oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Remove support dumping to a kerberos 4 database.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18957 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-11-08 18:48:36 +00:00
parent 6740e9a944
commit e6e22c2bbd
1 changed files with 24 additions and 211 deletions
Download Patch File Download Diff File Expand all files Collapse all files

235
kdc/hpropd.c
View File

@@ -35,139 +35,6 @@
RCSID("$Id$");
#ifdef KRB4
#include <krb.h>
#include <prot.h>
#define Principal Principal4
#include <krb_db.h>
static des_cblock mkey4;
static des_key_schedule msched4;
static char *
time2str(time_t t)
{
static char buf[128];
strftime(buf, sizeof(buf), "%Y%m%d%H%M", gmtime(&t));
return buf;
}
static int
dump_krb4(krb5_context context, hdb_entry *ent, int fd)
{
char name[ANAME_SZ];
char instance[INST_SZ];
char realm[REALM_SZ];
char buf[1024];
char *p;
int i;
int ret;
char *princ_name;
Event *modifier;
krb5_realm *realms;
int cmp;
ret = krb5_524_conv_principal(context, ent->principal,
name, instance, realm);
if (ret) {
ret = krb5_unparse_name(context, ent->principal, &princ_name);
if (ret == 0) {
krb5_warn(context, ret, "%s", princ_name);
free(princ_name);
}
return -1;
}
ret = krb5_get_default_realms (context, &realms);
if (ret) {
krb5_warn(context, ret, "krb5_get_default_realms");
return -1;
}
cmp = strcmp (realms[0], ent->principal->realm);
krb5_free_host_realm (context, realms);
if (cmp != 0)
return -1;
snprintf (buf, sizeof(buf), "%s %s ", name,
(strlen(instance) != 0) ? instance : "*");
if (ent->max_life) {
asprintf(&p, "%d", krb_time_to_life(0, *ent->max_life));
strlcat(buf, p, sizeof(buf));
free(p);
} else
strlcat(buf, "255", sizeof(buf));
strlcat(buf, " ", sizeof(buf));
i = 0;
while (i < ent->keys.len &&
ent->keys.val[i].key.keytype != KEYTYPE_DES)
++i;
if (i == ent->keys.len) {
krb5_warnx(context, "No DES key for %s.%s", name, instance);
return -1;
}
if (ent->keys.val[i].mkvno)
asprintf(&p, "%d ", *ent->keys.val[i].mkvno);
else
asprintf(&p, "%d ", 1);
strlcat(buf, p, sizeof(buf));
free(p);
asprintf(&p, "%d ", ent->kvno);
strlcat(buf, p, sizeof(buf));
free(p);
asprintf(&p, "%d ", 0); /* Attributes are always 0*/
strlcat(buf, p, sizeof(buf));
free(p);
{
uint32_t *key = ent->keys.val[i].key.keyvalue.data;
kdb_encrypt_key((des_cblock*)key, (des_cblock*)key,
&mkey4, msched4, DES_ENCRYPT);
asprintf(&p, "%x %x ", (int)htonl(*key), (int)htonl(*(key+1)));
strlcat(buf, p, sizeof(buf));
free(p);
}
if (ent->valid_end == NULL)
strlcat(buf, time2str(60*60*24*365*50), sizeof(buf)); /*no expiration*/
else
strlcat(buf, time2str(*ent->valid_end), sizeof(buf));
strlcat(buf, " ", sizeof(buf));
if (ent->modified_by == NULL)
modifier = &ent->created_by;
else
modifier = ent->modified_by;
ret = krb5_524_conv_principal(context, modifier->principal,
name, instance, realm);
if (ret) {
ret = krb5_unparse_name(context, modifier->principal, &princ_name);
if (ret == 0) {
krb5_warn(context, ret, "%s", princ_name);
free(princ_name);
}
return -1;
}
asprintf(&p, "%s %s %s\n", time2str(modifier->time),
(strlen(name) != 0) ? name : "*",
(strlen(instance) != 0) ? instance : "*");
strlcat(buf, p, sizeof(buf));
free(p);
ret = write(fd, buf, strlen(buf));
if (ret == -1)
krb5_warnx(context, "write");
return 0;
}
#endif /* KRB4 */
static int inetd_flag = -1;
static int help_flag;
static int version_flag;
@@ -175,9 +42,6 @@ static int print_dump;
static const char *database = HDB_DEFAULT_DB;
static int from_stdin;
static char *local_realm;
#ifdef KRB4
static int v4dump;
#endif
static char *ktname = NULL;
