int dump(struct dump_options *opt, int argc, char **argv) { krb5_error_code ret; FILE *f; struct hdb_print_entry_arg parg; HDB *db = NULL; if (!local_flag) { krb5_warnx(context, "dump is only available in local (-l) mode"); return 0; } db = _kadm5_s_get_db(kadm_handle); if (argc == 0) f = stdout; else f = fopen(argv[0], "w"); if (f == NULL) { krb5_warn(context, errno, "open: %s", argv[0]); goto out; } ret = db->hdb_open(context, db, O_RDONLY, 0600); if (ret) { krb5_warn(context, ret, "hdb_open"); goto out; } if (!opt->format_string || strcmp(opt->format_string, "Heimdal") == 0) { parg.fmt = HDB_DUMP_HEIMDAL; } else if (opt->format_string && strcmp(opt->format_string, "MIT") == 0) { parg.fmt = HDB_DUMP_MIT; fprintf(f, "kdb5_util load_dump version 5\n"); /* 5||6, either way */ } else { krb5_errx(context, 1, "Supported dump formats: Heimdal and MIT"); } parg.out = f; hdb_foreach(context, db, opt->decrypt_flag ? HDB_F_DECRYPT : 0, hdb_print_entry, &parg); db->hdb_close(context, db); out: if(f && f != stdout) fclose(f); return 0; }
int dump(struct dump_options *opt, int argc, char **argv) { krb5_error_code ret; FILE *f; HDB *db = NULL; if(!local_flag) { krb5_warnx(context, "dump is only available in local (-l) mode"); return 0; } db = _kadm5_s_get_db(kadm_handle); if(argc == 0) f = stdout; else f = fopen(argv[0], "w"); if(f == NULL) { krb5_warn(context, errno, "open: %s", argv[0]); goto out; } ret = db->hdb_open(context, db, O_RDONLY, 0600); if(ret) { krb5_warn(context, ret, "hdb_open"); goto out; } hdb_foreach(context, db, opt->decrypt_flag ? HDB_F_DECRYPT : 0, hdb_print_entry, f); db->hdb_close(context, db); out: if(f && f != stdout) fclose(f); return 0; }
int init(struct init_options *opt, int argc, char **argv) { kadm5_ret_t ret; int i; HDB *db; krb5_deltat max_life = 0, max_rlife = 0; if (!local_flag) { krb5_warnx(context, "init is only available in local (-l) mode"); return 0; } if (opt->realm_max_ticket_life_string) { if (str2deltat (opt->realm_max_ticket_life_string, &max_life) != 0) { krb5_warnx (context, "unable to parse \"%s\"", opt->realm_max_ticket_life_string); return 0; } } if (opt->realm_max_renewable_life_string) { if (str2deltat (opt->realm_max_renewable_life_string, &max_rlife) != 0) { krb5_warnx (context, "unable to parse \"%s\"", opt->realm_max_renewable_life_string); return 0; } } db = _kadm5_s_get_db(kadm_handle); ret = db->hdb_open(context, db, O_RDWR | O_CREAT, 0600); if(ret){ krb5_warn(context, ret, "hdb_open"); return 0; } db->hdb_close(context, db); for(i = 0; i < argc; i++){ krb5_principal princ; const char *realm = argv[i]; if (opt->realm_max_ticket_life_string == NULL) { max_life = 0; if(edit_deltat ("Realm max ticket life", &max_life, NULL, 0)) { return 0; } } if (opt->realm_max_renewable_life_string == NULL) { max_rlife = 0; if(edit_deltat("Realm max renewable ticket life", &max_rlife, NULL, 0)) { return 0; } } /* Create `krbtgt/REALM' */ ret = krb5_make_principal(context, &princ, realm, KRB5_TGS_NAME, realm, NULL); if(ret) return 0; create_random_entry(princ, max_life, max_rlife, 0); krb5_free_principal(context, princ); if (opt->bare_flag) continue; /* Create `kadmin/changepw' */ krb5_make_principal(context, &princ, realm, "kadmin", "changepw", NULL); /* * The Windows XP (at least) password changing protocol * request the `kadmin/changepw' ticket with `renewable_ok, * renewable, forwardable' and so fails if we disallow * forwardable here. */ create_random_entry(princ, 5*60, 5*60, KRB5_KDB_DISALLOW_TGT_BASED| KRB5_KDB_PWCHANGE_SERVICE| KRB5_KDB_DISALLOW_POSTDATED| KRB5_KDB_DISALLOW_RENEWABLE| KRB5_KDB_DISALLOW_PROXIABLE| KRB5_KDB_REQUIRES_PRE_AUTH); krb5_free_principal(context, princ); /* Create `kadmin/admin' */ krb5_make_principal(context, &princ, realm, "kadmin", "admin", NULL); create_random_entry(princ, 