From 390045d41f0f925904ec89d6771a384ac0bebdb5 Mon Sep 17 00:00:00 2001 From: Artur Grabowski Date: Fri, 12 Dec 1997 11:29:27 +0000 Subject: cleanup, check pointers, fix strcpy's, etc. --- kerberosIV/kdb/copykey.c | 1 + kerberosIV/kdb/kdb_locl.h | 1 + kerberosIV/kdb/krb_cache.c | 29 +++-- kerberosIV/kdb/krb_dbm.c | 79 +++--------- kerberosIV/kdb/krb_kdb_utils.c | 286 ++++++++++++++++++++--------------------- kerberosIV/kdb/krb_lib.c | 5 +- kerberosIV/kdb/print_princ.c | 1 + 7 files changed, 183 insertions(+), 219 deletions(-) (limited to 'kerberosIV/kdb') diff --git a/kerberosIV/kdb/copykey.c b/kerberosIV/kdb/copykey.c index ba4e89630ac..ad1b703dafa 100644 --- a/kerberosIV/kdb/copykey.c +++ b/kerberosIV/kdb/copykey.c @@ -1,3 +1,4 @@ +/* $OpenBSD: copykey.c,v 1.2 1997/12/12 11:29:23 art Exp $ */ /* $KTH: copykey.c,v 1.10 1997/04/01 08:18:17 joda Exp $" */ /* diff --git a/kerberosIV/kdb/kdb_locl.h b/kerberosIV/kdb/kdb_locl.h index 815c8ce9440..4bb06dc5c93 100644 --- a/kerberosIV/kdb/kdb_locl.h +++ b/kerberosIV/kdb/kdb_locl.h @@ -1,3 +1,4 @@ +/* $OpenBSD: kdb_locl.h,v 1.4 1997/12/12 11:29:23 art Exp $ */ /* $KTH: kdb_locl.h,v 1.9 1997/05/02 14:29:08 assar Exp $ */ /* diff --git a/kerberosIV/kdb/krb_cache.c b/kerberosIV/kdb/krb_cache.c index a70a1967f94..d5d2dc74b7c 100644 --- a/kerberosIV/kdb/krb_cache.c +++ b/kerberosIV/kdb/krb_cache.c @@ -1,3 +1,4 @@ +/* $OpenBSD: krb_cache.c,v 1.3 1997/12/12 11:29:24 art Exp $ */ /* $KTH: krb_cache.c,v 1.6 1997/05/02 10:27:53 joda Exp $ */ /* @@ -56,28 +57,28 @@ kerb_cache_get_principal(char *serv, char *inst, Principal *principal, unsigned /* max number of name structs to return */ { - int found = 0; + int found = 0; - if (!init) + if (init == 0) kerb_cache_init(); #ifdef DEBUG if (kerb_debug & 2) fprintf(stderr, "cache_get_principal for %s %s max = %d\n", - serv, inst, max); + serv, inst, max); #endif /* DEBUG */ #ifdef DEBUG if (kerb_debug & 2) { if (found) { fprintf(stderr, "cache get %s %s found %s %s sid = %d\n", - serv, inst, principal->name, principal->instance); + serv, inst, principal->name, principal->instance); } else { fprintf(stderr, "cache %s %s not found\n", serv, - inst); + inst); } } #endif - return (found); + return found; } /* @@ -92,10 +93,10 @@ kerb_cache_put_principal(Principal *principal, unsigned int max) * insert */ { - u_long i; - int count = 0; + u_long i; + int count = 0; - if (!init) + if (init == 0) kerb_cache_init(); #ifdef DEBUG @@ -130,28 +131,28 @@ kerb_cache_get_dba(char *serv, char *inst, Dba *dba, unsigned int max) /* max number of name structs to return */ { - int found = 0; + int found = 0; - if (!init) + if (init == 0) kerb_cache_init(); #ifdef DEBUG if (kerb_debug & 2) fprintf(stderr, "cache_get_dba for %s %s max = %d\n", - serv, inst, max); + serv, inst, max); #endif #ifdef DEBUG if (kerb_debug & 2) { if (found) { fprintf(stderr, "cache get %s %s found %s %s sid = %d\n", - serv, inst, dba->name, dba->instance); + serv, inst, dba->name, dba->instance); } else { fprintf(stderr, "cache %s %s not found\n", serv, inst); } } #endif - return (found); + return