diff options
| author | markm <markm@FreeBSD.org> | 1997-10-03 09:49:50 +0000 |
|---|---|---|
| committer | markm <markm@FreeBSD.org> | 1997-10-03 09:49:50 +0000 |
| commit | 15be8862e67c696a6f1810713399e2a40d8721fb (patch) | |
| tree | 4177a0bb006b8fb78866b63d3e34f555321d451d /eBones/usr.sbin | |
| parent | 6a495d7ea05780e468fe03fc7ae9cafc6b416e81 (diff) | |
| download | FreeBSD-src-15be8862e67c696a6f1810713399e2a40d8721fb.zip FreeBSD-src-15be8862e67c696a6f1810713399e2a40d8721fb.tar.gz | |
*GULP* Punt this into the attic. It is no longer used.
Diffstat (limited to 'eBones/usr.sbin')
44 files changed, 0 insertions, 6172 deletions
diff --git a/eBones/usr.sbin/Makefile b/eBones/usr.sbin/Makefile deleted file mode 100644 index fa667f3..0000000 --- a/eBones/usr.sbin/Makefile +++ /dev/null @@ -1,7 +0,0 @@ -# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id$ - -SUBDIR= ext_srvtab fix_kdb_keys kadmind kdb_destroy kdb_edit kdb_init \ - kdb_util kerberos kprop ksrvutil kstash make_keypair - -.include <bsd.subdir.mk> diff --git a/eBones/usr.sbin/Makefile.inc b/eBones/usr.sbin/Makefile.inc deleted file mode 100644 index a3ace61..0000000 --- a/eBones/usr.sbin/Makefile.inc +++ /dev/null @@ -1,5 +0,0 @@ -# @(#)Makefile.inc 8.1 (Berkeley) 6/6/93 - -BINDIR?= /usr/sbin - -.include "../Makefile.inc" diff --git a/eBones/usr.sbin/ext_srvtab/Makefile b/eBones/usr.sbin/ext_srvtab/Makefile deleted file mode 100644 index 6c62d88..0000000 --- a/eBones/usr.sbin/ext_srvtab/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id$ - -PROG= ext_srvtab -CFLAGS+=-DKERBEROS -DPADD= ${LIBKDB} ${LIBKRB} ${LIBDES} -LDADD+= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes -MAN8= ext_srvtab.8 - -.include <bsd.prog.mk> diff --git a/eBones/usr.sbin/ext_srvtab/ext_srvtab.8 b/eBones/usr.sbin/ext_srvtab/ext_srvtab.8 deleted file mode 100644 index 228846e..0000000 --- a/eBones/usr.sbin/ext_srvtab/ext_srvtab.8 +++ /dev/null @@ -1,62 +0,0 @@ -.\" from: ext_srvtab.8,v 4.2 89/07/18 16:53:18 jtkohl Exp $ -.\" $Id$ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <Copyright.MIT>. -.\" -.TH EXT_SRVTAB 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -ext_srvtab \- extract service key files from Kerberos key distribution center database -.SH SYNOPSIS -ext_srvtab [ -.B \-n -] [ -.B \-r realm -] [ -.B hostname ... -] -.SH DESCRIPTION -.I ext_srvtab -extracts service key files from the Kerberos key distribution center -(KDC) database. -.PP -Upon execution, it prompts the user to enter the master key string for -the database. If the -.B \-n -option is specified, the master key is instead fetched from the master -key cache file. -.PP -For each -.I hostname -specified on the command line, -.I ext_srvtab -creates the service key file -.IR hostname -new-srvtab, -containing all the entries in the database with an instance field of -.I hostname. -This new file contains all the keys registered for Kerberos-mediated -service providing programs which use the -.IR krb_get_phost (3) -principal and instance conventions to run on the host -.IR hostname . -If the -.B \-r -option is specified, the realm fields in the extracted file will -match the given realm rather than the local realm. -.SH DIAGNOSTICS -.TP 20n -"verify_master_key: Invalid master key, does not match database." -The master key string entered was incorrect. -.SH FILES -.TP 20n -/etc/kerberosIV/principal.db -DBM file containing database -.TP -/etc/kerberosIV/principal.ok -Semaphore indicating that the DBM database is not being modified. -.TP -/etc/kerberosIV/master_key -Master key cache file. -.SH SEE ALSO -read_service_key(3), krb_get_phost(3) diff --git a/eBones/usr.sbin/ext_srvtab/ext_srvtab.c b/eBones/usr.sbin/ext_srvtab/ext_srvtab.c deleted file mode 100644 index bd156be..0000000 --- a/eBones/usr.sbin/ext_srvtab/ext_srvtab.c +++ /dev/null @@ -1,176 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * - * from: ext_srvtab.c,v 4.1 89/07/18 16:49:30 jtkohl Exp $ - * $Id$ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id$"; -#endif lint -#endif - -#include <stdio.h> -#include <string.h> -#include <sys/file.h> -#include <sys/types.h> -#include <sys/time.h> -#include <sys/stat.h> -#include <sys/wait.h> -#include <signal.h> -#include <des.h> -#include <krb.h> -#include <krb_db.h> - -#define TRUE 1 -#define FALSE 0 - -static C_Block master_key; -static C_Block session_key; -static Key_schedule master_key_schedule; -char progname[] = "ext_srvtab"; -char realm[REALM_SZ]; - -void FWrite(char *p, int size, int n, FILE *f); -void StampOutSecrets(void); -void usage(void); - -int -main(argc, argv) - int argc; - char *argv[]; -{ - FILE *fout; - char fname[1024]; - int fopen_errs = 0; - int arg; - Principal princs[40]; - int more; - int prompt = TRUE; - register int n, i; - - bzero(realm, sizeof(realm)); - - /* Parse commandline arguments */ - if (argc < 2) - usage(); - else { - for (i = 1; i < argc; i++) { - if (strcmp(argv[i], "-n") == 0) - prompt = FALSE; - else if (strcmp(argv[i], "-r") == 0) { - if (++i >= argc) - usage(); - else { - strcpy(realm, argv[i]); - /* - * This is to humor the broken way commandline - * argument parsing is done. Later, this - * program ignores everything that starts with -. - */ - argv[i][0] = '-'; - } - } - else if (argv[i][0] == '-') - usage(); - else - if (!k_isinst(argv[i])) { - fprintf(stderr, "%s: bad instance name: %s\n", - progname, argv[i]); - usage(); - } - } - } - - if (kdb_get_master_key (prompt, master_key, master_key_schedule) != 0) { - fprintf (stderr, "Couldn't read master key.\n"); - fflush (stderr); - exit(1); - } - - if (kdb_verify_master_key (master_key, master_key_schedule, stderr) < 0) { - exit(1); - } - - /* For each arg, search for instances of arg, and produce */ - /* srvtab file */ - if (!realm[0]) - if (krb_get_lrealm(realm, 1) != KSUCCESS) { - fprintf(stderr, "%s: couldn't get local realm\n", progname); - exit(1); - } - (void) umask(077); - - for (arg = 1; arg < argc; arg++) { - if (argv[arg][0] == '-') - continue; - sprintf(fname, "%s-new-srvtab", argv[arg]); - if ((fout = fopen(fname, "w")) == NULL) { - fprintf(stderr, "Couldn't create file '%s'.\n", fname); - fopen_errs++; - continue; - } - printf("Generating '%s'....\n", fname); - n = kerb_get_principal("*", argv[arg], &princs[0], 40, &more); - if (more) - fprintf(stderr, "More than 40 found...\n"); - for (i = 0; i < n; i++) { - FWrite(princs[i].name, strlen(princs[i].name) + 1, 1, fout); - FWrite(princs[i].instance, strlen(princs[i].instance) + 1, - 1, fout); - FWrite(realm, strlen(realm) + 1, 1, fout); - FWrite(&princs[i].key_version, - sizeof(princs[i].key_version), 1, fout); - bcopy(&princs[i].key_low, session_key, sizeof(long)); - bcopy(&princs[i].key_high, session_key + sizeof(long), - sizeof(long)); - kdb_encrypt_key (session_key, session_key, - master_key, master_key_schedule, DES_DECRYPT); - FWrite(session_key, sizeof session_key, 1, fout); - } - fclose(fout); - } - - StampOutSecrets(); - - exit(fopen_errs); /* 0 errors if successful */ - -} - -void -Die() -{ - StampOutSecrets(); - exit(1); -} - -void -FWrite(p, size, n, f) - char *p; - int size; - int n; - FILE *f; -{ - if (fwrite(p, size, n, f) != n) { - printf("Error writing output file. Terminating.\n"); - Die(); - } -} - -void -StampOutSecrets() -{ - bzero(master_key, sizeof master_key); - bzero(session_key, sizeof session_key); - bzero(master_key_schedule, sizeof master_key_schedule); -} - -void -usage() -{ - fprintf(stderr, - "Usage: %s [-n] [-r realm] instance [instance ...]\n", progname); - exit(1); -} diff --git a/eBones/usr.sbin/fix_kdb_keys/Makefile b/eBones/usr.sbin/fix_kdb_keys/Makefile deleted file mode 100644 index f810bf9..0000000 --- a/eBones/usr.sbin/fix_kdb_keys/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -# From: @(#)Makefile 5.2 (Berkeley) 3/5/91 -# $Id$ - -PROG= fix_kdb_keys -CFLAGS+=-DKERBEROS -DDEBUG -DPADD= ${LIBKDB} ${LIBKRB} ${LIBDES} -LDADD= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes -MAN8= fix_kdb_keys.8 - -.include <bsd.prog.mk> diff --git a/eBones/usr.sbin/fix_kdb_keys/fix_kdb_keys.8 b/eBones/usr.sbin/fix_kdb_keys/fix_kdb_keys.8 deleted file mode 100644 index 4bc4d62..0000000 --- a/eBones/usr.sbin/fix_kdb_keys/fix_kdb_keys.8 +++ /dev/null @@ -1,59 +0,0 @@ -.\" $Id$ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <Copyright.MIT>. -.\" -.TH FIX_KDB_KEYS 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -fix_kdb_keys \- Secure Kerberos database by properly randomising keys -.SH SYNOPSIS -fix_kdb_keys -.SH DESCRIPTION -If you built your Kerberos database before receiving this distribution, -the keys were randomly generated using the vulnerable version of -the Kerberos random number generator. Therefore it is possible for -an attacker to mount an attack to guess these values. If an attacker -can determine the key for the -.I krbtgt -ticket, they can construct tickets claiming to be any Kerberos -principal. Similarly if an attacker can obtain the -.I changepw.kerberos -key, they can change anyone's password. -.PP -This distribution has been patched to use the improved -.IR des_new_random_key() -routines instead of the old and cryptographically suspect -.IR des_random_key(). -.PP -The primary difference is that -.IR des_random_key() -uses a seeding -technique which is predictable and therefore vulnerable. While -.IR des_new_random_key() -uses a feedback mechanism based on the Data Encryption Standard -(DES) and is seeded with a secret (and therefore unknown to an -attacker) value. This value is the secret database master key. -.PP -Running -.I fix_kdb_keys -on the KDC server will change these critical keys to new -values using the newer random number generator. IMPORTANT: When this -is done, all outstanding ticket granting tickets will -immediately become invalid. This will be disruptive to your user -community. It is recommended that this is done late at night or early -in the morning before most users have logged in. Alternatively -pre-announce a definitive time when you will run the program and -inform the users that they will have to get new tickets at that time -(using either -.I kinit -or simply by logging out and then in again). -.SH DIAGNOSTICS -Many, and descriptive. -.SH FILES -.TP 20n -/etc/kerberosIV/principal.db -DBM file containing database -.TP -/etc/kerberosIV/master_key -Master key cache file. diff --git a/eBones/usr.sbin/fix_kdb_keys/fix_kdb_keys.c b/eBones/usr.sbin/fix_kdb_keys/fix_kdb_keys.c deleted file mode 100644 index 3719e78..0000000 --- a/eBones/usr.sbin/fix_kdb_keys/fix_kdb_keys.c +++ /dev/null @@ -1,191 +0,0 @@ -/* - * $Source: /afs/net/project/krb4/src/admin/RCS/kdb_edit.c,v $ - * $Author: tytso $ - * - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * - * For copying and distribution information, please see the file - * <mit-copyright.h>. - * - * This routine changes the Kerberos encryption keys for principals, - * i.e., users or services. - */ - -/* - * exit returns 0 ==> success -1 ==> error - */ - -#include <stdio.h> -#include <signal.h> -#include <errno.h> -#include <string.h> -#include <sys/types.h> -#include <sys/ioctl.h> -#include <sys/file.h> - -#ifdef NEED_TIME_H -#include <time.h> -#endif -#include <sys/time.h> - -#include <des.h> -#include <krb.h> -#include <krb_db.h> -/* MKEYFILE is now defined in kdc.h */ -#include <kdc.h> - -char prog[32]; -char *progname = prog; -int nflag = 0; -int debug = 0; -extern int krb_debug; - -Principal principal_data; - -static C_Block master_key; -static Key_schedule master_key_schedule; -static long master_key_version; - -static char realm[REALM_SZ]; - -void fatal_error(), cleanup(); -void Usage(); -void change_principal(); - -int main(argc, argv) - int argc; - char *argv[]; -{ - int i; - - prog[sizeof prog - 1] = '\0'; /* make sure terminated */ - strncpy(prog, argv[0], sizeof prog - 1); /* salt away invoking - * program */ - - /* Assume a long is four bytes */ - if (sizeof(long) != 4) { - fprintf(stderr, "%s: size of long is %d.\n", prog, sizeof(long)); - exit(-1); - } - while (--argc > 0 && (*++argv)[0] == '-') - for (i = 1; argv[0][i] != '\0'; i++) { - switch (argv[0][i]) { - - /* debug flag */ - case 'd': - debug = 1; - continue; - - /* debug flag */ - case 'l': - krb_debug |= 1; - continue; - - case 'n': /* read MKEYFILE for master key */ - nflag = 1; - continue; - - default: - fprintf(stderr, "%s: illegal flag \"%c\"\n", progname, argv[0][i]); - Usage(); /* Give message and die */ - } - }; - - if (krb_get_lrealm(realm, 1)) { - fprintf(stderr, "Couldn't get local realm information.\n"); - fatal_error(); - } - - kerb_init(); - if (argc > 0) { - if (kerb_db_set_name(*argv) != 0) { - fprintf(stderr, "Could not open altername database name\n"); - fatal_error(); - } - } - - if (kdb_get_master_key ((nflag == 0), - master_key, master_key_schedule) != 0) { - fprintf (stderr, "Couldn't read master key.\n"); - fatal_error(); - } - - if ((master_key_version = kdb_verify_master_key(master_key, - master_key_schedule, - stdout)) < 0) - fatal_error(); - - des_init_random_number_generator(master_key); - - change_principal("krbtgt", realm); - change_principal("changepw", KRB_MASTER); - - cleanup(); - - printf("\nKerberos database updated successfully. Note that all\n"); - printf("existing ticket-granting tickets have been invalidated.\n\n"); - - return(0); -} - -void change_principal(input_name, input_instance) - char *input_name; - char *input_instance; -{ - int n, more; - C_Block new_key; - - n = kerb_get_principal(input_name, input_instance, &principal_data, - 1, &more); - if (!n) { - fprintf(stderr, "Can't find principal database for %s.%s.\n", - input_name, input_instance); - fatal_error(); - } - if (more) { - fprintf(stderr, "More than one entry for %s.%s.\n", input_name, - input_instance); - fatal_error(); - } - - des_new_random_key(new_key); - - /* seal it under the kerberos master key */ - kdb_encrypt_key (new_key, new_key, - master_key, master_key_schedule, - ENCRYPT); - memcpy(&principal_data.key_low, new_key, 4); - memcpy(&principal_data.key_high, ((long *) new_key) + 1, 4); - memset(new_key, 0, sizeof(new_key)); - - principal_data.key_version++; - - if (kerb_put_principal(&principal_data, 1)) { - fprintf(stderr, "\nError updating Kerberos database"); - fatal_error(); - } - - memset(&principal_data.key_low, 0, 4); - memset(&principal_data.key_high, 0, 4); -} - -void fatal_error() -{ - cleanup(); - exit(1); -} - -void cleanup() -{ - - memset(master_key, 0, sizeof(master_key)); - memset(master_key_schedule, 0, sizeof(master_key_schedule)); - memset(&principal_data, 0, sizeof(principal_data)); -} - -void Usage() -{ - fprintf(stderr, "Usage: %s [-n]\n", progname); - exit(1); -} diff --git a/eBones/usr.sbin/kadmind/Makefile b/eBones/usr.sbin/kadmind/Makefile deleted file mode 100644 index 6a74666..0000000 --- a/eBones/usr.sbin/kadmind/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# $Id$ - -PROG= kadmind -SRCS= admin_server.c kadm_funcs.c kadm_ser_wrap.c kadm_server.c -CFLAGS+=-DPOSIX -I${.CURDIR}/../../lib/libkadm -I${KADMOBJDIR} -I${KRBOBJDIR} -DKERBEROS -DPADD= ${LIBKDB} ${LIBKRB} ${LIBDES} -LDADD+= -L${KADMOBJDIR} -lkadm -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb \ - -L${DESOBJDIR} -ldes -L${ACLOBJDIR} -lacl -lcom_err -MAN8= kadmind.8 - -.include <bsd.prog.mk> diff --git a/eBones/usr.sbin/kadmind/admin_server.c b/eBones/usr.sbin/kadmind/admin_server.c deleted file mode 100644 index 72980d4..0000000 --- a/eBones/usr.sbin/kadmind/admin_server.c +++ /dev/null @@ -1,474 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * Copyright.MIT. - * - * Top-level loop of the kerberos Administration server - */ - -#if 0 -#ifndef lint -static char rcsid_admin_server_c[] = -"Id: admin_server.c,v 4.8 90/01/02 13:50:38 jtkohl Exp "; -static const char rcsid[] = - "$Id"; -#endif lint -#endif - -/* - admin_server.c - this holds the main loop and initialization and cleanup code for the server -*/ - -#include <stdio.h> -#include <string.h> -#include <unistd.h> -#include <sys/types.h> -#include <signal.h> -#ifndef sigmask -#define sigmask(m) (1 <<((m)-1)) -#endif -#include <sys/wait.h> -#include <errno.h> -#include <sys/socket.h> -#include <syslog.h> -#include <com_err.h> -#include <kadm.h> -#include <kadm_err.h> -#include <krb_db.h> -#include "kadm_server.h" - -/* Almost all procs and such need this, so it is global */ -admin_params prm; /* The command line parameters struct */ - -char prog[32]; /* WHY IS THIS NEEDED??????? */ -char *progname = prog; -char *acldir = DEFAULT_ACL_DIR; -char krbrlm[REALM_SZ]; -extern Kadm_Server server_parm; - -void cleanexit(int val); -void process_client(int fd, struct sockaddr_in *who); -void kill_children(void); -static void clear_secrets(void); -void byebye(void); -void close_syslog(void); -int kadm_listen(void); - -/* -** Main does the logical thing, it sets up the database and RPC interface, -** as well as handling the creation and maintenance of the syslog file... -*/ -void -main(argc, argv) /* admin_server main routine */ -int argc; -char *argv[]; -{ - int errval; - int c; - extern char *optarg; - - prog[sizeof(prog)-1]='\0'; /* Terminate... */ - (void) strncpy(prog, argv[0], sizeof(prog)-1); - - /* initialize the admin_params structure */ - prm.sysfile = KADM_SYSLOG; /* default file name */ - prm.inter = 1; - - bzero(krbrlm, sizeof(krbrlm)); - - while ((c = getopt(argc, argv, "f:hnd:a:r:")) != EOF) - switch(c) { - case 'f': /* Syslog file name change */ - prm.sysfile = optarg; - break; - case 'n': - prm.inter = 0; - break; - case 'a': /* new acl directory */ - acldir = optarg; - break; - case 'd': - /* put code to deal with alt database place */ - if ((errval = kerb_db_set_name(optarg))) { - fprintf(stderr, "opening database %s: %s", - optarg, error_message(errval)); - exit(1); - } - break; - case 'r': - (void) strncpy(krbrlm, optarg, sizeof(krbrlm) - 1); - break; - case 'h': /* get help on using admin_server */ - default: - printf("Usage: admin_server [-h] [-n] [-r realm] [-d dbname] [-f filename] [-a acldir]\n"); - exit(-1); /* failure */ - } - - if (krbrlm[0] == 0) - if (krb_get_lrealm(krbrlm, 0) != KSUCCESS) { - fprintf(stderr, - "Unable to get local realm. Fix krb.conf or use -r.\n"); - exit(1); - } - - printf("KADM Server %s initializing\n",KADM_VERSTR); - printf("Please do not use 'kill -9' to kill this job, use a\n"); - printf("regular kill instead\n\n"); - - set_logfile(prm.sysfile); - log("Admin server starting"); - - (void) kerb_db_set_lockmode(KERB_DBL_NONBLOCKING); - errval = kerb_init(); /* Open the Kerberos database */ - if (errval) { - fprintf(stderr, "error: kerb_init() failed"); - close_syslog(); - byebye(); - } - /* set up the server_parm struct */ - if ((errval = kadm_ser_init(prm.inter, krbrlm))==KADM_SUCCESS) { - kerb_fini(); /* Close the Kerberos database-- - will re-open later */ - errval = kadm_listen(); /* listen for calls to server from - clients */ - } - if (errval != KADM_SUCCESS) { - fprintf(stderr,"error: %s\n",error_message(errval)); - kerb_fini(); /* Close if error */ - } - close_syslog(); /* Close syslog file, print - closing note */ - byebye(); /* Say bye bye on the terminal - in use */ -} /* procedure main */ - - -/* close the system log file */ -void -close_syslog() -{ - log("Shutting down admin server"); -} - -void -byebye() /* say goodnight gracie */ -{ - printf("Admin Server (kadm server) has completed operation.