diff options
Diffstat (limited to 'kerberosIV/kdb')
-rw-r--r-- | kerberosIV/kdb/kdb_locl.h | 15 | ||||
-rw-r--r-- | kerberosIV/kdb/krb_cache.c | 81 | ||||
-rw-r--r-- | kerberosIV/kdb/krb_dbm.c | 364 | ||||
-rw-r--r-- | kerberosIV/kdb/krb_kdb_utils.c | 217 | ||||
-rw-r--r-- | kerberosIV/kdb/krb_lib.c | 118 | ||||
-rw-r--r-- | kerberosIV/kdb/print_princ.c | 48 | ||||
-rw-r--r-- | kerberosIV/kdb/shlib_version | 4 |
7 files changed, 517 insertions, 330 deletions
diff --git a/kerberosIV/kdb/kdb_locl.h b/kerberosIV/kdb/kdb_locl.h index 2aa6670ab75..815c8ce9440 100644 --- a/kerberosIV/kdb/kdb_locl.h +++ b/kerberosIV/kdb/kdb_locl.h @@ -1,5 +1,4 @@ -/* $Id: kdb_locl.h,v 1.2 1997/11/28 12:48:45 art Exp $ */ -/* $KTH: kdb_locl.h,v 1.9 1997/05/02 14:29:08 assar Exp $ */ +/* $KTH: kdb_locl.h,v 1.9 1997/05/02 14:29:08 assar Exp $ */ /* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan @@ -42,7 +41,7 @@ #ifndef __kdb_locl_h #define __kdb_locl_h -#include "kerberosIV/site.h" +#include <kerberosIV/site.h> #include <stdio.h> #include <stdlib.h> @@ -73,21 +72,11 @@ int kerb_db_set_lockmode __P((int)); void kerb_db_fini __P((void)); int kerb_db_init __P((void)); -int kerb_db_set_name __P((char *name)); -time_t kerb_get_db_age __P((void)); -int kerb_db_create __P((char *db_name)); -int kerb_db_rename __P((char *from, char *to)); - int kerb_db_get_principal __P((char *name, char *, Principal *, unsigned int, int *)); -int kerb_db_put_principal __P((Principal *, unsigned int)); int kerb_db_get_dba __P((char *, char *, Dba *, unsigned int, int *)); -void kerb_db_get_stat __P((DB_stat *)); -void kerb_db_put_stat __P((DB_stat *)); void delta_stat __P((DB_stat *, DB_stat *, DB_stat *)); -int kerb_db_iterate __P((int (*func) (/* ??? */), char *arg)); - int kerb_cache_init __P((void)); int kerb_cache_get_principal __P((char *name, char *, Principal *, unsigned int)); int kerb_cache_put_principal __P((Principal *, unsigned int)); diff --git a/kerberosIV/kdb/krb_cache.c b/kerberosIV/kdb/krb_cache.c index a35a14329f5..a70a1967f94 100644 --- a/kerberosIV/kdb/krb_cache.c +++ b/kerberosIV/kdb/krb_cache.c @@ -1,24 +1,25 @@ -/* $Id: krb_cache.c,v 1.1 1995/12/14 06:52:36 tholo Exp $ */ - -/*- - * Copyright (C) 1989 by the Massachusetts Institute of Technology - * - * Export of this software from the United States of America is assumed - * to require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ +/* $KTH: krb_cache.c,v 1.6 1997/05/02 10:27:53 joda Exp $ */ + +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ /* * This is where a cache would be implemented, if it were necessary. @@ -30,14 +31,14 @@ extern int debug; extern long kerb_debug; #endif -static init = 0; +static int init = 0; /* * initialization routine for cache */ int -kerb_cache_init() +kerb_cache_init(void) { init = 1; return (0); @@ -48,11 +49,12 @@ kerb_cache_init() */ int -kerb_cache_get_principal(serv, inst, principal, max) - char *serv; /* could have wild card */ - char *inst; /* could have wild card */ - Principal *principal; - unsigned int max; /* max number of name structs to return */ +kerb_cache_get_principal(char *serv, char *inst, Principal *principal, unsigned int max) + /* could have wild card */ + /* could have wild card */ + + /* max number of name structs to return */ + { int found = 0; @@ -84,9 +86,9 @@ kerb_cache_get_principal(serv, inst, principal, max) */ int -kerb_cache_put_principal(principal, max) - Principal *principal; - unsigned int max; /* max number of principal structs to +kerb_cache_put_principal(Principal *principal, unsigned int max) + + /* max number of principal structs to * insert */ { @@ -121,11 +123,12 @@ kerb_cache_put_principal(principal, max) */ int -kerb_cache_get_dba(serv, inst, dba, max) - char *serv; /* could have wild card */ - char *inst; /* could have wild card */ - Dba *dba; - unsigned int max; /* max number of name structs to return */ +kerb_cache_get_dba(char *serv, char *inst, Dba *dba, unsigned int max) + /* could have wild card */ + /* could have wild card */ + + /* max number of name structs to return */ + { int found = 0; @@ -156,9 +159,9 @@ kerb_cache_get_dba(serv, inst, dba, max) */ int -kerb_cache_put_dba(dba, max) - Dba *dba; - unsigned int max; /* max number of dba structs to insert */ +kerb_cache_put_dba(Dba *dba, unsigned int max) + + /* max number of dba structs to insert */ { u_long i; diff --git a/kerberosIV/kdb/krb_dbm.c b/kerberosIV/kdb/krb_dbm.c index 5d201041e8c..f1c06d85bf7 100644 --- a/kerberosIV/kdb/krb_dbm.c +++ b/kerberosIV/kdb/krb_dbm.c @@ -1,28 +1,29 @@ -/* $Id: krb_dbm.c,v 1.3 1997/02/19 07:08:28 tholo Exp $ */ +/* $KTH: krb_dbm.c,v 1.27 1997/05/02 14:29:09 assar Exp $ */ -/*- - * Copyright (C) 1989 by the Massachusetts Institute of Technology - * - * Export of this software from the United States of America is assumed - * to require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ #include "kdb_locl.h" -#include <ndbm.h> +#include <xdbm.h> #define KERB_DB_MAX_RETRY 5 @@ -32,7 +33,7 @@ extern long kerb_debug; extern char *progname; #endif -static init = 0; +static int init = 0; static char default_db_name[] = DBM_FILE; static char *current_db_name = default_db_name; @@ -92,87 +93,59 @@ static int non_blocking = 0; * retry the operation. */ -/* Macros to convert ndbm names to dbm names. - * Note that dbm_nextkey() cannot be simply converted using a macro, since - * it is invoked giving the database, and nextkey() needs the previous key. - * - * Instead, all routines call "dbm_next" instead. - */ - -#define dbm_next(db,key) dbm_nextkey(db) - -static char *gen_dbsuffix __P((char *db_name, char *sfx)); -static void decode_princ_key __P((datum *key, char *name, char *instance)); -static void encode_princ_contents __P((datum *contents, Principal *principal)); -static void decode_princ_contents __P((datum *contents, Principal *principal)); -static void encode_princ_key __P((datum *key, char *name, char *instance)); -static int kerb_dbl_init __P((void)); -static void kerb_dbl_fini __P((void)); -static int kerb_dbl_lock __P((int mode)); -static void kerb_dbl_unlock __P((void)); -static time_t kerb_start_update __P((char *db_name)); -static int kerb_end_update __P((char *db_name, time_t age)); -static time_t kerb_start_read __P((void)); -static int kerb_end_read __P((time_t age)); /* * Utility routine: generate name of database file. */ +static char *gen_dbsuffix (char *db_name, char *sfx); + static char * -gen_dbsuffix(db_name, sfx) - char *db_name; - char *sfx; +gen_dbsuffix(char *db_name, char *sfx) { char *dbsuffix; if (sfx == NULL) sfx = ".ok"; - dbsuffix = malloc (strlen(db_name) + strlen(sfx) + 1); - strcpy(dbsuffix, db_name); - strcat(dbsuffix, sfx); + asprintf (&dbsuffix, "%s%s", db_name, sfx); return dbsuffix; } static void -decode_princ_key(key, name, instance) - datum *key; - char *name; - char *instance; +decode_princ_key (datum *key, char *name, char *instance); + +static void +decode_princ_key(datum *key, char *name, char *instance) { strncpy(name, key->dptr, ANAME_SZ); - strncpy(instance, key->dptr + ANAME_SZ, INST_SZ); + strncpy(instance, (char *)key->dptr + ANAME_SZ, INST_SZ); name[ANAME_SZ - 1] = '\0'; instance[INST_SZ - 1] = '\0'; } static void -encode_princ_contents(contents, principal) - datum *contents; - Principal *principal; +encode_princ_contents (datum *contents, Principal *principal); + +static