/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/*
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
*
* Openvision retains the copyright to derivative works of
* this source code. Do *NOT* create a derivative of this
* source code before consulting with your legal department.
* Do *NOT* integrate *ANY* of this source code into another
* product before consulting with your legal department.
*
* For further information, read the top-level Openvision
* copyright which is contained in the top-level MIT Kerberos
* copyright.
*
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
*
*/
/*
*
* (C) Copyright 1990,1991, 1996 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
*
* Edit a KDC database.
*/
/*
* Copyright (C) 1998 by the FundsXpress, INC.
*
* All rights reserved.
*
* Export of this software from the United States of America may require
* a specific license from the United States Government. It is the
* responsibility of any person or organization contemplating export to
* obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of FundsXpress. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. FundsXpress makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
/*
* Yes, I know this is a hack, but we need admin.h without including the
* a des.h header which causes other problems.
*/
#define _RPC_RPC_H
#include <stdio.h>
#include <k5-int.h>
#include <krb5/adm_proto.h>
#include <time.h>
#include <libintl.h>
#include <locale.h>
#include "kdb5_util.h"
/*
* XXX Ick, ick, ick. These global variables shouldn't be global....
*/
char *mkey_password = 0;
/*
* I can't figure out any way for this not to be global, given how ss
* works.
*/
int exit_status = 0;
void usage()
{
"kdb5_util [-x db_args]* [-r realm] [-d dbname] [-k mkeytype] [-M mkeyname]\n"
"\t [-sf stashfilename] [-P password] [-m] cmd [cmd_options]\n"
"\tcreate [-s]\n"
"\tdestroy [-f]\n"
"\tstash [-f keyfile]\n"
"\tdump [-old] [-ov] [-b6] [-verbose] [filename [princs...]]\n"
"\t [-mkey_convert] [-new_mkey_file mkey_file]\n"
"\t [-rev] [-recurse] [filename [princs...]]\n"
"\tload [-old] [-ov] [-b6] [-verbose] [-update] filename\n"
"\tark [-e etype_list] principal\n"
"\nwhere,\n\t[-x db_args]* - any number of database specific arguments.\n"
"\t\t\tLook at each database documentation for supported arguments\n",
gettext("Usage"));
exit(1);
}
extern krb5_principal master_princ;
int valid_master_key = 0;
char *progname;
static int open_db_and_mkey(void);
static void add_random_key(int, char **);
typedef void (*cmd_func)(int, char **);
struct _cmd_table {
char *name;
int opendb;
} cmd_table[] = {
{"create", kdb5_create, 0},
{"load", load_db, 0},
};
char *name;
{
return cmd;
else
cmd++;
}
return NULL;
}
int db5util_db_args_size = 0;
{
const char *emsg;
if (code) {
} else {
}
}
{
char **temp;
sizeof(char *) * (db5util_db_args_size + 1));
return 0;
return 1;
}
int argc;
char *argv[];
{
int cmd_argc;
#if !defined(TEXT_DOMAIN) /* Should be defined by cc -D */
#endif
(void) textdomain(TEXT_DOMAIN);
/*
* Solaris Kerberos:
* Ensure that "progname" is set before calling com_err.
*/
if (retval) {
gettext("while initializing Kerberos code"));
exit(1);
}
gettext("while creating sub-command arguments"));
exit(1);
}
cmd_argc = 1;
while (*argv) {
manual_mkey = TRUE;
if( db_name_tmp == NULL )
{
exit(1);
}
if (!add_db_arg(db_name_tmp)) {
exit(1);
}
if (!add_db_arg(koptarg)) {
exit(1);
}
/* not sure this is really necessary */
global_params.realm))) {
gettext("while setting default "
"realm name"));
exit(1);
}
/* Solaris Kerberos */
}
else
/* SUNWresync121 - carry the old -f forward too */
manual_mkey = TRUE;
else
usage();
} else {
}
}
usage();
if( !util_context->default_realm )
{
if( retval )
{
exit(1);
}
}
if (retval) {
/* Solaris Kerberos */
gettext("while retreiving configuration parameters"));
exit(1);
}
/*
* Dump creates files which should not be world-readable. It is
* easiest to do a single umask call here.