\n"); -} - -static void -clear_secrets() -{ - bzero((char *)server_parm.master_key, sizeof(server_parm.master_key)); - bzero((char *)server_parm.master_key_schedule, - sizeof(server_parm.master_key_schedule)); - server_parm.master_key_version = 0L; -} - -static exit_now = 0; - -sigtype -doexit() -{ - exit_now = 1; -#ifdef POSIX - return; -#else /* !POSIX */ - return(0); -#endif /* POSIX */ -} - -unsigned pidarraysize = 0; -int *pidarray = (int *)0; - -/* -kadm_listen -listen on the admin servers port for a request -*/ -int -kadm_listen() -{ - extern int errno; - int found; - int admin_fd; - int peer_fd; - fd_set mask, readfds; - struct sockaddr_in peer; - int addrlen; - int pid; - sigtype do_child(); - - (void) signal(SIGINT, doexit); - (void) signal(SIGTERM, doexit); - (void) signal(SIGHUP, doexit); - (void) signal(SIGQUIT, doexit); - (void) signal(SIGPIPE, SIG_IGN); /* get errors on write() */ - (void) signal(SIGALRM, doexit); - (void) signal(SIGCHLD, do_child); - - if ((admin_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) - return KADM_NO_SOCK; - if (bind(admin_fd, (struct sockaddr *)&server_parm.admin_addr, - sizeof(struct sockaddr_in)) < 0) - return KADM_NO_BIND; - (void) listen(admin_fd, 1); - FD_ZERO(&mask); - FD_SET(admin_fd, &mask); - - for (;;) { /* loop nearly forever */ - if (exit_now) { - clear_secrets(); - kill_children(); - return(0); - } - readfds = mask; - if ((found = select(admin_fd+1,&readfds,(fd_set *)0, - (fd_set *)0, (struct timeval *)0)) == 0) - continue; /* no things read */ - if (found < 0) { - if (errno != EINTR) - log("select: %s",error_message(errno)); - continue; - } - if (FD_ISSET(admin_fd, &readfds)) { - /* accept the conn */ - addrlen = sizeof(peer); - if ((peer_fd = accept(admin_fd, (struct sockaddr *)&peer, - &addrlen)) < 0) { - log("accept: %s",error_message(errno)); - continue; - } - addrlen = sizeof(server_parm.admin_addr); - if (getsockname(peer_fd, (struct sockaddr *)&server_parm.admin_addr, - &addrlen)) { - log("getsockname: %s",error_message(errno)); - continue; - } -#ifdef DEBUG - printf("Connection recieved on %s\n", - inet_ntoa(server_parm.admin_addr.sin_addr)); -#endif /* DEBUG */ -#ifndef DEBUG - /* if you want a sep daemon for each server */ - if ((pid = fork())) { - /* parent */ - if (pid < 0) { - log("fork: %s",error_message(errno)); - (void) close(peer_fd); - continue; - } - /* fork succeded: keep tabs on child */ - (void) close(peer_fd); - if (pidarray) { - pidarray = (int *)realloc((char *)pidarray, ++pidarraysize); - pidarray[pidarraysize-1] = pid; - } else { - pidarray = (int *)malloc(pidarraysize = 1); - pidarray[0] = pid; - } - } else { - /* child */ - (void) close(admin_fd); -#endif /* DEBUG */ - /* do stuff */ - process_client (peer_fd, &peer); -#ifndef DEBUG - } -#endif - } else { - log("something else woke me up!"); - return(0); - } - } - /*NOTREACHED*/ - return(0); /* Shut -Wall up - markm */ -} - -#ifdef DEBUG -#define cleanexit(code) {kerb_fini(); return;} -#endif - -void -process_client(fd, who) -int fd; -struct sockaddr_in *who; -{ - u_char *dat; - int dat_len; - u_short dlen; - int retval; - int on = 1; - Principal service; - des_cblock skey; - int more; - int status; - - if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0) - log("setsockopt keepalive: %d",errno); - - server_parm.recv_addr = *who; - - if (kerb_init()) { /* Open as client */ - log("can't open krb db"); - cleanexit(1); - } - /* need to set service key to changepw.KRB_MASTER */ - - status = kerb_get_principal(server_parm.sname, server_parm.sinst, &service, - 1, &more); - if (status == -1) { - /* db locked */ - u_long retcode = KADM_DB_INUSE; - char *pdat; - - dat_len = KADM_VERSIZE + sizeof(u_long); - dat = (u_char *) malloc((unsigned)dat_len); - pdat = (char *) dat; - retcode = htonl((u_long) KADM_DB_INUSE); - (void) strncpy(pdat, KADM_ULOSE, KADM_VERSIZE); - bcopy((char *)&retcode, &pdat[KADM_VERSIZE], sizeof(u_long)); - goto out; - } else if (!status) { - log("no service %s.%s",server_parm.sname, server_parm.sinst); - cleanexit(2); - } - - bcopy((char *)&service.key_low, (char *)skey, 4); - bcopy((char *)&service.key_high, (char *)(((long *) skey) + 1), 4); - bzero((char *)&service, sizeof(service)); - kdb_encrypt_key (skey, skey, server_parm.master_key, - server_parm.master_key_schedule, DECRYPT); - (void) krb_set_key((char *)skey, 0); /* if error, will show up when - rd_req fails */ - bzero((char *)skey, sizeof(skey)); - - while (1) { - if ((retval = krb_net_read(fd, (char *)&dlen, sizeof(u_short))) != - sizeof(u_short)) { - if (retval < 0) - log("dlen read: %s",error_message(errno)); - else if (retval) - log("short dlen read: %d",retval); - (void) close(fd); - cleanexit(retval ? 3 : 0); - } - if (exit_now) { - cleanexit(0); - } - dat_len = (int) ntohs(dlen); - dat = (u_char *) malloc((unsigned)dat_len); - if (!dat) { - log("malloc: No memory"); - (void) close(fd); - cleanexit(4); - } - if ((retval = krb_net_read(fd, (char *)dat, dat_len)) != dat_len) { - if (retval < 0) - log("data read: %s",error_message(errno)); - else - log("short read: %d vs. %d", dat_len, retval); - (void) close(fd); - cleanexit(5); - } - if (exit_now) { - cleanexit(0); - } - if ((retval = kadm_ser_in(&dat,&dat_len)) != KADM_SUCCESS) - log("processing request: %s", error_message(retval)); - - /* kadm_ser_in did the processing and returned stuff in - dat & dat_len , return the appropriate data */ - - out: - dlen = (u_short) dat_len; - - if (dat_len != (int)dlen) { - clear_secrets(); - abort(); /* XXX */ - } - dlen = htons(dlen); - - if (krb_net_write(fd, (char *)&dlen, sizeof(u_short)) < 0) { - log("writing dlen to client: %s",error_message(errno)); - (void) close(fd); - cleanexit(6); - } - - if (krb_net_write(fd, (char *)dat, dat_len) < 0) { - log(LOG_ERR, "writing to client: %s",error_message(errno)); - (void) close(fd); - cleanexit(7); - } - free((char *)dat); - } - /*NOTREACHED*/ -} - -sigtype -do_child() -{ - /* SIGCHLD brings us here */ - int pid; - register int i, j; - -#ifdef POSIX - int status; -#else - union wait status; -#endif - - pid = wait(&status); - - for (i = 0; i < pidarraysize; i++) - if (pidarray[i] == pid) { - /* found it */ - for (j = i; j < pidarraysize-1; j++) - /* copy others down */ - pidarray[j] = pidarray[j+1]; - pidarraysize--; - if (WEXITSTATUS(status) || WCOREDUMP(status) || WIFSIGNALED(status)) - log("child %d: termsig %d, coredump %d, retcode %d", pid, - WTERMSIG(status), WCOREDUMP(status), WEXITSTATUS(status)); -#ifdef POSIX - return; -#else /* !POSIX */ - return(0); -#endif /* POSIX */ - } - log("child %d not in list: termsig %d, coredump %d, retcode %d", pid, - WTERMSIG(status), WCOREDUMP(status), WEXITSTATUS(status)); -#ifdef POSIX - return; -#else /* !POSIX */ - return(0); -#endif /* POSIX */ -} - -#ifndef DEBUG -void -cleanexit(val) - int val; -{ - kerb_fini(); - clear_secrets(); - exit(val); -} -#endif - -void -kill_children() -{ - register int i; - int osigmask; - - osigmask = sigblock(sigmask(SIGCHLD)); - - for (i = 0; i < pidarraysize; i++) { - kill(pidarray[i], SIGINT); - log("killing child %d", pidarray[i]); - } - sigsetmask(osigmask); - return; -} diff --git a/eBones/usr.sbin/kadmind/kadm_funcs.c b/eBones/usr.sbin/kadmind/kadm_funcs.c deleted file mode 100644 index 47dd4b4..0000000 --- a/eBones/usr.sbin/kadmind/kadm_funcs.c +++ /dev/null @@ -1,381 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * Copyright.MIT - * - * Kerberos administration server-side database manipulation routines - */ - -#if 0 -#ifndef lint -static char rcsid_kadm_funcs_c[] = -"Id: kadm_funcs.c,v 4.3 90/03/20 01:39:51 jon Exp "; -static const char rcsid[] = - "$Id$"; -#endif lint -#endif - -/* -kadm_funcs.c -the actual database manipulation code -*/ - -#include <stdio.h> -#include <string.h> -#include <com_err.h> -#include <sys/param.h> -#include <kadm.h> -#include <kadm_err.h> -#include <krb_db.h> -#include "kadm_server.h" - -extern Kadm_Server server_parm; - -int -check_access(pname, pinst, prealm, acltype) -char *pname; -char *pinst; -char *prealm; -enum acl_types acltype; -{ - char checkname[MAX_K_NAME_SZ]; - char filename[MAXPATHLEN]; - extern char *acldir; - - sprintf(checkname, "%s.%s@%s", pname, pinst, prealm); - - switch (acltype) { - case ADDACL: - sprintf(filename, "%s%s", acldir, ADD_ACL_FILE); - break; - case GETACL: - sprintf(filename, "%s%s", acldir, GET_ACL_FILE); - break; - case MODACL: - sprintf(filename, "%s%s", acldir, MOD_ACL_FILE); - break; - } - return(acl_check(filename, checkname)); -} - -int -wildcard(str) -char *str; -{ - if (!strcmp(str, WILDCARD_STR)) - return(1); - return(0); -} - -#define failadd(code) { (void) log("FAILED addding '%s.%s' (%s)", valsin->name, valsin->instance, error_message(code)); return code; } - -int -kadm_add_entry (rname, rinstance, rrealm, valsin, valsout) -char *rname; /* requestors name */ -char *rinstance; /* requestors instance */ -char *rrealm; /* requestors realm */ -Kadm_vals *valsin; -Kadm_vals *valsout; -{ - long numfound; /* check how many we get written */ - int more; /* pointer to more grabbed records */ - Principal data_i, data_o; /* temporary principal */ - u_char flags[4]; - des_cblock newpw; - Principal default_princ; - - if (!check_access(rname, rinstance, rrealm, ADDACL)) { - (void) log("WARNING: '%s.%s@%s' tried to add an entry for '%s.%s'", - rname, rinstance, rrealm, valsin->name, valsin->instance); - return KADM_UNAUTH; - } - - /* Need to check here for "legal" name and instance */ - if (wildcard(valsin->name) || wildcard(valsin->instance)) { - failadd(KADM_ILL_WILDCARD); - } - - (void) log("request to add an entry for '%s.%s' from '%s.%s@%s'", - valsin->name, valsin->instance, rname, rinstance, rrealm); - - numfound = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, - &default_princ, 1, &more); - if (numfound == -1) { - failadd(KADM_DB_INUSE); - } else if (numfound != 1) { - failadd(KADM_UK_RERROR); - } - - kadm_vals_to_prin(valsin->fields, &data_i, valsin); - (void) strncpy(data_i.name, valsin->name, ANAME_SZ); - (void) strncpy(data_i.instance, valsin->instance, INST_SZ); - - if (!IS_FIELD(KADM_EXPDATE,valsin->fields)) - data_i.exp_date = default_princ.exp_date; - if (!IS_FIELD(KADM_ATTR,valsin->fields)) - data_i.attributes = default_princ.attributes; - if (!IS_FIELD(KADM_MAXLIFE,valsin->fields)) - data_i.max_life = default_princ.max_life; - - bzero((char *)&default_princ, sizeof(default_princ)); - - /* convert to host order */ - data_i.key_low = ntohl(data_i.key_low); - data_i.key_high = ntohl(data_i.key_high); - - - bcopy(&data_i.key_low,newpw,4); - bcopy(&data_i.key_high,(char *)(((long *) newpw) + 1),4); - - /* encrypt new key in master key */ - kdb_encrypt_key (newpw, newpw, server_parm.master_key, - server_parm.master_key_schedule, ENCRYPT); - bcopy(newpw,&data_i.key_low,4); - bcopy((char *)(((long *) newpw) + 1), &data_i.key_high,4); - bzero((char *)newpw, sizeof(newpw)); - - data_o = data_i; - numfound = kerb_get_principal(valsin->name, valsin->instance, - &data_o, 1, &more); - if (numfound == -1) { - failadd(KADM_DB_INUSE); - } else if (numfound) { - failadd(KADM_INUSE); - } else { - data_i.key_version++; - data_i.kdc_key_ver = server_parm.master_key_version; - (void) strncpy(data_i.mod_name, rname, sizeof(data_i.mod_name)-1); - (void) strncpy(data_i.mod_instance, rinstance, - sizeof(data_i.mod_instance)-1); - - numfound = kerb_put_principal(&data_i, 1); - if (numfound == -1) { - failadd(KADM_DB_INUSE); - } else if (numfound) { - failadd(KADM_UK_SERROR); - } else { - numfound = kerb_get_principal(valsin->name, valsin->instance, - &data_o, 1, &more); - if ((numfound!=1) || (more!=0)) { - failadd(KADM_UK_RERROR); - } - bzero((char *)flags, sizeof(flags)); - SET_FIELD(KADM_NAME,flags); - SET_FIELD(KADM_INST,flags); - SET_FIELD(KADM_EXPDATE,flags); - SET_FIELD(KADM_ATTR,flags); - SET_FIELD(KADM_MAXLIFE,flags); - kadm_prin_to_vals(flags, valsout, &data_o); - (void) log("'%s.%s' added.", valsin->name, valsin->instance); - return KADM_DATA; /* Set all the appropriate fields */ - } - } -} -#undef failadd - -#define failget(code) { (void) log("FAILED retrieving '%s.%s' (%s)", valsin->name, valsin->instance, error_message(code)); return code; } - -int -kadm_get_entry (rname, rinstance, rrealm, valsin, flags, valsout) -char *rname; /* requestors name */ -char *rinstance; /* requestors instance */ -char *rrealm; /* requestors realm */ -Kadm_vals *valsin; /* what they wannt to get */ -u_char *flags; /* which fields we want */ -Kadm_vals *valsout; /* what data is there */ -{ - long numfound; /* check how many were returned */ - int more; /* To point to more name.instances */ - Principal data_o; /* Data object to hold Principal */ - - - if (!check_access(rname, rinstance, rrealm, GETACL)) { - (void) log("WARNING: '%s.%s@%s' tried to get '%s.%s's entry", - rname, rinstance, rrealm, valsin->name, valsin->instance); - return KADM_UNAUTH; - } - - if (wildcard(valsin->name) || wildcard(valsin->instance)) { - failget(KADM_ILL_WILDCARD); - } - - (void) log("retrieve '%s.%s's entry for '%s.%s@%s'", - valsin->name, valsin->instance, rname, rinstance, rrealm); - - /* Look up the record in the database */ - numfound = kerb_get_principal(valsin->name, valsin->instance, - &data_o, 1, &more); - if (numfound == -1) { - failget(KADM_DB_INUSE); - } else if (numfound) { /* We got the record, let's return it */ - kadm_prin_to_vals(flags, valsout, &data_o); - (void) log("'%s.%s' retrieved.", valsin->name, valsin->instance); - return KADM_DATA; /* Set all the appropriate fields */ - } else { - failget(KADM_NOENTRY); /* Else whimper and moan */ - } -} -#undef failget - -#define failmod(code) { (void) log("FAILED modifying '%s.%s' (%s)", valsin1->name, valsin1->instance, error_message(code)); return code; } - -int -kadm_mod_entry (rname, rinstance, rrealm, valsin1, valsin2, valsout) -char *rname; /* requestors name */ -char *rinstance; /* requestors instance */ -char *rrealm; /* requestors realm */ -Kadm_vals *valsin1, *valsin2; /* holds the parameters being - passed in */ -Kadm_vals *valsout; /* the actual record which is returned */ -{ - long numfound; - int more; - Principal data_o, temp_key; - u_char fields[4]; - des_cblock newpw; - - if (wildcard(valsin1->name) || wildcard(valsin1->instance)) { - failmod(KADM_ILL_WILDCARD); - } - - if (!check_access(rname, rinstance, rrealm, MODACL)) { - (void) log("WARNING: '%s.%s@%s' tried to change '%s.%s's entry", - rname, rinstance, rrealm, valsin1->name, valsin1->instance); - return KADM_UNAUTH; - } - - (void) log("request to modify '%s.%s's entry from '%s.%s@%s' ", - valsin1->name, valsin1->instance, rname, rinstance, rrealm); - - numfound = kerb_get_principal(valsin1->name, valsin1->instance, - &data_o, 1, &more); - if (numfound == -1) { - failmod(KADM_DB_INUSE); - } else if (numfound) { - kadm_vals_to_prin(valsin2->fields, &temp_key, valsin2); - (void) strncpy(data_o.name, valsin1->name, ANAME_SZ); - (void) strncpy(data_o.instance, valsin1->instance, INST_SZ); - if (IS_FIELD(KADM_EXPDATE,valsin2->fields)) - data_o.exp_date = temp_key.exp_date; - if (IS_FIELD(KADM_ATTR,valsin2->fields)) - data_o.attributes = temp_key.attributes; - if (IS_FIELD(KADM_MAXLIFE,valsin2->fields)) - data_o.max_life = temp_key.max_life; - if (IS_FIELD(KADM_DESKEY,valsin2->fields)) { - data_o.key_version++; - data_o.kdc_key_ver = server_parm.master_key_version; - - - /* convert to host order */ - temp_key.key_low = ntohl(temp_key.key_low); - temp_key.key_high = ntohl(temp_key.key_high); - - - bcopy(&temp_key.key_low,newpw,4); - bcopy(&temp_key.key_high,(char *)(((long *) newpw) + 1),4); - - /* encrypt new key in master key */ - kdb_encrypt_key (newpw, newpw, server_parm.master_key, - server_parm.master_key_schedule, ENCRYPT); - bcopy(newpw,&data_o.key_low,4); - bcopy((char *)(((long *) newpw) + 1), &data_o.key_high,4); - bzero((char *)newpw, sizeof(newpw)); - } - bzero((char *)&temp_key, sizeof(temp_key)); - - (void) strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1); - (void) strncpy(data_o.mod_instance, rinstance, - sizeof(data_o.mod_instance)-1); - more = kerb_put_principal(&data_o, 1); - - bzero((char *)&data_o, sizeof(data_o)); - - if (more == -1) { - failmod(KADM_DB_INUSE); - } else if (more) { - failmod(KADM_UK_SERROR); - } else { - numfound = kerb_get_principal(valsin1->name, valsin1->instance, - &data_o, 1, &more); - if ((more!=0)||(numfound!=1)) { - failmod(KADM_UK_RERROR); - } - bzero((char *) fields, sizeof(fields)); - SET_FIELD(KADM_NAME,fields); - SET_FIELD(KADM_INST,fields); - SET_FIELD(KADM_EXPDATE,fields); - SET_FIELD(KADM_ATTR,fields); - SET_FIELD(KADM_MAXLIFE,fields); - kadm_prin_to_vals(fields, valsout, &data_o); - (void) log("'%s.%s' modified.", valsin1->name, valsin1->instance); - return KADM_DATA; /* Set all the appropriate fields */ - } - } - else { - failmod(KADM_NOENTRY); - } -} -#undef failmod - -#define failchange(code) { (void) log("FAILED changing key for '%s.%s@%s' (%s)", rname, rinstance, rrealm, error_message(code)); return code; } - -int -kadm_change (rname, rinstance, rrealm, newpw) -char *rname; -char *rinstance; -char *rrealm; -des_cblock newpw; -{ - long numfound; - int more; - Principal data_o; - des_cblock local_pw; - - if (strcmp(server_parm.krbrlm, rrealm)) { - (void) log("change key request from wrong realm, '%s.%s@%s'!\n", - rname, rinstance, rrealm); - return(KADM_WRONG_REALM); - } - - if (wildcard(rname) || wildcard(rinstance)) { - failchange(KADM_ILL_WILDCARD); - } - (void) log("'%s.%s@%s' wants to change its password", - rname, rinstance, rrealm); - - bcopy(newpw, local_pw, sizeof(local_pw)); - - /* encrypt new key in master key */ - kdb_encrypt_key (local_pw, local_pw, server_parm.master_key, - server_parm.master_key_schedule, ENCRYPT); - - numfound = kerb_get_principal(rname, rinstance, - &data_o, 1, &more); - if (numfound == -1) { - failchange(KADM_DB_INUSE); - } else if (numfound) { - bcopy(local_pw,&data_o.key_low,4); - bcopy((char *)(((long *) local_pw) + 1), &data_o.key_high,4); - data_o.key_version++; - data_o.kdc_key_ver = server_parm.master_key_version; - (void) strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1); - (void) strncpy(data_o.mod_instance, rinstance, - sizeof(data_o.mod_instance)-1); - more = kerb_put_principal(&data_o, 1); - bzero((char *) local_pw, sizeof(local_pw)); - bzero((char *) &data_o, sizeof(data_o)); - if (more == -1) { - failchange(KADM_DB_INUSE); - } else if (more) { - failchange(KADM_UK_SERROR); - } else { - (void) log("'%s.%s@%s' password changed.", rname, rinstance, rrealm); - return KADM_SUCCESS; - } - } - else { - failchange(KADM_NOENTRY); - } -} -#undef failchange diff --git a/eBones/usr.sbin/kadmind/kadm_ser_wrap.c b/eBones/usr.sbin/kadmind/kadm_ser_wrap.c deleted file mode 100644 index 0fa1ace..0000000 --- a/eBones/usr.sbin/kadmind/kadm_ser_wrap.c +++ /dev/null @@ -1,213 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * Copyright.MIT. - * - * Kerberos administration server-side support functions - */ - -#if 0 -#ifndef lint -static char rcsid_module_c[] = -"BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_ser_wrap.c,v 4.4 89/09/26 09:29:36 jtkohl Exp "; -#endif lint -#endif - -/* -kadm_ser_wrap.c -unwraps wrapped packets and calls the appropriate server subroutine -*/ - -#include <unistd.h> -#include <stdio.h> -#include <string.h> -#include <sys/types.h> -#include <netdb.h> -#include <sys/socket.h> -#include <kadm.h> -#include <kadm_err.h> -#include <krb_err.h> -#include "kadm_server.h" - -Kadm_Server server_parm; - -/* -kadm_ser_init -set up the server_parm structure -*/ -int -kadm_ser_init(inter, realm) -int inter; /* interactive or from file */ -char realm[]; -{ - struct servent *sep; - struct hostent *hp; - char hostname[MAXHOSTNAMELEN]; - - init_kadm_err_tbl(); - init_krb_err_tbl(); - if (gethostname(hostname, sizeof(hostname))) - return KADM_NO_HOSTNAME; - - strcpy(server_parm.sname, PWSERV_NAME); - strcpy(server_parm.sinst, KRB_MASTER); - strcpy(server_parm.krbrlm, realm); - - server_parm.admin_fd = -1; - /* setting up the addrs */ - if ((sep = getservbyname(KADM_SNAME, "tcp")) == NULL) - return KADM_NO_SERV; - bzero((char *)&server_parm.admin_addr,sizeof(server_parm.admin_addr)); - server_parm.admin_addr.sin_family = AF_INET; - if ((hp = gethostbyname(hostname)) == NULL) - return KADM_NO_HOSTNAME; - server_parm.admin_addr.sin_addr.s_addr = INADDR_ANY; - server_parm.admin_addr.sin_port = sep->s_port; - /* setting up the database */ - if (kdb_get_master_key((inter==1),server_parm.master_key, - server_parm.master_key_schedule) != 0) - return KADM_NO_MAST; - if ((server_parm.master_key_version = - kdb_verify_master_key(server_parm.master_key, - server_parm.master_key_schedule,stderr))<0) - return KADM_NO_VERI; - return KADM_SUCCESS; -} - -static void -errpkt(dat, dat_len, code) -u_char **dat; -int *dat_len; -int code; -{ - u_long retcode; - char *pdat; - - free((char *)*dat); /* free up req */ - *dat_len = KADM_VERSIZE + sizeof(u_long); - *dat = (u_char *) malloc((unsigned)*dat_len); - pdat = (char *) *dat; - retcode = htonl((u_long) code); - (void) strncpy(pdat, KADM_ULOSE, KADM_VERSIZE); - bcopy((char *)&retcode, &pdat[KADM_VERSIZE], sizeof(u_long)); - return; -} - -/* -kadm_ser_in -unwrap the data stored in dat, process, and return it. -*/ -int -kadm_ser_in(dat,dat_len) -u_char **dat; -int *dat_len; -{ - u_char *in_st; /* pointer into the sent packet */ - int in_len,retc; /* where in packet we are, for - returns */ - u_long r_len; /* length of the actual packet */ - KTEXT_ST authent; /* the authenticator */ - AUTH_DAT ad; /* who is this, klink */ - u_long ncksum; /* checksum of encrypted data */ - des_key_schedule sess_sched; /* our schedule */ - MSG_DAT msg_st; - u_char *retdat, *tmpdat; - int retval, retlen; - - if (strncmp(KADM_VERSTR, (char *)*dat, KADM_VERSIZE)) { - errpkt(dat, dat_len, KADM_BAD_VER); - return KADM_BAD_VER; - } - in_len = KADM_VERSIZE; - /* get the length */ - if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0) - return KADM_LENGTH_ERROR; - in_len += retc; - authent.length = *dat_len - r_len - KADM_VERSIZE - sizeof(u_long); - bcopy((char *)(*dat) + in_len, (char *)authent.dat, authent.length); - authent.mbz = 0; - /* service key should be set before here */ - if ((retc = krb_rd_req(&authent, server_parm.sname, server_parm.sinst, - server_parm.recv_addr.sin_addr.s_addr, &ad, (char *)0))) - { - errpkt(dat, dat_len,retc + krb_err_base); - return retc + krb_err_base; - } - -#define clr_cli_secrets() {bzero((char *)sess_sched, sizeof(sess_sched)); bzero((char *)ad.session, sizeof(ad.session));} - - in_st = *dat + *dat_len - r_len; -#ifdef NOENCRYPTION - ncksum = 0; -#else - ncksum = quad_cksum((des_cblock *)in_st, (des_cblock *)0, (long) r_len, - 0, (des_cblock *)ad.session); -#endif - if (ncksum!