
||||
|
||||
static init = 0;
|
||||
|
||||
/*
|
||||
* initialization routine for data base
|
||||
*/
|
||||
|
||||
int
|
||||
kerb_init()
|
||||
{
|
||||
#ifdef DEBUG
|
||||
if (!init) {
|
||||
char *dbg = getenv("KERB_DBG");
|
||||
if (dbg)
|
||||
sscanf(dbg, "%ld", &kerb_debug);
|
||||
init = 1;
|
||||
}
|
||||
#endif
|
||||
kerb_db_init();
|
||||
|
||||
#ifdef CACHE
|
||||
kerb_cache_init();
|
||||
#endif
|
||||
|
||||
/* successful init, return 0, else errcode */
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* finalization routine for database -- NOTE: MUST be called by any
|
||||
* program using kerb_init. ALSO will have to be modified to finalize
|
||||
* caches, if they're ever really implemented.
|
||||
*/
|
||||
|
||||
void
|
||||
kerb_fini()
|
||||
{
|
||||
kerb_db_fini();
|
||||
}
|
||||
|
||||
/*
|
||||
* look up a principal in the cache or data base returns number of
|
||||
* principals found
|
||||
*/
|
||||
|
||||
int
|
||||
kerb_get_principal(name, inst, principal, max, more)
|
||||
char *name; /* could have wild card */
|
||||
char *inst; /* could have wild card */
|
||||
Principal *principal;
|
||||
unsigned int max; /* max number of name structs to return */
|
||||
int *more; /* more tuples than room for */
|
||||
|
||||
{
|
||||
int found = 0;
|
||||
#ifdef CACHE
|
||||
static int wild = 0;
|
||||
#endif
|
||||
if (!init)
|
||||
kerb_init();
|
||||
|
||||
#ifdef DEBUG
|
||||
if (kerb_debug & 1)
|
||||
fprintf(stderr, "\n%s: kerb_get_principal for %s %s max = %d\n",
|
||||
progname, name, inst, max);
|
||||
#endif
|
||||
|
||||
/*
|
||||
* if this is a request including a wild card, have to go to db
|
||||
* since the cache may not be exhaustive.
|
||||
*/
|
||||
|
||||
/* clear the principal area */
|
||||
bzero((char *) principal, max * sizeof(Principal));
|
||||
|
||||
#ifdef CACHE
|
||||
/*
|
||||
* so check to see if the name contains a wildcard "*" or "?", not
|
||||
* preceeded by a backslash.
|
||||
*/
|
||||
wild = 0;
|
||||
if (index(name, '*') || index(name, '?') ||
|
||||
index(inst, '*') || index(inst, '?'))
|
||||
wild = 1;
|
||||
|
||||
if (!wild) {
|
||||
/* try the cache first */
|
||||
found = kerb_cache_get_principal(name, inst, principal, max, more);
|
||||
if (found)
|
||||
return (found);
|
||||
}
|
||||
#endif
|
||||
/* If we didn't try cache, or it wasn't there, try db */
|
||||
found = kerb_db_get_principal(name, inst, principal, max, more);
|
||||
/* try to insert principal(s) into cache if it was found */
|
||||
#ifdef CACHE
|
||||
if (found) {
|
||||
kerb_cache_put_principal(principal, found);
|
||||
}
|
||||
#endif
|
||||
return (found);
|
||||
}
|
||||
|
||||
/* principals */
|
||||
int
|
||||
kerb_put_principal(principal, n)
|
||||
Principal *principal;
|
||||
unsigned int n; /* number of principal structs to write */
|
||||
{
|
||||
long time();
|
||||
struct tm *tp, *localtime();
|
||||
|
||||
/* set mod date */
|
||||
principal->mod_date = time((long *)0);
|
||||
/* and mod date string */
|
||||
|
||||
tp = localtime(&principal->mod_date);
|
||||
(void) sprintf(principal->mod_date_txt, "%4d-%2d-%2d",
|
||||
tp->tm_year > 1900 ? tp->tm_year : tp->tm_year + 1900,
|
||||
tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */
|
||||
#ifdef DEBUG
|
||||
if (kerb_debug & 1) {
|
||||
int i;
|
||||
fprintf(stderr, "\nkerb_put_principal...");
|
||||
for (i = 0; i < n; i++) {
|
||||
krb_print_principal(&principal[i]);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
/* write database */
|
||||
if (kerb_db_put_principal(principal, n) < 0) {
|
||||
#ifdef DEBUG
|
||||
if (kerb_debug & 1)
|
||||
fprintf(stderr, "\n%s: kerb_db_put_principal err", progname);
|
||||
/* watch out for cache */
|
||||
#endif
|
||||
return -1;
|
||||
}
|
||||
#ifdef CACHE
|
||||
/* write cache */
|
||||
if (!kerb_cache_put_principal(principal, n)) {
|
||||
#ifdef DEBUG
|
||||
if (kerb_debug & 1)
|
||||
fprintf(stderr, "\n%s: kerb_cache_put_principal err", progname);
|
||||
#endif
|
||||
return -1;
|
||||
}
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
kerb_get_dba(name, inst, dba, max, more)
|
||||
char *name; /* could have wild card */
|
||||
char *inst; /* could have wild card */
|
||||
Dba *dba;
|
||||
unsigned int max; /* max number of name structs to return */
|
||||
int *more; /* more tuples than room for */
|
||||
|
||||
{
|
||||
int found = 0;
|
||||
#ifdef CACHE
|
||||
static int wild = 0;
|
||||
#endif
|
||||
if (!init)
|
||||
kerb_init();
|
||||
|
||||
#ifdef DEBUG
|
||||
if (kerb_debug & 1)
|
||||
fprintf(stderr, "\n%s: kerb_get_dba for %s %s max = %d\n",
|
||||
progname, name, inst, max);
|
||||
#endif
|
||||
/*
|
||||
* if this is a request including a wild card, have to go to db
|
||||
* since the cache may not be exhaustive.
|
||||
*/
|
||||
|
||||
/* clear the dba area */
|
||||
bzero((char *) dba, max * sizeof(Dba));
|
||||
|
||||
#ifdef CACHE
|
||||
/*
|
||||
* so check to see if the name contains a wildcard "*" or "?", not
|
||||
* preceeded by a backslash.
|
||||
*/
|
||||
|
||||
wild = 0;
|
||||
if (index(name, '*') || index(name, '?') ||
|
||||
index(inst, '*') || index(inst, '?'))
|
||||
wild = 1;
|
||||
|
||||
if (!wild) {
|
||||
/* try the cache first */
|
||||
found = kerb_cache_get_dba(name, inst, dba, max, more);
|
||||
if (found)
|
||||
return (found);
|
||||
}
|
||||
#endif
|
||||
/* If we didn't try cache, or it wasn't there, try db */
|
||||
found = kerb_db_get_dba(name, inst, dba, max, more);
|
||||
#ifdef CACHE
|
||||
/* try to insert dba(s) into cache if it was found */
|
||||
if (found) {
|
||||
kerb_cache_put_dba(dba, found);
|
||||
}
|
||||
#endif
|
||||
return (found);
|
||||
}
|
||||
@@ -1,51 +0,0 @@
|
||||
/*
|
||||
* Copyright 1988 by the Massachusetts Institute of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: $Header: /usr/cvs/src/eBones/kdb/print_princ.c,v 1.3 1995/07/18 16:37:19 mark Exp $
|
||||
* $Id: print_princ.c,v 1.3 1995/07/18 16:37:19 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: print_princ.c,v 1.3 1995/07/18 16:37:19 mark Exp $";
|
||||
#endif lint
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <time.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/time.h>
|
||||
#include <strings.h>
|
||||
#include <krb.h>
|
||||
#include <krb_db.h>
|
||||
|
||||
extern int debug;
|
||||
|
||||
long kerb_debug;
|
||||
static struct tm *time_p;
|
||||
|
||||
void
|
||||
krb_print_principal(a_n)
|
||||
Principal *a_n;
|
||||
{
|
||||
/* run-time database does not contain string versions */
|
||||
time_p = localtime(&(a_n->exp_date));
|
||||
|
||||
fprintf(stderr,
|
||||
"\n%s %s expires %4d-%2d-%2d %2d:%2d, max_life %d*5 = %d min attr 0x%02x",
|
||||
a_n->name, a_n->instance,
|
||||
time_p->tm_year > 1900 ? time_p->tm_year : time_p->tm_year + 1900,
|
||||
time_p->tm_mon + 1, time_p->tm_mday,
|
||||
time_p->tm_hour, time_p->tm_min,
|
||||
a_n->max_life, 5 * a_n->max_life, a_n->attributes);
|
||||
|
||||
fprintf(stderr,
|
||||
"\n\tkey_ver %d k_low 0x%08lx k_high 0x%08lx akv %d exists %d\n",
|
||||
a_n->key_version, a_n->key_low, a_n->key_high,
|
||||
a_n->kdc_key_ver, (int)a_n->old);
|
||||
|
||||
fflush(stderr);
|
||||
}
|
||||
@@ -1,8 +0,0 @@
|
||||
# From: @(#)Makefile 5.1 (Berkeley) 6/25/90
|
||||
# $Id: Makefile,v 1.3 1995/07/18 16:37:22 mark Exp $
|
||||
|
||||
PROG= kdb_destroy
|
||||
CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include -Wall
|
||||
MAN8= kdb_destroy.8
|
||||
|
||||
.include <bsd.prog.mk>
|
||||
@@ -1,36 +0,0 @@
|
||||
.\" from: kdb_destroy.8,v 4.1 89/01/23 11:08:02 jtkohl Exp $
|
||||
.\" $Id: kdb_destroy.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $
|
||||
.\" Copyright 1989 by the Massachusetts Institute of Technology.
|
||||
.\"
|
||||
.\" For copying and distribution information,
|
||||
.\" please see the file <Copyright.MIT>.
|
||||
.\"
|
||||
.TH KDB_DESTROY 8 "Kerberos Version 4.0" "MIT Project Athena"
|
||||
.SH NAME
|
||||
kdb_destroy \- destroy Kerberos key distribution center database
|
||||
.SH SYNOPSIS
|
||||
kdb_destroy
|
||||
.SH DESCRIPTION
|
||||
.I kdb_destroy
|
||||
deletes a Kerberos key distribution center database.
|
||||
.PP
|
||||
The user is prompted to verify that the database should be destroyed. A
|
||||
response beginning with `y' or `Y' confirms deletion.
|
||||
Any other response aborts deletion.
|
||||
.SH DIAGNOSTICS
|
||||
.TP 20n
|
||||
"Database cannot be deleted at /kerberos/principal"
|
||||
The attempt to delete the database failed (probably due to a system or
|
||||
access permission error).
|
||||
.TP
|
||||
"Database not deleted."
|
||||
The user aborted the deletion.
|
||||
.SH FILES
|
||||
.TP 20n
|
||||
/etc/kerberosIV/principal.db
|
||||
DBM file containing database
|
||||
.TP
|
||||
/etc/kerberosIV/principal.ok
|
||||
Semaphore indicating that the DBM database is not being modified.
|
||||
.SH SEE ALSO
|
||||
kdb_init(8)
|
||||
@@ -1,66 +0,0 @@
|
||||
/*
|
||||
* Copyright 1988 by the Massachusetts Institute of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: kdb_destroy.c,v 4.0 89/01/24 21:49:02 jtkohl Exp $
|
||||
* $Id: kdb_destroy.c,v 1.5 1995/08/04 06:35:45 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: kdb_destroy.c,v 1.5 1995/08/04 06:35:45 mark Exp $";
|
||||
#endif lint
|
||||
#endif
|
||||
|
||||
#include <unistd.h>
|
||||
#include <strings.h>
|
||||
#include <stdio.h>
|
||||
#include <krb.h>
|
||||
#include <krb_db.h>
|
||||
|
||||
#if defined(__FreeBSD__) || defined(__NetBSD__)
|
||||
#define _DBM_
|
||||
#endif
|
||||
|
||||
void
|
||||
main()
|
||||
{
|
||||
char answer[10]; /* user input */
|
||||
#ifdef _DBM_
|
||||
char dbm[256]; /* database path and name */
|
||||
char *file; /* database file names */
|
||||
#else
|
||||
char dbm[256]; /* database path and name */
|
||||
char dbm1[256]; /* database path and name */
|
||||
char *file1, *file2; /* database file names */
|
||||
#endif
|
||||
|
||||
strcpy(dbm, DBM_FILE);
|
||||
#ifdef _DBM_
|
||||
file = strcat(dbm, ".db");
|
||||
#else
|
||||
strcpy(dbm1, DBM_FILE);
|
||||
file1 = strcat(dbm, ".dir");
|
||||
file2 = strcat(dbm1, ".pag");
|
||||
#endif
|
||||
|
||||
printf("You are about to destroy the Kerberos database ");
|
||||
printf("on this machine.\n");
|
||||
printf("Are you sure you want to do this (y/n)? ");
|
||||
fgets(answer, sizeof(answer), stdin);
|
||||
|
||||
if (answer[0] == 'y' || answer[0] == 'Y') {
|
||||
#ifdef _DBM_
|
||||
if (unlink(file) == 0)
|
||||
#else
|
||||
if (unlink(file1) == 0 && unlink(file2) == 0)
|
||||
#endif
|
||||
fprintf(stderr, "Database deleted at %s\n", DBM_FILE);
|
||||
else
|
||||
fprintf(stderr, "Database cannot be deleted at %s\n",
|
||||
DBM_FILE);
|
||||
} else
|
||||
fprintf(stderr, "Database not deleted.\n");
|
||||
}
|
||||
@@ -1,12 +0,0 @@
|
||||
# From: @(#)Makefile 5.2 (Berkeley) 2/14/91
|
||||
# $Id: Makefile,v 1.3 1995/07/18 16:37:25 mark Exp $
|
||||
|
||||
PROG= kdb_edit
|
||||
CFLAGS+=-DKERBEROS -DDEBUG -I. -I${.CURDIR}/../include -Wall
|
||||
SRCS= kdb_edit.c maketime.c
|
||||
.PATH: ${.CURDIR}/../kdb_edit
|
||||
DPADD= ${LIBKDB} ${LIBKRB}
|
||||
LDADD= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -ldes
|
||||
MAN8= kdb_edit.8
|
||||
|
||||
.include <bsd.prog.mk>
|
||||
@@ -1,58 +0,0 @@
|
||||
.\" from: kdb_edit.8,v 4.1 89/01/23 11:08:55 jtkohl Exp $
|
||||
.\" $Id: kdb_edit.8,v 1.2 1995/02/08 10:54:20 jkh Exp $
|
||||
.\" Copyright 1989 by the Massachusetts Institute of Technology.
|
||||
.\"
|
||||
.\" For copying and distribution information,
|
||||
.\" please see the file <Copyright.MIT>.
|
||||
.\"
|
||||
.TH KDB_EDIT 8 "Kerberos Version 4.0" "MIT Project Athena"
|
||||
.SH NAME
|
||||
kdb_edit \- Kerberos key distribution center database editing utility
|
||||
.SH SYNOPSIS
|
||||
kdb_edit [
|
||||
.B \-n
|
||||
]
|
||||
.SH DESCRIPTION
|
||||
.I kdb_edit
|
||||
is used to create or change principals stored in the Kerberos key
|
||||
distribution center (KDC) database.
|
||||
.PP
|
||||
When executed,
|
||||
.I kdb_edit
|
||||
prompts for the master key string and verifies that it matches the
|
||||
master key stored in the database.
|
||||
If the
|
||||
.B \-n
|
||||
option is specified, the master key is instead fetched from the master
|
||||
key cache file.
|
||||
.PP
|
||||
Once the master key has been verified,
|
||||
.I kdb_edit
|
||||
begins a prompt loop. The user is prompted for the principal and
|
||||
instance to be modified. If the entry is not found the user may create
|
||||
it.
|
||||
Once an entry is found or created, the user may set the password,
|
||||
expiration date, maximum ticket lifetime, and attributes.
|
||||
Default expiration dates, maximum ticket lifetimes, and attributes are
|
||||
presented in brackets; if the user presses return the default is selected.
|
||||
There is no default password.
|
||||
The password "RANDOM" and an empty password are interpreted specially,
|
||||
if entered the user may have the program select a random DES key for the
|
||||
principal.
|
||||
.PP
|
||||
Upon successfully creating or changing the entry, ``Edit O.K.'' is
|
||||
printed.
|
||||
.SH DIAGNOSTICS
|
||||
.TP 20n
|
||||
"verify_master_key: Invalid master key, does not match database."
|
||||
The master key string entered was incorrect.
|
||||
.SH FILES
|
||||
.TP 20n
|
||||
/etc/kerberosIV/principal.db
|
||||
DBM file containing database
|
||||
.TP
|
||||
/etc/kerberosIV/principal.ok
|
||||
Semaphore indicating that the DBM database is not being modified.
|
||||
.TP
|
||||
/etc/kerberosIV/master_key
|
||||
Master key cache file.
|
||||
@@ -1,477 +0,0 @@
|
||||
/*
|
||||
* Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
|
||||
* of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* This routine changes the Kerberos encryption keys for principals,
|
||||
* i.e., users or services.
|
||||
*
|
||||
* from: kdb_edit.c,v 4.2 90/01/09 16:05:09 raeburn Exp $
|
||||
* $Id: kdb_edit.c,v 1.5 1995/08/03 17:15:54 mark Exp $
|
||||
*/
|
||||
|
||||
/*
|
||||
* exit returns 0 ==> success -1 ==> error
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: kdb_edit.c,v 1.5 1995/08/03 17:15:54 mark Exp $";
|
||||
#endif lint
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <signal.h>
|
||||
#include <errno.h>
|
||||
#include <strings.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <sys/file.h>
|
||||
#include "time.h"
|
||||
#include <des.h>
|
||||
#include <krb.h>
|
||||
#include <krb_db.h>
|
||||
/* MKEYFILE is now defined in kdc.h */
|
||||
#include <kdc.h>
|
||||
|
||||
void Usage(void);
|
||||
void cleanup(void);
|
||||
void sig_exit(int sig, int code, struct sigcontext *scp);
|
||||
void no_core_dumps(void);
|
||||
int change_principal(void);
|
||||
|
||||
#define zaptime(foo) bzero((char *)(foo), sizeof(*(foo)))
|
||||
|
||||
char prog[32];
|
||||
char *progname = prog;
|
||||
int nflag = 0;
|
||||
int cflag;
|
||||
int lflag;
|
||||
int uflag;
|
||||
int debug;
|
||||
extern kerb_debug;
|
||||
|
||||
Key_schedule KS;
|
||||
C_Block new_key;
|
||||
unsigned char *input;
|
||||
|
||||
unsigned char *ivec;
|
||||
int i, j;
|
||||
int more;
|
||||
|
||||
char *in_ptr;
|
||||
char input_name[ANAME_SZ];
|
||||
char input_instance[INST_SZ];
|
||||
char input_string[ANAME_SZ];
|
||||
|
||||
#define MAX_PRINCIPAL 10
|
||||
Principal principal_data[MAX_PRINCIPAL];
|
||||
|
||||
static Principal old_principal;
|
||||
static Principal default_princ;
|
||||
|
||||
static C_Block master_key;
|
||||
static C_Block session_key;
|
||||
static Key_schedule master_key_schedule;
|
||||
static char pw_str[255];
|
||||
static long master_key_version;
|
||||
|
||||
/*
|
||||
* gets replacement
|
||||
*/
|
||||
static char * s_gets(char * str, int len)
|
||||
{
|
||||
int i;
|
||||
char *s;
|
||||
|
||||
if((s = fgets(str, len, stdin)) == NULL)
|
||||
return(s);
|
||||
if(str[i = (strlen(str)-1)] == '\n')
|
||||
str[i] = '\0';
|
||||
return(s);
|
||||
}
|
||||
|
||||
int
|
||||
main(argc, argv)
|
||||
int argc;
|
||||
char *argv[];
|
||||
|
||||
{
|
||||
/* Local Declarations */
|
||||
|
||||
long n;
|
||||
|
||||
prog[sizeof prog - 1] = '\0'; /* make sure terminated */
|
||||
strncpy(prog, argv[0], sizeof prog - 1); /* salt away invoking
|
||||
* program */
|
||||
|
||||
/* Assume a long is four bytes */
|
||||
if (sizeof(long) != 4) {
|
||||
fprintf(stdout, "%s: size of long is %d.\n", prog, sizeof(long));
|
||||
exit(-1);
|
||||
}
|
||||
/* Assume <=32 signals */
|
||||
if (NSIG > 32) {
|
||||
fprintf(stderr, "%s: more than 32 signals defined.\n", prog);
|
||||
exit(-1);
|
||||
}
|
||||
while (--argc > 0 && (*++argv)[0] == '-')
|
||||
for (i = 1; argv[0][i] != '\0'; i++) {
|
||||
switch (argv[0][i]) {
|
||||
|
||||
/* debug flag */
|
||||
case 'd':
|
||||
debug = 1;
|
||||
continue;
|
||||
|
||||
/* debug flag */
|
||||
case 'l':
|
||||
kerb_debug |= 1;
|
||||
continue;
|
||||
|
||||
case 'n': /* read MKEYFILE for master key */
|
||||
nflag = 1;
|
||||
continue;
|
||||
|
||||
default:
|
||||
fprintf(stderr, "%s: illegal flag \"%c\"\n",
|
||||
progname, argv[0][i]);
|
||||
Usage(); /* Give message and die */
|
||||
}
|
||||
};
|
||||
|
||||
fprintf(stdout, "Opening database...\n");
|
||||
fflush(stdout);
|
||||
kerb_init();
|
||||
if (argc > 0) {
|
||||
if (kerb_db_set_name(*argv) != 0) {
|
||||
fprintf(stderr, "Could not open altername database name\n");
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef notdef
|
||||
no_core_dumps(); /* diddle signals to avoid core dumps! */
|
||||
|
||||
/* ignore whatever is reasonable */
|
||||
signal(SIGHUP, SIG_IGN);
|
||||
signal(SIGINT, SIG_IGN);
|
||||
signal(SIGTSTP, SIG_IGN);
|
||||
|
||||
#endif
|
||||
|
||||
if (kdb_get_master_key ((nflag == 0),
|
||||
master_key, master_key_schedule) != 0) {
|
||||
fprintf (stdout, "Couldn't read master key.\n");
|
||||
fflush (stdout);
|
||||
exit (-1);
|
||||
}
|
||||
|
||||
if ((master_key_version = kdb_verify_master_key(master_key,
|
||||
master_key_schedule,
|
||||
stdout)) < 0)
|
||||
exit (-1);
|
||||
|
||||
/* lookup the default values */
|
||||
n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST,
|
||||
&default_princ, 1, &more);
|
||||
if (n != 1) {
|
||||
fprintf(stderr,
|
||||
"%s: Kerberos error on default value lookup, %ld found.\n",
|
||||
progname, n);
|
||||
exit(-1);
|
||||
}
|
||||
fprintf(stdout, "Previous or default values are in [brackets] ,\n");
|
||||
fprintf(stdout, "enter return to leave the same, or new value.\n");
|
||||
|
||||
while (change_principal()) {
|
||||
}
|
||||
|
||||
cleanup();
|
||||
return(0); /* make -Wall shut up - MRVM */
|
||||
}
|
||||
|
||||
int
|
||||
change_principal()
|
||||
{
|
||||
static char temp[255];
|
||||
int creating = 0;
|
||||
int editpw = 0;
|
||||
int changed = 0;
|
||||
long temp_long;
|
||||
int n;
|
||||
struct tm *tp, edate, *localtime();
|
||||
long maketime();
|
||||
|
||||
fprintf(stdout, "\nPrincipal name: ");
|
||||
fflush(stdout);
|
||||
if (!s_gets(input_name, ANAME_SZ-1) || *input_name == '\0')
|
||||
return 0;
|
||||
fprintf(stdout, "Instance: ");
|
||||
fflush(stdout);
|
||||
/* instance can be null */
|
||||
s_gets(input_instance, INST_SZ-1);
|
||||
j = kerb_get_principal(input_name, input_instance, principal_data,
|
||||
MAX_PRINCIPAL, &more);
|
||||
if (!j) {
|
||||
fprintf(stdout, "\n\07\07<Not found>, Create [y] ? ");
|
||||
s_gets(temp, sizeof(temp)-1); /* Default case should work, it didn't */
|
||||
if (temp[0] != 'y' && temp[0] != 'Y' && temp[0] != '\0')
|
||||
return -1;
|
||||
/* make a new principal, fill in defaults */
|
||||
j = 1;
|
||||
creating = 1;
|
||||
strcpy(principal_data[0].name, input_name);
|
||||
strcpy(principal_data[0].instance, input_instance);
|
||||
principal_data[0].old = NULL;
|
||||
principal_data[0].exp_date = default_princ.exp_date;
|
||||
principal_data[0].max_life = default_princ.max_life;
|
||||
principal_data[0].attributes = default_princ.attributes;
|
||||
principal_data[0].kdc_key_ver = (unsigned char) master_key_version;
|
||||
principal_data[0].key_version = 0; /* bumped up later */
|
||||
}
|
||||
tp = localtime(&principal_data[0].exp_date);
|
||||
(void) sprintf(principal_data[0].exp_date_txt, "%4d-%02d-%02d",
|
||||
tp->tm_year > 1900 ? tp->tm_year : tp->tm_year + 1900,
|
||||
tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */
|
||||
for (i = 0; i < j; i++) {
|
||||
for (;;) {
|
||||
fprintf(stdout,
|
||||
"\nPrincipal: %s, Instance: %s, kdc_key_ver: %d",
|
||||
principal_data[i].name, principal_data[i].instance,
|
||||
principal_data[i].kdc_key_ver);
|
||||
editpw = 1;
|
||||
changed = 0;
|
||||
if (!creating) {
|
||||
/*
|
||||
* copy the existing data so we can use the old values
|
||||
* for the qualifier clause of the replace
|
||||
*/
|
||||
principal_data[i].old = (char *) &old_principal;
|
||||
bcopy(&principal_data[i], &old_principal,
|
||||
sizeof(old_principal));
|
||||
printf("\nChange password [n] ? ");
|
||||
s_gets(temp, sizeof(temp)-1);
|
||||
if (strcmp("y", temp) && strcmp("Y", temp))
|
||||
editpw = 0;
|
||||
}
|
||||
/* password */
|
||||
if (editpw) {
|
||||
#ifdef NOENCRYPTION
|
||||
placebo_read_pw_string(pw_str, sizeof pw_str,
|
||||
"\nNew Password: ", TRUE);
|
||||
#else
|
||||
des_read_pw_string(pw_str, sizeof pw_str,
|
||||
"\nNew Password: ", TRUE);
|
||||
#endif
|
||||
if (pw_str[0] == '\0' || !strcmp(pw_str, "RANDOM")) {
|
||||
printf("\nRandom password [y] ? ");
|
||||
s_gets(temp, sizeof(temp)-1);
|
||||
if (!strcmp("n", temp) || !strcmp("N", temp)) {
|
||||
/* no, use literal */
|
||||
#ifdef NOENCRYPTION
|
||||
bzero(new_key, sizeof(C_Block));
|
||||
new_key[0] = 127;
|
||||
#else
|
||||
string_to_key(pw_str, &new_key);
|
||||
#endif
|
||||
bzero(pw_str, sizeof pw_str); /* "RANDOM" */
|
||||
} else {
|
||||
#ifdef NOENCRYPTION
|
||||
bzero(new_key, sizeof(C_Block));
|
||||
new_key[0] = 127;
|
||||
#else
|
||||
random_key(new_key);
|
||||
#endif
|
||||
bzero(pw_str, sizeof pw_str);
|
||||
}
|
||||
} else if (!strcmp(pw_str, "NULL")) {
|
||||
printf("\nNull Key [y] ? ");
|
||||
s_gets(temp, sizeof(temp)-1);
|
||||
if (!strcmp("n", temp) || !strcmp("N", temp)) {
|
||||
/* no, use literal */
|
||||
#ifdef NOENCRYPTION
|
||||
bzero(new_key, sizeof(C_Block));
|
||||
new_key[0] = 127;
|
||||
#else
|
||||
string_to_key(pw_str, &new_key);
|
||||
#endif
|
||||
bzero(pw_str, sizeof pw_str); /* "NULL" */
|
||||
} else {
|
||||
|
||||
principal_data[i].key_low = 0;
|
||||
principal_data[i].key_high = 0;
|
||||
goto null_key;
|
||||
}
|
||||
} else {
|
||||
#ifdef NOENCRYPTION
|
||||
bzero(new_key, sizeof(C_Block));
|
||||
new_key[0] = 127;
|
||||
#else
|
||||
string_to_key(pw_str, &new_key);
|
||||
#endif
|
||||
bzero(pw_str, sizeof pw_str);
|
||||
}
|
||||
|
||||
/* seal it under the kerberos master key */
|
||||
kdb_encrypt_key (new_key, new_key,
|
||||
master_key, master_key_schedule,
|
||||
ENCRYPT);
|
||||
bcopy(new_key, &principal_data[i].key_low, 4);
|
||||
bcopy(((long *) new_key) + 1,
|
||||
&principal_data[i].key_high, 4);
|
||||
bzero(new_key, sizeof(new_key));
|
||||
null_key:
|
||||
/* set master key version */
|
||||
principal_data[i].kdc_key_ver =
|
||||
(unsigned char) master_key_version;
|
||||
/* bump key version # */
|
||||
principal_data[i].key_version++;
|
||||
fprintf(stdout,
|
||||
"\nPrincipal's new key version = %d\n",
|
||||
principal_data[i].key_version);
|
||||
fflush(stdout);
|
||||
changed = 1;
|
||||
}
|
||||
/* expiration date */
|
||||
fprintf(stdout, "Expiration date (enter yyyy-mm-dd) [ %s ] ? ",
|
||||
principal_data[i].exp_date_txt);
|
||||
zaptime(&edate);
|
||||
while (s_gets(temp, sizeof(temp)-1) && ((n = strlen(temp)) >
|
||||
sizeof(principal_data[0].exp_date_txt))) {
|
||||
bad_date:
|
||||
fprintf(stdout, "\07\07Date Invalid\n");
|
||||
fprintf(stdout,
|
||||
"Expiration date (enter yyyy-mm-dd) [ %s ] ? ",
|
||||
principal_data[i].exp_date_txt);
|
||||
zaptime(&edate);
|
||||
}
|
||||
|
||||
if (*temp) {
|
||||
if (sscanf(temp, "%d-%d-%d", &edate.tm_year,
|
||||
&edate.tm_mon, &edate.tm_mday) != 3)
|
||||
goto bad_date;
|
||||
(void) strcpy(principal_data[i].exp_date_txt, temp);
|
||||
edate.tm_mon--; /* January is 0, not 1 */
|
||||
edate.tm_hour = 23; /* nearly midnight at the end of the */
|
||||
edate.tm_min = 59; /* specified day */
|
||||
if (!(principal_data[i].exp_date = maketime(&edate, 1)))
|
||||
goto bad_date;
|
||||
changed = 1;
|
||||
}
|
||||
|
||||
/* maximum lifetime */
|
||||
fprintf(stdout, "Max ticket lifetime (*5 minutes) [ %d ] ? ",
|
||||
principal_data[i].max_life);
|
||||
while (s_gets(temp, sizeof(temp)-1) && *temp) {
|
||||
if (sscanf(temp, "%ld", &temp_long) != 1)
|
||||
goto bad_life;
|
||||
if (temp_long > 255 || (temp_long < 0)) {
|
||||
bad_life:
|
||||
fprintf(stdout, "\07\07Invalid, choose 0-255\n");
|
||||
fprintf(stdout,
|
||||
"Max ticket lifetime (*5 minutes) [ %d ] ? ",
|
||||
principal_data[i].max_life);
|
||||
continue;
|
||||
}
|
||||
changed = 1;
|
||||
/* dont clobber */
|
||||
principal_data[i].max_life = (unsigned short) temp_long;
|
||||
break;
|
||||
}
|
||||
|
||||
/* attributes */
|
||||
fprintf(stdout, "Attributes [ %d ] ? ",
|
||||
principal_data[i].attributes);
|
||||
while (s_gets(temp, sizeof(temp)-1) && *temp) {
|
||||
if (sscanf(temp, "%ld", &temp_long) != 1)
|
||||
goto bad_att;
|
||||
if (temp_long > 65535 || (temp_long < 0)) {
|
||||
bad_att:
|
||||
fprintf(stdout, "\07\07Invalid, choose 0-65535\n");
|
||||
fprintf(stdout, "Attributes [ %d ] ? ",
|
||||
principal_data[i].attributes);
|
||||
continue;
|
||||
}
|
||||
changed = 1;
|
||||
/* dont clobber */
|
||||
principal_data[i].attributes =
|
||||
(unsigned short) temp_long;
|
||||
break;
|
||||
}
|
||||
|
||||
/*
|
||||
* remaining fields -- key versions and mod info, should
|
||||
* not be directly manipulated
|
||||
*/
|
||||
if (changed) {
|
||||
if (kerb_put_principal(&principal_data[i], 1)) {
|
||||
fprintf(stdout,
|
||||
"\nError updating Kerberos database");
|
||||
} else {
|
||||
fprintf(stdout, "Edit O.K.");
|
||||
}
|
||||
} else {
|
||||
fprintf(stdout, "Unchanged");
|
||||
}
|
||||
|
||||
|
||||
bzero(&principal_data[i].key_low, 4);
|
||||
bzero(&principal_data[i].key_high, 4);
|
||||
fflush(stdout);
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (more) {
|
||||
fprintf(stdout, "\nThere were more tuples found ");
|
||||
fprintf(stdout, "than there were space for");
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
void
|
||||
no_core_dumps()
|
||||
{
|
||||
|
||||
signal(SIGQUIT, (sig_t)sig_exit);
|
||||
signal(SIGILL, (sig_t)sig_exit);
|
||||
signal(SIGTRAP, (sig_t)sig_exit);
|
||||
signal(SIGIOT, (sig_t)sig_exit);
|
||||
signal(SIGEMT, (sig_t)sig_exit);
|
||||
signal(SIGFPE, (sig_t)sig_exit);
|
||||
signal(SIGBUS, (sig_t)sig_exit);
|
||||
signal(SIGSEGV, (sig_t)sig_exit);
|
||||
signal(SIGSYS, (sig_t)sig_exit);
|
||||
}
|
||||
|
||||
void
|
||||
sig_exit(sig, code, scp)
|
||||
int sig, code;
|
||||
struct sigcontext *scp;
|
||||
{
|
||||
cleanup();
|
||||
fprintf(stderr,
|
||||
"\nSignal caught, sig = %d code = %d old pc = 0x%X \nexiting",
|
||||
sig, code, scp->sc_pc);
|
||||
exit(-1);
|
||||
}
|
||||
|
||||
void
|
||||
cleanup()
|
||||
{
|
||||
|
||||
bzero(master_key, sizeof(master_key));
|
||||
bzero(session_key, sizeof(session_key));
|
||||
bzero(master_key_schedule, sizeof(master_key_schedule));
|
||||
bzero(principal_data, sizeof(principal_data));
|
||||
bzero(new_key, sizeof(new_key));
|
||||
bzero(pw_str, sizeof(pw_str));
|
||||
}
|
||||
|
||||
void
|
||||
Usage()
|
||||
{
|
||||
fprintf(stderr, "Usage: %s [-n]\n", progname);
|
||||
exit(1);
|
||||
}
|
||||
@@ -1,85 +0,0 @@
|
||||
/*
|
||||
* Copyright 1990 by the Massachusetts Institute of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* Convert a struct tm * to a UNIX time.
