Initial import of KTH eBones. This has been cleaned up to only include

the "core" Kerberos functionality. The rest of the userland will get their
own changes later.

1 files changed, 496 insertions, 0 deletions

diff --git a/crypto/kerberosIV/admin/kdb_util.c b/crypto/kerberosIV/admin/kdb_util.c
new file mode 100644
index 0000000..b221fdd
--- /dev/null
+++ b/crypto/kerberosIV/admin/kdb_util.c
@@ -0,0 +1,496 @@
+/*
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
+ * 
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Kerberos database manipulation utility. This program allows you to
+ * dump a kerberos database to an ascii readable file and load this
+ * file into the database. Read locking of the database is done during a
+ * dump operation. NO LOCKING is done during a load operation. Loads
+ * should happen with other processes shutdown. 
+ *
+ * Written July 9, 1987 by Jeffrey I. Schiller
+ */
+
+#include "adm_locl.h"
+
+RCSID("$Id: kdb_util.c,v 1.35 1997/05/07 00:57:45 assar Exp $");
+
+static des_cblock master_key, new_master_key;
+static des_key_schedule master_key_schedule, new_master_key_schedule;
+
+#define zaptime(foo) memset((foo), 0, sizeof(*(foo)))
+
+/* cv_key is a procedure which takes a principle and changes its key, 
+   either for a new method of encrypting the keys, or a new master key.
+   if cv_key is null no transformation of key is done (other than net byte
+   order). */
+
+struct callback_args {
+    void (*cv_key)(Principal *);
+    FILE *output_file;
+};
+
+static void
+print_time(FILE *file, time_t timeval)
+{
+    struct tm *tm;
+    tm = gmtime(&timeval);
+    fprintf(file, " %04d%02d%02d%02d%02d",
+	    tm->tm_year + 1900,
+            tm->tm_mon + 1,
+            tm->tm_mday,
+            tm->tm_hour,
+            tm->tm_min);
+}
+
+static long
+time_explode(char *cp)
+{
+    char wbuf[5];
+    struct tm tp;
+    int local;
+
+    zaptime(&tp);			/* clear out the struct */
+    
+    if (strlen(cp) > 10) {		/* new format */
+	strncpy(wbuf, cp, 4);
+	wbuf[4] = 0;
+	tp.tm_year = atoi(wbuf) - 1900;
+	cp += 4;			/* step over the year */
+	local = 0;			/* GMT */
+    } else {				/* old format: local time, 
+					   year is 2 digits, assuming 19xx */
+	wbuf[0] = *cp++;
+	wbuf[1] = *cp++;
+	wbuf[2] = 0;
+	tp.tm_year = atoi(wbuf);
+	local = 1;			/* local */
+    }
+
+    wbuf[0] = *cp++;
+    wbuf[1] = *cp++;
+    wbuf[2] = 0;
+    tp.tm_mon = atoi(wbuf)-1;
+
+    wbuf[0] = *cp++;
+    wbuf[1] = *cp++;
+    tp.tm_mday = atoi(wbuf);
+    
+    wbuf[0] = *cp++;
+    wbuf[1] = *cp++;
+    tp.tm_hour = atoi(wbuf);
+    
+    wbuf[0] = *cp++;
+    wbuf[1] = *cp++;
+    tp.tm_min = atoi(wbuf);
+
+
+    return(tm2time(tp, local));
+}
+
+static int
+dump_db_1(void *arg, Principal *principal)
+{	    /* replace null strings with "*" */
+    struct callback_args *a = (struct callback_args *)arg;
+    
+    if (principal->instance[0] == '\0') {
+	principal->instance[0] = '*';
+	principal->instance[1] = '\0';
+    }
+    if (principal->mod_name[0] == '\0') {
+	principal->mod_name[0] = '*';
+	principal->mod_name[1] = '\0';
+    }
+    if (principal->mod_instance[0] == '\0') {
+	principal->mod_instance[0] = '*';
+	principal->mod_instance[1] = '\0';
+    }
+    if (a->cv_key != NULL) {
+	(*a->cv_key) (principal);
+    }
+    fprintf(a->output_file, "%s %s %d %d %d %d %x %x",
+	    principal->name,
+	    principal->instance,
+	    principal->max_life,
+	    principal->kdc_key_ver,
+	    principal->key_version,
+	    principal->attributes,
