diff options
author | Artur Grabowski <art@cvs.openbsd.org> | 1997-12-12 11:29:27 +0000 |
---|---|---|
committer | Artur Grabowski <art@cvs.openbsd.org> | 1997-12-12 11:29:27 +0000 |
commit | 390045d41f0f925904ec89d6771a384ac0bebdb5 (patch) | |
tree | ec00f7265ef398de9be021f15d518de352ac2ac3 /kerberosIV/kdb/krb_kdb_utils.c | |
parent | 91fd22b210ba01ba83638017a0cc1750f2aeea5a (diff) |
cleanup, check pointers, fix strcpy's, etc.
Diffstat (limited to 'kerberosIV/kdb/krb_kdb_utils.c')
-rw-r--r-- | kerberosIV/kdb/krb_kdb_utils.c | 286 |
1 files changed, 143 insertions, 143 deletions
diff --git a/kerberosIV/kdb/krb_kdb_utils.c b/kerberosIV/kdb/krb_kdb_utils.c index 55a07352c97..c775a6ba5c6 100644 --- a/kerberosIV/kdb/krb_kdb_utils.c +++ b/kerberosIV/kdb/krb_kdb_utils.c @@ -1,3 +1,4 @@ +/* $OpenBSD: krb_kdb_utils.c,v 1.3 1997/12/12 11:29:25 art Exp $ */ /* $KTH: krb_kdb_utils.c,v 1.23 1997/05/02 14:29:10 assar Exp $ */ /* @@ -41,122 +42,122 @@ static char *master_key_files[] = { MKEYFILE, "/.k", NULL }; int kdb_new_get_master_key(des_cblock *key, des_key_schedule schedule) { - int kfile; - int i; - char buf[1024]; - - char **mkey; - - for(mkey = master_key_files; *mkey; mkey++){ - kfile = open(*mkey, O_RDONLY); - if(kfile < 0 && errno != ENOENT) - fprintf(stderr, "Failed to open master key file \"%s\": %s\n", - *mkey, - k_strerror(errno)); - if(kfile >= 0) - break; - } - if(*mkey){ - int bytes; - bytes = read(kfile, (char*)key, sizeof(des_cblock)); - close(kfile); - if(bytes == sizeof(des_cblock)){ - des_key_sched(key, schedule); - return 0; - } - fprintf(stderr, "Could only read %d bytes from master key file %s\n", - bytes, *mkey); - }else{ - fprintf(stderr, "No master key file found.\n"); - } + int kfile; + int i; + char buf[1024]; + + char **mkey; + + for(mkey = master_key_files; *mkey; mkey++){ + kfile = open(*mkey, O_RDONLY); + if(kfile < 0 && errno != ENOENT) + fprintf(stderr, "Failed to open master key file \"%s\": %s\n", + *mkey, + k_strerror(errno)); + if(kfile >= 0) + break; + } + if(*mkey != NULL){ + int bytes; + bytes = read(kfile, (char*)key, sizeof(des_cblock)); + close(kfile); + if(bytes == sizeof(des_cblock)){ + des_key_sched(key, schedule); + return 0; + } + fprintf(stderr, "Could only read %d bytes from master key file %s\n", + bytes, *mkey); + }else{ + fprintf(stderr, "No master key file found.\n"); + } - i=0; - while(i < 3){ - if(des_read_pw_string(buf, sizeof(buf), "Enter master password: ", 0)) - break; - - /* buffer now contains either an old format master key password or a - * new format base64 encoded master key - */ + i=0; + while(i < 3){ + if(des_read_pw_string(buf, sizeof(buf), "Enter master password: ", 0)) + break; + + /* buffer now contains either an old format master key password or a + * new format base64 encoded master key + */ - /* try to verify as old password */ - des_string_to_key(buf, key); - des_key_sched(key, schedule); + /* try to verify as old password */ + des_string_to_key(buf, key); + des_key_sched(key, schedule); - if(kdb_verify_master_key(key, schedule, NULL) != -1){ - memset(buf, 0, sizeof(buf)); - return 0; - } + if(kdb_verify_master_key(key, schedule, NULL) != -1){ + memset(buf, 0, sizeof(buf)); + return 0; + } - /* failed test, so must be base64 encoded */ + /* failed test, so must be base64 encoded */ - if(base64_decode(buf, key) == 8){ - des_key_sched(key, schedule); - if(kdb_verify_master_key(key, schedule, NULL) != -1){ - memset(buf, 0, sizeof(buf)); - return 0; - } - } + if(base64_decode(buf, key) == 8){ + des_key_sched(key, schedule); + if(kdb_verify_master_key(key, schedule, NULL) != -1){ + memset(buf, 0, sizeof(buf)); + return 0; + } + } - memset(buf, 0, sizeof(buf)); - fprintf(stderr, "Failed to verify master key.