afs_int32
SBOZO_ListKeys(struct rx_call *acall, afs_int32 an, afs_int32 *akvno,
struct bozo_key *akey, struct bozo_keyInfo *akeyinfo)
{
struct afsconf_keys tkeys;
afs_int32 code;
struct stat tstat;
int noauth = 0;
char caller[MAXKTCNAMELEN];
rxkad_level enc_level = rxkad_clear;
if (!afsconf_SuperUser(bozo_confdir, acall, caller)) {
code = BZACCESS;
goto fail;
}
if (DoLogging)
bozo_Log("%s is executing ListKeys\n", caller);
code = afsconf_GetKeys(bozo_confdir, &tkeys);
if (code)
goto fail;
if (tkeys.nkeys <= an) {
code = BZDOM;
goto fail;
}
*akvno = tkeys.key[an].kvno;
memset(akeyinfo, 0, sizeof(struct bozo_keyInfo));
noauth = afsconf_GetNoAuthFlag(bozo_confdir);
rxkad_GetServerInfo(rx_ConnectionOf(acall), &enc_level, 0, 0, 0, 0, 0);
/*
* only return actual keys in noauth or if this is an encrypted connection
*/
if ((noauth) || (enc_level == rxkad_crypt)) {
memcpy(akey, tkeys.key[an].key, 8);
} else
memset(akey, 0, 8);
code = stat(AFSDIR_SERVER_KEY_FILEPATH, &tstat);
if (code == 0) {
akeyinfo->mod_sec = tstat.st_mtime;
}
/* This will return an error if the key is 'bad' (bad checksum, weak DES
* key, etc). But we don't care, since we can still return the other
* information about the key, so ignore the result. */
(void)ka_KeyCheckSum(tkeys.key[an].key, &akeyinfo->keyCheckSum);
fail:
if (noauth)
osi_auditU(acall, BOS_UnAuthListKeysEvent, code, AUD_END);
osi_auditU(acall, BOS_ListKeysEvent, code, AUD_END);
return code;
}
afs_int32
SBOZO_ListKeys(struct rx_call *acall, afs_int32 an, afs_int32 *akvno,
struct bozo_key *akey, struct bozo_keyInfo *akeyinfo)
{
struct afsconf_keys tkeys;
afs_int32 code;
struct stat tstat;
int noauth = 0;
char caller[MAXKTCNAMELEN];
rxkad_level enc_level = rxkad_clear;
if (!afsconf_SuperUser(bozo_confdir, acall, caller)) {
code = BZACCESS;
goto fail;
}
if (DoLogging)
bozo_Log("%s is executing ListKeys\n", caller);
code = afsconf_GetKeys(bozo_confdir, &tkeys);
if (code)
goto fail;
if (tkeys.nkeys <= an) {
code = BZDOM;
goto fail;
}
*akvno = tkeys.key[an].kvno;
memset(akeyinfo, 0, sizeof(struct bozo_keyInfo));
noauth = afsconf_GetNoAuthFlag(bozo_confdir);
rxkad_GetServerInfo(acall->conn, &enc_level, 0, 0, 0, 0, 0);
/*
* only return actual keys in noauth or if this is an encrypted connection
*/
if ((noauth) || (enc_level == rxkad_crypt)) {
memcpy(akey, tkeys.key[an].key, 8);
} else
memset(akey, 0, 8);
code = stat(AFSDIR_SERVER_KEY_FILEPATH, &tstat);
if (code == 0) {
akeyinfo->mod_sec = tstat.st_mtime;
}
ka_KeyCheckSum(tkeys.key[an].key, &akeyinfo->keyCheckSum);
/* only errors is bad key parity */
fail:
if (noauth)
osi_auditU(acall, BOS_UnAuthListKeysEvent, code, AUD_END);
osi_auditU(acall, BOS_ListKeysEvent, code, AUD_END);
return code;
}
int
main(int argc, char **argv)
{
struct afsconf_dir *tdir;
afs_int32 code;
if (argc == 1) {
printf("bos_util: usage is 'bos_util <opcode> options, e.g.\n");
printf(" bos_util add <kvno>\n");
printf(" bos_util adddes <kvno>\n");
#ifdef KERBEROS
printf(" bos_util srvtab2keyfile <kvno> <keyfile> <princ>\n");
#endif
printf(" bos_util delete <kvno>\n");
printf(" bos_util list\n");
exit(1);
}
tdir = afsconf_Open(AFSDIR_SERVER_ETC_DIR);
if (!tdir) {
printf("bos_util: can't initialize conf dir '%s'\n",