+	    (int)htonl (principal->key_low),
+	    (int)htonl (principal->key_high));
+    print_time(a->output_file, principal->exp_date);
+    print_time(a->output_file, principal->mod_date);
+    fprintf(a->output_file, " %s %s\n",
+	    principal->mod_name,
+	    principal->mod_instance);
+    return 0;
+}
+
+static int
+dump_db (char *db_file, FILE *output_file, void (*cv_key) (Principal *))
+{
+    struct callback_args a;
+
+    a.cv_key = cv_key;
+    a.output_file = output_file;
+    
+    kerb_db_iterate ((k_iter_proc_t)dump_db_1, &a);
+    return fflush(output_file);
+}
+
+static int
+add_file(void *db, FILE *file)
+{
+    int ret;
+    int lineno = 0;
+    char line[1024];
+    unsigned long key[2]; /* yes, long */
+    Principal pr;
+    
+    char exp_date[64], mod_date[64];
+    
+    int life, kkvno, kvno;
+    
+    while(1){
+	memset(&pr, 0, sizeof(pr));
+	errno = 0;
+	if(fgets(line, sizeof(line), file) == NULL){
+	    if(errno != 0)
+	      err (1, "fgets");
+	    break;
+	}
+	lineno++;
+	ret = sscanf(line, "%s %s %d %d %d %hd %lx %lx %s %s %s %s",
+		     pr.name, pr.instance,
+		     &life, &kkvno, &kvno,
+		     &pr.attributes,
+		     &key[0], &key[1],
+		     exp_date, mod_date,
+		     pr.mod_name, pr.mod_instance);
+	if(ret != 12){
+	    warnx("Line %d malformed (ignored)", lineno);
+	    continue;
+	}
+	pr.key_low = ntohl (key[0]);
+	pr.key_high = ntohl (key[1]);
+	pr.max_life = life;
+	pr.kdc_key_ver = kkvno;
+	pr.key_version = kvno;
+	pr.exp_date = time_explode(exp_date);
+	pr.mod_date = time_explode(mod_date);
+	if (pr.instance[0] == '*')
+	    pr.instance[0] = 0;
+	if (pr.mod_name[0] == '*')
+	    pr.mod_name[0] = 0;
+	if (pr.mod_instance[0] == '*')
+	    pr.mod_instance[0] = 0;
+	if (kerb_db_update(db, &pr, 1) != 1) {
+	    warn ("store %s.%s aborted",
+		  pr.name, pr.instance);
+	    return 1;
+	}
+    }
+    return 0;
+}
+
+static void
+load_db (char *db_file, FILE *input_file)
+{
+    long *db;
+    int     temp1;
+    int code;
+    char *temp_db_file;
+
+    temp1 = strlen(db_file)+2;
+    temp_db_file = malloc (temp1);
+    strcpy(temp_db_file, db_file);
+    strcat(temp_db_file, "~");
+
+    /* Create the database */
+    if ((code = kerb_db_create(temp_db_file)) != 0)
+	err (1, "creating temp database %s", temp_db_file);
+    kerb_db_set_name(temp_db_file);
+    db = kerb_db_begin_update();
+    if (db == NULL)
+	err (1, "opening temp database %s", temp_db_file);
+    
+    if(add_file(db, input_file))
+	errx (1, "Load aborted");
+
+    kerb_db_end_update(db);
+    if ((code = kerb_db_rename(temp_db_file, db_file)) != 0)
+        warn("database rename failed");
+    fclose(input_file);
+    free(temp_db_file);
+}
+
+static void
+merge_db(char *db_file, FILE *input_file)
+{
+    void *db;
+    
+    db = kerb_db_begin_update();
+    if(db == NULL)
+        err (1, "Couldn't open database");
+    if(add_file(db, input_file))
+        errx (1, "Merge aborted");
+    kerb_db_end_update(db);
+}
+
+static void
+update_ok_file (char *file_name)
+{
+    /* handle slave locking/failure stuff */
+    char *file_ok;
+    int fd;
+    static char ok[]=".dump_ok";
+
+    asprintf (&file_ok, "%s%s", file_name, ok);
+    if (file_ok == NULL)
+      errx (1, "out of memory");
+    if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0400)) < 0)
+        err (1, "Error creating %s", file_ok);
+    free(file_ok);
+    close(fd);
+}
+
+static void
+convert_key_new_master (Principal *p)
+{
+  des_cblock key;
+
+  /* leave null keys alone */
