diff options
Diffstat (limited to 'crypto/kerberosIV/admin')
| -rw-r--r-- | crypto/kerberosIV/admin/Makefile.in | 104 | ||||
| -rw-r--r-- | crypto/kerberosIV/admin/adm_locl.h | 91 | ||||
| -rw-r--r-- | crypto/kerberosIV/admin/ext_srvtab.c | 143 | ||||
| -rw-r--r-- | crypto/kerberosIV/admin/kdb_destroy.c | 57 | ||||
| -rw-r--r-- | crypto/kerberosIV/admin/kdb_edit.c | 404 | ||||
| -rw-r--r-- | crypto/kerberosIV/admin/kdb_init.c | 174 | ||||
| -rw-r--r-- | crypto/kerberosIV/admin/kdb_util.c | 496 | ||||
| -rw-r--r-- | crypto/kerberosIV/admin/kstash.c | 56 |
8 files changed, 0 insertions, 1525 deletions
diff --git a/crypto/kerberosIV/admin/Makefile.in b/crypto/kerberosIV/admin/Makefile.in deleted file mode 100644 index d0b68b1532ef0..0000000000000 --- a/crypto/kerberosIV/admin/Makefile.in +++ /dev/null @@ -1,104 +0,0 @@ -# $Id: Makefile.in,v 1.26 1997/05/04 08:33:50 assar Exp $ - -SHELL = /bin/sh - -srcdir = @srcdir@ -VPATH = @srcdir@ - -CC = @CC@ -AR = ar -RANLIB = @RANLIB@ -DEFS = @DEFS@ -CFLAGS = @CFLAGS@ -LD_FLAGS = @LD_FLAGS@ -LIBS = @LIBS@ -LIB_DBM = @LIB_DBM@ - -INSTALL = @INSTALL@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ - -MKINSTALLDIRS = @top_srcdir@/mkinstalldirs - -prefix = @prefix@ -exec_prefix = @exec_prefix@ -libdir = @libdir@ -sbindir = @sbindir@ -transform=@program_transform_name@ -EXECSUFFIX=@EXECSUFFIX@ - -PROGS = ext_srvtab$(EXECSUFFIX) \ - kdb_destroy$(EXECSUFFIX) \ - kdb_edit$(EXECSUFFIX) \ - kdb_init$(EXECSUFFIX) \ - kdb_util$(EXECSUFFIX) \ - kstash$(EXECSUFFIX) - -SOURCES = ext_srvtab.c kdb_destroy.c kdb_edit.c \ - kdb_init.c kdb_util.c kstash.c - -OBJECTS = ext_srvtab.o kdb_destroy.o kdb_edit.o \ - kdb_init.o kdb_util.o kstash.o - -all: $(PROGS) - -Wall: - make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" - -.c.o: - $(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $< - -install: all - $(MKINSTALLDIRS) $(sbindir) - for x in $(PROGS); do \ - $(INSTALL_PROGRAM) $$x $(sbindir)/`echo $$x|sed '$(transform)'`; \ - done - -uninstall: - for x in $(PROGS); do \ - rm -f $(sbindir)/`echo $$x|sed '$(transform)'`; \ - done - -TAGS: $(SOURCES) - etags $(SOURCES) - -check: - -clean: - rm -f *.a *.o $(PROGS) - -mostlyclean: clean - -distclean: clean - rm -f Makefile *.tab.c *~ - -realclean: distclean - rm -f TAGS - -dist: $(DISTFILES) - for file in $(DISTFILES); do \ - ln $$file ../`cat ../.fname`/lib \ - || cp -p $$file ../`cat ../.fname`/lib; \ - done - -KLIB=-L../lib/kdb -lkdb -L../lib/krb -lkrb -L../lib/des -ldes -LIBROKEN= -L../lib/roken -lroken - -ext_srvtab$(EXECSUFFIX): ext_srvtab.o - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ ext_srvtab.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) - -kdb_destroy$(EXECSUFFIX): kdb_destroy.o - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_destroy.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) - -kdb_edit$(EXECSUFFIX): kdb_edit.o - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_edit.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) - -kdb_init$(EXECSUFFIX): kdb_init.o - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_init.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) - -kdb_util$(EXECSUFFIX): kdb_util.o - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_util.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) - -kstash$(EXECSUFFIX): kstash.o - $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kstash.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) - -$(OBJECTS): ../include/config.h diff --git a/crypto/kerberosIV/admin/adm_locl.h b/crypto/kerberosIV/admin/adm_locl.h deleted file mode 100644 index 6cbd20dfde9a9..0000000000000 --- a/crypto/kerberosIV/admin/adm_locl.h +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: adm_locl.h,v 1.16 1997/04/20 05:46:14 assar Exp $ */ - -#ifndef __adm_locl_h -#define __adm_locl_h - -#include "config.h" -#include "protos.h" - -#include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include <assert.h> - -#ifdef HAVE_SYS_TYPES_H -#include <sys/types.h> -#endif - -#ifdef TIME_WITH_SYS_TIME -#include <sys/time.h> -#include <time.h> -#elif defined(HAVE_SYS_TIME_H) -#include <sys/time.h> -#else -#include <time.h> -#endif /* !TIME_WITH_SYS_TIME */ - -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif -#ifdef HAVE_SYS_STAT_H -#include <sys/stat.h> -#endif -#ifdef HAVE_FCNTL_H -#include <fcntl.h> -#endif -#include <signal.h> -#include <errno.h> - -#ifdef HAVE_NETINET_IN_H -#include <netinet/in.h> -#endif - -#include <err.h> - -#include <roken.h> - -#include <des.h> -#include <krb.h> -#include <krb_db.h> -#include <kdc.h> -#include <kadm.h> - -#endif /* __adm_locl_h */ diff --git a/crypto/kerberosIV/admin/ext_srvtab.c b/crypto/kerberosIV/admin/ext_srvtab.c deleted file mode 100644 index 9c029219d899d..0000000000000 --- a/crypto/kerberosIV/admin/ext_srvtab.c +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * <mit-copyright.h>. - * - * Description - */ - -#include "adm_locl.h" - -RCSID("$Id: ext_srvtab.c,v 1.13 1997/05/02 14:27:33 assar Exp $"); - -static des_cblock master_key; -static des_cblock session_key; -static des_key_schedule master_key_schedule; -static char realm[REALM_SZ]; - -static void -usage(void) -{ - fprintf(stderr, - "Usage: %s [-n] [-r realm] instance [instance ...]