diff options
Diffstat (limited to 'eBones/ext_srvtab')
-rw-r--r-- | eBones/ext_srvtab/Makefile | 10 | ||||
-rw-r--r-- | eBones/ext_srvtab/ext_srvtab.8 | 63 | ||||
-rw-r--r-- | eBones/ext_srvtab/ext_srvtab.c | 164 |
3 files changed, 237 insertions, 0 deletions
diff --git a/eBones/ext_srvtab/Makefile b/eBones/ext_srvtab/Makefile new file mode 100644 index 0000000..f30bbbb --- /dev/null +++ b/eBones/ext_srvtab/Makefile @@ -0,0 +1,10 @@ +# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 +# $Id: Makefile,v 1.2 1994/07/19 19:22:34 g89r4222 Exp $ + +PROG= ext_srvtab +CFLAGS+=-DKERBEROS -I${.CURDIR}/../include +DPADD= ${LIBKDB} ${LIBKRB} ${LIBDES} +LDADD+= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes +NOMAN= noman + +.include <bsd.prog.mk> diff --git a/eBones/ext_srvtab/ext_srvtab.8 b/eBones/ext_srvtab/ext_srvtab.8 new file mode 100644 index 0000000..af980a9 --- /dev/null +++ b/eBones/ext_srvtab/ext_srvtab.8 @@ -0,0 +1,63 @@ +.\" from: ext_srvtab.8,v 4.2 89/07/18 16:53:18 jtkohl Exp $ +.\" $Id: ext_srvtab.8,v 1.2 1994/07/19 19:27:20 g89r4222 Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <Copyright.MIT>. +.\" +.TH EXT_SRVTAB 8 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +ext_srvtab \- extract service key files from Kerberos key distribution center database +.SH SYNOPSIS +ext_srvtab [ +.B \-n +] [ +.B \-r realm +] [ +.B hostname ... +] +.SH DESCRIPTION +.I ext_srvtab +extracts service key files from the Kerberos key distribution center +(KDC) database. +.PP +Upon execution, it prompts the user to enter the master key string for +the database. If the +.B \-n +option is specified, the master key is instead fetched from the master +key cache file. +.PP +For each +.I hostname +specified on the command line, +.I ext_srvtab +creates the service key file +.IR hostname -new-srvtab, +containing all the entries in the database with an instance field of +.I hostname. +This new file contains all the keys registered for Kerberos-mediated +service providing programs which use the +.IR krb_get_phost (3) +principal and instance conventions to run on the host +.IR hostname . +If the +.B \-r +option is specified, the realm fields in the extracted file will +match the given realm rather than the local realm. +.SH DIAGNOSTICS +.TP 20n +"verify_master_key: Invalid master key, does not match database." +The master key string entered was incorrect. +.SH FILES +.TP 20n +.IR hostname -new-srvtab +Service key file generated for +.I hostname +.TP +/kerberos/principal.pag, /kerberos/principal.dir +DBM files containing database +.TP +/.k +Master key cache file. +.SH SEE ALSO +read_service_key(3), krb_get_phost(3) diff --git a/eBones/ext_srvtab/ext_srvtab.c b/eBones/ext_srvtab/ext_srvtab.c new file mode 100644 index 0000000..3a5dcec --- /dev/null +++ b/eBones/ext_srvtab/ext_srvtab.c @@ -0,0 +1,164 @@ +/* + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * from: ext_srvtab.c,v 4.1 89/07/18 16:49:30 jtkohl Exp $ + * $Id: ext_srvtab.c,v 1.2 1994/07/19 19:22:36 g89r4222 Exp $ + */ + +#ifndef lint +static char rcsid[] = +"$Id: ext_srvtab.c,v 1.2 1994/07/19 19:22:36 g89r4222 Exp $"; +#endif lint + +#include <stdio.h> +#include <sys/file.h> +#include <sys/types.h> +#include <sys/time.h> +#include <sys/stat.h> +#include <sys/wait.h> +#include <signal.h> +#include <des.h> +#include <krb.h> +#include <krb_db.h> + +#define TRUE 1 +#define FALSE 0 + +static C_Block master_key; +static C_Block session_key; +static Key_schedule master_key_schedule; +char progname[] = "ext_srvtab"; +char realm[REALM_SZ]; + +main(argc, argv) + int argc; + char *argv[]; +{ + FILE *fout; + char fname[1024]; + int fopen_errs = 0; + int arg; + Principal princs[40]; + int more; + int prompt = TRUE; + register int n, i; + + bzero(realm, sizeof(realm)); + + /* Parse commandline arguments */ + if (argc < 2) + usage(); + else { + for (i = 1; i < argc; i++) { + if (strcmp(argv[i], "-n") == 0) + prompt = FALSE; + else if (strcmp(argv[i], "-r") == 0) { + if (++i >= argc) + usage(); + else { + strcpy(realm, argv[i]); + /* + * This is to humor the broken way commandline + * argument parsing is done. Later, this + * program ignores everything that starts with -. + */ + argv[i][0] = '-'; + } + } + else if (argv[i][0] == '-') + usage(); + else + if (!k_isinst(argv[i])) { + fprintf(stderr, "%s: bad instance name: %s\n", + progname, argv[i]); + usage(); + } + } + } + + if (kdb_get_master_key (prompt, master_key, master_key_schedule) != 0) { + fprintf (stderr, "Couldn't read master key.\n"); + fflush (stderr); + exit(1); + } + + if (kdb_verify_master_key (master_key, master_key_schedule, stderr) < 0) { + exit(1); + } + + /* For each arg, search for instances of arg, and produce */ + /* srvtab file */ + if (!realm[0]) + if (krb_get_lrealm(realm, 1) != KSUCCESS) { + fprintf(stderr, "%s: couldn't get local realm\n", progname); + exit(1); + } + (void) umask(077); + + for (arg = 1; arg < argc; arg++) { + if (argv[arg][0] == '-') + continue; + sprintf(fname, "%s-new-srvtab", argv[arg]); + if ((fout = fopen(fname, "w")) == NULL) { + fprintf(stderr, "Couldn't create file '%s'.\n", fname); + fopen_errs++; + continue; + } + printf("Generating '%s'....\n", fname); + n = kerb_get_principal("*", argv[arg], &princs[0], 40, &more); + if (more) + fprintf(stderr, "More than 40 found...\n"); + for (i = 0; i < n; i++) { + FWrite(princs[i].name, strlen(princs[i].name) + 1, 1, fout); + FWrite(princs[i].instance, strlen(princs[i].instance) + 1, + 1, fout); + FWrite(realm, strlen(realm) + 1, 1, fout); + FWrite(&princs[i].key_version, + sizeof(princs[i].key_version), 1, fout); + bcopy(&princs[i].key_low, session_key, sizeof(long)); + bcopy(&princs[i].key_high, session_key + sizeof(long), + sizeof(long)); + kdb_encrypt_key (session_key, session_key, + master_key, master_key_schedule, DES_DECRYPT); + FWrite(session_key, sizeof session_key, 1, fout); + } + fclose(fout); + } + + StampOutSecrets(); + + exit(fopen_errs); /* 0 errors if successful */ + +} + +Die() +{ + StampOutSecrets(); + exit(1); +} + +FWrite(p, size, n, f) + char *p; + int size; + int n; + FILE *f; +{ + if (fwrite(p, size, n, f) != n) { + printf("Error writing output file. Terminating.\n"); + Die(); + } +} + +StampOutSecrets() +{ + bzero(master_key, sizeof master_key); + bzero(session_key, sizeof session_key); + bzero(master_key_schedule, sizeof master_key_schedule); +} + +usage() +{ + fprintf(stderr, + "Usage: %s [-n] [-r realm] instance [instance ...]\n", progname); + exit(1); +} |