freebsd-dev/crypto/kerberosIV/admin/kdb_util.c
1999-09-19 14:19:32 +00:00

505 lines
13 KiB
C

/*
* Copyright 1987, 1988 by the Massachusetts Institute of Technology.
*
* For copying and distribution information, please see the file
* <mit-copyright.h>.
*
* Kerberos database manipulation utility. This program allows you to
* dump a kerberos database to an ascii readable file and load this
* file into the database. Read locking of the database is done during a
* dump operation. NO LOCKING is done during a load operation. Loads
* should happen with other processes shutdown.
*
* Written July 9, 1987 by Jeffrey I. Schiller
*/
#include "adm_locl.h"
RCSID("$Id: kdb_util.c,v 1.40 1999/07/05 21:43:52 assar Exp $");
static des_cblock master_key, new_master_key;
static des_key_schedule master_key_schedule, new_master_key_schedule;
/* cv_key is a procedure which takes a principle and changes its key,
either for a new method of encrypting the keys, or a new master key.
if cv_key is null no transformation of key is done (other than net byte
order). */
struct callback_args {
void (*cv_key)(Principal *);
FILE *output_file;
};
static void
print_time(FILE *file, time_t timeval)
{
struct tm *tm;
tm = gmtime(&timeval);
fprintf(file, " %04d%02d%02d%02d%02d",
tm->tm_year + 1900,
tm->tm_mon + 1,
tm->tm_mday,
tm->tm_hour,
tm->tm_min);
}
static long
time_explode(char *cp)
{
char wbuf[5];
struct tm tp;
int local;
memset(&tp, 0, sizeof(tp)); /* clear out the struct */
if (strlen(cp) > 10) { /* new format */
strcpy_truncate(wbuf, cp, sizeof(wbuf));
tp.tm_year = atoi(wbuf) - 1900;
cp += 4; /* step over the year */
local = 0; /* GMT */
} else { /* old format: local time,
year is 2 digits, assuming 19xx */
wbuf[0] = *cp++;
wbuf[1] = *cp++;
wbuf[2] = 0;
tp.tm_year = atoi(wbuf);
local = 1; /* local */
}
wbuf[0] = *cp++;
wbuf[1] = *cp++;
wbuf[2] = 0;
tp.tm_mon = atoi(wbuf)-1;
wbuf[0] = *cp++;
wbuf[1] = *cp++;
tp.tm_mday = atoi(wbuf);
wbuf[0] = *cp++;
wbuf[1] = *cp++;
tp.tm_hour = atoi(wbuf);
wbuf[0] = *cp++;
wbuf[1] = *cp++;
tp.tm_min = atoi(wbuf);
return(tm2time(tp, local));
}
static int
dump_db_1(void *arg,
Principal *principal) /* replace null strings with "*" */
{
struct callback_args *a = (struct callback_args *)arg;
if (principal->instance[0] == '\0') {
principal->instance[0] = '*';
principal->instance[1] = '\0';
}
if (principal->mod_name[0] == '\0') {
principal->mod_name[0] = '*';
principal->mod_name[1] = '\0';
}
if (principal->mod_instance[0] == '\0') {
principal->mod_instance[0] = '*';
principal->mod_instance[1] = '\0';
}
if (a->cv_key != NULL) {
(*a->cv_key) (principal);
}
fprintf(a->output_file, "%s %s %d %d %d %d %x %x",
principal->name,
principal->instance,
principal->max_life,
principal->kdc_key_ver,
principal->key_version,
principal->attributes,
(int)htonl (principal->key_low),
(int)htonl (principal->key_high));
print_time(a->output_file, principal->exp_date);
print_time(a->output_file, principal->mod_date);
fprintf(a->output_file, " %s %s\n",
principal->mod_name,
principal->mod_instance);
return 0;
}
static int
dump_db (char *db_file, FILE *output_file, void (*cv_key) (Principal *))
{
struct callback_args a;
a.cv_key = cv_key;
a.output_file = output_file;
kerb_db_iterate (dump_db_1, &a);
return fflush(output_file);
}
static int
add_file(void *db, FILE *file)
{
int ret;
int lineno = 0;
char line[1024];
unsigned long key[2]; /* yes, long */
Principal pr;
char exp_date[64], mod_date[64];
int life, kkvno, kvno;
while(1){
memset(&pr, 0, sizeof(pr));
errno = 0;
if(fgets(line, sizeof(line), file) == NULL){
if(errno != 0)
err (1, "fgets");
break;
}
lineno++;
ret = sscanf(line, "%s %s %d %d %d %hd %lx %lx %s %s %s %s",
pr.name, pr.instance,
&life, &kkvno, &kvno,
&pr.attributes,
&key[0], &key[1],
exp_date, mod_date,
pr.mod_name, pr.mod_instance);
if(ret != 12){
warnx("Line %d malformed (ignored)", lineno);
continue;
}
pr.key_low = ntohl (key[0]);
pr.key_high = ntohl (key[1]);
pr.max_life = life;
pr.kdc_key_ver = kkvno;
pr.key_version = kvno;
pr.exp_date = time_explode(exp_date);
pr.mod_date = time_explode(mod_date);
if (pr.instance[0] == '*')
pr.instance[0] = 0;
if (pr.mod_name[0] == '*')
pr.mod_name[0] = 0;
if (pr.mod_instance[0] == '*')
pr.mod_instance[0] = 0;
if (kerb_db_update(db, &pr, 1) != 1) {
warn ("store %s.%s aborted",
pr.name, pr.instance);
return 1;
}
}
return 0;
}
static void
load_db (char *db_file, FILE *input_file)
{
long *db;
int code;
char *temp_db_file;
asprintf (&temp_db_file, "%s~", db_file);
if(temp_db_file == NULL)
errx (1, "out of memory");