found; } /* diff --git a/kerberosIV/kdb/krb_dbm.c b/kerberosIV/kdb/krb_dbm.c index 9f4ab9ba00f..53069bfbdb9 100644 --- a/kerberosIV/kdb/krb_dbm.c +++ b/kerberosIV/kdb/krb_dbm.c @@ -1,3 +1,4 @@ +/* $OpenBSD: krb_dbm.c,v 1.6 1997/12/12 11:29:24 art Exp $ */ /* $KTH: krb_dbm.c,v 1.27 1997/05/02 14:29:09 assar Exp $ */ /* @@ -37,7 +38,7 @@ static int init = 0; static char default_db_name[] = DBM_FILE; static char *current_db_name = default_db_name; -static struct timeval timestamp;/* current time of request */ +static struct timeval timestamp; /* current time of request */ static int non_blocking = 0; /* @@ -98,8 +99,6 @@ static int non_blocking = 0; * Utility routine: generate name of database file. */ -static char *gen_dbsuffix (char *db_name, char *sfx); - static char * gen_dbsuffix(char *db_name, char *sfx) { @@ -109,12 +108,13 @@ gen_dbsuffix(char *db_name, char *sfx) sfx = ".ok"; asprintf (&dbsuffix, "%s%s", db_name, sfx); + if (dbsuffix == NULL) { /* This might not be the nest solution */ + fprintf(stderr, "gen_dbsuffix: not enough memory\n"); + exit(1); + } return dbsuffix; } -static void -decode_princ_key (datum *key, char *name, char *instance); - static void decode_princ_key(datum *key, char *name, char *instance) { @@ -124,9 +124,6 @@ decode_princ_key(datum *key, char *name, char *instance) instance[INST_SZ - 1] = '\0'; } -static void -encode_princ_contents (datum *contents, Principal *principal); - static void encode_princ_contents(datum *contents, Principal *principal) { @@ -156,9 +153,6 @@ static int dblfd = -1; /* db LOCK fd */ static int mylock = 0; static int inited = 0; -static int -kerb_dbl_init (void); - static int kerb_dbl_init() { @@ -171,14 +165,12 @@ kerb_dbl_init() exit(1); } free(filename); + filename = NULL; inited++; } - return (0); + return 0; } -static void -kerb_dbl_fini (void); - static void kerb_dbl_fini() { @@ -188,9 +180,6 @@ kerb_dbl_fini() mylock = 0; } -static int -kerb_dbl_lock (int mode); - static int kerb_dbl_lock(int mode) { @@ -224,8 +213,6 @@ kerb_dbl_lock(int mode) return 0; } -static void kerb_dbl_unlock (void); - static void kerb_dbl_unlock() { @@ -243,9 +230,6 @@ kerb_dbl_unlock() mylock = 0; } -int -kerb_db_set_lockmode (int mode); - int kerb_db_set_lockmode(int mode) { @@ -258,9 +242,6 @@ kerb_db_set_lockmode(int mode) * initialization for data base routines. */ -int -kerb_db_init (void); - int kerb_db_init() { @@ -273,9 +254,6 @@ kerb_db_init() * a kerb_db_init */ -void -kerb_db_fini (void); - void kerb_db_fini() { @@ -288,9 +266,6 @@ kerb_db_fini() * If the alternate database doesn't exist, nothing is changed. */ -int -kerb_db_set_name (char *name); - int kerb_db_set_name(char *name) { @@ -311,9 +286,6 @@ kerb_db_set_name(char *name) * Return the last modification time of the database. */ -time_t -kerb_get_db_age (void); - time_t kerb_get_db_age() { @@ -329,6 +301,7 @@ kerb_get_db_age() age = st.st_mtime; free (okname); + okname = NULL; return age; } @@ -340,9 +313,6 @@ kerb_get_db_age() * the server (for example, during slave updates). */ -static time_t -kerb_start_update (char *db_name); - static time_t kerb_start_update(char *db_name) { @@ -354,12 +324,10 @@ kerb_start_update(char *db_name) age = -1; } free (okname); + okname = NULL; return age; } -static int -kerb_end_update (char *db_name, time_t age); - static int kerb_end_update(char *db_name, time_t age) { @@ -389,22 +357,19 @@ kerb_end_update(char *db_name, time_t age) } free (new_okname); + new_okname = NULL; free (okname); + okname = NULL; return retval; } -static time_t -kerb_start_read (void); - static time_t kerb_start_read() { return kerb_get_db_age(); } -static int kerb_end_read (time_t age); - static int kerb_end_read(time_t age) { @@ -488,7 +453,9 @@ kerb_db_rename(char *from, char *to) ok = 1; } free (fromdb); + fromdb = NULL; free (todb); + todb = NULL; #else if ((rename (fromdir, todir) == 0) && (rename (frompag, topag) == 0)) { @@ -496,11 +463,16 @@ kerb_db_rename(char *from, char *to) ok = 1; } free (fromdir); + fromdir = NULL; free (todir); + todir = NULL; free (frompag); + frompag = NULL; free (topag); + topag = NULL; #endif free (fromok); + fromok = NULL; if (ok) return kerb_end_update(to, trans); else @@ -702,9 +674,6 @@ kerb_db_update(long *db, Principal *principal, unsigned int max) * successfully updated. */ -int -kerb_db_put_principal (Principal *principal, unsigned int max); - int kerb_db_put_principal(Principal *principal, unsigned max) @@ -723,9 +692,6 @@ kerb_db_put_principal(Principal *principal, return (found); } -void -kerb_db_get_stat (DB_stat *s); - void kerb_db_get_stat(DB_stat *s) { @@ -744,17 +710,11 @@ kerb_db_get_stat(DB_stat *s) /* update local copy too */ } -void -kerb_db_put_stat (DB_stat *s); - void kerb_db_put_stat(DB_stat *s) { } -void -delta_stat (DB_stat *a, DB_stat *b, DB_stat *c); - void delta_stat(DB_stat *a, DB_stat *b, DB_stat *c) { @@ -772,7 +732,6 @@ delta_stat(DB_stat *a, DB_stat *b, DB_stat *c) c->n_put_stat = a->n_put_stat - b->n_put_stat; memcpy(b, a, sizeof(DB_stat)); - return; } /* diff --git a/kerberosIV/kdb/krb_kdb_utils.c b/kerberosIV/kdb/krb_kdb_utils.c index 55a07352c97..c775a6ba5c6 100644 --- a/kerberosIV/kdb/krb_kdb_utils.c +++ b/kerberosIV/kdb/krb_kdb_utils.c @@ -1,3 +1,4 @@ +/* $OpenBSD: krb_kdb_utils.c,v 1.3 1997/12/12 11:29:25 art Exp $ */ /* $KTH: krb_kdb_utils.c,v 1.23 1997/05/02 14:29:10 assar Exp $ */ /* @@ -41,122 +42,122 @@ static char *master_key_files[] = { MKEYFILE, "/.k", NULL }; int kdb_new_get_master_key(des_cblock *key, des_key_schedule schedule) { - int kfile; - int i; - char buf[1024]; - - char **mkey; - - for(mkey = master_key_files; *mkey; mkey++){ - kfile = open(*mkey, O_RDONLY); - if(kfile < 0 && errno != ENOENT) - fprintf(stderr, "Failed to open master key file \"%s\": %s\n", - *mkey, - k_strerror(errno)); - if(kfile >= 0) - break; - } - if(*mkey){ - int bytes; - bytes = read(kfile, (char*)key, sizeof(des_cblock)); - close(kfile); - if(bytes == sizeof(des_cblock)){ - des_key_sched(key, schedule); - return 0; - } - fprintf(stderr, "Could only read %d bytes from master key file %s\n", - bytes, *mkey); - }else{ - fprintf(stderr, "No master key file found.