AFSDIR_SERVER_ETC_DIR);
exit(1);
}
if (strcmp(argv[1], "add") == 0) {
struct ktc_encryptionKey tkey;
int kvno;
char buf[BUFSIZ], ver[BUFSIZ];
char *tcell = NULL;
if (argc != 3) {
printf("bos_util add: usage is 'bos_util add <kvno>\n");
exit(1);
}
kvno = atoi(argv[2]);
memset(&tkey, 0, sizeof(struct ktc_encryptionKey));
/* prompt for key */
code = des_read_pw_string(buf, sizeof(buf), "input key: ", 0);
if (code || strlen(buf) == 0) {
printf("Bad key: \n");
exit(1);
}
code = des_read_pw_string(ver, sizeof(ver), "Retype input key: ", 0);
if (code || strlen(ver) == 0) {
printf("Bad key: \n");
exit(1);
}
if (strcmp(ver, buf) != 0) {
printf("\nInput key mismatch\n");
exit(1);
}
ka_StringToKey(buf, tcell, &tkey);
code = afsconf_AddKey(tdir, kvno, ktc_to_charptr(&tkey), 0);
if (code) {
printf("bos_util: failed to set key, code %d.\n", code);
exit(1);
}
} else if (strcmp(argv[1], "adddes") == 0) {
struct ktc_encryptionKey tkey;
int kvno;
afs_int32 code;
char buf[BUFSIZ], ver[BUFSIZ];
if (argc != 3) {
printf("bos_util adddes: usage is 'bos_util adddes <kvno>\n");
exit(1);
}
kvno = atoi(argv[2]);
memset(&tkey, 0, sizeof(struct ktc_encryptionKey));
/* prompt for key */
code = des_read_pw_string(buf, sizeof(buf), "input key: ", 0);
if (code || strlen(buf) == 0) {
printf("Bad key: \n");
exit(1);
}
code = des_read_pw_string(ver, sizeof(ver), "Retype input key: ", 0);
if (code || strlen(ver) == 0) {
printf("Bad key: \n");
exit(1);
}
if (strcmp(ver, buf) != 0) {
printf("\nInput key mismatch\n");
exit(1);
}
des_string_to_key(buf, ktc_to_cblockptr(&tkey));
code = afsconf_AddKey(tdir, kvno, ktc_to_charptr(&tkey), 0);
if (code) {
printf("bos_util: failed to set key, code %d.\n", code);
exit(1);
}
}
#ifdef KERBEROS
else if (strcmp(argv[1], "srvtab2keyfile") == 0) {
char tkey[8], name[255], inst[255], realm[255];
int kvno;
if (argc != 5) {
printf
("bos_util add: usage is 'bos_util srvtab2keyfile <kvno> <keyfile> <princ>\n");
exit(1);
}
kvno = atoi(argv[2]);
bzero(tkey, sizeof(tkey));
code = kname_parse(name, inst, realm, argv[4]);
if (code != 0) {
printf("Invalid kerberos name\n");
exit(1);
}
code = read_service_key(name, inst, realm, kvno, argv[3], tkey);
if (code != 0) {
printf("Can't find key in %s\n", argv[3]);
exit(1);
}
code = afsconf_AddKey(tdir, kvno, tkey, 0);
if (code) {
printf("bos_util: failed to set key, code %d.\n", code);
exit(1);
}
}
#endif
else if (strcmp(argv[1], "delete") == 0) {
long kvno;
if (argc != 3) {
printf("bos_util delete: usage is 'bos_util delete <kvno>\n");
exit(1);
}
kvno = atoi(argv[2]);
code = afsconf_DeleteKey(tdir, kvno);
if (code) {
printf("bos_util: failed to delete key %ld, (code %d)\n", kvno,
code);
exit(1);
}
} else if (strcmp(argv[1], "list") == 0) {
struct afsconf_keys tkeys;
int i;
unsigned char tbuffer[9];
code = afsconf_GetKeys(tdir, &tkeys);
if (code) {
printf("bos_util: failed to get keys, code %d\n", code);
exit(1);
}
for (i = 0; i < tkeys.nkeys; i++) {
if (tkeys.key[i].kvno != -1) {
int count;
unsigned char x[8];
memcpy(tbuffer, tkeys.key[i].key, 8);
tbuffer[8] = 0;
printf("kvno %4d: key is '%s' '", tkeys.key[i].kvno, tbuffer);
strcpy((char *)x, (char *)tbuffer);