=ad.checksum) { /* yow, are we correct yet */ - clr_cli_secrets(); - errpkt(dat, dat_len,KADM_BAD_CHK); - return KADM_BAD_CHK; - } -#ifdef NOENCRYPTION - bzero(sess_sched, sizeof(sess_sched)); -#else - des_key_sched((des_cblock *)ad.session, sess_sched); -#endif - if ((retc = (int) krb_rd_priv(in_st, r_len, sess_sched, ad.session, - &server_parm.recv_addr, - &server_parm.admin_addr, &msg_st))) { - clr_cli_secrets(); - errpkt(dat, dat_len,retc + krb_err_base); - return retc + krb_err_base; - } - switch (msg_st.app_data[0]) { - case CHANGE_PW: - retval = kadm_ser_cpw(msg_st.app_data+1,(int) msg_st.app_length,&ad, - &retdat, &retlen); - break; - case ADD_ENT: - retval = kadm_ser_add(msg_st.app_data+1,(int) msg_st.app_length,&ad, - &retdat, &retlen); - break; - case GET_ENT: - retval = kadm_ser_get(msg_st.app_data+1,(int) msg_st.app_length,&ad, - &retdat, &retlen); - break; - case MOD_ENT: - retval = kadm_ser_mod(msg_st.app_data+1,(int) msg_st.app_length,&ad, - &retdat, &retlen); - break; - default: - clr_cli_secrets(); - errpkt(dat, dat_len, KADM_NO_OPCODE); - return KADM_NO_OPCODE; - } - /* Now seal the response back into a priv msg */ - free((char *)*dat); - tmpdat = (u_char *) malloc((unsigned)(retlen + KADM_VERSIZE + - sizeof(u_long))); - (void) strncpy((char *)tmpdat, KADM_VERSTR, KADM_VERSIZE); - retval = htonl((u_long)retval); - bcopy((char *)&retval, (char *)tmpdat + KADM_VERSIZE, sizeof(u_long)); - if (retlen) { - bcopy((char *)retdat, (char *)tmpdat + KADM_VERSIZE + sizeof(u_long), - retlen); - free((char *)retdat); - } - /* slop for mk_priv stuff */ - *dat = (u_char *) malloc((unsigned) (retlen + KADM_VERSIZE + - sizeof(u_long) + 200)); - if ((*dat_len = krb_mk_priv(tmpdat, *dat, - (u_long) (retlen + KADM_VERSIZE + - sizeof(u_long)), - sess_sched, - ad.session, &server_parm.admin_addr, - &server_parm.recv_addr)) < 0) { - clr_cli_secrets(); - errpkt(dat, dat_len, KADM_NO_ENCRYPT); - return KADM_NO_ENCRYPT; - } - clr_cli_secrets(); - return KADM_SUCCESS; -} diff --git a/eBones/usr.sbin/kadmind/kadm_server.c b/eBones/usr.sbin/kadmind/kadm_server.c deleted file mode 100644 index c6cbc6a..0000000 --- a/eBones/usr.sbin/kadmind/kadm_server.c +++ /dev/null @@ -1,167 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * Copyright.MIT. - * - * Kerberos administration server-side subroutines - */ - -#if 0 -#ifndef lint -static char rcsid_kadm_server_c[] = -"Header: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_server.c,v 4.2 89/09/26 09:30:23 jtkohl Exp "; -#endif lint -#endif - -#include <string.h> -#include <kadm.h> -#include <kadm_err.h> -#include "kadm_server.h" - -/* -kadm_ser_cpw - the server side of the change_password routine - recieves : KTEXT, {key} - returns : CKSUM, RETCODE - acl : caller can change only own password - -Replaces the password (i.e. des key) of the caller with that specified in key. -Returns no actual data from the master server, since this is called by a user -*/ -int -kadm_ser_cpw(dat, len, ad, datout, outlen) -u_char *dat; -int len; -AUTH_DAT *ad; -u_char **datout; -int *outlen; -{ - unsigned long keylow, keyhigh; - des_cblock newkey; - int stvlen; - - /* take key off the stream, and change the database */ - - if ((stvlen = stv_long(dat, &keyhigh, 0, len)) < 0) - return(KADM_LENGTH_ERROR); - if (stv_long(dat, &keylow, stvlen, len) < 0) - return(KADM_LENGTH_ERROR); - - keylow = ntohl(keylow); - keyhigh = ntohl(keyhigh); - bcopy((char *)&keyhigh, (char *)(((long *)newkey) + 1), 4); - bcopy((char *)&keylow, (char *)newkey, 4); - *datout = 0; - *outlen = 0; - - return(kadm_change(ad->pname, ad->pinst, ad->prealm, newkey)); -} - -/* -kadm_ser_add - the server side of the add_entry routine - recieves : KTEXT, {values} - returns : CKSUM, RETCODE, {values} - acl : su, sms (as alloc) - -Adds and entry containing values to the database -returns the values of the entry, so if you leave certain fields blank you will - be able to determine the default values they are set to -*/ -int -kadm_ser_add(dat,len,ad, datout, outlen) -u_char *dat; -int len; -AUTH_DAT *ad; -u_char **datout; -int *outlen; -{ - Kadm_vals values, retvals; - int status; - - if ((status = stream_to_vals(dat, &values, len)) < 0) - return(KADM_LENGTH_ERROR); - if ((status = kadm_add_entry(ad->pname, ad->pinst, ad->prealm, - &values, &retvals)) == KADM_DATA) { - *outlen = vals_to_stream(&retvals,datout); - return KADM_SUCCESS; - } else { - *outlen = 0; - return status; - } -} - -/* -kadm_ser_mod - the server side of the mod_entry routine - recieves : KTEXT, {values, values} - returns : CKSUM, RETCODE, {values} - acl : su, sms (as register or dealloc) - -Modifies all entries corresponding to the first values so they match the - second values. -returns the values for the changed entries -*/ -int -kadm_ser_mod(dat,len,ad, datout, outlen) -u_char *dat; -int len; -AUTH_DAT *ad; -u_char **datout; -int *outlen; -{ - Kadm_vals vals1, vals2, retvals; - int wh; - int status; - - if ((wh = stream_to_vals(dat, &vals1, len)) < 0) - return KADM_LENGTH_ERROR; - if ((status = stream_to_vals(dat+wh,&vals2, len-wh)) < 0) - return KADM_LENGTH_ERROR; - if ((status = kadm_mod_entry(ad->pname, ad->pinst, ad->prealm, &vals1, - &vals2, &retvals)) == KADM_DATA) { - *outlen = vals_to_stream(&retvals,datout); - return KADM_SUCCESS; - } else { - *outlen = 0; - return status; - } -} - -/* -kadm_ser_get - recieves : KTEXT, {values, flags} - returns : CKSUM, RETCODE, {count, values, values, values} - acl : su - -gets the fields requested by flags from all entries matching values -returns this data for each matching recipient, after a count of how many such - matches there were -*/ -int -kadm_ser_get(dat,len,ad, datout, outlen) -u_char *dat; -int len; -AUTH_DAT *ad; -u_char **datout; -int *outlen; -{ - Kadm_vals values, retvals; - u_char fl[FLDSZ]; - int loop,wh; - int status; - - if ((wh = stream_to_vals(dat, &values, len)) < 0) - return KADM_LENGTH_ERROR; - if (wh + FLDSZ > len) - return KADM_LENGTH_ERROR; - for (loop=FLDSZ-1; loop>=0; loop--) - fl[loop] = dat[wh++]; - if ((status = kadm_get_entry(ad->pname, ad->pinst, ad->prealm, - &values, fl, &retvals)) == KADM_DATA) { - *outlen = vals_to_stream(&retvals,datout); - return KADM_SUCCESS; - } else { - *outlen = 0; - return status; - } -} - diff --git a/eBones/usr.sbin/kadmind/kadm_server.h b/eBones/usr.sbin/kadmind/kadm_server.h deleted file mode 100644 index 1708107..0000000 --- a/eBones/usr.sbin/kadmind/kadm_server.h +++ /dev/null @@ -1,70 +0,0 @@ -/* - * $Source: /usr/cvs/src/eBones/kadmind/kadm_server.h,v $ - * $Author: mark $ - * Header: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_server.h,v 4.1 89/12/21 17:46:51 jtkohl Exp - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * Copyright.MIT. - * - * Definitions for Kerberos administration server & client - */ - -#ifndef KADM_SERVER_DEFS -#define KADM_SERVER_DEFS - -/* - * kadm_server.h - * Header file for the fourth attempt at an admin server - * Doug Church, December 28, 1989, MIT Project Athena - * ps. Yes that means this code belongs to athena etc... - * as part of our ongoing attempt to copyright all greek names - */ - -#include <sys/types.h> -#include <krb.h> -#include <des.h> - -typedef struct { - struct sockaddr_in admin_addr; - struct sockaddr_in recv_addr; - int recv_addr_len; - int admin_fd; /* our link to clients */ - char sname[ANAME_SZ]; - char sinst[INST_SZ]; - char krbrlm[REALM_SZ]; - C_Block master_key; - C_Block session_key; - Key_schedule master_key_schedule; - long master_key_version; -} Kadm_Server; - -/* the default syslog file */ -#define KADM_SYSLOG "/var/log/kadmind.syslog" - -#define DEFAULT_ACL_DIR "/etc/kerberosIV" -#define ADD_ACL_FILE "/admin_acl.add" -#define GET_ACL_FILE "/admin_acl.get" -#define MOD_ACL_FILE "/admin_acl.mod" - -int kadm_ser_in(unsigned char **dat, int *dat_len); -int kadm_ser_init(int inter, char realm[]); -int kadm_ser_cpw(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, - int *outlen); -int kadm_ser_add(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, - int *outlen); -int kadm_ser_mod(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, - int *outlen); -int kadm_ser_get(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, - int *outlen); -int kadm_change (char *rname, char *rinstance, char *rrealm, - des_cblock newpw); -int kadm_add_entry(char *rname, char *rinstance, char *rrealm, - Kadm_vals *valsin, Kadm_vals *valsout); -int kadm_mod_entry(char *rname, char *rinstance, char *rrealm, - Kadm_vals *valsin1, Kadm_vals *valsin2, Kadm_vals *valsout); -int kadm_get_entry(char *rname, char *rinstance, char *rrealm, - Kadm_vals *valsin, u_char *flags, Kadm_vals *valsout); - -#endif KADM_SERVER_DEFS diff --git a/eBones/usr.sbin/kadmind/kadmind.8 b/eBones/usr.sbin/kadmind/kadmind.8 deleted file mode 100644 index 4978915..0000000 --- a/eBones/usr.sbin/kadmind/kadmind.8 +++ /dev/null @@ -1,117 +0,0 @@ -.\" from: kadmind.8,v 4.1 89/07/25 17:28:33 jtkohl Exp $ -.\" $Id$ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <Copyright.MIT>. -.\" -.TH KADMIND 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kadmind \- network daemon for Kerberos database administration -.SH SYNOPSIS -.B kadmind -[ -.B \-n -] [ -.B \-h -] [ -.B \-r realm -] [ -.B \-f filename -] [ -.B \-d dbname -] [ -.B \-a acldir -] -.SH DESCRIPTION -.I kadmind -is the network database server for the Kerberos password-changing and -administration tools. -.PP -Upon execution, it prompts the user to enter the master key string for -the database. -.PP -If the -.B \-n -option is specified, the master key is instead fetched from the master -key cache file. -.PP -If the -.B \-r -.I realm -option is specified, the admin server will pretend that its -local realm is -.I realm -instead of the actual local realm of the host it is running on. -This makes it possible to run a server for a foreign kerberos -realm. -.PP -If the -.B \-f -.I filename -option is specified, then that file is used to hold the log information -instead of the default. -.PP -If the -.B \-d -.I dbname -option is specified, then that file is used as the database name instead -of the default. -.PP -If the -.B \-a -.I acldir -option is specified, then -.I acldir -is used as the directory in which to search for access control lists -instead of the default. -.PP -If the -.B \-h -option is specified, -.I kadmind -prints out a short summary of the permissible control arguments, and -then exits. -.PP -When performing requests on behalf of clients, -.I kadmind -checks access control lists (ACLs) to determine the authorization of the client -to perform the requested action. -Currently three distinct access types are supported: -.TP 1i -Addition -(.add ACL file). If a principal is on this list, it may add new -principals to the database. -.TP -Retrieval -(.get ACL file). If a principal is on this list, it may retrieve -database entries. NOTE: A principal's private key is never returned by -the get functions. -.TP -Modification -(.mod ACL file). If a principal is on this list, it may modify entries -in the database. -.PP -A principal is always granted authorization to change its own password. -.SH FILES -.TP 20n -/var/log/kadmind.syslog -Default log file. -.TP -/etc/kerberosIV/admin_acl.{add,get,mod} -Access control list files -.TP -/etc/kerberosIV/principal.db -DBM file containing database -.TP -/etc/kerberosIV/principal.ok -Semaphore indicating that the DBM database is not being modified. -.TP -/etc/kerberosIV/master_key -Master key cache file. -.SH "SEE ALSO" -kerberos(1), kpasswd(1), kadmin(8), acl_check(3) -.SH AUTHORS -Douglas A. Church, MIT Project Athena -.br -John T. Kohl, Project Athena/Digital Equipment Corporation diff --git a/eBones/usr.sbin/kdb_destroy/Makefile b/eBones/usr.sbin/kdb_destroy/Makefile deleted file mode 100644 index 50a411f..0000000 --- a/eBones/usr.sbin/kdb_destroy/Makefile +++ /dev/null @@ -1,8 +0,0 @@ -# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id$ - -PROG= kdb_destroy -CFLAGS+=-DKERBEROS -DDEBUG -MAN8= kdb_destroy.8 - -.include <bsd.prog.mk> diff --git a/eBones/usr.sbin/kdb_destroy/kdb_destroy.8 b/eBones/usr.sbin/kdb_destroy/kdb_destroy.8 deleted file mode 100644 index dce45b6a..0000000 --- a/eBones/usr.sbin/kdb_destroy/kdb_destroy.8 +++ /dev/null @@ -1,36 +0,0 @@ -.\" from: kdb_destroy.8,v 4.1 89/01/23 11:08:02 jtkohl Exp $ -.\" $Id$ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <Copyright.MIT>. -.\" -.TH KDB_DESTROY 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kdb_destroy \- destroy Kerberos key distribution center database -.SH SYNOPSIS -kdb_destroy -.SH DESCRIPTION -.I kdb_destroy -deletes a Kerberos key distribution center database. -.PP -The user is prompted to verify that the database should be destroyed. A -response beginning with `y' or `Y' confirms deletion. -Any other response aborts deletion. -.SH DIAGNOSTICS -.TP 20n -"Database cannot be deleted at /kerberos/principal" -The attempt to delete the database failed (probably due to a system or -access permission error). -.TP -"Database not deleted." -The user aborted the deletion. -.SH FILES -.TP 20n -/etc/kerberosIV/principal.db -DBM file containing database -.TP -/etc/kerberosIV/principal.ok -Semaphore indicating that the DBM database is not being modified. -.SH SEE ALSO -kdb_init(8) diff --git a/eBones/usr.sbin/kdb_destroy/kdb_destroy.c b/eBones/usr.sbin/kdb_destroy/kdb_destroy.c deleted file mode 100644 index eb98c94..0000000 --- a/eBones/usr.sbin/kdb_destroy/kdb_destroy.c +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * <Copyright.MIT>. - * - * from: kdb_destroy.c,v 4.0 89/01/24 21:49:02 jtkohl Exp $ - * $Id$ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id$"; -#endif lint -#endif - -#include <unistd.h> -#include <strings.h> -#include <stdio.h> -#include <krb.h> -#include <krb_db.h> - -#if defined(__FreeBSD__) || defined(__NetBSD__) -#define _DBM_ -#endif - -void -main() -{ - char answer[10]; /* user input */ -#ifdef _DBM_ - char dbm[256]; /* database path and name */ - char *file; /* database file names */ -#else - char dbm[256]; /* database path and name */ - char dbm1[256]; /* database path and name */ - char *file1, *file2; /* database file names */ -#endif - - strcpy(dbm, DBM_FILE); -#ifdef _DBM_ - file = strcat(dbm, ".db"); -#else - strcpy(dbm1, DBM_FILE); - file1 = strcat(dbm, ".dir"); - file2 = strcat(dbm1, ".pag"); -#endif - - printf("You are about to destroy the Kerberos database "); - printf("on this machine.\n"); - printf("Are you sure you want to do this (y/n)? "); - fgets(answer, sizeof(answer), stdin); - - if (answer[0] == 'y' || answer[0] == 'Y') { -#ifdef _DBM_ - if (unlink(file) == 0) -#else - if (unlink(file1) == 0 && unlink(file2) == 0) -#endif - fprintf(stderr, "Database deleted at %s\n", DBM_FILE); - else - fprintf(stderr, "Database cannot be deleted at %s\n", - DBM_FILE); - } else - fprintf(stderr, "Database not deleted.\n"); -} diff --git a/eBones/usr.sbin/kdb_edit/Makefile b/eBones/usr.sbin/kdb_edit/Makefile deleted file mode 100644 index 98aeac5..0000000 --- a/eBones/usr.sbin/kdb_edit/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# From: @(#)Makefile 5.2 (Berkeley) 2/14/91 -# $Id$ - -PROG= kdb_edit -CFLAGS+=-DKERBEROS -DDEBUG -I. -SRCS= kdb_edit.c maketime.c -DPADD= ${LIBKDB} ${LIBKRB} ${LIBDES} -LDADD= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes -MAN8= kdb_edit.8 - -.include <bsd.prog.mk> diff --git a/eBones/usr.sbin/kdb_edit/kdb_edit.8 b/eBones/usr.sbin/kdb_edit/kdb_edit.8 deleted file mode 100644 index adba31f..0000000 --- a/eBones/usr.sbin/kdb_edit/kdb_edit.8 +++ /dev/null @@ -1,58 +0,0 @@ -.\" from: kdb_edit.8,v 4.1 89/01/23 11:08:55 jtkohl Exp $ -.\" $Id$ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <Copyright.MIT>. -.\" -.TH KDB_EDIT 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kdb_edit \- Kerberos key distribution center database editing utility -.SH SYNOPSIS -kdb_edit [ -.B \-n -] -.SH DESCRIPTION -.I kdb_edit -is used to create or change principals stored in the Kerberos key -distribution center (KDC) database. -.PP -When executed, -.I kdb_edit -prompts for the master key string and verifies that it matches the -master key stored in the database. -If the -.B \-n -option is specified, the master key is instead fetched from the master -key cache file. -.PP -Once the master key has been verified, -.I kdb_edit -begins a prompt loop. The user is prompted for the principal and -instance to be modified. If the entry is not found the user may create -it. -Once an entry is found or created, the user may set the password, -expiration date, maximum ticket lifetime, and attributes. -Default expiration dates, maximum ticket lifetimes, and attributes are -presented in brackets; if the user presses return the default is selected. -There is no default password. -The password "RANDOM" and an empty password are interpreted specially, -if entered the user may have the program select a random DES key for the -principal. -.PP -Upon successfully creating or changing the entry, ``Edit O.K.'' is -printed. -.SH DIAGNOSTICS -.TP 20n -"verify_master_key: Invalid master key, does not match database." -The master key string entered was incorrect. -.SH FILES -.TP 20n -/etc/kerberosIV/principal.db -DBM file containing database -.TP -/etc/kerberosIV/principal.ok -Semaphore indicating that the DBM database is not being modified. -.TP -/etc/kerberosIV/master_key -Master key cache file. diff --git a/eBones/usr.sbin/kdb_edit/kdb_edit.c b/eBones/usr.sbin/kdb_edit/kdb_edit.c deleted file mode 100644 index 18b36da..0000000 --- a/eBones/usr.sbin/kdb_edit/kdb_edit.c +++ /dev/null @@ -1,480 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * <Copyright.MIT>. - * - * This routine changes the Kerberos encryption keys for principals, - * i.e., users or services. - * - * from: kdb_edit.c,v 4.2 90/01/09 16:05:09 raeburn Exp $ - * $Id$ - */ - -/* - * exit returns 0 ==> success -1 ==> error - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id$"; -#endif lint -#endif - -#include <stdio.h> -#include <signal.h> -#include <errno.h> -#include <strings.h> -#include <sys/ioctl.h> -#include <sys/file.h> -#include "time.h" -#include <des.h> -#include <krb.h> -#include <krb_db.h> -/* MKEYFILE is now defined in kdc.h */ -#include <kdc.h> - -void Usage(void); -void cleanup(void); -void sig_exit(int sig, int code, struct sigcontext *scp); -void no_core_dumps(void); -int change_principal(void); - -#define zaptime(foo) bzero((char *)(foo), sizeof(*(foo))) - -char prog[32]; -char *progname = prog; -int nflag = 0; -int cflag; -int lflag; -int uflag; -int debug; -extern kerb_debug; - -Key_schedule KS; -C_Block new_key; -unsigned char *input; - -unsigned char *ivec; -int i, j; -int more; - -char *in_ptr; -char input_name[ANAME_SZ]; -char input_instance[INST_SZ]; -char input_string[ANAME_SZ]; - -#define MAX_PRINCIPAL 10 -Principal principal_data[MAX_PRINCIPAL]; - -static Principal old_principal; -static Principal default_princ; - -static C_Block master_key; -static C_Block session_key; -static Key_schedule master_key_schedule; -static char pw_str[255]; -static long master_key_version; - -/* - * gets replacement - */ -static char * s_gets(char * str, int len) -{ - int i; - char *s; - - if((s = fgets(str, len, stdin)) == NULL) - return(s); - if(str[i = (strlen(str)-1)] == '\n') - str[i] = '\0'; - return(s); -} - -int -main(argc, argv) - int argc; - char *argv[]; - -{ - /* Local Declarations */ - - long n; - - prog[sizeof prog - 1] = '\0'; /* make sure terminated */ - strncpy(prog, argv[0], sizeof prog - 1); /* salt away invoking - * program */ - - /* Assume a long is four bytes */ - if (sizeof(long) != 4) { - fprintf(stdout, "%s: size of long is %d.