\n", - __progname); - exit(1); -} - -static void -StampOutSecrets(void) -{ - memset(master_key, 0, sizeof master_key); - memset(session_key, 0, sizeof session_key); - memset(master_key_schedule, 0, sizeof master_key_schedule); -} - -static void -Die(void) -{ - StampOutSecrets(); - exit(1); -} - -static void -FWrite(void *p, int size, int n, FILE *f) -{ - if (fwrite(p, size, n, f) != n) { - printf("Error writing output file. Terminating.\n"); - Die(); - } -} - -int -main(int argc, char **argv) -{ - FILE *fout; - char fname[1024]; - int fopen_errs = 0; - int arg; - Principal princs[40]; - int more; - int prompt = KDB_GET_PROMPT; - int n, i; - - set_progname (argv[0]); - memset(realm, 0, sizeof(realm)); - - /* Parse commandline arguments */ - if (argc < 2) - usage(); - else { - for (i = 1; i < argc; i++) { - if (strcmp(argv[i], "-n") == 0) - prompt = FALSE; - else if (strcmp(argv[i], "-r") == 0) { - if (++i >= argc) - usage(); - else { - strcpy(realm, argv[i]); - /* - * This is to humor the broken way commandline - * argument parsing is done. Later, this - * program ignores everything that starts with -. - */ - argv[i][0] = '-'; - } - } - else if (argv[i][0] == '-') - usage(); - else - if (!k_isinst(argv[i])) { - warnx("bad instance name: %s", argv[i]); - usage(); - } - } - } - - if (kdb_get_master_key (prompt, &master_key, master_key_schedule) != 0) - errx (1, "Couldn't read master key."); - - if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) { - exit(1); - } - - /* For each arg, search for instances of arg, and produce */ - /* srvtab file */ - if (!realm[0]) - if (krb_get_lrealm(realm, 1) != KSUCCESS) - errx (1, "couldn't get local realm"); - umask(077); - - for (arg = 1; arg < argc; arg++) { - if (argv[arg][0] == '-') - continue; - snprintf(fname, sizeof(fname), "%s-new-srvtab", argv[arg]); - if ((fout = fopen(fname, "w")) == NULL) { - warn("Couldn't create file '%s'.", fname); - fopen_errs++; - continue; - } - printf("Generating '%s'....\n", fname); - n = kerb_get_principal("*", argv[arg], &princs[0], 40, &more); - if (more) - fprintf(stderr, "More than 40 found...\n"); - for (i = 0; i < n; i++) { - FWrite(princs[i].name, strlen(princs[i].name) + 1, 1, fout); - FWrite(princs[i].instance, strlen(princs[i].instance) + 1, - 1, fout); - FWrite(realm, strlen(realm) + 1, 1, fout); - FWrite(&princs[i].key_version, - sizeof(princs[i].key_version), 1, fout); - copy_to_key(&princs[i].key_low, &princs[i].key_high, session_key); - kdb_encrypt_key (&session_key, &session_key, - &master_key, master_key_schedule, DES_DECRYPT); - FWrite(session_key, sizeof session_key, 1, fout); - } - fclose(fout); - } - - StampOutSecrets(); - - return fopen_errs; /* 0 errors if successful */ - -} diff --git a/crypto/kerberosIV/admin/kdb_destroy.c b/crypto/kerberosIV/admin/kdb_destroy.c deleted file mode 100644 index fca339f0dd6bc..0000000000000 --- a/crypto/kerberosIV/admin/kdb_destroy.c +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * <mit-copyright.h>. - * - * Description. - */ - -#include "adm_locl.h" - -RCSID("$Id: kdb_destroy.c,v 1.7 1997/03/31 02:25:21 assar Exp $"); - -int -main(int argc, char **argv) -{ - char answer[10]; /* user input */ - char dbm[256]; /* database path and name */ - char dbm1[256]; /* database path and name */ -#ifdef HAVE_NEW_DB - char *file; /* database file names */ -#else - char *file1, *file2; /* database file names */ -#endif - - set_progname (argv[0]); - - strcpy(dbm, DBM_FILE); -#ifdef HAVE_NEW_DB - file = strcat(dbm, ".db"); -#else - strcpy(dbm1, DBM_FILE); - file1 = strcat(dbm, ".dir"); - file2 = strcat(dbm1, ".pag"); -#endif - - printf("You are about to destroy the Kerberos database "); - printf("on this machine.\n"); - printf("Are you sure you want to do this (y/n)? "); - fgets(answer, sizeof(answer), stdin); - - if (answer[0] == 'y' || answer[0] == 'Y') { -#ifdef HAVE_NEW_DB - if (unlink(file) == 0) -#else - if (unlink(file1) == 0 && unlink(file2) == 0) -#endif - { - warnx ("Database deleted at %s", DBM_FILE); - return 0; - } - else - warn ("Database cannot be deleted at %s", DBM_FILE); - } else - warnx ("Database not deleted at %s", DBM_FILE); - return 1; -} diff --git a/crypto/kerberosIV/admin/kdb_edit.c b/crypto/kerberosIV/admin/kdb_edit.c deleted file mode 100644 index 5d07135e9780c..0000000000000 --- a/crypto/kerberosIV/admin/kdb_edit.c +++ /dev/null @@ -1,404 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * - * For copying and distribution