\n"); - } + int kfile; + int i; + char buf[1024]; + + char **mkey; + + for(mkey = master_key_files; *mkey; mkey++){ + kfile = open(*mkey, O_RDONLY); + if(kfile < 0 && errno != ENOENT) + fprintf(stderr, "Failed to open master key file \"%s\": %s\n", + *mkey, + k_strerror(errno)); + if(kfile >= 0) + break; + } + if(*mkey != NULL){ + int bytes; + bytes = read(kfile, (char*)key, sizeof(des_cblock)); + close(kfile); + if(bytes == sizeof(des_cblock)){ + des_key_sched(key, schedule); + return 0; + } + fprintf(stderr, "Could only read %d bytes from master key file %s\n", + bytes, *mkey); + }else{ + fprintf(stderr, "No master key file found.\n"); + } - i=0; - while(i < 3){ - if(des_read_pw_string(buf, sizeof(buf), "Enter master password: ", 0)) - break; - - /* buffer now contains either an old format master key password or a - * new format base64 encoded master key - */ + i=0; + while(i < 3){ + if(des_read_pw_string(buf, sizeof(buf), "Enter master password: ", 0)) + break; + + /* buffer now contains either an old format master key password or a + * new format base64 encoded master key + */ - /* try to verify as old password */ - des_string_to_key(buf, key); - des_key_sched(key, schedule); + /* try to verify as old password */ + des_string_to_key(buf, key); + des_key_sched(key, schedule); - if(kdb_verify_master_key(key, schedule, NULL) != -1){ - memset(buf, 0, sizeof(buf)); - return 0; - } + if(kdb_verify_master_key(key, schedule, NULL) != -1){ + memset(buf, 0, sizeof(buf)); + return 0; + } - /* failed test, so must be base64 encoded */ + /* failed test, so must be base64 encoded */ - if(base64_decode(buf, key) == 8){ - des_key_sched(key, schedule); - if(kdb_verify_master_key(key, schedule, NULL) != -1){ - memset(buf, 0, sizeof(buf)); - return 0; - } - } + if(base64_decode(buf, key) == 8){ + des_key_sched(key, schedule); + if(kdb_verify_master_key(key, schedule, NULL) != -1){ + memset(buf, 0, sizeof(buf)); + return 0; + } + } - memset(buf, 0, sizeof(buf)); - fprintf(stderr, "Failed to verify master key.\n"); - i++; - } + memset(buf, 0, sizeof(buf)); + fprintf(stderr, "Failed to verify master key.\n"); + i++; + } - /* life sucks */ - fprintf(stderr, "You loose.\n"); - exit(1); + /* life sucks */ + fprintf(stderr, "You loose.\n"); + exit(1); } int kdb_new_get_new_master_key(des_cblock *key, des_key_schedule schedule, int verify) { #ifndef RANDOM_MKEY - des_read_password(key, "\nEnter Kerberos master password: ", verify); - printf ("\n"); + des_read_password(key, "\nEnter Kerberos master password: ", verify); + printf ("\n"); #else - char buf[1024]; - des_generate_random_block (key); - des_key_sched(key, schedule); + char buf[1024]; + des_generate_random_block (key); + des_key_sched(key, schedule); - des_read_pw_string(buf, sizeof(buf), "Enter master key seed: ", 0); - des_cbc_cksum((des_cblock*)buf, key, sizeof(buf), schedule, key); - memset(buf, 0, sizeof(buf)); + des_read_pw_string(buf, sizeof(buf), "Enter master key seed: ", 0); + des_cbc_cksum((des_cblock*)buf, key, sizeof(buf), schedule, key); + memset(buf, 