\n"); - i++; - } + memset(buf, 0, sizeof(buf)); + fprintf(stderr, "Failed to verify master key.\n"); + i++; + } - /* life sucks */ - fprintf(stderr, "You loose.\n"); - exit(1); + /* life sucks */ + fprintf(stderr, "You loose.\n"); + exit(1); } int kdb_new_get_new_master_key(des_cblock *key, des_key_schedule schedule, int verify) { #ifndef RANDOM_MKEY - des_read_password(key, "\nEnter Kerberos master password: ", verify); - printf ("\n"); + des_read_password(key, "\nEnter Kerberos master password: ", verify); + printf ("\n"); #else - char buf[1024]; - des_generate_random_block (key); - des_key_sched(key, schedule); + char buf[1024]; + des_generate_random_block (key); + des_key_sched(key, schedule); - des_read_pw_string(buf, sizeof(buf), "Enter master key seed: ", 0); - des_cbc_cksum((des_cblock*)buf, key, sizeof(buf), schedule, key); - memset(buf, 0, sizeof(buf)); + des_read_pw_string(buf, sizeof(buf), "Enter master key seed: ", 0); + des_cbc_cksum((des_cblock*)buf, key, sizeof(buf), schedule, key); + memset(buf, 0, sizeof(buf)); #endif - des_key_sched(key, schedule); - return 0; + des_key_sched(key, schedule); + return 0; } int kdb_get_master_key(int prompt, des_cblock *master_key, des_key_schedule master_key_sched) { - int ask = (prompt == KDB_GET_TWICE); + int ask = (prompt == KDB_GET_TWICE); #ifndef RANDOM_MKEY - ask |= (prompt == KDB_GET_PROMPT); + ask |= (prompt == KDB_GET_PROMPT); #endif - if(ask) - kdb_new_get_new_master_key(master_key, master_key_sched, - prompt == KDB_GET_TWICE); - else - kdb_new_get_master_key(master_key, master_key_sched); - return 0; + if(ask) + kdb_new_get_new_master_key(master_key, master_key_sched, + prompt == KDB_GET_TWICE); + else + kdb_new_get_master_key(master_key, master_key_sched); + return 0; } int kdb_kstash(des_cblock *master_key, char *file) { - int kfile; - kfile = open(file, O_TRUNC | O_RDWR | O_CREAT, 0600); - if (kfile < 0) { - return -1; - } - if (write(kfile, master_key, sizeof(des_cblock)) != sizeof(des_cblock)) { + int kfile; + kfile = open(file, O_TRUNC | O_RDWR | O_CREAT, 0600); + if (kfile < 0) { + return -1; + } + if (write(kfile, master_key, sizeof(des_cblock)) != sizeof(des_cblock)) { + close(kfile); + return -1; + } close(kfile); - return -1; - } - close(kfile); - return 0; + return 0; } /* The old algorithm used the key schedule as the initial vector which @@ -167,12 +168,11 @@ kdb_encrypt_key (des_cblock (*in), des_cblock (*out), des_cblock (*master_key), des_key_schedule master_key_sched, int e_d_flag) { - #ifdef NOENCRYPTION - memcpy(out, in, sizeof(des_cblock)); + memcpy(out, in, sizeof(des_cblock)); #else - des_pcbc_encrypt(in,out,(long)sizeof(des_cblock),master_key_sched,master_key, - e_d_flag); + des_pcbc_encrypt(in, out, (long)sizeof(des_cblock), master_key_sched, + master_key, e_d_flag); #endif } @@ -186,57 +186,57 @@ kdb_verify_master_key (des_cblock *master_key, des_key_schedule master_key_sched, FILE *out) /* NULL -> no output */ { - des_cblock key_from_db; - Principal principal_data[1]; - int n, more = 0; - long master_key_version; - - /* lookup the master key version */ - n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data, - 1 /* only one please */, &more); - if ((n != 1) || more) { - if (out != (FILE *) NULL) - fprintf(out, - "verify_master_key: %s, %d found.\n", - "Kerberos error on master key version lookup", - n); - return (-1); - } - - master_key_version = (long) principal_data[0].key_version; - - /* set up the master key */ - if (out != (FILE *) NULL) /* should we punt this? */ - fprintf(out, "Current Kerberos master key version is %d.\n", - principal_data[0].kdc_key_ver); - - /* - * now use the master key to decrypt the key in the db, had better - * be the same! - */ - copy_to_key(&principal_data[0].key_low, - &principal_data[0].key_high, - key_from_db); - kdb_encrypt_key (&key_from_db, &key_from_db, - master_key, master_key_sched, DES_DECRYPT); - - /* the decrypted database key had better equal the master key */ - n = memcmp(master_key, key_from_db, sizeof(master_key)); - /* this used to zero the master key here! */ - memset(key_from_db, 0, sizeof(key_from_db)); - memset(principal_data, 0, sizeof (principal_data)); - - if (n && (out != (FILE *) NULL)) { - fprintf(out, "\n\07\07verify_master_key: Invalid master key; "); - fprintf(out, "does not match database.\n"); - } - if(n) - return (-1); - - if (out != (FILE *) NULL) { - fprintf(out, "\nMaster key entered. BEWARE!\07\07\n"); - fflush(out); - } - - return (master_key_version); + des_cblock key_from_db; + Principal principal_data[1]; + int n, more = 0; + long master_key_version; + + /* lookup the master key version */ + n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data, + 1 /* only one please */, &more); + if ((n != 1) || more) { + if (out != (FILE *) NULL) + fprintf(out, + "verify_master_key: %s, %d found.\n", + "Kerberos error on master key version lookup", + n); + return (-1); + } + + master_key_version = (long) principal_data[0].key_version; + + /* set up the master key */ + if (out != (FILE *) NULL) /* should we punt this? */ + fprintf(out, "Current Kerberos master key version is %d.\n", + principal_data[0].kdc_key_ver); + + /* + * now use the master key to decrypt the key in the db, had better + * be the same! + */ + copy_to_key(&principal_data[0].key_low, + &principal_data[0].key_high, + key_from_db); + kdb_encrypt_key (&key_from_db, &key_from_db, + master_key, master_key_sched, DES_DECRYPT); + + /* the decrypted database key had better equal the master key */ + n = memcmp(master_key, key_from_db, sizeof(master_key)); + /* this used to zero the master key here! */ + memset(key_from_db, 0, sizeof(key_from_db)); + memset(principal_data, 0, sizeof (principal_data)); + + if (n && (out != (FILE *) NULL)) { + fprintf(out, "\n\07\07verify_master_key: Invalid master key; "); + fprintf(out, "does not match database.\n"); + } + if(n) + return (-1); + + if (out != (FILE *) NULL) { + fprintf(out, "\nMaster key entered. BEWARE!\07\07\n"); + fflush(out); + } + + return master_key_version; } |