\n", prog, sizeof(long)); - exit(-1); - } - /* Assume <=32 signals */ - if (NSIG > 32) { - fprintf(stderr, "%s: more than 32 signals defined.\n", prog); - exit(-1); - } - while (--argc > 0 && (*++argv)[0] == '-') - for (i = 1; argv[0][i] != '\0'; i++) { - switch (argv[0][i]) { - - /* debug flag */ - case 'd': - debug = 1; - continue; - - /* debug flag */ - case 'l': - kerb_debug |= 1; - continue; - - case 'n': /* read MKEYFILE for master key */ - nflag = 1; - continue; - - default: - fprintf(stderr, "%s: illegal flag \"%c\"\n", - progname, argv[0][i]); - Usage(); /* Give message and die */ - } - }; - - fprintf(stdout, "Opening database...\n"); - fflush(stdout); - kerb_init(); - if (argc > 0) { - if (kerb_db_set_name(*argv) != 0) { - fprintf(stderr, "Could not open altername database name\n"); - exit(1); - } - } - -#ifdef notdef - no_core_dumps(); /* diddle signals to avoid core dumps! */ - - /* ignore whatever is reasonable */ - signal(SIGHUP, SIG_IGN); - signal(SIGINT, SIG_IGN); - signal(SIGTSTP, SIG_IGN); - -#endif - - if (kdb_get_master_key ((nflag == 0), - master_key, master_key_schedule) != 0) { - fprintf (stdout, "Couldn't read master key.\n"); - fflush (stdout); - exit (-1); - } - - if ((master_key_version = kdb_verify_master_key(master_key, - master_key_schedule, - stdout)) < 0) - exit (-1); - - des_init_random_number_generator(master_key); - - /* lookup the default values */ - n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, - &default_princ, 1, &more); - if (n != 1) { - fprintf(stderr, - "%s: Kerberos error on default value lookup, %ld found.\n", - progname, n); - exit(-1); - } - fprintf(stdout, "Previous or default values are in [brackets] ,\n"); - fprintf(stdout, "enter return to leave the same, or new value.\n"); - - while (change_principal()) { - } - - cleanup(); - return(0); /* make -Wall shut up - MRVM */ -} - -int -change_principal() -{ - static char temp[255]; - int creating = 0; - int editpw = 0; - int changed = 0; - long temp_long; - int n; - struct tm *tp, edate, *localtime(); - long maketime(); - - fprintf(stdout, "\nPrincipal name: "); - fflush(stdout); - if (!s_gets(input_name, ANAME_SZ-1) || *input_name == '\0') - return 0; - fprintf(stdout, "Instance: "); - fflush(stdout); - /* instance can be null */ - s_gets(input_instance, INST_SZ-1); - j = kerb_get_principal(input_name, input_instance, principal_data, - MAX_PRINCIPAL, &more); - if (!j) { - fprintf(stdout, "\n\07\07<Not found>, Create [y] ? "); - s_gets(temp, sizeof(temp)-1); /* Default case should work, it didn't */ - if (temp[0] != 'y' && temp[0] != 'Y' && temp[0] != '\0') - return -1; - /* make a new principal, fill in defaults */ - j = 1; - creating = 1; - strcpy(principal_data[0].name, input_name); - strcpy(principal_data[0].instance, input_instance); - principal_data[0].old = NULL; - principal_data[0].exp_date = default_princ.exp_date; - principal_data[0].max_life = default_princ.max_life; - principal_data[0].attributes = default_princ.attributes; - principal_data[0].kdc_key_ver = (unsigned char) master_key_version; - principal_data[0].key_version = 0; /* bumped up later */ - } - tp = localtime(&principal_data[0].exp_date); - (void) sprintf(principal_data[0].exp_date_txt, "%4d-%02d-%02d", - tp->tm_year > 1900 ? tp->tm_year : tp->tm_year + 1900, - tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */ - for (i = 0; i < j; i++) { - for (;;) { - fprintf(stdout, - "\nPrincipal: %s, Instance: %s, kdc_key_ver: %d", - principal_data[i].name, principal_data[i].instance, - principal_data[i].kdc_key_ver); - fflush(stdout); - editpw = 1; - changed = 0; - if (!creating) { - /* - * copy the existing data so we can use the old values - * for the qualifier clause of the replace - */ - principal_data[i].old = (char *) &old_principal; - bcopy(&principal_data[i], &old_principal, - sizeof(old_principal)); - printf("\nChange password [n] ? "); - s_gets(temp, sizeof(temp)-1); - if (strcmp("y", temp) && strcmp("Y", temp)) - editpw = 0; - } - /* password */ - if (editpw) { -#ifdef NOENCRYPTION - placebo_read_pw_string(pw_str, sizeof pw_str, - "\nNew Password: ", TRUE); -#else - des_read_pw_string(pw_str, sizeof pw_str, - "\nNew Password: ", TRUE); -#endif - if (pw_str[0] == '\0' || !strcmp(pw_str, "RANDOM")) { - printf("\nRandom password [y] ? "); - s_gets(temp, sizeof(temp)-1); - if (!strcmp("n", temp) || !strcmp("N", temp)) { - /* no, use literal */ -#ifdef NOENCRYPTION - bzero(new_key, sizeof(C_Block)); - new_key[0] = 127; -#else - string_to_key(pw_str, &new_key); -#endif - bzero(pw_str, sizeof pw_str); /* "RANDOM" */ - } else { -#ifdef NOENCRYPTION - bzero(new_key, sizeof(C_Block)); - new_key[0] = 127; -#else - des_new_random_key(new_key); /* yes, random */ -#endif - bzero(pw_str, sizeof pw_str); - } - } else if (!strcmp(pw_str, "NULL")) { - printf("\nNull Key [y] ? "); - s_gets(temp, sizeof(temp)-1); - if (!strcmp("n", temp) || !strcmp("N", temp)) { - /* no, use literal */ -#ifdef NOENCRYPTION - bzero(new_key, sizeof(C_Block)); - new_key[0] = 127; -#else - string_to_key(pw_str, &new_key); -#endif - bzero(pw_str, sizeof pw_str); /* "NULL" */ - } else { - - principal_data[i].key_low = 0; - principal_data[i].key_high = 0; - goto null_key; - } - } else { -#ifdef NOENCRYPTION - bzero(new_key, sizeof(C_Block)); - new_key[0] = 127; -#else - string_to_key(pw_str, &new_key); -#endif - bzero(pw_str, sizeof pw_str); - } - - /* seal it under the kerberos master key */ - kdb_encrypt_key (new_key, new_key, - master_key, master_key_schedule, - ENCRYPT); - bcopy(new_key, &principal_data[i].key_low, 4); - bcopy(((long *) new_key) + 1, - &principal_data[i].key_high, 4); - bzero(new_key, sizeof(new_key)); - null_key: - /* set master key version */ - principal_data[i].kdc_key_ver = - (unsigned char) master_key_version; - /* bump key version # */ - principal_data[i].key_version++; - fprintf(stdout, - "\nPrincipal's new key version = %d\n", - principal_data[i].key_version); - fflush(stdout); - changed = 1; - } - /* expiration date */ - fprintf(stdout, "Expiration date (enter yyyy-mm-dd) [ %s ] ? ", - principal_data[i].exp_date_txt); - zaptime(&edate); - while (s_gets(temp, sizeof(temp)-1) && ((n = strlen(temp)) > - sizeof(principal_data[0].exp_date_txt))) { - bad_date: - fprintf(stdout, "\07\07Date Invalid\n"); - fprintf(stdout, - "Expiration date (enter yyyy-mm-dd) [ %s ] ? ", - principal_data[i].exp_date_txt); - zaptime(&edate); - } - - if (*temp) { - if (sscanf(temp, "%d-%d-%d", &edate.tm_year, - &edate.tm_mon, &edate.tm_mday) != 3) - goto bad_date; - (void) strcpy(principal_data[i].exp_date_txt, temp); - edate.tm_mon--; /* January is 0, not 1 */ - edate.tm_hour = 23; /* nearly midnight at the end of the */ - edate.tm_min = 59; /* specified day */ - if (!(principal_data[i].exp_date = maketime(&edate, 1))) - goto bad_date; - changed = 1; - } - - /* maximum lifetime */ - fprintf(stdout, "Max ticket lifetime (*5 minutes) [ %d ] ? ", - principal_data[i].max_life); - while (s_gets(temp, sizeof(temp)-1) && *temp) { - if (sscanf(temp, "%ld", &temp_long) != 1) - goto bad_life; - if (temp_long > 255 || (temp_long < 0)) { - bad_life: - fprintf(stdout, "\07\07Invalid, choose 0-255\n"); - fprintf(stdout, - "Max ticket lifetime (*5 minutes) [ %d ] ? ", - principal_data[i].max_life); - continue; - } - changed = 1; - /* dont clobber */ - principal_data[i].max_life = (unsigned short) temp_long; - break; - } - - /* attributes */ - fprintf(stdout, "Attributes [ %d ] ? ", - principal_data[i].attributes); - while (s_gets(temp, sizeof(temp)-1) && *temp) { - if (sscanf(temp, "%ld", &temp_long) != 1) - goto bad_att; - if (temp_long > 65535 || (temp_long < 0)) { - bad_att: - fprintf(stdout, "\07\07Invalid, choose 0-65535\n"); - fprintf(stdout, "Attributes [ %d ] ? ", - principal_data[i].attributes); - continue; - } - changed = 1; - /* dont clobber */ - principal_data[i].attributes = - (unsigned short) temp_long; - break; - } - - /* - * remaining fields -- key versions and mod info, should - * not be directly manipulated - */ - if (changed) { - if (kerb_put_principal(&principal_data[i], 1)) { - fprintf(stdout, - "\nError updating Kerberos database"); - } else { - fprintf(stdout, "Edit O.K."); - } - } else { - fprintf(stdout, "Unchanged"); - } - - - bzero(&principal_data[i].key_low, 4); - bzero(&principal_data[i].key_high, 4); - fflush(stdout); - break; - } - } - if (more) { - fprintf(stdout, "\nThere were more tuples found "); - fprintf(stdout, "than there were space for"); - } - return 1; -} - -void -no_core_dumps() -{ - - signal(SIGQUIT, (sig_t)sig_exit); - signal(SIGILL, (sig_t)sig_exit); - signal(SIGTRAP, (sig_t)sig_exit); - signal(SIGIOT, (sig_t)sig_exit); - signal(SIGEMT, (sig_t)sig_exit); - signal(SIGFPE, (sig_t)sig_exit); - signal(SIGBUS, (sig_t)sig_exit); - signal(SIGSEGV, (sig_t)sig_exit); - signal(SIGSYS, (sig_t)sig_exit); -} - -void -sig_exit(sig, code, scp) - int sig, code; - struct sigcontext *scp; -{ - cleanup(); - fprintf(stderr, - "\nSignal caught, sig = %d code = %d old pc = 0x%X \nexiting", - sig, code, scp->sc_pc); - exit(-1); -} - -void -cleanup() -{ - - bzero(master_key, sizeof(master_key)); - bzero(session_key, sizeof(session_key)); - bzero(master_key_schedule, sizeof(master_key_schedule)); - bzero(principal_data, sizeof(principal_data)); - bzero(new_key, sizeof(new_key)); - bzero(pw_str, sizeof(pw_str)); -} - -void -Usage() -{ - fprintf(stderr, "Usage: %s [-n]\n", progname); - exit(1); -} diff --git a/eBones/usr.sbin/kdb_edit/maketime.c b/eBones/usr.sbin/kdb_edit/maketime.c deleted file mode 100644 index 2c3a357..0000000 --- a/eBones/usr.sbin/kdb_edit/maketime.c +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright 1990 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * <Copyright.MIT>. - * - * Convert a struct tm * to a UNIX time. - * - * from: maketime.c,v 4.2 90/01/09 15:54:51 raeburn Exp $ - * $Id$ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: maketime.c,v 1.1 1994/03/21 16:23:54 piero Exp "; -#endif lint -#endif - -#include <sys/time.h> - -#define daysinyear(y) (((y) % 4) ? 365 : (((y) % 100) ? 366 : (((y) % 400) ? 365 : 366))) - -#define SECSPERDAY 24*60*60 -#define SECSPERHOUR 60*60 -#define SECSPERMIN 60 - -static int cumdays[] = { 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, - 365}; - -static int leapyear[] = {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}; -static int nonleapyear[] = {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}; - -long -maketime(tp, local) -register struct tm *tp; -int local; -{ - register long retval; - int foo; - int *marray; - - if (tp->tm_mon < 0 || tp->tm_mon > 11 || - tp->tm_hour < 0 || tp->tm_hour > 23 || - tp->tm_min < 0 || tp->tm_min > 59 || - tp->tm_sec < 0 || tp->tm_sec > 59) /* out of range */ - return 0; - - retval = 0; - if (tp->tm_year < 1900) - foo = tp->tm_year + 1900; - else - foo = tp->tm_year; - - if (foo < 1901 || foo > 2038) /* year is too small/large */ - return 0; - - if (daysinyear(foo) == 366) { - if (tp->tm_mon > 1) - retval+= SECSPERDAY; /* add leap day */ - marray = leapyear; - } else - marray = nonleapyear; - - if (tp->tm_mday < 0 || tp->tm_mday > marray[tp->tm_mon]) - return 0; /* out of range */ - - while (--foo >= 1970) - retval += daysinyear(foo) * SECSPERDAY; - - retval += cumdays[tp->tm_mon] * SECSPERDAY; - retval += (tp->tm_mday-1) * SECSPERDAY; - retval += tp->tm_hour * SECSPERHOUR + tp->tm_min * SECSPERMIN + tp->tm_sec; - - if (local) { - /* need to use local time, so we retrieve timezone info */ - struct timezone tz; - struct timeval tv; - if (gettimeofday(&tv, &tz) < 0) { - /* some error--give up? */ - return(retval); - } - retval += tz.tz_minuteswest * SECSPERMIN; - } - return(retval); -} diff --git a/eBones/usr.sbin/kdb_edit/time.h b/eBones/usr.sbin/kdb_edit/time.h deleted file mode 100644 index 42b29c1..0000000 --- a/eBones/usr.sbin/kdb_edit/time.h +++ /dev/null @@ -1,45 +0,0 @@ -/* Structure for use by time manipulating subroutines. - * The following library routines use it: - * libc: ctime, localtime, gmtime, asctime - * libcx: partime, maketime (may not be installed yet) - */ - -/* - * from: time.h,v 1.1 82/05/06 11:34:29 wft Exp $ - * $Id$ - */ - -struct tm { /* See defines below for allowable ranges */ - int tm_sec; - int tm_min; - int tm_hour; - int tm_mday; - int tm_mon; - int tm_year; - int tm_wday; - int tm_yday; - int tm_isdst; - int tm_zon; /* NEW: mins westward of Greenwich */ - int tm_ampm; /* NEW: 1 if AM, 2 if PM */ -}; - -#define LCLZONE (5*60) /* Until V7 ftime(2) works, this defines local zone*/ -#define TMNULL (-1) /* Items not specified are given this value - * in order to distinguish null specs from zero - * specs. This is only used by partime and - * maketime. */ - - /* Indices into TM structure */ -#define TM_SEC 0 /* 0-59 */ -#define TM_MIN 1 /* 0-59 */ -#define TM_HOUR 2 /* 0-23 */ -#define TM_MDAY 3 /* 1-31 day of month */ -#define TM_DAY TM_MDAY /* " synonym */ -#define TM_MON 4 /* 0-11 */ -#define TM_YEAR 5 /* (year-1900) (year) */ -#define TM_WDAY 6 /* 0-6 day of week (0 = Sunday) */ -#define TM_YDAY 7 /* 0-365 day of year */ -#define TM_ISDST 8 /* 0 Std, 1 DST */ - /* New stuff */ -#define TM_ZON 9 /* 0-(24*60) minutes west of Greenwich */ -#define TM_AMPM 10 /* 1 AM, 2 PM */ diff --git a/eBones/usr.sbin/kdb_init/Makefile b/eBones/usr.sbin/kdb_init/Makefile deleted file mode 100644 index 17336d7..0000000 --- a/eBones/usr.sbin/kdb_init/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id$ - -PROG= kdb_init -CFLAGS+=-DKERBEROS -DDEBUG -DPADD= ${LIBKDB} ${LIBKRB} ${LIBDES} -LDADD= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes -MAN8= kdb_init.8 - -.include <bsd.prog.mk> diff --git a/eBones/usr.sbin/kdb_init/kdb_init.8 b/eBones/usr.sbin/kdb_init/kdb_init.8 deleted file mode 100644 index 542ccd5..0000000 --- a/eBones/usr.sbin/kdb_init/kdb_init.8 +++ /dev/null @@ -1,45 +0,0 @@ -.\" from: kdb_init.8,v 4.1 89/01/23 11:09:02 jtkohl Exp $ -.\" $Id$ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <Copyright.MIT>. -.\" -.TH KDB_INIT 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kdb_init \- Initialize Kerberos key distribution center database -.SH SYNOPSIS -kdb_init [ -.B realm -] -.SH DESCRIPTION -.I kdb_init -initializes a Kerberos key distribution center database, creating the -necessary principals. -.PP -If the optional -.I realm -argument is not present, -.I kdb_init -prompts for a realm name (defaulting to the definition in -/usr/include/kerberosIV/krb.h). -After determining the realm to be created, it prompts for -a master key password. The master key password is used to encrypt -every encryption key stored in the database. -.SH DIAGNOSTICS -.TP 20n -"/etc/kerberosIV/principal: File exists" -An attempt was made to create a database on a machine which already had -an existing database. -.SH FILES -.TP 20n -/etc/kerberosIV/principal.db -DBM file containing database -.TP -/etc/kerberosIV/principal.ok -Semaphore indicating that the DBM database is not being modified. -.TP -/usr/include/kerberosIV/krb.h -Include file defining default realm -.SH SEE ALSO -kdb_destroy(8) diff --git a/eBones/usr.sbin/kdb_init/kdb_init.c b/eBones/usr.sbin/kdb_init/kdb_init.c deleted file mode 100644 index 7f9190a..0000000 --- a/eBones/usr.sbin/kdb_init/kdb_init.c +++ /dev/null @@ -1,181 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * <Copyright.MIT>. - * - * program to initialize the database, reports error if database file - * already exists. - * - * from: kdb_init.c,v 4.0 89/01/24 21:50:45 jtkohl Exp $ - * $Id$ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id$"; -#endif lint -#endif - -#include <stdio.h> -#include <sys/types.h> -#include <sys/file.h> -#include <sys/time.h> -#include <des.h> -#include <krb.h> -#include <krb_db.h> -#include <string.h> - -#define TRUE 1 - -enum ap_op { - NULL_KEY, /* setup null keys */ - MASTER_KEY, /* use master key as new key */ - RANDOM_KEY, /* choose a random key */ -}; - -int add_principal(char *name, char *instance, enum ap_op aap_op); - -int debug = 0; -char *progname; -C_Block master_key; -Key_schedule master_key_schedule; - -int -main(argc, argv) - int argc; - char *argv[]; -{ - char realm[REALM_SZ]; - char *cp; - int code; - char *database; - - progname = (cp = rindex(*argv, '/')) ? cp + 1 : *argv; - - if (argc > 3) { - fprintf(stderr, "Usage: %s [realm-name] [database-name]\n", argv[0]); - exit(1); - } - if (argc == 3) { - database = argv[2]; - --argc; - } else - database = DBM_FILE; - - /* Do this first, it'll fail if the database exists */ - if ((code = kerb_db_create(database)) != 0) { - fprintf(stderr, "Couldn't create database: %s\n", - sys_errlist[code]); - exit(1); - } - kerb_db_set_name(database); - - if (argc == 2) - strncpy(realm, argv[1], REALM_SZ); - else { - fprintf(stderr, "Realm name [default %s ]: ", KRB_REALM); - if (fgets(realm, sizeof(realm), stdin) == NULL) { - fprintf(stderr, "\nEOF reading realm\n"); - exit(1); - } - if ((cp = index(realm, '\n'))) - *cp = '\0'; - if (!*realm) /* no realm given */ - strcpy(realm, KRB_REALM); - } - if (!k_isrealm(realm)) { - fprintf(stderr, "%s: Bad kerberos realm name \"%s\"\n", - progname, realm); - exit(1); - } - printf("You will be prompted for the database Master Password.\n"); - printf("It is important that you NOT FORGET this password.\n"); - fflush(stdout); - - if (kdb_get_master_key (TRUE, master_key, master_key_schedule) != 0) { - fprintf (stderr, "Couldn't read master key.\n"); - exit (-1); - } - des_init_random_number_generator(master_key); - - if ( - add_principal(KERB_M_NAME, KERB_M_INST, MASTER_KEY) || - add_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, NULL_KEY) || - add_principal("krbtgt", realm, RANDOM_KEY) || - add_principal("changepw", KRB_MASTER, RANDOM_KEY) - ) { - fprintf(stderr, "\n%s: couldn't initialize database.