information, please see the file - * <mit-copyright.h>. - * - * This routine changes the Kerberos encryption keys for principals, - * i.e., users or services. - */ - -/* - * exit returns 0 ==> success -1 ==> error - */ - -#include "adm_locl.h" - -RCSID("$Id: kdb_edit.c,v 1.25 1997/05/07 01:34:05 assar Exp $"); - -#ifdef DEBUG -extern kerb_debug; -#endif - -#define zaptime(foo) memset((foo), 0, sizeof(*(foo))) - -static int nflag = 0; -static int debug; - -static des_cblock new_key; - -static int i, j; -static int more; - -static char input_name[ANAME_SZ]; -static char input_instance[INST_SZ]; - -#define MAX_PRINCIPAL 10 -static Principal principal_data[MAX_PRINCIPAL]; - -static Principal old_principal; -static Principal default_princ; - -static des_cblock master_key; -static des_cblock session_key; -static des_key_schedule master_key_schedule; -static char pw_str[255]; -static long master_key_version; - -static void -Usage(void) -{ - fprintf(stderr, "Usage: %s [-n]\n", __progname); - exit(1); -} - -static char * -n_gets(char *buf, int size) -{ - char *p; - char *ret; - ret = fgets(buf, size, stdin); - - if (ret && (p = strchr(buf, '\n'))) - *p = 0; - return ret; -} - - -static int -change_principal(void) -{ - static char temp[255]; - int creating = 0; - int editpw = 0; - int changed = 0; - long temp_long; /* Don't change to int32_t, used by scanf */ - int n; - struct tm *tp, edate; - - fprintf(stdout, "\nPrincipal name: "); - fflush(stdout); - if (!n_gets(input_name, sizeof(input_name)) || *input_name == '\0') - return 0; - fprintf(stdout, "Instance: "); - fflush(stdout); - /* instance can be null */ - n_gets(input_instance, sizeof(input_instance)); - j = kerb_get_principal(input_name, input_instance, principal_data, - MAX_PRINCIPAL, &more); - if (!j) { - fprintf(stdout, "\n\07\07<Not found>, Create [y] ? "); - fflush(stdout); - n_gets(temp, sizeof(temp)); /* Default case should work, it didn't */ - if (temp[0] != 'y' && temp[0] != 'Y' && temp[0] != '\0') - return -1; - /* make a new principal, fill in defaults */ - j = 1; - creating = 1; - strcpy(principal_data[0].name, input_name); - strcpy(principal_data[0].instance, input_instance); - principal_data[0].old = NULL; - principal_data[0].exp_date = default_princ.exp_date; - if (strcmp(input_instance, "admin") == 0) - principal_data[0].max_life = 1 + (CLOCK_SKEW/(5*60)); /*5+5 minutes*/ - else if (strcmp(input_instance, "root") == 0) - principal_data[0].max_life = 96; /* 8 hours */ - else - principal_data[0].max_life = default_princ.max_life; - principal_data[0].attributes = default_princ.attributes; - principal_data[0].kdc_key_ver = (unsigned char) master_key_version; - principal_data[0].key_version = 0; /* bumped up later */ - } - tp = k_localtime(&principal_data[0].exp_date); - snprintf(principal_data[0].exp_date_txt, - sizeof(principal_data[0].exp_date_txt), - "%4d-%02d-%02d", - tp->tm_year + 1900, - tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */ - for (i = 0; i < j; i++) { - for (;;) { - fprintf(stdout, - "\nPrincipal: %s, Instance: %s, kdc_key_ver: %d", - principal_data[i].name, principal_data[i].instance, - principal_data[i].kdc_key_ver); - fflush(stdout); - editpw = 1; - changed = 0; - if (!creating) { - /* - * copy the existing data so we can use the old values - * for the qualifier clause of the replace - */ - principal_data[i].old = (char *) &old_principal; - memcpy(&old_principal, &principal_data[i], - sizeof(old_principal)); - printf("\nChange password [n] ? "); - n_gets(temp, sizeof(temp)); - if (strcmp("y", temp) && strcmp("Y", temp)) - editpw = 0; - } - /* password */ - if (editpw) { -#ifdef NOENCRYPTION - placebo_read_pw_string(pw_str, sizeof pw_str, - "\nNew Password: ", TRUE); -#else - if(des_read_pw_string(pw_str, sizeof pw_str, - "\nNew Password: ", TRUE)) - continue; -#endif - if ( strcmp(pw_str, "RANDOM") == 0 - || strcmp(pw_str, "") == 0) { - printf("\nRandom password [y] ? "); - n_gets(temp, sizeof(temp)); - if (!strcmp("n", temp) || !strcmp("N", temp)) { - /* no, use literal */ -#ifdef NOENCRYPTION - memset(new_key, 0, sizeof(des_cblock)); - new_key[0] = 127; -#else - des_string_to_key(pw_str, &new_key); -#endif - memset(pw_str, 0, sizeof pw_str); /* "RANDOM" */ - } else { -#ifdef NOENCRYPTION - memset(new_key, 0, sizeof(des_cblock)); - new_key[0] = 127; -#else - des_new_random_key(&new_key); -#endif - memset(pw_str, 0, sizeof pw_str); - } - } else if (!strcmp(pw_str, "NULL")) { - printf("\nNull Key [y] ? "); - n_gets(temp, sizeof(temp)); - if (!strcmp("n", temp) || !strcmp("N", temp)) { - /* no, use literal */ -#ifdef NOENCRYPTION - memset(new_key, 0, sizeof(des_cblock)); - new_key[0] = 127; -#else - des_string_to_key(pw_str, &new_key); -#endif - memset(pw_str, 0, sizeof pw_str); /* "NULL" */ - } else { - - principal_data[i].key_low = 0; - principal_data[i].key_high = 0; - goto null_key; - } - } else { -#ifdef NOENCRYPTION - memset(new_key, 0, sizeof(des_cblock)); - new_key[0] = 127; -#else - des_string_to_key(pw_str, &new_key); -#endif - memset(pw_str, 0, sizeof pw_str); - } - - /* seal it under the kerberos master key */ - kdb_encrypt_key (&new_key, &new_key, - &master_key, master_key_schedule, - DES_ENCRYPT); - copy_from_key(new_key, - &principal_data[i].key_low, - &principal_data[i].key_high); - memset(new_key, 0, sizeof(new_key)); - null_key: - /* set master key version */ - principal_data[i].kdc_key_ver = - (unsigned char) master_key_version; - /* bump key version # */ - principal_data[i].key_version++; - fprintf(stdout, - "\nPrincipal's new key version = %d\n", - principal_data[i].key_version); - fflush(stdout); - changed = 1; - } - /* expiration date */ - fprintf(stdout, "Expiration date (enter yyyy-mm-dd) [ %s ] ? ", - principal_data[i].exp_date_txt); - fflush(stdout); - zaptime(&edate); - while (n_gets(temp, sizeof(temp)) && ((n = strlen(temp)) > - sizeof(principal_data[0].exp_date_txt))) { - bad_date: - fprintf(stdout, "\07\07Date Invalid\n"); - fprintf(stdout, - "Expiration date (enter yyyy-mm-dd) [ %s ] ? ", - principal_data[i].exp_date_txt); - fflush(stdout); - zaptime(&edate); - } - - if (*temp) { - if (sscanf(temp, "%d-%d-%d", &edate.tm_year, - &edate.tm_mon, &edate.tm_mday) != 3) - goto bad_date; - edate.tm_mon--; /* January is 0, not 1 */ - edate.tm_hour = 23; /* nearly midnight at the end of the */ - edate.tm_min = 59; /* specified day */ - if (krb_check_tm (edate)) - goto bad_date; - edate.tm_year -= 1900; - temp_long = tm2time (edate, 1); - strcpy(principal_data[i].exp_date_txt, temp); - principal_data[i].exp_date = temp_long; - changed = 1; - } - - /* maximum lifetime */ - fprintf(stdout, "Max ticket lifetime (*5 minutes) [ %d ] ? ", - principal_data[i].max_life); - fflush(stdout); - while (n_gets(temp, sizeof(temp)) && *temp) { - if (sscanf(temp, "%ld", &temp_long) != 1) - goto bad_life; - if (temp_long > 255 || (temp_long < 0)) { - bad_life: - fprintf(stdout, "\07\07Invalid, choose 0-255\n"); - fprintf(stdout, - "Max ticket lifetime (*5 minutes) [ %d ] ? ", - principal_data[i].max_life); - fflush(stdout); - continue; - } - changed = 1; - /* dont clobber */ - principal_data[i].max_life = (unsigned short) temp_long; - break; - } - - /* attributes */ - fprintf(stdout, "Attributes [ %d ] ? ", - principal_data[i].attributes); - fflush(stdout); - while (n_gets(temp, sizeof(temp)) && *temp) { - if (sscanf(temp, "%ld", &temp_long) != 1) - goto bad_att; - if (temp_long > 65535 || (temp_long < 0)) { - bad_att: - fprintf(stdout, "\07\07Invalid, choose 0-65535\n"); - fprintf(stdout, "Attributes [ %d ] ? ", - principal_data[i].attributes); - fflush(stdout); - continue; - } - changed = 1; - /* dont clobber */ - principal_data[i].attributes = - (unsigned short) temp_long; - break; - } - - /* - * remaining fields -- key versions and mod info, should - * not be directly manipulated - */ - if (changed) { - if (kerb_put_principal(&principal_data[i], 1)) { - fprintf(stdout, - "\nError updating Kerberos database"); - } else { - fprintf(stdout, "Edit O.K."); - } - } else { - fprintf(stdout, "Unchanged"); - } - - - memset(&principal_data[i].key_low, 0, 4); - memset(&principal_data[i].key_high, 0, 4); - fflush(stdout); - break; - } - } - if (more) { - fprintf(stdout, "\nThere were more tuples found "); - fprintf(stdout, "than there were space for"); - } - return 1; -} - -static void -cleanup(void) -{ - - memset(master_key, 0, sizeof(master_key)); - memset(session_key, 0, sizeof(session_key)); - memset(master_key_schedule, 0, sizeof(master_key_schedule)); - memset(principal_data, 0, sizeof(principal_data)); - memset(new_key, 0, sizeof(new_key)); - memset(pw_str, 0, sizeof(pw_str)); -} - -int -main(int argc, char **argv) -{ - /* Local Declarations */ - - long n; - - set_progname (argv[0]); - - while (--argc > 0 && (*++argv)[0] == '-') - for (i = 1; argv[0][i] != '\0'; i++) { - switch (argv[0][i]) { - - /* debug flag */ - case 'd': - debug = 1; - continue; - - /* debug flag */ -#ifdef DEBUG - case 'l': - kerb_debug |= 1; - continue; -#endif - case 'n': /* read MKEYFILE for master key */ - nflag = 1; - continue; - - default: - warnx ("illegal flag \"%c\"", argv[0][i]); - Usage(); /* Give message and die */ - } - } - - fprintf(stdout, "Opening database...\n"); - fflush(stdout); - kerb_init(); - if (argc > 0) - if (kerb_db_set_name(*argv) != 0) - errx (1, "Could not open altername database name"); - - if (kdb_get_master_key ((nflag == 0) ? KDB_GET_PROMPT : 0, - &master_key, master_key_schedule) != 0) - errx (1, "Couldn't read master key."); - - if ((master_key_version = kdb_verify_master_key(&master_key, - master_key_schedule, - stdout)) < 0) - return 1; - - /* Initialize non shared random sequence */ - des_init_random_number_generator(&master_key); - - /* lookup the default values */ - n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, - &default_princ, 1, &more); - if (n != 1) - errx (1, "Kerberos error on default value lookup, %ld found.", n); - fprintf(stdout, "Previous or default values are in [brackets] ,\n"); - fprintf(stdout, "enter return to leave the same, or new value.