kdb5_util.c revision 505d05c73a6e56769f263d4803b22eddd168ee24
/*
* Copyright 2005 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
*
* Openvision retains the copyright to derivative works of
* this source code. Do *NOT* create a derivative of this
* source code before consulting with your legal department.
* Do *NOT* integrate *ANY* of this source code into another
* product before consulting with your legal department.
*
* For further information, read the top-level Openvision
* copyright which is contained in the top-level MIT Kerberos
* copyright.
*
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
*
*/
/*
*
* (C) Copyright 1990,1991, 1996 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
*
* Edit a KDC database.
*/
/*
* Yes, I know this is a hack, but we need admin.h without including the
* a des.h header which causes other problems.
*/
#define _RPC_RPC_H
#include <stdio.h>
#define KDB5_DISPATCH
#define KRB5_KDB5_DBM__
#include <k5-int.h>
/* #define these to avoid an indirection function; for future implementations,
#define krb5_dbm_db_set_name krb5_db_set_name
#define krb5_dbm_db_init krb5_db_init
#define krb5_dbm_db_get_age krb5_db_get_age
#define krb5_dbm_db_create krb5_db_create
#define krb5_dbm_db_rename krb5_db_rename
#define krb5_dbm_db_lock krb5_db_lock
#define krb5_dbm_db_unlock krb5_db_unlock
#include <time.h>
#include <libintl.h>
#include <locale.h>
#include "kdb5_util.h"
char *Err_no_master_msg = "Master key not entered!\n";
char *Err_no_database = "Database not currently opened!\n";
/*
* XXX Ick, ick, ick. These global variables shouldn't be global....
*/
char *mkey_password = 0;
/*
* I can't figure out any way for this not to be global, given how ss
* works.
*/
int exit_status = 0;
void
usage()
{
"kdb5_util cmd [-r realm] [-d dbname] [-k mkeytype] [-M mkeyname]\n"
"\t [-f] [stashfile] [-P password] [-m ] [cmd options]\n"
"\tcreate [-s]\n"
"\tdestroy \n"
"\tstash \n"
"\tdump [-old] [-ov] [-b6] [-verbose] [filename [princs...]]\n"
"\tload [-old] [-ov] [-b6] [-verbose] [-update] filename\n"
#ifdef SUNWOFF
"\tload_v4 [-t] [-n] [-v] [-K] [-s stashfile] inputfile\n"
#endif
"\tark [-e etype_list] principal\n",
gettext("Usage"));
exit(1);
}
extern krb5_principal master_princ;
int valid_master_key = 0;
int close_policy_db = 0;
char *progname;
int kdb5_create(int, char **);
int kdb5_destroy(int, char **);
int kdb5_stash(int, char **);
int dump_db(int, char **);
int load_db(int, char **);
int open_db_and_mkey();
int add_random_key(int, char **);
typedef int (*cmd_func)(int, char **);
struct _cmd_table {
char *name;
int opendb;
} cmd_table[] = {
"create", kdb5_create, 0,
"load", load_db, 0,
};
struct _cmd_table *
char *name;
{
return (cmd);
else
cmd++;
}
return (NULL);
}
int
int argc;
char *argv[];
{
int cmd_argc;
#if !defined(TEXT_DOMAIN) /* Should be defined by cc -D */
#endif
(void) textdomain(TEXT_DOMAIN);
if (retval) {
gettext("while initializing Kerberos code"));
exit(1);
}
gettext("while creating sub-command arguments"));
exit(1);
}
cmd_argc = 1;
argv++;
argc--;
while (*argv) {
manual_mkey = TRUE;
/* not sure this is really necessary */
global_params.realm))) {
gettext("while setting default "
"realm name"));
exit(1);
}
gettext("%s is an invalid enctype"),
optarg);
else
/* SUNWresync121 - carry the old -f forward too */
manual_mkey = TRUE;
else
usage();
} else {
}
argv++;
argc--;
}
usage();
&global_params, &global_params)) {
gettext("while retreiving configuration parameters"));
exit(1);
}
/*
* Dump creates files which should not be world-readable. It is
* easiest to do a single umask call here.
*/
(void) umask(077);
}
return (exit_status);
else
if(close_policy_db) {
(void) osa_adb_close_policy(policy_db);
}
return (exit_status);
}
#if 0
/*
* This function is no longer used in kdb5_util (and it would no
* longer work, anyway).
*/
void
int argc;
char *argv[];
{
if (argc < 3) {
argv[0]);
exit_status++;
return;
}
if (dbactive) {
retval != KRB5_KDB_DBNOTINITED) {
gettext("while closing previous database"));
exit_status++;
return;
}
if (valid_master_key) {
valid_master_key = 0;
}
}
}
#endif
/*
* open_db_and_mkey: Opens the KDC and policy database, and sets the
* global master_* variables. Sets dbactive to TRUE if the databases
* are opened, and valid_master_key to 1 if the global master
* variables are set properly. Returns 0 on success, and 1 on
* failure, but it is not considered a failure if the master key
* cannot be fetched (the master key stash file may not exist when the
* program is run).
*/
int
{
int nentries;
valid_master_key = 0;
gettext("while setting active database to '%s'"),
exit_status++;
return(1);
}
gettext("while initializing database"));
exit_status++;
return(1);
}
gettext("opening policy database"));
exit_status++;
return (1);
}
/* assemble & parse the master key name */
0, &master_princ))) {
gettext("while setting up master key name"));
exit_status++;
return(1);
}
nentries = 1;
gettext("while retrieving master entry"));
exit_status++;
(void) krb5_db_fini(util_context);
return(1);
} else if (more) {
gettext("while retrieving master entry"));
exit_status++;
(void) krb5_db_fini(util_context);
return(1);
} else if (!nentries) {
gettext("while retrieving master entry"));
exit_status++;
(void) krb5_db_fini(util_context);
return(1);
}
/* the databases are now open, and the master principal exists */
if (mkey_password) {
master_princ, &scratch);
if (retval) {
gettext("while calculated master key salt"));
return(1);
}
/* If no encryption type is set, use the default */
gettext("while setting up enctype %d"),
}
if (retval) {
gettext("while transforming master key from password"));
return(1);
}
mkey_password = 0;
0, &master_key))) {
gettext("while reading master key"));
gettext("Warning: proceeding without master key"));
exit_status++;
return(0);
}
&master_key))) {
gettext("while verifying master key"));
exit_status++;
return(1);
}
gettext("while initializing random key generator"));
exit_status++;
return(1);
}
valid_master_key = 1;
return (0);
}
#ifdef HAVE_GETCWD
#endif
int
quit()
{
static krb5_boolean finished = 0;
if (finished)
return (0);
exit_status++;
return (1);
}
return (0);
}
int
int argc;
char **argv;
{
int n, i;
krb5_int32 num_keysalts = 0;
int free_keysalts;
char *pr_str;
if (argc < 2)
usage();
continue;
} else
break;
}
if (argc < 1)
usage();
if (ret) {
return 1;
}
n = 1;
&n, &more);
if (ret) {
return 1;
}
if (n != 1) {
return 1;
}
if (more) {
return 1;
}
", \t", ":.-", 0,
&keysalts,
&num_keysalts);
if (ret) {
return 1;
}
free_keysalts = 0;
} else
free_keysalts = 1;
&dbent);
if (free_keysalts)
if (ret) {
return 1;
}
if (ret) {
return 1;
}
if (ret) {
return 1;
}
if (ret) {
return 1;
}
return 0;
}