0, sizeof(buf)); #endif - des_key_sched(key, schedule); - return 0; + des_key_sched(key, schedule); + return 0; } int kdb_get_master_key(int prompt, des_cblock *master_key, des_key_schedule master_key_sched) { - int ask = (prompt == KDB_GET_TWICE); + int ask = (prompt == KDB_GET_TWICE); #ifndef RANDOM_MKEY - ask |= (prompt == KDB_GET_PROMPT); + ask |= (prompt == KDB_GET_PROMPT); #endif - if(ask) - kdb_new_get_new_master_key(master_key, master_key_sched, - prompt == KDB_GET_TWICE); - else - kdb_new_get_master_key(master_key, master_key_sched); - return 0; + if(ask) + kdb_new_get_new_master_key(master_key, master_key_sched, + prompt == KDB_GET_TWICE); + else + kdb_new_get_master_key(master_key, master_key_sched); + return 0; } int kdb_kstash(des_cblock *master_key, char *file) { - int kfile; - kfile = open(file, O_TRUNC | O_RDWR | O_CREAT, 0600); - if (kfile < 0) { - return -1; - } - if (write(kfile, master_key, sizeof(des_cblock)) != sizeof(des_cblock)) { + int kfile; + kfile = open(file, O_TRUNC | O_RDWR | O_CREAT, 0600); + if (kfile < 0) { + return -1; + } + if (write(kfile, master_key, sizeof(des_cblock)) != sizeof(des_cblock)) { + close(kfile); + return -1; + } close(kfile); - return -1; - } - close(kfile); - return 0; + return 0; } /* The old algorithm used the key schedule as the initial vector which @@ -167,12 +168,11 @@ kdb_encrypt_key (des_cblock (*in), des_cblock (*out), des_cblock (*master_key), des_key_schedule master_key_sched, int e_d_flag) { - #ifdef NOENCRYPTION - memcpy(out, in, sizeof(des_cblock)); + memcpy(out, in, sizeof(des_cblock)); #else - des_pcbc_encrypt(in,out,(long)sizeof(des_cblock),master_key_sched,master_key, - e_d_flag); + des_pcbc_encrypt(in, out, (long)sizeof(des_cblock), master_key_sched, + master_key, e_d_flag); #endif } @@ -186,57 +186,57 @@ kdb_verify_master_key (des_cblock *master_key, des_key_schedule master_key_sched, FILE *out) /* NULL -> no output */ { - des_cblock key_from_db; - Principal principal_data[1]; - int n, more = 0; - long master_key_version; - - /* lookup the master key version */ - n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data, - 1 /* only one please */, &more); - if ((n != 1) || more) { - if (out != (FILE *) NULL) - fprintf(out, - "verify_master_key: %s, %d found.\n", - "Kerberos error on master key version lookup", - n); - return (-1); - } - - master_key_version = (long) principal_data[0].key_version; - - /* set up the master key */ - if (out != (FILE *) NULL) /* should we punt this? */ - fprintf(out, "Current Kerberos master key version is %d.\n", - principal_data[0].kdc_key_ver); - - /* - * now use the master key to decrypt the key in the db, had better - * be the same! - */ - copy_to_key(&principal_data[0].key_low, - &principal_data[0].key_high, - key_from_db); - kdb_encrypt_key (&key_from_db, &key_from_db, - master_key, master_key_sched, DES_DECRYPT); - - /* the decrypted database key had better equal the master key */ - n = memcmp(master_key, key_from_db, sizeof(master_key)); - /* this used to zero the master key here! */ - memset(key_from_db, 0, sizeof(key_from_db)); - memset(principal_data, 0, sizeof (principal_data)); - - if (n && (out != (FILE *) NULL)) { - fprintf(out, "\n\07\07verify_master_key: Invalid master key; "); - fprintf(out, "does not match database.