/* Create the database */
if ((code = kerb_db_create(temp_db_file)) != 0)
err (1, "creating temp database %s", temp_db_file);
kerb_db_set_name(temp_db_file);
db = kerb_db_begin_update();
if (db == NULL)
err (1, "opening temp database %s", temp_db_file);
if(add_file(db, input_file))
errx (1, "Load aborted");
kerb_db_end_update(db);
if ((code = kerb_db_rename(temp_db_file, db_file)) != 0)
warn("database rename failed");
fclose(input_file);
free(temp_db_file);
}
static void
merge_db(char *db_file, FILE *input_file)
{
void *db;
db = kerb_db_begin_update();
if(db == NULL)
err (1, "Couldn't open database");
if(add_file(db, input_file))
errx (1, "Merge aborted");
kerb_db_end_update(db);
}
static void
update_ok_file (char *file_name)
{
/* handle slave locking/failure stuff */
char *file_ok;
int fd;
asprintf (&file_ok, "%s.dump_ok", file_name);
if (file_ok == NULL)
errx (1, "out of memory");
if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0)
err (1, "Error creating %s", file_ok);
free(file_ok);
close(fd);
/*
* Some versions of BSD don't update the mtime in the above open so
* we call utimes just in case.
*/
if (utime(file_name, NULL) < 0)
err (1, "utime %s", file_name);
}
static void
convert_key_new_master (Principal *p)
{
des_cblock key;
/* leave null keys alone */
if ((p->key_low == 0) && (p->key_high == 0)) return;
/* move current key to des_cblock for encryption, special case master key
since that's changing */
if ((strncmp (p->name, KERB_M_NAME, ANAME_SZ) == 0) &&
(strncmp (p->instance, KERB_M_INST, INST_SZ) == 0)) {
memcpy (key, new_master_key, sizeof(des_cblock));
(p->key_version)++;
} else {
copy_to_key(&p->key_low, &p->key_high, key);
kdb_encrypt_key (&key, &key, &master_key,
master_key_schedule, DES_DECRYPT);
}
kdb_encrypt_key (&key, &key, &new_master_key,
new_master_key_schedule, DES_ENCRYPT);
copy_from_key(key, &(p->key_low), &(p->key_high));
memset(key, 0, sizeof (key)); /* a little paranoia ... */
(p->kdc_key_ver)++;
}
static void
clear_secrets (void)
{
memset(master_key, 0, sizeof (des_cblock));
memset(master_key_schedule, 0, sizeof (des_key_schedule));
memset(new_master_key, 0, sizeof (des_cblock));
memset(new_master_key_schedule, 0, sizeof (des_key_schedule));
}
static void
convert_new_master_key (char *db_file, FILE *out)
{
#ifdef RANDOM_MKEY
errx (1, "Sorry, this function is not available with "
"the new master key scheme.");
#else
printf ("\n\nEnter the CURRENT master key.");
if (kdb_get_master_key (KDB_GET_PROMPT, &master_key,
master_key_schedule) != 0) {
clear_secrets ();
errx (1, "Couldn't get master key.");
}
if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) {
clear_secrets ();
exit (1);
}
printf ("\n\nNow enter the NEW master key. Do not forget it!!");
if (kdb_get_master_key (KDB_GET_TWICE, &new_master_key,
new_master_key_schedule) != 0) {
clear_secrets ();
errx (1, "Couldn't get new master key.");
}
dump_db (db_file, out, convert_key_new_master);
{
char *fname;
asprintf(&fname, "%s.new", MKEYFILE);
if(fname == NULL) {
clear_secrets();
errx(1, "malloc: failed");
}
kdb_kstash(&new_master_key, fname);
free(fname);
}
#endif /* RANDOM_MKEY */
}
static void
convert_key_old_db (Principal *p)
{
des_cblock key;
/* leave null keys alone */
if ((p->key_low == 0) && (p->key_high == 0)) return;
copy_to_key(&p->key_low, &p->key_high, key);
#ifndef NOENCRYPTION
des_pcbc_encrypt((des_cblock *)key,(des_cblock *)key,
(long)sizeof(des_cblock),master_key_schedule,
(des_cblock *)master_key_schedule, DES_DECRYPT);
#endif
/* make new key, new style */
kdb_encrypt_key (&key, &key, &master_key, master_key_schedule, DES_ENCRYPT);
copy_from_key(key, &(p->key_low), &(p->key_high));
memset(key, 0, sizeof (key)); /* a little paranoia ... */
}
static void
convert_old_format_db (char *db_file, FILE *out)
{
des_cblock key_from_db;
Principal principal_data[1];
int n, more;
if (kdb_get_master_key (KDB_GET_PROMPT, &master_key,
master_key_schedule) != 0L) {
clear_secrets();
errx (1, "Couldn't get master key.");
}
/* can't call kdb_verify_master_key because this is an old style db */
/* lookup the master key version */
n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data,
1 /* only one please */, &more);
if ((n != 1) || more)
errx (1, "verify_master_key: Kerberos error on master key lookup, %d found.\n", n);
/* set up the master key */
fprintf(stderr, "Current Kerberos master key version is %d.\n",
principal_data[0].kdc_key_ver);
/*
* now use the master key to decrypt (old style) the key in the db, had better
* be the same!