+  if ((p->key_low == 0) && (p->key_high == 0)) return;
+
+  /* move current key to des_cblock for encryption, special case master key
+     since that's changing */
+  if ((strncmp (p->name, KERB_M_NAME, ANAME_SZ) == 0) &&
+      (strncmp (p->instance, KERB_M_INST, INST_SZ) == 0)) {
+    memcpy (key, new_master_key, sizeof(des_cblock));
+    (p->key_version)++;
+  } else {
+    copy_to_key(&p->key_low, &p->key_high, key);
+    kdb_encrypt_key (&key, &key, &master_key, master_key_schedule, DES_DECRYPT);
+  }
+
+  kdb_encrypt_key (&key, &key, &new_master_key, new_master_key_schedule, DES_ENCRYPT);
+
+  copy_from_key(key, &(p->key_low), &(p->key_high));
+  memset(key, 0, sizeof (key));  /* a little paranoia ... */
+
+  (p->kdc_key_ver)++;
+}
+
+static void
+clear_secrets (void)
+{
+  memset(master_key, 0, sizeof (des_cblock));
+  memset(master_key_schedule, 0, sizeof (des_key_schedule));
+  memset(new_master_key, 0, sizeof (des_cblock));
+  memset(new_master_key_schedule, 0, sizeof (des_key_schedule));
+}
+
+static void
+convert_new_master_key (char *db_file, FILE *out)
+{
+#ifdef RANDOM_MKEY
+  errx (1, "Sorry, this function is not available with "
+	"the new master key scheme.");
+#else
+  printf ("\n\nEnter the CURRENT master key.");
+  if (kdb_get_master_key (KDB_GET_PROMPT, &master_key,
+			  master_key_schedule) != 0) {
+    clear_secrets ();
+    errx (1, "Couldn't get master key.");
+  }
+
+  if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) {
+    clear_secrets ();
+    exit (1);
+  }
+
+  printf ("\n\nNow enter the NEW master key.  Do not forget it!!");
+  if (kdb_get_master_key (KDB_GET_TWICE, &new_master_key,
+			  new_master_key_schedule) != 0) {
+    clear_secrets ();
+    errx (1, "Couldn't get new master key.");
+  }
+
+  dump_db (db_file, out, convert_key_new_master);
+  {
+    char fname[128];
+    snprintf(fname, sizeof(fname), "%s.new", MKEYFILE);
+    kdb_kstash(&new_master_key, fname);
+  }
+#endif /* RANDOM_MKEY */
+}
+
+static void
+convert_key_old_db (Principal *p)
+{
+  des_cblock key;
+
+ /* leave null keys alone */
+  if ((p->key_low == 0) && (p->key_high == 0)) return;
+
+  copy_to_key(&p->key_low, &p->key_high, key);
+
+#ifndef NOENCRYPTION
+  des_pcbc_encrypt((des_cblock *)key,(des_cblock *)key,
+	(long)sizeof(des_cblock),master_key_schedule,
+	(des_cblock *)master_key_schedule, DES_DECRYPT);
+#endif
+
+  /* make new key, new style */
+  kdb_encrypt_key (&key, &key, &master_key, master_key_schedule, DES_ENCRYPT);
+
+  copy_from_key(key, &(p->key_low), &(p->key_high));
+  memset(key, 0, sizeof (key));  /* a little paranoia ... */
+}
+
+static void
+convert_old_format_db (char *db_file, FILE *out)
+{
+  des_cblock key_from_db;
+  Principal principal_data[1];
+  int n, more;
+
+  if (kdb_get_master_key (KDB_GET_PROMPT, &master_key,
+			  master_key_schedule) != 0L) {
+    clear_secrets();
+    errx (1, "Couldn't get master key.");
+  }
+
+  /* can't call kdb_verify_master_key because this is an old style db */
+  /* lookup the master key version */
+  n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data,
+			 1 /* only one please */, &more);
+  if ((n != 1) || more)
+    errx (1, "verify_master_key: Kerberos error on master key lookup, %d found.\n", n);
+
+  /* set up the master key */
+  fprintf(stderr, "Current Kerberos master key version is %d.\n",
+	  principal_data[0].kdc_key_ver);
+
+  /*
+   * now use the master key to decrypt (old style) the key in the db, had better
+   * be the same! 