|
||||
*
|
||||
* from: maketime.c,v 4.2 90/01/09 15:54:51 raeburn Exp $
|
||||
* $Id: maketime.c,v 1.3 1995/07/18 16:37:29 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: maketime.c,v 1.1 1994/03/21 16:23:54 piero Exp ";
|
||||
#endif lint
|
||||
#endif
|
||||
|
||||
#include <sys/time.h>
|
||||
|
||||
#define daysinyear(y) (((y) % 4) ? 365 : (((y) % 100) ? 366 : (((y) % 400) ? 365 : 366)))
|
||||
|
||||
#define SECSPERDAY 24*60*60
|
||||
#define SECSPERHOUR 60*60
|
||||
#define SECSPERMIN 60
|
||||
|
||||
static int cumdays[] = { 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334,
|
||||
365};
|
||||
|
||||
static int leapyear[] = {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31};
|
||||
static int nonleapyear[] = {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31};
|
||||
|
||||
long
|
||||
maketime(tp, local)
|
||||
register struct tm *tp;
|
||||
int local;
|
||||
{
|
||||
register long retval;
|
||||
int foo;
|
||||
int *marray;
|
||||
|
||||
if (tp->tm_mon < 0 || tp->tm_mon > 11 ||
|
||||
tp->tm_hour < 0 || tp->tm_hour > 23 ||
|
||||
tp->tm_min < 0 || tp->tm_min > 59 ||
|
||||
tp->tm_sec < 0 || tp->tm_sec > 59) /* out of range */
|
||||
return 0;
|
||||
|
||||
retval = 0;
|
||||
if (tp->tm_year < 1900)
|
||||
foo = tp->tm_year + 1900;
|
||||
else
|
||||
foo = tp->tm_year;
|
||||
|
||||
if (foo < 1901 || foo > 2038) /* year is too small/large */
|
||||
return 0;
|
||||
|
||||
if (daysinyear(foo) == 366) {
|
||||
if (tp->tm_mon > 1)
|
||||
retval+= SECSPERDAY; /* add leap day */
|
||||
marray = leapyear;
|
||||
} else
|
||||
marray = nonleapyear;
|
||||
|
||||
if (tp->tm_mday < 0 || tp->tm_mday > marray[tp->tm_mon])
|
||||
return 0; /* out of range */
|
||||
|
||||
while (--foo >= 1970)
|
||||
retval += daysinyear(foo) * SECSPERDAY;
|
||||
|
||||
retval += cumdays[tp->tm_mon] * SECSPERDAY;
|
||||
retval += (tp->tm_mday-1) * SECSPERDAY;
|
||||
retval += tp->tm_hour * SECSPERHOUR + tp->tm_min * SECSPERMIN + tp->tm_sec;
|
||||
|
||||
if (local) {
|
||||
/* need to use local time, so we retrieve timezone info */
|
||||
struct timezone tz;
|
||||
struct timeval tv;
|
||||
if (gettimeofday(&tv, &tz) < 0) {
|
||||
/* some error--give up? */
|
||||
return(retval);
|
||||
}
|
||||
retval += tz.tz_minuteswest * SECSPERMIN;
|
||||
}
|
||||
return(retval);
|
||||
}
|
||||
@@ -1,45 +0,0 @@
|
||||
/* Structure for use by time manipulating subroutines.
|
||||
* The following library routines use it:
|
||||
* libc: ctime, localtime, gmtime, asctime
|
||||
* libcx: partime, maketime (may not be installed yet)
|
||||
*/
|
||||
|
||||
/*
|
||||
* from: time.h,v 1.1 82/05/06 11:34:29 wft Exp $
|
||||
* $Id: time.h,v 1.3 1995/07/18 16:37:31 mark Exp $
|
||||
*/
|
||||
|
||||
struct tm { /* See defines below for allowable ranges */
|
||||
int tm_sec;
|
||||
int tm_min;
|
||||
int tm_hour;
|
||||
int tm_mday;
|
||||
int tm_mon;
|
||||
int tm_year;
|
||||
int tm_wday;
|
||||
int tm_yday;
|
||||
int tm_isdst;
|
||||
int tm_zon; /* NEW: mins westward of Greenwich */
|
||||
int tm_ampm; /* NEW: 1 if AM, 2 if PM */
|
||||
};
|
||||
|
||||
#define LCLZONE (5*60) /* Until V7 ftime(2) works, this defines local zone*/
|
||||
#define TMNULL (-1) /* Items not specified are given this value
|
||||
* in order to distinguish null specs from zero
|
||||
* specs. This is only used by partime and
|
||||
* maketime. */
|
||||
|
||||
/* Indices into TM structure */
|
||||
#define TM_SEC 0 /* 0-59 */
|
||||
#define TM_MIN 1 /* 0-59 */
|
||||
#define TM_HOUR 2 /* 0-23 */
|
||||
#define TM_MDAY 3 /* 1-31 day of month */
|
||||
#define TM_DAY TM_MDAY /* " synonym */
|
||||
#define TM_MON 4 /* 0-11 */
|
||||
#define TM_YEAR 5 /* (year-1900) (year) */
|
||||
#define TM_WDAY 6 /* 0-6 day of week (0 = Sunday) */
|
||||
#define TM_YDAY 7 /* 0-365 day of year */
|
||||
#define TM_ISDST 8 /* 0 Std, 1 DST */
|
||||
/* New stuff */
|
||||
#define TM_ZON 9 /* 0-(24*60) minutes west of Greenwich */
|
||||
#define TM_AMPM 10 /* 1 AM, 2 PM */
|
||||
@@ -1,10 +0,0 @@
|
||||
# From: @(#)Makefile 5.1 (Berkeley) 6/25/90
|
||||
# $Id: Makefile,v 1.3 1995/07/18 16:37:34 mark Exp $
|
||||
|
||||
PROG= kdb_init
|
||||
CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include -Wall
|
||||
DPADD= ${LIBKDB} ${LIBKRB}
|
||||
LDADD= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -ldes
|
||||
MAN8= kdb_init.8
|
||||
|
||||
.include <bsd.prog.mk>
|
||||
@@ -1,45 +0,0 @@
|
||||
.\" from: kdb_init.8,v 4.1 89/01/23 11:09:02 jtkohl Exp $
|
||||
.\" $Id: kdb_init.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $
|
||||
.\" Copyright 1989 by the Massachusetts Institute of Technology.
|
||||
.\"
|
||||
.\" For copying and distribution information,
|
||||
.\" please see the file <Copyright.MIT>.
|
||||
.\"
|
||||
.TH KDB_INIT 8 "Kerberos Version 4.0" "MIT Project Athena"
|
||||
.SH NAME
|
||||
kdb_init \- Initialize Kerberos key distribution center database
|
||||
.SH SYNOPSIS
|
||||
kdb_init [
|
||||
.B realm
|
||||
]
|
||||
.SH DESCRIPTION
|
||||
.I kdb_init
|
||||
initializes a Kerberos key distribution center database, creating the
|
||||
necessary principals.
|
||||
.PP
|
||||
If the optional
|
||||
.I realm
|
||||
argument is not present,
|
||||
.I kdb_init
|
||||
prompts for a realm name (defaulting to the definition in
|
||||
/usr/include/kerberosIV/krb.h).
|
||||
After determining the realm to be created, it prompts for
|
||||
a master key password. The master key password is used to encrypt
|
||||
every encryption key stored in the database.
|
||||
.SH DIAGNOSTICS
|
||||
.TP 20n
|
||||
"/etc/kerberosIV/principal: File exists"
|
||||
An attempt was made to create a database on a machine which already had
|
||||
an existing database.
|
||||
.SH FILES
|
||||
.TP 20n
|
||||
/etc/kerberosIV/principal.db
|
||||
DBM file containing database
|
||||
.TP
|
||||
/etc/kerberosIV/principal.ok
|
||||
Semaphore indicating that the DBM database is not being modified.
|
||||
.TP
|
||||
/usr/include/kerberosIV/krb.h
|
||||
Include file defining default realm
|
||||
.SH SEE ALSO
|
||||
kdb_destroy(8)
|
||||
@@ -1,180 +0,0 @@
|
||||
/*
|
||||
* Copyright 1987, 1988 by the Massachusetts Institute of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* program to initialize the database, reports error if database file
|
||||
* already exists.
|
||||
*
|
||||
* from: kdb_init.c,v 4.0 89/01/24 21:50:45 jtkohl Exp $
|
||||
* $Id: kdb_init.c,v 1.4 1995/07/18 16:37:35 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: kdb_init.c,v 1.4 1995/07/18 16:37:35 mark Exp $";
|
||||
#endif lint
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/file.h>
|
||||
#include <sys/time.h>
|
||||
#include <des.h>
|
||||
#include <krb.h>
|
||||
#include <krb_db.h>
|
||||
#include <string.h>
|
||||
|
||||
#define TRUE 1
|
||||
|
||||
enum ap_op {
|
||||
NULL_KEY, /* setup null keys */
|
||||
MASTER_KEY, /* use master key as new key */
|
||||
RANDOM_KEY, /* choose a random key */
|
||||
};
|
||||
|
||||
int add_principal(char *name, char *instance, enum ap_op aap_op);
|
||||
|
||||
int debug = 0;
|
||||
char *progname;
|
||||
C_Block master_key;
|
||||
Key_schedule master_key_schedule;
|
||||
|
||||
int
|
||||
main(argc, argv)
|
||||
int argc;
|
||||
char *argv[];
|
||||
{
|
||||
char realm[REALM_SZ];
|
||||
char *cp;
|
||||
int code;
|
||||
char *database;
|
||||
|
||||
progname = (cp = rindex(*argv, '/')) ? cp + 1 : *argv;
|
||||
|
||||
if (argc > 3) {
|
||||
fprintf(stderr, "Usage: %s [realm-name] [database-name]\n", argv[0]);
|
||||
exit(1);
|
||||
}
|
||||
if (argc == 3) {
|
||||
database = argv[2];
|
||||
--argc;
|
||||
} else
|
||||
database = DBM_FILE;
|
||||
|
||||
/* Do this first, it'll fail if the database exists */
|
||||
if ((code = kerb_db_create(database)) != 0) {
|
||||
fprintf(stderr, "Couldn't create database: %s\n",
|
||||
sys_errlist[code]);
|
||||
exit(1);
|
||||
}
|
||||
kerb_db_set_name(database);
|
||||
|
||||
if (argc == 2)
|
||||
strncpy(realm, argv[1], REALM_SZ);
|
||||
else {
|
||||
fprintf(stderr, "Realm name [default %s ]: ", KRB_REALM);
|
||||
if (fgets(realm, sizeof(realm), stdin) == NULL) {
|
||||
fprintf(stderr, "\nEOF reading realm\n");
|
||||
exit(1);
|
||||
}
|
||||
if ((cp = index(realm, '\n')))
|
||||
*cp = '\0';
|
||||
if (!*realm) /* no realm given */
|
||||
strcpy(realm, KRB_REALM);
|
||||
}
|
||||
if (!k_isrealm(realm)) {
|
||||
fprintf(stderr, "%s: Bad kerberos realm name \"%s\"\n",
|
||||
progname, realm);
|
||||
exit(1);
|
||||
}
|
||||
printf("You will be prompted for the database Master Password.\n");
|
||||
printf("It is important that you NOT FORGET this password.\n");
|
||||
fflush(stdout);
|
||||
|
||||
if (kdb_get_master_key (TRUE, master_key, master_key_schedule) != 0) {
|
||||
fprintf (stderr, "Couldn't read master key.\n");
|
||||
exit (-1);
|
||||
}
|
||||
|
||||
if (
|
||||
add_principal(KERB_M_NAME, KERB_M_INST, MASTER_KEY) ||
|
||||
add_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, NULL_KEY) ||
|
||||
add_principal("krbtgt", realm, RANDOM_KEY) ||
|
||||
add_principal("changepw", KRB_MASTER, RANDOM_KEY)
|
||||
) {
|
||||
fprintf(stderr, "\n%s: couldn't initialize database.\n",
|
||||
progname);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
/* play it safe */
|
||||
bzero (master_key, sizeof (C_Block));
|
||||
bzero (master_key_schedule, sizeof (Key_schedule));
|
||||
exit(0);
|
||||
}
|
||||
|
||||
/* use a return code to indicate success or failure. check the return */
|
||||
/* values of the routines called by this routine. */
|
||||
|
||||
int
|
||||
add_principal(name, instance, aap_op)
|
||||
char *name, *instance;
|
||||
enum ap_op aap_op;
|
||||
{
|
||||
Principal principal;
|
||||
struct tm *tm;
|
||||
C_Block new_key;
|
||||
|
||||
bzero(&principal, sizeof(principal));
|
||||
strncpy(principal.name, name, ANAME_SZ);
|
||||
strncpy(principal.instance, instance, INST_SZ);
|
||||
switch (aap_op) {
|
||||
case NULL_KEY:
|
||||
principal.key_low = 0;
|
||||
principal.key_high = 0;
|
||||
break;
|
||||
case RANDOM_KEY:
|
||||
#ifdef NOENCRYPTION
|
||||
bzero(new_key, sizeof(C_Block));
|
||||
new_key[0] = 127;
|
||||
#else
|
||||
random_key(new_key);
|
||||
#endif
|
||||
kdb_encrypt_key (new_key, new_key, master_key, master_key_schedule,
|
||||
ENCRYPT);
|
||||
bcopy(new_key, &principal.key_low, 4);
|
||||
bcopy(((long *) new_key) + 1, &principal.key_high, 4);
|
||||
break;
|
||||
case MASTER_KEY:
|
||||
bcopy (master_key, new_key, sizeof (C_Block));
|
||||
kdb_encrypt_key (new_key, new_key, master_key, master_key_schedule,
|
||||
ENCRYPT);
|
||||
bcopy(new_key, &principal.key_low, 4);
|
||||
bcopy(((long *) new_key) + 1, &principal.key_high, 4);
|
||||
break;
|
||||
}
|
||||
principal.exp_date = 946702799; /* Happy new century */
|
||||
strncpy(principal.exp_date_txt, "12/31/99", DATE_SZ);
|
||||
principal.mod_date = time(0);
|
||||
|
||||
tm = localtime(&principal.mod_date);
|
||||
principal.attributes = 0;
|
||||
principal.max_life = 255;
|
||||
|
||||
principal.kdc_key_ver = 1;
|
||||
principal.key_version = 1;
|
||||
|
||||
strncpy(principal.mod_name, "db_creation", ANAME_SZ);
|
||||
strncpy(principal.mod_instance, "", INST_SZ);
|
||||
principal.old = 0;
|
||||
|
||||
kerb_db_put_principal(&principal, 1);
|
||||
|
||||
/* let's play it safe */
|
||||
bzero (new_key, sizeof (C_Block));
|
||||
bzero (&principal.key_low, 4);
|
||||
bzero (&principal.key_high, 4);
|
||||
return 0;
|
||||
}
|
||||
@@ -1,13 +0,0 @@
|
||||
# From: @(#)Makefile 5.2 (Berkeley) 2/14/91
|
||||
# $Id: Makefile,v 1.3 1995/07/18 16:37:38 mark Exp $
|
||||
|
||||
PROG= kdb_util
|
||||
CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../kdb_edit \
|
||||
-I${.CURDIR}/../include -Wall
|
||||
SRCS= kdb_util.c maketime.c
|
||||
.PATH: ${.CURDIR}/../kdb_edit
|
||||
DPADD= ${LIBKDB} ${LIBKRB}
|
||||
LDADD= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -ldes
|
||||
MAN8= kdb_util.8
|
||||
|
||||
.include <bsd.prog.mk>
|
||||
@@ -1,64 +0,0 @@
|
||||
.\" from: kdb_util.8,v 4.1 89/01/23 11:09:11 jtkohl Exp $
|
||||
.\" $Id: kdb_util.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $
|
||||
.\" Copyright 1989 by the Massachusetts Institute of Technology.
|
||||
.\"
|
||||
.\" For copying and distribution information,
|
||||
.\" please see the file <Copyright.MIT>.
|
||||
.\"
|
||||
.TH KDB_UTIL 8 "Kerberos Version 4.0" "MIT Project Athena"
|
||||
.SH NAME
|
||||
kdb_util \- Kerberos key distribution center database utility
|
||||
.SH SYNOPSIS
|
||||
kdb_util
|
||||
.B operation filename
|
||||
.SH DESCRIPTION
|
||||
.I kdb_util
|
||||
allows the Kerberos key distribution center (KDC) database administrator to
|
||||
perform utility functions on the database.
|
||||
.PP
|
||||
.I Operation
|
||||
must be one of the following:
|
||||
.TP 10n
|
||||
.I load
|
||||
initializes the KDC database with the records described by the
|
||||
text contained in the file
|
||||
.IR filename .
|
||||
Any existing database is overwritten.
|
||||
.TP
|
||||
.I dump
|
||||
dumps the KDC database into a text representation in the file
|
||||
.IR filename .
|
||||
.TP
|
||||
.I slave_dump
|
||||
performs a database dump like the
|
||||
.I dump
|
||||
operation, and additionally creates a semaphore file signalling the
|
||||
propagation software that an update is available for distribution to
|
||||
slave KDC databases.
|
||||
.TP
|
||||
.I new_master_key
|
||||
prompts for the old and new master key strings, and then dumps the KDC
|
||||
database into a text representation in the file
|
||||
.IR filename .
|
||||
The keys in the text representation are encrypted in the new master key.
|
||||
.TP
|
||||
.I convert_old_db
|
||||
prompts for the master key string, and then dumps the KDC database into
|
||||
a text representation in the file
|
||||
.IR filename .
|
||||
The existing database is assumed to be encrypted using the old format
|
||||
(encrypted by the key schedule of the master key); the dumped database
|
||||
is encrypted using the new format (encrypted directly with master key).
|
||||
.PP
|
||||
.SH DIAGNOSTICS
|
||||
.TP 20n
|
||||
"verify_master_key: Invalid master key, does not match database."
|
||||
The master key string entered was incorrect.
|
||||
.SH FILES
|
||||
.TP 20n
|
||||
/etc/kerberosIV/principal.db
|
||||
DBM file containing database
|
||||
.TP
|
||||
.IR filename .dump_ok
|
||||
semaphore file created by
|
||||
.IR slave_dump.
|
||||
@@ -1,523 +0,0 @@
|
||||
/*
|
||||
* Copyright 1987, 1988 by the Massachusetts Institute of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* Kerberos database manipulation utility. This program allows you to
|
||||
* dump a kerberos database to an ascii readable file and load this
|
||||
* file into the database. Read locking of the database is done during a
|
||||
* dump operation. NO LOCKING is done during a load operation. Loads
|
||||
* should happen with other processes shutdown.
|
||||
*
|
||||
* Written July 9, 1987 by Jeffrey I. Schiller
|
||||
*
|
||||
* from: kdb_util.c,v 4.4 90/01/09 15:57:20 raeburn Exp $
|
||||
* $Id: kdb_util.c,v 1.5 1995/08/03 17:15:57 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: kdb_util.c,v 1.5 1995/08/03 17:15:57 mark Exp $";
|
||||
#endif lint
|
||||
#endif
|
||||
|
||||
#include <errno.h>
|
||||
#include <unistd.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <sys/types.h>
|
||||
#include <netinet/in.h>
|
||||
#include <time.h>
|
||||
#include <strings.h>
|
||||
#include <des.h>
|
||||
#include <krb.h>
|
||||
#include <sys/file.h>
|
||||
#include <krb_db.h>
|
||||
|
||||
#define TRUE 1
|
||||
|
||||
Principal aprinc;
|
||||
|
||||
static des_cblock master_key, new_master_key;
|
||||
static des_key_schedule master_key_schedule, new_master_key_schedule;
|
||||
|
||||
#define zaptime(foo) bzero((char *)(foo), sizeof(*(foo)))
|
||||
|
||||
char * progname;
|
||||
|
||||
void convert_old_format_db (char *db_file, FILE *out);
|
||||
void convert_new_master_key (char *db_file, FILE *out);
|
||||
void update_ok_file (char *file_name);
|
||||
void print_time(FILE *file, unsigned long timeval);
|
||||
void load_db (char *db_file, FILE *input_file);
|
||||
int dump_db (char *db_file, FILE *output_file, void (*cv_key)());
|
||||
|
||||
int
|
||||
main(argc, argv)
|
||||
int argc;
|
||||
char **argv;
|
||||
{
|
||||
FILE *file;
|
||||
enum {
|
||||
OP_LOAD,
|
||||
OP_DUMP,
|
||||
OP_SLAVE_DUMP,
|
||||
OP_NEW_MASTER,
|
||||
OP_CONVERT_OLD_DB,
|
||||
} op;
|
||||
char *file_name;
|
||||
char *prog = argv[0];
|
||||
char *db_name;
|
||||
|
||||
progname = prog;
|
||||
|
||||
if (argc != 3 && argc != 4) {
|
||||
fprintf(stderr, "Usage: %s operation file-name [database name].\n",
|
||||
argv[0]);
|
||||
exit(1);
|
||||
}
|
||||
if (argc == 3)
|
||||
db_name = DBM_FILE;
|
||||
else
|
||||
db_name = argv[3];
|
||||
|
||||
if (kerb_db_set_name (db_name) != 0) {
|
||||
perror("Can't open database");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (!strcmp(argv[1], "load"))
|
||||
op = OP_LOAD;
|
||||
else if (!strcmp(argv[1], "dump"))
|
||||
op = OP_DUMP;
|
||||
else if (!strcmp(argv[1], "slave_dump"))
|
||||
op = OP_SLAVE_DUMP;
|
||||
else if (!strcmp(argv[1], "new_master_key"))
|
||||
op = OP_NEW_MASTER;
|
||||
else if (!strcmp(argv[1], "convert_old_db"))
|
||||
op = OP_CONVERT_OLD_DB;
|
||||
else {
|
||||
fprintf(stderr,
|
||||
"%s: %s is an invalid operation.\n", prog, argv[1]);
|
||||
fprintf(stderr,
|
||||
"%s: Valid operations are \"dump\", \"slave_dump\",", argv[0]);
|
||||
fprintf(stderr,
|
||||
"\"load\", \"new_master_key\", and \"convert_old_db\".\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
file_name = argv[2];
|
||||
file = fopen(file_name, op == OP_LOAD ? "r" : "w");
|
||||
if (file == NULL) {
|
||||
fprintf(stderr, "%s: Unable to open %s\n", prog, argv[2]);
|
||||
(void) fflush(stderr);
|
||||
perror("open");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
switch (op) {
|
||||
case OP_DUMP:
|
||||
if ((dump_db (db_name, file, (void (*)()) 0) == EOF) ||
|
||||
(fclose(file) == EOF)) {
|
||||
fprintf(stderr, "error on file %s:", file_name);
|
||||
perror("");
|
||||
exit(1);
|
||||
}
|
||||
break;
|
||||
case OP_SLAVE_DUMP:
|
||||
if ((dump_db (db_name, file, (void (*)()) 0) == EOF) ||
|
||||
(fclose(file) == EOF)) {
|
||||
fprintf(stderr, "error on file %s:", file_name);
|
||||
perror("");
|
||||
exit(1);
|
||||
}
|
||||
update_ok_file (file_name);
|
||||
break;
|
||||
case OP_LOAD:
|
||||
load_db (db_name, file);
|
||||
break;
|
||||
case OP_NEW_MASTER:
|
||||
convert_new_master_key (db_name, file);
|
||||
printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name);
|
||||
break;
|
||||
case OP_CONVERT_OLD_DB:
|
||||
convert_old_format_db (db_name, file);
|
||||
printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name);
|
||||
break;
|
||||
}
|
||||
exit(0);
|
||||
}
|
||||
|
||||
void
|
||||
clear_secrets ()
|
||||
{
|
||||
bzero((char *)master_key, sizeof (des_cblock));
|
||||
bzero((char *)master_key_schedule, sizeof (Key_schedule));
|
||||
bzero((char *)new_master_key, sizeof (des_cblock));
|
||||
bzero((char *)new_master_key_schedule, sizeof (Key_schedule));
|
||||
}
|
||||
|
||||
/* cv_key is a procedure which takes a principle and changes its key,
|
||||
either for a new method of encrypting the keys, or a new master key.
|
||||
if cv_key is null no transformation of key is done (other than net byte
|
||||
order). */
|
||||
|
||||
struct callback_args {
|
||||
void (*cv_key)();
|
||||
FILE *output_file;
|
||||
};
|
||||
|
||||
static int dump_db_1(arg, principal)
|
||||
char *arg;
|
||||
Principal *principal;
|
||||
{ /* replace null strings with "*" */
|
||||
struct callback_args *a = (struct callback_args *)arg;
|
||||
|
||||
if (principal->instance[0] == '\0') {
|
||||
principal->instance[0] = '*';
|
||||
principal->instance[1] = '\0';
|
||||
}
|
||||
if (principal->mod_name[0] == '\0') {
|
||||
principal->mod_name[0] = '*';
|
||||
principal->mod_name[1] = '\0';
|
||||
}
|
||||
if (principal->mod_instance[0] == '\0') {
|
||||
principal->mod_instance[0] = '*';
|
||||
principal->mod_instance[1] = '\0';
|
||||
}
|
||||
if (a->cv_key != NULL) {
|
||||
(*a->cv_key) (principal);
|
||||
}
|
||||
fprintf(a->output_file, "%s %s %d %d %d %d %lx %lx",
|
||||
principal->name,
|
||||
principal->instance,
|
||||
principal->max_life,
|
||||
principal->kdc_key_ver,
|
||||
principal->key_version,
|
||||
principal->attributes,
|
||||
htonl (principal->key_low),
|
||||
htonl (principal->key_high));
|
||||
print_time(a->output_file, principal->exp_date);
|
||||
print_time(a->output_file, principal->mod_date);
|
||||
fprintf(a->output_file, " %s %s\n",
|
||||
principal->mod_name,
|
||||
principal->mod_instance);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
dump_db (db_file, output_file, cv_key)
|
||||
char *db_file;
|
||||
FILE *output_file;
|
||||
void (*cv_key)();
|
||||
{
|
||||
struct callback_args a;
|
||||
|
||||
a.cv_key = cv_key;
|
||||
a.output_file = output_file;
|
||||
|
||||
kerb_db_iterate (dump_db_1, (char *)&a);
|
||||
return fflush(output_file);
|
||||
}
|
||||
|
||||
void
|
||||
load_db (db_file, input_file)
|
||||
char *db_file;
|
||||
FILE *input_file;
|
||||
{
|
||||
char exp_date_str[50];
|
||||
char mod_date_str[50];
|
||||
int temp1, temp2, temp3;
|
||||
long time_explode();
|
||||
int code;
|
||||
char *temp_db_file;
|
||||
temp1 = strlen(db_file)+2;
|
||||
temp_db_file = malloc (temp1);
|
||||
strcpy(temp_db_file, db_file);
|
||||
strcat(temp_db_file, "~");
|
||||
|
||||
/* Create the database */
|
||||
if ((code = kerb_db_create(temp_db_file)) != 0) {
|
||||
fprintf(stderr, "Couldn't create temp database %s: %s\n",
|
||||
temp_db_file, sys_errlist[code]);
|
||||
exit(1);
|
||||
}
|
||||
kerb_db_set_name(temp_db_file);
|
||||
for (;;) { /* explicit break on eof from fscanf */
|
||||
bzero((char *)&aprinc, sizeof(aprinc));
|
||||
if (fscanf(input_file,
|
||||
"%s %s %d %d %d %hd %lx %lx %s %s %s %s\n",
|
||||
aprinc.name,
|
||||
aprinc.instance,
|
||||
&temp1,
|
||||
&temp2,
|
||||
&temp3,
|
||||
&aprinc.attributes,
|
||||
&aprinc.key_low,
|
||||
&aprinc.key_high,
|
||||
exp_date_str,
|
||||
mod_date_str,
|
||||
aprinc.mod_name,
|
||||
aprinc.mod_instance) == EOF)
|
||||
break;
|
||||
aprinc.key_low = ntohl (aprinc.key_low);
|
||||
aprinc.key_high = ntohl (aprinc.key_high);
|
||||
aprinc.max_life = (unsigned char) temp1;
|
||||
aprinc.kdc_key_ver = (unsigned char) temp2;
|
||||
aprinc.key_version = (unsigned char) temp3;
|
||||
aprinc.exp_date = time_explode(exp_date_str);
|
||||
aprinc.mod_date = time_explode(mod_date_str);
|
||||
if (aprinc.instance[0] == '*')
|
||||
aprinc.instance[0] = '\0';
|
||||
if (aprinc.mod_name[0] == '*')
|
||||
aprinc.mod_name[0] = '\0';
|
||||
if (aprinc.mod_instance[0] == '*')
|
||||
aprinc.mod_instance[0] = '\0';
|
||||
if (kerb_db_put_principal(&aprinc, 1) != 1) {
|
||||
fprintf(stderr, "Couldn't store %s.%s: %s; load aborted\n",
|
||||
aprinc.name, aprinc.instance,
|
||||
sys_errlist[errno]);
|
||||
exit(1);
|
||||
};
|
||||
}
|
||||
if ((code = kerb_db_rename(temp_db_file, db_file)) != 0)
|
||||
perror("database rename failed");
|
||||
(void) fclose(input_file);
|
||||
free(temp_db_file);
|
||||
}
|
||||
|
||||
void
|
||||
print_time(file, timeval)
|
||||
FILE *file;
|
||||
unsigned long timeval;
|
||||
{
|
||||
struct tm *tm;
|
||||
struct tm *gmtime();
|
||||
tm = gmtime((long *)&timeval);
|
||||
fprintf(file, " %04d%02d%02d%02d%02d",
|
||||
tm->tm_year < 1900 ? tm->tm_year + 1900: tm->tm_year,
|
||||
tm->tm_mon + 1,
|
||||
tm->tm_mday,
|
||||
tm->tm_hour,
|
||||
tm->tm_min);
|
||||
}
|
||||
|
||||
/*ARGSUSED*/
|
||||
void
|
||||
update_ok_file (file_name)
|
||||
char *file_name;
|
||||
{
|
||||
/* handle slave locking/failure stuff */
|
||||
char *file_ok;
|
||||
int fd;
|
||||
static char ok[]=".dump_ok";
|
||||
|
||||
if ((file_ok = (char *)malloc(strlen(file_name) + strlen(ok) + 1))
|
||||
== NULL) {
|
||||
fprintf(stderr, "kdb_util: out of memory.\n");
|
||||
(void) fflush (stderr);
|
||||
perror ("malloc");
|
||||
exit (1);
|
||||
}
|
||||
strcpy(file_ok, file_name);
|
||||
strcat(file_ok, ok);
|
||||
if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0400)) < 0) {
|
||||
fprintf(stderr, "Error creating 'ok' file, '%s'", file_ok);
|
||||
perror("");
|
||||
(void) fflush (stderr);
|
||||
exit (1);
|
||||
}
|
||||
free(file_ok);
|
||||
close(fd);
|
||||
}
|
||||
|
||||
void
|
||||
convert_key_new_master (p)
|
||||
Principal *p;
|
||||
{
|
||||
des_cblock key;
|
||||
|
||||
/* leave null keys alone */
|
||||
if ((p->key_low == 0) && (p->key_high == 0)) return;
|
||||
|
||||
/* move current key to des_cblock for encryption, special case master key
|
||||
since that's changing */
|
||||
if ((strncmp (p->name, KERB_M_NAME, ANAME_SZ) == 0) &&
|
||||
(strncmp (p->instance, KERB_M_INST, INST_SZ) == 0)) {
|
||||
bcopy((char *)new_master_key, (char *) key, sizeof (des_cblock));
|
||||
(p->key_version)++;
|
||||
} else {
|
||||
bcopy((char *)&(p->key_low), (char *)key, 4);
|
||||
bcopy((char *)&(p->key_high), (char *) (((long *) key) + 1), 4);
|
||||
kdb_encrypt_key (key, key, master_key, master_key_schedule, DECRYPT);
|
||||
}
|
||||
|
||||
kdb_encrypt_key (key, key, new_master_key, new_master_key_schedule, ENCRYPT);
|
||||
|
||||
bcopy((char *)key, (char *)&(p->key_low), 4);
|
||||
bcopy((char *)(((long *) key) + 1), (char *)&(p->key_high), 4);
|
||||
bzero((char *)key, sizeof (key)); /* a little paranoia ... */
|
||||
|
||||
(p->kdc_key_ver)++;
|
||||
}
|
||||
|
||||
void
|
||||
convert_new_master_key (db_file, out)
|
||||
char *db_file;
|
||||
FILE *out;
|
||||
{
|
||||
|
||||
printf ("\n\nEnter the CURRENT master key.");
|
||||
if (kdb_get_master_key (TRUE, master_key, master_key_schedule) != 0) {
|
||||
fprintf (stderr, "get_master_key: Couldn't get master key.\n");
|
||||
clear_secrets ();
|
||||
exit (-1);
|
||||
}
|
||||
|
||||
if (kdb_verify_master_key (master_key, master_key_schedule, stderr) < 0) {
|
||||
clear_secrets ();
|
||||
exit (-1);
|
||||
}
|
||||
|
||||
printf ("\n\nNow enter the NEW master key. Do not forget it!!");
|
||||
if (kdb_get_master_key (TRUE, new_master_key, new_master_key_schedule) != 0) {
|
||||
fprintf (stderr, "get_master_key: Couldn't get new master key.\n");
|
||||
clear_secrets ();
|
||||
exit (-1);
|
||||
}
|
||||
|
||||
dump_db (db_file, out, convert_key_new_master);
|
||||
}
|
||||
|
||||
void
|
||||
convert_key_old_db (p)
|
||||
Principal *p;
|
||||
{
|
||||
des_cblock key;
|
||||
|
||||
/* leave null keys alone */
|
||||
if ((p->key_low == 0) && (p->key_high == 0)) return;
|
||||
|
||||
bcopy((char *)&(p->key_low), (char *)key, 4);
|
||||
bcopy((char *)&(p->key_high), (char *)(((long *) key) + 1), 4);
|
||||
|
||||
#ifndef NOENCRYPTION
|
||||
des_pcbc_encrypt((des_cblock *)key,(des_cblock *)key,
|
||||
(long)sizeof(des_cblock),master_key_schedule,
|
||||
(des_cblock *)master_key_schedule,DECRYPT);
|
||||
#endif
|
||||
|
||||
/* make new key, new style */
|
||||
kdb_encrypt_key (key, key, master_key, master_key_schedule, ENCRYPT);
|
||||
|
||||
bcopy((char *)key, (char *)&(p->key_low), 4);
|
||||
bcopy((char *)(((long *) key) + 1), (char *)&(p->key_high), 4);
|
||||
bzero((char *)key, sizeof (key)); /* a little paranoia ... */
|
||||
}
|
||||
|
||||
void
|
||||
convert_old_format_db (db_file, out)
|
||||
char *db_file;
|
||||
FILE *out;
|
||||
{
|
||||
des_cblock key_from_db;
|
||||
Principal principal_data[1];
|
||||
int n, more;
|
||||
|
||||
if (kdb_get_master_key (TRUE, master_key, master_key_schedule) != 0L) {
|
||||
fprintf (stderr, "verify_master_key: Couldn't get master key.\n");
|
||||
clear_secrets();
|
||||
exit (-1);
|
||||
}
|
||||
|
||||
/* can't call kdb_verify_master_key because this is an old style db */
|
||||
/* lookup the master key version */
|
||||
n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data,
|
||||
1 /* only one please */, &more);
|
||||
if ((n != 1) || more) {
|
||||
fprintf(stderr, "verify_master_key: "
|
||||
"Kerberos error on master key lookup, %d found.\n",
|
||||
n);
|
||||
exit (-1);
|
||||
}
|
||||
|
||||
/* set up the master key */
|
||||
fprintf(stderr, "Current Kerberos master key version is %d.\n",
|
||||
principal_data[0].kdc_key_ver);
|
||||
|
||||
/*
|
||||
* now use the master key to decrypt (old style) the key in the db, had better
|
||||
* be the same!