void +encode_princ_contents(datum *contents, Principal *principal) { contents->dsize = sizeof(*principal); contents->dptr = (char *) principal; } static void -decode_princ_contents(contents, principal) - datum *contents; - Principal *principal; +decode_princ_contents (datum *contents, Principal *principal) { - bcopy(contents->dptr, (char *) principal, sizeof(*principal)); + memcpy(principal, contents->dptr, sizeof(*principal)); } static void -encode_princ_key(key, name, instance) - datum *key; - char *name; - char *instance; +encode_princ_key (datum *key, char *name, char *instance) { static char keystring[ANAME_SZ + INST_SZ]; - bzero(keystring, ANAME_SZ + INST_SZ); + memset(keystring, 0, ANAME_SZ + INST_SZ); strncpy(keystring, name, ANAME_SZ); strncpy(&keystring[ANAME_SZ], instance, INST_SZ); key->dptr = keystring; @@ -184,6 +157,9 @@ static int mylock = 0; static int inited = 0; static int +kerb_dbl_init (void); + +static int kerb_dbl_init() { if (!inited) { @@ -201,6 +177,9 @@ kerb_dbl_init() } static void +kerb_dbl_fini (void); + +static void kerb_dbl_fini() { close(dblfd); @@ -210,8 +189,10 @@ kerb_dbl_fini() } static int -kerb_dbl_lock(mode) - int mode; +kerb_dbl_lock (int mode); + +static int +kerb_dbl_lock(int mode) { int flock_mode; @@ -225,24 +206,26 @@ kerb_dbl_lock(mode) } switch (mode) { case KERB_DBL_EXCLUSIVE: - flock_mode = LOCK_EX; + flock_mode = K_LOCK_EX; break; case KERB_DBL_SHARED: - flock_mode = LOCK_SH; + flock_mode = K_LOCK_SH; break; default: fprintf(stderr, "invalid lock mode %d\n", mode); abort(); } if (non_blocking) - flock_mode |= LOCK_NB; + flock_mode |= K_LOCK_NB; - if (flock(dblfd, flock_mode) < 0) + if (k_flock(dblfd, flock_mode) < 0) return errno; mylock++; return 0; } +static void kerb_dbl_unlock (void); + static void kerb_dbl_unlock() { @@ -251,18 +234,20 @@ kerb_dbl_unlock() fflush(stderr); exit(1); } - if (flock(dblfd, LOCK_UN) < 0) { + if (k_flock(dblfd, K_LOCK_UN) < 0) { fprintf(stderr, "Kerberos database lock error. (unlocking)\n"); fflush(stderr); - perror("flock"); + perror("k_flock"); exit(1); } mylock = 0; } int -kerb_db_set_lockmode(mode) - int mode; +kerb_db_set_lockmode (int mode); + +int +kerb_db_set_lockmode(int mode) { int old = non_blocking; non_blocking = mode; @@ -274,6 +259,9 @@ kerb_db_set_lockmode(mode) */ int +kerb_db_init (void); + +int kerb_db_init() { init = 1; @@ -286,6 +274,9 @@ kerb_db_init() */ void +kerb_db_fini (void); + +void kerb_db_fini() { } @@ -298,8 +289,10 @@ kerb_db_fini() */ int -kerb_db_set_name(name) - char *name; +kerb_db_set_name (char *name); + +int +kerb_db_set_name(char *name) { DBM *db; @@ -319,6 +312,9 @@ kerb_db_set_name(name) */ time_t +kerb_get_db_age (void); + +time_t kerb_get_db_age() { struct stat st; @@ -345,8 +341,10 @@ kerb_get_db_age() */ static time_t -kerb_start_update(db_name) - char *db_name; +kerb_start_update (char *db_name); + +static time_t +kerb_start_update(char *db_name) { char *okname = gen_dbsuffix(db_name, ".ok"); time_t age = kerb_get_db_age(); @@ -360,9 +358,10 @@ kerb_start_update(db_name) } static int -kerb_end_update(db_name, age) - char *db_name; - time_t age; +kerb_end_update (char *db_name, time_t age); + +static int +kerb_end_update(char *db_name, time_t age) { int fd; int retval = 0; @@ -396,14 +395,18 @@ kerb_end_update(db_name, age) } static time_t +kerb_start_read (void); + +static time_t kerb_start_read() { return kerb_get_db_age(); } +static int kerb_end_read (time_t age); + static int -kerb_end_read(age) - time_t age; +kerb_end_read(time_t age) { if (kerb_get_db_age() != age || age == -1) { return -1; @@ -414,14 +417,13 @@ kerb_end_read(age) /* * Create the database, assuming it's not there. */ - int -kerb_db_create(db_name) - char *db_name; +kerb_db_create(char *db_name) { char *okname = gen_dbsuffix(db_name, ".ok"); int fd; - register int ret = 0; + int ret = 0; +#ifdef NDBM DBM *db; db = dbm_open(db_name, O_RDWR|O_CREAT|O_EXCL, 0600); @@ -429,6 +431,24 @@ kerb_db_create(db_name) ret = errno; else dbm_close(db); +#else + char *dirname = gen_dbsuffix(db_name, ".dir"); + char *pagname = gen_dbsuffix(db_name, ".pag"); + + fd = open(dirname, O_RDWR|O_CREAT|O_EXCL, 0600); + if (fd < 0) + ret = errno; + else { + close(fd); + fd = open (pagname, O_RDWR|O_CREAT|O_EXCL, 0600); + if (fd < 0) + ret = errno; + else + close(fd); + } + if (dbminit(db_name) < 0) + ret = errno; +#endif if (ret == 0) { fd = open (okname, O_CREAT|O_RDWR|O_TRUNC, 0600); if (fd < 0) @@ -447,11 +467,9 @@ kerb_db_create(db_name) */ int -kerb_db_rename(from, to) - char *from; - char *to; +kerb_db_rename(char *from, char *to) { -#if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__) +#ifdef HAVE_NEW_DB char *fromdb = gen_dbsuffix (from, ".db"); char *todb = gen_dbsuffix (to, ".db"); #else @@ -464,9 +482,9 @@ kerb_db_rename(from, to) long trans = kerb_start_update(to); int ok = 0; -#if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__) +#ifdef HAVE_NEW_DB if (rename (fromdb, todb) == 0) { - (void) unlink (fromok); + unlink (fromok); ok = 1; } free (fromdb); @@ -474,7 +492,7 @@ kerb_db_rename(from, to) #else if ((rename (fromdir, todir) == 0) && (rename (frompag, topag) == 0)) { - (void) unlink (fromok); + unlink (fromok); ok = 1; } free (fromdir); @@ -489,21 +507,52 @@ kerb_db_rename(from, to) return -1; } +int +kerb_db_delete_principal (char *name, char *inst) +{ + DBM *db; + int try; + int done = 0; + int code; + datum key; + + if(!init) + kerb_db_init(); + + for(try = 0; try < KERB_DB_MAX_RETRY; try++){ + if((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0) + return -1; + + db = dbm_open(current_db_name, O_RDWR, 0600); + if(db == NULL) + return -1; + encode_princ_key(&key, name, inst); + if(dbm_delete(db, key) == 0) + done = 1; + + dbm_close(db); + kerb_dbl_unlock(); + if(done) + break; + if(!non_blocking) + sleep(1); + } + if(!done) + return -1; + return 0; +} + + /* * look up a principal in the data base returns number of principals * found , and whether there were more than requested. */ int -kerb_db_get_principal(name, inst, principal, max, more) - char *name; /* could have wild card */ - char *inst; /* could have wild card */ - Principal *principal; /* max number of name structs to return */ - unsigned int max; /* where there more than 'max' tuples? */ - int *more; +kerb_db_get_principal (char *name, char *inst, Principal *principal, + unsigned int max, int *more) { int found = 0, code; - extern int errorproc(); int wildp, wildi; datum key, contents; char testname[ANAME_SZ], testinst[INST_SZ]; @@ -593,22 +642,12 @@ kerb_db_get_principal(name, inst, principal, max, more) return (found); } -/* - * Update a name in the data base. Returns number of names - * successfully updated. - */ - -int -kerb_db_put_principal(principal, max) - Principal *principal; /* number of principal structs to */ - unsigned int max; /* update */ +/* Use long * rather than DBM * so that the database structure is private */ +long * +kerb_db_begin_update(void) { - int found = 0, code; - u_long i; - extern int errorproc(); - datum key, contents; - DBM *db; + int code; gettimeofday(×tamp, NULL); @@ -616,9 +655,24 @@ kerb_db_put_principal(principal, max) kerb_db_init(); if ((code = kerb_dbl_lock(KERB_DBL_EXCLUSIVE)) != 0) - return -1; + return 0; - db = dbm_open(current_db_name, O_RDWR, 0600); + return (long *) dbm_open(current_db_name, O_RDWR, 0600); +} + +void +kerb_db_end_update(long *db) +{ + dbm_close((DBM *)db); + kerb_dbl_unlock(); /* unlock database */ +} + +int +kerb_db_update(long *db, Principal *principal, unsigned int max) +{ + int found = 0; + u_long i; + datum key, contents; #ifdef DEBUG if (kerb_debug & 2) @@ -630,7 +684,7 @@ kerb_db_put_principal(principal, max) for (i = 0; i < max; i++) { encode_princ_contents(&contents, principal); encode_princ_key(&key, principal->name, principal->instance); - dbm_store(db, key, contents, DBM_REPLACE); + dbm_store((DBM *)db, key, contents, DBM_REPLACE); #ifdef DEBUG if (kerb_debug & 1) { fprintf(stderr, "\n put %s %s\n", @@ -640,19 +694,43 @@ kerb_db_put_principal(principal, max) found++; principal++; /* bump to next struct */ } + return found; +} - dbm_close(db); - kerb_dbl_unlock(); /* unlock database */ +/* + * Update a name in the data base. Returns number of names + * successfully updated. + */ + +int +kerb_db_put_principal (Principal *principal, unsigned int max); + +int +kerb_db_put_principal(Principal *principal, + unsigned max) + +{ + int found; + long *db; + + db = kerb_db_begin_update(); + if (db == 0) + return -1; + + found = kerb_db_update(db, principal, max); + + kerb_db_end_update(db); return (found); } void -kerb_db_get_stat(s) - DB_stat *s; +kerb_db_get_stat (DB_stat *s); + +void +kerb_db_get_stat(DB_stat *s) { gettimeofday(×tamp, NULL); - s->cpu = 0; s->elapsed = 0; s->dio = 0; @@ -667,14 +745,18 @@ kerb_db_get_stat(s) } void -kerb_db_put_stat(s) - DB_stat *s; +kerb_db_put_stat (DB_stat *s); + +void +kerb_db_put_stat(DB_stat *s) { } void -delta_stat(a, b, c) - DB_stat *a, *b, *c; +delta_stat (DB_stat *a, DB_stat *b, DB_stat *c); + +void +delta_stat(DB_stat *a, DB_stat *b, DB_stat *c) { /* c = a - b then b = a for the next time */ @@ -689,7 +771,7 @@ delta_stat(a, b, c) c->n_get_stat = a->n_get_stat - b->n_get_stat; c->n_put_stat = a->n_put_stat - b->n_put_stat; - bcopy(a, b, sizeof(DB_stat)); + memcpy(b, a, sizeof(DB_stat)); return; } @@ -699,21 +781,23 @@ delta_stat(a, b, c) */ int -kerb_db_get_dba(dba_name, dba_inst, dba, max, more) - char *dba_name; /* could have wild card */ - char *dba_inst; /* could have wild card */ - Dba *dba; /* max number of name structs to return */ - unsigned int max; /* where there more than 'max' tuples? */ - int *more; +kerb_db_get_dba (char *dba_name, char *dba_inst, Dba *dba, unsigned int max, int *more); + +int +kerb_db_get_dba(char *dba_name, char *dba_inst, Dba *dba, + unsigned max, + int *more) + /* could have wild card */ + /* could have wild card */ + /* max number of name structs to return */ + /* where there more than 'max' tuples? */ { *more = 0; return (0); } int -kerb_db_iterate (func, arg) - int (*func)(); - char *arg; /* void *, really */ +kerb_db_iterate (k_iter_proc_t func, void *arg) { datum key, contents; Principal *principal; diff --git a/kerberosIV/kdb/krb_kdb_utils.c b/kerberosIV/kdb/krb_kdb_utils.c index c41060751fd..55a07352c97 100644 --- a/kerberosIV/kdb/krb_kdb_utils.c +++ b/kerberosIV/kdb/krb_kdb_utils.c @@ -1,24 +1,25 @@ -/* $Id: krb_kdb_utils.c,v 1.1 1995/12/14 06:52:36 tholo Exp $ */ +/* $KTH: krb_kdb_utils.c,v 1.23 1997/05/02 14:29:10 assar Exp $ */ -/*- - * Copyright (C) 1989 by the Massachusetts Institute of Technology - * - * Export of this software from the United States of America is assumed - * to require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ /* * Utility routines for Kerberos programs which directly access @@ -32,56 +33,143 @@ #include <kdc.h> -long -kdb_get_master_key(prompt, master_key, master_key_sched) - int prompt; - des_cblock *master_key; - struct des_ks_struct *master_key_sched; +/* always try /.k for backwards