+   */
+  copy_to_key(&principal_data[0].key_low,
+	      &principal_data[0].key_high,
+	      key_from_db);
+#ifndef NOENCRYPTION
+  des_pcbc_encrypt(&key_from_db,&key_from_db,(long)sizeof(key_from_db),
+	master_key_schedule,(des_cblock *)master_key_schedule, DES_DECRYPT);
+#endif
+  /* the decrypted database key had better equal the master key */
+
+  n = memcmp(master_key, key_from_db, sizeof(master_key));
+  memset(key_from_db, 0, sizeof(key_from_db));
+
+  if (n) {
+    fprintf(stderr, "\n\07\07verify_master_key: Invalid master key, ");
+    fprintf(stderr, "does not match database.\n");
+    exit (1);
+  }
+    
+  fprintf(stderr, "Master key verified.\n");
+
+  dump_db (db_file, out, convert_key_old_db);
+}
+
+int
+main(int argc, char **argv)
+{
+    int ret;
+    FILE   *file;
+    enum {
+	OP_LOAD,
+	OP_MERGE,
+	OP_DUMP,
+	OP_SLAVE_DUMP,
+	OP_NEW_MASTER,
+	OP_CONVERT_OLD_DB
+    }       op;
+    char *file_name;
+    char *db_name;
+
+    set_progname (argv[0]);
+    
+    if (argc != 3 && argc != 4) {
+	fprintf(stderr, "Usage: %s operation file [database name].\n",
+		argv[0]);
+	fprintf(stderr, "Operation is one of: "
+		"load, merge, dump, slave_dump, new_master_key, "
+		"convert_old_db\n");
+	exit(1);
+    }
+    if (argc == 3)
+	db_name = DBM_FILE;
+    else
+	db_name = argv[3];
+    
+    ret = kerb_db_set_name (db_name);
+    
+    /* this makes starting slave servers ~14.3 times easier */
+    if(ret && strcmp(argv[1], "load") == 0)
+       ret = kerb_db_create (db_name);
+
+    if(ret)
+      err (1, "Can't open database");
+
+    if (!strcmp(argv[1], "load"))
+	op = OP_LOAD;
+    else if (!strcmp(argv[1], "merge"))
+	op = OP_MERGE;
+    else if (!strcmp(argv[1], "dump"))
+	op = OP_DUMP;
+    else if (!strcmp(argv[1], "slave_dump"))
+        op = OP_SLAVE_DUMP;
+    else if (!strcmp(argv[1], "new_master_key"))
+        op = OP_NEW_MASTER;
+    else if (!strcmp(argv[1], "convert_old_db"))
+        op = OP_CONVERT_OLD_DB;
+    else {
+        warnx ("%s is an invalid operation.", argv[1]);
+	warnx ("Valid operations are \"load\", \"merge\", "
+	       "\"dump\", \"slave_dump\", \"new_master_key\", "
+	       "and \"convert_old_db\"");
+	return 1;
+    }
+
+    file_name = argv[2];
+    file = fopen(file_name, (op == OP_LOAD || op == OP_MERGE) ? "r" : "w");
+    if (file == NULL)
+        err (1, "open %s", argv[2]);
+
+    switch (op) {
+    case OP_DUMP:
+      if ((dump_db (db_name, file, (void (*)(Principal *)) 0) == EOF) ||
+	  (fclose(file) == EOF))
+	  err (1, "%s", file_name);
+      break;
+    case OP_SLAVE_DUMP:
+      if ((dump_db (db_name, file, (void (*)(Principal *)) 0) == EOF) ||
+	  (fclose(file) == EOF))
+	err (1, "%s", file_name);
+      update_ok_file (file_name);
+      break;
+    case OP_LOAD:
+      load_db (db_name, file);
+      break;
+    case OP_MERGE:
+      merge_db (db_name, file);
+      break;
+    case OP_NEW_MASTER:
+      convert_new_master_key (db_name, file);
+      printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name);
+      break;
+    case OP_CONVERT_OLD_DB:
+      convert_old_format_db (db_name, file);
+      printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name);      
+      break;
+    }
+    return 0;
+}