for (count = 0; count < 8; count++)
printf("\\%03o", x[count]);
printf("'\n");
}
}
printf("All done.\n");
} else {
printf
("bos_util: unknown operation '%s', type 'bos_util' for assistance\n",
argv[1]);
exit(1);
}
exit(0);
}
int
main(int argc, char *argv[])
{
struct afsconf_dir *tdir;
long code;
const char *confdir;
if (argc == 1) {
fprintf(stderr, "%s: usage is '%s <opcode> options, e.g.\n",
argv[0], argv[0]);
fprintf(stderr, "\t%s add <kvno> <keyfile> <princ>\n", argv[0]);
fprintf(stderr, "\tOR\n\t%s add <kvno> <key>\n", argv[0]);
fprintf(stderr, "\t\tEx: %s add 0 \"80b6a7cd7a9dadb6\"\n", argv[0]);
fprintf(stderr, "\t%s delete <kvno>\n", argv[0]);
fprintf(stderr, "\t%s list\n", argv[0]);
exit(1);
}
confdir = AFSDIR_SERVER_ETC_DIRPATH;
tdir = afsconf_Open(confdir);
if (!tdir) {
fprintf(stderr, "%s: can't initialize conf dir '%s'\n", argv[0],
confdir);
exit(1);
}
if (strcmp(argv[1], "add")==0) {
krb5_context context;
krb5_principal principal;
krb5_keyblock *key;
krb5_error_code retval;
int kvno, keymode = 0;
if (argc != 5) {
if (argc == 4)
keymode = 1;
else {
fprintf(stderr, "%s add: usage is '%s add <kvno> <keyfile> "
"<princ>\n", argv[0], argv[0]);
fprintf(stderr, "\tOR\n\t%s add <kvno> <key>\n", argv[0]);
fprintf(stderr, "\t\tEx: %s add 0 \"80b6a7cd7a9dadb6\"\n", argv[0]);
exit(1);
}
}
kvno = atoi(argv[2]);
if (keymode) {
char tkey[8];
int i;
char *cp;
if (strlen(argv[3]) != 16) {
printf("key %s is not in right format\n", argv[3]);
printf(" <key> should be an 8byte hex representation \n");
printf(" Ex: setkey add 0 \"80b6a7cd7a9dadb6\"\n");
exit(1);
}
memset(tkey, 0, sizeof(tkey));
for (i = 7, cp = argv[3] + 15; i >= 0; i--, cp -= 2)
tkey[i] = char2hex(*cp) + char2hex(*(cp - 1)) * 16;
code = afsconf_AddKey(tdir, kvno, tkey, 1);
} else {
krb5_init_context(&context);
retval = krb5_parse_name(context, argv[4], &principal);
if (retval != 0) {
afs_com_err(argv[0], retval, "while parsing AFS principal");
exit(1);
}
retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
ENCTYPE_DES_CBC_CRC, &key);
if (retval == KRB5_KT_NOTFOUND)
retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
ENCTYPE_DES_CBC_MD5, &key);
if (retval == KRB5_KT_NOTFOUND)
retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
ENCTYPE_DES_CBC_MD4, &key);
if (retval == KRB5_KT_NOTFOUND) {
char * princname = NULL;
krb5_unparse_name(context, principal, &princname);
afs_com_err(argv[0], retval,
"for keytab entry with Principal %s, kvno %u, DES-CBC-CRC/MD5/MD4",
princname ? princname : argv[4],
kvno);
exit(1);
} else if (retval != 0) {
afs_com_err(argv[0], retval, "while extracting AFS service key");
exit(1);
}
#ifdef USING_HEIMDAL
#define deref_key_length(key) \
key->keyvalue.length
#define deref_key_contents(key) \
key->keyvalue.data
#else
#define deref_key_length(key) \
key->length
#define deref_key_contents(key) \
key->contents
#endif
if (deref_key_length(key) != 8) {
fprintf(stderr, "Key length should be 8, but is really %u!\n",
(unsigned int)deref_key_length(key));
exit(1);
}
code = afsconf_AddKey(tdir, kvno, (char *) deref_key_contents(key), 1);
}
if (code) {
fprintf(stderr, "%s: failed to set key, code %ld.\n", argv[0], code);
exit(1);
}
if (keymode == 0) {