\n", - progname); - exit(1); - } - - /* play it safe */ - bzero (master_key, sizeof (C_Block)); - bzero (master_key_schedule, sizeof (Key_schedule)); - exit(0); -} - -/* use a return code to indicate success or failure. check the return */ -/* values of the routines called by this routine. */ - -int -add_principal(name, instance, aap_op) - char *name, *instance; - enum ap_op aap_op; -{ - Principal principal; - struct tm *tm; - C_Block new_key; - - bzero(&principal, sizeof(principal)); - strncpy(principal.name, name, ANAME_SZ); - strncpy(principal.instance, instance, INST_SZ); - switch (aap_op) { - case NULL_KEY: - principal.key_low = 0; - principal.key_high = 0; - break; - case RANDOM_KEY: -#ifdef NOENCRYPTION - bzero(new_key, sizeof(C_Block)); - new_key[0] = 127; -#else - des_new_random_key(new_key); -#endif - kdb_encrypt_key (new_key, new_key, master_key, master_key_schedule, - ENCRYPT); - bcopy(new_key, &principal.key_low, 4); - bcopy(((long *) new_key) + 1, &principal.key_high, 4); - break; - case MASTER_KEY: - bcopy (master_key, new_key, sizeof (C_Block)); - kdb_encrypt_key (new_key, new_key, master_key, master_key_schedule, - ENCRYPT); - bcopy(new_key, &principal.key_low, 4); - bcopy(((long *) new_key) + 1, &principal.key_high, 4); - break; - } - principal.exp_date = 946702799; /* Happy new century */ - strncpy(principal.exp_date_txt, "12/31/99", DATE_SZ); - principal.mod_date = time(0); - - tm = localtime(&principal.mod_date); - principal.attributes = 0; - principal.max_life = 255; - - principal.kdc_key_ver = 1; - principal.key_version = 1; - - strncpy(principal.mod_name, "db_creation", ANAME_SZ); - strncpy(principal.mod_instance, "", INST_SZ); - principal.old = 0; - - kerb_db_put_principal(&principal, 1); - - /* let's play it safe */ - bzero (new_key, sizeof (C_Block)); - bzero (&principal.key_low, 4); - bzero (&principal.key_high, 4); - return 0; -} diff --git a/eBones/usr.sbin/kdb_util/Makefile b/eBones/usr.sbin/kdb_util/Makefile deleted file mode 100644 index 3128f59..0000000 --- a/eBones/usr.sbin/kdb_util/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -# From: @(#)Makefile 5.2 (Berkeley) 2/14/91 -# $Id$ - -PROG= kdb_util -CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../../kdb_edit -SRCS= kdb_util.c maketime.c -.PATH: ${.CURDIR}/../kdb_edit -DPADD= ${LIBKDB} ${LIBKRB} ${LIBDES} -LDADD= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes -MAN8= kdb_util.8 - -.include <bsd.prog.mk> diff --git a/eBones/usr.sbin/kdb_util/kdb_util.8 b/eBones/usr.sbin/kdb_util/kdb_util.8 deleted file mode 100644 index 5011b84..0000000 --- a/eBones/usr.sbin/kdb_util/kdb_util.8 +++ /dev/null @@ -1,64 +0,0 @@ -.\" from: kdb_util.8,v 4.1 89/01/23 11:09:11 jtkohl Exp $ -.\" $Id$ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <Copyright.MIT>. -.\" -.TH KDB_UTIL 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kdb_util \- Kerberos key distribution center database utility -.SH SYNOPSIS -kdb_util -.B operation filename -.SH DESCRIPTION -.I kdb_util -allows the Kerberos key distribution center (KDC) database administrator to -perform utility functions on the database. -.PP -.I Operation -must be one of the following: -.TP 10n -.I load -initializes the KDC database with the records described by the -text contained in the file -.IR filename . -Any existing database is overwritten. -.TP -.I dump -dumps the KDC database into a text representation in the file -.IR filename . -.TP -.I slave_dump -performs a database dump like the -.I dump -operation, and additionally creates a semaphore file signalling the -propagation software that an update is available for distribution to -slave KDC databases. -.TP -.I new_master_key -prompts for the old and new master key strings, and then dumps the KDC -database into a text representation in the file -.IR filename . -The keys in the text representation are encrypted in the new master key. -.TP -.I convert_old_db -prompts for the master key string, and then dumps the KDC database into -a text representation in the file -.IR filename . -The existing database is assumed to be encrypted using the old format -(encrypted by the key schedule of the master key); the dumped database -is encrypted using the new format (encrypted directly with master key). -.PP -.SH DIAGNOSTICS -.TP 20n -"verify_master_key: Invalid master key, does not match database." -The master key string entered was incorrect. -.SH FILES -.TP 20n -/etc/kerberosIV/principal.db -DBM file containing database -.TP -.IR filename .dump_ok -semaphore file created by -.IR slave_dump. diff --git a/eBones/usr.sbin/kdb_util/kdb_util.c b/eBones/usr.sbin/kdb_util/kdb_util.c deleted file mode 100644 index 0c0f85b..0000000 --- a/eBones/usr.sbin/kdb_util/kdb_util.c +++ /dev/null @@ -1,523 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * <Copyright.MIT>. - * - * Kerberos database manipulation utility. This program allows you to - * dump a kerberos database to an ascii readable file and load this - * file into the database. Read locking of the database is done during a - * dump operation. NO LOCKING is done during a load operation. Loads - * should happen with other processes shutdown. - * - * Written July 9, 1987 by Jeffrey I. Schiller - * - * from: kdb_util.c,v 4.4 90/01/09 15:57:20 raeburn Exp $ - * $Id$ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id$"; -#endif lint -#endif - -#include <errno.h> -#include <unistd.h> -#include <stdlib.h> -#include <stdio.h> -#include <sys/types.h> -#include <netinet/in.h> -#include <time.h> -#include <strings.h> -#include <des.h> -#include <krb.h> -#include <sys/file.h> -#include <krb_db.h> - -#define TRUE 1 - -Principal aprinc; - -static des_cblock master_key, new_master_key; -static des_key_schedule master_key_schedule, new_master_key_schedule; - -#define zaptime(foo) bzero((char *)(foo), sizeof(*(foo))) - -char * progname; - -void convert_old_format_db (char *db_file, FILE *out); -void convert_new_master_key (char *db_file, FILE *out); -void update_ok_file (char *file_name); -void print_time(FILE *file, unsigned long timeval); -void load_db (char *db_file, FILE *input_file); -int dump_db (char *db_file, FILE *output_file, void (*cv_key)()); - -int -main(argc, argv) - int argc; - char **argv; -{ - FILE *file; - enum { - OP_LOAD, - OP_DUMP, - OP_SLAVE_DUMP, - OP_NEW_MASTER, - OP_CONVERT_OLD_DB, - } op; - char *file_name; - char *prog = argv[0]; - char *db_name; - - progname = prog; - - if (argc != 3 && argc != 4) { - fprintf(stderr, "Usage: %s operation file-name [database name].\n", - argv[0]); - exit(1); - } - if (argc == 3) - db_name = DBM_FILE; - else - db_name = argv[3]; - - if (kerb_db_set_name (db_name) != 0) { - perror("Can't open database"); - exit(1); - } - - if (!strcmp(argv[1], "load")) - op = OP_LOAD; - else if (!strcmp(argv[1], "dump")) - op = OP_DUMP; - else if (!strcmp(argv[1], "slave_dump")) - op = OP_SLAVE_DUMP; - else if (!strcmp(argv[1], "new_master_key")) - op = OP_NEW_MASTER; - else if (!strcmp(argv[1], "convert_old_db")) - op = OP_CONVERT_OLD_DB; - else { - fprintf(stderr, - "%s: %s is an invalid operation.\n", prog, argv[1]); - fprintf(stderr, - "%s: Valid operations are \"dump\", \"slave_dump\",", argv[0]); - fprintf(stderr, - "\"load\", \"new_master_key\", and \"convert_old_db\".\n"); - exit(1); - } - - file_name = argv[2]; - file = fopen(file_name, op == OP_LOAD ? "r" : "w"); - if (file == NULL) { - fprintf(stderr, "%s: Unable to open %s\n", prog, argv[2]); - (void) fflush(stderr); - perror("open"); - exit(1); - } - - switch (op) { - case OP_DUMP: - if ((dump_db (db_name, file, (void (*)()) 0) == EOF) || - (fclose(file) == EOF)) { - fprintf(stderr, "error on file %s:", file_name); - perror(""); - exit(1); - } - break; - case OP_SLAVE_DUMP: - if ((dump_db (db_name, file, (void (*)()) 0) == EOF) || - (fclose(file) == EOF)) { - fprintf(stderr, "error on file %s:", file_name); - perror(""); - exit(1); - } - update_ok_file (file_name); - break; - case OP_LOAD: - load_db (db_name, file); - break; - case OP_NEW_MASTER: - convert_new_master_key (db_name, file); - printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name); - break; - case OP_CONVERT_OLD_DB: - convert_old_format_db (db_name, file); - printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name); - break; - } - exit(0); - } - -void -clear_secrets () -{ - bzero((char *)master_key, sizeof (des_cblock)); - bzero((char *)master_key_schedule, sizeof (Key_schedule)); - bzero((char *)new_master_key, sizeof (des_cblock)); - bzero((char *)new_master_key_schedule, sizeof (Key_schedule)); -} - -/* cv_key is a procedure which takes a principle and changes its key, - either for a new method of encrypting the keys, or a new master key. - if cv_key is null no transformation of key is done (other than net byte - order). */ - -struct callback_args { - void (*cv_key)(); - FILE *output_file; -}; - -static int dump_db_1(arg, principal) - char *arg; - Principal *principal; -{ /* replace null strings with "*" */ - struct callback_args *a = (struct callback_args *)arg; - - if (principal->instance[0] == '\0') { - principal->instance[0] = '*'; - principal->instance[1] = '\0'; - } - if (principal->mod_name[0] == '\0') { - principal->mod_name[0] = '*'; - principal->mod_name[1] = '\0'; - } - if (principal->mod_instance[0] == '\0') { - principal->mod_instance[0] = '*'; - principal->mod_instance[1] = '\0'; - } - if (a->cv_key != NULL) { - (*a->cv_key) (principal); - } - fprintf(a->output_file, "%s %s %d %d %d %d %lx %lx", - principal->name, - principal->instance, - principal->max_life, - principal->kdc_key_ver, - principal->key_version, - principal->attributes, - htonl (principal->key_low), - htonl (principal->key_high)); - print_time(a->output_file, principal->exp_date); - print_time(a->output_file, principal->mod_date); - fprintf(a->output_file, " %s %s\n", - principal->mod_name, - principal->mod_instance); - return 0; -} - -int -dump_db (db_file, output_file, cv_key) - char *db_file; - FILE *output_file; - void (*cv_key)(); -{ - struct callback_args a; - - a.cv_key = cv_key; - a.output_file = output_file; - - kerb_db_iterate (dump_db_1, (char *)&a); - return fflush(output_file); -} - -void -load_db (db_file, input_file) - char *db_file; - FILE *input_file; -{ - char exp_date_str[50]; - char mod_date_str[50]; - int temp1, temp2, temp3; - long time_explode(); - int code; - char *temp_db_file; - temp1 = strlen(db_file)+2; - temp_db_file = malloc (temp1); - strcpy(temp_db_file, db_file); - strcat(temp_db_file, "~"); - - /* Create the database */ - if ((code = kerb_db_create(temp_db_file)) != 0) { - fprintf(stderr, "Couldn't create temp database %s: %s\n", - temp_db_file, sys_errlist[code]); - exit(1); - } - kerb_db_set_name(temp_db_file); - for (;;) { /* explicit break on eof from fscanf */ - bzero((char *)&aprinc, sizeof(aprinc)); - if (fscanf(input_file, - "%s %s %d %d %d %hd %lx %lx %s %s %s %s\n", - aprinc.name, - aprinc.instance, - &temp1, - &temp2, - &temp3, - &aprinc.attributes, - &aprinc.key_low, - &aprinc.key_high, - exp_date_str, - mod_date_str, - aprinc.mod_name, - aprinc.mod_instance) == EOF) - break; - aprinc.key_low = ntohl (aprinc.key_low); - aprinc.key_high = ntohl (aprinc.key_high); - aprinc.max_life = (unsigned char) temp1; - aprinc.kdc_key_ver = (unsigned char) temp2; - aprinc.key_version = (unsigned char) temp3; - aprinc.exp_date = time_explode(exp_date_str); - aprinc.mod_date = time_explode(mod_date_str); - if (aprinc.instance[0] == '*') - aprinc.instance[0] = '\0'; - if (aprinc.mod_name[0] == '*') - aprinc.mod_name[0] = '\0'; - if (aprinc.mod_instance[0] == '*') - aprinc.mod_instance[0] = '\0'; - if (kerb_db_put_principal(&aprinc, 1) != 1) { - fprintf(stderr, "Couldn't store %s.%s: %s; load aborted\n", - aprinc.name, aprinc.instance, - sys_errlist[errno]); - exit(1); - }; - } - if ((code = kerb_db_rename(temp_db_file, db_file)) != 0) - perror("database rename failed"); - (void) fclose(input_file); - free(temp_db_file); -} - -void -print_time(file, timeval) - FILE *file; - unsigned long timeval; -{ - struct tm *tm; - struct tm *gmtime(); - tm = gmtime((long *)&timeval); - fprintf(file, " %04d%02d%02d%02d%02d", - tm->tm_year < 1900 ? tm->tm_year + 1900: tm->tm_year, - tm->tm_mon + 1, - tm->tm_mday, - tm->tm_hour, - tm->tm_min); -} - -/*ARGSUSED*/ -void -update_ok_file (file_name) - char *file_name; -{ - /* handle slave locking/failure stuff */ - char *file_ok; - int fd; - static char ok[]=".dump_ok"; - - if ((file_ok = (char *)malloc(strlen(file_name) + strlen(ok) + 1)) - == NULL) { - fprintf(stderr, "kdb_util: out of memory.\n"); - (void) fflush (stderr); - perror ("malloc"); - exit (1); - } - strcpy(file_ok, file_name); - strcat(file_ok, ok); - if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0400)) < 0) { - fprintf(stderr, "Error creating 'ok' file, '%s'", file_ok); - perror(""); - (void) fflush (stderr); - exit (1); - } - free(file_ok); - close(fd); -} - -void -convert_key_new_master (p) - Principal *p; -{ - des_cblock key; - - /* leave null keys alone */ - if ((p->key_low == 0) && (p->key_high == 0)) return; - - /* move current key to des_cblock for encryption, special case master key - since that's changing */ - if ((strncmp (p->name, KERB_M_NAME, ANAME_SZ) == 0) && - (strncmp (p->instance, KERB_M_INST, INST_SZ) == 0)) { - bcopy((char *)new_master_key, (char *) key, sizeof (des_cblock)); - (p->key_version)++; - } else { - bcopy((char *)&(p->key_low), (char *)key, 4); - bcopy((char *)&(p->key_high), (char *) (((long *) key) + 1), 4); - kdb_encrypt_key (key, key, master_key, master_key_schedule, DECRYPT); - } - - kdb_encrypt_key (key, key, new_master_key, new_master_key_schedule, ENCRYPT); - - bcopy((char *)key, (char *)&(p->key_low), 4); - bcopy((char *)(((long *) key) + 1), (char *)&(p->key_high), 4); - bzero((char *)key, sizeof (key)); /* a little paranoia ... */ - - (p->kdc_key_ver)++; -} - -void -convert_new_master_key (db_file, out) - char *db_file; - FILE *out; -{ - - printf ("\n\nEnter the CURRENT master key."); - if (kdb_get_master_key (TRUE, master_key, master_key_schedule) != 0) { - fprintf (stderr, "get_master_key: Couldn't get master key.\n"); - clear_secrets (); - exit (-1); - } - - if (kdb_verify_master_key (master_key, master_key_schedule, stderr) < 0) { - clear_secrets (); - exit (-1); - } - - printf ("\n\nNow enter the NEW master key. Do not forget it!!"); - if (kdb_get_master_key (TRUE, new_master_key, new_master_key_schedule) != 0) { - fprintf (stderr, "get_master_key: Couldn't get new master key.\n"); - clear_secrets (); - exit (-1); - } - - dump_db (db_file, out, convert_key_new_master); -} - -void -convert_key_old_db (p) - Principal *p; -{ - des_cblock key; - - /* leave null keys alone */ - if ((p->key_low == 0) && (p->key_high == 0)) return; - - bcopy((char *)&(p->key_low), (char *)key, 4); - bcopy((char *)&(p->key_high), (char *)(((long *) key) + 1), 4); - -#ifndef NOENCRYPTION - des_pcbc_encrypt((des_cblock *)key,(des_cblock *)key, - (long)sizeof(des_cblock),master_key_schedule, - (des_cblock *)master_key_schedule,DECRYPT); -#endif - - /* make new key, new style */ - kdb_encrypt_key (key, key, master_key, master_key_schedule, ENCRYPT); - - bcopy((char *)key, (char *)&(p->key_low), 4); - bcopy((char *)(((long *) key) + 1), (char *)&(p->key_high), 4); - bzero((char *)key, sizeof (key)); /* a little paranoia ... */ -} - -void -convert_old_format_db (db_file, out) - char *db_file; - FILE *out; -{ - des_cblock key_from_db; - Principal principal_data[1]; - int n, more; - - if (kdb_get_master_key (TRUE, master_key, master_key_schedule) != 0L) { - fprintf (stderr, "verify_master_key: Couldn't get master key.\n"); - clear_secrets(); - exit (-1); - } - - /* can't call kdb_verify_master_key because this is an old style db */ - /* lookup the master key version */ - n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data, - 1 /* only one please */, &more); - if ((n != 1) || more) { - fprintf(stderr, "verify_master_key: " - "Kerberos error on master key lookup, %d found.\n", - n); - exit (-1); - } - - /* set up the master key */ - fprintf(stderr, "Current Kerberos master key version is %d.\n", - principal_data[0].kdc_key_ver); - - /* - * now use the master key to decrypt (old style) the key in the db, had better - * be the same! - */ - bcopy((char *)&principal_data[0].key_low, (char *)key_from_db, 4); - bcopy((char *)&principal_data[0].key_high, - (char *)(((long *) key_from_db) + 1), 4); -#ifndef NOENCRYPTION - des_pcbc_encrypt((des_cblock *)key_from_db,(des_cblock *)key_from_db, - (long)sizeof(key_from_db),master_key_schedule, - (des_cblock *)master_key_schedule,DECRYPT); -#endif - /* the decrypted database key had better equal the master key */ - n = bcmp((char *) master_key, (char *) key_from_db, - sizeof(master_key)); - bzero((char *)key_from_db, sizeof(key_from_db)); - - if (n) { - fprintf(stderr, "\n\07\07verify_master_key: Invalid master key, "); - fprintf(stderr, "does not match database.\n"); - exit (-1); - } - - fprintf(stderr, "Master key verified.\n"); - (void) fflush(stderr); - - dump_db (db_file, out, convert_key_old_db); -} - -long -time_explode(cp) -register char *cp; -{ - char wbuf[5]; - struct tm tp; - long maketime(); - int local; - - zaptime(&tp); /* clear out the struct */ - - if (strlen(cp) > 10) { /* new format */ - (void) strncpy(wbuf, cp, 4); - wbuf[4] = 0; - tp.tm_year = atoi(wbuf); - cp += 4; /* step over the year */ - local = 0; /* GMT */ - } else { /* old format: local time, - year is 2 digits, assuming 19xx */ - wbuf[0] = *cp++; - wbuf[1] = *cp++; - wbuf[2] = 0; - tp.tm_year = 1900 + atoi(wbuf); - local = 1; /* local */ - } - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - wbuf[2] = 0; - tp.tm_mon = atoi(wbuf)-1; - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - tp.tm_mday = atoi(wbuf); - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - tp.tm_hour = atoi(wbuf); - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - tp.tm_min = atoi(wbuf); - - - return(maketime(&tp, local)); -} diff --git a/eBones/usr.sbin/kerberos/Makefile b/eBones/usr.sbin/kerberos/Makefile deleted file mode 100644 index a5d022f..0000000 --- a/eBones/usr.sbin/kerberos/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id$ - -PROG= kerberos -SRCS= kerberos.c cr_err_reply.c -CFLAGS+=-DKERBEROS -DDEBUG -DPADD= ${LIBKDB} ${LIBKRB} ${LIBDES} -LDADD= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes -NOMAN= noman - -.include <bsd.prog.mk> diff --git a/eBones/usr.sbin/kerberos/cr_err_reply.c b/eBones/usr.sbin/kerberos/cr_err_reply.c deleted file mode 100644 index 6055a0e..0000000 --- a/eBones/usr.sbin/kerberos/cr_err_reply.c +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * <Copyright.MIT>. - * - * from: cr_err_reply.c,v 4.10 89/01/10 11:34:42 steiner Exp $ - * $Id$ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id$"; -#endif /* lint */ -#endif - -#include <sys/types.h> -#include <krb.h> -#include <prot.h> -#include <strings.h> - -extern int req_act_vno; /* this is defined in the kerberos - * server code */ - -/* - * This routine is used by the Kerberos authentication server to - * create an error reply packet to send back to its client. - * - * It takes a pointer to the packet to be built, the name, instance, - * and realm of the principal, the client's timestamp, an error code - * and an error string as arguments. Its return value is undefined. - * - * The packet is built in the following format: - * - * type variable data - * or constant - * ---- ----------- ---- - * - * unsigned char req_ack_vno protocol version number - * - * unsigned char AUTH_MSG_ERR_REPLY protocol message type - * - * [least significant HOST_BYTE_ORDER sender's (server's) byte - * bit of above field] order - * - * string pname principal's name - * - * string pinst principal's instance - * - * string prealm principal's realm - * - * unsigned long time_ws client's timestamp - * - * unsigned long e error code - * - * string e_string error text - */ - -void -cr_err_reply(pkt,pname,pinst,prealm,time_ws,e,e_string) - KTEXT pkt; - char *pname; /* Principal's name */ - char *pinst; /* Principal's instance */ - char *prealm; /* Principal's authentication domain */ - u_long time_ws; /* Workstation time */ - u_long e; /* Error code */ - char *e_string; /* Text of error */ -{ - u_char *v = (u_char *) pkt->dat; /* Prot vers number */ - u_char *t = (u_char *)(pkt->dat+1); /* Prot message type */ - - /* Create fixed part of packet */ - *v = (unsigned char) req_act_vno; /* KRB_PROT_VERSION; */ - *t = (unsigned char) AUTH_MSG_ERR_REPLY; - *t |= HOST_BYTE_ORDER; - - /* Add the basic info */ - (void) strcpy((char *) (pkt->dat+2),pname); - pkt->length = 3 + strlen(pname); - (void) strcpy((char *)(pkt->dat+pkt->length),pinst); - pkt->length += 1 + strlen(pinst); - (void) strcpy((char *)(pkt->dat+pkt->length),prealm); - pkt->length += 1 + strlen(prealm); - /* ws timestamp */ - bcopy((char *) &time_ws,(char *)(pkt->dat+pkt->length),4); - pkt->length += 4; - /* err code */ - bcopy((char *) &e,(char *)(pkt->dat+pkt->length),4); - pkt->length += 4; - /* err text */ - (void) strcpy((char *)(pkt->dat+pkt->length),e_string); - pkt->length += 1 + strlen(e_string); - - /* And return */ - return; -} diff --git a/eBones/usr.sbin/kerberos/kerberos.c b/eBones/usr.sbin/kerberos/kerberos.c deleted file mode 100644 index 185e797..0000000 --- a/eBones/usr.sbin/kerberos/kerberos.c +++ /dev/null @@ -1,816 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * <Copyright.MIT>. - * - * from: kerberos.c,v 4.19 89/11/01 17:18:07 qjb Exp $ - * $Id$ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id$"; -#endif lint -#endif - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> -#include <errno.h> -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <arpa/inet.h> -#include <netdb.h> -#include <signal.h> -#include <sgtty.h> -#include <sys/ioctl.h> -#include <sys/time.h> -#include <sys/file.h> -#include <ctype.h> - -#include <krb.h> -#include <des.h> -#include <klog.h> -#include <prot.h> -#include <krb_db.h> -#include <kdc.h> - -void cr_err_reply(KTEXT pkt, char *pname, char *pinst, char *prealm, - u_long time_ws, u_long e, char *e_string); -void kerb_err_reply(struct sockaddr_in *client, KTEXT pkt, long err, - char *string); -void setup_disc(void); -void kerberos(struct sockaddr_in *client, KTEXT pkt); -int check_princ(char *p_name, char *instance, unsigned lifetime, Principal *p); -int set_tgtkey(char *r); - -struct sockaddr_in s_in = {AF_INET}; -int f; - -/* XXX several files in libkdb know about this */ -char *progname; - -static Key_schedule master_key_schedule; -static C_Block master_key; - -static struct timeval kerb_time; -static Principal a_name_data; /* for requesting user */ -static Principal s_name_data; /* for services requested */ -static C_Block session_key; -static u_char master_key_version; -static char k_instance[INST_SZ]; -static char *lt; -static int more; - -static int mflag; /* Are we invoked manually? */ -static int lflag; /* Have we set an alterate log file? */ -static char *log_file; /* name of alt. log file */ -static int nflag; /* don't check max age */ -static int rflag; /* alternate realm specified */ - -/* fields within the received request packet */ -static u_char req_msg_type; -static u_char req_version; -static char *req_name_ptr; -static char *req_inst_ptr; -static char *req_realm_ptr; -static u_long req_time_ws; - -int req_act_vno = KRB_PROT_VERSION; /* Temporary for version skew */ - -static char local_realm[REALM_SZ]; - -/* statistics */ -static long q_bytes; /* current bytes remaining in queue */ -static long q_n; /* how many consecutive non-zero - * q_bytes */ -static long max_q_bytes; -static long max_q_n; -static long n_auth_req; -static long n_appl_req; -static long n_packets; - -static long max_age = -1; -static long pause_int = -1; - -static void check_db_age(); -static void hang(); - -/* - * Print usage message and exit. - */ -static void usage() -{ - fprintf(stderr, "Usage: %s [-s] [-m] [-n] [-p pause_seconds]%s%s\n", progname, - " [-a max_age] [-l log_file] [-r realm]" - ," [database_pathname]" - ); - exit(1); -} - - -int -main(argc, argv) - int argc; - char **argv; -{ - struct sockaddr_in from; - register int n; - int on = 1; - int child; - struct servent *sp; - int fromlen; - static KTEXT_ST pkt_st; - KTEXT pkt = &pkt_st; - int kerror; - int c; - extern char *optarg; - extern int optind; - - progname = argv[0]; - - while ((c = getopt(argc, argv, "snmp:a:l:r:")) != EOF) { - switch(c) { - case 's': - /* - * Set parameters to slave server defaults. - */ - if (max_age == -1 && !nflag) - max_age = ONE_DAY; /* 24 hours */ - if (pause_int == -1) - pause_int = FIVE_MINUTES; /* 5 minutes */ - if (lflag == 0) { - log_file = KRBSLAVELOG; - lflag++; - } - break; - case 'n': - max_age = -1; /* don't check max age. */ - nflag++; - break; - case 'm': - mflag++; /* running manually; prompt for master key */ - break; - case 'p': - /* Set pause interval. */ - if (!isdigit(optarg[0])) - usage(); - pause_int = atoi(optarg); - if ((pause_int < 5) || (pause_int > ONE_HOUR)) { - fprintf(stderr, "pause_int must be between 5 and 3600 seconds.\n"); - usage(); - } - break; - case 'a': - /* Set max age. */ - if (!isdigit(optarg[0])) - usage(); - max_age = atoi(optarg); - if ((max_age < ONE_HOUR) || (max_age > THREE_DAYS)) { - fprintf(stderr, "max_age must be between one hour and three days, in seconds\n"); - usage(); - } - break; - case 'l': - /* Set alternate log file */ - lflag++; - log_file = optarg; - break; - case 'r': - /* Set realm name */ - rflag++; - strcpy(local_realm, optarg); - break; - default: - usage(); - break; - } - } - - if (optind == (argc-1)) { - if (kerb_db_set_name(argv[optind]) != 0) { - fprintf(stderr, "Could not set alternate database name\n"); - exit(1); - } - optind++; - } - - if (optind != argc) - usage(); - - printf("Kerberos server starting\n"); - - if ((!nflag) && (max_age != -1)) - printf("\tMaximum database age: %ld seconds\n", max_age); - if (pause_int != -1) - printf("\tSleep for %ld seconds on error\n", pause_int); - else - printf("\tSleep forever on error\n"); - if (mflag) - printf("\tMaster key will be entered manually\n"); - - printf("\tLog file is %s\n", lflag ? log_file : KRBLOG); - - if (lflag) - kset_logfile(log_file); - - /* find our hostname, and use it as the instance */ - if (gethostname(k_instance, INST_SZ)) { - fprintf(stderr, "%s: gethostname error\n", progname); - exit(1); - } - - if ((sp = getservbyname("kerberos", "udp")) == 0) { - fprintf(stderr, "%s: udp/kerberos unknown service\n", progname); - exit(1); - } - s_in.sin_port = sp->s_port; - - if ((f = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { - fprintf(stderr, "%s: Can't open socket\n", progname); - exit(1); - } - if (setsockopt(f, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0) - fprintf(stderr, "%s: setsockopt (SO_REUSEADDR)\n", progname); - - if (bind(f, (struct sockaddr *) &s_in, S_AD_SZ) < 0) { - fprintf(stderr, "%s: Can't bind socket\n", progname); - exit(1); - } - /* do all the database and cache inits */ - if ((n = kerb_init())) { - if (mflag) { - printf("Kerberos db and cache init "); - printf("failed = %d ...exiting\n", n); - exit(-1); - } else { - klog(L_KRB_PERR, - "Kerberos db and cache init failed = %d ...exiting", n); - hang(); - } - } - - /* Make sure database isn't stale */ - check_db_age(); - - /* setup master key */ - if (kdb_get_master_key (mflag, master_key, master_key_schedule) != 0) { - klog (L_KRB_PERR, "kerberos: couldn't get master key.\n"); - exit (-1); - } - kerror = kdb_verify_master_key (master_key, master_key_schedule, stdout); - if (kerror < 0) { - klog (L_KRB_PERR, "Can't verify master key."); - bzero (master_key, sizeof (master_key)); - bzero (master_key_schedule, sizeof (master_key_schedule)); - exit (-1); - } - des_init_random_number_generator(master_key); - - master_key_version = (u_char) kerror; - - fprintf(stdout, "\nCurrent Kerberos master key version is %d\n", - master_key_version); - - if (!rflag) { - /* Look up our local realm */ - krb_get_lrealm(local_realm, 1); - } - fprintf(stdout, "Local realm: %s\n", local_realm); - fflush(stdout); - - if (set_tgtkey(local_realm)) { - /* Ticket granting service unknown */ - klog(L_KRB_PERR, "Ticket granting ticket service unknown"); - fprintf(stderr, "Ticket granting ticket service unknown\n"); - exit(1); - } - if (mflag) { - if ((child = fork()) != 0) { - printf("Kerberos started, PID=%d\n", child); - exit(0); - } - setup_disc(); - } - /* receive loop */ - for (;;) { - fromlen = S_AD_SZ; - n = recvfrom(f, pkt->dat, MAX_PKT_LEN, 0, (struct sockaddr *) &from, - &fromlen); - if (n > 0) { - pkt->length = n; - pkt->mbz = 0; /* force zeros to catch runaway strings */ - /* see what is left in the input queue */ - ioctl(f, FIONREAD, &q_bytes); - gettimeofday(&kerb_time, NULL); - q_n++; - max_q_n = max(max_q_n, q_n); - n_packets++; - klog(L_NET_INFO, - "q_byt %d, q_n %d, rd_byt %d, mx_q_b %d, mx_q_n %d, n_pkt %d", - q_bytes, q_n, n, max_q_bytes, max_q_n, n_packets, 0); - max_q_bytes = max(max_q_bytes, q_bytes); - if (!q_bytes) - q_n = 0; /* reset consecutive packets */ - kerberos(&from, pkt); - } else - klog(L_NET_ERR, - "%s: bad recvfrom n = %d errno = %d", progname, n, errno, 0); - } -} - -void -kerberos(client, pkt) - struct sockaddr_in *client; - KTEXT pkt; -{ - static KTEXT_ST rpkt_st; - KTEXT rpkt = &rpkt_st; - static KTEXT_ST ciph_st; - KTEXT ciph = &ciph_st; - static KTEXT_ST tk_st; - KTEXT tk = &tk_st; - static KTEXT_ST auth_st; - KTEXT auth = &auth_st; - AUTH_DAT ad_st; - AUTH_DAT *ad = &ad_st; - - - static struct in_addr client_host; - static int msg_byte_order; - static u_char k_flags; - u_long lifetime; - int i; - C_Block key; - Key_schedule key_s; - char *ptr; - - - - lifetime = DEFAULT_TKT_LIFE; - - ciph->length = 0; - - client_host = client->sin_addr; - - /* eval macros and correct the byte order and alignment as needed */ - req_version = pkt_version(pkt); /* 1 byte, version */ - req_msg_type = pkt_msg_type(pkt); /* 1 byte, Kerberos msg type */ - - req_act_vno = req_version; - - /* check packet version */ - if (req_version != KRB_PROT_VERSION) { - lt = klog(L_KRB_PERR, - "KRB prot version mismatch: KRB =%d request = %d", - KRB_PROT_VERSION, req_version, 0); - /* send an error reply */ - kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt); - return; - } - - /* set up and correct for byte order and alignment */ - req_name_ptr = (char *) pkt_a_name(pkt); - req_inst_ptr = (char *) pkt_a_inst(pkt); - req_realm_ptr = (char *) pkt_a_realm(pkt); - bcopy(pkt_time_ws(pkt), &req_time_ws, sizeof(req_time_ws)); - - msg_byte_order = req_msg_type & 1; - - if (msg_byte_order != HOST_BYTE_ORDER) { - swap_u_long(req_time_ws) - } - klog(L_KRB_PINFO, - "Prot version: %d, Byte order: %d, Message type: %d", - req_version, msg_byte_order, req_msg_type); - - switch (req_msg_type & ~1) { - - case AUTH_MSG_KDC_REQUEST: - { - u_long req_life; /* Requested liftime */ - char *service; /* Service name */ - char *instance; /* Service instance */ - n_auth_req++; - tk->length = 0; - k_flags = 0; /* various kerberos flags */ - - - ptr = (char *) pkt_time_ws(pkt) + 4; - - req_life = (u_long) (*ptr++); - - service = ptr; - instance = ptr + strlen(service) + 1; - - rpkt = &rpkt_st; - klog(L_INI_REQ, - "Initial ticket request Host: %s User: \"%s\" \"%s\"", - inet_ntoa(client_host), req_name_ptr, req_inst_ptr, 0); - - if ((i = check_princ(req_name_ptr, req_inst_ptr, 0, - &a_name_data))) { - kerb_err_reply(client, pkt, i, lt); - return; - } - tk->length = 0; /* init */ - if (strcmp(service, "krbtgt")) - klog(L_NTGT_INTK, - "INITIAL request from %s.%s for %s.%s", - req_name_ptr, req_inst_ptr, service, instance, 0); - /* this does all the checking */ - if ((i = check_princ(service, instance, lifetime, - &s_name_data))) { - kerb_err_reply(client, pkt, i, lt); - return; - } - /* Bound requested lifetime with service and user */ - lifetime = min(req_life, ((u_long) s_name_data.max_life)); - lifetime = min(lifetime, ((u_long) a_name_data.max_life)); - -#ifdef NOENCRYPTION - bzero(session_key, sizeof(C_Block)); -#else - des_new_random_key(session_key); -#endif - /* unseal server's key from master key */ - bcopy(&s_name_data.key_low, key, 4); - bcopy(&s_name_data.key_high, ((long *) key) + 1, 4); - kdb_encrypt_key(key, key, master_key, - master_key_schedule, DECRYPT); - /* construct and seal the ticket */ - krb_create_ticket(tk, k_flags, a_name_data.name, - a_name_data.instance, local_realm, - client_host.s_addr, session_key, lifetime, kerb_time.tv_sec, - s_name_data.name, s_name_data.instance, key); - bzero(key, sizeof(key)); - bzero(key_s, sizeof(key_s)); - - /* - * get the user's key, unseal it from the server's key, and - * use it to seal the cipher - */ - - /* a_name_data.key_low a_name_data.key_high */ - bcopy(&a_name_data.key_low, key, 4); - bcopy(&a_name_data.key_high, ((long *) key) + 1, 4); - - /* unseal the a_name key from the master key */ - kdb_encrypt_key(key, key, master_key, - master_key_schedule, DECRYPT); - - create_ciph(ciph, session_key, s_name_data.name, - s_name_data.instance, local_realm, lifetime, - s_name_data.key_version, tk, kerb_time.tv_sec, key); - - /* clear session key */ - bzero(session_key, sizeof(session_key)); - - bzero(key, sizeof(key)); - - - - /* always send a reply packet */ - rpkt = create_auth_reply(req_name_ptr, req_inst_ptr, - req_realm_ptr, req_time_ws, 0, a_name_data.exp_date, - a_name_data.key_version, ciph); - sendto(f, rpkt->dat, rpkt->length, 0, (struct sockaddr *) client, - S_AD_SZ); - bzero(&a_name_data, sizeof(a_name_data)); - bzero(&s_name_data, sizeof(s_name_data)); - break; - } - case AUTH_MSG_APPL_REQUEST: - { - u_long time_ws; /* Workstation time */ - u_long req_life; /* Requested liftime */ - char *service; /* Service name */ - char *instance; /* Service instance */ - int kerno; /* Kerberos error number */ - char tktrlm[REALM_SZ]; - - n_appl_req++; - tk->length = 0; - k_flags = 0; /* various kerberos flags */ - kerno = KSUCCESS; - - auth->length = 4 + strlen(pkt->dat + 3); - auth->length += (int) *(pkt->dat + auth->length) + - (int) *(pkt->dat + auth->length + 1) + 2; - - bcopy(pkt->dat, auth->dat, auth->length); - - strncpy(tktrlm, auth->dat + 3, REALM_SZ); - if (set_tgtkey(tktrlm)) { - lt = klog(L_ERR_UNK, - "FAILED realm %s unknown. Host: %s ", - tktrlm, inet_ntoa(client_host)); - kerb_err_reply(client, pkt, kerno, lt); - return; - } - kerno = krb_rd_req(auth, "ktbtgt", tktrlm, client_host.s_addr, - ad, 0); - - if (kerno) { - klog(L_ERR_UNK, "FAILED krb_rd_req from %s: %s", - inet_ntoa(client_host), krb_err_txt[kerno]); - kerb_err_reply(client, pkt, kerno, "krb_rd_req failed"); - return; - } - ptr = (char *) pkt->dat + auth->length; - - bcopy(ptr, &time_ws, 4); - ptr += 4; - - req_life = (u_long) (*ptr++); - - service = ptr; - instance = ptr + strlen(service) + 1; - - klog(L_APPL_REQ, "APPL Request %s.%s@%s on %s for %s.%s", - ad->pname, ad->pinst, ad->prealm, inet_ntoa(client_host), - service, instance, 0); - - if (strcmp(ad->prealm, tktrlm)) { - kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN, - "Can't hop realms"); - return; - } - if (!strcmp(service, "changepw")) { - kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN, - "Can't authorize password changed based on TGT"); - return; - } - kerno = check_princ(service, instance, req_life, - &s_name_data); - if (kerno) { - kerb_err_reply(client, pkt, kerno, lt); - return; - } - /* Bound requested lifetime with service and user */ - lifetime = min(req_life, - (ad->life - ((kerb_time.tv_sec - ad->time_sec) / 300))); - lifetime = min(lifetime, ((u_long) s_name_data.max_life)); - - /* unseal server's key from master key */ - bcopy(&s_name_data.key_low, key, 4); - bcopy(&s_name_data.key_high, ((long *) key) + 1, 4); - kdb_encrypt_key(key, key, master_key, - master_key_schedule, DECRYPT); - /* construct and seal the ticket */ - -#ifdef NOENCRYPTION - bzero(session_key, sizeof(C_Block)); -#else - des_new_random_key(session_key); -#endif - - krb_create_ticket(tk, k_flags, ad->pname, ad->pinst, - ad->prealm, client_host.s_addr, - session_key, lifetime, kerb_time.tv_sec, - s_name_data.name, s_name_data.instance, - key); - bzero(key, sizeof(key)); - bzero(key_s, sizeof(key_s)); - - create_ciph(ciph, session_key, service, instance, - local_realm, - lifetime, s_name_data.key_version, tk, - kerb_time.tv_sec, ad->session); - - /* clear session key */ - bzero(session_key, sizeof(session_key)); - - bzero(ad->session, sizeof(ad->session)); - - rpkt = create_auth_reply(ad->pname, ad->pinst, - ad->prealm, time_ws, - 0, 0, 0, ciph); - sendto(f, rpkt->dat, rpkt->length, 0, (struct sockaddr *) client, - S_AD_SZ); - bzero(&s_name_data, sizeof(s_name_data)); - break; - } - - -#ifdef notdef_DIE - case AUTH_MSG_DIE: - { - lt = klog(L_DEATH_REQ, - "Host: %s User: \"%s\" \"%s\" Kerberos killed", - inet_ntoa(client_host), req_name_ptr, req_inst_ptr, 0); - exit(0); - } -#endif notdef_DIE - - default: - { - lt = klog(L_KRB_PERR, - "Unknown message type: %d from %s port %u", - req_msg_type, inet_ntoa(client_host), - ntohs(client->sin_port)); - break; - } - } -} - - -/* - * setup_disc - * - * disconnect all descriptors, remove ourself from the process - * group that spawned us. - */ - -void -setup_disc() -{ - - int s; - - for (s = 0; s < 3; s++) { - (void) close(s); - } - - (void) open("/dev/null", 0); - (void) dup2(0, 1); - (void) dup2(0, 2); - - s = open("/dev/tty", 2); - - if (s >= 0) { - ioctl(s, TIOCNOTTY, (struct sgttyb *) 0); - (void) close(s); - } - (void) chdir("/tmp"); -} - - -/* - * kerb_er_reply creates an error reply packet and sends it to the - * client. - */ - -void -kerb_err_reply(client, pkt, err, string) - struct sockaddr_in *client; - KTEXT pkt; - long err; - char *string; - -{ - static KTEXT_ST e_pkt_st; - KTEXT e_pkt = &e_pkt_st; - static char e_msg[128]; - - strcpy(e_msg, "\nKerberos error -- "); - strcat(e_msg, string); - cr_err_reply(e_pkt, req_name_ptr, req_inst_ptr, req_realm_ptr, - req_time_ws, err, e_msg); - sendto(f, e_pkt->dat, e_pkt->length, 0, (struct sockaddr *) client, - S_AD_SZ); - -} - -/* - * Make sure that database isn't stale. - * - * Exit if it is; we don't want to tell lies. - */ - -static void check_db_age() -{ - long age; - - if (max_age != -1) { - /* Requires existance of kerb_get_db_age() */ - gettimeofday(&kerb_time, 0); - age = kerb_get_db_age(); - if (age == 0) { - klog(L_KRB_PERR, "Database currently being updated!"); - hang(); - } - if ((age + max_age) < kerb_time.tv_sec) { - klog(L_KRB_PERR, "Database out of date!"); - hang(); - /* NOTREACHED */ - } - } -} - -int -check_princ(p_name, instance, lifetime, p) - char *p_name; - char *instance; - unsigned lifetime; - - Principal *p; -{ - static int n; - static int more; - - n = kerb_get_principal(p_name, instance, p, 1, &more); - klog(L_ALL_REQ, - "Principal: \"%s\", Instance: \"%s\" Lifetime = %d n = %d", - p_name, instance, lifetime, n, 0); - - if (n < 0) { - lt = klog(L_KRB_PERR, "Database unavailable!"); - hang(); - } - - /* - * if more than one p_name, pick one, randomly create a session key, - * compute maximum lifetime, lookup authorizations if applicable, - * and stuff into cipher. - */ - if (n == 0) { - /* service unknown, log error, skip to next request */ - lt = klog(L_ERR_UNK, "UNKNOWN \"%s\" \"%s\"", p_name, - instance, 0); - return KERB_ERR_PRINCIPAL_UNKNOWN; - } - if (more) { - /* not unique, log error */ - lt = klog(L_ERR_NUN, "Principal NOT UNIQUE \"%s\" \"%s\"", - p_name, instance, 0); - return KERB_ERR_PRINCIPAL_NOT_UNIQUE; - } - /* If the user's key is null, we want to return an error */ - if ((p->key_low == 0) && (p->key_high == 0)) { - /* User has a null key */ - lt = klog(L_ERR_NKY, "Null key \"%s\" \"%s\"", p_name, - instance, 0); - return KERB_ERR_NULL_KEY; - } - if (master_key_version != p->kdc_key_ver) { - /* log error reply */ - lt = klog(L_ERR_MKV, - "Key vers incorrect, KRB = %d, \"%s\" \"%s\" = %d", - master_key_version, p->name, p->instance, p->kdc_key_ver, - 0); - return KERB_ERR_NAME_MAST_KEY_VER; - } - /* make sure the service hasn't expired */ - if ((u_long) p->exp_date < (u_long) kerb_time.tv_sec) { - /* service did expire, log it */ - lt = klog(L_ERR_SEXP, - "EXPIRED \"%s\" \"%s\" %s", p->name, p->instance, - stime(&(p->exp_date)), 0); - return KERB_ERR_NAME_EXP; - } - /* ok is zero */ - return 0; -} - - -/* Set the key for krb_rd_req so we can check tgt */ -int -set_tgtkey(r) - char *r; /* Realm for desired key */ -{ - int n; - static char lastrealm[REALM_SZ]; - Principal p_st; - Principal *p = &p_st; - C_Block key; - - if (!strcmp(lastrealm, r)) - return (KSUCCESS); - - log("Getting key for %s", r); - - n = kerb_get_principal("krbtgt", r, p, 1, &more); - if (n == 0) - return (KFAILURE); - - /* unseal tgt key from master key */ - bcopy(&p->key_low, key, 4); - bcopy(&p->key_high, ((long *) key) + 1, 4); - kdb_encrypt_key(key, key, master_key, - master_key_schedule, DECRYPT); - krb_set_key(key, 0); - strcpy(lastrealm, r); - return (KSUCCESS); -} - -static void -hang() -{ - if (pause_int == -1) { - klog(L_KRB_PERR, "Kerberos will pause so as not to loop init"); - for (;;) - pause(); - } else { - char buf[256]; - sprintf(buf, "Kerberos will wait %ld seconds before dying so as not to loop init", pause_int); - klog(L_KRB_PERR, buf); - sleep(pause_int); - klog(L_KRB_PERR, "Do svedania....