\n"); - - while (change_principal()) { - } - - cleanup(); - return 0; -} diff --git a/crypto/kerberosIV/admin/kdb_init.c b/crypto/kerberosIV/admin/kdb_init.c deleted file mode 100644 index b9ea009c5d1cd..0000000000000 --- a/crypto/kerberosIV/admin/kdb_init.c +++ /dev/null @@ -1,174 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * <mit-copyright.h>. - * - * program to initialize the database, reports error if database file - * already exists. - */ - -#include "adm_locl.h" - -RCSID("$Id: kdb_init.c,v 1.23 1997/03/30 17:45:05 assar Exp $"); - -enum ap_op { - NULL_KEY, /* setup null keys */ - MASTER_KEY, /* use master key as new key */ - RANDOM_KEY /* choose a random key */ -}; - -static des_cblock master_key; -static des_key_schedule master_key_schedule; - -/* use a return code to indicate success or failure. check the return */ -/* values of the routines called by this routine. */ - -static int -add_principal(char *name, char *instance, enum ap_op aap_op, int maxlife) -{ - Principal principal; - struct tm *tm; - des_cblock new_key; - - memset(&principal, 0, sizeof(principal)); - strncpy(principal.name, name, ANAME_SZ); - strncpy(principal.instance, instance, INST_SZ); - switch (aap_op) { - case NULL_KEY: - principal.key_low = 0; - principal.key_high = 0; - break; - case RANDOM_KEY: -#ifdef NOENCRYPTION - memset(new_key, 0, sizeof(des_cblock)); - new_key[0] = 127; -#else - des_new_random_key(&new_key); -#endif - kdb_encrypt_key (&new_key, &new_key, &master_key, master_key_schedule, - DES_ENCRYPT); - copy_from_key(new_key, &principal.key_low, &principal.key_high); - memset(new_key, 0, sizeof(new_key)); - break; - case MASTER_KEY: - memcpy(new_key, master_key, sizeof (des_cblock)); - kdb_encrypt_key (&new_key, &new_key, &master_key, master_key_schedule, - DES_ENCRYPT); - copy_from_key(new_key, &principal.key_low, &principal.key_high); - break; - } - principal.exp_date = 946702799; /* Happy new century */ - strncpy(principal.exp_date_txt, "12/31/99", DATE_SZ); - principal.mod_date = time(0); - - tm = k_localtime(&principal.mod_date); - principal.attributes = 0; - principal.max_life = maxlife; - - principal.kdc_key_ver = 1; - principal.key_version = 1; - - strncpy(principal.mod_name, "db_creation", ANAME_SZ); - strncpy(principal.mod_instance, "", INST_SZ); - principal.old = 0; - - if (kerb_db_put_principal(&principal, 1) != 1) - return -1; /* FAIL */ - - /* let's play it safe */ - memset(new_key, 0, sizeof (des_cblock)); - memset(&principal.key_low, 0, 4); - memset(&principal.key_high, 0, 4); - return 0; -} - -int -main(int argc, char **argv) -{ - char realm[REALM_SZ]; - char *cp; - int code; - char *database; - - set_progname (argv[0]); - - if (argc > 3) { - fprintf(stderr, "Usage: %s [realm-name] [database-name]\n", argv[0]); - return 1; - } - if (argc == 3) { - database = argv[2]; - --argc; - } else - database = DBM_FILE; - - /* Do this first, it'll fail if the database exists */ - if ((code = kerb_db_create(database)) != 0) - err (1, "Couldn't create database %s", database); - kerb_db_set_name(database); - - if (argc == 2) - strncpy(realm, argv[1], REALM_SZ); - else { - if (krb_get_lrealm(realm, 1) != KSUCCESS) - strcpy(realm, KRB_REALM); - fprintf(stderr, "Realm name [default %s ]: ", realm); - if (fgets(realm, sizeof(realm), stdin) == NULL) - errx (1, "\nEOF reading realm"); - if ((cp = strchr(realm, '\n'))) - *cp = '\0'; - if (!*realm) /* no realm given */ - if (krb_get_lrealm(realm, 1) != KSUCCESS) - strcpy(realm, KRB_REALM); - } - if (!k_isrealm(realm)) - errx (1, "Bad kerberos realm name \"%s\"", realm); -#ifndef RANDOM_MKEY - printf("You will be prompted for the database Master Password.\n"); - printf("It is important that you NOT FORGET this password.\n"); -#else - printf("To generate a master key, please enter some random data.\n"); - printf("You do not have to remember this.\n"); -#endif - fflush(stdout); - - if (kdb_get_master_key (KDB_GET_TWICE, &master_key, - master_key_schedule) != 0) - errx (1, "Couldn't read master key."); - -#ifdef RANDOM_MKEY - if(kdb_kstash(&master_key, MKEYFILE) < 0) - err (1, "Error writing master key"); - fprintf(stderr, "Wrote master key to %s\n", MKEYFILE); -#endif - - /* Initialize non shared random sequence */ - des_init_random_number_generator(&master_key); - - /* Maximum lifetime for changepw.kerberos (kadmin) tickets, 10 minutes */ -#define ADMLIFE (1 + (CLOCK_SKEW/(5*60))) - - /* Maximum lifetime for ticket granting tickets, 4 days or 21.25h */ -#define TGTLIFE ((krb_life_to_time(0, 162) >= 24*60*60) ? 