|
||||
*/
|
||||
bcopy((char *)&principal_data[0].key_low, (char *)key_from_db, 4);
|
||||
bcopy((char *)&principal_data[0].key_high,
|
||||
(char *)(((long *) key_from_db) + 1), 4);
|
||||
#ifndef NOENCRYPTION
|
||||
des_pcbc_encrypt((des_cblock *)key_from_db,(des_cblock *)key_from_db,
|
||||
(long)sizeof(key_from_db),master_key_schedule,
|
||||
(des_cblock *)master_key_schedule,DECRYPT);
|
||||
#endif
|
||||
/* the decrypted database key had better equal the master key */
|
||||
n = bcmp((char *) master_key, (char *) key_from_db,
|
||||
sizeof(master_key));
|
||||
bzero((char *)key_from_db, sizeof(key_from_db));
|
||||
|
||||
if (n) {
|
||||
fprintf(stderr, "\n\07\07verify_master_key: Invalid master key, ");
|
||||
fprintf(stderr, "does not match database.\n");
|
||||
exit (-1);
|
||||
}
|
||||
|
||||
fprintf(stderr, "Master key verified.\n");
|
||||
(void) fflush(stderr);
|
||||
|
||||
dump_db (db_file, out, convert_key_old_db);
|
||||
}
|
||||
|
||||
long
|
||||
time_explode(cp)
|
||||
register char *cp;
|
||||
{
|
||||
char wbuf[5];
|
||||
struct tm tp;
|
||||
long maketime();
|
||||
int local;
|
||||
|
||||
zaptime(&tp); /* clear out the struct */
|
||||
|
||||
if (strlen(cp) > 10) { /* new format */
|
||||
(void) strncpy(wbuf, cp, 4);
|
||||
wbuf[4] = 0;
|
||||
tp.tm_year = atoi(wbuf);
|
||||
cp += 4; /* step over the year */
|
||||
local = 0; /* GMT */
|
||||
} else { /* old format: local time,
|
||||
year is 2 digits, assuming 19xx */
|
||||
wbuf[0] = *cp++;
|
||||
wbuf[1] = *cp++;
|
||||
wbuf[2] = 0;
|
||||
tp.tm_year = 1900 + atoi(wbuf);
|
||||
local = 1; /* local */
|
||||
}
|
||||
|
||||
wbuf[0] = *cp++;
|
||||
wbuf[1] = *cp++;
|
||||
wbuf[2] = 0;
|
||||
tp.tm_mon = atoi(wbuf)-1;
|
||||
|
||||
wbuf[0] = *cp++;
|
||||
wbuf[1] = *cp++;
|
||||
tp.tm_mday = atoi(wbuf);
|
||||
|
||||
wbuf[0] = *cp++;
|
||||
wbuf[1] = *cp++;
|
||||
tp.tm_hour = atoi(wbuf);
|
||||
|
||||
wbuf[0] = *cp++;
|
||||
wbuf[1] = *cp++;
|
||||
tp.tm_min = atoi(wbuf);
|
||||
|
||||
|
||||
return(maketime(&tp, local));
|
||||
}
|
||||
@@ -1,11 +0,0 @@
|
||||
# From: @(#)Makefile 5.1 (Berkeley) 6/25/90
|
||||
# $Id: Makefile,v 1.3 1995/07/18 16:37:42 mark Exp $
|
||||
|
||||
PROG= kdestroy
|
||||
CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include -DBSD42 -Wall
|
||||
DPADD= ${LIBKRB}
|
||||
LDADD= -L${KRBOBJDIR} -lkrb -ldes
|
||||
BINDIR= /usr/bin
|
||||
MAN1= kdestroy.1
|
||||
|
||||
.include <bsd.prog.mk>
|
||||
@@ -1,81 +0,0 @@
|
||||
.\" from: kdestroy.1,v 4.9 89/01/23 11:39:50 jtkohl Exp $
|
||||
.\" $Id: kdestroy.1,v 1.2 1994/07/19 19:27:32 g89r4222 Exp $
|
||||
.\" Copyright 1989 by the Massachusetts Institute of Technology.
|
||||
.\"
|
||||
.\" For copying and distribution information,
|
||||
.\" please see the file <Copyright.MIT>.
|
||||
.\"
|
||||
.TH KDESTROY 1 "Kerberos Version 4.0" "MIT Project Athena"
|
||||
.SH NAME
|
||||
kdestroy \- destroy Kerberos tickets
|
||||
.SH SYNOPSIS
|
||||
.B kdestroy
|
||||
[
|
||||
.B \-f
|
||||
]
|
||||
[
|
||||
.B \-q
|
||||
]
|
||||
.SH DESCRIPTION
|
||||
The
|
||||
.I kdestroy
|
||||
utility destroys the user's active
|
||||
Kerberos
|
||||
authorization tickets by writing zeros to the file that contains them.
|
||||
If the ticket file does not exist,
|
||||
.I kdestroy
|
||||
displays a message to that effect.
|
||||
.PP
|
||||
After overwriting the file,
|
||||
.I kdestroy
|
||||
removes the file from the system.
|
||||
The utility
|
||||
displays a message indicating the success or failure of the
|
||||
operation.
|
||||
If
|
||||
.I kdestroy
|
||||
is unable to destroy the ticket file,
|
||||
the utility will warn you by making your terminal beep.
|
||||
.PP
|
||||
In the Athena workstation environment,
|
||||
the
|
||||
.I toehold
|
||||
service automatically destroys your tickets when you
|
||||
end a workstation session.
|
||||
If your site does not provide a similar ticket-destroying mechanism,
|
||||
you can place the
|
||||
.I kdestroy
|
||||
command in your
|
||||
.I .logout
|
||||
file so that your tickets are destroyed automatically
|
||||
when you logout.
|
||||
.PP
|
||||
The options to
|
||||
.I kdestroy
|
||||
are as follows:
|
||||
.TP 7
|
||||
.B \-f
|
||||
.I kdestroy
|
||||
runs without displaying the status message.
|
||||
.TP
|
||||
.B \-q
|
||||
.I kdestroy
|
||||
will not make your terminal beep if it fails to destroy the tickets.
|
||||
.SH FILES
|
||||
KRBTKFILE environment variable if set, otherwise
|
||||
.br
|
||||
/tmp/tkt[uid]
|
||||
.SH SEE ALSO
|
||||
kerberos(1), kinit(1), klist(1)
|
||||
.SH BUGS
|
||||
.PP
|
||||
Only the tickets in the user's current ticket file are destroyed.
|
||||
Separate ticket files are used to hold root instance and password
|
||||
changing tickets. These files should probably be destroyed too, or
|
||||
all of a user's tickets kept in a single ticket file.
|
||||
.SH AUTHORS
|
||||
Steve Miller, MIT Project Athena/Digital Equipment Corporation
|
||||
.br
|
||||
Clifford Neuman, MIT Project Athena
|
||||
.br
|
||||
Bill Sommerfeld, MIT Project Athena
|
||||
@@ -1,83 +0,0 @@
|
||||
/*
|
||||
* Copyright 1987, 1988 by the Massachusetts Institute of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* This program causes Kerberos tickets to be destroyed.
|
||||
* Options are:
|
||||
*
|
||||
* -q[uiet] - no bell even if tickets not destroyed
|
||||
* -f[orce] - no message printed at all
|
||||
*
|
||||
* from: kdestroy.c,v 4.5 88/03/18 15:16:02 steiner Exp $
|
||||
* $Id: kdestroy.c,v 1.3 1995/07/18 16:37:44 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: kdestroy.c,v 1.3 1995/07/18 16:37:44 mark Exp $";
|
||||
#endif lint
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <krb.h>
|
||||
#ifdef BSD42
|
||||
#include <strings.h>
|
||||
#endif BSD42
|
||||
|
||||
|
||||
static char *pname;
|
||||
|
||||
static void
|
||||
usage()
|
||||
{
|
||||
fprintf(stderr, "Usage: %s [-f] [-q]\n", pname);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
int
|
||||
main(argc, argv)
|
||||
int argc;
|
||||
char *argv[];
|
||||
{
|
||||
int fflag=0, qflag=0, k_errno;
|
||||
register char *cp;
|
||||
|
||||
cp = rindex (argv[0], '/');
|
||||
if (cp == NULL)
|
||||
pname = argv[0];
|
||||
else
|
||||
pname = cp+1;
|
||||
|
||||
if (argc > 2)
|
||||
usage();
|
||||
else if (argc == 2) {
|
||||
if (!strcmp(argv[1], "-f"))
|
||||
++fflag;
|
||||
else if (!strcmp(argv[1], "-q"))
|
||||
++qflag;
|
||||
else usage();
|
||||
}
|
||||
|
||||
k_errno = dest_tkt();
|
||||
|
||||
if (fflag) {
|
||||
if (k_errno != 0 && k_errno != RET_TKFIL)
|
||||
exit(1);
|
||||
else
|
||||
exit(0);
|
||||
} else {
|
||||
if (k_errno == 0)
|
||||
printf("Tickets destroyed.\n");
|
||||
else if (k_errno == RET_TKFIL)
|
||||
fprintf(stderr, "No tickets to destroy.\n");
|
||||
else {
|
||||
fprintf(stderr, "Tickets NOT destroyed.\n");
|
||||
if (!qflag)
|
||||
fprintf(stderr, "\007");
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
exit(0);
|
||||
}
|
||||
@@ -1,11 +0,0 @@
|
||||
# From: @(#)Makefile 5.1 (Berkeley) 6/25/90
|
||||
# $Id: Makefile,v 1.3 1995/07/18 16:37:47 mark Exp $
|
||||
|
||||
PROG= kerberos
|
||||
SRCS= kerberos.c cr_err_reply.c
|
||||
CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include -Wall
|
||||
DPADD= ${LIBKDB} ${LIBKRB}
|
||||
LDADD= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -ldes
|
||||
NOMAN= noman
|
||||
|
||||
.include <bsd.prog.mk>
|
||||
@@ -1,97 +0,0 @@
|
||||
/*
|
||||
* Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
|
||||
* of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: cr_err_reply.c,v 4.10 89/01/10 11:34:42 steiner Exp $
|
||||
* $Id: cr_err_reply.c,v 1.2 1995/07/18 16:37:49 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: cr_err_reply.c,v 1.2 1995/07/18 16:37:49 mark Exp $";
|
||||
#endif /* lint */
|
||||
#endif
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <krb.h>
|
||||
#include <prot.h>
|
||||
#include <strings.h>
|
||||
|
||||
extern int req_act_vno; /* this is defined in the kerberos
|
||||
* server code */
|
||||
|
||||
/*
|
||||
* This routine is used by the Kerberos authentication server to
|
||||
* create an error reply packet to send back to its client.
|
||||
*
|
||||
* It takes a pointer to the packet to be built, the name, instance,
|
||||
* and realm of the principal, the client's timestamp, an error code
|
||||
* and an error string as arguments. Its return value is undefined.
|
||||
*
|
||||
* The packet is built in the following format:
|
||||
*
|
||||
* type variable data
|
||||
* or constant
|
||||
* ---- ----------- ----
|
||||
*
|
||||
* unsigned char req_ack_vno protocol version number
|
||||
*
|
||||
* unsigned char AUTH_MSG_ERR_REPLY protocol message type
|
||||
*
|
||||
* [least significant HOST_BYTE_ORDER sender's (server's) byte
|
||||
* bit of above field] order
|
||||
*
|
||||
* string pname principal's name
|
||||
*
|
||||
* string pinst principal's instance
|
||||
*
|
||||
* string prealm principal's realm
|
||||
*
|
||||
* unsigned long time_ws client's timestamp
|
||||
*
|
||||
* unsigned long e error code
|
||||
*
|
||||
* string e_string error text
|
||||
*/
|
||||
|
||||
void
|
||||
cr_err_reply(pkt,pname,pinst,prealm,time_ws,e,e_string)
|
||||
KTEXT pkt;
|
||||
char *pname; /* Principal's name */
|
||||
char *pinst; /* Principal's instance */
|
||||
char *prealm; /* Principal's authentication domain */
|
||||
u_long time_ws; /* Workstation time */
|
||||
u_long e; /* Error code */
|
||||
char *e_string; /* Text of error */
|
||||
{
|
||||
u_char *v = (u_char *) pkt->dat; /* Prot vers number */
|
||||
u_char *t = (u_char *)(pkt->dat+1); /* Prot message type */
|
||||
|
||||
/* Create fixed part of packet */
|
||||
*v = (unsigned char) req_act_vno; /* KRB_PROT_VERSION; */
|
||||
*t = (unsigned char) AUTH_MSG_ERR_REPLY;
|
||||
*t |= HOST_BYTE_ORDER;
|
||||
|
||||
/* Add the basic info */
|
||||
(void) strcpy((char *) (pkt->dat+2),pname);
|
||||
pkt->length = 3 + strlen(pname);
|
||||
(void) strcpy((char *)(pkt->dat+pkt->length),pinst);
|
||||
pkt->length += 1 + strlen(pinst);
|
||||
(void) strcpy((char *)(pkt->dat+pkt->length),prealm);
|
||||
pkt->length += 1 + strlen(prealm);
|
||||
/* ws timestamp */
|
||||
bcopy((char *) &time_ws,(char *)(pkt->dat+pkt->length),4);
|
||||
pkt->length += 4;
|
||||
/* err code */
|
||||
bcopy((char *) &e,(char *)(pkt->dat+pkt->length),4);
|
||||
pkt->length += 4;
|
||||
/* err text */
|
||||
(void) strcpy((char *)(pkt->dat+pkt->length),e_string);
|
||||
pkt->length += 1 + strlen(e_string);
|
||||
|
||||
/* And return */
|
||||
return;
|
||||
}
|
||||
@@ -1,816 +0,0 @@
|
||||
/*
|
||||
* Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
|
||||
* of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: kerberos.c,v 4.19 89/11/01 17:18:07 qjb Exp $
|
||||
* $Id: kerberos.c,v 1.4 1995/07/18 16:37:51 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: kerberos.c,v 1.4 1995/07/18 16:37:51 mark Exp $";
|
||||
#endif lint
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <errno.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <netdb.h>
|
||||
#include <signal.h>
|
||||
#include <sgtty.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/file.h>
|
||||
#include <ctype.h>
|
||||
|
||||
#include <krb.h>
|
||||
#include <des.h>
|
||||
#include <klog.h>
|
||||
#include <prot.h>
|
||||
#include <krb_db.h>
|
||||
#include <kdc.h>
|
||||
|
||||
void cr_err_reply(KTEXT pkt, char *pname, char *pinst, char *prealm,
|
||||
u_long time_ws, u_long e, char *e_string);
|
||||
void kerb_err_reply(struct sockaddr_in *client, KTEXT pkt, long err,
|
||||
char *string);
|
||||
void setup_disc(void);
|
||||
void kerberos(struct sockaddr_in *client, KTEXT pkt);
|
||||
int check_princ(char *p_name, char *instance, unsigned lifetime, Principal *p);
|
||||
int set_tgtkey(char *r);
|
||||
|
||||
struct sockaddr_in s_in = {AF_INET};
|
||||
int f;
|
||||
|
||||
/* XXX several files in libkdb know about this */
|
||||
char *progname;
|
||||
|
||||
static Key_schedule master_key_schedule;
|
||||
static C_Block master_key;
|
||||
|
||||
static struct timeval kerb_time;
|
||||
static Principal a_name_data; /* for requesting user */
|
||||
static Principal s_name_data; /* for services requested */
|
||||
static C_Block session_key;
|
||||
static u_char master_key_version;
|
||||
static char k_instance[INST_SZ];
|
||||
static char *lt;
|
||||
static int more;
|
||||
|
||||
static int mflag; /* Are we invoked manually? */
|
||||
static int lflag; /* Have we set an alterate log file? */
|
||||
static char *log_file; /* name of alt. log file */
|
||||
static int nflag; /* don't check max age */
|
||||
static int rflag; /* alternate realm specified */
|
||||
|
||||
/* fields within the received request packet */
|
||||
static u_char req_msg_type;
|
||||
static u_char req_version;
|
||||
static char *req_name_ptr;
|
||||
static char *req_inst_ptr;
|
||||
static char *req_realm_ptr;
|
||||
static u_long req_time_ws;
|
||||
|
||||
int req_act_vno = KRB_PROT_VERSION; /* Temporary for version skew */
|
||||
|
||||
static char local_realm[REALM_SZ];
|
||||
|
||||
/* statistics */
|
||||
static long q_bytes; /* current bytes remaining in queue */
|
||||
static long q_n; /* how many consecutive non-zero
|
||||
* q_bytes */
|
||||
static long max_q_bytes;
|
||||
static long max_q_n;
|
||||
static long n_auth_req;
|
||||
static long n_appl_req;
|
||||
static long n_packets;
|
||||
|
||||
static long max_age = -1;
|
||||
static long pause_int = -1;
|
||||
|
||||
static void check_db_age();
|
||||
static void hang();
|
||||
|
||||
/*
|
||||
* Print usage message and exit.
|
||||
*/
|
||||
static void usage()
|
||||
{
|
||||
fprintf(stderr, "Usage: %s [-s] [-m] [-n] [-p pause_seconds]%s%s\n", progname,
|
||||
" [-a max_age] [-l log_file] [-r realm]"
|
||||
," [database_pathname]"
|
||||
);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
main(argc, argv)
|
||||
int argc;
|
||||
char **argv;
|
||||
{
|
||||
struct sockaddr_in from;
|
||||
register int n;
|
||||
int on = 1;
|
||||
int child;
|
||||
struct servent *sp;
|
||||
int fromlen;
|
||||
static KTEXT_ST pkt_st;
|
||||
KTEXT pkt = &pkt_st;
|
||||
int kerror;
|
||||
int c;
|
||||
extern char *optarg;
|
||||
extern int optind;
|
||||
|
||||
progname = argv[0];
|
||||
|
||||
while ((c = getopt(argc, argv, "snmp:a:l:r:")) != EOF) {
|
||||
switch(c) {
|
||||
case 's':
|
||||
/*
|
||||
* Set parameters to slave server defaults.
|
||||
*/
|
||||
if (max_age == -1 && !nflag)
|
||||
max_age = ONE_DAY; /* 24 hours */
|
||||
if (pause_int == -1)
|
||||
pause_int = FIVE_MINUTES; /* 5 minutes */
|
||||
if (lflag == 0) {
|
||||
log_file = KRBSLAVELOG;
|
||||
lflag++;
|
||||
}
|
||||
break;
|
||||
case 'n':
|
||||
max_age = -1; /* don't check max age. */
|
||||
nflag++;
|
||||
break;
|
||||
case 'm':
|
||||
mflag++; /* running manually; prompt for master key */
|
||||
break;
|
||||
case 'p':
|
||||
/* Set pause interval. */
|
||||
if (!isdigit(optarg[0]))
|
||||
usage();
|
||||
pause_int = atoi(optarg);
|
||||
if ((pause_int < 5) || (pause_int > ONE_HOUR)) {
|
||||
fprintf(stderr, "pause_int must be between 5 and 3600 seconds.\n");
|
||||
usage();
|
||||
}
|
||||
break;
|
||||
case 'a':
|
||||
/* Set max age. */
|
||||
if (!isdigit(optarg[0]))
|
||||
usage();
|
||||
max_age = atoi(optarg);
|
||||
if ((max_age < ONE_HOUR) || (max_age > THREE_DAYS)) {
|
||||
fprintf(stderr, "max_age must be between one hour and three days, in seconds\n");
|
||||
usage();
|
||||
}
|
||||
break;
|
||||
case 'l':
|
||||
/* Set alternate log file */
|
||||
lflag++;
|
||||
log_file = optarg;
|
||||
break;
|
||||
case 'r':
|
||||
/* Set realm name */
|
||||
rflag++;
|
||||
strcpy(local_realm, optarg);
|
||||
break;
|
||||
default:
|
||||
usage();
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (optind == (argc-1)) {
|
||||
if (kerb_db_set_name(argv[optind]) != 0) {
|
||||
fprintf(stderr, "Could not set alternate database name\n");
|
||||
exit(1);
|
||||
}
|
||||
optind++;
|
||||
}
|
||||
|
||||
if (optind != argc)
|
||||
usage();
|
||||
|
||||
printf("Kerberos server starting\n");
|
||||
|
||||
if ((!nflag) && (max_age != -1))
|
||||
printf("\tMaximum database age: %ld seconds\n", max_age);
|
||||
if (pause_int != -1)
|
||||
printf("\tSleep for %ld seconds on error\n", pause_int);
|
||||
else
|
||||
printf("\tSleep forever on error\n");
|
||||
if (mflag)
|
||||
printf("\tMaster key will be entered manually\n");
|
||||
|
||||
printf("\tLog file is %s\n", lflag ? log_file : KRBLOG);
|
||||
|
||||
if (lflag)
|
||||
kset_logfile(log_file);
|
||||
|
||||
/* find our hostname, and use it as the instance */
|
||||
if (gethostname(k_instance, INST_SZ)) {
|
||||
fprintf(stderr, "%s: gethostname error\n", progname);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if ((sp = getservbyname("kerberos", "udp")) == 0) {
|
||||
fprintf(stderr, "%s: udp/kerberos unknown service\n", progname);
|
||||
exit(1);
|
||||
}
|
||||
s_in.sin_port = sp->s_port;
|
||||
|
||||
if ((f = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
|
||||
fprintf(stderr, "%s: Can't open socket\n", progname);
|
||||
exit(1);
|
||||
}
|
||||
if (setsockopt(f, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0)
|
||||
fprintf(stderr, "%s: setsockopt (SO_REUSEADDR)\n", progname);
|
||||
|
||||
if (bind(f, (struct sockaddr *) &s_in, S_AD_SZ) < 0) {
|
||||
fprintf(stderr, "%s: Can't bind socket\n", progname);
|
||||
exit(1);
|
||||
}
|
||||
/* do all the database and cache inits */
|
||||
if ((n = kerb_init())) {
|
||||
if (mflag) {
|
||||
printf("Kerberos db and cache init ");
|
||||
printf("failed = %d ...exiting\n", n);
|
||||
exit(-1);
|
||||
} else {
|
||||
klog(L_KRB_PERR,
|
||||
"Kerberos db and cache init failed = %d ...exiting", n);
|
||||
hang();
|
||||
}
|
||||
}
|
||||
|
||||
/* Make sure database isn't stale */
|
||||
check_db_age();
|
||||
|
||||
/* setup master key */
|
||||
if (kdb_get_master_key (mflag, master_key, master_key_schedule) != 0) {
|
||||
klog (L_KRB_PERR, "kerberos: couldn't get master key.\n");
|
||||
exit (-1);
|
||||
}
|
||||
kerror = kdb_verify_master_key (master_key, master_key_schedule, stdout);
|
||||
if (kerror < 0) {
|
||||
klog (L_KRB_PERR, "Can't verify master key.");
|
||||
bzero (master_key, sizeof (master_key));
|
||||
bzero (master_key_schedule, sizeof (master_key_schedule));
|
||||
exit (-1);
|
||||
}
|
||||
|
||||
master_key_version = (u_char) kerror;
|
||||
|
||||
fprintf(stdout, "\nCurrent Kerberos master key version is %d\n",
|
||||
master_key_version);
|
||||
|
||||
if (!rflag) {
|
||||
/* Look up our local realm */
|
||||
krb_get_lrealm(local_realm, 1);
|
||||
}
|
||||
fprintf(stdout, "Local realm: %s\n", local_realm);
|
||||
fflush(stdout);
|
||||
|
||||
if (set_tgtkey(local_realm)) {
|
||||
/* Ticket granting service unknown */
|
||||
klog(L_KRB_PERR, "Ticket granting ticket service unknown");
|
||||
fprintf(stderr, "Ticket granting ticket service unknown\n");
|
||||
exit(1);
|
||||
}
|
||||
if (mflag) {
|
||||
if ((child = fork()) != 0) {
|
||||
printf("Kerberos started, PID=%d\n", child);
|
||||
exit(0);
|
||||
}
|
||||
setup_disc();
|
||||
}
|
||||
/* receive loop */
|
||||
for (;;) {
|
||||
fromlen = S_AD_SZ;
|
||||
n = recvfrom(f, pkt->dat, MAX_PKT_LEN, 0, (struct sockaddr *) &from,
|
||||
&fromlen);
|
||||
if (n > 0) {
|
||||
pkt->length = n;
|
||||
pkt->mbz = 0; /* force zeros to catch runaway strings */
|
||||
/* see what is left in the input queue */
|
||||
ioctl(f, FIONREAD, &q_bytes);
|
||||
gettimeofday(&kerb_time, NULL);
|
||||
q_n++;
|
||||
max_q_n = max(max_q_n, q_n);
|
||||
n_packets++;
|
||||
klog(L_NET_INFO,
|
||||
"q_byt %d, q_n %d, rd_byt %d, mx_q_b %d, mx_q_n %d, n_pkt %d",
|
||||
q_bytes, q_n, n, max_q_bytes, max_q_n, n_packets, 0);
|
||||
max_q_bytes = max(max_q_bytes, q_bytes);
|
||||
if (!q_bytes)
|
||||
q_n = 0; /* reset consecutive packets */
|
||||
kerberos(&from, pkt);
|
||||
} else
|
||||
klog(L_NET_ERR,
|
||||
"%s: bad recvfrom n = %d errno = %d", progname, n, errno, 0);
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
kerberos(client, pkt)
|
||||
struct sockaddr_in *client;
|
||||
KTEXT pkt;
|
||||
{
|
||||
static KTEXT_ST rpkt_st;
|
||||
KTEXT rpkt = &rpkt_st;
|
||||
static KTEXT_ST ciph_st;
|
||||
KTEXT ciph = &ciph_st;
|
||||
static KTEXT_ST tk_st;
|
||||
KTEXT tk = &tk_st;
|
||||
static KTEXT_ST auth_st;
|
||||
KTEXT auth = &auth_st;
|
||||
AUTH_DAT ad_st;
|
||||
AUTH_DAT *ad = &ad_st;
|
||||
|
||||
|
||||
static struct in_addr client_host;
|
||||
static int msg_byte_order;
|
||||
static int swap_bytes;
|
||||
static u_char k_flags;
|
||||
u_long lifetime;
|
||||
int i;
|
||||
C_Block key;
|
||||
Key_schedule key_s;
|
||||
char *ptr;
|
||||
|
||||
|
||||
|
||||
ciph->length = 0;
|
||||
|
||||
client_host = client->sin_addr;
|
||||
|
||||
/* eval macros and correct the byte order and alignment as needed */
|
||||
req_version = pkt_version(pkt); /* 1 byte, version */
|
||||
req_msg_type = pkt_msg_type(pkt); /* 1 byte, Kerberos msg type */
|
||||
|
||||
req_act_vno = req_version;
|
||||
|
||||
/* check packet version */
|
||||
if (req_version != KRB_PROT_VERSION) {
|
||||
lt = klog(L_KRB_PERR,
|
||||
"KRB prot version mismatch: KRB =%d request = %d",
|
||||
KRB_PROT_VERSION, req_version, 0);
|
||||
/* send an error reply */
|
||||
kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt);
|
||||
return;
|
||||
}
|
||||
msg_byte_order = req_msg_type & 1;
|
||||
|
||||
swap_bytes = 0;
|
||||
if (msg_byte_order != HOST_BYTE_ORDER) {
|
||||
swap_bytes++;
|
||||
}
|
||||
klog(L_KRB_PINFO,
|
||||
"Prot version: %d, Byte order: %d, Message type: %d",
|
||||
req_version, msg_byte_order, req_msg_type);
|
||||
|
||||
switch (req_msg_type & ~1) {
|
||||
|
||||
case AUTH_MSG_KDC_REQUEST:
|
||||
{
|
||||
u_long req_life; /* Requested liftime */
|
||||
char *service; /* Service name */
|
||||
char *instance; /* Service instance */
|
||||
n_auth_req++;
|
||||
tk->length = 0;
|
||||
k_flags = 0; /* various kerberos flags */
|
||||
|
||||
|
||||
/* set up and correct for byte order and alignment */
|
||||
req_name_ptr = (char *) pkt_a_name(pkt);
|
||||
req_inst_ptr = (char *) pkt_a_inst(pkt);
|
||||
req_realm_ptr = (char *) pkt_a_realm(pkt);
|
||||
bcopy(pkt_time_ws(pkt), &req_time_ws, sizeof(req_time_ws));
|
||||
/* time has to be diddled */
|
||||
if (swap_bytes) {
|
||||
swap_u_long(req_time_ws);
|
||||
}
|
||||
ptr = (char *) pkt_time_ws(pkt) + 4;
|
||||
|
||||
req_life = (u_long) (*ptr++);
|
||||
|
||||
service = ptr;
|
||||
instance = ptr + strlen(service) + 1;
|
||||
|
||||
rpkt = &rpkt_st;
|
||||
klog(L_INI_REQ,
|
||||
"Initial ticket request Host: %s User: \"%s\" \"%s\"",
|
||||
inet_ntoa(client_host), req_name_ptr, req_inst_ptr, 0);
|
||||
|
||||
if ((i = check_princ(req_name_ptr, req_inst_ptr, 0,
|
||||
&a_name_data))) {
|
||||
kerb_err_reply(client, pkt, i, lt);
|
||||
return;
|
||||
}
|
||||
tk->length = 0; /* init */
|
||||
if (strcmp(service, "krbtgt"))
|
||||
klog(L_NTGT_INTK,
|
||||
"INITIAL request from %s.%s for %s.%s",
|
||||
req_name_ptr, req_inst_ptr, service, instance, 0);
|
||||
/* this does all the checking */
|
||||
if ((i = check_princ(service, instance, lifetime,
|
||||
&s_name_data))) {
|
||||
kerb_err_reply(client, pkt, i, lt);
|
||||
return;
|
||||
}
|
||||
/* Bound requested lifetime with service and user */
|
||||
lifetime = min(req_life, ((u_long) s_name_data.max_life));
|
||||
lifetime = min(lifetime, ((u_long) a_name_data.max_life));
|
||||
|
||||
#ifdef NOENCRYPTION
|
||||
bzero(session_key, sizeof(C_Block));
|
||||
#else
|
||||
random_key(session_key);
|
||||
#endif
|
||||
/* unseal server's key from master key */
|
||||
bcopy(&s_name_data.key_low, key, 4);
|
||||
bcopy(&s_name_data.key_high, ((long *) key) + 1, 4);
|
||||
kdb_encrypt_key(key, key, master_key,
|
||||
master_key_schedule, DECRYPT);
|
||||
/* construct and seal the ticket */
|
||||
krb_create_ticket(tk, k_flags, a_name_data.name,
|
||||
a_name_data.instance, local_realm,
|
||||
client_host.s_addr, session_key, lifetime, kerb_time.tv_sec,
|
||||
s_name_data.name, s_name_data.instance, key);
|
||||
bzero(key, sizeof(key));
|
||||
bzero(key_s, sizeof(key_s));
|
||||
|
||||
/*
|
||||
* get the user's key, unseal it from the server's key, and
|
||||
* use it to seal the cipher
|
||||
*/
|
||||
|
||||
/* a_name_data.key_low a_name_data.key_high */
|
||||
bcopy(&a_name_data.key_low, key, 4);
|
||||
bcopy(&a_name_data.key_high, ((long *) key) + 1, 4);
|
||||
|
||||
/* unseal the a_name key from the master key */
|
||||
kdb_encrypt_key(key, key, master_key,
|
||||
master_key_schedule, DECRYPT);
|
||||
|
||||
create_ciph(ciph, session_key, s_name_data.name,
|
||||
s_name_data.instance, local_realm, lifetime,
|
||||
s_name_data.key_version, tk, kerb_time.tv_sec, key);
|
||||
|
||||
/* clear session key */
|
||||
bzero(session_key, sizeof(session_key));
|
||||
|
||||
bzero(key, sizeof(key));
|
||||
|
||||
|
||||
|
||||
/* always send a reply packet */
|
||||
rpkt = create_auth_reply(req_name_ptr, req_inst_ptr,
|
||||
req_realm_ptr, req_time_ws, 0, a_name_data.exp_date,
|
||||
a_name_data.key_version, ciph);
|
||||
sendto(f, rpkt->dat, rpkt->length, 0, (struct sockaddr *) client,
|
||||
S_AD_SZ);
|
||||
bzero(&a_name_data, sizeof(a_name_data));
|
||||
bzero(&s_name_data, sizeof(s_name_data));
|
||||
break;
|
||||
}
|
||||
case AUTH_MSG_APPL_REQUEST:
|
||||
{
|
||||
u_long time_ws; /* Workstation time */
|
||||
u_long req_life; /* Requested liftime */
|
||||
char *service; /* Service name */
|
||||
char *instance; /* Service instance */
|
||||
int kerno; /* Kerberos error number */
|
||||
char tktrlm[REALM_SZ];
|
||||
|
||||
n_appl_req++;
|
||||
tk->length = 0;
|
||||
k_flags = 0; /* various kerberos flags */
|
||||
|
||||
auth->length = 4 + strlen(pkt->dat + 3);
|
||||
auth->length += (int) *(pkt->dat + auth->length) +
|
||||
(int) *(pkt->dat + auth->length + 1) + 2;
|
||||
|
||||
bcopy(pkt->dat, auth->dat, auth->length);
|
||||
|
||||
strncpy(tktrlm, auth->dat + 3, REALM_SZ);
|
||||
if (set_tgtkey(tktrlm)) {
|
||||
lt = klog(L_ERR_UNK,
|
||||
"FAILED realm %s unknown. Host: %s ",
|
||||
tktrlm, inet_ntoa(client_host));
|
||||
kerb_err_reply(client, pkt, kerno, lt);
|
||||
return;
|
||||
}
|
||||
kerno = krb_rd_req(auth, "ktbtgt", tktrlm, client_host.s_addr,
|
||||
ad, 0);
|
||||
|
||||
if (kerno) {
|
||||
klog(L_ERR_UNK, "FAILED krb_rd_req from %s: %s",
|
||||
inet_ntoa(client_host), krb_err_txt[kerno]);
|
||||
kerb_err_reply(client, pkt, kerno, "krb_rd_req failed");
|
||||
return;
|
||||
}
|
||||
ptr = (char *) pkt->dat + auth->length;
|
||||
|
||||
bcopy(ptr, &time_ws, 4);
|
||||
ptr += 4;
|
||||
|
||||
req_life = (u_long) (*ptr++);
|
||||
|
||||
service = ptr;
|
||||
instance = ptr + strlen(service) + 1;
|
||||
|
||||
klog(L_APPL_REQ, "APPL Request %s.%s@%s on %s for %s.%s",
|
||||
ad->pname, ad->pinst, ad->prealm, inet_ntoa(client_host),
|
||||
service, instance, 0);
|
||||
|
||||
if (strcmp(ad->prealm, tktrlm)) {
|
||||
kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN,
|
||||
"Can't hop realms");
|
||||
return;
|
||||
}
|
||||
if (!strcmp(service, "changepw")) {
|
||||
kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN,
|
||||
"Can't authorize password changed based on TGT");
|
||||
return;
|
||||
}
|
||||
kerno = check_princ(service, instance, req_life,
|
||||
&s_name_data);
|
||||
if (kerno) {
|
||||
kerb_err_reply(client, pkt, kerno, lt);
|
||||
return;
|
||||
}
|
||||
/* Bound requested lifetime with service and user */
|
||||
lifetime = min(req_life,
|
||||
(ad->life - ((kerb_time.tv_sec - ad->time_sec) / 300)));
|
||||
lifetime = min(lifetime, ((u_long) s_name_data.max_life));
|
||||
|
||||
/* unseal server's key from master key */
|
||||
bcopy(&s_name_data.key_low, key, 4);
|
||||
bcopy(&s_name_data.key_high, ((long *) key) + 1, 4);
|
||||
kdb_encrypt_key(key, key, master_key,
|
||||
master_key_schedule, DECRYPT);
|
||||
/* construct and seal the ticket */
|
||||
|
||||
#ifdef NOENCRYPTION
|
||||
bzero(session_key, sizeof(C_Block));
|
||||
#else
|
||||
random_key(session_key);
|
||||
#endif
|
||||
|
||||
krb_create_ticket(tk, k_flags, ad->pname, ad->pinst,
|
||||
ad->prealm, client_host.s_addr,
|
||||
session_key, lifetime, kerb_time.tv_sec,
|
||||
s_name_data.name, s_name_data.instance,
|
||||
key);
|
||||
bzero(key, sizeof(key));
|
||||
bzero(key_s, sizeof(key_s));
|
||||
|
||||
create_ciph(ciph, session_key, service, instance,
|
||||
local_realm,
|
||||
lifetime, s_name_data.key_version, tk,
|
||||
kerb_time.tv_sec, ad->session);
|
||||
|
||||
/* clear session key */
|
||||
bzero(session_key, sizeof(session_key));
|
||||
|
||||
bzero(ad->session, sizeof(ad->session));
|
||||
|
||||
rpkt = create_auth_reply(ad->pname, ad->pinst,
|
||||
ad->prealm, time_ws,
|
||||
0, 0, 0, ciph);
|
||||
sendto(f, rpkt->dat, rpkt->length, 0, (struct sockaddr *) client,
|
||||
S_AD_SZ);
|
||||
bzero(&s_name_data, sizeof(s_name_data));
|
||||
break;
|
||||
}
|
||||
|
||||
|
||||
#ifdef notdef_DIE
|
||||
case AUTH_MSG_DIE:
|
||||
{
|
||||
lt = klog(L_DEATH_REQ,
|
||||
"Host: %s User: \"%s\" \"%s\" Kerberos killed",
|
||||
inet_ntoa(client_host), req_name_ptr, req_inst_ptr, 0);
|
||||
exit(0);
|
||||
}
|
||||
#endif notdef_DIE
|
||||
|
||||
default:
|
||||
{
|
||||
lt = klog(L_KRB_PERR,
|
||||
"Unknown message type: %d from %s port %u",
|
||||
req_msg_type, inet_ntoa(client_host),
|
||||
ntohs(client->sin_port));
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* setup_disc
|
||||
*
|
||||
* disconnect all descriptors, remove ourself from the process
|
||||
* group that spawned us.