struct getargs args[] = {
@@ -188,9 +52,6 @@ struct getargs args[] = {
"Not started from inetd" },
{ "keytab", 'k', arg_string, &ktname, "keytab to use for authentication", "keytab" },
{ "realm", 'r', arg_string, &local_realm, "realm to use" },
#ifdef KRB4
{ "v4dump", '4', arg_flag, &v4dump, "create v4 type DB" },
#endif
{ "version", 0, arg_flag, &version_flag, NULL, NULL },
{ "help", 'h', arg_flag, &help_flag, NULL, NULL}
};
@@ -219,10 +80,6 @@ main(int argc, char **argv)
char *tmp_db;
krb5_log_facility *fac;
int nprincs;
#ifdef KRB4
int e;
int fd_out = -1;
#endif
setprogname(argv[0]);
@@ -238,11 +95,6 @@ main(int argc, char **argv)
if(getarg(args, num_args, argc, argv, &optidx))
usage(1);
#ifdef KRB4
if (v4dump && database == HDB_DEFAULT_DB)
database = "/var/kerberos/524_dump";
#endif /* KRB4 */
if(local_realm != NULL)
krb5_set_default_realm(context, local_realm);
@@ -289,7 +141,7 @@ main(int argc, char **argv)
addr_name,
sizeof(addr_name)) == NULL)
strlcpy (addr_name, "unknown address",
sizeof(addr_name));
sizeof(addr_name));
krb5_log(context, fac, 0, "Connection from %s", addr_name);
@@ -347,32 +199,14 @@ main(int argc, char **argv)
if(!print_dump) {
asprintf(&tmp_db, "%s~", database);
#ifdef KRB4
if (v4dump) {
fd_out = open(tmp_db, O_WRONLY | O_CREAT | O_TRUNC, 0600);
if (fd_out == -1)
krb5_errx(context, 1, "%s", strerror(errno));
}
else
#endif /* KRB4 */
{
ret = hdb_create(context, &db, tmp_db);
if(ret)
krb5_err(context, 1, ret, "hdb_create(%s)", tmp_db);
ret = db->hdb_open(context, db, O_RDWR | O_CREAT | O_TRUNC, 0600);
if(ret)
krb5_err(context, 1, ret, "hdb_open(%s)", tmp_db);
}
}
#ifdef KRB4
if (v4dump) {
e = kdb_get_master_key(0, &mkey4, msched4);
if(e)
krb5_errx(context, 1, "kdb_get_master_key: %s",
krb_get_err_text(e));
ret = hdb_create(context, &db, tmp_db);
if(ret)
krb5_err(context, 1, ret, "hdb_create(%s)", tmp_db);
ret = db->hdb_open(context, db, O_RDWR | O_CREAT | O_TRUNC, 0600);
if(ret)
krb5_err(context, 1, ret, "hdb_open(%s)", tmp_db);
}
#endif /* KRB4 */
nprincs = 0;
while(1){
@@ -396,24 +230,12 @@ main(int argc, char **argv)
krb5_write_priv_message(context, ac, &fd, &data);
}
if(!print_dump) {
#ifdef KRB4
if (v4dump) {
ret = rename(tmp_db, database);
if (ret)
krb5_errx(context, 1, "rename");
ret = close(fd_out);
if (ret)
krb5_errx(context, 1, "close");
} else
#endif /* KRB4 */
{
ret = db->hdb_rename(context, db, database);
if(ret)
krb5_err(context, 1, ret, "db_rename");
ret = db->hdb_close(context, db);
if(ret)
krb5_err(context, 1, ret, "db_close");
}
ret = db->hdb_rename(context, db, database);
if(ret)
krb5_err(context, 1, ret, "db_rename");
ret = db->hdb_close(context, db);
if(ret)
krb5_err(context, 1, ret, "db_close");
}
break;
}
@@ -424,27 +246,18 @@ main(int argc, char **argv)
if(print_dump)
hdb_print_entry(context, db, &entry, stdout);
else {
#ifdef KRB4
if (v4dump) {
ret = dump_krb4(context, &entry, fd_out);
if(!ret) nprincs++;
}
ret = db->hdb_store(context, db, 0, &entry);
if(ret == HDB_ERR_EXISTS) {
char *s;
ret = krb5_unparse_name(context, entry.entry.principal, &s);
if (ret)
s = strdup("unparseable name");
krb5_warnx(context, "Entry exists: %s", s);
free(s);
} else if(ret)
krb5_err(context, 1, ret, "db_store");
else
#endif /* KRB4 */
{
ret = db->hdb_store(context, db, 0, &entry);
if(ret == HDB_ERR_EXISTS) {
char *s;
ret = krb5_unparse_name(context, entry.entry.principal, &s);
if (ret)
s = strdup("unparseable name");
krb5_warnx(context, "Entry exists: %s", s);
free(s);
} else if(ret)
krb5_err(context, 1, ret, "db_store");
else
nprincs++;
}
nprincs++;
}
hdb_free_entry(context, &entry);
}