\n"); - exit(1); - } -} diff --git a/eBones/usr.sbin/kprop/Makefile b/eBones/usr.sbin/kprop/Makefile deleted file mode 100644 index 809ec50..0000000 --- a/eBones/usr.sbin/kprop/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id$ - -PROG= kprop -DPADD= ${LIBKRB} ${LIBDES} -LDADD= -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes -CFLAGS+= -DKERBEROS -NOMAN= noman - -.include <bsd.prog.mk> diff --git a/eBones/usr.sbin/kprop/kprop.c b/eBones/usr.sbin/kprop/kprop.c deleted file mode 100644 index ebd80dd..0000000 --- a/eBones/usr.sbin/kprop/kprop.c +++ /dev/null @@ -1,573 +0,0 @@ -/* - * - * Copyright 1987 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, - * please see the file <mit-copyright.h>. - * - */ - -#if 0 -#ifndef lint -static char rcsid_kprop_c[] = -"$Id$"; -#endif lint -#endif - -#include <unistd.h> -#include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include <sys/types.h> -#include <sys/file.h> -#include <signal.h> -#include <sys/stat.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <sys/param.h> -#include <netdb.h> -#include <krb.h> -#include <des.h> - -#include "kprop.h" - -/* for those broken Unixes without this defined... should be in sys/param.h */ -#ifndef MAXHOSTNAMELEN -#define MAXHOSTNAMELEN 64 -#endif - -static char kprop_version[KPROP_PROT_VERSION_LEN] = KPROP_PROT_VERSION; - -int debug = 0; - -char my_realm[REALM_SZ]; -int princ_data_size = 3 * sizeof(long) + 3 * sizeof(unsigned char); -short transfer_mode, net_transfer_mode; -int force_flag; -static char ok[] = ".dump_ok"; - -extern char *krb_get_phost(char *); - -struct slave_host { - u_long net_addr; - char *name; - char *instance; - char *realm; - int not_time_yet; - int succeeded; - struct slave_host *next; -}; - -void Death(char *s); -int get_slaves(struct slave_host **psl, char *file, time_t ok_mtime); -int prop_to_slaves(struct slave_host *sl, int fd, char *fslv); - -int -main(argc, argv) - int argc; - char *argv[]; -{ - int fd, i; - char *floc, *floc_ok; - char *fslv; - struct stat stbuf, stbuf_ok; - long l_init, l_final; - char *pc; - int l_diff; - static struct slave_host *slave_host_list = NULL; - struct slave_host *sh; - - transfer_mode = KPROP_TRANSFER_PRIVATE; - - time(&l_init); - pc = ctime(&l_init); - pc[strlen(pc) - 1] = '\0'; - printf("\nStart slave propagation: %s\n", pc); - - floc = (char *) NULL; - fslv = (char *) NULL; - - if (krb_get_lrealm(my_realm,1) != KSUCCESS) - Death ("Getting my kerberos realm. Check krb.conf"); - - for (i = 1; i < argc; i++) - switch (argv[i][0]) { - case '-': - if (strcmp (argv[i], "-private") == 0) - transfer_mode = KPROP_TRANSFER_PRIVATE; -#ifdef not_safe_yet - else if (strcmp (argv[i], "-safe") == 0) - transfer_mode = KPROP_TRANSFER_SAFE; - else if (strcmp (argv[i], "-clear") == 0) - transfer_mode = KPROP_TRANSFER_CLEAR; -#endif - else if (strcmp (argv[i], "-realm") == 0) { - i++; - if (i < argc) - strcpy(my_realm, argv[i]); - else - goto usage; - } else if (strcmp (argv[i], "-force") == 0) - force_flag++; - else { - fprintf (stderr, "kprop: unknown control argument %s.\n", - argv[i]); - exit (1); - } - break; - default: - /* positional arguments are marginal at best ... */ - if (floc == (char *) NULL) - floc = argv[i]; - else { - if (fslv == (char *) NULL) - fslv = argv[i]; - else { - usage: - /* already got floc and fslv, what is this? */ - fprintf(stderr, - "\nUsage: kprop [-force] [-realm realm] [-private|-safe|-clear] data_file slaves_file\n\n"); - exit(1); - } - } - } - if ((floc == (char *)NULL) || (fslv == (char *)NULL)) - goto usage; - - if ((floc_ok = (char *) malloc(strlen(floc) + strlen(ok) + 1)) - == NULL) { - Death(floc); - } - strcat(strcpy(floc_ok, floc), ok); - - if ((fd = open(floc, O_RDONLY)) < 0) { - Death(floc); - } - if (flock(fd, LOCK_EX | LOCK_NB)) { - Death(floc); - } - if (stat(floc, &stbuf)) { - Death(floc); - } - if (stat(floc_ok, &stbuf_ok)) { - Death(floc_ok); - } - if (stbuf.st_mtime > stbuf_ok.st_mtime) { - fprintf(stderr, "kprop: '%s' more recent than '%s'.\n", - floc, floc_ok); - exit(1); - } - if (!get_slaves(&slave_host_list, fslv, stbuf_ok.st_mtime)) { - fprintf(stderr, - "kprop: can't read slave host file '%s'.\n", fslv); - exit(1); - } -#ifdef KPROP_DBG - { - struct slave_host *sh; - int i; - fprintf(stderr, "\n\n"); - fflush(stderr); - for (sh = slave_host_list; sh; sh = sh->next) { - fprintf(stderr, "slave %d: %s, %s", i++, sh->name, - inet_ntoa(sh->net_addr)); - fflush(stderr); - } - } -#endif /* KPROP_DBG */ - - if (!prop_to_slaves(slave_host_list, fd, fslv)) { - fprintf(stderr, - "kprop: propagation failed.\n"); - exit(1); - } - if (flock(fd, LOCK_UN)) { - Death(floc); - } - fprintf(stderr, "\n\n"); - for (sh = slave_host_list; sh; sh = sh->next) { - fprintf(stderr, "%s:\t\t%s\n", sh->name, - (sh->not_time_yet? "Not time yet" : (sh->succeeded ? "Succeeded" : "FAILED"))); - } - - time(&l_final); - l_diff = l_final - l_init; - printf("propagation finished, %d:%02d:%02d elapsed\n", - l_diff / 3600, (l_diff % 3600) / 60, l_diff % 60); - - exit(0); -} - -void -Death(s) - char *s; -{ - fprintf(stderr, "kprop: "); - perror(s); - exit(1); -} - -/* The master -> slave protocol looks like this: - 1) 8 byte version string - 2) 2 bytes of "transfer mode" (net byte order of course) - 3) ticket/authentication send by sendauth - 4) 4 bytes of "block" length (u_long) - 5) data - - 4 and 5 repeat til EOF ... -*/ - -int -prop_to_slaves(sl, fd, fslv) - struct slave_host *sl; - int fd; - char *fslv; -{ - char buf[KPROP_BUFSIZ]; - char obuf[KPROP_BUFSIZ + 64 /* leave room for private msg overhead */ ]; - struct servent *sp; - struct sockaddr_in sin, my_sin; - int i, n, s; - struct slave_host *cs; /* current slave */ - char path[256], my_host_name[MAXHOSTNAMELEN], *p_my_host_name; - char kprop_service_instance[INST_SZ]; - char *pc; - u_long cksum, get_data_checksum(); - u_long length, nlength; - long kerror; - KTEXT_ST ticket; - CREDENTIALS cred; - MSG_DAT msg_dat; - static char tkstring[] = "/tmp/kproptktXXXXXX"; - - Key_schedule session_sched; - - (void) mktemp(tkstring); - krb_set_tkt_string(tkstring); - - if ((sp = getservbyname("krb_prop", "tcp")) == 0) { - fprintf(stderr, "tcp/krb_prop: service unknown.\n"); - exit(1); - } - - bzero(&sin, sizeof sin); - sin.sin_family = AF_INET; - sin.sin_port = sp->s_port; - - strcpy(path, fslv); - if ((pc = rindex(path, '/'))) { - pc += 1; - } else { - pc = path; - } - - for (i = 0; i < 5; i++) { /* try each slave five times max */ - for (cs = sl; cs; cs = cs->next) { - if (!cs->succeeded) { - if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { - perror("kprop: socket"); - exit(1); - } - bcopy(&cs->net_addr, &sin.sin_addr, - sizeof cs->net_addr); - /* for krb_mk_{priv, safe} */ - bzero (&my_sin, sizeof my_sin); - n = sizeof my_sin; - if ((kerror = krb_get_local_addr (&my_sin)) != KSUCCESS) { - fprintf (stderr, "kprop: can't get local address: %s\n", - krb_err_txt[kerror]); - close (s); - continue; /*** NEXT SLAVE ***/ - } - if (bind(s, (struct sockaddr *) &my_sin, sizeof my_sin) < 0) { - fprintf(stderr, "Unable to bind local address: "); - perror("bind"); - close(s); - continue; - } - if (connect(s, (struct sockaddr *) &sin, sizeof sin) < 0) { - fprintf(stderr, "%s: ", cs->name); - perror("connect"); - close(s); - continue; /*** NEXT SLAVE ***/ - } - - /* Get ticket */ - kerror = krb_mk_req (&ticket, KPROP_SERVICE_NAME, - cs->instance, cs->realm, (u_long) 0); - /* if ticket has expired try to get a new one, but - * first get a TGT ... - */ - if (kerror != MK_AP_OK) { - if (gethostname (my_host_name, sizeof(my_host_name)) != 0) { - fprintf (stderr, "%s:", cs->name); - perror ("getting my hostname"); - close (s); - break; /* next one can't work either! */ - } - /* get canonical kerberos service instance name */ - p_my_host_name = krb_get_phost (my_host_name); - /* copy it to make sure gethostbyname static doesn't - * screw us. */ - strcpy (kprop_service_instance, p_my_host_name); - kerror = krb_get_svc_in_tkt (KPROP_SERVICE_NAME, -#if 0 - kprop_service_instance, -#else - KRB_MASTER, -#endif - my_realm, - TGT_SERVICE_NAME, - my_realm, - 96, - KPROP_SRVTAB); - if (kerror != INTK_OK) { - fprintf (stderr, - "%s: %s. While getting initial ticket\n", - cs->name, krb_err_txt[kerror]); - close (s); - goto punt; - } - kerror = krb_mk_req (&ticket, KPROP_SERVICE_NAME, - cs->instance, cs->realm, (u_long) 0); - } - if (kerror != MK_AP_OK) { - fprintf (stderr, "%s: %s. Calling krb_mk_req.", - cs->name, krb_err_txt[kerror]); - close (s); - continue; /*** NEXT SLAVE ***/ - } - - if (write(s, kprop_version, sizeof(kprop_version)) - != sizeof(kprop_version)) { - fprintf (stderr, "%s: ", cs->name); - perror ("write (version) error"); - close (s); - continue; /*** NEXT SLAVE ***/ - } - - net_transfer_mode = htons (transfer_mode); - if (write(s, &net_transfer_mode, sizeof(net_transfer_mode)) - != sizeof(net_transfer_mode)) { - fprintf (stderr, "%s: ", cs->name); - perror ("write (transfer_mode) error"); - close (s); - continue; /*** NEXT SLAVE ***/ - } - - kerror = krb_get_cred (KPROP_SERVICE_NAME, cs->instance, - cs->realm, &cred); - if (kerror != KSUCCESS) { - fprintf (stderr, "%s: %s. Getting session key.", - cs->name, krb_err_txt[kerror]); - close (s); - continue; /*** NEXT SLAVE ***/ - } -#ifdef NOENCRYPTION - bzero((char *)session_sched, sizeof(session_sched)); -#else - if (key_sched ((C_Block *)cred.session, session_sched)) { - fprintf (stderr, "%s: can't make key schedule.", - cs->name); - close (s); - continue; /*** NEXT SLAVE ***/ - } -#endif - /* SAFE (quad_cksum) and CLEAR are just not good enough */ - cksum = 0; -#ifdef not_working_yet - if (transfer_mode != KPROP_TRANSFER_PRIVATE) { - cksum = get_data_checksum(fd, session_sched); - lseek(fd, 0L, 0); - } - else -#endif - { - struct stat st; - fstat (fd, &st); - cksum = st.st_size; - } - kerror = krb_sendauth(KOPT_DO_MUTUAL, - s, - &ticket, - KPROP_SERVICE_NAME, - cs->instance, - cs->realm, - cksum, - &msg_dat, - &cred, - session_sched, - &my_sin, - &sin, - KPROP_PROT_VERSION); - if (kerror != KSUCCESS) { - fprintf (stderr, "%s: %s. Calling krb_sendauth.", - cs->name, krb_err_txt[kerror]); - close (s); - continue; /*** NEXT SLAVE ***/ - } - - while ((n = read(fd, buf, sizeof buf))) { - if (n < 0) { - perror("input file read error"); - exit(1); - } - switch (transfer_mode) { - case KPROP_TRANSFER_PRIVATE: - case KPROP_TRANSFER_SAFE: - if (transfer_mode == KPROP_TRANSFER_PRIVATE) - length = krb_mk_priv (buf, obuf, n, - session_sched, cred.session, - &my_sin, &sin); - else - length = krb_mk_safe (buf, obuf, n, - (C_Block *)cred.session, - &my_sin, &sin); - if (length == -1) { - fprintf (stderr, "%s: %s failed.", - cs->name, - (transfer_mode == KPROP_TRANSFER_PRIVATE) - ? "krb_rd_priv" : "krb_rd_safe"); - close (s); - continue; /*** NEXT SLAVE ***/ - } - nlength = htonl(length); - if (write(s, &nlength, sizeof nlength) - != sizeof nlength) { - fprintf (stderr, "%s: ", cs->name); - perror ("write error"); - close (s); - continue; /*** NEXT SLAVE ***/ - } - if (write(s, obuf, length) != length) { - fprintf(stderr, "%s: ", cs->name); - perror("write error"); - close(s); - continue; /*** NEXT SLAVE ***/ - } - break; - case KPROP_TRANSFER_CLEAR: - if (write(s, buf, n) != n) { - fprintf(stderr, "%s: ", cs->name); - perror("write error"); - close(s); - continue; /*** NEXT SLAVE ***/ - } - break; - } - } - close(s); - cs->succeeded = 1; - fprintf(stderr, "%s: success.\n", cs->name); - strcat(strcpy(pc, cs->name), "-last-prop"); - close(creat(path, 0600)); - } - } - } -punt: - - dest_tkt(); - for (cs = sl; cs; cs = cs->next) { - if (!cs->succeeded) - return (0); /* didn't get this slave */ - } - return (1); -} - -int -get_slaves(psl, file, ok_mtime) - struct slave_host **psl; - char *file; - time_t ok_mtime; -{ - FILE *fin; - char namebuf[128], *inst; - char *pc; - struct hostent *host; - struct slave_host **th; - char path[256]; - char *ppath; - struct stat stbuf; - - if ((fin = fopen(file, "r")) == NULL) { - fprintf(stderr, "Can't open slave host file, '%s'.\n", file); - exit(-1); - } - strcpy(path, file); - if ((ppath = rindex(path, '/'))) { - ppath += 1; - } else { - ppath = path; - } - for (th = psl; fgets(namebuf, sizeof namebuf, fin); th = &(*th)->next) { - if ((pc = index(namebuf, '\n'))) { - *pc = '\0'; - } else { - fprintf(stderr, "Host name too long (>= %d chars) in '%s'.\n", - sizeof namebuf, file); - exit(-1); - } - host = gethostbyname(namebuf); - if (host == NULL) { - fprintf(stderr, "Unknown host '%s' in '%s'.\n", namebuf, file); - exit(-1); - } - (*th) = (struct slave_host *) malloc(sizeof(struct slave_host)); - if (!*th) { - fprintf(stderr, "No memory reading host list from '%s'.\n", - file); - exit(-1); - } - (*th)->name = malloc(strlen(namebuf) + 1); - if (!(*th)->name) { - fprintf(stderr, "No memory reading host list from '%s'.\n", - file); - exit(-1); - } - /* get kerberos cannonical instance name */ - strcpy((*th)->name, namebuf); - inst = krb_get_phost ((*th)->name); - (*th)->instance = malloc(strlen(inst) + 1); - if (!(*th)->instance) { - fprintf(stderr, "No memory reading host list from '%s'.\n", - file); - exit(-1); - } - strcpy((*th)->instance, inst); - /* what a concept, slave servers in different realms! */ - (*th)->realm = my_realm; - (*th)->net_addr = *(u_long *) host->h_addr; - (*th)->succeeded = 0; - (*th)->next = NULL; - strcat(strcpy(ppath, (*th)->name), "-last-prop"); - if (!force_flag && !stat(path, &stbuf) && stbuf.st_mtime > ok_mtime) { - (*th)->not_time_yet = 1; - (*th)->succeeded = 1; /* no change since last success */ - } - } - fclose(fin); - return (1); -} - -#ifdef doesnt_work_yet -u_long get_data_checksum(fd, key_sched) - int fd; - Key_schedule key_sched; -{ - unsigned long cksum = 0; - unsigned long cbc_cksum(); - int n; - char buf[BUFSIZ]; - long obuf[2]; - - while (n = read(fd, buf, sizeof buf)) { - if (n < 0) { - fprintf(stderr, "Input data file read error: "); - perror("read"); - exit(1); - } - cksum = cbc_cksum(buf, obuf, n, key_sched, key_sched); - } - return cksum; -} -#endif diff --git a/eBones/usr.sbin/kprop/kprop.h b/eBones/usr.sbin/kprop/kprop.h deleted file mode 100644 index 25bef47..0000000 --- a/eBones/usr.sbin/kprop/kprop.h +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright 1987 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, - * please see the file <mit-copyright.h>. - * - */ - -#define KPROP_SERVICE_NAME "rcmd" -#define KPROP_SRVTAB "/etc/kerberosIV/srvtab" -#define TGT_SERVICE_NAME "krbtgt" -#define KPROP_PROT_VERSION_LEN 8 -#define KPROP_PROT_VERSION "kprop01" -#define KPROP_TRANSFER_PRIVATE 1 -#define KPROP_TRANSFER_SAFE 2 -#define KPROP_TRANSFER_CLEAR 3 -#define KPROP_BUFSIZ 32768 -#define KPROP_KDB_UTIL "/usr/sbin/kdb_util" diff --git a/eBones/usr.sbin/ksrvutil/Makefile b/eBones/usr.sbin/ksrvutil/Makefile deleted file mode 100644 index 62c551e..0000000 --- a/eBones/usr.sbin/ksrvutil/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# $Id$ - -PROG= ksrvutil -SRCS= ksrvutil.c -CFLAGS+= -I${.CURDIR}/../../lib/libkadm -DKERBEROS -DPADD= ${LIBKRB} ${LIBDES} -LDADD+= -L${KADMOBJDIR} -lkadm -L${KRBOBJDIR} -lkrb \ - -L${DESOBJDIR} -ldes -lcom_err -MAN8= ksrvutil.8 - -.include <bsd.prog.mk> diff --git a/eBones/usr.sbin/ksrvutil/ksrvutil.8 b/eBones/usr.sbin/ksrvutil/ksrvutil.8 deleted file mode 100644 index 30ac3fb..0000000 --- a/eBones/usr.sbin/ksrvutil/ksrvutil.8 +++ /dev/null @@ -1,93 +0,0 @@ -.\" from: /mit/kerberos/src/man/RCS/ksrvutil.8,v 4.0 89/07/27 18:35:33 jtkohl Exp $ -.\" $Id$ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <Copyright.MIT>. -.\" -.TH KSRVUTIL 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -ksrvutil \- host kerberos keyfile (srvtab) manipulation utility -.SH SYNOPSIS -ksrvutil -.B operation -[ -.B \-k -] [ -.B \-i -] [ -.B \-f filename -] -.SH DESCRIPTION -.I ksrvutil -allows a system manager to list or change keys currently in his -keyfile or to add new keys to the keyfile. -.PP - -Operation must be one of the following: -.TP 10n -.I list -lists the keys in a keyfile showing version number and principal -name. If the \-k option is given, keys will also be shown. -.TP 10n -.I change -changes all the keys in the keyfile by using the regular admin -protocol. If the \-i flag is given, -.I ksrvutil -will prompt for yes or no before changing each key. If the \-k -option is used, the old and new keys will be displayed. -.TP 10n -.I add -allows the user to add a key. -.I add -prompts for name, instance, realm, and key version number, asks -for confirmation, and then asks for a password. -.I ksrvutil -then converts the password to a key and appends the keyfile with -the new information. If the \-k option is used, the key is -displayed. - -.PP -In all cases, the default file used is KEY_FILE as defined in -krb.h unless this is overridden by the \-f option. - -.PP -A good use for -.I ksrvutil -would be for adding keys to a keyfile. A system manager could -ask a kerberos administrator to create a new service key with -.IR kadmin (8) -and could supply an initial password. Then, he could use -.I ksrvutil -to add the key to the keyfile and then to change the key so that -it will be random and unknown to either the system manager or -the kerberos administrator. - -.I ksrvutil -always makes a backup copy of the keyfile before making any -changes. - -.SH DIAGNOSTICS -If -.I ksrvutil -should exit on an error condition at any time during a change or -add, a copy of the -original keyfile can be found in -.IR filename .old -where -.I filename -is the name of the keyfile, and a copy of the file with all new -keys changed or added so far can be found in -.IR filename .work. -The original keyfile is left unmodified until the program exits -at which point it is removed and replaced it with the workfile. -Appending the workfile to the backup copy and replacing the -keyfile with the result should always give a usable keyfile, -although the resulting keyfile will have some out of date keys -in it. - -.SH SEE ALSO -kadmin(8), ksrvtgt(1) - -.SH AUTHOR -Emanuel Jay Berkenbilt, MIT Project Athena diff --git a/eBones/usr.sbin/ksrvutil/ksrvutil.c b/eBones/usr.sbin/ksrvutil/ksrvutil.c deleted file mode 100644 index 1bc1424..0000000 --- a/eBones/usr.sbin/ksrvutil/ksrvutil.c +++ /dev/null @@ -1,586 +0,0 @@ -/* - * Copyright 1989 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * Copyright.MIT. - * - * list and update contents of srvtab files - */ - -#if 0 -#ifndef lint -static char rcsid_ksrvutil_c[] = -"BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/ksrvutil.c,v 4.1 89/09/26 09:33:49 jtkohl Exp "; -static const char rcsid[] = - "$Id$"; -#endif lint -#endif - -/* - * ksrvutil - * list and update the contents of srvtab files - */ - -#ifndef FALSE -#define FALSE 0 -#endif - -#ifndef TRUE -#define TRUE 1 -#endif - -#include <unistd.h> -#include <string.h> -#include <sys/types.h> -#include <sys/file.h> -#include <sys/param.h> -#include <stdio.h> -#include <sys/stat.h> -#include <errno.h> -#include <kadm.h> -#include <err.h> -#include <com_err.h> - -#ifdef NOENCRYPTION -#define read_long_pw_string placebo_read_pw_string -#else /* NOENCRYPTION */ -#define read_long_pw_string des_read_pw_string -#endif /* NOENCRYPTION */ -int read_long_pw_string(); - -#define SRVTAB_MODE 0600 /* rw------- */ -#define PAD " " -#define VNO_HEADER "Version" -#define VNO_FORMAT "%4d " -#define KEY_HEADER " Key " /* 17 characters long */ -#define PRINC_HEADER " Principal\n" -#define PRINC_FORMAT "%s" - -void usage(void); -void leave(char *str, int x); -void get_key_from_password(des_cblock key); -void print_name(char *name, char *inst, char *realm); -void print_key(des_cblock key); -unsigned short get_mode(char *filename); -int get_svc_new_key(des_cblock new_key, char *sname, char *sinst, - char *srealm, char *keyfile); - -void -copy_keyfile(progname, keyfile, backup_keyfile) - char *progname; - char *keyfile; - char *backup_keyfile; -{ - int keyfile_fd; - int backup_keyfile_fd; - int keyfile_mode; - char buf[BUFSIZ]; /* for copying keyfiles */ - int rcount; /* for copying keyfiles */ - int try_again; - - bzero((char *)buf, sizeof(buf)); - - do { - try_again = FALSE; - if ((keyfile_fd = open(keyfile, O_RDONLY, 0)) < 0) { - if (errno != ENOENT) { - err(1, "unable to read %s", keyfile); - } - else { - try_again = TRUE; - if ((keyfile_fd = - open(keyfile, - O_WRONLY | O_TRUNC | O_CREAT, SRVTAB_MODE)) < 0) { - err(1, "unable to create %s", keyfile); - } - else - if (close(keyfile_fd) < 0) { - err(1, "failure closing %s", keyfile); - } - } - } - } while(try_again); - - keyfile_mode = get_mode(keyfile); - - if ((backup_keyfile_fd = - open(backup_keyfile, O_WRONLY | O_TRUNC | O_CREAT, - keyfile_mode)) < 0) { - err(1, "unable to write %s", backup_keyfile); - } - do { - if ((rcount = read(keyfile_fd, (char *)buf, sizeof(buf))) < 0) { - err(1, "error reading %s", keyfile); - } - if (rcount && (write(backup_keyfile_fd, buf, rcount) != rcount)) { - err(1, "error writing %s", backup_keyfile); - } - } while (rcount); - if (close(backup_keyfile_fd) < 0) { - err(1, "error closing %s", backup_keyfile); - } - if (close(keyfile_fd) < 0) { - err(1, "error closing %s", keyfile); - } -} - -void -safe_read_stdin(prompt, buf, size) - char *prompt; - char *buf; - int size; -{ - printf(prompt); - fflush(stdout); - bzero(buf, size); - if (read(0, buf, size - 1) < 0) { - warn("failure reading from stdin"); - leave((char *)NULL, 1); - } - fflush(stdin); - buf[strlen(buf)-1] = 0; -} - - -void -safe_write(progname, filename, fd, buf, len) - char *progname; - char *filename; - int fd; - char *buf; - int len; -{ - if (write(fd, buf, len) != len) { - warn("failure writing %s", filename); - close(fd); - leave("In progress srvtab in this file.", 1); - } -} - -int -yn(string) - char *string; -{ - char ynbuf[5]; - - printf("%s (y,n) [y] ", string); - for (;;) { - safe_read_stdin("", ynbuf, sizeof(ynbuf)); - - if ((ynbuf[0] == 'n') || (ynbuf[0] == 'N')) - return(0); - else if ((ynbuf[0] == 'y') || (ynbuf[0] == 'Y') || (ynbuf[0] == 0)) - return(1); - else { - printf("Please enter 'y' or 'n': "); - fflush(stdout); - } - } -} - -void -append_srvtab(progname, filename, fd, sname, sinst, - srealm, key_vno, key) - char *progname; - char *filename; - int fd; - char *sname; - char *sinst; - char *srealm; - unsigned char key_vno; - des_cblock key; -{ - /* Add one to append null */ - safe_write(progname, filename, fd, sname, strlen(sname) + 1); - safe_write(progname, filename, fd, sinst, strlen(sinst) + 1); - safe_write(progname, filename, fd, srealm, strlen(srealm) + 1); - safe_write(progname, filename, fd, (char *)&key_vno, 1); - safe_write(progname, filename, fd, (char *)key, sizeof(des_cblock)); - fsync(fd); -} - -unsigned short -get_mode(filename) - char *filename; -{ - struct stat statbuf; - unsigned short mode; - - bzero((char *)&statbuf, sizeof(statbuf)); - - if (stat(filename, &statbuf) < 0) - mode = SRVTAB_MODE; - else - mode = statbuf.st_mode; - - return(mode); -} - -int -main(argc,argv) - int argc; - char *argv[]; -{ - char sname[ANAME_SZ]; /* name of service */ - char sinst[INST_SZ]; /* instance of service */ - char srealm[REALM_SZ]; /* realm of service */ - unsigned char key_vno; /* key version number */ - int status; /* general purpose error status */ - des_cblock new_key; - des_cblock old_key; - char change_tkt[MAXPATHLEN]; /* Ticket to use for key change */ - char keyfile[MAXPATHLEN]; /* Original keyfile */ - char work_keyfile[MAXPATHLEN]; /* Working copy of keyfile */ - char backup_keyfile[MAXPATHLEN]; /* Backup copy of keyfile */ - unsigned short keyfile_mode; /* Protections on keyfile */ - int work_keyfile_fd = -1; /* Initialize so that */ - int backup_keyfile_fd = -1; /* compiler doesn't complain */ - char local_realm[REALM_SZ]; /* local kerberos realm */ - int i; - int interactive = FALSE; - int list = FALSE; - int change = FALSE; - int add = FALSE; - int key = FALSE; /* do we show keys? */ - int arg_entered = FALSE; - int change_this_key = FALSE; - char databuf[BUFSIZ]; - int first_printed = FALSE; /* have we printed the first item? */ - - bzero((char *)sname, sizeof(sname)); - bzero((char *)sinst, sizeof(sinst)); - bzero((char *)srealm, sizeof(srealm)); - - bzero((char *)change_tkt, sizeof(change_tkt)); - bzero((char *)keyfile, sizeof(keyfile)); - bzero((char *)work_keyfile, sizeof(work_keyfile)); - bzero((char *)backup_keyfile, sizeof(backup_keyfile)); - bzero((char *)local_realm, sizeof(local_realm)); - - sprintf(change_tkt, "/tmp/tkt_ksrvutil.%d", getpid()); - krb_set_tkt_string(change_tkt); - - /* This is used only as a default for adding keys */ - if (krb_get_lrealm(local_realm, 1) != KSUCCESS) - strcpy(local_realm, KRB_REALM); - - for (i = 1; i < argc; i++) { - if (strcmp(argv[i], "-i") == 0) - interactive++; - else if (strcmp(argv[i], "-k") == 0) - key++; - else if (strcmp(argv[i], "list") == 0) { - if (arg_entered) - usage(); - else { - arg_entered++; - list++; - } - } - else if (strcmp(argv[i], "change") == 0) { - if (arg_entered) - usage(); - else { - arg_entered++; - change++; - } - } - else if (strcmp(argv[i], "add") == 0) { - if (arg_entered) - usage(); - else { - arg_entered++; - add++; - } - } - else if (strcmp(argv[i], "-f") == 0) { - if (++i == argc) - usage(); - else - strcpy(keyfile, argv[i]); - } - else - usage(); - } - - if (!arg_entered) - usage(); - - if (!keyfile[0]) - strcpy(keyfile, KEYFILE); - - strcpy(work_keyfile, keyfile); - strcpy(backup_keyfile, keyfile); - - if (change || add) { - strcat(work_keyfile, ".work"); - strcat(backup_keyfile, ".old"); - - copy_keyfile(argv[0], keyfile, backup_keyfile); - } - - if (add) - copy_keyfile(argv[0], backup_keyfile, work_keyfile); - - keyfile_mode = get_mode(keyfile); - - if (change || list) { - if ((backup_keyfile_fd = open(backup_keyfile, O_RDONLY, 0)) < 0) { - err(1, "unable to read %s", backup_keyfile); - } - } - - if (change) { - if ((work_keyfile_fd = - open(work_keyfile, O_WRONLY | O_CREAT | O_TRUNC, - SRVTAB_MODE)) < 0) { - err(1, "unable to write %s", work_keyfile); - } - } - else if (add) { - if ((work_keyfile_fd = - open(work_keyfile, O_APPEND | O_WRONLY, SRVTAB_MODE)) < 0) { - err(1, "unable to append to %s", work_keyfile); - } - } - - if (change || list) { - while ((getst(backup_keyfile_fd, sname, SNAME_SZ) > 0) && - (getst(backup_keyfile_fd, sinst, INST_SZ) > 0) && - (getst(backup_keyfile_fd, srealm, REALM_SZ) > 0) && - (read(backup_keyfile_fd, &key_vno, 1) > 0) && - (read(backup_keyfile_fd,(char *)old_key,sizeof(old_key)) > 0)) { - if (list) { - if (!first_printed) { - printf(VNO_HEADER); - printf(PAD); - if (key) { - printf(KEY_HEADER); - printf(PAD); - } - printf(PRINC_HEADER); - first_printed = 1; - } - printf(VNO_FORMAT, key_vno); - printf(PAD); - if (key) { - print_key(old_key); - printf(PAD); - } - print_name(sname, sinst, srealm); - printf("\n"); - } - else if (change) { - printf("\nPrincipal: "); - print_name(sname, sinst, srealm); - printf("; version %d\n", key_vno); - if (interactive) - change_this_key = yn("Change this key?"); - else if (change) - change_this_key = 1; - else - change_this_key = 0; - - if (change_this_key) - printf("Changing to version %d.\n", key_vno + 1); - else if (change) - printf("Not changing this key.\n"); - - if (change_this_key) { - /* - * Pick a new key and determine whether or not - * it is safe to change - */ - if ((status = - get_svc_new_key(new_key, sname, sinst, - srealm, keyfile)) == KADM_SUCCESS) - key_vno++; - else { - bcopy(old_key, new_key, sizeof(new_key)); - com_err(argv[0], status, ": key NOT changed"); - change_this_key = FALSE; - } - } - else - bcopy(old_key, new_key, sizeof(new_key)); - append_srvtab(argv[0], work_keyfile, work_keyfile_fd, - sname, sinst, srealm, key_vno, new_key); - if (key && change_this_key) { - printf("Old key: "); - print_key(old_key); - printf("; new key: "); - print_key(new_key); - printf("\n"); - } - if (change_this_key) { - if ((status = kadm_change_pw(new_key)) == KADM_SUCCESS) { - printf("Key changed.\n"); - dest_tkt(); - } - else { - com_err(argv[0], status, - " attempting to change password."); - dest_tkt(); - /* XXX This knows the format of a keyfile */ - if (lseek(work_keyfile_fd, -9, L_INCR) >= 0) { - key_vno--; - safe_write(argv[0], work_keyfile, - work_keyfile_fd, (char *)&key_vno, 1); - safe_write(argv[0], work_keyfile, work_keyfile_fd, - (char *)old_key, sizeof(des_cblock)); - fsync(work_keyfile_fd); - fprintf(stderr,"Key NOT changed.\n"); - } - else { - warn("unable to revert keyfile"); - leave("", 1); - } - } - } - } - bzero((char *)old_key, sizeof(des_cblock)); - bzero((char *)new_key, sizeof(des_cblock)); - } - } - else if (add) { - do { - do { - safe_read_stdin("Name: ", databuf, sizeof(databuf)); - strncpy(sname, databuf, sizeof(sname) - 1); - safe_read_stdin("Instance: ", databuf, sizeof(databuf)); - strncpy(sinst, databuf, sizeof(sinst) - 1); - safe_read_stdin("Realm: ", databuf, sizeof(databuf)); - strncpy(srealm, databuf, sizeof(srealm) - 1); - safe_read_stdin("Version number: ", databuf, sizeof(databuf)); - key_vno = atoi(databuf); - if (!srealm[0]) - strcpy(srealm, local_realm); - printf("New principal: "); - print_name(sname, sinst, srealm); - printf("; version %d\n", key_vno); - } while (!yn("Is this correct?")); - get_key_from_password(new_key); - if (key) { - printf("Key: "); - print_key(new_key); - printf("\n"); - } - append_srvtab(argv[0], work_keyfile, work_keyfile_fd, - sname, sinst, srealm, key_vno, new_key); - printf("Key successfully added.\n"); - } while (yn("Would you like to add another key?")); - } - - if (change || list) - if (close(backup_keyfile_fd) < 0) { - warn("failure closing %s, continuing", backup_keyfile); - } - - if (change || add) { - if (close(work_keyfile_fd) < 0) { - err(1, "failure closing %s", work_keyfile); - } - if (rename(work_keyfile, keyfile) < 0) { - err(1, "failure renaming %s to %s", work_keyfile, keyfile); - } - chmod(backup_keyfile, keyfile_mode); - chmod(keyfile, keyfile_mode); - printf("Old keyfile in %s.\n", backup_keyfile); - } - - exit(0); -} - -void -print_key(key) - des_cblock key; -{ - int i; - - for (i = 0; i < 4; i++) - printf("%02x", key[i]); - printf(" "); - for (i = 4; i < 8; i++) - printf("%02x", key[i]); -} - -void -print_name(name, inst, realm) - char *name; - char *inst; - char *realm; -{ - printf("%s%s%s%s%s", name, inst[0] ? "." : "", inst, - realm[0] ? "@" : "", realm); -} - -int -get_svc_new_key(new_key, sname, sinst, srealm, keyfile) - des_cblock new_key; - char *sname; - char *sinst; - char *srealm; - char *keyfile; -{ - int status = KADM_SUCCESS; - CREDENTIALS c; - - if (((status = krb_get_svc_in_tkt(sname, sinst, srealm, PWSERV_NAME, - KADM_SINST, 1, keyfile)) == KSUCCESS) && - ((status = krb_get_cred(PWSERV_NAME, KADM_SINST, srealm, &c)) == - KSUCCESS) && - ((status = kadm_init_link("changepw", KRB_MASTER, srealm)) == - KADM_SUCCESS)) { -#ifdef NOENCRYPTION - bzero((char *) new_key, sizeof(des_cblock)); - new_key[0] = (unsigned char) 1; -#else /* NOENCRYPTION */ - des_init_random_number_generator(c.session); - (void) des_new_random_key(new_key); -#endif /* NOENCRYPTION */ - return(KADM_SUCCESS); - } - - return(status); -} - -void -get_key_from_password(key) - des_cblock key; -{ - char password[MAX_KPW_LEN]; /* storage for the password */ - - if (read_long_pw_string(password, sizeof(password)-1, "Password: ", 1)) - leave("Error reading password.", 1); - -#ifdef NOENCRYPTION - bzero((char *) key, sizeof(des_cblock)); - key[0] = (unsigned char) 1; -#else /* NOENCRYPTION */ - des_string_to_key(password, (des_cblock *)key); -#endif /* NOENCRYPTION */ - bzero((char *)password, sizeof(password)); -} - -void -usage() -{ - fprintf(stderr, "Usage: ksrvutil [-f keyfile] [-i] [-k] "); - fprintf(stderr, "{list | change | add}\n"); - fprintf(stderr, " -i causes the program to ask for "); - fprintf(stderr, "confirmation before changing keys.\n"); - fprintf(stderr, " -k causes the key to printed for list or "); - fprintf(stderr, "change.\n"); - exit(1); -} - -void -leave(str,x) -char *str; -int x; -{ - if (str) - fprintf(stderr, "%s\n", str); - dest_tkt(); - exit(x); -} diff --git a/eBones/usr.sbin/kstash/Makefile b/eBones/usr.sbin/kstash/Makefile deleted file mode 100644 index 6cd2e19..0000000 --- a/eBones/usr.sbin/kstash/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -# From: @(#)Makefile 5.2 (Berkeley) 3/5/91 -# $Id$ - -PROG= kstash -CFLAGS+=-DKERBEROS -DDEBUG -DPADD= ${LIBKDB} ${LIBKRB} ${LIBDES} -LDADD= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes -MAN8= kstash.8 - -.include <bsd.prog.mk> diff --git a/eBones/usr.sbin/kstash/kstash.8 b/eBones/usr.sbin/kstash/kstash.8 deleted file mode 100644 index 7b810ab..0000000 --- a/eBones/usr.sbin/kstash/kstash.8 +++ /dev/null @@ -1,44 +0,0 @@ -.\" from: kstash.8,v 4.1 89/01/23 11:11:39 jtkohl Exp $ -.\" $Id$ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <Copyright.MIT>. -.\" -.TH KSTASH 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kstash \- stash Kerberos key distribution center database master key -.SH SYNOPSIS -kstash -.SH DESCRIPTION -.I kstash -saves the Kerberos key distribution center (KDC) database master key in -the master key cache file. -.PP -The user is prompted to enter the key, to verify the authenticity of the -key and the authorization to store the key in the file. -.SH DIAGNOSTICS -.TP 20n -"verify_master_key: Invalid master key, does not match database." -The master key string entered was incorrect. -.TP -"kstash: Unable to open master key file" -The attempt to open the cache file for writing failed (probably due to a -system or access permission error). -.TP -"kstash: Write I/O error on master key file" -The -.BR write (2) -system call returned an error while -.I kstash -was attempting to write the key to the file. -.SH FILES -.TP 20n -/etc/kerberosIV/principal.db -DBM file containing database -.TP -/etc/kerberosIV/principal.ok -Semaphore indicating that the DBM database is not being modified. -.TP -/etc/kerberosIV/master_key -Master key cache file. diff --git a/eBones/usr.sbin/kstash/kstash.c b/eBones/usr.sbin/kstash/kstash.c deleted file mode 100644 index 540c017..0000000 --- a/eBones/usr.sbin/kstash/kstash.c +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology - * For copying and distribution information, please see the file - * <Copyright.MIT>. - * - * from: kstash.c,v 4.0 89/01/23 09:45:43 jtkohl Exp $ - * $Id$ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id$"; -#endif lint -#endif - -#include <unistd.h> -#include <stdio.h> -#include <string.h> -#include <errno.h> -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <netdb.h> -#include <signal.h> -#include <sgtty.h> -#include <sys/ioctl.h> -#include <sys/time.h> -#include <sys/file.h> - -#include <krb.h> -#include <des.h> -#include <klog.h> -#include <prot.h> -#include <krb_db.h> -#include <kdc.h> - -/* change this later, but krblib_dbm needs it for now */ -char *progname; - -static C_Block master_key; -static Key_schedule master_key_schedule; -int debug; -static int kfile; -static void clear_secrets(); - -int -main(argc, argv) - int argc; - char **argv; -{ - long n; - if ((n = kerb_init())) { - fprintf(stderr, "Kerberos db and cache init failed = %ld\n", n); - exit(1); - } - - if (kdb_get_master_key (TRUE, master_key, master_key_schedule) != 0) { - fprintf (stderr, "%s: Couldn't read master key.\n", argv[0]); - fflush (stderr); - clear_secrets(); - exit (-1); - } - - if (kdb_verify_master_key (master_key, master_key_schedule, stderr) < 0) { - clear_secrets(); - exit (-1); - } - - kfile = open(MKEYFILE, O_TRUNC | O_RDWR | O_CREAT, 0600); - if (kfile < 0) { - clear_secrets(); - fprintf(stderr, "\n\07\07%s: Unable to open master key file\n", - argv[0]); - exit(1); - } - if (write(kfile, (char *) master_key, 8) < 0) { - clear_secrets(); - fprintf(stderr, "\n%s: Write I/O error on master key file\n", - argv[0]); - exit(1); - } - (void) close(kfile); - clear_secrets(); - return(0); -} - -static void -clear_secrets() -{ - bzero(master_key_schedule, sizeof(master_key_schedule)); - bzero(master_key, sizeof(master_key)); -} diff --git a/eBones/usr.sbin/make_keypair/Makefile b/eBones/usr.sbin/make_keypair/Makefile deleted file mode 100644 index 4edf76e..0000000 --- a/eBones/usr.sbin/make_keypair/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -# @(#)Makefile 8.1 (Berkeley) 6/1/93 -# $id$ - -PROG= make_keypair -MAN8= make_keypair.8 -CFLAGS+=-DKERBEROS -I${.CURDIR}/../../usr.bin/register -DPADD= ${LIBKDB} ${LIBKRB} ${LIBDES} -LDADD= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes - -.include <bsd.prog.mk> diff --git a/eBones/usr.sbin/make_keypair/make_keypair.8 b/eBones/usr.sbin/make_keypair/make_keypair.8 deleted file mode 100644 index b2b4e4c..0000000 --- a/eBones/usr.sbin/make_keypair/make_keypair.8 +++ /dev/null @@ -1,88 +0,0 @@ -.\" Copyright (c) 1988, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" @(#)make_keypair.8 8.2 (Berkeley) 12/11/93 -.\" $Id$ -.\" -.Dd December 11, 1993 -.Dt MAKE_KEYPAIR 8 -.Os -.Sh NAME -.Nm make_keypair -.Nd generate Kerberos host key pair -.Sh SYNOPSIS -.Nm make_keypair -.Ar hostname -.Op Ar hostname ... -.Sh DESCRIPTION -The -.Nm make_keypair -command -is used to create pairs of -.Tn DES -keys for -each -.Ar hostname . -The keys are used by privileged programs such as -.Xr register 1 -to make remote updates to the Kerberos database without -having to have first acquired a Kerberos ticket granting ticket -.Pq Tn TGT . -The keys created by -.Nm make_keypair -are placed (by hand) in the filesystems of the -kerberos server in -.Pa /etc/kerberosIV/register_keys , -and in the root directory of the clients. -For example, the file -.Pa /.update.key128.32.130.3 -would -contain a copy of the key of the client with -IP address 128.32.130.3. -These keys provide a shared secret which may be used to establish -a secure channel between the client hosts and the Kerberos server. -.Sh FILES -.Bl -tag -width /etc/kerberosIV/register_keysxx -compact -.It Pa /.update.keyxx.xx.xx.xx -shared -.Tn DES -key with server -.It Pa /etc/kerberosIV/register_keys -server's key storage directory -.El -.Sh SEE ALSO -.Xr kerberos 1 , -.Xr register 1 , -.Xr registerd 8 -.Sh HISTORY -The -.Nm make_keypair -utility first appeared in 4.4BSD. diff --git a/eBones/usr.sbin/make_keypair/make_keypair.c b/eBones/usr.sbin/make_keypair/make_keypair.c deleted file mode 100644 index deb67ac..0000000 --- a/eBones/usr.sbin/make_keypair/make_keypair.c +++ /dev/null @@ -1,134 +0,0 @@ -/*- - * Copyright (c) 1988, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if 0 -#ifndef lint -static char copyright[] = -"@(#) Copyright (c) 1988, 1993\n\ - The Regents of the University of California. All rights reserved.\n"; -static char sccsid[] = "@(#)make_keypair.c 8.1 (Berkeley) 6/1/93"; -#endif /* not lint */ -#endif - -#include <sys/types.h> -#include <sys/file.h> -#include <netinet/in.h> -#include <arpa/inet.h> -#include <unistd.h> -#include <string.h> -#include <stdio.h> -#include <netdb.h> -#include <des.h> -#include <krb.h> -#include "pathnames.h" -#include "register_proto.h" - -void usage(char *name); -void make_key(struct in_addr addr); - -char * progname; - -void -main(argc, argv) - int argc; - char **argv; -{ - struct hostent *hp; - char *addr; - int i; - struct sockaddr_in sin; - - progname = *argv; /* argv[0] */ - - if (argc != 2) { - usage(argv[0]); - exit(1); - } - - if ((hp = gethostbyname(argv[1])) == NULL) { - herror(argv[1]); - exit(1); - } - - for (i = 0; (addr = hp->h_addr_list[i]); i++) { - addr = hp->h_addr_list[i]; - bcopy(addr, &sin.sin_addr, hp->h_length); - - printf("Making key for host %s (%s)\n", - argv[1], inet_ntoa(sin.sin_addr)); - make_key(sin.sin_addr); - } - printf("==========\n"); - printf("One copy of the each key should be put in %s on the\n", - SERVER_KEYDIR); - printf("Kerberos server machine (mode 600, owner root).\n"); - printf("Another copy of each key should be put on the named\n"); - printf("client as %sXXX.XXX.XXX.XXX (same modes as above),\n", - CLIENT_KEYFILE); - printf("where the X's refer to digits of the host's inet address.\n"); - (void)fflush(stdout); - exit(0); -} - -void -make_key(addr) - struct in_addr addr; -{ - struct keyfile_data kfile; - char namebuf[255]; - int fd; - - (void)sprintf(namebuf, "%s%s", - CLIENT_KEYFILE, - inet_ntoa(addr)); - fd = open(namebuf, O_WRONLY|O_CREAT, 0600); - if (fd < 0) { - perror("open"); - exit(1); - } - random_key(kfile.kf_key); - printf("writing to file -> %s ...", namebuf); - if (write(fd, &kfile, sizeof(kfile)) != sizeof(kfile)) { - fprintf(stderr, "error writing file %s\n", namebuf); - } - printf("done.\n"); - (void)close(fd); - return; -} - -void -usage(name) - char *name; -{ - fprintf(stderr, "usage: %s host\n", name); -} |