|
||||
*/
|
||||
|
||||
void
|
||||
setup_disc()
|
||||
{
|
||||
|
||||
int s;
|
||||
|
||||
for (s = 0; s < 3; s++) {
|
||||
(void) close(s);
|
||||
}
|
||||
|
||||
(void) open("/dev/null", 0);
|
||||
(void) dup2(0, 1);
|
||||
(void) dup2(0, 2);
|
||||
|
||||
s = open("/dev/tty", 2);
|
||||
|
||||
if (s >= 0) {
|
||||
ioctl(s, TIOCNOTTY, (struct sgttyb *) 0);
|
||||
(void) close(s);
|
||||
}
|
||||
(void) chdir("/tmp");
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* kerb_er_reply creates an error reply packet and sends it to the
|
||||
* client.
|
||||
*/
|
||||
|
||||
void
|
||||
kerb_err_reply(client, pkt, err, string)
|
||||
struct sockaddr_in *client;
|
||||
KTEXT pkt;
|
||||
long err;
|
||||
char *string;
|
||||
|
||||
{
|
||||
static KTEXT_ST e_pkt_st;
|
||||
KTEXT e_pkt = &e_pkt_st;
|
||||
static char e_msg[128];
|
||||
|
||||
strcpy(e_msg, "\nKerberos error -- ");
|
||||
strcat(e_msg, string);
|
||||
cr_err_reply(e_pkt, req_name_ptr, req_inst_ptr, req_realm_ptr,
|
||||
req_time_ws, err, e_msg);
|
||||
sendto(f, e_pkt->dat, e_pkt->length, 0, (struct sockaddr *) client,
|
||||
S_AD_SZ);
|
||||
|
||||
}
|
||||
|
||||
/*
|
||||
* Make sure that database isn't stale.
|
||||
*
|
||||
* Exit if it is; we don't want to tell lies.
|
||||
*/
|
||||
|
||||
static void check_db_age()
|
||||
{
|
||||
long age;
|
||||
|
||||
if (max_age != -1) {
|
||||
/* Requires existance of kerb_get_db_age() */
|
||||
gettimeofday(&kerb_time, 0);
|
||||
age = kerb_get_db_age();
|
||||
if (age == 0) {
|
||||
klog(L_KRB_PERR, "Database currently being updated!");
|
||||
hang();
|
||||
}
|
||||
if ((age + max_age) < kerb_time.tv_sec) {
|
||||
klog(L_KRB_PERR, "Database out of date!");
|
||||
hang();
|
||||
/* NOTREACHED */
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
int
|
||||
check_princ(p_name, instance, lifetime, p)
|
||||
char *p_name;
|
||||
char *instance;
|
||||
unsigned lifetime;
|
||||
|
||||
Principal *p;
|
||||
{
|
||||
static int n;
|
||||
static int more;
|
||||
|
||||
n = kerb_get_principal(p_name, instance, p, 1, &more);
|
||||
klog(L_ALL_REQ,
|
||||
"Principal: \"%s\", Instance: \"%s\" Lifetime = %d n = %d",
|
||||
p_name, instance, lifetime, n, 0);
|
||||
|
||||
if (n < 0) {
|
||||
lt = klog(L_KRB_PERR, "Database unavailable!");
|
||||
hang();
|
||||
}
|
||||
|
||||
/*
|
||||
* if more than one p_name, pick one, randomly create a session key,
|
||||
* compute maximum lifetime, lookup authorizations if applicable,
|
||||
* and stuff into cipher.
|
||||
*/
|
||||
if (n == 0) {
|
||||
/* service unknown, log error, skip to next request */
|
||||
lt = klog(L_ERR_UNK, "UNKNOWN \"%s\" \"%s\"", p_name,
|
||||
instance, 0);
|
||||
return KERB_ERR_PRINCIPAL_UNKNOWN;
|
||||
}
|
||||
if (more) {
|
||||
/* not unique, log error */
|
||||
lt = klog(L_ERR_NUN, "Principal NOT UNIQUE \"%s\" \"%s\"",
|
||||
p_name, instance, 0);
|
||||
return KERB_ERR_PRINCIPAL_NOT_UNIQUE;
|
||||
}
|
||||
/* If the user's key is null, we want to return an error */
|
||||
if ((p->key_low == 0) && (p->key_high == 0)) {
|
||||
/* User has a null key */
|
||||
lt = klog(L_ERR_NKY, "Null key \"%s\" \"%s\"", p_name,
|
||||
instance, 0);
|
||||
return KERB_ERR_NULL_KEY;
|
||||
}
|
||||
if (master_key_version != p->kdc_key_ver) {
|
||||
/* log error reply */
|
||||
lt = klog(L_ERR_MKV,
|
||||
"Key vers incorrect, KRB = %d, \"%s\" \"%s\" = %d",
|
||||
master_key_version, p->name, p->instance, p->kdc_key_ver,
|
||||
0);
|
||||
return KERB_ERR_NAME_MAST_KEY_VER;
|
||||
}
|
||||
/* make sure the service hasn't expired */
|
||||
if ((u_long) p->exp_date < (u_long) kerb_time.tv_sec) {
|
||||
/* service did expire, log it */
|
||||
lt = klog(L_ERR_SEXP,
|
||||
"EXPIRED \"%s\" \"%s\" %s", p->name, p->instance,
|
||||
stime(&(p->exp_date)), 0);
|
||||
return KERB_ERR_NAME_EXP;
|
||||
}
|
||||
/* ok is zero */
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* Set the key for krb_rd_req so we can check tgt */
|
||||
int
|
||||
set_tgtkey(r)
|
||||
char *r; /* Realm for desired key */
|
||||
{
|
||||
int n;
|
||||
static char lastrealm[REALM_SZ];
|
||||
Principal p_st;
|
||||
Principal *p = &p_st;
|
||||
C_Block key;
|
||||
|
||||
if (!strcmp(lastrealm, r))
|
||||
return (KSUCCESS);
|
||||
|
||||
log("Getting key for %s", r);
|
||||
|
||||
n = kerb_get_principal("krbtgt", r, p, 1, &more);
|
||||
if (n == 0)
|
||||
return (KFAILURE);
|
||||
|
||||
/* unseal tgt key from master key */
|
||||
bcopy(&p->key_low, key, 4);
|
||||
bcopy(&p->key_high, ((long *) key) + 1, 4);
|
||||
kdb_encrypt_key(key, key, master_key,
|
||||
master_key_schedule, DECRYPT);
|
||||
krb_set_key(key, 0);
|
||||
strcpy(lastrealm, r);
|
||||
return (KSUCCESS);
|
||||
}
|
||||
|
||||
static void
|
||||
hang()
|
||||
{
|
||||
if (pause_int == -1) {
|
||||
klog(L_KRB_PERR, "Kerberos will pause so as not to loop init");
|
||||
for (;;)
|
||||
pause();
|
||||
} else {
|
||||
char buf[256];
|
||||
sprintf(buf, "Kerberos will wait %ld seconds before dying so as not to loop init", pause_int);
|
||||
klog(L_KRB_PERR, buf);
|
||||
sleep(pause_int);
|
||||
klog(L_KRB_PERR, "Do svedania....\n");
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
@@ -1,11 +0,0 @@
|
||||
# From: @(#)Makefile 5.1 (Berkeley) 6/25/90
|
||||
# $Id: Makefile,v 1.3 1995/07/18 16:37:53 mark Exp $
|
||||
|
||||
PROG= kinit
|
||||
CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include -DBSD42 -Wall
|
||||
DPADD= ${LIBKRB} ${LIBDES}
|
||||
LDADD= -L${KRBOBJDIR} -lkrb -ldes
|
||||
BINDIR= /usr/bin
|
||||
MAN1= kinit.1
|
||||
|
||||
.include <bsd.prog.mk>
|
||||
@@ -1,133 +0,0 @@
|
||||
.\" from: kinit.1,v 4.6 89/01/23 11:39:11 jtkohl Exp $
|
||||
.\" $Id: kinit.1,v 1.2 1994/07/19 19:27:36 g89r4222 Exp $
|
||||
.\" Copyright 1989 by the Massachusetts Institute of Technology.
|
||||
.\"
|
||||
.\" For copying and distribution information,
|
||||
.\" please see the file <Copyright.MIT>.
|
||||
.\"
|
||||
.TH KINIT 1 "Kerberos Version 4.0" "MIT Project Athena"
|
||||
.SH NAME
|
||||
kinit \- Kerberos login utility
|
||||
.SH SYNOPSIS
|
||||
.B kinit
|
||||
[
|
||||
.B \-irvl
|
||||
]
|
||||
.SH DESCRIPTION
|
||||
The
|
||||
.I kinit
|
||||
command is used to login to the
|
||||
Kerberos
|
||||
authentication and authorization system.
|
||||
Note that only registered
|
||||
Kerberos
|
||||
users can use the
|
||||
Kerberos
|
||||
system.
|
||||
For information about registering as a
|
||||
Kerberos
|
||||
user,
|
||||
see the
|
||||
.I kerberos(1)
|
||||
manual page.
|
||||
.PP
|
||||
If you are logged in to a workstation that is running the
|
||||
.I toehold
|
||||
service,
|
||||
you do not have to use
|
||||
.I kinit.
|
||||
The
|
||||
.I toehold
|
||||
login procedure will log you into
|
||||
Kerberos
|
||||
automatically.
|
||||
You will need to use
|
||||
.I kinit
|
||||
only in those situations in which
|
||||
your original tickets have expired.
|
||||
(Tickets expire in about a day.)
|
||||
Note as well that
|
||||
.I toehold
|
||||
will automatically destroy your tickets when you logout from the workstation.
|
||||
.PP
|
||||
When you use
|
||||
.I kinit
|
||||
without options,
|
||||
the utility
|
||||
prompts for your username and Kerberos password,
|
||||
and tries to authenticate your login with the local
|
||||
Kerberos
|
||||
server.
|
||||
.PP
|
||||
If
|
||||
Kerberos
|
||||
authenticates the login attempt,
|
||||
.I kinit
|
||||
retrieves your initial ticket and puts it in the ticket file specified by
|
||||
your KRBTKFILE environment variable.
|
||||
If this variable is undefined,
|
||||
your ticket will be stored in the
|
||||
.IR /tmp
|
||||
directory,
|
||||
in the file
|
||||
.I tktuid ,
|
||||
where
|
||||
.I uid
|
||||
specifies your user identification number.
|
||||
.PP
|
||||
If you have logged in to
|
||||
Kerberos
|
||||
without the benefit of the workstation
|
||||
.I toehold
|
||||
system,
|
||||
make sure you use the
|
||||
.I kdestroy
|
||||
command to destroy any active tickets before you end your login session.
|
||||
You may want to put the
|
||||
.I kdestroy
|
||||
command in your
|
||||
.I \.logout
|
||||
file so that your tickets will be destroyed automatically when you logout.
|
||||
.PP
|
||||
The options to
|
||||
.I kinit
|
||||
are as follows:
|
||||
.TP 7
|
||||
.B \-i
|
||||
.I kinit
|
||||
prompts you for a
|
||||
Kerberos
|
||||
instance.
|
||||
.TP
|
||||
.B \-r
|
||||
.I kinit
|
||||
prompts you for a
|
||||
Kerberos
|
||||
realm.
|
||||
This option lets you authenticate yourself with a remote
|
||||
Kerberos
|
||||
server.
|
||||
.TP
|
||||
.B \-v
|
||||
Verbose mode.
|
||||
.I kinit
|
||||
prints the name of the ticket file used, and
|
||||
a status message indicating the success or failure of
|
||||
your login attempt.
|
||||
.TP
|
||||
.B \-l
|
||||
.I kinit
|
||||
prompts you for a ticket lifetime in minutes. Due to protocol
|
||||
restrictions in Kerberos Version 4, this value must be between 5 and
|
||||
1275 minutes.
|
||||
.SH SEE ALSO
|
||||
.PP
|
||||
kerberos(1), kdestroy(1), klist(1), toehold(1)
|
||||
.SH BUGS
|
||||
The
|
||||
.B \-r
|
||||
option has not been fully implemented.
|
||||
.SH AUTHORS
|
||||
Steve Miller, MIT Project Athena/Digital Equipment Corporation
|
||||
.br
|
||||
Clifford Neuman, MIT Project Athena
|
||||
@@ -1,224 +0,0 @@
|
||||
/*
|
||||
* Copyright 1987, 1988 by the Massachusetts Institute of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* Routine to initialize user to Kerberos. Prompts optionally for
|
||||
* user, instance and realm. Authenticates user and gets a ticket
|
||||
* for the Kerberos ticket-granting service for future use.
|
||||
*
|
||||
* Options are:
|
||||
*
|
||||
* -i[instance]
|
||||
* -r[realm]
|
||||
* -v[erbose]
|
||||
* -l[ifetime]
|
||||
*
|
||||
* from: kinit.c,v 4.12 90/03/20 16:11:15 jon Exp $
|
||||
* $Id: kinit.c,v 1.4 1995/08/03 17:16:00 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: kinit.c,v 1.4 1995/08/03 17:16:00 mark Exp $";
|
||||
#endif lint
|
||||
#endif
|
||||
|
||||
#include <unistd.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <pwd.h>
|
||||
#include <krb.h>
|
||||
|
||||
#ifndef ORGANIZATION
|
||||
#define ORGANIZATION "MIT Project Athena"
|
||||
#endif /*ORGANIZATION*/
|
||||
|
||||
#ifdef PC
|
||||
#define LEN 64 /* just guessing */
|
||||
#endif PC
|
||||
|
||||
#if defined(BSD42) || defined(__FreeBSD__) || defined(__NetBSD__)
|
||||
#include <strings.h>
|
||||
#include <sys/param.h>
|
||||
#if defined(ultrix) || defined(sun)
|
||||
#define LEN 64
|
||||
#else
|
||||
#define LEN MAXHOSTNAMELEN
|
||||
#endif /* defined(ultrix) || defined(sun) */
|
||||
#endif /* BSD42 */
|
||||
|
||||
#define LIFE 96 /* lifetime of ticket in 5-minute units */
|
||||
|
||||
char *progname;
|
||||
|
||||
void usage(void);
|
||||
|
||||
void
|
||||
get_input(s, size, stream)
|
||||
char *s;
|
||||
int size;
|
||||
FILE *stream;
|
||||
{
|
||||
char *p;
|
||||
|
||||
if (fgets(s, size, stream) == NULL)
|
||||
exit(1);
|
||||
if ((p = index(s, '\n')) != NULL)
|
||||
*p = '\0';
|
||||
}
|
||||
|
||||
int
|
||||
main(argc, argv)
|
||||
int argc;
|
||||
char *argv[];
|
||||
{
|
||||
char aname[ANAME_SZ];
|
||||
char inst[INST_SZ];
|
||||
char realm[REALM_SZ];
|
||||
char buf[LEN];
|
||||
char *username = NULL;
|
||||
int iflag, rflag, vflag, lflag, lifetime, k_errno;
|
||||
register char *cp;
|
||||
register i;
|
||||
|
||||
*inst = *realm = '\0';
|
||||
iflag = rflag = vflag = lflag = 0;
|
||||
lifetime = LIFE;
|
||||
progname = (cp = rindex(*argv, '/')) ? cp + 1 : *argv;
|
||||
|
||||
while (--argc) {
|
||||
if ((*++argv)[0] != '-') {
|
||||
if (username)
|
||||
usage();
|
||||
username = *argv;
|
||||
continue;
|
||||
}
|
||||
for (i = 1; (*argv)[i] != '\0'; i++)
|
||||
switch ((*argv)[i]) {
|
||||
case 'i': /* Instance */
|
||||
++iflag;
|
||||
continue;
|
||||
case 'r': /* Realm */
|
||||
++rflag;
|
||||
continue;
|
||||
case 'v': /* Verbose */
|
||||
++vflag;
|
||||
continue;
|
||||
case 'l':
|
||||
++lflag;
|
||||
continue;
|
||||
default:
|
||||
usage();
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
if (username &&
|
||||
(k_errno = kname_parse(aname, inst, realm, username))
|
||||
!= KSUCCESS) {
|
||||
fprintf(stderr, "%s: %s\n", progname, krb_err_txt[k_errno]);
|
||||
iflag = rflag = 1;
|
||||
username = NULL;
|
||||
}
|
||||
if (k_gethostname(buf, LEN)) {
|
||||
fprintf(stderr, "%s: k_gethostname failed\n", progname);
|
||||
exit(1);
|
||||
}
|
||||
printf("%s (%s)\n", ORGANIZATION, buf);
|
||||
if (username) {
|
||||
printf("Kerberos Initialization for \"%s", aname);
|
||||
if (*inst)
|
||||
printf(".%s", inst);
|
||||
if (*realm)
|
||||
printf("@%s", realm);
|
||||
printf("\"\n");
|
||||
} else {
|
||||
if (iflag) {
|
||||
printf("Kerberos Initialization\n");
|
||||
printf("Kerberos name: ");
|
||||
get_input(aname, sizeof(aname), stdin);
|
||||
} else {
|
||||
int uid = getuid();
|
||||
char *getenv();
|
||||
struct passwd *pwd;
|
||||
|
||||
/* default to current user name unless running as root */
|
||||
if (uid == 0 && (username = getenv("USER")) &&
|
||||
strcmp(username, "root") != 0) {
|
||||
strncpy(aname, username, sizeof(aname));
|
||||
strncpy(inst, "root", sizeof(inst));
|
||||
} else {
|
||||
pwd = getpwuid(uid);
|
||||
|
||||
if (pwd == (struct passwd *) NULL) {
|
||||
fprintf(stderr, "Unknown name for your uid\n");
|
||||
printf("Kerberos name: ");
|
||||
gets(aname);
|
||||
} else
|
||||
strncpy(aname, pwd->pw_name, sizeof(aname));
|
||||
}
|
||||
}
|
||||
|
||||
if (!*aname)
|
||||
exit(0);
|
||||
if (!k_isname(aname)) {
|
||||
fprintf(stderr, "%s: bad Kerberos name format\n",
|
||||
progname);
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
/* optional instance */
|
||||
if (iflag) {
|
||||
printf("Kerberos instance: ");
|
||||
get_input(inst, sizeof(inst), stdin);
|
||||
if (!k_isinst(inst)) {
|
||||
fprintf(stderr, "%s: bad Kerberos instance format\n",
|
||||
progname);
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
if (rflag) {
|
||||
printf("Kerberos realm: ");
|
||||
get_input(realm, sizeof(realm), stdin);
|
||||
if (!k_isrealm(realm)) {
|
||||
fprintf(stderr, "%s: bad Kerberos realm format\n",
|
||||
progname);
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
if (lflag) {
|
||||
printf("Kerberos ticket lifetime (minutes): ");
|
||||
get_input(buf, sizeof(buf), stdin);
|
||||
lifetime = atoi(buf);
|
||||
if (lifetime < 5)
|
||||
lifetime = 1;
|
||||
else
|
||||
lifetime /= 5;
|
||||
/* This should be changed if the maximum ticket lifetime */
|
||||
/* changes */
|
||||
if (lifetime > 255)
|
||||
lifetime = 255;
|
||||
}
|
||||
if (!*realm && krb_get_lrealm(realm, 1)) {
|
||||
fprintf(stderr, "%s: krb_get_lrealm failed\n", progname);
|
||||
exit(1);
|
||||
}
|
||||
k_errno = krb_get_pw_in_tkt(aname, inst, realm, "krbtgt", realm,
|
||||
lifetime, 0);
|
||||
if (vflag) {
|
||||
printf("Kerberos realm %s:\n", realm);
|
||||
printf("%s\n", krb_err_txt[k_errno]);
|
||||
} else if (k_errno) {
|
||||
fprintf(stderr, "%s: %s\n", progname, krb_err_txt[k_errno]);
|
||||
exit(1);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
void
|
||||
usage()
|
||||
{
|
||||
fprintf(stderr, "Usage: %s [-irvl] [name]\n", progname);
|
||||
exit(1);
|
||||
}
|
||||
@@ -1,11 +0,0 @@
|
||||
# From: @(#)Makefile 5.1 (Berkeley) 6/25/90
|
||||
# $Id: Makefile,v 1.3 1995/07/18 16:37:57 mark Exp $
|
||||
|
||||
PROG= klist
|
||||
CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include -Wall
|
||||
DPADD= ${LIBKRB} ${LIBDES}
|
||||
LDADD= -L${KRBOBJDIR} -lkrb -ldes
|
||||
BINDIR= /usr/bin
|
||||
MAN1= klist.1
|
||||
|
||||
.include <bsd.prog.mk>
|
||||
@@ -1,84 +0,0 @@
|
||||
.\" from: klist.1,v 4.8 89/01/24 14:35:09 jtkohl Exp $
|
||||
.\" $Id: klist.1,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $
|
||||
.\" Copyright 1989 by the Massachusetts Institute of Technology.
|
||||
.\"
|
||||
.\" For copying and distribution information,
|
||||
.\" please see the file <Copyright.MIT>.
|
||||
.\"
|
||||
.TH KLIST 1 "Kerberos Version 4.0" "MIT Project Athena"
|
||||
.SH NAME
|
||||
klist \- list currently held Kerberos tickets
|
||||
.SH SYNOPSIS
|
||||
.B klist
|
||||
[
|
||||
\fB\-s \fR|\fB \-t\fR
|
||||
] [
|
||||
.B \-file
|
||||
name ] [
|
||||
.B \-srvtab
|
||||
]
|
||||
.br
|
||||
.SH DESCRIPTION
|
||||
.I klist
|
||||
prints the name of the tickets file and the
|
||||
identity of the principal the tickets are for (as listed in the
|
||||
tickets file), and
|
||||
lists the principal names of all Kerberos tickets currently held by
|
||||
the user, along with the issue and expire time for each authenticator.
|
||||
Principal names are listed in the form
|
||||
.I name.instance@realm,
|
||||
with the '.' omitted if the instance is null,
|
||||
and the '@' omitted if the realm is null.
|
||||
|
||||
If given the
|
||||
.B \-s
|
||||
option,
|
||||
.I klist
|
||||
does not print the issue and expire times, the name of the tickets file,
|
||||
or the identity of the principal.
|
||||
|
||||
If given the
|
||||
.B \-t
|
||||
option,
|
||||
.B klist
|
||||
checks for the existence of a non-expired ticket-granting-ticket in the
|
||||
ticket file. If one is present, it exits with status 0, else it exits
|
||||
with status 1. No output is generated when this option is specified.
|
||||
|
||||
If given the
|
||||
.B \-file
|
||||
option, the following argument is used as the ticket file.
|
||||
Otherwise, if the
|
||||
.B KRBTKFILE
|
||||
environment variable is set, it is used.
|
||||
If this environment variable
|
||||
is not set, the file
|
||||
.B /tmp/tkt[uid]
|
||||
is used, where
|
||||
.B uid
|
||||
is the current user-id of the user.
|
||||
|
||||
If given the
|
||||
.B \-srvtab
|
||||
option, the file is treated as a service key file, and the names of the
|
||||
keys contained therein are printed. If no file is
|
||||
specified with a
|
||||
.B \-file
|
||||
option, the default is
|
||||
.IR /etc/kerberosIV/srvtab .
|
||||
.SH FILES
|
||||
.TP 2i
|
||||
/etc/kerberosIV/krb.conf
|
||||
to get the name of the local realm
|
||||
.TP
|
||||
/tmp/tkt[uid]
|
||||
as the default ticket file ([uid] is the decimal UID of the user).
|
||||
.TP
|
||||
/etc/kerberosIV/srvtab
|
||||
as the default service key file
|
||||
.SH SEE ALSO
|
||||
.PP
|
||||
kerberos(1), kinit(1), kdestroy(1)
|
||||
.SH BUGS
|
||||
When reading a file as a service key file, very little sanity or error
|
||||
checking is performed.
|
||||
@@ -1,288 +0,0 @@
|
||||
/*
|
||||
* Copyright 1987, 1988 by the Massachusetts Institute of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* Lists your current Kerberos tickets.
|
||||
* Written by Bill Sommerfeld, MIT Project Athena.
|
||||
*
|
||||
* from: klist.c,v 4.15 89/08/30 11:19:16 jtkohl Exp $
|
||||
* $Id: klist.c,v 1.3 1995/07/18 16:37:59 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: klist.c,v 1.3 1995/07/18 16:37:59 mark Exp $";
|
||||
#endif lint
|
||||
#endif
|
||||
|
||||
#include <unistd.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <strings.h>
|
||||
#include <sys/file.h>
|
||||
#include <krb.h>
|
||||
#include <prot.h>
|
||||
#include <time.h>
|
||||
|
||||
int ok_getst(int fd, char *s, int n);
|
||||
void display_srvtab(char *file);
|
||||
char *short_date(long *dp);
|
||||
void usage(void);
|
||||
void display_tktfile(char *file, int tgt_test, int long_form);
|
||||
|
||||
char *whoami; /* What was I invoked as?? */
|
||||
|
||||
extern char *krb_err_txt[];
|
||||
|
||||
/* ARGSUSED */
|
||||
int
|
||||
main(argc, argv)
|
||||
int argc;
|
||||
char **argv;
|
||||
{
|
||||
int long_form = 1;
|
||||
int tgt_test = 0;
|
||||
int do_srvtab = 0;
|
||||
char *tkt_file = NULL;
|
||||
char *cp;
|
||||
|
||||
whoami = (cp = rindex(*argv, '/')) ? cp + 1 : *argv;
|
||||
|
||||
while (*(++argv)) {
|
||||
if (!strcmp(*argv, "-s")) {
|
||||
long_form = 0;
|
||||
continue;
|
||||
}
|
||||
if (!strcmp(*argv, "-t")) {
|
||||
tgt_test = 1;
|
||||
long_form = 0;
|
||||
continue;
|
||||
}
|
||||
if (!strcmp(*argv, "-l")) { /* now default */
|
||||
continue;
|
||||
}
|
||||
if (!strcmp(*argv, "-file")) {
|
||||
if (*(++argv)) {
|
||||
tkt_file = *argv;
|
||||
continue;
|
||||
} else
|
||||
usage();
|
||||
}
|
||||
if (!strcmp(*argv, "-srvtab")) {
|
||||
if (tkt_file == NULL) /* if no other file spec'ed,
|
||||
set file to default srvtab */
|
||||
tkt_file = KEYFILE;
|
||||
do_srvtab = 1;
|
||||
continue;
|
||||
}
|
||||
usage();
|
||||
}
|
||||
|
||||
if (do_srvtab)
|
||||
display_srvtab(tkt_file);
|
||||
else
|
||||
display_tktfile(tkt_file, tgt_test, long_form);
|
||||
exit(0);
|
||||
}
|
||||
|
||||
void
|
||||
display_tktfile(file, tgt_test, long_form)
|
||||
char *file;
|
||||
int tgt_test, long_form;
|
||||
{
|
||||
char pname[ANAME_SZ];
|
||||
char pinst[INST_SZ];
|
||||
char prealm[REALM_SZ];
|
||||
char buf1[20], buf2[20];
|
||||
int k_errno;
|
||||
CREDENTIALS c;
|
||||
int header = 1;
|
||||
|
||||
if ((file == NULL) && ((file = getenv("KRBTKFILE")) == NULL))
|
||||
file = TKT_FILE;
|
||||
|
||||
if (long_form)
|
||||
printf("Ticket file: %s\n", file);
|
||||
|
||||
/*
|
||||
* Since krb_get_tf_realm will return a ticket_file error,
|
||||
* we will call tf_init and tf_close first to filter out
|
||||
* things like no ticket file. Otherwise, the error that
|
||||
* the user would see would be
|
||||
* klist: can't find realm of ticket file: No ticket file (tf_util)
|
||||
* instead of
|
||||
* klist: No ticket file (tf_util)
|
||||
*/
|
||||
|
||||
/* Open ticket file */
|
||||
if ((k_errno = tf_init(file, R_TKT_FIL))) {
|
||||
if (!tgt_test)
|
||||
fprintf(stderr, "%s: %s\n", whoami, krb_err_txt[k_errno]);
|
||||
exit(1);
|
||||
}
|
||||
/* Close ticket file */
|
||||
(void) tf_close();
|
||||
|
||||
/*
|
||||
* We must find the realm of the ticket file here before calling
|
||||
* tf_init because since the realm of the ticket file is not
|
||||
* really stored in the principal section of the file, the
|
||||
* routine we use must itself call tf_init and tf_close.
|
||||
*/
|
||||
if ((k_errno = krb_get_tf_realm(file, prealm)) != KSUCCESS) {
|
||||
if (!tgt_test)
|
||||
fprintf(stderr, "%s: can't find realm of ticket file: %s\n",
|
||||
whoami, krb_err_txt[k_errno]);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
/* Open ticket file */
|
||||
if ((k_errno = tf_init(file, R_TKT_FIL))) {
|
||||
if (!tgt_test)
|
||||
fprintf(stderr, "%s: %s\n", whoami, krb_err_txt[k_errno]);
|
||||
exit(1);
|
||||
}
|
||||
/* Get principal name and instance */
|
||||
if ((k_errno = tf_get_pname(pname)) ||
|
||||
(k_errno = tf_get_pinst(pinst))) {
|
||||
if (!tgt_test)
|
||||
fprintf(stderr, "%s: %s\n", whoami, krb_err_txt[k_errno]);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
/*
|
||||
* You may think that this is the obvious place to get the
|
||||
* realm of the ticket file, but it can't be done here as the
|
||||
* routine to do this must open the ticket file. This is why
|
||||
* it was done before tf_init.
