summaryrefslogtreecommitdiff
path: root/kerberosIV/kdb/krb_kdb_utils.c
diff options
context:
space:
mode:
authorArtur Grabowski <art@cvs.openbsd.org>1997-12-12 11:29:27 +0000
committerArtur Grabowski <art@cvs.openbsd.org>1997-12-12 11:29:27 +0000
commit390045d41f0f925904ec89d6771a384ac0bebdb5 (patch)
treeec00f7265ef398de9be021f15d518de352ac2ac3 /kerberosIV/kdb/krb_kdb_utils.c
parent91fd22b210ba01ba83638017a0cc1750f2aeea5a (diff)
cleanup, check pointers, fix strcpy's, etc.
Diffstat (limited to 'kerberosIV/kdb/krb_kdb_utils.c')
-rw-r--r--kerberosIV/kdb/krb_kdb_utils.c286
1 files changed, 143 insertions, 143 deletions
diff --git a/kerberosIV/kdb/krb_kdb_utils.c b/kerberosIV/kdb/krb_kdb_utils.c
index 55a07352c97..c775a6ba5c6 100644
--- a/kerberosIV/kdb/krb_kdb_utils.c
+++ b/kerberosIV/kdb/krb_kdb_utils.c
@@ -1,3 +1,4 @@
+/* $OpenBSD: krb_kdb_utils.c,v 1.3 1997/12/12 11:29:25 art Exp $ */
/* $KTH: krb_kdb_utils.c,v 1.23 1997/05/02 14:29:10 assar Exp $ */
/*
@@ -41,122 +42,122 @@ static char *master_key_files[] = { MKEYFILE, "/.k", NULL };
int
kdb_new_get_master_key(des_cblock *key, des_key_schedule schedule)
{
- int kfile;
- int i;
- char buf[1024];
-
- char **mkey;
-
- for(mkey = master_key_files; *mkey; mkey++){
- kfile = open(*mkey, O_RDONLY);
- if(kfile < 0 && errno != ENOENT)
- fprintf(stderr, "Failed to open master key file \"%s\": %s\n",
- *mkey,
- k_strerror(errno));
- if(kfile >= 0)
- break;
- }
- if(*mkey){
- int bytes;
- bytes = read(kfile, (char*)key, sizeof(des_cblock));
- close(kfile);
- if(bytes == sizeof(des_cblock)){
- des_key_sched(key, schedule);
- return 0;
- }
- fprintf(stderr, "Could only read %d bytes from master key file %s\n",
- bytes, *mkey);
- }else{
- fprintf(stderr, "No master key file found.\n");
- }
+ int kfile;
+ int i;
+ char buf[1024];
+
+ char **mkey;
+
+ for(mkey = master_key_files; *mkey; mkey++){
+ kfile = open(*mkey, O_RDONLY);
+ if(kfile < 0 && errno != ENOENT)
+ fprintf(stderr, "Failed to open master key file \"%s\": %s\n",
+ *mkey,
+ k_strerror(errno));
+ if(kfile >= 0)
+ break;
+ }
+ if(*mkey != NULL){
+ int bytes;
+ bytes = read(kfile, (char*)key, sizeof(des_cblock));
+ close(kfile);
+ if(bytes == sizeof(des_cblock)){
+ des_key_sched(key, schedule);
+ return 0;
+ }
+ fprintf(stderr, "Could only read %d bytes from master key file %s\n",
+ bytes, *mkey);
+ }else{
+ fprintf(stderr, "No master key file found.\n");
+ }
- i=0;
- while(i < 3){
- if(des_read_pw_string(buf, sizeof(buf), "Enter master password: ", 0))
- break;
-
- /* buffer now contains either an old format master key password or a
- * new format base64 encoded master key
- */
+ i=0;
+ while(i < 3){
+ if(des_read_pw_string(buf, sizeof(buf), "Enter master password: ", 0))
+ break;
+
+ /* buffer now contains either an old format master key password or a
+ * new format base64 encoded master key
+ */
- /* try to verify as old password */
- des_string_to_key(buf, key);
- des_key_sched(key, schedule);
+ /* try to verify as old password */
+ des_string_to_key(buf, key);
+ des_key_sched(key, schedule);
- if(kdb_verify_master_key(key, schedule, NULL) != -1){
- memset(buf, 0, sizeof(buf));
- return 0;
- }
+ if(kdb_verify_master_key(key, schedule, NULL) != -1){
+ memset(buf, 0, sizeof(buf));
+ return 0;
+ }
