summaryrefslogtreecommitdiff
path: root/eBones/kdb/krb_kdb_utils.c
diff options
context:
space:
mode:
Diffstat (limited to 'eBones/kdb/krb_kdb_utils.c')
-rw-r--r--eBones/kdb/krb_kdb_utils.c141
1 files changed, 0 insertions, 141 deletions
diff --git a/eBones/kdb/krb_kdb_utils.c b/eBones/kdb/krb_kdb_utils.c
deleted file mode 100644
index c283e0f7aa8d..000000000000
--- a/eBones/kdb/krb_kdb_utils.c
+++ /dev/null
@@ -1,141 +0,0 @@
-/*
- * Copyright 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * Utility routines for Kerberos programs which directly access
- * the database. This code was duplicated in too many places
- * before I gathered it here.
- *
- * Jon Rochlis, MIT Telecom, March 1988
- *
- * from: krb_kdb_utils.c,v 4.1 89/07/26 11:01:12 jtkohl Exp $
- * $Id: krb_kdb_utils.c,v 1.1.1.1 1994/09/30 14:49:55 csgr Exp $
- */
-
-#ifndef lint
-static char rcsid[] =
-"$Id: krb_kdb_utils.c,v 1.1.1.1 1994/09/30 14:49:55 csgr Exp $";
-#endif lint
-
-#include <des.h>
-#include <krb.h>
-#include <krb_db.h>
-#include <kdc.h>
-#include <stdio.h>
-#include <sys/file.h>
-
-long kdb_get_master_key(prompt, master_key, master_key_sched)
- int prompt;
- C_Block master_key;
- Key_schedule master_key_sched;
-{
- int kfile;
-
- if (prompt) {
-#ifdef NOENCRYPTION
- placebo_read_password(master_key,
- "\nEnter Kerberos master key: ", 0);
-#else
- des_read_password(master_key,
- "\nEnter Kerberos master key: ", 0);
-#endif
- printf ("\n");
- }
- else {
- kfile = open(MKEYFILE, O_RDONLY, 0600);
- if (kfile < 0) {
- /* oh, for com_err_ */
- return (-1);
- }
- if (read(kfile, (char *) master_key, 8) != 8) {
- return (-1);
- }
- close(kfile);
- }
-
-#ifndef NOENCRYPTION
- key_sched(master_key,master_key_sched);
-#endif
- return (0);
-}
-
-/* The caller is reasponsible for cleaning up the master key and sched,
- even if we can't verify the master key */
-
-/* Returns master key version if successful, otherwise -1 */
-
-long kdb_verify_master_key (master_key, master_key_sched, out)
- C_Block master_key;
- Key_schedule master_key_sched;
- FILE *out; /* setting this to non-null be do output */
-{
- C_Block key_from_db;
- Principal principal_data[1];
- int n, more = 0;
- long master_key_version;
-
- /* lookup the master key version */
- n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data,
- 1 /* only one please */, &more);
- if ((n != 1) || more) {
- if (out != (FILE *) NULL)
- fprintf(out,
- "verify_master_key: %s, %d found.\n",
- "Kerberos error on master key version lookup",
- n);
- return (-1);
- }
-
- master_key_version = (long) principal_data[0].key_version;
-
- /* set up the master key */
- if (out != (FILE *) NULL) /* should we punt this? */
- fprintf(out, "Current Kerberos master key version is %d.\n",
- principal_data[0].kdc_key_ver);
-
- /*
- * now use the master key to decrypt the key in the db, had better
- * be the same!
- */
- bcopy(&principal_data[0].key_low, key_from_db, 4);
- bcopy(&principal_data[0].key_high, ((long *) key_from_db) + 1, 4);
- kdb_encrypt_key (key_from_db, key_from_db,
- master_key, master_key_sched, DECRYPT);
-
- /* the decrypted database key had better equal the master key */
- n = bcmp((char *) master_key, (char *) key_from_db,
- sizeof(master_key));
- /* this used to zero the master key here! */
- bzero(key_from_db, sizeof(key_from_db));
- bzero(principal_data, sizeof (principal_data));
-
- if (n && (out != (FILE *) NULL)) {
- fprintf(out, "\n\07\07verify_master_key: Invalid master key; ");
- fprintf(out, "does not match database.\n");
- return (-1);
- }
- if (out != (FILE *) NULL) {
- fprintf(out, "\nMaster key entered. BEWARE!\07\07\n");
- fflush(out);
- }
-
- return (master_key_version);
-}
-
-/* The old algorithm used the key schedule as the initial vector which
- was byte order depedent ... */
-
-kdb_encrypt_key (in, out, master_key, master_key_sched, e_d_flag)
- C_Block in, out, master_key;
- Key_schedule master_key_sched;
- int e_d_flag;
-{
-
-#ifdef NOENCRYPTION
- bcopy(in, out, sizeof(C_Block));
-#else
- pcbc_encrypt(in,out,(long)sizeof(C_Block),master_key_sched,master_key,
- e_d_flag);
-#endif
-}
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-23 11:18:45 +0000