|
||||
*/
|
||||
|
||||
if (!tgt_test && long_form)
|
||||
printf("Principal:\t%s%s%s%s%s\n\n", pname,
|
||||
(pinst[0] ? "." : ""), pinst,
|
||||
(prealm[0] ? "@" : ""), prealm);
|
||||
while ((k_errno = tf_get_cred(&c)) == KSUCCESS) {
|
||||
if (!tgt_test && long_form && header) {
|
||||
printf("%-15s %-15s %s\n",
|
||||
" Issued", " Expires", " Principal");
|
||||
header = 0;
|
||||
}
|
||||
if (tgt_test) {
|
||||
c.issue_date += ((unsigned char) c.lifetime) * 5 * 60;
|
||||
if (!strcmp(c.service, TICKET_GRANTING_TICKET) &&
|
||||
!strcmp(c.instance, prealm)) {
|
||||
if (time(0) < c.issue_date)
|
||||
exit(0); /* tgt hasn't expired */
|
||||
else
|
||||
exit(1); /* has expired */
|
||||
}
|
||||
continue; /* not a tgt */
|
||||
}
|
||||
if (long_form) {
|
||||
(void) strcpy(buf1, short_date(&c.issue_date));
|
||||
c.issue_date += ((unsigned char) c.lifetime) * 5 * 60;
|
||||
(void) strcpy(buf2, short_date(&c.issue_date));
|
||||
printf("%s %s ", buf1, buf2);
|
||||
}
|
||||
printf("%s%s%s%s%s\n",
|
||||
c.service, (c.instance[0] ? "." : ""), c.instance,
|
||||
(c.realm[0] ? "@" : ""), c.realm);
|
||||
}
|
||||
if (tgt_test)
|
||||
exit(1); /* no tgt found */
|
||||
if (header && long_form && k_errno == EOF) {
|
||||
printf("No tickets in file.\n");
|
||||
}
|
||||
}
|
||||
|
||||
char *
|
||||
short_date(dp)
|
||||
long *dp;
|
||||
{
|
||||
register char *cp;
|
||||
extern char *ctime();
|
||||
cp = ctime(dp) + 4;
|
||||
cp[15] = '\0';
|
||||
return (cp);
|
||||
}
|
||||
|
||||
void
|
||||
usage()
|
||||
{
|
||||
fprintf(stderr,
|
||||
"Usage: %s [ -s | -t ] [ -file filename ] [ -srvtab ]\n", whoami);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
void
|
||||
display_srvtab(file)
|
||||
char *file;
|
||||
{
|
||||
int stab;
|
||||
char serv[SNAME_SZ];
|
||||
char inst[INST_SZ];
|
||||
char rlm[REALM_SZ];
|
||||
unsigned char key[8];
|
||||
unsigned char vno;
|
||||
int count;
|
||||
|
||||
printf("Server key file: %s\n", file);
|
||||
|
||||
if ((stab = open(file, O_RDONLY, 0400)) < 0) {
|
||||
perror(file);
|
||||
exit(1);
|
||||
}
|
||||
printf("%-15s %-15s %-10s %s\n","Service","Instance","Realm",
|
||||
"Key Version");
|
||||
printf("------------------------------------------------------\n");
|
||||
|
||||
/* argh. getst doesn't return error codes, it silently fails */
|
||||
while (((count = ok_getst(stab, serv, SNAME_SZ)) > 0)
|
||||
&& ((count = ok_getst(stab, inst, INST_SZ)) > 0)
|
||||
&& ((count = ok_getst(stab, rlm, REALM_SZ)) > 0)) {
|
||||
if (((count = read(stab,(char *) &vno,1)) != 1) ||
|
||||
((count = read(stab,(char *) key,8)) != 8)) {
|
||||
if (count < 0)
|
||||
perror("reading from key file");
|
||||
else
|
||||
fprintf(stderr, "key file truncated\n");
|
||||
exit(1);
|
||||
}
|
||||
printf("%-15s %-15s %-15s %d\n",serv,inst,rlm,vno);
|
||||
}
|
||||
if (count < 0)
|
||||
perror(file);
|
||||
(void) close(stab);
|
||||
}
|
||||
|
||||
/* adapted from getst() in librkb */
|
||||
/*
|
||||
* ok_getst() takes a file descriptor, a string and a count. It reads
|
||||
* from the file until either it has read "count" characters, or until
|
||||
* it reads a null byte. When finished, what has been read exists in
|
||||
* the given string "s". If "count" characters were actually read, the
|
||||
* last is changed to a null, so the returned string is always null-
|
||||
* terminated. ok_getst() returns the number of characters read, including
|
||||
* the null terminator.
|
||||
*
|
||||
* If there is a read error, it returns -1 (like the read(2) system call)
|
||||
*/
|
||||
|
||||
int
|
||||
ok_getst(fd, s, n)
|
||||
int fd;
|
||||
register char *s;
|
||||
int n;
|
||||
{
|
||||
register count = n;
|
||||
int err;
|
||||
while ((err = read(fd, s, 1)) > 0 && --count)
|
||||
if (*s++ == '\0')
|
||||
return (n - count);
|
||||
if (err < 0)
|
||||
return(-1);
|
||||
*s = '\0';
|
||||
return (n - count);
|
||||
}
|
||||
@@ -1,11 +0,0 @@
|
||||
# From: @(#)Makefile 5.1 (Berkeley) 6/25/90
|
||||
# $Id: Makefile,v 1.1.1.1 1995/08/03 07:36:18 mark Exp $
|
||||
|
||||
PROG= kprop
|
||||
CFLAGS+=-I${.CURDIR}/../include -Wall
|
||||
DPADD= ${LIBKRB}
|
||||
LDADD= -L${KRBOBJDIR} -lkrb -ldes
|
||||
BINDIR= /usr/sbin
|
||||
NOMAN= noman
|
||||
|
||||
.include <bsd.prog.mk>
|
||||
@@ -1,637 +0,0 @@
|
||||
/*
|
||||
*
|
||||
* Copyright 1987 by the Massachusetts Institute of Technology.
|
||||
*
|
||||
* For copying and distribution information,
|
||||
* please see the file <mit-copyright.h>.
|
||||
*
|
||||
* $Revision: 1.1.1.1 $
|
||||
* $Date: 1995/08/03 07:36:18 $
|
||||
* $State: Exp $
|
||||
* $Source: /usr/cvs/src/eBones/kprop/kprop.c,v $
|
||||
* $Author: mark $
|
||||
* $Locker: $
|
||||
*
|
||||
* $Log: kprop.c,v $
|
||||
* Revision 1.1.1.1 1995/08/03 07:36:18 mark
|
||||
* Import an updated revision of the MIT kprop program for distributing
|
||||
* kerberos databases to slave servers.
|
||||
*
|
||||
* NOTE: This method was abandoned by MIT long ago, this code is close to
|
||||
* garbage, but it is slightly more secure than using rdist.
|
||||
* There is no documentation available on how to use it, and
|
||||
* it should -not- be built by default.
|
||||
*
|
||||
* Obtained from: MIT Project Athena
|
||||
*
|
||||
* Revision 1.1.1.1 1995/08/02 22:11:44 pst
|
||||
* Import an updated revision of the MIT kprop program for distributing
|
||||
* kerberos databases to slave servers.
|
||||
*
|
||||
* NOTE: This method was abandoned by MIT long ago, this code is close to
|
||||
* garbage, but it is slightly more secure than using rdist.
|
||||
* There is no documentation available on how to use it, and
|
||||
* it should -not- be built by default.
|
||||
*
|
||||
* Obtained from: MIT Project Athena
|
||||
*
|
||||
* Revision 4.7 92/11/10 23:01:06 tytso
|
||||
* Removed incompatible #include
|
||||
*
|
||||
* Revision 4.6 91/02/28 22:49:34 probe
|
||||
* Fixed header file inclusion
|
||||
*
|
||||
* Revision 4.5 90/03/20 15:37:57 jon
|
||||
* Stop kpropd port number from being bashed (static buffers)
|
||||
* Programmer: jtkohl
|
||||
* Auditor: jon
|
||||
*
|
||||
* Revision 4.4 90/01/02 13:42:40 jtkohl
|
||||
* add back in accidentally deleted $ in rcsid string
|
||||
*
|
||||
* Revision 4.3 89/12/30 21:22:27 qjb
|
||||
* Added #define MAXHOSTNAMELEN if not already defined for the benifit
|
||||
* of Unixes that don't have this variable in sys/param.h.
|
||||
*
|
||||
* Revision 4.2 89/03/23 10:23:43 jtkohl
|
||||
* fix misuse of mkstemp to use mktemp
|
||||
* NOENCRYPTION changes
|
||||
*
|
||||
* Revision 4.1 89/01/24 20:35:17 root
|
||||
* name change
|
||||
*
|
||||
* Revision 4.0 89/01/24 18:44:38 wesommer
|
||||
* Original version; programmer: wesommer
|
||||
* auditor: jon.
|
||||
*
|
||||
* Revision 4.4 88/01/08 18:05:21 jon
|
||||
* formating changes and rcs header info
|
||||
*
|
||||
*
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid_kprop_c[] =
|
||||
"$Id: kprop.c,v 1.1.1.1 1995/08/03 07:36:18 mark Exp $";
|
||||
#endif lint
|
||||
#endif
|
||||
|
||||
#include <unistd.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/file.h>
|
||||
#include <signal.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <sys/param.h>
|
||||
#include <netdb.h>
|
||||
#include <krb.h>
|
||||
#include <des.h>
|
||||
|
||||
#include "kprop.h"
|
||||
|
||||
/* for those broken Unixes without this defined... should be in sys/param.h */
|
||||
#ifndef MAXHOSTNAMELEN
|
||||
#define MAXHOSTNAMELEN 64
|
||||
#endif
|
||||
|
||||
static char kprop_version[KPROP_PROT_VERSION_LEN] = KPROP_PROT_VERSION;
|
||||
|
||||
int debug = 0;
|
||||
|
||||
char my_realm[REALM_SZ];
|
||||
int princ_data_size = 3 * sizeof(long) + 3 * sizeof(unsigned char);
|
||||
short transfer_mode, net_transfer_mode;
|
||||
int force_flag;
|
||||
static char ok[] = ".dump_ok";
|
||||
|
||||
extern char *krb_get_phost(char *);
|
||||
|
||||
struct slave_host {
|
||||
u_long net_addr;
|
||||
char *name;
|
||||
char *instance;
|
||||
char *realm;
|
||||
int not_time_yet;
|
||||
int succeeded;
|
||||
struct slave_host *next;
|
||||
};
|
||||
|
||||
void Death(char *s);
|
||||
int get_slaves(struct slave_host **psl, char *file, time_t ok_mtime);
|
||||
int prop_to_slaves(struct slave_host *sl, int fd, char *fslv);
|
||||
|
||||
int
|
||||
main(argc, argv)
|
||||
int argc;
|
||||
char *argv[];
|
||||
{
|
||||
int fd, i;
|
||||
char *floc, *floc_ok;
|
||||
char *fslv;
|
||||
struct stat stbuf, stbuf_ok;
|
||||
long l_init, l_final;
|
||||
char *pc;
|
||||
int l_diff;
|
||||
static struct slave_host *slave_host_list = NULL;
|
||||
struct slave_host *sh;
|
||||
|
||||
transfer_mode = KPROP_TRANSFER_PRIVATE;
|
||||
|
||||
time(&l_init);
|
||||
pc = ctime(&l_init);
|
||||
pc[strlen(pc) - 1] = '\0';
|
||||
printf("\nStart slave propagation: %s\n", pc);
|
||||
|
||||
floc = (char *) NULL;
|
||||
fslv = (char *) NULL;
|
||||
|
||||
if (krb_get_lrealm(my_realm,1) != KSUCCESS)
|
||||
Death ("Getting my kerberos realm. Check krb.conf");
|
||||
|
||||
for (i = 1; i < argc; i++)
|
||||
switch (argv[i][0]) {
|
||||
case '-':
|
||||
if (strcmp (argv[i], "-private") == 0)
|
||||
transfer_mode = KPROP_TRANSFER_PRIVATE;
|
||||
#ifdef not_safe_yet
|
||||
else if (strcmp (argv[i], "-safe") == 0)
|
||||
transfer_mode = KPROP_TRANSFER_SAFE;
|
||||
else if (strcmp (argv[i], "-clear") == 0)
|
||||
transfer_mode = KPROP_TRANSFER_CLEAR;
|
||||
#endif
|
||||
else if (strcmp (argv[i], "-realm") == 0) {
|
||||
i++;
|
||||
if (i < argc)
|
||||
strcpy(my_realm, argv[i]);
|
||||
else
|
||||
goto usage;
|
||||
} else if (strcmp (argv[i], "-force") == 0)
|
||||
force_flag++;
|
||||
else {
|
||||
fprintf (stderr, "kprop: unknown control argument %s.\n",
|
||||
argv[i]);
|
||||
exit (1);
|
||||
}
|
||||
break;
|
||||
default:
|
||||
/* positional arguments are marginal at best ... */
|
||||
if (floc == (char *) NULL)
|
||||
floc = argv[i];
|
||||
else {
|
||||
if (fslv == (char *) NULL)
|
||||
fslv = argv[i];
|
||||
else {
|
||||
usage:
|
||||
/* already got floc and fslv, what is this? */
|
||||
fprintf(stderr,
|
||||
"\nUsage: kprop [-force] [-realm realm] [-private|-safe|-clear] data_file slaves_file\n\n");
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
}
|
||||
if ((floc == (char *)NULL) || (fslv == (char *)NULL))
|
||||
goto usage;
|
||||
|
||||
if ((floc_ok = (char *) malloc(strlen(floc) + strlen(ok) + 1))
|
||||
== NULL) {
|
||||
Death(floc);
|
||||
}
|
||||
strcat(strcpy(floc_ok, floc), ok);
|
||||
|
||||
if ((fd = open(floc, O_RDONLY)) < 0) {
|
||||
Death(floc);
|
||||
}
|
||||
if (flock(fd, LOCK_EX | LOCK_NB)) {
|
||||
Death(floc);
|
||||
}
|
||||
if (stat(floc, &stbuf)) {
|
||||
Death(floc);
|
||||
}
|
||||
if (stat(floc_ok, &stbuf_ok)) {
|
||||
Death(floc_ok);
|
||||
}
|
||||
if (stbuf.st_mtime > stbuf_ok.st_mtime) {
|
||||
fprintf(stderr, "kprop: '%s' more recent than '%s'.\n",
|
||||
floc, floc_ok);
|
||||
exit(1);
|
||||
}
|
||||
if (!get_slaves(&slave_host_list, fslv, stbuf_ok.st_mtime)) {
|
||||
fprintf(stderr,
|
||||
"kprop: can't read slave host file '%s'.\n", fslv);
|
||||
exit(1);
|
||||
}
|
||||
#ifdef KPROP_DBG
|
||||
{
|
||||
struct slave_host *sh;
|
||||
int i;
|
||||
fprintf(stderr, "\n\n");
|
||||
fflush(stderr);
|
||||
for (sh = slave_host_list; sh; sh = sh->next) {
|
||||
fprintf(stderr, "slave %d: %s, %s", i++, sh->name,
|
||||
inet_ntoa(sh->net_addr));
|
||||
fflush(stderr);
|
||||
}
|
||||
}
|
||||
#endif /* KPROP_DBG */
|
||||
|
||||
if (!prop_to_slaves(slave_host_list, fd, fslv)) {
|
||||
fprintf(stderr,
|
||||
"kprop: propagation failed.\n");
|
||||
exit(1);
|
||||
}
|
||||
if (flock(fd, LOCK_UN)) {
|
||||
Death(floc);
|
||||
}
|
||||
fprintf(stderr, "\n\n");
|
||||
for (sh = slave_host_list; sh; sh = sh->next) {
|
||||
fprintf(stderr, "%s:\t\t%s\n", sh->name,
|
||||
(sh->not_time_yet? "Not time yet" : (sh->succeeded ? "Succeeded" : "FAILED")));
|
||||
}
|
||||
|
||||
time(&l_final);
|
||||
l_diff = l_final - l_init;
|
||||
printf("propagation finished, %d:%02d:%02d elapsed\n",
|
||||
l_diff / 3600, (l_diff % 3600) / 60, l_diff % 60);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
||||
void
|
||||
Death(s)
|
||||
char *s;
|
||||
{
|
||||
fprintf(stderr, "kprop: ");
|
||||
perror(s);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
/* The master -> slave protocol looks like this:
|
||||
1) 8 byte version string
|
||||
2) 2 bytes of "transfer mode" (net byte order of course)
|
||||
3) ticket/authentication send by sendauth
|
||||
4) 4 bytes of "block" length (u_long)
|
||||
5) data
|
||||
|
||||
4 and 5 repeat til EOF ...
|
||||
*/
|
||||
|
||||
int
|
||||
prop_to_slaves(sl, fd, fslv)
|
||||
struct slave_host *sl;
|
||||
int fd;
|
||||
char *fslv;
|
||||
{
|
||||
char buf[KPROP_BUFSIZ];
|
||||
char obuf[KPROP_BUFSIZ + 64 /* leave room for private msg overhead */ ];
|
||||
struct servent *sp;
|
||||
struct sockaddr_in sin, my_sin;
|
||||
int i, n, s;
|
||||
struct slave_host *cs; /* current slave */
|
||||
char path[256], my_host_name[MAXHOSTNAMELEN], *p_my_host_name;
|
||||
char kprop_service_instance[INST_SZ];
|
||||
char *pc;
|
||||
u_long cksum, get_data_checksum();
|
||||
u_long length, nlength;
|
||||
long kerror;
|
||||
KTEXT_ST ticket;
|
||||
CREDENTIALS cred;
|
||||
MSG_DAT msg_dat;
|
||||
static char tkstring[] = "/tmp/kproptktXXXXXX";
|
||||
|
||||
Key_schedule session_sched;
|
||||
|
||||
(void) mktemp(tkstring);
|
||||
krb_set_tkt_string(tkstring);
|
||||
|
||||
if ((sp = getservbyname("krb_prop", "tcp")) == 0) {
|
||||
fprintf(stderr, "tcp/krb_prop: service unknown.\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
bzero(&sin, sizeof sin);
|
||||
sin.sin_family = AF_INET;
|
||||
sin.sin_port = sp->s_port;
|
||||
|
||||
strcpy(path, fslv);
|
||||
if ((pc = rindex(path, '/'))) {
|
||||
pc += 1;
|
||||
} else {
|
||||
pc = path;
|
||||
}
|
||||
|
||||
for (i = 0; i < 5; i++) { /* try each slave five times max */
|
||||
for (cs = sl; cs; cs = cs->next) {
|
||||
if (!cs->succeeded) {
|
||||
if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
|
||||
perror("kprop: socket");
|
||||
exit(1);
|
||||
}
|
||||
bcopy(&cs->net_addr, &sin.sin_addr,
|
||||
sizeof cs->net_addr);
|
||||
|
||||
if (connect(s, (struct sockaddr *) &sin, sizeof sin) < 0) {
|
||||
fprintf(stderr, "%s: ", cs->name);
|
||||
perror("connect");
|
||||
close(s);
|
||||
continue; /*** NEXT SLAVE ***/
|
||||
}
|
||||
|
||||
/* for krb_mk_{priv, safe} */
|
||||
bzero (&my_sin, sizeof my_sin);
|
||||
n = sizeof my_sin;
|
||||
if (getsockname (s, (struct sockaddr *) &my_sin, &n) != 0) {
|
||||
fprintf (stderr, "kprop: can't get socketname.");
|
||||
perror ("getsockname");
|
||||
close (s);
|
||||
continue; /*** NEXT SLAVE ***/
|
||||
}
|
||||
if (n != sizeof (my_sin)) {
|
||||
fprintf (stderr, "kprop: can't get socketname. len");
|
||||
close (s);
|
||||
continue; /*** NEXT SLAVE ***/
|
||||
}
|
||||
|
||||
/* Get ticket */
|
||||
kerror = krb_mk_req (&ticket, KPROP_SERVICE_NAME,
|
||||
cs->instance, cs->realm, (u_long) 0);
|
||||
/* if ticket has expired try to get a new one, but
|
||||
* first get a TGT ...
|
||||
*/
|
||||
if (kerror != MK_AP_OK) {
|
||||
if (gethostname (my_host_name, sizeof(my_host_name)) != 0) {
|
||||
fprintf (stderr, "%s:", cs->name);
|
||||
perror ("getting my hostname");
|
||||
close (s);
|
||||
break; /* next one can't work either! */
|
||||
}
|
||||
/* get canonical kerberos service instance name */
|
||||
p_my_host_name = krb_get_phost (my_host_name);
|
||||
/* copy it to make sure gethostbyname static doesn't
|
||||
* screw us. */
|
||||
strcpy (kprop_service_instance, p_my_host_name);
|
||||
kerror = krb_get_svc_in_tkt (KPROP_SERVICE_NAME,
|
||||
#if 0
|
||||
kprop_service_instance,
|
||||
#else
|
||||
KRB_MASTER,
|
||||
#endif
|
||||
my_realm,
|
||||
TGT_SERVICE_NAME,
|
||||
my_realm,
|
||||
96,
|
||||
KPROP_SRVTAB);
|
||||
if (kerror != INTK_OK) {
|
||||
fprintf (stderr,
|
||||
"%s: %s. While getting initial ticket\n",
|
||||
cs->name, krb_err_txt[kerror]);
|
||||
close (s);
|
||||
goto punt;
|
||||
}
|
||||
kerror = krb_mk_req (&ticket, KPROP_SERVICE_NAME,
|
||||
cs->instance, cs->realm, (u_long) 0);
|
||||
}
|
||||
if (kerror != MK_AP_OK) {
|
||||
fprintf (stderr, "%s: %s. Calling krb_mk_req.",
|
||||
cs->name, krb_err_txt[kerror]);
|
||||
close (s);
|
||||
continue; /*** NEXT SLAVE ***/
|
||||
}
|
||||
|
||||
if (write(s, kprop_version, sizeof(kprop_version))
|
||||
!= sizeof(kprop_version)) {
|
||||
fprintf (stderr, "%s: ", cs->name);
|
||||
perror ("write (version) error");
|
||||
close (s);
|
||||
continue; /*** NEXT SLAVE ***/
|
||||
}
|
||||
|
||||
net_transfer_mode = htons (transfer_mode);
|
||||
if (write(s, &net_transfer_mode, sizeof(net_transfer_mode))
|
||||
!= sizeof(net_transfer_mode)) {
|
||||
fprintf (stderr, "%s: ", cs->name);
|
||||
perror ("write (transfer_mode) error");
|
||||
close (s);
|
||||
continue; /*** NEXT SLAVE ***/
|
||||
}
|
||||
|
||||
kerror = krb_get_cred (KPROP_SERVICE_NAME, cs->instance,
|
||||
cs->realm, &cred);
|
||||
if (kerror != KSUCCESS) {
|
||||
fprintf (stderr, "%s: %s. Getting session key.",
|
||||
cs->name, krb_err_txt[kerror]);
|
||||
close (s);
|
||||
continue; /*** NEXT SLAVE ***/
|
||||
}
|
||||
#ifdef NOENCRYPTION
|
||||
bzero((char *)session_sched, sizeof(session_sched));
|
||||
#else
|
||||
if (key_sched ((C_Block *)cred.session, session_sched)) {
|
||||
fprintf (stderr, "%s: can't make key schedule.",
|
||||
cs->name);
|
||||
close (s);
|
||||
continue; /*** NEXT SLAVE ***/
|
||||
}
|
||||
#endif
|
||||
/* SAFE (quad_cksum) and CLEAR are just not good enough */
|
||||
cksum = 0;
|
||||
#ifdef not_working_yet
|
||||
if (transfer_mode != KPROP_TRANSFER_PRIVATE) {
|
||||
cksum = get_data_checksum(fd, session_sched);
|
||||
lseek(fd, 0L, 0);
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
struct stat st;
|
||||
fstat (fd, &st);
|
||||
cksum = st.st_size;
|
||||
}
|
||||
kerror = krb_sendauth(KOPT_DO_MUTUAL,
|
||||
s,
|
||||
&ticket,
|
||||
KPROP_SERVICE_NAME,
|
||||
cs->instance,
|
||||
cs->realm,
|
||||
cksum,
|
||||
&msg_dat,
|
||||
&cred,
|
||||
session_sched,
|
||||
&my_sin,
|
||||
&sin,
|
||||
KPROP_PROT_VERSION);
|
||||
if (kerror != KSUCCESS) {
|
||||
fprintf (stderr, "%s: %s. Calling krb_sendauth.",
|
||||
cs->name, krb_err_txt[kerror]);
|
||||
close (s);
|
||||
continue; /*** NEXT SLAVE ***/
|
||||
}
|
||||
|
||||
while ((n = read(fd, buf, sizeof buf))) {
|
||||
if (n < 0) {
|
||||
perror("input file read error");
|
||||
exit(1);
|
||||
}
|
||||
switch (transfer_mode) {
|
||||
case KPROP_TRANSFER_PRIVATE:
|
||||
case KPROP_TRANSFER_SAFE:
|
||||
if (transfer_mode == KPROP_TRANSFER_PRIVATE)
|
||||
length = krb_mk_priv (buf, obuf, n,
|
||||
session_sched, cred.session,
|
||||
&my_sin, &sin);
|
||||
else
|
||||
length = krb_mk_safe (buf, obuf, n,
|
||||
(C_Block *)cred.session,
|
||||
&my_sin, &sin);
|
||||
if (length == -1) {
|
||||
fprintf (stderr, "%s: %s failed.",
|
||||
cs->name,
|
||||
(transfer_mode == KPROP_TRANSFER_PRIVATE)
|
||||
? "krb_rd_priv" : "krb_rd_safe");
|
||||
close (s);
|
||||
continue; /*** NEXT SLAVE ***/
|
||||
}
|
||||
nlength = htonl(length);
|
||||
if (write(s, &nlength, sizeof nlength)
|
||||
!= sizeof nlength) {
|
||||
fprintf (stderr, "%s: ", cs->name);
|
||||
perror ("write error");
|
||||
close (s);
|
||||
continue; /*** NEXT SLAVE ***/
|
||||
}
|
||||
if (write(s, obuf, length) != length) {
|
||||
fprintf(stderr, "%s: ", cs->name);
|
||||
perror("write error");
|
||||
close(s);
|
||||
continue; /*** NEXT SLAVE ***/
|
||||
}
|
||||
break;
|
||||
case KPROP_TRANSFER_CLEAR:
|
||||
if (write(s, buf, n) != n) {
|
||||
fprintf(stderr, "%s: ", cs->name);
|
||||
perror("write error");
|
||||
close(s);
|
||||
continue; /*** NEXT SLAVE ***/
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
close(s);
|
||||
cs->succeeded = 1;
|
||||
fprintf(stderr, "%s: success.\n", cs->name);
|
||||
strcat(strcpy(pc, cs->name), "-last-prop");
|
||||
close(creat(path, 0600));
|
||||
}
|
||||
}
|
||||
}
|
||||
punt:
|
||||
|
||||
dest_tkt();
|
||||
for (cs = sl; cs; cs = cs->next) {
|
||||
if (!cs->succeeded)
|
||||
return (0); /* didn't get this slave */
|
||||
}
|
||||
return (1);
|
||||
}
|
||||
|
||||
int
|
||||
get_slaves(psl, file, ok_mtime)
|
||||
struct slave_host **psl;
|
||||
char *file;
|
||||
time_t ok_mtime;
|
||||
{
|
||||
FILE *fin;
|
||||
char namebuf[128], *inst;
|
||||
char *pc;
|
||||
struct hostent *host;
|
||||
struct slave_host **th;
|
||||
char path[256];
|
||||
char *ppath;
|
||||
struct stat stbuf;
|
||||
|
||||
if ((fin = fopen(file, "r")) == NULL) {
|
||||
fprintf(stderr, "Can't open slave host file, '%s'.\n", file);
|
||||
exit(-1);
|
||||
}
|
||||
strcpy(path, file);
|
||||
if ((ppath = rindex(path, '/'))) {
|
||||
ppath += 1;
|
||||
} else {
|
||||
ppath = path;
|
||||
}
|
||||
for (th = psl; fgets(namebuf, sizeof namebuf, fin); th = &(*th)->next) {
|
||||
if ((pc = index(namebuf, '\n'))) {
|
||||
*pc = '\0';
|
||||
} else {
|
||||
fprintf(stderr, "Host name too long (>= %d chars) in '%s'.\n",
|
||||
sizeof namebuf, file);
|
||||
exit(-1);
|
||||
}
|
||||
host = gethostbyname(namebuf);
|
||||
if (host == NULL) {
|
||||
fprintf(stderr, "Unknown host '%s' in '%s'.\n", namebuf, file);
|
||||
exit(-1);
|
||||
}
|
||||
(*th) = (struct slave_host *) malloc(sizeof(struct slave_host));
|
||||
if (!*th) {
|
||||
fprintf(stderr, "No memory reading host list from '%s'.\n",
|
||||
file);
|
||||
exit(-1);
|
||||
}
|
||||
(*th)->name = malloc(strlen(namebuf) + 1);
|
||||
if (!(*th)->name) {
|
||||
fprintf(stderr, "No memory reading host list from '%s'.\n",
|
||||
file);
|
||||
exit(-1);
|
||||
}
|
||||
/* get kerberos cannonical instance name */
|
||||
strcpy((*th)->name, namebuf);
|
||||
inst = krb_get_phost ((*th)->name);
|
||||
(*th)->instance = malloc(strlen(inst) + 1);
|
||||
if (!(*th)->instance) {
|
||||
fprintf(stderr, "No memory reading host list from '%s'.\n",
|
||||
file);
|
||||
exit(-1);
|
||||
}
|
||||
strcpy((*th)->instance, inst);
|
||||
/* what a concept, slave servers in different realms! */
|
||||
(*th)->realm = my_realm;
|
||||
(*th)->net_addr = *(u_long *) host->h_addr;
|
||||
(*th)->succeeded = 0;
|
||||
(*th)->next = NULL;
|
||||
strcat(strcpy(ppath, (*th)->name), "-last-prop");
|
||||
if (!force_flag && !stat(path, &stbuf) && stbuf.st_mtime > ok_mtime) {
|
||||
(*th)->not_time_yet = 1;
|
||||
(*th)->succeeded = 1; /* no change since last success */
|
||||
}
|
||||
}
|
||||
fclose(fin);
|
||||
return (1);
|
||||
}
|
||||
|
||||
#ifdef doesnt_work_yet
|
||||
u_long get_data_checksum(fd, key_sched)
|
||||
int fd;
|
||||
Key_schedule key_sched;
|
||||
{
|
||||
unsigned long cksum = 0;
|
||||
unsigned long cbc_cksum();
|
||||
int n;
|
||||
char buf[BUFSIZ];
|
||||
long obuf[2];
|
||||
|
||||
while (n = read(fd, buf, sizeof buf)) {
|
||||
if (n < 0) {
|
||||
fprintf(stderr, "Input data file read error: ");
|
||||
perror("read");
|
||||
exit(1);
|
||||
}
|
||||
cksum = cbc_cksum(buf, obuf, n, key_sched, key_sched);
|
||||
}
|
||||
return cksum;
|
||||
}
|
||||
#endif
|
||||
@@ -1,55 +0,0 @@
|
||||
/*
|
||||
* Copyright 1987 by the Massachusetts Institute of Technology.
|
||||
*
|
||||
* For copying and distribution information,
|
||||
* please see the file <mit-copyright.h>.
|
||||
*
|
||||
* $Revision: 1.1.1.1 $
|
||||
* $Date: 1995/08/03 07:36:18 $
|
||||
* $State: Exp $
|
||||
* $Source: /usr/cvs/src/eBones/kprop/kprop.h,v $
|
||||
* $Author: mark $
|
||||
* $Locker: $
|
||||
*
|
||||
* $Log: kprop.h,v $
|
||||
* Revision 1.1.1.1 1995/08/03 07:36:18 mark
|
||||
* Import an updated revision of the MIT kprop program for distributing
|
||||
* kerberos databases to slave servers.
|
||||
*
|
||||
* NOTE: This method was abandoned by MIT long ago, this code is close to
|
||||
* garbage, but it is slightly more secure than using rdist.
|
||||
* There is no documentation available on how to use it, and
|
||||
* it should -not- be built by default.
|
||||
*
|
||||
* Obtained from: MIT Project Athena
|
||||
*
|
||||
* Revision 1.1.1.1 1995/08/02 22:11:44 pst
|
||||
* Import an updated revision of the MIT kprop program for distributing
|
||||
* kerberos databases to slave servers.
|
||||
*
|
||||
* NOTE: This method was abandoned by MIT long ago, this code is close to
|
||||
* garbage, but it is slightly more secure than using rdist.
|
||||
* There is no documentation available on how to use it, and
|
||||
* it should -not- be built by default.
|
||||
*
|
||||
* Obtained from: MIT Project Athena
|
||||
*
|
||||
* Revision 4.1 92/10/23 15:45:13 tytso
|
||||
* Change the location of KPROP_KDBUTIL to be /kerberos/bin/kdb_util.
|
||||
*
|
||||
* Revision 4.0 89/01/24 18:44:46 wesommer
|
||||
* Original version; programmer: wesommer
|
||||
* auditor: jon
|
||||
*
|
||||
*/
|
||||
|
||||
#define KPROP_SERVICE_NAME "rcmd"
|
||||
#define KPROP_SRVTAB "/etc/kerberosIV/srvtab"
|
||||
#define TGT_SERVICE_NAME "krbtgt"
|
||||
#define KPROP_PROT_VERSION_LEN 8
|
||||
#define KPROP_PROT_VERSION "kprop01"
|
||||
#define KPROP_TRANSFER_PRIVATE 1
|
||||
#define KPROP_TRANSFER_SAFE 2
|
||||
#define KPROP_TRANSFER_CLEAR 3
|
||||
#define KPROP_BUFSIZ 32768
|
||||
#define KPROP_KDB_UTIL "/usr/sbin/kdb_util"
|
||||
@@ -1,11 +0,0 @@
|
||||
# From: @(#)Makefile 5.1 (Berkeley) 6/25/90
|
||||
# $Id: Makefile,v 1.1.1.1 1995/08/03 07:37:19 mark Exp $
|
||||
|
||||
PROG= kpropd
|
||||
CFLAGS+=-I${.CURDIR}/../include -I${.CURDIR}/../kprop -Wall
|
||||
DPADD= ${LIBKRB}
|
||||
LDADD= -L${KRBOBJDIR} -lkrb -ldes
|
||||
BINDIR= /usr/libexec
|
||||
NOMAN= noman
|
||||
|
||||
.include <bsd.prog.mk>
|
||||
@@ -1,453 +0,0 @@
|
||||
/*
|
||||
* Copyright 1987 by the Massachusetts Institute of Technology.
|
||||
*
|
||||
* For copying and distribution information, please see the file
|
||||
* MIT.Copyright.
|
||||
*
|
||||
* kprop/kpropd have been abandonded by Project Athena (for good reason)
|
||||
* however they still form the basis for one of the better ways for
|
||||
* distributing kerberos databases. This version of kpropd has been
|
||||
* adapted from the MIT distribution to work properly in a 4.4BSD
|
||||
* environment.
|
||||
*
|
||||
* $Revision: 1.1.1.1 $ $Date: 1995/08/03 07:37:19 $ $State: Exp $
|
||||
* $Source: /usr/cvs/src/eBones/kpropd/kpropd.c,v $
|
||||
*
|
||||
* Log: kpropd.c,v
|
||||
* Revision 4.5 92/10/23 15:45:46 tytso Make it possible
|
||||
* to specify the location of the kdb_util program.
|
||||
*
|
||||
* Revision 4.4 91/06/15 03:20:51 probe Fixed <sys/types.h> inclusion
|
||||
*
|
||||
* Revision 4.3 89/05/16 15:06:04 wesommer Fix operator precedence stuff.
|
||||
* Programmer: John Kohl.
|
||||
*
|
||||
* Revision 4.2 89/03/23 10:24:00 jtkohl NOENCRYPTION changes
|
||||
*
|
||||
* Revision 4.1 89/01/24 20:33:48 root name change
|
||||
*
|
||||
* Revision 4.0 89/01/24 18:45:06 wesommer Original version; programmer:
|
||||
* wesommer auditor: jon
|
||||
*
|
||||
* Revision 4.5 88/01/08 18:07:46 jon formatting and rcs header changes */
|
||||
|
||||
/*
|
||||
* This program is run on slave servers, to catch updates "pushed" from the
|
||||
* master kerberos server in a realm.