- /* failed test, so must be base64 encoded */
+ /* failed test, so must be base64 encoded */
- if(base64_decode(buf, key) == 8){
- des_key_sched(key, schedule);
- if(kdb_verify_master_key(key, schedule, NULL) != -1){
- memset(buf, 0, sizeof(buf));
- return 0;
- }
- }
+ if(base64_decode(buf, key) == 8){
+ des_key_sched(key, schedule);
+ if(kdb_verify_master_key(key, schedule, NULL) != -1){
+ memset(buf, 0, sizeof(buf));
+ return 0;
+ }
+ }
- memset(buf, 0, sizeof(buf));
- fprintf(stderr, "Failed to verify master key.\n");
- i++;
- }
+ memset(buf, 0, sizeof(buf));
+ fprintf(stderr, "Failed to verify master key.\n");
+ i++;
+ }
- /* life sucks */
- fprintf(stderr, "You loose.\n");
- exit(1);
+ /* life sucks */
+ fprintf(stderr, "You loose.\n");
+ exit(1);
}
int kdb_new_get_new_master_key(des_cblock *key, des_key_schedule schedule,
int verify)
{
#ifndef RANDOM_MKEY
- des_read_password(key, "\nEnter Kerberos master password: ", verify);
- printf ("\n");
+ des_read_password(key, "\nEnter Kerberos master password: ", verify);
+ printf ("\n");
#else
- char buf[1024];
- des_generate_random_block (key);
- des_key_sched(key, schedule);
+ char buf[1024];
+ des_generate_random_block (key);
+ des_key_sched(key, schedule);
- des_read_pw_string(buf, sizeof(buf), "Enter master key seed: ", 0);
- des_cbc_cksum((des_cblock*)buf, key, sizeof(buf), schedule, key);
- memset(buf, 0, sizeof(buf));
+ des_read_pw_string(buf, sizeof(buf), "Enter master key seed: ", 0);
+ des_cbc_cksum((des_cblock*)buf, key, sizeof(buf), schedule, key);
+ memset(buf, 0, sizeof(buf));
#endif
- des_key_sched(key, schedule);
- return 0;
+ des_key_sched(key, schedule);
+ return 0;
}
int kdb_get_master_key(int prompt, des_cblock *master_key,
des_key_schedule master_key_sched)
{
- int ask = (prompt == KDB_GET_TWICE);
+ int ask = (prompt == KDB_GET_TWICE);
#ifndef RANDOM_MKEY
- ask |= (prompt == KDB_GET_PROMPT);
+ ask |= (prompt == KDB_GET_PROMPT);
#endif
- if(ask)
- kdb_new_get_new_master_key(master_key, master_key_sched,
- prompt == KDB_GET_TWICE);
- else
- kdb_new_get_master_key(master_key, master_key_sched);
- return 0;
+ if(ask)
+ kdb_new_get_new_master_key(master_key, master_key_sched,
+ prompt == KDB_GET_TWICE);
+ else
+ kdb_new_get_master_key(master_key, master_key_sched);
+ return 0;
}
int kdb_kstash(des_cblock *master_key, char *file)
{
- int kfile;
- kfile = open(file, O_TRUNC | O_RDWR | O_CREAT, 0600);
- if (kfile < 0) {
- return -1;
- }
- if (write(kfile, master_key, sizeof(des_cblock)) != sizeof(des_cblock)) {
+ int kfile;
+ kfile = open(file, O_TRUNC | O_RDWR | O_CREAT, 0600);
+ if (kfile < 0) {
+ return -1;
+ }
+ if (write(kfile, master_key, sizeof(des_cblock)) != sizeof(des_cblock)) {
+ close(kfile);
+ return -1;
+ }
close(kfile);
- return -1;
- }
- close(kfile);
- return 0;
+ return 0;
}
/* The old algorithm used the key schedule as the initial vector which
@@ -167,12 +168,11 @@ kdb_encrypt_key (des_cblock (*in), des_cblock (*out),
des_cblock (*master_key),
des_key_schedule master_key_sched, int e_d_flag)
{
-
#ifdef NOENCRYPTION
- memcpy(out, in, sizeof(des_cblock));
+ memcpy(out, in, sizeof(des_cblock));
#else
- des_pcbc_encrypt(in,out,(long)sizeof(des_cblock),master_key_sched,master_key,
- e_d_flag);
+ des_pcbc_encrypt(in, out, (long)sizeof(des_cblock), master_key_sched,