*/
(void) umask(077);
/* Solaris Kerberos */
exit(1);
}
return exit_status;
else
if( db_name_tmp )
free( db_name_tmp );
if( db5util_db_args )
return exit_status;
}
#if 0
/*
* This function is no longer used in kdb5_util (and it would no
* longer work, anyway).
*/
int argc;
char *argv[];
{
if (argc < 3) {
/* Solaris Kerberos */
progname);
exit_status++;
return;
}
if (dbactive) {
/* Solaris Kerberos */
exit_status++;
return;
}
if (valid_master_key) {
valid_master_key = 0;
}
}
/* Solaris Kerberos */
return;
}
#endif
/*
* open_db_and_mkey: Opens the KDC and policy database, and sets the
* global master_* variables. Sets dbactive to TRUE if the databases
* are opened, and valid_master_key to 1 if the global master
* variables are set properly. Returns 0 on success, and 1 on
* failure, but it is not considered a failure if the master key
* cannot be fetched (the master key stash file may not exist when the
* program is run).
*/
static int open_db_and_mkey()
{
int nentries;
valid_master_key = 0;
exit_status++;
return(1);
}
/* assemble & parse the master key name */
0, &master_princ))) {
gettext("while setting up master key name"));
exit_status++;
return(1);
}
nentries = 1;
gettext("while retrieving master entry"));
exit_status++;
(void) krb5_db_fini(util_context);
return(1);
} else if (more) {
gettext("while retrieving master entry"));
exit_status++;
(void) krb5_db_fini(util_context);
return(1);
} else if (!nentries) {
gettext("while retrieving master entry"));
exit_status++;
(void) krb5_db_fini(util_context);
return(1);
}
/* the databases are now open, and the master principal exists */
if (mkey_password) {
if (retval) {
gettext("while calculated master key salt"));
/* Solaris Kerberos */
exit_status++;
return(1);
}
/* If no encryption type is set, use the default */
gettext("while setting up enctype %d"),
}
if (retval) {
gettext("while transforming master key from password"));
/* Solaris Kerberos */
exit_status++;
return(1);
}
mkey_password = 0;
0, &master_key))) {
gettext("while reading master key"));
gettext("Warning: proceeding without master key"));
/*
* Solaris Kerberos: We don't want to count as an error if for instance
* the stash file is not present and we are trying to automate
* propagation, which really doesn't need a master key to do so.
*/
if (retval != KRB5_KDB_CANTREAD_STORED)
exit_status++;
return(0);
}
&master_key))) {
gettext("while verifying master key"));
exit_status++;
return(1);
}
gettext("while initializing random key generator"));
exit_status++;
return(1);
}
valid_master_key = 1;
return 0;
}
#ifdef HAVE_GETCWD
#endif
int
quit()
{
if (finished)
return 0;
exit_status++;
return 1;
}
return 0;
}
static void
int argc;
char **argv;
{
int n;
int free_keysalts;
/* Solaris Kerberos */
char *pr_str;
if (argc < 2)
usage();
continue;
} else
break;
}
if (argc < 1)
usage();
if (ret) {
exit_status++;
return;
}
n = 1;
&n, &more);
if (ret) {
exit_status++;
return;
}
if (n != 1) {
exit_status++;
return;
}
if (more) {
exit_status++;
return;
}
", \t", ":.-", 0,
&keysalts,
&num_keysalts);
if (ret) {
exit_status++;
return;
}
free_keysalts = 0;
} else
free_keysalts = 1;
&dbent);
if (free_keysalts)
if (ret) {
exit_status++;
return;
}
if (ret) {
exit_status++;
return;
}
if (ret) {
exit_status++;
return;
}
if (ret) {
exit_status++;
return;
}
}