krb5_free_principal(context, principal);
krb5_free_keyblock(context, key);
}
}
else if (strcmp(argv[1], "delete")==0) {
long kvno;
if (argc != 3) {
fprintf(stderr, "%s delete: usage is '%s delete <kvno>\n",
argv[0], argv[0]);
exit(1);
}
kvno = atoi(argv[2]);
code = afsconf_DeleteKey(tdir, kvno);
if (code) {
fprintf(stderr, "%s: failed to delete key %ld, (code %ld)\n",
argv[0], kvno, code);
exit(1);
}
}
else if (strcmp(argv[1], "list") == 0) {
struct afsconf_keys tkeys;
int i, j;
code = afsconf_GetKeys(tdir, &tkeys);
if (code) {
fprintf(stderr, "%s: failed to get keys, code %ld\n", argv[0], code);
exit(1);
}
for(i=0;i<tkeys.nkeys;i++) {
if (tkeys.key[i].kvno != -1) {
printf("kvno %4d: key is: ", tkeys.key[i].kvno);
for (j = 0; j < 8; j++)
printf("%02x", (unsigned char) tkeys.key[i].key[j]);
printf("\n");
}
}
printf("All done.\n");
}
else {
fprintf(stderr, "%s: unknown operation '%s', type '%s' for "
"assistance\n", argv[0], argv[1], argv[0]);
exit(1);
}
exit(0);
}
int
main(int argc, char **argv)
{
struct afsconf_dir *tdir;
afs_int32 code;
int i;
char *cp;
if (argc == 1) {
printf("setkey: usage is 'setkey <opcode> options, e.g.\n");
printf(" setkey add <kvno> <key>\n");
printf(" note: <key> should be an 8byte hex representation \n");
printf(" Ex: setkey add 0 \"80b6a7cd7a9dadb6\"\n");
printf(" setkey delete <kvno>\n");
printf(" setkey list\n");
exit(1);
}
tdir = afsconf_Open(AFSDIR_SERVER_ETC_DIRPATH);
if (!tdir) {
printf("setkey: can't initialize conf dir '%s'\n",
AFSDIR_SERVER_ETC_DIRPATH);
exit(1);
}
if (strcmp(argv[1], "add") == 0) {
char tkey[8];
if (argc != 4) {
printf("setkey add: usage is 'setkey add <kvno> <key>\n");
exit(1);
}
if (strlen(argv[3]) != 16) {
printf("key %s is not in right format\n", argv[3]);
printf(" <key> should be an 8byte hex representation \n");
printf(" Ex: setkey add 0 \"80b6a7cd7a9dadb6\"\n");
exit(1);
}
memset(tkey, 0, sizeof(tkey));
for (i = 7, cp = argv[3] + 15; i >= 0; i--, cp -= 2)
tkey[i] = char2hex(*cp) + char2hex(*(cp - 1)) * 16;
code = afsconf_AddKey(tdir, atoi(argv[2]), tkey, 1);
if (code) {
printf("setkey: failed to set key, code %d.\n", (int)code);
exit(1);
}
} else if (strcmp(argv[1], "delete") == 0) {
afs_int32 kvno;
if (argc != 3) {
printf("setkey delete: usage is 'setkey delete <kvno>\n");
exit(1);
}
kvno = atoi(argv[2]);
code = afsconf_DeleteKey(tdir, kvno);
if (code) {
printf("setkey: failed to delete key %d, (code %d)\n", (int)kvno,
(int)code);
exit(1);
}
} else if (strcmp(argv[1], "list") == 0) {
struct afsconf_keys tkeys;
int i;
char tbuffer[9];
code = afsconf_GetKeys(tdir, &tkeys);
if (code) {
printf("setkey: failed to get keys, code %d\n", (int)code);
exit(1);
}
for (i = 0; i < tkeys.nkeys; i++) {
if (tkeys.key[i].kvno != -1) {
char hexbuf[17];
unsigned char c;
int j;
memcpy(tbuffer, tkeys.key[i].key, 8);
tbuffer[8] = 0;
for (j = 0; j < 8; j++) {
c = tbuffer[j];
hexbuf[j * 2] = hex2char(c / 16);
hexbuf[j * 2 + 1] = hex2char(c % 16);
}
hexbuf[16] = '\0';
printf("kvno %4d: key is '%s' (0x%s)\n",
(int)tkeys.key[i].kvno, tbuffer, hexbuf);
}
}
printf("All done.\n");
} else {
printf
("setkey: unknown operation '%s', type 'setkey' for assistance\n",
argv[1]);
exit(1);
}
exit(0);
}