\n"); - } - if(n) - return (-1); - - if (out != (FILE *) NULL) { - fprintf(out, "\nMaster key entered. BEWARE!\07\07\n"); - fflush(out); - } - - return (master_key_version); + des_cblock key_from_db; + Principal principal_data[1]; + int n, more = 0; + long master_key_version; + + /* lookup the master key version */ + n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data, + 1 /* only one please */, &more); + if ((n != 1) || more) { + if (out != (FILE *) NULL) + fprintf(out, + "verify_master_key: %s, %d found.\n", + "Kerberos error on master key version lookup", + n); + return (-1); + } + + master_key_version = (long) principal_data[0].key_version; + + /* set up the master key */ + if (out != (FILE *) NULL) /* should we punt this? */ + fprintf(out, "Current Kerberos master key version is %d.\n", + principal_data[0].kdc_key_ver); + + /* + * now use the master key to decrypt the key in the db, had better + * be the same! + */ + copy_to_key(&principal_data[0].key_low, + &principal_data[0].key_high, + key_from_db); + kdb_encrypt_key (&key_from_db, &key_from_db, + master_key, master_key_sched, DES_DECRYPT); + + /* the decrypted database key had better equal the master key */ + n = memcmp(master_key, key_from_db, sizeof(master_key)); + /* this used to zero the master key here! */ + memset(key_from_db, 0, sizeof(key_from_db)); + memset(principal_data, 0, sizeof (principal_data)); + + if (n && (out != (FILE *) NULL)) { + fprintf(out, "\n\07\07verify_master_key: Invalid master key; "); + fprintf(out, "does not match database.\n"); + } + if(n) + return (-1); + + if (out != (FILE *) NULL) { + fprintf(out, "\nMaster key entered. BEWARE!\07\07\n"); + fflush(out); + } + + return master_key_version; } diff --git a/kerberosIV/kdb/krb_lib.c b/kerberosIV/kdb/krb_lib.c index 4503dda02f8..81bd0d48eb9 100644 --- a/kerberosIV/kdb/krb_lib.c +++ b/kerberosIV/kdb/krb_lib.c @@ -1,3 +1,4 @@ +/* $OpenBSD: krb_lib.c,v 1.5 1997/12/12 11:29:25 art Exp $ */ /* $KTH: krb_lib.c,v 1.11 1997/05/07 01:36:08 assar Exp $ */ /* @@ -219,7 +220,7 @@ kerb_get_dba(char *name, char *inst, Dba *dba, unsigned int max, int *more) #ifdef DEBUG if (kerb_debug & 1) fprintf(stderr, "\n%s: kerb_get_dba for %s %s max = %d\n", - progname, name, inst, max); + progname, name, inst, max); #endif /* * if this is a request including a wild card, have to go to db @@ -255,5 +256,5 @@ kerb_get_dba(char *name, char *inst, Dba *dba, unsigned int max, int *more) kerb_cache_put_dba(dba, found); } #endif - return (found); + return found; } diff --git a/kerberosIV/kdb/print_princ.c b/kerberosIV/kdb/print_princ.c index 6ba635d5b79..9ffe978c70a 100644 --- a/kerberosIV/kdb/print_princ.c +++ b/kerberosIV/kdb/print_princ.c @@ -1,3 +1,4 @@ +/* $OpenBSD: print_princ.c,v 1.3 1997/12/12 11:29:26 art Exp $ */ /* $KTH: print_princ.c,v 1.5 1997/05/07 01:37:13 assar Exp $ */ /* -- cgit v1.2.3