1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
|
/* $OpenBSD: ext_srvtab.c,v 1.5 1998/08/12 23:09:05 art Exp $ */
/* $KTH: ext_srvtab.c,v 1.13 1997/05/02 14:27:33 assar Exp $ */
/*-
* Copyright 1987, 1988 by the Student Information Processing Board
* of the Massachusetts Institute of Technology
*
* Permission to use, copy, modify, and distribute this software
* and its documentation for any purpose and without fee is
* hereby granted, provided that the above copyright notice
* appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation,
* and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
* used in advertising or publicity pertaining to distribution
* of the software without specific, written prior permission.
* M.I.T. and the M.I.T. S.I.P.B. make no representations about
* the suitability of this software for any purpose. It is
* provided "as is" without express or implied warranty.
*/
#include <sys/param.h>
#include <adm_locl.h>
#include <err.h>
static des_cblock master_key;
static des_cblock session_key;
static des_key_schedule master_key_schedule;
char progname[] = "ext_srvtab";
static char realm[REALM_SZ];
static void
usage(void)
{
fprintf(stderr,
"Usage: %s [-n] [-r realm] instance [instance ...]\n", progname);
exit(1);
}
static void
StampOutSecrets(void)
{
memset(master_key, 0, sizeof master_key);
memset(session_key, 0, sizeof session_key);
memset(master_key_schedule, 0, sizeof master_key_schedule);
}
static void
FWrite(void *p, int size, int n, FILE *f)
{
if (fwrite(p, size, n, f) != n) {
StampOutSecrets();
errx(1, "Error writing output file. Terminating.\n");
}
}
int
main(int argc, char **argv)
{
FILE *fout;
char fname[MAXPATHLEN];
int fopen_errs = 0;
int arg;
Principal princs[40];
int more;
int prompt = KDB_GET_PROMPT;
int n, i;
memset(realm, 0, sizeof(realm));
if (atexit(StampOutSecrets))
errx(1, "Out of resources");
/* Parse commandline arguments */
if (argc < 2)
usage();
else {
for (i = 1; i < argc; i++) {
if (strcmp(argv[i], "-n") == 0)
prompt = FALSE;
else if (strcmp(argv[i], "-r") == 0) {
if (++i >= argc)
usage();
else {
strcpy(realm, argv[i]);
/*
* This is to humor the broken way commandline
* argument parsing is done. Later, this
* program ignores everything that starts with -.
*/
argv[i][0] = '-';
}
}
else if (argv[i][0] == '-')
usage();
else
if (!k_isinst(argv[i])) {
warnx("bad instance name: %s", argv[i]);
usage();
}
}
}
if (kdb_get_master_key (prompt, &master_key, master_key_schedule) != 0)
errx (1, "Couldn't read master key.");
if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0)
exit(1);
/* For each arg, search for instances of arg, and produce */
/* srvtab file */
if (!realm[0])
if (krb_get_lrealm(realm, 1) != KSUCCESS) {
StampOutSecrets();
errx (1, "couldn't get local realm");
}
umask(077);
for (arg = 1; arg < argc; arg++) {
if (argv[arg][0] == '-')
continue;
snprintf(fname, sizeof(fname), "%s-new-srvtab", argv[arg]);
if ((fout = fopen(fname, "w")) == NULL) {
warn("Couldn't create file '%s'.", fname);
fopen_errs++;
continue;
}
printf("Generating '%s'....\n", fname);
n = kerb_get_principal("*", argv[arg], &princs[0], 40, &more);
if (more)
fprintf(stderr, "More than 40 found...\n");
for (i = 0; i < n; i++) {
FWrite(princs[i].name, strlen(princs[i].name) + 1, 1, fout);
FWrite(princs[i].instance, strlen(princs[i].instance) + 1,
1, fout);
FWrite(realm, strlen(realm) + 1, 1, fout);
FWrite(&princs[i].key_version,
sizeof(princs[i].key_version), 1, fout);
copy_to_key(&princs[i].key_low, &princs[i].key_high, session_key);
kdb_encrypt_key (&session_key, &session_key,
&master_key, master_key_schedule, DES_DECRYPT);
FWrite(session_key, sizeof session_key, 1, fout);
}
fclose(fout);
}
StampOutSecrets();
return fopen_errs; /* 0 errors if successful */
}
|