161 : 255) - - /* This means that default lifetimes have not been initialized */ -#define DEFLIFE 255 - -#define NOLIFE 0 - - if ( - add_principal(KERB_M_NAME, KERB_M_INST, MASTER_KEY, NOLIFE) || - add_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, NULL_KEY,DEFLIFE)|| - add_principal(KRB_TICKET_GRANTING_TICKET, realm, RANDOM_KEY, TGTLIFE)|| - add_principal(PWSERV_NAME, KRB_MASTER, RANDOM_KEY, ADMLIFE) - ) { - putc ('\n', stderr); - errx (1, "couldn't initialize database."); - } - - /* play it safe */ - memset(master_key, 0, sizeof (des_cblock)); - memset(master_key_schedule, 0, sizeof (des_key_schedule)); - return 0; -} diff --git a/crypto/kerberosIV/admin/kdb_util.c b/crypto/kerberosIV/admin/kdb_util.c deleted file mode 100644 index b221fddb1e6bf..0000000000000 --- a/crypto/kerberosIV/admin/kdb_util.c +++ /dev/null @@ -1,496 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * <mit-copyright.h>. - * - * Kerberos database manipulation utility. This program allows you to - * dump a kerberos database to an ascii readable file and load this - * file into the database. Read locking of the database is done during a - * dump operation. NO LOCKING is done during a load operation. Loads - * should happen with other processes shutdown. - * - * Written July 9, 1987 by Jeffrey I. Schiller - */ - -#include "adm_locl.h" - -RCSID("$Id: kdb_util.c,v 1.35 1997/05/07 00:57:45 assar Exp $"); - -static des_cblock master_key, new_master_key; -static des_key_schedule master_key_schedule, new_master_key_schedule; - -#define zaptime(foo) memset((foo), 0, sizeof(*(foo))) - -/* cv_key is a procedure which takes a principle and changes its key, - either for a new method of encrypting the keys, or a new master key. - if cv_key is null no transformation of key is done (other than net byte - order). */ - -struct callback_args { - void (*cv_key)(Principal *); - FILE *output_file; -}; - -static void -print_time(FILE *file, time_t timeval) -{ - struct tm *tm; - tm = gmtime(&timeval); - fprintf(file, " %04d%02d%02d%02d%02d", - tm->tm_year + 1900, - tm->tm_mon + 1, - tm->tm_mday, - tm->tm_hour, - tm->tm_min); -} - -static long -time_explode(char *cp) -{ - char wbuf[5]; - struct tm tp; - int local; - - zaptime(&tp); /* clear out the struct */ - - if (strlen(cp) > 10) { /* new format */ - strncpy(wbuf, cp, 4); - wbuf[4] = 0; - tp.tm_year = atoi(wbuf) - 1900; - cp += 4; /* step over the year */ - local = 0; /* GMT */ - } else { /* old format: local time, - year is 2 digits, assuming 19xx */ - wbuf[0] = *cp++; - wbuf[1] = *cp++; - wbuf[2] = 0; - tp.tm_year = atoi(wbuf); - local = 1; /* local */ - } - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - wbuf[2] = 0; - tp.tm_mon = atoi(wbuf)-1; - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - tp.tm_mday = atoi(wbuf); - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - tp.tm_hour = atoi(wbuf); - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - tp.tm_min = atoi(wbuf); - - - return(tm2time(tp, local)); -} - -static int -dump_db_1(void *arg, Principal *principal) -{ /* replace null strings with "*" */ - struct callback_args *a = (struct callback_args *)arg; - - if (principal->instance[0] == '\0') { - principal->instance[0] = '*'; - principal->instance[1] = '\0'; - } - if (principal->mod_name[0] == '\0') { - principal->mod_name[0] = '*'; - principal->mod_name[1] = '\0'; - } - if (principal->mod_instance[0] == '\0') { - principal->mod_instance[0] = '*'; - principal->mod_instance[1] = '\0'; - } - if (a->cv_key != NULL) { - (*a->cv_key) (principal); - } - fprintf(a->output_file, "%s %s %d %d %d %d %x %x", - principal->name, - principal->instance, - principal->max_life, - principal->kdc_key_ver, - principal->key_version, - principal->attributes, - (int)htonl (principal->key_low), - (int)htonl (principal->key_high)); - print_time(a->output_file, principal->exp_date); - print_time(a->output_file, principal->mod_date); - fprintf(a->output_file, " %s %s\n", - principal->mod_name, - principal->mod_instance); - return 0; -} - -static int -dump_db (char *db_file, FILE *output_file, void (*cv_key) (Principal *)) -{ - struct callback_args a; - - a.cv_key = cv_key; - a.output_file = output_file; - - kerb_db_iterate ((k_iter_proc_t)dump_db_1, &a); - return fflush(output_file); -} - -static int -add_file(void *db, FILE *file) -{ - int ret; - int lineno = 0; - char line[1024]; - unsigned long key[2]; /* yes, long */ - Principal pr; - - char exp_date[64], mod_date[64]; - - int life, kkvno, kvno; - - while(1){ - memset(&pr, 0, sizeof(pr)); - errno = 0; - if(fgets(line, sizeof(line), file) == NULL){ - if(errno != 0) - err (1, "fgets"); - break; - } - lineno++; - ret = sscanf(line, "%s %s %d %d %d %hd %lx %lx %s %s %s %s", - pr.name, pr.instance, - &life, &kkvno, &kvno, - &pr.attributes, - &key[0], &key[1], - exp_date, mod_date, - pr.mod_name, pr.mod_instance); - if(ret != 12){ - warnx("Line %d malformed (ignored)", lineno); - continue; - } - pr.key_low = ntohl (key[0]); - pr.key_high = ntohl (key[1]); - pr.max_life = life; - pr.kdc_key_ver = kkvno; - pr.key_version = kvno; - pr.exp_date = time_explode(exp_date); - pr.mod_date = time_explode(mod_date); - if (pr.instance[0] == '*') - pr.instance[0] = 0; - if (pr.mod_name[0] == '*') - pr.mod_name[0] = 0; - if (pr.mod_instance[0] == '*') - pr.mod_instance[0] = 0; - if (kerb_db_update(db, &pr, 1) != 1) { - warn ("store %s.