+ master_key, e_d_flag);
#endif
}
@@ -186,57 +186,57 @@ kdb_verify_master_key (des_cblock *master_key,
des_key_schedule master_key_sched,
FILE *out) /* NULL -> no output */
{
- des_cblock key_from_db;
- Principal principal_data[1];
- int n, more = 0;
- long master_key_version;
-
- /* lookup the master key version */
- n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data,
- 1 /* only one please */, &more);
- if ((n != 1) || more) {
- if (out != (FILE *) NULL)
- fprintf(out,
- "verify_master_key: %s, %d found.\n",
- "Kerberos error on master key version lookup",
- n);
- return (-1);
- }
-
- master_key_version = (long) principal_data[0].key_version;
-
- /* set up the master key */
- if (out != (FILE *) NULL) /* should we punt this? */
- fprintf(out, "Current Kerberos master key version is %d.\n",
- principal_data[0].kdc_key_ver);
-
- /*
- * now use the master key to decrypt the key in the db, had better
- * be the same!
- */
- copy_to_key(&principal_data[0].key_low,
- &principal_data[0].key_high,
- key_from_db);
- kdb_encrypt_key (&key_from_db, &key_from_db,
- master_key, master_key_sched, DES_DECRYPT);
-
- /* the decrypted database key had better equal the master key */
- n = memcmp(master_key, key_from_db, sizeof(master_key));
- /* this used to zero the master key here! */
- memset(key_from_db, 0, sizeof(key_from_db));
- memset(principal_data, 0, sizeof (principal_data));
-
- if (n && (out != (FILE *) NULL)) {
- fprintf(out, "\n\07\07verify_master_key: Invalid master key; ");
- fprintf(out, "does not match database.\n");
- }
- if(n)
- return (-1);
-
- if (out != (FILE *) NULL) {
- fprintf(out, "\nMaster key entered. BEWARE!\07\07\n");
- fflush(out);
- }
-
- return (master_key_version);
+ des_cblock key_from_db;
+ Principal principal_data[1];
+ int n, more = 0;
+ long master_key_version;
+
+ /* lookup the master key version */
+ n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data,
+ 1 /* only one please */, &more);
+ if ((n != 1) || more) {
+ if (out != (FILE *) NULL)
+ fprintf(out,
+ "verify_master_key: %s, %d found.\n",
+ "Kerberos error on master key version lookup",
+ n);
+ return (-1);
+ }
+
+ master_key_version = (long) principal_data[0].key_version;
+
+ /* set up the master key */
+ if (out != (FILE *) NULL) /* should we punt this? */
+ fprintf(out, "Current Kerberos master key version is %d.\n",
+ principal_data[0].kdc_key_ver);
+
+ /*
+ * now use the master key to decrypt the key in the db, had better
+ * be the same!
+ */
+ copy_to_key(&principal_data[0].key_low,
+ &principal_data[0].key_high,
+ key_from_db);
+ kdb_encrypt_key (&key_from_db, &key_from_db,
+ master_key, master_key_sched, DES_DECRYPT);
+
+ /* the decrypted database key had better equal the master key */
+ n = memcmp(master_key, key_from_db, sizeof(master_key));
+ /* this used to zero the master key here! */
+ memset(key_from_db, 0, sizeof(key_from_db));
+ memset(principal_data, 0, sizeof (principal_data));
+
+ if (n && (out != (FILE *) NULL)) {
+ fprintf(out, "\n\07\07verify_master_key: Invalid master key; ");
+ fprintf(out, "does not match database.\n");
+ }
+ if(n)
+ return (-1);
+
+ if (out != (FILE *) NULL) {
+ fprintf(out, "\nMaster key entered. BEWARE!\07\07\n");
+ fflush(out);
+ }
+
+ return master_key_version;
}