*/
copy_to_key(&principal_data[0].key_low,
&principal_data[0].key_high,
key_from_db);
#ifndef NOENCRYPTION
des_pcbc_encrypt(&key_from_db,&key_from_db,(long)sizeof(key_from_db),
master_key_schedule,(des_cblock *)master_key_schedule, DES_DECRYPT);
#endif
/* the decrypted database key had better equal the master key */
n = memcmp(master_key, key_from_db, sizeof(master_key));
memset(key_from_db, 0, sizeof(key_from_db));
if (n) {
fprintf(stderr, "\n\07\07verify_master_key: Invalid master key, ");
fprintf(stderr, "does not match database.\n");
exit (1);
}
fprintf(stderr, "Master key verified.\n");
dump_db (db_file, out, convert_key_old_db);
}
int
main(int argc, char **argv)
{
int ret;
FILE *file;
enum {
OP_LOAD,
OP_MERGE,
OP_DUMP,
OP_SLAVE_DUMP,
OP_NEW_MASTER,
OP_CONVERT_OLD_DB
} op;
char *file_name;
char *db_name;
set_progname (argv[0]);
if (argc != 3 && argc != 4) {
fprintf(stderr, "Usage: %s operation file [database name].\n",
argv[0]);
fprintf(stderr, "Operation is one of: "
"load, merge, dump, slave_dump, new_master_key, "
"convert_old_db\n");
exit(1);
}
if (argc == 3)
db_name = DBM_FILE;
else
db_name = argv[3];
ret = kerb_db_set_name (db_name);
/* this makes starting slave servers ~14.3 times easier */
if(ret && strcmp(argv[1], "load") == 0)
ret = kerb_db_create (db_name);
if(ret)
err (1, "Can't open database");
if (!strcmp(argv[1], "load"))
op = OP_LOAD;
else if (!strcmp(argv[1], "merge"))
op = OP_MERGE;
else if (!strcmp(argv[1], "dump"))
op = OP_DUMP;
else if (!strcmp(argv[1], "slave_dump"))
op = OP_SLAVE_DUMP;
else if (!strcmp(argv[1], "new_master_key"))
op = OP_NEW_MASTER;
else if (!strcmp(argv[1], "convert_old_db"))
op = OP_CONVERT_OLD_DB;
else {
warnx ("%s is an invalid operation.", argv[1]);
warnx ("Valid operations are \"load\", \"merge\", "
"\"dump\", \"slave_dump\", \"new_master_key\", "
"and \"convert_old_db\"");
return 1;
}
file_name = argv[2];
file = fopen(file_name, (op == OP_LOAD || op == OP_MERGE) ? "r" : "w");
if (file == NULL)
err (1, "open %s", argv[2]);
switch (op) {
case OP_DUMP:
if ((dump_db (db_name, file, (void (*)(Principal *)) 0) == EOF) ||
(fclose(file) == EOF))
err (1, "%s", file_name);
break;
case OP_SLAVE_DUMP:
if ((dump_db (db_name, file, (void (*)(Principal *)) 0) == EOF) ||
(fclose(file) == EOF))
err (1, "%s", file_name);
update_ok_file (file_name);
break;
case OP_LOAD:
load_db (db_name, file);
break;
case OP_MERGE:
merge_db (db_name, file);
break;
case OP_NEW_MASTER:
convert_new_master_key (db_name, file);
printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name);
break;
case OP_CONVERT_OLD_DB:
convert_old_format_db (db_name, file);
printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name);
break;
}
return 0;
}