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid_kpropd_c[] =
|
||||
"$Header: /usr/cvs/src/eBones/kpropd/kpropd.c,v 1.1.1.1 1995/08/03 07:37:19 mark Exp $";
|
||||
#endif /* lint */
|
||||
#endif
|
||||
|
||||
#include <errno.h>
|
||||
#include <unistd.h>
|
||||
#include <ctype.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/file.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/stat.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <netdb.h>
|
||||
#include <syslog.h>
|
||||
#include <krb.h>
|
||||
#include <krb_db.h>
|
||||
|
||||
#include "kprop.h"
|
||||
|
||||
static char kprop_version[KPROP_PROT_VERSION_LEN] = KPROP_PROT_VERSION;
|
||||
|
||||
int debug = 0;
|
||||
|
||||
int pause_int = 300; /* 5 minutes in seconds */
|
||||
unsigned long get_data_checksum(int fd, Key_schedule key_sched);
|
||||
void recv_auth(int in, int out, int private,
|
||||
struct sockaddr_in *remote, struct sockaddr_in *local,
|
||||
AUTH_DAT *ad);
|
||||
static void SlowDeath(void);
|
||||
void recv_clear(int in, int out);
|
||||
/* leave room for private msg overhead */
|
||||
static char buf[KPROP_BUFSIZ + 64];
|
||||
|
||||
static void
|
||||
usage()
|
||||
{
|
||||
fprintf(stderr, "\nUsage: kpropd [-r realm] [-s srvtab] [-P kdb_util] fname\n");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
void
|
||||
main(argc, argv)
|
||||
int argc;
|
||||
char **argv;
|
||||
{
|
||||
struct sockaddr_in from;
|
||||
struct sockaddr_in sin;
|
||||
int s2, fd, n, fdlock;
|
||||
int from_len;
|
||||
char local_file[256];
|
||||
char local_temp[256];
|
||||
struct hostent *hp;
|
||||
char hostname[256];
|
||||
char from_str[128];
|
||||
long kerror;
|
||||
AUTH_DAT auth_dat;
|
||||
KTEXT_ST ticket;
|
||||
char my_instance[INST_SZ];
|
||||
char my_realm[REALM_SZ];
|
||||
char cmd[1024];
|
||||
short net_transfer_mode, transfer_mode;
|
||||
Key_schedule session_sched;
|
||||
char version[9];
|
||||
int c;
|
||||
extern char *optarg;
|
||||
extern int optind;
|
||||
int rflag = 0;
|
||||
char *srvtab = "";
|
||||
char *local_db = DBM_FILE;
|
||||
char *kdb_util = KPROP_KDB_UTIL;
|
||||
|
||||
if (argv[argc - 1][0] == 'k' && isdigit(argv[argc - 1][1])) {
|
||||
argc--; /* ttys file hack */
|
||||
}
|
||||
while ((c = getopt(argc, argv, "r:s:d:P:")) != EOF) {
|
||||
switch (c) {
|
||||
case 'r':
|
||||
rflag++;
|
||||
strcpy(my_realm, optarg);
|
||||
break;
|
||||
case 's':
|
||||
srvtab = optarg;
|
||||
break;
|
||||
case 'd':
|
||||
local_db = optarg;
|
||||
break;
|
||||
case 'P':
|
||||
kdb_util = optarg;
|
||||
break;
|
||||
default:
|
||||
usage();
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (optind != argc - 1)
|
||||
usage();
|
||||
|
||||
openlog("kpropd", LOG_PID, LOG_AUTH);
|
||||
|
||||
strcpy(local_file, argv[optind]);
|
||||
strcat(strcpy(local_temp, argv[optind]), ".tmp");
|
||||
|
||||
#ifdef STANDALONE
|
||||
|
||||
if ((sp = getservbyname("krb_prop", "tcp")) == NULL) {
|
||||
syslog(LOG_ERR, "tcp/krb_prop: unknown service.");
|
||||
SlowDeath();
|
||||
}
|
||||
bzero(&sin, sizeof sin);
|
||||
sin.sin_port = sp->s_port;
|
||||
sin.sin_family = AF_INET;
|
||||
|
||||
if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
|
||||
syslog(LOG_ERR, "socket: %m");
|
||||
SlowDeath();
|
||||
}
|
||||
if (bind(s, (struct sockaddr *)&sin, sizeof sin) < 0) {
|
||||
syslog(LOG_ERR, "bind: %m");
|
||||
SlowDeath();
|
||||
}
|
||||
|
||||
#endif /* STANDALONE */
|
||||
|
||||
if (!rflag) {
|
||||
kerror = krb_get_lrealm(my_realm, 1);
|
||||
if (kerror != KSUCCESS) {
|
||||
syslog(LOG_ERR, "can't get local realm. %s",
|
||||
krb_err_txt[kerror]);
|
||||
SlowDeath();
|
||||
}
|
||||
}
|
||||
if (gethostname(my_instance, sizeof(my_instance)) != 0) {
|
||||
syslog(LOG_ERR, "gethostname: %m");
|
||||
SlowDeath();
|
||||
}
|
||||
|
||||
#ifdef STANDALONE
|
||||
listen(s, 5);
|
||||
for (;;) {
|
||||
from_len = sizeof from;
|
||||
if ((s2 = accept(s, (struct sockaddr *)&from, &from_len)) < 0) {
|
||||
syslog(LOG_ERR, "accept: %m");
|
||||
continue;
|
||||
}
|
||||
#else /* !STANDALONE */
|
||||
|
||||
s2 = 0;
|
||||
from_len = sizeof from;
|
||||
if (getpeername(0, (struct sockaddr *)&from, &from_len) < 0) {
|
||||
syslog(LOG_ERR, "getpeername: %m");
|
||||
SlowDeath();
|
||||
}
|
||||
|
||||
#endif /* !STANDALONE */
|
||||
|
||||
strcpy(from_str, inet_ntoa(from.sin_addr));
|
||||
|
||||
if ((hp = gethostbyaddr((char *) &(from.sin_addr.s_addr),
|
||||
from_len, AF_INET)) == NULL) {
|
||||
strcpy(hostname, "UNKNOWN");
|
||||
} else {
|
||||
strcpy(hostname, hp->h_name);
|
||||
}
|
||||
|
||||
syslog(LOG_INFO, "connection from %s, %s", hostname, from_str);
|
||||
|
||||
/* for krb_rd_{priv, safe} */
|
||||
n = sizeof sin;
|
||||
if (getsockname(s2, (struct sockaddr *)&sin, &n) != 0) {
|
||||
syslog(LOG_ERR, "can't get socketname: %m");
|
||||
SlowDeath();
|
||||
}
|
||||
if (n != sizeof(sin)) {
|
||||
syslog(LOG_ERR, "can't get socketname (length)");
|
||||
SlowDeath();
|
||||
}
|
||||
if ((fdlock = open(local_temp, O_WRONLY | O_CREAT, 0600)) < 0) {
|
||||
syslog(LOG_ERR, "open: %m");
|
||||
SlowDeath();
|
||||
}
|
||||
if (flock(fdlock, LOCK_EX | LOCK_NB)) {
|
||||
syslog(LOG_ERR, "flock: %m");
|
||||
SlowDeath();
|
||||
}
|
||||
if ((fd = creat(local_temp, 0600)) < 0) {
|
||||
syslog(LOG_ERR, "creat: %m");
|
||||
SlowDeath();
|
||||
}
|
||||
if ((n = read(s2, buf, sizeof(kprop_version)))
|
||||
!= sizeof(kprop_version)) {
|
||||
syslog(LOG_ERR,
|
||||
"can't read protocol version (%d bytes)", n);
|
||||
SlowDeath();
|
||||
}
|
||||
if (strncmp(buf, kprop_version, sizeof(kprop_version)) != 0) {
|
||||
syslog(LOG_ERR, "unsupported version %s", buf);
|
||||
SlowDeath();
|
||||
}
|
||||
if ((n = read(s2, &net_transfer_mode,
|
||||
sizeof(net_transfer_mode)))
|
||||
!= sizeof(net_transfer_mode)) {
|
||||
syslog(LOG_ERR, "can't read transfer mode");
|
||||
SlowDeath();
|
||||
}
|
||||
transfer_mode = ntohs(net_transfer_mode);
|
||||
kerror = krb_recvauth(KOPT_DO_MUTUAL, s2, &ticket,
|
||||
KPROP_SERVICE_NAME,
|
||||
my_instance,
|
||||
&from,
|
||||
&sin,
|
||||
&auth_dat,
|
||||
srvtab,
|
||||
session_sched,
|
||||
version);
|
||||
if (kerror != KSUCCESS) {
|
||||
syslog(LOG_ERR, "%s calling getkdata",
|
||||
krb_err_txt[kerror]);
|
||||
SlowDeath();
|
||||
}
|
||||
syslog(LOG_INFO, "connection from %s.%s@%s",
|
||||
auth_dat.pname, auth_dat.pinst, auth_dat.prealm);
|
||||
|
||||
/*
|
||||
* AUTHORIZATION is done here. We might want to expand this
|
||||
* to read an acl file at some point, but allowing for now
|
||||
* KPROP_SERVICE_NAME.KRB_MASTER@local-realm is fine ...
|
||||
*/
|
||||
|
||||
if ((strcmp(KPROP_SERVICE_NAME, auth_dat.pname) != 0) ||
|
||||
(strcmp(KRB_MASTER, auth_dat.pinst) != 0) ||
|
||||
(strcmp(my_realm, auth_dat.prealm) != 0)) {
|
||||
syslog(LOG_NOTICE, "authorization denied");
|
||||
SlowDeath();
|
||||
}
|
||||
switch (transfer_mode) {
|
||||
case KPROP_TRANSFER_PRIVATE:
|
||||
recv_auth(s2, fd, 1 /* private */ , &from, &sin, &auth_dat);
|
||||
break;
|
||||
case KPROP_TRANSFER_SAFE:
|
||||
recv_auth(s2, fd, 0 /* safe */ , &from, &sin, &auth_dat);
|
||||
break;
|
||||
case KPROP_TRANSFER_CLEAR:
|
||||
recv_clear(s2, fd);
|
||||
break;
|
||||
default:
|
||||
syslog(LOG_ERR, "bad transfer mode %d", transfer_mode);
|
||||
SlowDeath();
|
||||
}
|
||||
|
||||
if (transfer_mode != KPROP_TRANSFER_PRIVATE) {
|
||||
syslog(LOG_ERR, "non-private transfers not supported\n");
|
||||
SlowDeath();
|
||||
#ifdef doesnt_work_yet
|
||||
lseek(fd, (long) 0, L_SET);
|
||||
if (auth_dat.checksum != get_data_checksum(fd, session_sched)) {
|
||||
syslog(LOG_ERR, "checksum doesn't match");
|
||||
SlowDeath();
|
||||
}
|
||||
#endif
|
||||
} else {
|
||||
struct stat st;
|
||||
fstat(fd, &st);
|
||||
if (st.st_size != auth_dat.checksum) {
|
||||
syslog(LOG_ERR, "length doesn't match");
|
||||
SlowDeath();
|
||||
}
|
||||
}
|
||||
close(fd);
|
||||
close(s2);
|
||||
|
||||
if (rename(local_temp, local_file) < 0) {
|
||||
syslog(LOG_ERR, "rename: %m");
|
||||
SlowDeath();
|
||||
}
|
||||
|
||||
if (flock(fdlock, LOCK_UN)) {
|
||||
syslog(LOG_ERR, "flock (unlock): %m");
|
||||
SlowDeath();
|
||||
}
|
||||
close(fdlock);
|
||||
sprintf(cmd, "%s load %s %s\n", kdb_util, local_file, local_db);
|
||||
if (system(cmd) != 0) {
|
||||
syslog(LOG_ERR, "couldn't load database");
|
||||
SlowDeath();
|
||||
}
|
||||
|
||||
#ifdef STANDALONE
|
||||
}
|
||||
#endif
|
||||
|
||||
}
|
||||
|
||||
void
|
||||
recv_auth(in, out, private, remote, local, ad)
|
||||
int in, out;
|
||||
int private;
|
||||
struct sockaddr_in *remote, *local;
|
||||
AUTH_DAT *ad;
|
||||
{
|
||||
u_long length;
|
||||
long kerror;
|
||||
int n;
|
||||
MSG_DAT msg_data;
|
||||
Key_schedule session_sched;
|
||||
|
||||
if (private)
|
||||
#ifdef NOENCRYPTION
|
||||
bzero((char *) session_sched, sizeof(session_sched));
|
||||
#else
|
||||
if (key_sched((C_Block *)ad->session, session_sched)) {
|
||||
syslog(LOG_ERR, "can't make key schedule");
|
||||
SlowDeath();
|
||||
}
|
||||
#endif
|
||||
|
||||
while (1) {
|
||||
n = krb_net_read(in, (char *)&length, sizeof length);
|
||||
if (n == 0)
|
||||
break;
|
||||
if (n < 0) {
|
||||
syslog(LOG_ERR, "read: %m");
|
||||
SlowDeath();
|
||||
}
|
||||
length = ntohl(length);
|
||||
if (length > sizeof buf) {
|
||||
syslog(LOG_ERR, "read length %d, bigger than buf %d",
|
||||
length, sizeof buf);
|
||||
SlowDeath();
|
||||
}
|
||||
n = krb_net_read(in, buf, length);
|
||||
if (n < 0) {
|
||||
syslog(LOG_ERR, "kpropd: read: %m");
|
||||
SlowDeath();
|
||||
}
|
||||
if (private)
|
||||
kerror = krb_rd_priv(buf, n, session_sched, ad->session,
|
||||
remote, local, &msg_data);
|
||||
else
|
||||
kerror = krb_rd_safe(buf, n, (C_Block *)ad->session,
|
||||
remote, local, &msg_data);
|
||||
if (kerror != KSUCCESS) {
|
||||
syslog(LOG_ERR, "%s: %s",
|
||||
private ? "krb_rd_priv" : "krb_rd_safe",
|
||||
krb_err_txt[kerror]);
|
||||
SlowDeath();
|
||||
}
|
||||
if (write(out, msg_data.app_data, msg_data.app_length) !=
|
||||
msg_data.app_length) {
|
||||
syslog(LOG_ERR, "write: %m");
|
||||
SlowDeath();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
recv_clear(in, out)
|
||||
int in, out;
|
||||
{
|
||||
int n;
|
||||
|
||||
while (1) {
|
||||
n = read(in, buf, sizeof buf);
|
||||
if (n == 0)
|
||||
break;
|
||||
if (n < 0) {
|
||||
syslog(LOG_ERR, "read: %m");
|
||||
SlowDeath();
|
||||
}
|
||||
if (write(out, buf, n) != n) {
|
||||
syslog(LOG_ERR, "write: %m");
|
||||
SlowDeath();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
SlowDeath()
|
||||
{
|
||||
#ifdef STANDALONE
|
||||
sleep(pause_int);
|
||||
#endif
|
||||
exit(1);
|
||||
}
|
||||
|
||||
#ifdef doesnt_work_yet
|
||||
unsigned long
|
||||
get_data_checksum(fd, key_sched)
|
||||
int fd;
|
||||
Key_schedule key_sched;
|
||||
{
|
||||
unsigned long cksum = 0;
|
||||
unsigned long cbc_cksum();
|
||||
int n;
|
||||
char buf[BUFSIZ];
|
||||
char obuf[8];
|
||||
|
||||
while (n = read(fd, buf, sizeof buf)) {
|
||||
if (n < 0) {
|
||||
syslog(LOG_ERR, "read (in checksum test): %m");
|
||||
SlowDeath();
|
||||
}
|
||||
#ifndef NOENCRYPTION
|
||||
cksum += cbc_cksum(buf, obuf, n, key_sched, key_sched);
|
||||
#endif
|
||||
}
|
||||
return cksum;
|
||||
}
|
||||
#endif
|
||||
@@ -1,56 +0,0 @@
|
||||
# From: @(#)Makefile 5.1 (Berkeley) 6/25/90
|
||||
# $Id: Makefile,v 1.5 1995/07/18 16:38:02 mark Exp $
|
||||
|
||||
LIB= krb
|
||||
SHLIB_MAJOR= 2
|
||||
SHLIB_MINOR= 0
|
||||
CFLAGS+=-DKERBEROS -DCRYPT -DDEBUG -I${.CURDIR}/../include -DBSD42 -Wall
|
||||
SRCS= krb_err.c create_auth_reply.c create_ciph.c \
|
||||
create_death_packet.c create_ticket.c debug_decl.c decomp_ticket.c \
|
||||
des_rw.c dest_tkt.c extract_ticket.c fgetst.c get_ad_tkt.c \
|
||||
get_admhst.c get_cred.c get_in_tkt.c get_krbhst.c get_krbrlm.c \
|
||||
get_phost.c get_pw_tkt.c get_request.c get_svc_in_tkt.c \
|
||||
get_tf_fullname.c get_tf_realm.c getrealm.c getst.c in_tkt.c \
|
||||
k_gethostname.c klog.c kname_parse.c kntoln.c kparse.c \
|
||||
krb_err_txt.c krb_get_in_tkt.c kuserok.c log.c mk_err.c \
|
||||
mk_priv.c mk_req.c mk_safe.c month_sname.c \
|
||||
netread.c netwrite.c one.c pkt_cipher.c pkt_clen.c rd_err.c \
|
||||
rd_priv.c rd_req.c rd_safe.c read_service_key.c recvauth.c \
|
||||
save_credentials.c send_to_kdc.c sendauth.c stime.c tf_util.c \
|
||||
tkt_string.c util.c
|
||||
|
||||
TDIR= ${.CURDIR}/..
|
||||
krb_err.c krb_err.h: krb_err.et
|
||||
test -e krb_err.et || ln -s ${.CURDIR}/krb_err.et .
|
||||
${COMPILE_ET} krb_err.et
|
||||
LDADD+= -lcom_err
|
||||
|
||||
beforeinstall:
|
||||
-cd ${.OBJDIR}; cmp -s krb_err.h \
|
||||
${DESTDIR}/usr/include/kerberosIV/krb_err.h || \
|
||||
install -c -o ${BINOWN} -g ${BINGRP} -m 444 krb_err.h \
|
||||
${DESTDIR}/usr/include/kerberosIV
|
||||
|
||||
MAN3= krb.3 krb_realmofhost.3 krb_sendauth.3 krb_set_tkt_string.3 \
|
||||
kuserok.3 tf_util.3
|
||||
|
||||
MLINKS= krb.3 krb_mk_req.3 krb.3 krb_rd_req.3 krb.3 krb_kntoln.3 \
|
||||
krb.3 krb_set_key.3 krb.3 krb_get_cred.3 krb.3 krb_mk_priv.3 \
|
||||
krb.3 krb_rd_priv.3 krb.3 krb_mk_safe.3 krb.3 krb_rd_safe.3 \
|
||||
krb.3 krb_mk_err.3 krb.3 krb_rd_err.3 krb.3 krb_ck_repl.3
|
||||
|
||||
MLINKS+=krb_realmofhost.3 krb_get_phost.3 krb_realmofhost.3 krb_get_krbhst.3 \
|
||||
krb_realmofhost.3 krb_get_admhst.3 krb_realmofhost.3 krb_get_lrealm.3
|
||||
|
||||
MLINKS+=krb_realmofhost.3 realm.3
|
||||
|
||||
MLINKS+=krb_sendauth.3 krb_recvauth.3 krb_sendauth.3 krb_net_write.3 \
|
||||
krb_sendauth.3 krb_net_read.3
|
||||
|
||||
MLINKS+=krb_sendauth.3 ksend.3
|
||||
|
||||
MLINKS+=tf_util.3 tf_init.3 tf_util.3 tf_get_pname.3 \
|
||||
tf_util.3 tf_get_pinst.3 tf_util.3 tf_get_cred.3 \
|
||||
tf_util.3 tf_close.3
|
||||
|
||||
.include <bsd.lib.mk>
|
||||
@@ -1,91 +0,0 @@
|
||||
/*
|
||||
* Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
|
||||
* of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: add_ticket.c,v 4.7 88/10/07 06:06:26 shanzer Exp $
|
||||
* $Id: add_ticket.c,v 1.3 1995/07/18 16:38:04 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: add_ticket.c,v 1.3 1995/07/18 16:38:04 mark Exp $";
|
||||
#endif /* lint */
|
||||
#endif
|
||||
|
||||
#include <krb.h>
|
||||
#include <prot.h>
|
||||
#include <strings.h>
|
||||
|
||||
/*
|
||||
* This routine is now obsolete. It used to be possible to request
|
||||
* more than one ticket at a time from the authentication server, and
|
||||
* it looks like this routine was used by the server to package the
|
||||
* tickets to be returned to the client.
|
||||
*/
|
||||
|
||||
/*
|
||||
* This routine adds a new ticket to the ciphertext to be returned to
|
||||
* the client. The routine takes the ciphertext (which doesn't get
|
||||
* encrypted till later), the number of the ticket (i.e. 1st, 2nd,
|
||||
* etc) the session key which goes in the ticket and is sent back to
|
||||
* the user, the lifetime for the ticket, the service name, the
|
||||
* instance, the realm, the key version number, and the ticket itself.
|
||||
*
|
||||
* This routine returns 0 (KSUCCESS) on success, and 1 (KFAILURE) on
|
||||
* failure. On failure, which occurs when there isn't enough room
|
||||
* for the ticket, a 0 length ticket is added.
|
||||
*
|
||||
* Notes: This routine must be called with successive values of n.
|
||||
* i.e. the ticket must be added in order. The corresponding routine
|
||||
* on the client side is extract ticket.
|
||||
*/
|
||||
|
||||
/* XXX they aren't all used; to avoid incompatible changes we will
|
||||
* fool lint for the moment */
|
||||
/*ARGSUSED */
|
||||
int
|
||||
add_ticket(cipher,n,session,lifetime,sname,instance,realm,kvno,ticket)
|
||||
KTEXT cipher; /* Ciphertext info for ticket */
|
||||
char *sname; /* Service name */
|
||||
char *instance; /* Instance */
|
||||
int n; /* Relative position of this ticket */
|
||||
char *session; /* Session key for this tkt */
|
||||
int lifetime; /* Lifetime of this ticket */
|
||||
char *realm; /* Realm in which ticket is valid */
|
||||
int kvno; /* Key version number of service key */
|
||||
KTEXT ticket; /* The ticket itself */
|
||||
{
|
||||
|
||||
/* Note, the 42 is a temporary hack; it will have to be changed. */
|
||||
|
||||
/* Begin check of ticket length */
|
||||
if ((cipher->length + ticket->length + 4 + 42 +
|
||||
(*(cipher->dat)+1-n)*(11+strlen(realm))) >
|
||||
MAX_KTXT_LEN) {
|
||||
bcopy(session,(char *)(cipher->dat+cipher->length),8);
|
||||
*(cipher->dat+cipher->length+8) = (char) lifetime;
|
||||
*(cipher->dat+cipher->length+9) = (char) kvno;
|
||||
(void) strcpy((char *)(cipher->dat+cipher->length+10),realm);
|
||||
cipher->length += 11 + strlen(realm);
|
||||
*(cipher->dat+n) = 0;
|
||||
return(KFAILURE);
|
||||
}
|
||||
/* End check of ticket length */
|
||||
|
||||
/* Add the session key, lifetime, kvno, ticket to the ciphertext */
|
||||
bcopy(session,(char *)(cipher->dat+cipher->length),8);
|
||||
*(cipher->dat+cipher->length+8) = (char) lifetime;
|
||||
*(cipher->dat+cipher->length+9) = (char) kvno;
|
||||
(void) strcpy((char *)(cipher->dat+cipher->length+10),realm);
|
||||
cipher->length += 11 + strlen(realm);
|
||||
bcopy((char *)(ticket->dat),(char *)(cipher->dat+cipher->length),
|
||||
ticket->length);
|
||||
cipher->length += ticket->length;
|
||||
|
||||
/* Set the ticket length at beginning of ciphertext */
|
||||
*(cipher->dat+n) = ticket->length;
|
||||
return(KSUCCESS);
|
||||
}
|
||||
@@ -1,118 +0,0 @@
|
||||
/*
|
||||
* Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
|
||||
* of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: create_auth_reply.c,v 4.10 89/01/13 17:47:38 steiner Exp $
|
||||
* $Id: create_auth_reply.c,v 1.3 1995/07/18 16:38:06 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char *rcsid =
|
||||
"$Id: create_auth_reply.c,v 1.3 1995/07/18 16:38:06 mark Exp $";
|
||||
#endif /* lint */
|
||||
#endif
|
||||
|
||||
#include <krb.h>
|
||||
#include <prot.h>
|
||||
#include <strings.h>
|
||||
|
||||
/*
|
||||
* This routine is called by the Kerberos authentication server
|
||||
* to create a reply to an authentication request. The routine
|
||||
* takes the user's name, instance, and realm, the client's
|
||||
* timestamp, the number of tickets, the user's key version
|
||||
* number and the ciphertext containing the tickets themselves.
|
||||
* It constructs a packet and returns a pointer to it.
|
||||
*
|
||||
* Notes: The packet returned by this routine is static. Thus, if you
|
||||
* intend to keep the result beyond the next call to this routine, you
|
||||
* must copy it elsewhere.
|
||||
*
|
||||
* The packet is built in the following format:
|
||||
*
|
||||
* variable
|
||||
* type or constant data
|
||||
* ---- ----------- ----
|
||||
*
|
||||
* unsigned char KRB_PROT_VERSION protocol version number
|
||||
*
|
||||
* unsigned char AUTH_MSG_KDC_REPLY protocol message type
|
||||
*
|
||||
* [least significant HOST_BYTE_ORDER sender's (server's) byte
|
||||
* bit of above field] order
|
||||
*
|
||||
* string pname principal's name
|
||||
*
|
||||
* string pinst principal's instance
|
||||
*
|
||||
* string prealm principal's realm
|
||||
*
|
||||
* unsigned long time_ws client's timestamp
|
||||
*
|
||||
* unsigned char n number of tickets
|
||||
*
|
||||
* unsigned long x_date expiration date
|
||||
*
|
||||
* unsigned char kvno master key version
|
||||
*
|
||||
* short w_1 cipher length
|
||||
*
|
||||
* --- cipher->dat cipher data
|
||||
*/
|
||||
|
||||
KTEXT
|
||||
create_auth_reply(pname,pinst,prealm,time_ws,n,x_date,kvno,cipher)
|
||||
char *pname; /* Principal's name */
|
||||
char *pinst; /* Principal's instance */
|
||||
char *prealm; /* Principal's authentication domain */
|
||||
long time_ws; /* Workstation time */
|
||||
int n; /* Number of tickets */
|
||||
unsigned long x_date; /* Principal's expiration date */
|
||||
int kvno; /* Principal's key version number */
|
||||
KTEXT cipher; /* Cipher text with tickets and
|
||||
* session keys */
|
||||
{
|
||||
static KTEXT_ST pkt_st;
|
||||
KTEXT pkt = &pkt_st;
|
||||
unsigned char *v = pkt->dat; /* Prot vers number */
|
||||
unsigned char *t = (pkt->dat+1); /* Prot message type */
|
||||
short w_l; /* Cipher length */
|
||||
|
||||
/* Create fixed part of packet */
|
||||
*v = (unsigned char) KRB_PROT_VERSION;
|
||||
*t = (unsigned char) AUTH_MSG_KDC_REPLY;
|
||||
*t |= HOST_BYTE_ORDER;
|
||||
|
||||
if (n != 0)
|
||||
*v = 3;
|
||||
|
||||
/* Add the basic info */
|
||||
(void) strcpy((char *) (pkt->dat+2), pname);
|
||||
pkt->length = 3 + strlen(pname);
|
||||
(void) strcpy((char *) (pkt->dat+pkt->length),pinst);
|
||||
pkt->length += 1 + strlen(pinst);
|
||||
(void) strcpy((char *) (pkt->dat+pkt->length),prealm);
|
||||
pkt->length += 1 + strlen(prealm);
|
||||
/* Workstation timestamp */
|
||||
bcopy((char *) &time_ws, (char *) (pkt->dat+pkt->length), 4);
|
||||
pkt->length += 4;
|
||||
*(pkt->dat+(pkt->length)++) = (unsigned char) n;
|
||||
/* Expiration date */
|
||||
bcopy((char *) &x_date, (char *) (pkt->dat+pkt->length),4);
|
||||
pkt->length += 4;
|
||||
|
||||
/* Now send the ciphertext and info to help decode it */
|
||||
*(pkt->dat+(pkt->length)++) = (unsigned char) kvno;
|
||||
w_l = (short) cipher->length;
|
||||
bcopy((char *) &w_l,(char *) (pkt->dat+pkt->length),2);
|
||||
pkt->length += 2;
|
||||
bcopy((char *) (cipher->dat), (char *) (pkt->dat+pkt->length),
|
||||
cipher->length);
|
||||
pkt->length += cipher->length;
|
||||
|
||||
/* And return the packet */
|
||||
return pkt;
|
||||
}
|
||||
@@ -1,112 +0,0 @@
|
||||
/*
|
||||
* Copyright 1986, 1987, 1988 by the Massachusetts Institute
|
||||
* of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: create_ciph.c,v 4.8 89/05/18 21:24:26 jis Exp $
|
||||
* $Id: create_ciph.c,v 1.3 1995/07/18 16:38:07 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char *rcsid =
|
||||
"$Id: create_ciph.c,v 1.3 1995/07/18 16:38:07 mark Exp $";
|
||||
#endif /* lint */
|
||||
#endif
|
||||
|
||||
#include <krb.h>
|
||||
#include <des.h>
|
||||
#include <strings.h>
|
||||
|
||||
/*
|
||||
* This routine is used by the authentication server to create
|
||||
* a packet for its client, containing a ticket for the requested
|
||||
* service (given in "tkt"), and some information about the ticket,
|
||||
*
|
||||
* Returns KSUCCESS no matter what.
|
||||
*
|
||||
* The length of the cipher is stored in c->length; the format of
|
||||
* c->dat is as follows:
|
||||
*
|
||||
* variable
|
||||
* type or constant data
|
||||
* ---- ----------- ----
|
||||
*
|
||||
*
|
||||
* 8 bytes session session key for client, service
|
||||
*
|
||||
* string service service name
|
||||
*
|
||||
* string instance service instance
|
||||
*
|
||||
* string realm KDC realm
|
||||
*
|
||||
* unsigned char life ticket lifetime
|
||||
*
|
||||
* unsigned char kvno service key version number
|
||||
*
|
||||
* unsigned char tkt->length length of following ticket
|
||||
*
|
||||
* data tkt->dat ticket for service
|
||||
*
|
||||
* 4 bytes kdc_time KDC's timestamp
|
||||
*
|
||||
* <=7 bytes null null pad to 8 byte multiple
|
||||
*
|
||||
*/
|
||||
|
||||
int
|
||||
create_ciph(c, session, service, instance, realm, life, kvno, tkt,
|
||||
kdc_time, key)
|
||||
KTEXT c; /* Text block to hold ciphertext */
|
||||
C_Block session; /* Session key to send to user */
|
||||
char *service; /* Service name on ticket */
|
||||
char *instance; /* Instance name on ticket */
|
||||
char *realm; /* Realm of this KDC */
|
||||
unsigned long life; /* Lifetime of the ticket */
|
||||
int kvno; /* Key version number for service */
|
||||
KTEXT tkt; /* The ticket for the service */
|
||||
unsigned long kdc_time; /* KDC time */
|
||||
C_Block key; /* Key to encrypt ciphertext with */
|
||||
{
|
||||
char *ptr;
|
||||
Key_schedule key_s;
|
||||
|
||||
ptr = (char *) c->dat;
|
||||
|
||||
bcopy((char *) session, ptr, 8);
|
||||
ptr += 8;
|
||||
|
||||
(void) strcpy(ptr,service);
|
||||
ptr += strlen(service) + 1;
|
||||
|
||||
(void) strcpy(ptr,instance);
|
||||
ptr += strlen(instance) + 1;
|
||||
|
||||
(void) strcpy(ptr,realm);
|
||||
ptr += strlen(realm) + 1;
|
||||
|
||||
*(ptr++) = (unsigned char) life;
|
||||
*(ptr++) = (unsigned char) kvno;
|
||||
*(ptr++) = (unsigned char) tkt->length;
|
||||
|
||||
bcopy((char *)(tkt->dat),ptr,tkt->length);
|
||||
ptr += tkt->length;
|
||||
|
||||
bcopy((char *) &kdc_time,ptr,4);
|
||||
ptr += 4;
|
||||
|
||||
/* guarantee null padded encrypted data to multiple of 8 bytes */
|
||||
bzero(ptr, 7);
|
||||
|
||||
c->length = (((ptr - (char *) c->dat) + 7) / 8) * 8;
|
||||
|
||||
#ifndef NOENCRYPTION
|
||||
key_sched((C_Block *)key,key_s);
|
||||
pcbc_encrypt((C_Block *)c->dat,(C_Block *)c->dat,(long) c->length,key_s,
|
||||
(C_Block *)key,ENCRYPT);
|
||||
#endif /* NOENCRYPTION */
|
||||
|
||||
return(KSUCCESS);
|
||||
}
|
||||
@@ -1,65 +0,0 @@
|
||||
/*
|
||||
* Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
|
||||
* of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: create_death_packet.c,v 4.9 89/01/17 16:05:59 rfrench Exp $
|
||||
* $Id: create_death_packet.c,v 1.3 1995/07/18 16:38:09 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char *rcsid =
|
||||
"$Id: create_death_packet.c,v 1.3 1995/07/18 16:38:09 mark Exp $";
|
||||
#endif /* lint */
|
||||
#endif
|
||||
|
||||
#include <krb.h>
|
||||
#include <prot.h>
|
||||
#include <strings.h>
|
||||
|
||||
/*
|
||||
* This routine creates a packet to type AUTH_MSG_DIE which is sent to
|
||||
* the Kerberos server to make it shut down. It is used only in the
|
||||
* development environment.
|
||||
*
|
||||
* It takes a string "a_name" which is sent in the packet. A pointer
|
||||
* to the packet is returned.
|
||||
*
|
||||
* The format of the killer packet is:
|
||||
*
|
||||
* type variable data
|
||||
* or constant
|
||||
* ---- ----------- ----
|
||||
*
|
||||
* unsigned char KRB_PROT_VERSION protocol version number
|
||||
*
|
||||
* unsigned char AUTH_MSG_DIE message type
|
||||
*
|
||||
* [least significant HOST_BYTE_ORDER byte order of sender
|
||||
* bit of above field]
|
||||
*
|
||||
* string a_name presumably, name of
|
||||
* principal sending killer
|
||||
* packet
|
||||
*/
|
||||
|
||||
#ifdef DEBUG
|
||||
KTEXT
|
||||
krb_create_death_packet(a_name)
|
||||
char *a_name;
|
||||
{
|
||||
static KTEXT_ST pkt_st;
|
||||
KTEXT pkt = &pkt_st;
|
||||
|
||||
unsigned char *v = pkt->dat;
|
||||
unsigned char *t = (pkt->dat+1);
|
||||
*v = (unsigned char) KRB_PROT_VERSION;
|
||||
*t = (unsigned char) AUTH_MSG_DIE;
|
||||
*t |= HOST_BYTE_ORDER;
|
||||
(void) strcpy((char *) (pkt->dat+2),a_name);
|
||||
pkt->length = 3 + strlen(a_name);
|
||||
return pkt;
|
||||
}
|
||||
#endif /* DEBUG */
|
||||
@@ -1,132 +0,0 @@
|
||||
/*
|
||||
* Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
|
||||
* of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: create_ticket.c,v 4.11 89/03/22 14:43:23 jtkohl Exp $
|
||||
* $Id: create_ticket.c,v 1.3 1995/07/18 16:38:12 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: create_ticket.c,v 1.3 1995/07/18 16:38:12 mark Exp $";
|
||||
#endif /* lint */
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <des.h>
|
||||
#include <krb.h>
|
||||
#include <prot.h>
|
||||
#include <strings.h>
|
||||
|
||||
/*
|
||||
* Create ticket takes as arguments information that should be in a
|
||||
* ticket, and the KTEXT object in which the ticket should be
|
||||
* constructed. It then constructs a ticket and returns, leaving the
|
||||
* newly created ticket in tkt.
|
||||
* The length of the ticket is a multiple of
|
||||
* eight bytes and is in tkt->length.