%s aborted", - pr.name, pr.instance); - return 1; - } - } - return 0; -} - -static void -load_db (char *db_file, FILE *input_file) -{ - long *db; - int temp1; - int code; - char *temp_db_file; - - temp1 = strlen(db_file)+2; - temp_db_file = malloc (temp1); - strcpy(temp_db_file, db_file); - strcat(temp_db_file, "~"); - - /* Create the database */ - if ((code = kerb_db_create(temp_db_file)) != 0) - err (1, "creating temp database %s", temp_db_file); - kerb_db_set_name(temp_db_file); - db = kerb_db_begin_update(); - if (db == NULL) - err (1, "opening temp database %s", temp_db_file); - - if(add_file(db, input_file)) - errx (1, "Load aborted"); - - kerb_db_end_update(db); - if ((code = kerb_db_rename(temp_db_file, db_file)) != 0) - warn("database rename failed"); - fclose(input_file); - free(temp_db_file); -} - -static void -merge_db(char *db_file, FILE *input_file) -{ - void *db; - - db = kerb_db_begin_update(); - if(db == NULL) - err (1, "Couldn't open database"); - if(add_file(db, input_file)) - errx (1, "Merge aborted"); - kerb_db_end_update(db); -} - -static void -update_ok_file (char *file_name) -{ - /* handle slave locking/failure stuff */ - char *file_ok; - int fd; - static char ok[]=".dump_ok"; - - asprintf (&file_ok, "%s%s", file_name, ok); - if (file_ok == NULL) - errx (1, "out of memory"); - if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0400)) < 0) - err (1, "Error creating %s", file_ok); - free(file_ok); - close(fd); -} - -static void -convert_key_new_master (Principal *p) -{ - des_cblock key; - - /* leave null keys alone */ - if ((p->key_low == 0) && (p->key_high == 0)) return; - - /* move current key to des_cblock for encryption, special case master key - since that's changing */ - if ((strncmp (p->name, KERB_M_NAME, ANAME_SZ) == 0) && - (strncmp (p->instance, KERB_M_INST, INST_SZ) == 0)) { - memcpy (key, new_master_key, sizeof(des_cblock)); - (p->key_version)++; - } else { - copy_to_key(&p->key_low, &p->key_high, key); - kdb_encrypt_key (&key, &key, &master_key, master_key_schedule, DES_DECRYPT); - } - - kdb_encrypt_key (&key, &key, &new_master_key, new_master_key_schedule, DES_ENCRYPT); - - copy_from_key(key, &(p->key_low), &(p->key_high)); - memset(key, 0, sizeof (key)); /* a little paranoia ... */ - - (p->kdc_key_ver)++; -} - -static void -clear_secrets (void) -{ - memset(master_key, 0, sizeof (des_cblock)); - memset(master_key_schedule, 0, sizeof (des_key_schedule)); - memset(new_master_key, 0, sizeof (des_cblock)); - memset(new_master_key_schedule, 0, sizeof (des_key_schedule)); -} - -static void -convert_new_master_key (char *db_file, FILE *out) -{ -#ifdef RANDOM_MKEY - errx (1, "Sorry, this function is not available with " - "the new master key scheme."); -#else - printf ("\n\nEnter the CURRENT master key."); - if (kdb_get_master_key (KDB_GET_PROMPT, &master_key, - master_key_schedule) != 0) { - clear_secrets (); - errx (1, "Couldn't get master key."); - } - - if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) { - clear_secrets (); - exit (1); - } - - printf ("\n\nNow enter the NEW master key. Do not forget it!!"); - if (kdb_get_master_key (KDB_GET_TWICE, &new_master_key, - new_master_key_schedule) != 0) { - clear_secrets (); - errx (1, "Couldn't get new master key."); - } - - dump_db (db_file, out, convert_key_new_master); - { - char fname[128]; - snprintf(fname, sizeof(fname), "%s.new", MKEYFILE); - kdb_kstash(&new_master_key, fname); - } -#endif /* RANDOM_MKEY */ -} - -static void -convert_key_old_db (Principal *p) -{ - des_cblock key; - - /* leave null keys alone */ - if ((p->key_low == 0) && (p->key_high == 0)) return; - - copy_to_key(&p->key_low, &p->key_high, key); - -#ifndef NOENCRYPTION - des_pcbc_encrypt((des_cblock *)key,(des_cblock *)key, - (long)sizeof(des_cblock),master_key_schedule, - (des_cblock *)master_key_schedule, DES_DECRYPT); -#endif - - /* make new key, new style */ - kdb_encrypt_key (&key, &key, &master_key, master_key_schedule, DES_ENCRYPT); - - copy_from_key(key, &(p->key_low), &(p->key_high)); - memset(key, 0, sizeof (key)); /* a little paranoia ... */ -} - -static void -convert_old_format_db (char *db_file, FILE *out) -{ - des_cblock key_from_db; - Principal principal_data[1]; - int n, more; - - if (kdb_get_master_key (KDB_GET_PROMPT, &master_key, - master_key_schedule) != 0L) { - clear_secrets(); - errx (1, "Couldn't get master key."); - } - - /* can't call kdb_verify_master_key because this is an old style db */ - /* lookup the master key version */ - n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data, - 1 /* only one please */, &more); - if ((n != 1) || more) - errx (1, "verify_master_key: Kerberos error on master key lookup, %d found.