compatibility */ +static char *master_key_files[] = { MKEYFILE, "/.k", NULL }; + +#define k_strerror(e) strerror(e) + +int +kdb_new_get_master_key(des_cblock *key, des_key_schedule schedule) { int kfile; + int i; + char buf[1024]; + + char **mkey; + + for(mkey = master_key_files; *mkey; mkey++){ + kfile = open(*mkey, O_RDONLY); + if(kfile < 0 && errno != ENOENT) + fprintf(stderr, "Failed to open master key file \"%s\": %s\n", + *mkey, + k_strerror(errno)); + if(kfile >= 0) + break; + } + if(*mkey){ + int bytes; + bytes = read(kfile, (char*)key, sizeof(des_cblock)); + close(kfile); + if(bytes == sizeof(des_cblock)){ + des_key_sched(key, schedule); + return 0; + } + fprintf(stderr, "Could only read %d bytes from master key file %s\n", + bytes, *mkey); + }else{ + fprintf(stderr, "No master key file found.\n"); + } - if (prompt) { -#ifdef NOENCRYPTION - placebo_read_password(master_key, - "\nEnter Kerberos master key: ", 0); + + i=0; + while(i < 3){ + if(des_read_pw_string(buf, sizeof(buf), "Enter master password: ", 0)) + break; + + /* buffer now contains either an old format master key password or a + * new format base64 encoded master key + */ + + /* try to verify as old password */ + des_string_to_key(buf, key); + des_key_sched(key, schedule); + + if(kdb_verify_master_key(key, schedule, NULL) != -1){ + memset(buf, 0, sizeof(buf)); + return 0; + } + + /* failed test, so must be base64 encoded */ + + if(base64_decode(buf, key) == 8){ + des_key_sched(key, schedule); + if(kdb_verify_master_key(key, schedule, NULL) != -1){ + memset(buf, 0, sizeof(buf)); + return 0; + } + } + + memset(buf, 0, sizeof(buf)); + fprintf(stderr, "Failed to verify master key.\n"); + i++; + } + + /* life sucks */ + fprintf(stderr, "You loose.\n"); + exit(1); +} + +int kdb_new_get_new_master_key(des_cblock *key, des_key_schedule schedule, + int verify) +{ +#ifndef RANDOM_MKEY + des_read_password(key, "\nEnter Kerberos master password: ", verify); + printf ("\n"); #else - des_read_password(master_key, - "\nEnter Kerberos master key: ", 0); + char buf[1024]; + des_generate_random_block (key); + des_key_sched(key, schedule); + + des_read_pw_string(buf, sizeof(buf), "Enter master key seed: ", 0); + des_cbc_cksum((des_cblock*)buf, key, sizeof(buf), schedule, key); + memset(buf, 0, sizeof(buf)); #endif - printf ("\n"); + des_key_sched(key, schedule); + return 0; +} + +int kdb_get_master_key(int prompt, des_cblock *master_key, + des_key_schedule master_key_sched) +{ + int ask = (prompt == KDB_GET_TWICE); +#ifndef RANDOM_MKEY + ask |= (prompt == KDB_GET_PROMPT); +#endif + + if(ask) + kdb_new_get_new_master_key(master_key, master_key_sched, + prompt == KDB_GET_TWICE); + else + kdb_new_get_master_key(master_key, master_key_sched); + return 0; +} + +int kdb_kstash(des_cblock *master_key, char *file) +{ + int kfile; + kfile = open(file, O_TRUNC | O_RDWR | O_CREAT, 0600); + if (kfile < 0) { + return -1; } - else { - kfile = open(MKEYFILE, O_RDONLY, 0600); - if (kfile < 0) { - /* oh, for com_err_ */ - return (-1); - } - if (read(kfile, (char *) master_key, 8) != 8) { - return (-1); - } + if (write(kfile, master_key, sizeof(des_cblock)) != sizeof(des_cblock)) { close(kfile); + return -1; } - -#ifndef NOENCRYPTION - des_key_sched(master_key,master_key_sched); -#endif - return (0); + close(kfile); + return 0; } /* The old algorithm used the key schedule as the initial vector which was byte order depedent ... */ void -kdb_encrypt_key (in, out, master_key, master_key_sched, e_d_flag) - des_cblock *in; - des_cblock *out; - des_cblock *master_key; - struct des_ks_struct *master_key_sched; - int e_d_flag; +kdb_encrypt_key (des_cblock (*in), des_cblock (*out), + des_cblock (*master_key), + des_key_schedule master_key_sched, int e_d_flag) { #ifdef NOENCRYPTION - bcopy(in, out, sizeof(des_cblock)); + memcpy(out, in, sizeof(des_cblock)); #else des_pcbc_encrypt(in,out,(long)sizeof(des_cblock),master_key_sched,master_key, e_d_flag); @@ -94,10 +182,9 @@ kdb_encrypt_key (in, out, master_key, master_key_sched, e_d_flag) /* Returns master key version if successful, otherwise -1 */ long -kdb_verify_master_key (master_key, master_key_sched, out) - des_cblock *master_key; - struct des_ks_struct *master_key_sched; - FILE *out; /* setting this to non-null be do output */ +kdb_verify_master_key (des_cblock *master_key, + des_key_schedule master_key_sched, + FILE *out) /* NULL -> no output */ { des_cblock key_from_db; Principal principal_data[1]; @@ -127,23 +214,25 @@ kdb_verify_master_key (master_key, master_key_sched, out) * now use the master key to decrypt the key in the db, had better * be the same! */ - bcopy(&principal_data[0].key_low, key_from_db, 4); - bcopy(&principal_data[0].key_high, ((long *) key_from_db) + 1, 4); + copy_to_key(&principal_data[0].key_low, + &principal_data[0].key_high, + key_from_db); kdb_encrypt_key (&key_from_db, &key_from_db, master_key, master_key_sched, DES_DECRYPT); /* the decrypted database key had better equal the master key */ - n = bcmp((char *) master_key, (char *) key_from_db, - sizeof(master_key)); + n = memcmp(master_key, key_from_db, sizeof(master_key)); /* this used to zero the master key here! */ - bzero(key_from_db, sizeof(key_from_db)); - bzero(principal_data, sizeof (principal_data)); + memset(key_from_db, 0, sizeof(key_from_db)); + memset(principal_data, 0, sizeof (principal_data)); if (n && (out != (FILE *) NULL)) { fprintf(out, "\n\07\07verify_master_key: Invalid master key; "); fprintf(out, "does not match database.\n"); - return (-1); } + if(n) + return (-1); + if (out != (FILE *) NULL) { fprintf(out, "\nMaster key entered. BEWARE!\07\07\n"); fflush(out); diff --git a/kerberosIV/kdb/krb_lib.c b/kerberosIV/kdb/krb_lib.c index 83167a16dd4..4503dda02f8 100644 --- a/kerberosIV/kdb/krb_lib.c +++ b/kerberosIV/kdb/krb_lib.c @@ -1,24 +1,25 @@ -/* $Id: krb_lib.c,v 1.3 1997/01/17 07:11:52 millert Exp $ */ - -/*- - * Copyright (C) 1989 by the Massachusetts Institute of Technology - * - * Export of this software from the United States of America is assumed - * to require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ +/* $KTH: krb_lib.c,v 1.11 1997/05/07 01:36:08 assar Exp $ */ + +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ #include "kdb_locl.h" @@ -35,7 +36,7 @@ static int init = 0; */ int -kerb_init() +kerb_init(void) { #ifdef DEBUG if (!init) { @@ -62,23 +63,43 @@ kerb_init() */ void -kerb_fini() +kerb_fini(void) { kerb_db_fini(); } + +int +kerb_delete_principal(char *name, char *inst) +{ + int ret; + + if (!init) + kerb_init(); + + ret = kerb_db_delete_principal(name, inst); +#ifdef CACHE + if(ret == 0){ + kerb_cache_delete_principal(name, inst); + } +#endif + return ret; +} + + /* * look up a principal in the cache or data base returns number of * principals found */ int -kerb_get_principal(name, inst, principal, max, more) - char *name; /* could have wild card */ - char *inst; /* could have wild card */ - Principal *principal; - unsigned int max; /* max number of name structs to return */ - int *more; /* more tuples than room for */ +kerb_get_principal(char *name, char *inst, Principal *principal, + unsigned int max, int *more) + /* could have wild card */ + /* could have wild card */ + + /* max number of name structs to return */ + /* more tuples than room for */ { int found = 0; @@ -100,7 +121,7 @@ kerb_get_principal(name, inst, principal, max, more) */ /* clear the principal area */ - bzero((char *) principal, max * sizeof(Principal)); + memset(principal, 0, max * sizeof(Principal)); #ifdef CACHE /* @@ -108,8 +129,8 @@ kerb_get_principal(name, inst, principal, max, more) * preceeded by a backslash. */ wild = 0; - if (strchr(name, '*') || strchr(name, '?') || - strchr(inst, '*') || strchr(inst, '?')) + if (index(name, '*') || index(name, '?') || + index(inst, '*') || index(inst, '?')) wild = 1; if (!wild) { @@ -132,9 +153,9 @@ kerb_get_principal(name, inst, principal, max, more) /* principals */ int -kerb_put_principal(principal, n) - Principal *principal; - unsigned int n; /* number of principal structs to write */ +kerb_put_principal(Principal *principal, unsigned int n) + + /* number of principal structs to write */ { struct tm *tp; @@ -143,10 +164,11 @@ kerb_put_principal(principal, n) /* and mod date string */ tp = k_localtime(&principal->mod_date); - (void) snprintf(principal->mod_date_txt, sizeof(principal->mod_date_txt), - "%4d-%2d-%2d", - tp->tm_year > 1900 ? tp->tm_year : tp->tm_year + 1900, - tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */ + snprintf(principal->mod_date_txt, + sizeof(principal->mod_date_txt), + "%4d-%2d-%2d", + tp->tm_year + 1900, + tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */ #ifdef DEBUG if (kerb_debug & 1) { int i; @@ -179,12 +201,12 @@ kerb_put_principal(principal, n) } int -kerb_get_dba(name, inst, dba, max, more) - char *name; /* could have wild card */ - char *inst; /* could have wild card */ - Dba *dba; - unsigned int max; /* max number of name structs to return */ - int *more; /* more tuples than room for */ +kerb_get_dba(char *name, char *inst, Dba *dba, unsigned int max, int *more) + /* could have wild card */ + /* could have wild card */ + + /* max number of name structs to return */ + /* more tuples than room for */ { int found = 0; @@ -205,7 +227,7 @@ kerb_get_dba(name, inst, dba, max, more) */ /* clear the dba area */ - bzero((char *) dba, max * sizeof(Dba)); + memset(dba, 0, max * sizeof(Dba)); #ifdef CACHE /* @@ -214,8 +236,8 @@ kerb_get_dba(name, inst, dba, max, more) */ wild = 0; - if (strchr(name, '*') || strchr(name, '?') || - strchr(inst, '*') || strchr(inst, '?')) + if (index(name, '*') || index(name, '?') || + index(inst, '*') || index(inst, '?')) wild = 1; if (!wild) { diff --git a/kerberosIV/kdb/print_princ.c b/kerberosIV/kdb/print_princ.c index d846f4bcd9f..6ba635d5b79 100644 --- a/kerberosIV/kdb/print_princ.c +++ b/kerberosIV/kdb/print_princ.c @@ -1,30 +1,30 @@ -/* $Id: print_princ.c,v 1.1 1995/12/14 06:52:36 tholo Exp $ */ - -/*- - * Copyright (C) 1989 by the Massachusetts Institute of Technology - * - * Export of this software from the United States of America is assumed - * to require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ +/* $KTH: print_princ.c,v 1.5 1997/05/07 01:37:13 assar Exp $ */ + +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ #include "kdb_locl.h" void -krb_print_principal(a_n) - Principal *a_n; +krb_print_principal(Principal *a_n) { struct tm *time_p; @@ -34,7 +34,7 @@ krb_print_principal(a_n) fprintf(stderr, "\n%s %s expires %4d-%2d-%2d %2d:%2d, max_life %d*5 = %d min attr 0x%02x", a_n->name, a_n->instance, - time_p->tm_year > 1900 ? time_p->tm_year : time_p->tm_year + 1900, + time_p->tm_year + 1900, time_p->tm_mon + 1, time_p->tm_mday, time_p->tm_hour, time_p->tm_min, a_n->max_life, 5 * a_n->max_life, a_n->attributes); diff --git a/kerberosIV/kdb/shlib_version b/kerberosIV/kdb/shlib_version index 890c57389b5..3066b9771e7 100644 --- a/kerberosIV/kdb/shlib_version +++ b/kerberosIV/kdb/shlib_version @@ -1,2 +1,2 @@ -major=4 -minor=1 +major=5 +minor=0 |