|
||||
*
|
||||
* If the ticket is too long, the ticket will contain nulls.
|
||||
* The return value of the routine is undefined.
|
||||
*
|
||||
* The corresponding routine to extract information from a ticket it
|
||||
* decomp_ticket. When changes are made to this routine, the
|
||||
* corresponding changes should also be made to that file.
|
||||
*
|
||||
* The packet is built in the following format:
|
||||
*
|
||||
* variable
|
||||
* type or constant data
|
||||
* ---- ----------- ----
|
||||
*
|
||||
* tkt->length length of ticket (multiple of 8 bytes)
|
||||
*
|
||||
* tkt->dat:
|
||||
*
|
||||
* unsigned char flags namely, HOST_BYTE_ORDER
|
||||
*
|
||||
* string pname client's name
|
||||
*
|
||||
* string pinstance client's instance
|
||||
*
|
||||
* string prealm client's realm
|
||||
*
|
||||
* 4 bytes paddress client's address
|
||||
*
|
||||
* 8 bytes session session key
|
||||
*
|
||||
* 1 byte life ticket lifetime
|
||||
*
|
||||
* 4 bytes time_sec KDC timestamp
|
||||
*
|
||||
* string sname service's name
|
||||
*
|
||||
* string sinstance service's instance
|
||||
*
|
||||
* <=7 bytes null null pad to 8 byte multiple
|
||||
*
|
||||
*/
|
||||
|
||||
int krb_create_ticket(tkt, flags, pname, pinstance, prealm, paddress,
|
||||
session, life, time_sec, sname, sinstance, key)
|
||||
KTEXT tkt; /* Gets filled in by the ticket */
|
||||
unsigned char flags; /* Various Kerberos flags */
|
||||
char *pname; /* Principal's name */
|
||||
char *pinstance; /* Principal's instance */
|
||||
char *prealm; /* Principal's authentication domain */
|
||||
long paddress; /* Net address of requesting entity */
|
||||
char *session; /* Session key inserted in ticket */
|
||||
short life; /* Lifetime of the ticket */
|
||||
long time_sec; /* Issue time and date */
|
||||
char *sname; /* Service Name */
|
||||
char *sinstance; /* Instance Name */
|
||||
C_Block key; /* Service's secret key */
|
||||
{
|
||||
Key_schedule key_s;
|
||||
register char *data; /* running index into ticket */
|
||||
|
||||
tkt->length = 0; /* Clear previous data */
|
||||
flags |= HOST_BYTE_ORDER; /* ticket byte order */
|
||||
bcopy((char *) &flags,(char *) (tkt->dat),sizeof(flags));
|
||||
data = ((char *)tkt->dat) + sizeof(flags);
|
||||
(void) strcpy(data, pname);
|
||||
data += 1 + strlen(pname);
|
||||
(void) strcpy(data, pinstance);
|
||||
data += 1 + strlen(pinstance);
|
||||
(void) strcpy(data, prealm);
|
||||
data += 1 + strlen(prealm);
|
||||
bcopy((char *) &paddress, data, 4);
|
||||
data += 4;
|
||||
|
||||
bcopy((char *) session, data, 8);
|
||||
data += 8;
|
||||
*(data++) = (char) life;
|
||||
/* issue time */
|
||||
bcopy((char *) &time_sec, data, 4);
|
||||
data += 4;
|
||||
(void) strcpy(data, sname);
|
||||
data += 1 + strlen(sname);
|
||||
(void) strcpy(data, sinstance);
|
||||
data += 1 + strlen(sinstance);
|
||||
|
||||
/* guarantee null padded ticket to multiple of 8 bytes */
|
||||
bzero(data, 7);
|
||||
tkt->length = ((data - ((char *)tkt->dat) + 7)/8)*8;
|
||||
|
||||
/* Check length of ticket */
|
||||
if (tkt->length > (sizeof(KTEXT_ST) - 7)) {
|
||||
bzero(tkt->dat, tkt->length);
|
||||
tkt->length = 0;
|
||||
return KFAILURE /* XXX */;
|
||||
}
|
||||
|
||||
#ifndef NOENCRYPTION
|
||||
key_sched((C_Block *)key,key_s);
|
||||
pcbc_encrypt((C_Block *)tkt->dat,(C_Block *)tkt->dat,(long)tkt->length,
|
||||
key_s,(C_Block *)key,ENCRYPT);
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
@@ -1,20 +0,0 @@
|
||||
/*
|
||||
* Copyright 1988 by the Massachusetts Institute of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: debug_decl.c,v 4.5 88/10/07 06:07:49 shanzer Exp $
|
||||
* $Id: debug_decl.c,v 1.3 1995/07/18 16:38:14 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: debug_decl.c,v 1.3 1995/07/18 16:38:14 mark Exp $";
|
||||
#endif lint
|
||||
#endif
|
||||
|
||||
/* Declare global debugging variables. */
|
||||
|
||||
int krb_ap_req_debug = 0;
|
||||
int krb_debug = 0;
|
||||
@@ -1,126 +0,0 @@
|
||||
/*
|
||||
* Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
|
||||
* of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: decomp_ticket.c,v 4.12 89/05/16 18:44:46 jtkohl Exp $
|
||||
* $Id: decomp_ticket.c,v 1.3 1995/07/18 16:38:15 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char *rcsid =
|
||||
"$Id: decomp_ticket.c,v 1.3 1995/07/18 16:38:15 mark Exp $";
|
||||
#endif /* lint */
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <des.h>
|
||||
#include <krb.h>
|
||||
#include <prot.h>
|
||||
#include <strings.h>
|
||||
|
||||
/*
|
||||
* This routine takes a ticket and pointers to the variables that
|
||||
* should be filled in based on the information in the ticket. It
|
||||
* fills in values for its arguments.
|
||||
*
|
||||
* Note: if the client realm field in the ticket is the null string,
|
||||
* then the "prealm" variable is filled in with the local realm (as
|
||||
* defined by KRB_REALM).
|
||||
*
|
||||
* If the ticket byte order is different than the host's byte order
|
||||
* (as indicated by the byte order bit of the "flags" field), then
|
||||
* the KDC timestamp "time_sec" is byte-swapped. The other fields
|
||||
* potentially affected by byte order, "paddress" and "session" are
|
||||
* not byte-swapped.
|
||||
*
|
||||
* The routine returns KFAILURE if any of the "pname", "pinstance",
|
||||
* or "prealm" fields is too big, otherwise it returns KSUCCESS.
|
||||
*
|
||||
* The corresponding routine to generate tickets is create_ticket.
|
||||
* When changes are made to this routine, the corresponding changes
|
||||
* should also be made to that file.
|
||||
*
|
||||
* See create_ticket.c for the format of the ticket packet.
|
||||
*/
|
||||
|
||||
int
|
||||
decomp_ticket(tkt, flags, pname, pinstance, prealm, paddress, session,
|
||||
life, time_sec, sname, sinstance, key, key_s)
|
||||
KTEXT tkt; /* The ticket to be decoded */
|
||||
unsigned char *flags; /* Kerberos ticket flags */
|
||||
char *pname; /* Authentication name */
|
||||
char *pinstance; /* Principal's instance */
|
||||
char *prealm; /* Principal's authentication domain */
|
||||
unsigned long *paddress; /* Net address of entity
|
||||
* requesting ticket */
|
||||
C_Block session; /* Session key inserted in ticket */
|
||||
int *life; /* Lifetime of the ticket */
|
||||
unsigned long *time_sec; /* Issue time and date */
|
||||
char *sname; /* Service name */
|
||||
char *sinstance; /* Service instance */
|
||||
C_Block key; /* Service's secret key
|
||||
* (to decrypt the ticket) */
|
||||
Key_schedule key_s; /* The precomputed key schedule */
|
||||
{
|
||||
static int tkt_swap_bytes;
|
||||
unsigned char *uptr;
|
||||
char *ptr = (char *)tkt->dat;
|
||||
|
||||
#ifndef NOENCRYPTION
|
||||
pcbc_encrypt((C_Block *)tkt->dat,(C_Block *)tkt->dat,(long)tkt->length,
|
||||
key_s,(C_Block *)key,DECRYPT);
|
||||
#endif /* ! NOENCRYPTION */
|
||||
|
||||
*flags = *ptr; /* get flags byte */
|
||||
ptr += sizeof(*flags);
|
||||
tkt_swap_bytes = 0;
|
||||
if (HOST_BYTE_ORDER != ((*flags >> K_FLAG_ORDER)& 1))
|
||||
tkt_swap_bytes++;
|
||||
|
||||
if (strlen(ptr) > ANAME_SZ)
|
||||
return(KFAILURE);
|
||||
(void) strcpy(pname,ptr); /* pname */
|
||||
ptr += strlen(pname) + 1;
|
||||
|
||||
if (strlen(ptr) > INST_SZ)
|
||||
return(KFAILURE);
|
||||
(void) strcpy(pinstance,ptr); /* instance */
|
||||
ptr += strlen(pinstance) + 1;
|
||||
|
||||
if (strlen(ptr) > REALM_SZ)
|
||||
return(KFAILURE);
|
||||
(void) strcpy(prealm,ptr); /* realm */
|
||||
ptr += strlen(prealm) + 1;
|
||||
/* temporary hack until realms are dealt with properly */
|
||||
if (*prealm == 0)
|
||||
(void) strcpy(prealm,KRB_REALM);
|
||||
|
||||
bcopy(ptr,(char *)paddress,4); /* net address */
|
||||
ptr += 4;
|
||||
|
||||
bcopy(ptr,(char *)session,8); /* session key */
|
||||
ptr+= 8;
|
||||
#ifdef notdef /* DONT SWAP SESSION KEY spm 10/22/86 */
|
||||
if (tkt_swap_bytes)
|
||||
swap_C_Block(session);
|
||||
#endif
|
||||
|
||||
/* get lifetime, being certain we don't get negative lifetimes */
|
||||
uptr = (unsigned char *) ptr++;
|
||||
*life = (int) *uptr;
|
||||
|
||||
bcopy(ptr,(char *) time_sec,4); /* issue time */
|
||||
ptr += 4;
|
||||
if (tkt_swap_bytes)
|
||||
swap_u_long(*time_sec);
|
||||
|
||||
(void) strcpy(sname,ptr); /* service name */
|
||||
ptr += 1 + strlen(sname);
|
||||
|
||||
(void) strcpy(sinstance,ptr); /* instance */
|
||||
ptr += 1 + strlen(sinstance);
|
||||
return(KSUCCESS);
|
||||
}
|
||||
@@ -1,262 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1994 Geoffrey M. Rehmet, Rhodes University
|
||||
* All rights reserved.
|
||||
*
|
||||
* This code is derived from a specification based on software
|
||||
* which forms part of the 4.4BSD-Lite distribution, which was developed
|
||||
* by the University of California and its contributors.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the entire comment,
|
||||
* including the above copyright notice, this list of conditions
|
||||
* and the following disclaimer, verbatim, at the beginning of
|
||||
* the source file.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Geoffrey M. Rehmet
|
||||
* 4. Neither the name of Geoffrey M. Rehmet nor that of Rhodes University
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
|
||||
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
* IN NO EVENT SHALL GEOFFREY M. REHMET OR RHODES UNIVERSITY BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: des_rw.c,v 1.6 1995/07/18 16:38:17 mark Exp $
|
||||
*/
|
||||
|
||||
/*
|
||||
*
|
||||
* NB: THESE ROUTINES WILL FAIL IF NON-BLOCKING I/O IS USED.
|
||||
*
|
||||
*/
|
||||
|
||||
/*
|
||||
* Routines for reading and writing DES encrypted messages onto sockets.
|
||||
* (These routines will fail if non-blocking I/O is used.)
|
||||
*
|
||||
* When a message is written, its length is first transmitted as an int,
|
||||
* in network byte order. The encrypted message is then transmitted,
|
||||
* to a multiple of 8 bytes. Messages shorter than 8 bytes are right
|
||||
* justified into a buffer of length 8 bytes, and the remainder of the
|
||||
* buffer is filled with random garbage (before encryption):
|
||||
*
|
||||
* DDD -------->--+--------+
|
||||
* | |
|
||||
* +--+--+--+--+--+--+--+--+
|
||||
* |x |x |x |x |x |D |D |D |
|
||||
* +--+--+--+--+--+--+--+--+
|
||||
* | garbage | data |
|
||||
* | |
|
||||
* +-----------------------+----> des_pcbc_encrypt() -->
|
||||
*
|
||||
* (Note that the length field sent before the actual message specifies
|
||||
* the number of data bytes, not the length of the entire padded message.
|
||||
*
|
||||
* When data is read, if the message received is longer than the number
|
||||
* of bytes requested, then the remaining bytes are stored until the
|
||||
* following call to des_read(). If the number of bytes received is
|
||||
* less then the number of bytes received, then only the number of bytes
|
||||
* actually received is returned.
|
||||
*
|
||||
* This interface corresponds with the original des_rw.c, except for the
|
||||
* bugs in des_read() in the original 4.4BSD version. (One bug is
|
||||
* normally not visible, due to undocumented behaviour of
|
||||
* des_pcbc_encrypt() in the original MIT libdes.)
|
||||
*
|
||||
* XXX Todo:
|
||||
* 1) Give better error returns on writes
|
||||
* 2) Improve error checking on reads
|
||||
* 3) Get rid of need for extern decl. of krb_net_read()
|
||||
* 4) Tidy garbage generation a bit
|
||||
* 5) Make the above comment more readable
|
||||
*/
|
||||
|
||||
#ifdef CRYPT
|
||||
#ifdef KERBEROS
|
||||
|
||||
#ifndef BUFFER_LEN
|
||||
#define BUFFER_LEN 10240
|
||||
#endif
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <time.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <des.h>
|
||||
#include <krb.h>
|
||||
|
||||
static des_cblock des_key;
|
||||
static des_key_schedule key_schedule;
|
||||
|
||||
/*
|
||||
* Buffer for storing extra data when more data is received, then was
|
||||
* actually requested in des_read().
|
||||
*/
|
||||
static u_char des_buff[BUFFER_LEN];
|
||||
static u_char buffer[BUFFER_LEN];
|
||||
static unsigned stored = 0;
|
||||
static u_char *buff_ptr = buffer;
|
||||
|
||||
/*
|
||||
* Set the encryption key for des_read() and des_write().
|
||||
* inkey is the initial vector for the DES encryption, while insched is
|
||||
* the DES key, in unwrapped form.
|
||||
*/
|
||||
|
||||
int
|
||||
des_set_key(inkey, insched)
|
||||
des_cblock *inkey;
|
||||
des_key_schedule insched;
|
||||
{
|
||||
bcopy(inkey, des_key, sizeof(des_cblock));
|
||||
bcopy(insched, &key_schedule, sizeof(des_key_schedule));
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Clear the key schedule, and initial vector, which were previously
|
||||
* stored in static vars by des_set_key().
|
||||
*/
|
||||
void des_clear_key()
|
||||
{
|
||||
bzero(&des_key, sizeof(des_cblock));
|
||||
bzero(&key_schedule, sizeof(des_key_schedule));
|
||||
}
|
||||
|
||||
int
|
||||
des_read(fd, buf, len)
|
||||
int fd;
|
||||
register char * buf;
|
||||
int len;
|
||||
{
|
||||
int msg_length; /* length of actual message data */
|
||||
int pad_length; /* length of padded message */
|
||||
int nread; /* number of bytes actually read */
|
||||
int nreturned = 0;
|
||||
|
||||
if(stored >= len) {
|
||||
bcopy(buff_ptr, buf, len);
|
||||
stored -= len;
|
||||
buff_ptr += len;
|
||||
return(len);
|
||||
} else {
|
||||
if (stored) {
|
||||
bcopy(buff_ptr, buf, stored);
|
||||
nreturned = stored;
|
||||
len -= stored;
|
||||
stored = 0;
|
||||
buff_ptr = buffer;
|
||||
} else {
|
||||
nreturned = 0;
|
||||
buff_ptr = buffer;
|
||||
}
|
||||
}
|
||||
|
||||
nread = krb_net_read(fd, (char *)&msg_length, sizeof(msg_length));
|
||||
if(nread != (int)(sizeof(msg_length)))
|
||||
return(0);
|
||||
|
||||
msg_length = ntohl(msg_length);
|
||||
pad_length = roundup(msg_length, 8);
|
||||
|
||||
nread = krb_net_read(fd, des_buff, pad_length);
|
||||
if(nread != pad_length)
|
||||
return(0);
|
||||
|
||||
des_pcbc_encrypt((des_cblock*) des_buff, (des_cblock*) buff_ptr,
|
||||
(msg_length < 8 ? 8 : msg_length),
|
||||
key_schedule, (des_cblock*) &des_key, DES_DECRYPT);
|
||||
|
||||
|
||||
if(msg_length < 8)
|
||||
buff_ptr += (8 - msg_length);
|
||||
stored = msg_length;
|
||||
|
||||
if(stored >= len) {
|
||||
bcopy(buff_ptr, buf, len);
|
||||
stored -= len;
|
||||
buff_ptr += len;
|
||||
nreturned += len;
|
||||
} else {
|
||||
bcopy(buff_ptr, buf, stored);
|
||||
nreturned += stored;
|
||||
stored = 0;
|
||||
}
|
||||
|
||||
return(nreturned);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Write a message onto a file descriptor (generally a socket), using
|
||||
* DES to encrypt the message.
|
||||
*/
|
||||
int
|
||||
des_write(fd, buf, len)
|
||||
int fd;
|
||||
char * buf;
|
||||
int len;
|
||||
{
|
||||
static int seeded = 0;
|
||||
char garbage[8];
|
||||
long rnd;
|
||||
int pad_len;
|
||||
int write_len;
|
||||
int i;
|
||||
char *data;
|
||||
|
||||
if(len < 8) {
|
||||
/*
|
||||
* Right justify the message in 8 bytes of random garbage.
|
||||
*/
|
||||
if(!seeded) {
|
||||
seeded = 1;
|
||||
srandom((unsigned)time(NULL));
|
||||
}
|
||||
|
||||
for(i = 0 ; i < 8 ; i+= sizeof(long)) {
|
||||
rnd = random();
|
||||
bcopy(&rnd, garbage+i,
|
||||
(i <= (8 - sizeof(long)))?sizeof(long):(8-i));
|
||||
}
|
||||
bcopy(buf, garbage + 8 - len, len);
|
||||
data = garbage;
|
||||
pad_len = 8;
|
||||
} else {
|
||||
data = buf;
|
||||
pad_len = roundup(len, 8);
|
||||
}
|
||||
|
||||
des_pcbc_encrypt((des_cblock*) data, (des_cblock*) des_buff,
|
||||
(len < 8)?8:len, key_schedule, (des_cblock*) &des_key, DES_ENCRYPT);
|
||||
|
||||
|
||||
write_len = htonl(len);
|
||||
if(write(fd, &write_len, sizeof(write_len)) != sizeof(write_len))
|
||||
return(-1);
|
||||
if(write(fd, des_buff, pad_len) != pad_len)
|
||||
return(-1);
|
||||
|
||||
return(len);
|
||||
}
|
||||
|
||||
#endif /* KERBEROS */
|
||||
#endif /* CRYPT */
|
||||
@@ -1,92 +0,0 @@
|
||||
/*
|
||||
* Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
|
||||
* of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: dest_tkt.c,v 4.9 89/10/02 16:23:07 jtkohl Exp $
|
||||
* $Id: dest_tkt.c,v 1.3 1995/07/18 16:38:19 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char *rcsid =
|
||||
"$Id: dest_tkt.c,v 1.3 1995/07/18 16:38:19 mark Exp $";
|
||||
#endif /* lint */
|
||||
#endif
|
||||
|
||||
#include <unistd.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <krb.h>
|
||||
#include <sys/file.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#ifdef TKT_SHMEM
|
||||
#include <sys/param.h>
|
||||
#endif
|
||||
#include <errno.h>
|
||||
|
||||
/*
|
||||
* dest_tkt() is used to destroy the ticket store upon logout.
|
||||
* If the ticket file does not exist, dest_tkt() returns RET_TKFIL.
|
||||
* Otherwise the function returns RET_OK on success, KFAILURE on
|
||||
* failure.
|
||||
*
|
||||
* The ticket file (TKT_FILE) is defined in "krb.h".
|
||||
*/
|
||||
|
||||
int
|
||||
dest_tkt()
|
||||
{
|
||||
char *file = TKT_FILE;
|
||||
int i,fd;
|
||||
extern int errno;
|
||||
struct stat statb;
|
||||
char buf[BUFSIZ];
|
||||
#ifdef TKT_SHMEM
|
||||
char shmidname[MAXPATHLEN];
|
||||
#endif /* TKT_SHMEM */
|
||||
|
||||
errno = 0;
|
||||
if (lstat(file,&statb) < 0)
|
||||
goto out;
|
||||
|
||||
if (!(statb.st_mode & S_IFREG)
|
||||
#ifdef notdef
|
||||
|| statb.st_mode & 077
|
||||
#endif
|
||||
)
|
||||
goto out;
|
||||
|
||||
if ((fd = open(file, O_RDWR, 0)) < 0)
|
||||
goto out;
|
||||
|
||||
bzero(buf, BUFSIZ);
|
||||
|
||||
for (i = 0; i < statb.st_size; i += BUFSIZ)
|
||||
if (write(fd, buf, BUFSIZ) != BUFSIZ) {
|
||||
(void) fsync(fd);
|
||||
(void) close(fd);
|
||||
goto out;
|
||||
}
|
||||
|
||||
(void) fsync(fd);
|
||||
(void) close(fd);
|
||||
|
||||
(void) unlink(file);
|
||||
|
||||
out:
|
||||
if (errno == ENOENT) return RET_TKFIL;
|
||||
else if (errno != 0) return KFAILURE;
|
||||
#ifdef TKT_SHMEM
|
||||
/*
|
||||
* handle the shared memory case
|
||||
*/
|
||||
(void) strcpy(shmidname, file);
|
||||
(void) strcat(shmidname, ".shm");
|
||||
if ((i = krb_shm_dest(shmidname)) != KSUCCESS)
|
||||
return(i);
|
||||
#endif /* TKT_SHMEM */
|
||||
return(KSUCCESS);
|
||||
}
|
||||
@@ -1,61 +0,0 @@
|
||||
/*
|
||||
* Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
|
||||
* of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: extract_ticket.c,v 4.6 88/10/07 06:08:15 shanzer Exp $
|
||||
* $Id: extract_ticket.c,v 1.3 1995/07/18 16:38:21 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char *rcsid =
|
||||
"$Id: extract_ticket.c,v 1.3 1995/07/18 16:38:21 mark Exp $";
|
||||
#endif /* lint */
|
||||
#endif
|
||||
|
||||
#include <krb.h>
|
||||
#include <prot.h>
|
||||
#include <strings.h>
|
||||
|
||||
/*
|
||||
* This routine is obsolete.
|
||||
*
|
||||
* This routine accepts the ciphertext returned by kerberos and
|
||||
* extracts the nth ticket. It also fills in the variables passed as
|
||||
* session, liftime and kvno.
|
||||
*/
|
||||
|
||||
void
|
||||
extract_ticket(cipher,n,session,lifetime,kvno,realm,ticket)
|
||||
KTEXT cipher; /* The ciphertext */
|
||||
int n; /* Which ticket */
|
||||
char *session; /* The session key for this tkt */
|
||||
int *lifetime; /* The life of this ticket */
|
||||
int *kvno; /* The kvno for the service */
|
||||
char *realm; /* Realm in which tkt issued */
|
||||
KTEXT ticket; /* The ticket itself */
|
||||
{
|
||||
char *ptr;
|
||||
int i;
|
||||
|
||||
/* Start after the ticket lengths */
|
||||
ptr = (char *) cipher->dat;
|
||||
ptr = ptr + 1 + (int) *(cipher->dat);
|
||||
|
||||
/* Step through earlier tickets */
|
||||
for (i = 1; i < n; i++)
|
||||
ptr = ptr + 11 + strlen(ptr+10) + (int) *(cipher->dat+i);
|
||||
bcopy(ptr, (char *) session, 8); /* Save the session key */
|
||||
ptr += 8;
|
||||
*lifetime = *(ptr++); /* Save the life of the ticket */
|
||||
*kvno = *(ptr++); /* Save the kvno */
|
||||
(void) strcpy(realm,ptr); /* instance */
|
||||
ptr += strlen(realm) + 1;
|
||||
|
||||
/* Save the ticket if its length is non zero */
|
||||
ticket->length = *(cipher->dat+n);
|
||||
if (ticket->length)
|
||||
bcopy(ptr, (char *) (ticket->dat), ticket->length);
|
||||
}
|
||||
@@ -1,42 +0,0 @@
|
||||
/*
|
||||
* Copyright 1987, 1988 by the Massachusetts Institute of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: fgetst.c,v 4.0 89/01/23 10:08:31 jtkohl Exp $
|
||||
* $Id: fgetst.c,v 1.3 1995/07/18 16:38:23 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: fgetst.c,v 1.3 1995/07/18 16:38:23 mark Exp $";
|
||||
#endif /* lint */
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
|
||||
/*
|
||||
* fgetst takes a file descriptor, a character pointer, and a count.
|
||||
* It reads from the file it has either read "count" characters, or
|
||||
* until it reads a null byte. When finished, what has been read exists
|
||||
* in "s". If "count" characters were actually read, the last is changed
|
||||
* to a null, so the returned string is always null-terminated. fgetst
|
||||
* returns the number of characters read, including the null terminator.
|
||||
*/
|
||||
|
||||
int
|
||||
fgetst(f, s, n)
|
||||
FILE *f;
|
||||
register char *s;
|
||||
int n;
|
||||
{
|
||||
register int count = n;
|
||||
int ch; /* NOT char; otherwise you don't see EOF */
|
||||
|
||||
while ((ch = getc(f)) != EOF && ch && --count) {
|
||||
*s++ = ch;
|
||||
}
|
||||
*s = '\0';
|
||||
return (n - count);
|
||||
}
|
||||
@@ -1,237 +0,0 @@
|
||||
/*
|
||||
* Copyright 1986, 1987, 1988 by the Massachusetts Institute
|
||||
* of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: get_ad_tkt.c,v 4.15 89/07/07 15:18:51 jtkohl Exp $
|
||||
* $Id: get_ad_tkt.c,v 1.3 1995/07/18 16:38:25 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: get_ad_tkt.c,v 1.3 1995/07/18 16:38:25 mark Exp $";
|
||||
#endif /* lint */
|
||||
#endif
|
||||
|
||||
#include <krb.h>
|
||||
#include <des.h>
|
||||
#include <prot.h>
|
||||
#include <strings.h>
|
||||
|
||||
#include <stdio.h>
|
||||
#include <errno.h>
|
||||
|
||||
/* use the bsd time.h struct defs for PC too! */
|
||||
#include <sys/time.h>
|
||||
#include <sys/types.h>
|
||||
|
||||
extern int krb_debug;
|
||||
|
||||
struct timeval tt_local = { 0, 0 };
|
||||
|
||||
int swap_bytes;
|
||||
unsigned long rep_err_code;
|
||||
|
||||
/*
|
||||
* get_ad_tkt obtains a new service ticket from Kerberos, using
|
||||
* the ticket-granting ticket which must be in the ticket file.
|
||||
* It is typically called by krb_mk_req() when the client side
|
||||
* of an application is creating authentication information to be
|
||||
* sent to the server side.
|
||||
*
|
||||
* get_ad_tkt takes four arguments: three pointers to strings which
|
||||
* contain the name, instance, and realm of the service for which the
|
||||
* ticket is to be obtained; and an integer indicating the desired
|
||||
* lifetime of the ticket.
|
||||
*
|
||||
* It returns an error status if the ticket couldn't be obtained,
|
||||
* or AD_OK if all went well. The ticket is stored in the ticket
|
||||
* cache.
|
||||
*
|
||||
* The request sent to the Kerberos ticket-granting service looks
|
||||
* like this:
|
||||
*
|
||||
* pkt->dat
|
||||
*
|
||||
* TEXT original contents of authenticator+ticket
|
||||
* pkt->dat built in krb_mk_req call
|
||||
*
|
||||
* 4 bytes time_ws always 0 (?)
|
||||
* char lifetime lifetime argument passed
|
||||
* string service service name argument
|
||||
* string sinstance service instance arg.
|
||||
*
|
||||
* See "prot.h" for the reply packet layout and definitions of the
|
||||
* extraction macros like pkt_version(), pkt_msg_type(), etc.
|
||||
*/
|
||||
|
||||
int
|
||||
get_ad_tkt(service,sinstance,realm,lifetime)
|
||||
char *service;
|
||||
char *sinstance;
|
||||
char *realm;
|
||||
int lifetime;
|
||||
{
|
||||
static KTEXT_ST pkt_st;
|
||||
KTEXT pkt = & pkt_st; /* Packet to KDC */
|
||||
static KTEXT_ST rpkt_st;
|
||||
KTEXT rpkt = &rpkt_st; /* Returned packet */
|
||||
static KTEXT_ST cip_st;
|
||||
KTEXT cip = &cip_st; /* Returned Ciphertext */
|
||||
static KTEXT_ST tkt_st;
|
||||
KTEXT tkt = &tkt_st; /* Current ticket */
|
||||
C_Block ses; /* Session key for tkt */
|
||||
CREDENTIALS cr;
|
||||
int kvno; /* Kvno for session key */
|
||||
char lrealm[REALM_SZ];
|
||||
C_Block key; /* Key for decrypting cipher */
|
||||
Key_schedule key_s;
|
||||
long time_ws = 0;
|
||||
|
||||
char s_name[SNAME_SZ];
|
||||
char s_instance[INST_SZ];
|
||||
int msg_byte_order;
|
||||
int kerror;
|
||||
char rlm[REALM_SZ];
|
||||
char *ptr;
|
||||
|
||||
unsigned long kdc_time; /* KDC time */
|
||||
|
||||
if ((kerror = krb_get_tf_realm(TKT_FILE, lrealm)) != KSUCCESS)
|
||||
return(kerror);
|
||||
|
||||
/* Create skeleton of packet to be sent */
|
||||
(void) gettimeofday(&tt_local,(struct timezone *) 0);
|
||||
|
||||
pkt->length = 0;
|
||||
|
||||
/*
|
||||
* Look for the session key (and other stuff we don't need)
|
||||
* in the ticket file for krbtgt.realm@lrealm where "realm"
|
||||
* is the service's realm (passed in "realm" argument) and
|
||||
* lrealm is the realm of our initial ticket. If we don't
|
||||
* have this, we will try to get it.
|
||||
*/
|
||||
|
||||
if ((kerror = krb_get_cred("krbtgt",realm,lrealm,&cr)) != KSUCCESS) {
|
||||
/*
|
||||
* If realm == lrealm, we have no hope, so let's not even try.
|
||||
*/
|
||||
if ((strncmp(realm, lrealm, REALM_SZ)) == 0)
|
||||
return(AD_NOTGT);
|
||||
else{
|
||||
if ((kerror =
|
||||
get_ad_tkt("krbtgt",realm,lrealm,lifetime)) != KSUCCESS)
|
||||
return(kerror);
|
||||
if ((kerror = krb_get_cred("krbtgt",realm,lrealm,&cr)) != KSUCCESS)
|
||||
return(kerror);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Make up a request packet to the "krbtgt.realm@lrealm".
|
||||
* Start by calling krb_mk_req() which puts ticket+authenticator
|
||||
* into "pkt". Then tack other stuff on the end.
|
||||
*/
|
||||
|
||||
kerror = krb_mk_req(pkt,"krbtgt",realm,lrealm,0L);
|
||||
|
||||
if (kerror)
|
||||
return(AD_NOTGT);
|
||||
|
||||
/* timestamp */
|
||||
bcopy((char *) &time_ws,(char *) (pkt->dat+pkt->length),4);
|
||||
pkt->length += 4;
|
||||
*(pkt->dat+(pkt->length)++) = (char) lifetime;
|
||||
(void) strcpy((char *) (pkt->dat+pkt->length),service);
|
||||
pkt->length += 1 + strlen(service);
|
||||
(void) strcpy((char *)(pkt->dat+pkt->length),sinstance);
|
||||
pkt->length += 1 + strlen(sinstance);
|
||||
|
||||
rpkt->length = 0;
|
||||
|
||||
/* Send the request to the local ticket-granting server */
|
||||
if ((kerror = send_to_kdc(pkt, rpkt, realm))) return(kerror);
|
||||
|
||||
/* check packet version of the returned packet */
|
||||
if (pkt_version(rpkt) != KRB_PROT_VERSION )
|
||||
return(INTK_PROT);
|
||||
|
||||
/* Check byte order */
|
||||
msg_byte_order = pkt_msg_type(rpkt) & 1;
|
||||
swap_bytes = 0;
|
||||
if (msg_byte_order != HOST_BYTE_ORDER)
|
||||
swap_bytes++;
|
||||
|
||||
switch (pkt_msg_type(rpkt) & ~1) {
|
||||
case AUTH_MSG_KDC_REPLY:
|
||||
break;
|
||||
case AUTH_MSG_ERR_REPLY:
|
||||
bcopy(pkt_err_code(rpkt), (char *) &rep_err_code, 4);
|
||||
if (swap_bytes)
|
||||
swap_u_long(rep_err_code);
|
||||
return(rep_err_code);
|
||||
|
||||
default:
|
||||
return(INTK_PROT);
|
||||
}
|
||||
|
||||
/* Extract the ciphertext */
|
||||
cip->length = pkt_clen(rpkt); /* let clen do the swap */
|
||||
|
||||
bcopy((char *) pkt_cipher(rpkt),(char *) (cip->dat),cip->length);
|
||||
|
||||
#ifndef NOENCRYPTION
|
||||
key_sched((C_Block *)cr.session,key_s);
|
||||
pcbc_encrypt((C_Block *)cip->dat,(C_Block *)cip->dat,(long)cip->length,
|
||||
key_s,(C_Block *)cr.session,DECRYPT);
|
||||
#endif
|
||||
/* Get rid of all traces of key */
|
||||
bzero((char *) cr.session, sizeof(key));
|
||||
bzero((char *) key_s, sizeof(key_s));
|
||||
|
||||
ptr = (char *) cip->dat;
|
||||
|
||||
bcopy(ptr,(char *)ses,8);
|
||||
ptr += 8;
|
||||
|
||||
(void) strcpy(s_name,ptr);
|
||||
ptr += strlen(s_name) + 1;
|
||||
|
||||
(void) strcpy(s_instance,ptr);
|
||||
ptr += strlen(s_instance) + 1;
|
||||
|
||||
(void) strcpy(rlm,ptr);
|
||||
ptr += strlen(rlm) + 1;
|
||||
|
||||
lifetime = (unsigned long) ptr[0];
|
||||
kvno = (unsigned long) ptr[1];
|
||||
tkt->length = (int) ptr[2];
|
||||
ptr += 3;
|
||||
bcopy(ptr,(char *)(tkt->dat),tkt->length);
|
||||
ptr += tkt->length;
|
||||
|
||||
if (strcmp(s_name, service) || strcmp(s_instance, sinstance) ||
|
||||
strcmp(rlm, realm)) /* not what we asked for */
|
||||
return(INTK_ERR); /* we need a better code here XXX */
|
||||
|
||||
/* check KDC time stamp */
|
||||
bcopy(ptr,(char *)&kdc_time,4); /* Time (coarse) */
|
||||
if (swap_bytes) swap_u_long(kdc_time);
|
||||
|
||||
ptr += 4;
|
||||
|
||||
(void) gettimeofday(&tt_local,(struct timezone *) 0);
|
||||
if (abs((int)(tt_local.tv_sec - kdc_time)) > CLOCK_SKEW) {
|
||||
return(RD_AP_TIME); /* XXX should probably be better
|
||||
code */
|
||||
}
|
||||
|
||||
if ((kerror = save_credentials(s_name,s_instance,rlm,ses,lifetime,
|
||||
kvno,tkt,tt_local.tv_sec)))
|
||||
return(kerror);
|
||||
|
||||
return(AD_OK);
|
||||
}
|
||||
@@ -1,82 +0,0 @@
|
||||
/*
|
||||
* Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
|
||||
* of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: get_admhst.c,v 4.0 89/01/23 10:08:55 jtkohl Exp $
|
||||
* $Id: get_admhst.c,v 1.3 1995/07/18 16:38:27 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char *rcsid =
|
||||
"$Id: get_admhst.c,v 1.3 1995/07/18 16:38:27 mark Exp $";
|
||||
#endif /* lint */
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <krb.h>
|
||||
#include <string.h>
|
||||
|
||||
/*
|
||||
* Given a Kerberos realm, find a host on which the Kerberos database
|
||||
* administration server can be found.