\n", n); - - /* set up the master key */ - fprintf(stderr, "Current Kerberos master key version is %d.\n", - principal_data[0].kdc_key_ver); - - /* - * now use the master key to decrypt (old style) the key in the db, had better - * be the same! - */ - copy_to_key(&principal_data[0].key_low, - &principal_data[0].key_high, - key_from_db); -#ifndef NOENCRYPTION - des_pcbc_encrypt(&key_from_db,&key_from_db,(long)sizeof(key_from_db), - master_key_schedule,(des_cblock *)master_key_schedule, DES_DECRYPT); -#endif - /* the decrypted database key had better equal the master key */ - - n = memcmp(master_key, key_from_db, sizeof(master_key)); - memset(key_from_db, 0, sizeof(key_from_db)); - - if (n) { - fprintf(stderr, "\n\07\07verify_master_key: Invalid master key, "); - fprintf(stderr, "does not match database.\n"); - exit (1); - } - - fprintf(stderr, "Master key verified.\n"); - - dump_db (db_file, out, convert_key_old_db); -} - -int -main(int argc, char **argv) -{ - int ret; - FILE *file; - enum { - OP_LOAD, - OP_MERGE, - OP_DUMP, - OP_SLAVE_DUMP, - OP_NEW_MASTER, - OP_CONVERT_OLD_DB - } op; - char *file_name; - char *db_name; - - set_progname (argv[0]); - - if (argc != 3 && argc != 4) { - fprintf(stderr, "Usage: %s operation file [database name].\n", - argv[0]); - fprintf(stderr, "Operation is one of: " - "load, merge, dump, slave_dump, new_master_key, " - "convert_old_db\n"); - exit(1); - } - if (argc == 3) - db_name = DBM_FILE; - else - db_name = argv[3]; - - ret = kerb_db_set_name (db_name); - - /* this makes starting slave servers ~14.3 times easier */ - if(ret && strcmp(argv[1], "load") == 0) - ret = kerb_db_create (db_name); - - if(ret) - err (1, "Can't open database"); - - if (!strcmp(argv[1], "load")) - op = OP_LOAD; - else if (!strcmp(argv[1], "merge")) - op = OP_MERGE; - else if (!strcmp(argv[1], "dump")) - op = OP_DUMP; - else if (!strcmp(argv[1], "slave_dump")) - op = OP_SLAVE_DUMP; - else if (!strcmp(argv[1], "new_master_key")) - op = OP_NEW_MASTER; - else if (!strcmp(argv[1], "convert_old_db")) - op = OP_CONVERT_OLD_DB; - else { - warnx ("%s is an invalid operation.", argv[1]); - warnx ("Valid operations are \"load\", \"merge\", " - "\"dump\", \"slave_dump\", \"new_master_key\", " - "and \"convert_old_db\""); - return 1; - } - - file_name = argv[2]; - file = fopen(file_name, (op == OP_LOAD || op == OP_MERGE) ? "r" : "w"); - if (file == NULL) - err (1, "open %s", argv[2]); - - switch (op) { - case OP_DUMP: - if ((dump_db (db_name, file, (void (*)(Principal *)) 0) == EOF) || - (fclose(file) == EOF)) - err (1, "%s", file_name); - break; - case OP_SLAVE_DUMP: - if ((dump_db (db_name, file, (void (*)(Principal *)) 0) == EOF) || - (fclose(file) == EOF)) - err (1, "%s", file_name); - update_ok_file (file_name); - break; - case OP_LOAD: - load_db (db_name, file); - break; - case OP_MERGE: - merge_db (db_name, file); - break; - case OP_NEW_MASTER: - convert_new_master_key (db_name, file); - printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name); - break; - case OP_CONVERT_OLD_DB: - convert_old_format_db (db_name, file); - printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name); - break; - } - return 0; -} diff --git a/crypto/kerberosIV/admin/kstash.c b/crypto/kerberosIV/admin/kstash.c deleted file mode 100644 index 4595de58ef32f..0000000000000 --- a/crypto/kerberosIV/admin/kstash.c +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology - * - * For copying and distribution information, please see the file - * <mit-copyright.h>. - * - * Description. - */ - -#include "adm_locl.h" - -RCSID("$Id: kstash.c,v 1.10 1997/03/30 17:35:37 assar Exp $"); - -/* change this later, but krblib_dbm needs it for now */ - -static des_cblock master_key; -static des_key_schedule master_key_schedule; - -static void -clear_secrets(void) -{ - memset(master_key_schedule, 0, sizeof(master_key_schedule)); - memset(master_key, 0, sizeof(master_key)); -} - -int -main(int argc, char **argv) -{ - long n; - int ret = 0; - set_progname (argv[0]); - - if ((n = kerb_init())) - errx(1, "Kerberos db and cache init failed = %ld\n", n); - - if (kdb_get_master_key (KDB_GET_PROMPT, &master_key, - master_key_schedule) != 0) { - clear_secrets(); - errx(1, "Couldn't read master key."); - } - - if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) { - clear_secrets(); - return 1; - } - - ret = kdb_kstash(&master_key, MKEYFILE); - if(ret < 0) - warn("writing master key"); - else - fprintf(stderr, "Wrote master key to %s\n", MKEYFILE); - - clear_secrets(); - return ret; -} |