|
||||
*
|
||||
* krb_get_admhst takes a pointer to be filled in, a pointer to the name
|
||||
* of the realm for which a server is desired, and an integer n, and
|
||||
* returns (in h) the nth administrative host entry from the configuration
|
||||
* file (KRB_CONF, defined in "krb.h") associated with the specified realm.
|
||||
*
|
||||
* On error, get_admhst returns KFAILURE. If all goes well, the routine
|
||||
* returns KSUCCESS.
|
||||
*
|
||||
* For the format of the KRB_CONF file, see comments describing the routine
|
||||
* krb_get_krbhst().
|
||||
*
|
||||
* This is a temporary hack to allow us to find the nearest system running
|
||||
* a Kerberos admin server. In the long run, this functionality will be
|
||||
* provided by a nameserver.
|
||||
*/
|
||||
|
||||
int
|
||||
krb_get_admhst(h, r, n)
|
||||
char *h;
|
||||
char *r;
|
||||
int n;
|
||||
{
|
||||
FILE *cnffile;
|
||||
char tr[REALM_SZ];
|
||||
char linebuf[BUFSIZ];
|
||||
char scratch[64];
|
||||
register int i;
|
||||
|
||||
if ((cnffile = fopen(KRB_CONF,"r")) == NULL) {
|
||||
return(KFAILURE);
|
||||
}
|
||||
if (fgets(linebuf, BUFSIZ, cnffile) == NULL) {
|
||||
/* error reading */
|
||||
(void) fclose(cnffile);
|
||||
return(KFAILURE);
|
||||
}
|
||||
if (!index(linebuf, '\n')) {
|
||||
/* didn't all fit into buffer, punt */
|
||||
(void) fclose(cnffile);
|
||||
return(KFAILURE);
|
||||
}
|
||||
for (i = 0; i < n; ) {
|
||||
/* run through the file, looking for admin host */
|
||||
if (fgets(linebuf, BUFSIZ, cnffile) == NULL) {
|
||||
(void) fclose(cnffile);
|
||||
return(KFAILURE);
|
||||
}
|
||||
/* need to scan for a token after 'admin' to make sure that
|
||||
admin matched correctly */
|
||||
if (sscanf(linebuf, "%s %s admin %s", tr, h, scratch) != 3)
|
||||
continue;
|
||||
if (!strcmp(tr,r))
|
||||
i++;
|
||||
}
|
||||
(void) fclose(cnffile);
|
||||
return(KSUCCESS);
|
||||
}
|
||||
@@ -1,63 +0,0 @@
|
||||
/*
|
||||
* Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
|
||||
* of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: get_cred.c,v 4.10 89/05/31 17:46:22 jtkohl Exp $
|
||||
* $Id: get_cred.c,v 1.3 1995/07/18 16:38:28 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char *rcsid =
|
||||
"$Id: get_cred.c,v 1.3 1995/07/18 16:38:28 mark Exp $";
|
||||
#endif /* lint */
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <krb.h>
|
||||
|
||||
/*
|
||||
* krb_get_cred takes a service name, instance, and realm, and a
|
||||
* structure of type CREDENTIALS to be filled in with ticket
|
||||
* information. It then searches the ticket file for the appropriate
|
||||
* ticket and fills in the structure with the corresponding
|
||||
* information from the file. If successful, it returns KSUCCESS.
|
||||
* On failure it returns a Kerberos error code.
|
||||
*/
|
||||
|
||||
int
|
||||
krb_get_cred(service,instance,realm,c)
|
||||
char *service; /* Service name */
|
||||
char *instance; /* Instance */
|
||||
char *realm; /* Auth domain */
|
||||
CREDENTIALS *c; /* Credentials struct */
|
||||
{
|
||||
int tf_status; /* return value of tf function calls */
|
||||
|
||||
/* Open ticket file and lock it for shared reading */
|
||||
if ((tf_status = tf_init(TKT_FILE, R_TKT_FIL)) != KSUCCESS)
|
||||
return(tf_status);
|
||||
|
||||
/* Copy principal's name and instance into the CREDENTIALS struc c */
|
||||
|
||||
if ( (tf_status = tf_get_pname(c->pname)) != KSUCCESS ||
|
||||
(tf_status = tf_get_pinst(c->pinst)) != KSUCCESS )
|
||||
return (tf_status);
|
||||
|
||||
/* Search for requested service credentials and copy into c */
|
||||
|
||||
while ((tf_status = tf_get_cred(c)) == KSUCCESS) {
|
||||
/* Is this the right ticket? */
|
||||
if ((strcmp(c->service,service) == 0) &&
|
||||
(strcmp(c->instance,instance) == 0) &&
|
||||
(strcmp(c->realm,realm) == 0))
|
||||
break;
|
||||
}
|
||||
(void) tf_close();
|
||||
|
||||
if (tf_status == EOF)
|
||||
return (GC_NOTKT);
|
||||
return(tf_status);
|
||||
}
|
||||
@@ -1,286 +0,0 @@
|
||||
/*
|
||||
* Copyright 1987, 1988 by the Massachusetts Institute of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: get_in_tkt.c,v 4.12 89/07/18 16:32:56 jtkohl Exp $
|
||||
* $Id: get_in_tkt.c,v 1.3 1995/07/18 16:38:30 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: get_in_tkt.c,v 1.3 1995/07/18 16:38:30 mark Exp $";
|
||||
#endif /* lint */
|
||||
#endif
|
||||
|
||||
#include <krb.h>
|
||||
#include <prot.h>
|
||||
|
||||
#ifndef NULL
|
||||
#define NULL 0
|
||||
#endif
|
||||
|
||||
/*
|
||||
* This file contains two routines: passwd_to_key() converts
|
||||
* a password into a DES key (prompting for the password if
|
||||
* not supplied), and krb_get_pw_in_tkt() gets an initial ticket for
|
||||
* a user.
|
||||
*/
|
||||
|
||||
/*
|
||||
* passwd_to_key(): given a password, return a DES key.
|
||||
* There are extra arguments here which (used to be?)
|
||||
* used by srvtab_to_key().
|
||||
*
|
||||
* If the "passwd" argument is not null, generate a DES
|
||||
* key from it, using string_to_key().
|
||||
*
|
||||
* If the "passwd" argument is null, call des_read_password()
|
||||
* to prompt for a password and then convert it into a DES key.
|
||||
*
|
||||
* In either case, the resulting key is put in the "key" argument,
|
||||
* and 0 is returned.
|
||||
*/
|
||||
|
||||
/*ARGSUSED */
|
||||
static int passwd_to_key(user,instance,realm,passwd,key)
|
||||
char *user, *instance, *realm, *passwd;
|
||||
C_Block *key;
|
||||
{
|
||||
#ifdef NOENCRYPTION
|
||||
if (!passwd)
|
||||
placebo_read_password(key, "Password: ", 0);
|
||||
#else
|
||||
if (passwd)
|
||||
string_to_key(passwd,key);
|
||||
else
|
||||
des_read_password(key,"Password: ",0);
|
||||
#endif
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* krb_get_pw_in_tkt() takes the name of the server for which the initial
|
||||
* ticket is to be obtained, the name of the principal the ticket is
|
||||
* for, the desired lifetime of the ticket, and the user's password.
|
||||
* It passes its arguments on to krb_get_in_tkt(), which contacts
|
||||
* Kerberos to get the ticket, decrypts it using the password provided,
|
||||
* and stores it away for future use.
|
||||
*
|
||||
* krb_get_pw_in_tkt() passes two additional arguments to krb_get_in_tkt():
|
||||
* the name of a routine (passwd_to_key()) to be used to get the
|
||||
* password in case the "password" argument is null and NULL for the
|
||||
* decryption procedure indicating that krb_get_in_tkt should use the
|
||||
* default method of decrypting the response from the KDC.
|
||||
*
|
||||
* The result of the call to krb_get_in_tkt() is returned.
|
||||
*/
|
||||
|
||||
int
|
||||
krb_get_pw_in_tkt(user,instance,realm,service,sinstance,life,password)
|
||||
char *user, *instance, *realm, *service, *sinstance;
|
||||
int life;
|
||||
char *password;
|
||||
{
|
||||
return(krb_get_in_tkt(user,instance,realm,service,sinstance,life,
|
||||
passwd_to_key, NULL, password));
|
||||
}
|
||||
|
||||
#ifdef NOENCRYPTION
|
||||
/*
|
||||
* $Source: /usr/cvs/src/eBones/krb/get_in_tkt.c,v $
|
||||
* $Author: mark $
|
||||
*
|
||||
* Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
|
||||
* of Technology.
|
||||
*
|
||||
* For copying and distribution information, please see the file
|
||||
* <mit-copyright.h>.
|
||||
*
|
||||
* This routine prints the supplied string to standard
|
||||
* output as a prompt, and reads a password string without
|
||||
* echoing.
|
||||
*/
|
||||
|
||||
#include <des.h>
|
||||
#include "conf.h"
|
||||
|
||||
#include <stdio.h>
|
||||
#ifdef BSDUNIX
|
||||
#include <strings.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <signal.h>
|
||||
#include <setjmp.h>
|
||||
#else
|
||||
/* char *strcpy();
|
||||
int strcmp(); */
|
||||
#endif
|
||||
|
||||
#ifdef BSDUNIX
|
||||
static jmp_buf env;
|
||||
#endif
|
||||
|
||||
#ifdef BSDUNIX
|
||||
static void sig_restore();
|
||||
static push_signals(), pop_signals();
|
||||
int placebo_read_pw_string();
|
||||
#endif
|
||||
|
||||
/*** Routines ****************************************************** */
|
||||
int
|
||||
placebo_read_password(k,prompt,verify)
|
||||
des_cblock *k;
|
||||
char *prompt;
|
||||
int verify;
|
||||
{
|
||||
int ok;
|
||||
char key_string[BUFSIZ];
|
||||
|
||||
#ifdef BSDUNIX
|
||||
if (setjmp(env)) {
|
||||
ok = -1;
|
||||
goto lose;
|
||||
}
|
||||
#endif
|
||||
|
||||
ok = placebo_read_pw_string(key_string, BUFSIZ, prompt, verify);
|
||||
if (ok == 0)
|
||||
bzero(k, sizeof(C_Block));
|
||||
|
||||
lose:
|
||||
bzero(key_string, sizeof (key_string));
|
||||
return ok;
|
||||
}
|
||||
|
||||
/*
|
||||
* This version just returns the string, doesn't map to key.
|
||||
*
|
||||
* Returns 0 on success, non-zero on failure.
|
||||
*/
|
||||
|
||||
int
|
||||
placebo_read_pw_string(s,max,prompt,verify)
|
||||
char *s;
|
||||
int max;
|
||||
char *prompt;
|
||||
int verify;
|
||||
{
|
||||
int ok = 0;
|
||||
char *ptr;
|
||||
|
||||
#ifdef BSDUNIX
|
||||
jmp_buf old_env;
|
||||
struct sgttyb tty_state;
|
||||
#endif
|
||||
char key_string[BUFSIZ];
|
||||
|
||||
if (max > BUFSIZ) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
#ifdef BSDUNIX
|
||||
bcopy(old_env, env, sizeof(env));
|
||||
if (setjmp(env))
|
||||
goto lose;
|
||||
|
||||
/* save terminal state*/
|
||||
if (ioctl(0,TIOCGETP,&tty_state) == -1)
|
||||
return -1;
|
||||
|
||||
push_signals();
|
||||
/* Turn off echo */
|
||||
tty_state.sg_flags &= ~ECHO;
|
||||
if (ioctl(0,TIOCSETP,&tty_state) == -1)
|
||||
return -1;
|
||||
#endif
|
||||
while (!ok) {
|
||||
printf(prompt);
|
||||
fflush(stdout);
|
||||
#ifdef CROSSMSDOS
|
||||
h19line(s,sizeof(s),0);
|
||||
if (!strlen(s))
|
||||
continue;
|
||||
#else
|
||||
if (!fgets(s, max, stdin)) {
|
||||
clearerr(stdin);
|
||||
continue;
|
||||
}
|
||||
if ((ptr = index(s, '\n')))
|
||||
*ptr = '\0';
|
||||
#endif
|
||||
if (verify) {
|
||||
printf("\nVerifying, please re-enter %s",prompt);
|
||||
fflush(stdout);
|
||||
#ifdef CROSSMSDOS
|
||||
h19line(key_string,sizeof(key_string),0);
|
||||
if (!strlen(key_string))
|
||||
continue;
|
||||
#else
|
||||
if (!fgets(key_string, sizeof(key_string), stdin)) {
|
||||
clearerr(stdin);
|
||||
continue;
|
||||
}
|
||||
if ((ptr = index(key_string, '\n')))
|
||||
*ptr = '\0';
|
||||
#endif
|
||||
if (strcmp(s,key_string)) {
|
||||
printf("\n\07\07Mismatch - try again\n");
|
||||
fflush(stdout);
|
||||
continue;
|
||||
}
|
||||
}
|
||||
ok = 1;
|
||||
}
|
||||
|
||||
#ifdef BSDUNIX
|
||||
lose:
|
||||
if (!ok)
|
||||
bzero(s, max);
|
||||
printf("\n");
|
||||
/* turn echo back on */
|
||||
tty_state.sg_flags |= ECHO;
|
||||
if (ioctl(0,TIOCSETP,&tty_state))
|
||||
ok = 0;
|
||||
pop_signals();
|
||||
bcopy(env, old_env, sizeof(env));
|
||||
#endif
|
||||
if (verify)
|
||||
bzero(key_string, sizeof (key_string));
|
||||
s[max-1] = 0; /* force termination */
|
||||
return !ok; /* return nonzero if not okay */
|
||||
}
|
||||
|
||||
#ifdef BSDUNIX
|
||||
/*
|
||||
* this can be static since we should never have more than
|
||||
* one set saved....
|
||||
*/
|
||||
#ifdef POSIX
|
||||
static void (*old_sigfunc[NSIG])();
|
||||
#else
|
||||
static int (*old_sigfunc[NSIG])();
|
||||
#endif POSIX
|
||||
|
||||
static push_signals()
|
||||
{
|
||||
register i;
|
||||
for (i = 0; i < NSIG; i++)
|
||||
old_sigfunc[i] = signal(i,sig_restore);
|
||||
}
|
||||
|
||||
static pop_signals()
|
||||
{
|
||||
register i;
|
||||
for (i = 0; i < NSIG; i++)
|
||||
signal(i,old_sigfunc[i]);
|
||||
}
|
||||
|
||||
static void sig_restore(sig,code,scp)
|
||||
int sig,code;
|
||||
struct sigcontext *scp;
|
||||
{
|
||||
longjmp(env,1);
|
||||
}
|
||||
#endif
|
||||
#endif /* NOENCRYPTION */
|
||||
@@ -1,87 +0,0 @@
|
||||
/*
|
||||
* Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
|
||||
* of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: get_krbhst.c,v 4.8 89/01/22 20:00:29 rfrench Exp $
|
||||
* $Id: get_krbhst.c,v 1.3 1995/07/18 16:38:32 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char *rcsid =
|
||||
"$Id: get_krbhst.c,v 1.3 1995/07/18 16:38:32 mark Exp $";
|
||||
#endif /* lint */
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <krb.h>
|
||||
#include <strings.h>
|
||||
|
||||
/*
|
||||
* Given a Kerberos realm, find a host on which the Kerberos authenti-
|
||||
* cation server can be found.
|
||||
*
|
||||
* krb_get_krbhst takes a pointer to be filled in, a pointer to the name
|
||||
* of the realm for which a server is desired, and an integer, n, and
|
||||
* returns (in h) the nth entry from the configuration file (KRB_CONF,
|
||||
* defined in "krb.h") associated with the specified realm.
|
||||
*
|
||||
* On end-of-file, krb_get_krbhst returns KFAILURE. If n=1 and the
|
||||
* configuration file does not exist, krb_get_krbhst will return KRB_HOST
|
||||
* (also defined in "krb.h"). If all goes well, the routine returnes
|
||||
* KSUCCESS.
|
||||
*
|
||||
* The KRB_CONF file contains the name of the local realm in the first
|
||||
* line (not used by this routine), followed by lines indicating realm/host
|
||||
* entries. The words "admin server" following the hostname indicate that
|
||||
* the host provides an administrative database server.
|
||||
*
|
||||
* For example:
|
||||
*
|
||||
* ATHENA.MIT.EDU
|
||||
* ATHENA.MIT.EDU kerberos-1.mit.edu admin server
|
||||
* ATHENA.MIT.EDU kerberos-2.mit.edu
|
||||
* LCS.MIT.EDU kerberos.lcs.mit.edu admin server
|
||||
*
|
||||
* This is a temporary hack to allow us to find the nearest system running
|
||||
* kerberos. In the long run, this functionality will be provided by a
|
||||
* nameserver.
|
||||
*/
|
||||
|
||||
int
|
||||
krb_get_krbhst(h,r,n)
|
||||
char *h;
|
||||
char *r;
|
||||
int n;
|
||||
{
|
||||
FILE *cnffile;
|
||||
char tr[REALM_SZ];
|
||||
char linebuf[BUFSIZ];
|
||||
register int i;
|
||||
|
||||
if ((cnffile = fopen(KRB_CONF,"r")) == NULL) {
|
||||
if (n==1) {
|
||||
(void) strcpy(h,KRB_HOST);
|
||||
return(KSUCCESS);
|
||||
}
|
||||
else
|
||||
return(KFAILURE);
|
||||
}
|
||||
if (fscanf(cnffile,"%s",tr) == EOF)
|
||||
return(KFAILURE);
|
||||
/* run through the file, looking for the nth server for this realm */
|
||||
for (i = 1; i <= n;) {
|
||||
if (fgets(linebuf, BUFSIZ, cnffile) == NULL) {
|
||||
(void) fclose(cnffile);
|
||||
return(KFAILURE);
|
||||
}
|
||||
if (sscanf(linebuf, "%s %s", tr, h) != 2)
|
||||
continue;
|
||||
if (!strcmp(tr,r))
|
||||
i++;
|
||||
}
|
||||
(void) fclose(cnffile);
|
||||
return(KSUCCESS);
|
||||
}
|
||||
@@ -1,62 +0,0 @@
|
||||
/*
|
||||
* Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
|
||||
* of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: get_krbrlm.c,v 4.8 89/01/22 20:02:54 rfrench Exp $
|
||||
* $Id: get_krbrlm.c,v 1.3 1995/07/18 16:38:34 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char *rcsid =
|
||||
"$Id: get_krbrlm.c,v 1.3 1995/07/18 16:38:34 mark Exp $";
|
||||
#endif /* lint */
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <krb.h>
|
||||
#include <strings.h>
|
||||
|
||||
/*
|
||||
* krb_get_lrealm takes a pointer to a string, and a number, n. It fills
|
||||
* in the string, r, with the name of the nth realm specified on the
|
||||
* first line of the kerberos config file (KRB_CONF, defined in "krb.h").
|
||||
* It returns 0 (KSUCCESS) on success, and KFAILURE on failure. If the
|
||||
* config file does not exist, and if n=1, a successful return will occur
|
||||
* with r = KRB_REALM (also defined in "krb.h").
|
||||
*
|
||||
* NOTE: for archaic & compatibility reasons, this routine will only return
|
||||
* valid results when n = 1.
|
||||
*
|
||||
* For the format of the KRB_CONF file, see comments describing the routine
|
||||
* krb_get_krbhst().
|
||||
*/
|
||||
|
||||
int
|
||||
krb_get_lrealm(r,n)
|
||||
char *r;
|
||||
int n;
|
||||
{
|
||||
FILE *cnffile, *fopen();
|
||||
|
||||
if (n > 1)
|
||||
return(KFAILURE); /* Temporary restriction */
|
||||
|
||||
if ((cnffile = fopen(KRB_CONF, "r")) == NULL) {
|
||||
if (n == 1) {
|
||||
(void) strcpy(r, KRB_REALM);
|
||||
return(KSUCCESS);
|
||||
}
|
||||
else
|
||||
return(KFAILURE);
|
||||
}
|
||||
|
||||
if (fscanf(cnffile,"%s",r) != 1) {
|
||||
(void) fclose(cnffile);
|
||||
return(KFAILURE);
|
||||
}
|
||||
(void) fclose(cnffile);
|
||||
return(KSUCCESS);
|
||||
}
|
||||
@@ -1,55 +0,0 @@
|
||||
/*
|
||||
* Copyright 1988 by the Massachusetts Institute of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: get_phost.c,v 4.6 89/01/23 09:25:40 jtkohl Exp $
|
||||
* $Id: get_phost.c,v 1.3 1995/07/18 16:38:35 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: get_phost.c,v 1.3 1995/07/18 16:38:35 mark Exp $";
|
||||
#endif /* lint */
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <ctype.h>
|
||||
#include <netdb.h>
|
||||
|
||||
char *index();
|
||||
|
||||
/*
|
||||
* This routine takes an alias for a host name and returns the first
|
||||
* field, lower case, of its domain name. For example, if "menel" is
|
||||
* an alias for host officially named "menelaus" (in /etc/hosts), for
|
||||
* the host whose official name is "MENELAUS.MIT.EDU", the name "menelaus"
|
||||
* is returned.
|
||||
*
|
||||
* This is done for historical Athena reasons: the Kerberos name of
|
||||
* rcmd servers (rlogin, rsh, rcp) is of the form "rcmd.host@realm"
|
||||
* where "host"is the lowercase for of the host name ("menelaus").
|
||||
* This should go away: the instance should be the domain name
|
||||
* (MENELAUS.MIT.EDU). But for now we need this routine...
|
||||
*
|
||||
* A pointer to the name is returned, if found, otherwise a pointer
|
||||
* to the original "alias" argument is returned.
|
||||
*/
|
||||
|
||||
char * krb_get_phost(alias)
|
||||
char *alias;
|
||||
{
|
||||
struct hostent *h;
|
||||
char *phost = alias;
|
||||
if ((h=gethostbyname(alias)) != (struct hostent *)NULL ) {
|
||||
char *p = index( h->h_name, '.' );
|
||||
if (p)
|
||||
*p = NULL;
|
||||
p = phost = h->h_name;
|
||||
do {
|
||||
if (isupper(*p)) *p=tolower(*p);
|
||||
} while (*p++);
|
||||
}
|
||||
return(phost);
|
||||
}
|
||||
@@ -1,75 +0,0 @@
|
||||
/*
|
||||
* Copyright 1986, 1987, 1988 by the Massachusetts Institute
|
||||
* of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: get_pw_tkt.c,v 4.6 89/01/13 18:19:11 steiner Exp $
|
||||
* $Id: get_pw_tkt.c,v 1.3 1995/07/18 16:38:37 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char *rcsid =
|
||||
"$Id: get_pw_tkt.c,v 1.3 1995/07/18 16:38:37 mark Exp $";
|
||||
#endif /* lint */
|
||||
#endif
|
||||
|
||||
|
||||
#include <krb.h>
|
||||
|
||||
/*
|
||||
* Get a ticket for the password-changing server ("changepw.KRB_MASTER").
|
||||
*
|
||||
* Given the name, instance, realm, and current password of the
|
||||
* principal for which the user wants a password-changing-ticket,
|
||||
* return either:
|
||||
*
|
||||
* GT_PW_BADPW if current password was wrong,
|
||||
* GT_PW_NULL if principal had a NULL password,
|
||||
* or the result of the krb_get_pw_in_tkt() call.
|
||||
*
|
||||
* First, try to get a ticket for "user.instance@realm" to use the
|
||||
* "changepw.KRB_MASTER" server (KRB_MASTER is defined in "krb.h").
|
||||
* The requested lifetime for the ticket is "1", and the current
|
||||
* password is the "cpw" argument given.
|
||||
*
|
||||
* If the password was bad, give up.
|
||||
*
|
||||
* If the principal had a NULL password in the Kerberos database
|
||||
* (indicating that the principal is known to Kerberos, but hasn't
|
||||
* got a password yet), try instead to get a ticket for the principal
|
||||
* "default.changepw@realm" to use the "changepw.KRB_MASTER" server.
|
||||
* Use the password "changepwkrb" instead of "cpw". Return GT_PW_NULL
|
||||
* if all goes well, otherwise the error.
|
||||
*
|
||||
* If this routine succeeds, a ticket and session key for either the
|
||||
* principal "user.instance@realm" or "default.changepw@realm" to use
|
||||
* the password-changing server will be in the user's ticket file.
|
||||
*/
|
||||
|
||||
int
|
||||
get_pw_tkt(user,instance,realm,cpw)
|
||||
char *user;
|
||||
char *instance;
|
||||
char *realm;
|
||||
char *cpw;
|
||||
{
|
||||
int kerror;
|
||||
|
||||
kerror = krb_get_pw_in_tkt(user, instance, realm, "changepw",
|
||||
KRB_MASTER, 1, cpw);
|
||||
|
||||
if (kerror == INTK_BADPW)
|
||||
return(GT_PW_BADPW);
|
||||
|
||||
if (kerror == KDC_NULL_KEY) {
|
||||
kerror = krb_get_pw_in_tkt("default","changepw",realm,"changepw",
|
||||
KRB_MASTER,1,"changepwkrb");
|
||||
if (kerror)
|
||||
return(kerror);
|
||||
return(GT_PW_NULL);
|
||||
}
|
||||
|
||||
return(kerror);
|
||||
}
|
||||
@@ -1,55 +0,0 @@
|
||||
/*
|
||||
* Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
|
||||
* of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: get_request.c,v 4.7 88/12/01 14:00:11 jtkohl Exp $
|
||||
* $Id: get_request.c,v 1.3 1995/07/18 16:38:39 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char *rcsid =
|
||||
"$Id: get_request.c,v 1.3 1995/07/18 16:38:39 mark Exp $";
|
||||
#endif /* lint */
|
||||
#endif
|
||||
|
||||
#include <krb.h>
|
||||
#include <prot.h>
|
||||
|
||||
/*
|
||||
* This procedure is obsolete. It is used in the kerberos_slave
|
||||
* code for Version 3 tickets.
|
||||
*
|
||||
* This procedure sets s_name, and instance to point to
|
||||
* the corresponding fields from tne nth request in the packet.
|
||||
* it returns the lifetime requested. Garbage will be returned
|
||||
* if there are less than n requests in the packet.
|
||||
*/
|
||||
|
||||
int
|
||||
get_request(pkt, n, s_name, instance)
|
||||
KTEXT pkt; /* The packet itself */
|
||||
int n; /* Which request do we want */
|
||||
char **s_name; /* Service name to be filled in */
|
||||
char **instance; /* Instance name to be filled in */
|
||||
{
|
||||
/* Go to the beginning of the request list */
|
||||
char *ptr = (char *) pkt_a_realm(pkt) + 6 +
|
||||
strlen((char *)pkt_a_realm(pkt));
|
||||
|
||||
/* Read requests until we hit the right one */
|
||||
while (n-- > 1) {
|
||||
ptr++;
|
||||
ptr += 1 + strlen(ptr);
|
||||
ptr += 1 + strlen(ptr);
|
||||
}
|
||||
|
||||
/* Set the arguments to point to the right place */
|
||||
*s_name = 1 + ptr;
|
||||
*instance = 2 + ptr + strlen(*s_name);
|
||||
|
||||
/* Return the requested lifetime */
|
||||
return((int) *ptr);
|
||||
}
|
||||
@@ -1,77 +0,0 @@
|
||||
/*
|
||||
* Copyright 1987, 1988 by the Massachusetts Institute of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: get_svc_in_tkt.c,v 4.9 89/07/18 16:33:34 jtkohl Exp $
|
||||
* $Id: get_svc_in_tkt.c,v 1.3 1995/07/18 16:38:41 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: get_svc_in_tkt.c,v 1.3 1995/07/18 16:38:41 mark Exp $";
|
||||
#endif /* lint */
|
||||
#endif
|
||||
|
||||
#include <krb.h>
|
||||
#include <prot.h>
|
||||
|
||||
#ifndef NULL
|
||||
#define NULL 0
|
||||
#endif
|
||||
|
||||
/*
|
||||
* This file contains two routines: srvtab_to_key(), which gets
|
||||
* a server's key from a srvtab file, and krb_get_svc_in_tkt() which
|
||||
* gets an initial ticket for a server.
|
||||
*/
|
||||
|
||||
/*
|
||||
* srvtab_to_key(): given a "srvtab" file (where the keys for the
|
||||
* service on a host are stored), return the private key of the
|
||||
* given service (user.instance@realm).
|
||||
*
|
||||
* srvtab_to_key() passes its arguments on to read_service_key(),
|
||||
* plus one additional argument, the key version number.
|
||||
* (Currently, the key version number is always 0; this value
|
||||
* is treated as a wildcard by read_service_key().)
|
||||
*
|
||||
* If the "srvtab" argument is null, KEYFILE (defined in "krb.h")
|
||||
* is passed in its place.
|
||||
*
|
||||
* It returns the return value of the read_service_key() call.
|
||||
* The service key is placed in "key".
|
||||
*/
|
||||
|
||||
static int
|
||||
srvtab_to_key(user, instance, realm, srvtab, key)
|
||||
char *user, *instance, *realm, *srvtab;
|
||||
C_Block key;
|
||||
{
|
||||
if (!srvtab)
|
||||
srvtab = KEYFILE;
|
||||
|
||||
return(read_service_key(user, instance, realm, 0, srvtab,
|
||||
(char *)key));
|
||||
}
|
||||
|
||||
/*
|
||||
* krb_get_svc_in_tkt() passes its arguments on to krb_get_in_tkt(),
|
||||
* plus two additional arguments: a pointer to the srvtab_to_key()
|
||||
* function to be used to get the key from the key file and a NULL
|
||||
* for the decryption procedure indicating that krb_get_in_tkt should
|
||||
* use the default method of decrypting the response from the KDC.
|
||||
*
|
||||
* It returns the return value of the krb_get_in_tkt() call.
|
||||
*/
|
||||
|
||||
int
|
||||
krb_get_svc_in_tkt(user, instance, realm, service, sinstance, life, srvtab)
|
||||
char *user, *instance, *realm, *service, *sinstance;
|
||||
int life;
|
||||
char *srvtab;
|
||||
{
|
||||
return(krb_get_in_tkt(user, instance, realm, service, sinstance,
|
||||
life, srvtab_to_key, NULL, srvtab));
|
||||
}
|
||||
@@ -1,69 +0,0 @@
|
||||
/*
|
||||
* Copyright 1987, 1988 by the Massachusetts Institute of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: get_tf_fullname.c,v 4.3 90/03/10 22:40:20 jon Exp $
|
||||
* $Id: get_tf_fullname.c,v 1.3 1995/07/18 16:38:42 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: get_tf_fullname.c,v 1.3 1995/07/18 16:38:42 mark Exp $";
|
||||
#endif /* lint */
|
||||
#endif
|
||||
|
||||
#include <krb.h>
|
||||
#include <strings.h>
|
||||
#include <stdio.h>
|
||||
|
||||
/*
|
||||
* This file contains a routine to extract the fullname of a user
|
||||
* from the ticket file.
|
||||
*/
|
||||
|
||||
/*
|
||||
* krb_get_tf_fullname() takes four arguments: the name of the
|
||||
* ticket file, and variables for name, instance, and realm to be
|
||||
* returned in. Since the realm of a ticket file is not really fully
|
||||
* supported, the realm used will be that of the the first ticket in
|
||||
* the file as this is the one that was obtained with a password by
|
||||
* krb_get_in_tkt().
|
||||
*/
|
||||
|
||||
int
|
||||
krb_get_tf_fullname(ticket_file, name, instance, realm)
|
||||
char *ticket_file;
|
||||
char *name;
|
||||
char *instance;
|
||||
char *realm;
|
||||
{
|
||||
int tf_status;
|
||||
CREDENTIALS c;
|
||||
|
||||
if ((tf_status = tf_init(ticket_file, R_TKT_FIL)) != KSUCCESS)
|
||||
return(tf_status);
|
||||
|
||||
if (((tf_status = tf_get_pname(c.pname)) != KSUCCESS) ||
|
||||
((tf_status = tf_get_pinst(c.pinst)) != KSUCCESS))
|
||||
return (tf_status);
|
||||
|
||||
if (name)
|
||||
strcpy(name, c.pname);
|
||||
if (instance)
|
||||
strcpy(instance, c.pinst);
|
||||
if ((tf_status = tf_get_cred(&c)) == KSUCCESS) {
|
||||
if (realm)
|
||||
strcpy(realm, c.realm);
|
||||
}
|
||||
else {
|
||||
if (tf_status == EOF)
|
||||
return(KFAILURE);
|
||||
else
|
||||
return(tf_status);
|
||||
}
|
||||
(void) tf_close();
|
||||
|
||||
return(tf_status);
|
||||
}
|
||||
@@ -1,37 +0,0 @@
|
||||
/*
|
||||
* Copyright 1987, 1988 by the Massachusetts Institute of Technology.
|
||||
* For copying and distribution information, please see the file
|
||||
* <Copyright.MIT>.
|
||||
*
|
||||
* from: get_tf_realm.c,v 4.2 90/01/02 13:40:19 jtkohl Exp $
|
||||
* $Id: get_tf_realm.c,v 1.3 1995/07/18 16:38:44 mark Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
#ifndef lint
|
||||
static char rcsid[] =
|
||||
"$Id: get_tf_realm.c,v 1.3 1995/07/18 16:38:44 mark Exp $";
|
||||
#endif /* lint */
|
||||
#endif
|
||||
|
||||
#include <krb.h>
|
||||
#include <strings.h>
|
||||
|
||||
/*
|
||||
* This file contains a routine to extract the realm of a kerberos
|
||||
* ticket file.
|
||||
*/
|
||||
|
||||
/*
|
||||
* krb_get_tf_realm() takes two arguments: the name of a ticket
|
||||
* and a variable to store the name of the realm in.
|
||||
*
|
||||
*/
|
||||
|
||||
int
|
||||
krb_get_tf_realm(ticket_file, realm)
|
||||
char *ticket_file;
|
||||
char *realm;
|
||||
{
|
||||
return(krb_get_tf_fullname(ticket_file, 0, 0, realm));
|
||||
}
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user