60*60, 60*60, KRB5_KDB_REQUIRES_PRE_AUTH); krb5_free_principal(context, princ); /* Create `changepw/kerberos' (for v4 compat) */ krb5_make_principal(context, &princ, realm, "changepw", "kerberos", NULL); create_random_entry(princ, 60*60, 60*60, KRB5_KDB_DISALLOW_TGT_BASED| KRB5_KDB_PWCHANGE_SERVICE); krb5_free_principal(context, princ); /* Create `kadmin/hprop' for database propagation */ krb5_make_principal(context, &princ, realm, "kadmin", "hprop", NULL); create_random_entry(princ, 60*60, 60*60, KRB5_KDB_REQUIRES_PRE_AUTH| KRB5_KDB_DISALLOW_TGT_BASED); krb5_free_principal(context, princ); /* Create `WELLKNOWN/ANONYMOUS' for anonymous as-req */ krb5_make_principal(context, &princ, realm, KRB5_WELLKNOWN_NAME, KRB5_ANON_NAME, NULL); create_random_entry(princ, 60*60, 60*60, KRB5_KDB_REQUIRES_PRE_AUTH); krb5_free_principal(context, princ); /* Create `default' */ { kadm5_principal_ent_rec ent; int mask = 0; memset (&ent, 0, sizeof(ent)); mask |= KADM5_PRINCIPAL; krb5_make_principal(context, &ent.principal, realm, "default", NULL); mask |= KADM5_MAX_LIFE; ent.max_life = 24 * 60 * 60; mask |= KADM5_MAX_RLIFE; ent.max_renewable_life = 7 * ent.max_life; ent.attributes = KRB5_KDB_DISALLOW_ALL_TIX; mask |= KADM5_ATTRIBUTES; ret = kadm5_create_principal(kadm_handle, &ent, mask, ""); if (ret) krb5_err (context, 1, ret, "kadm5_create_principal"); krb5_free_principal(context, ent.principal); } } return 0; }
static int doit(const char *filename, int mergep) { krb5_error_code ret; FILE *f; char s[8192]; /* XXX should fix this properly */ char *p; int line; int flags = O_RDWR; struct entry e; hdb_entry_ex ent; HDB *db = _kadm5_s_get_db(kadm_handle); f = fopen(filename, "r"); if(f == NULL){ krb5_warn(context, errno, "fopen(%s)", filename); return 1; } ret = kadm5_log_truncate (kadm_handle); if (ret) { fclose (f); krb5_warn(context, ret, "kadm5_log_truncate"); return 1; } if(!mergep) flags |= O_CREAT | O_TRUNC; ret = db->hdb_open(context, db, flags, 0600); if(ret){ krb5_warn(context, ret, "hdb_open"); fclose(f); return 1; } line = 0; ret = 0; while(fgets(s, sizeof(s), f) != NULL) { ret = 0; line++; p = s; while (isspace((unsigned char)*p)) p++; e.principal = p; for(p = s; *p; p++){ if(*p == '\\') p++; else if(isspace((unsigned char)*p)) { *p = 0; break; } } p = skip_next(p); e.key = p; p = skip_next(p); e.created = p; p = skip_next(p); e.modified = p; p = skip_next(p); e.valid_start = p; p = skip_next(p); e.valid_end = p; p = skip_next(p); e.pw_end = p; p = skip_next(p); e.max_life = p; p = skip_next(p); e.max_renew = p; p = skip_next(p); e.flags = p; p = skip_next(p); e.generation = p; p = skip_next(p); e.extensions = p; p = skip_next(p); memset(&ent, 0, sizeof(ent)); ret = krb5_parse_name(context, e.principal, &ent.entry.principal); if(ret) { fprintf(stderr, "%s:%d:%s (%s)\n", filename, line, krb5_get_err_text(context, ret), e.principal); continue; } if (parse_keys(&ent.entry, e.key)) { fprintf (stderr, "%s:%d:error parsing keys (%s)\n", filename, line, e.key); hdb_free_entry (context, &ent); continue; } if (parse_event(&ent.entry.created_by, e.created) == -1) { fprintf (stderr, "%s:%d:error parsing created event (%s)\n", filename, line, e.created); hdb_free_entry (context, &ent); continue; } if (parse_event_alloc (&ent.entry.modified_by, e.modified) == -1) { fprintf (stderr, "%s:%d:error parsing event (%s)\n", filename, line, e.modified); hdb_free_entry (context, &ent); continue; } if (parse_time_string_alloc (&ent.entry.valid_start, e.valid_start) == -1) { fprintf (stderr, "%s:%d:error parsing time (%s)\n", filename, line, e.valid_start); hdb_free_entry (context, &ent); continue; } if (parse_time_string_alloc (&ent.entry.valid_end, e.valid_end) == -1) { fprintf (stderr, "%s:%d:error parsing time (%s)\n", filename, line, e.valid_end); hdb_free_entry (context, &ent); continue; } if (parse_time_string_alloc (&ent.entry.pw_end, e.pw_end) == -1) { fprintf (stderr, "%s:%d:error parsing time (%s)\n", filename, line, e.pw_end); hdb_free_entry (context, &ent); continue; } if (parse_integer_alloc (&ent.entry.max_life, e.max_life) == -1) { fprintf (stderr, "%s:%d:error parsing lifetime (%s)\n", filename, line, e.max_life); hdb_free_entry (context, &ent); continue; } if (parse_integer_alloc (&ent.entry.max_renew, e.max_renew) == -1) { fprintf (stderr, "%s:%d:error parsing lifetime (%s)\n", filename, line, e.max_renew); hdb_free_entry (context, &ent); continue; } if (parse_hdbflags2int (&ent.entry.flags, e.flags) != 1) { fprintf (stderr, "%s:%d:error parsing flags (%s)\n", filename, line, e.flags); hdb_free_entry (context, &ent); continue; } if(parse_generation(e.generation, &ent.entry.generation) == -1) { fprintf (stderr, "%s:%d:error parsing generation (%s)\n", filename, line, e.generation); hdb_free_entry (context, &ent); continue; } if(parse_extensions(e.extensions, &ent.entry.extensions) == -1) { fprintf (stderr, "%s:%d:error parsing extension (%s)\n", filename, line, e.extensions); hdb_free_entry (context, &ent); continue; } ret = db->hdb_store(context, db, HDB_F_REPLACE, &ent); hdb_free_entry (context, &ent); if (ret) { krb5_warn(context, ret, "db_store"); break; } } db->hdb_close(context, db); fclose(f); return ret != 0; }
static int send_complete (krb5_context context, slave *s, const char *database, u_int32_t current_version) { krb5_error_code ret; krb5_storage *sp; HDB *db; krb5_data data; char buf[8]; ret = hdb_create (context, &db, database); if (ret) krb5_err (context, 1, ret, "hdb_create: %s", database); ret = db->hdb_open (context, db, O_RDONLY, 0); if (ret) krb5_err (context, 1, ret, "db->open"); sp = krb5_storage_from_mem (buf, 4); if (sp == NULL) krb5_errx (context, 1, "krb5_storage_from_mem"); krb5_store_int32 (sp, TELL_YOU_EVERYTHING); krb5_storage_free (sp); data.data = buf; data.length = 4; ret = krb5_write_priv_message(context, s->ac, &s->fd, &data); if (ret) { krb5_warn (context, ret, "krb5_write_priv_message"); slave_dead(s); return ret; } ret = hdb_foreach (context, db, 0, prop_one, s); if (ret) { krb5_warn (context, ret, "hdb_foreach"); slave_dead(s); return ret; } (*db->hdb_close)(context, db); (*db->hdb_destroy)(context, db); sp = krb5_storage_from_mem (buf, 8); if (sp == NULL) krb5_errx (context, 1, "krb5_storage_from_mem"); krb5_store_int32 (sp, NOW_YOU_HAVE); krb5_store_int32 (sp, current_version); krb5_storage_free (sp); data.length = 8; s->version = current_version; ret = krb5_write_priv_message(context, s->ac, &s->fd, &data); if (ret) { slave_dead(s); krb5_warn (context, ret, "krb5_write_priv_message"); return ret; } slave_seen(s); return 0; }
int main(int argc, char **argv) { krb5_error_code ret; krb5_context context; krb5_auth_context ac = NULL; krb5_principal c1, c2; krb5_authenticator authent; krb5_keytab keytab; krb5_socket_t sock = rk_INVALID_SOCKET; HDB *db = NULL; int optidx = 0; char *tmp_db; krb5_log_facility *fac; int nprincs; setprogname(argv[0]); ret = krb5_init_context(&context); if(ret) exit(1); ret = krb5_openlog(context, "hpropd", &fac); if(ret) errx(1, "krb5_openlog"); krb5_set_warn_dest(context, fac); if(getarg(args, num_args, argc, argv, &optidx)) usage(1); if(local_realm != NULL) krb5_set_default_realm(context, local_realm); if(help_flag) usage(0); if(version_flag) { print_version(NULL); exit(0); } argc -= optidx; argv += optidx; if (argc != 0) usage(1); if (database == NULL) database = hdb_default_db(context); if(from_stdin) { sock = STDIN_FILENO; } else { struct sockaddr_storage ss; struct sockaddr *sa = (struct sockaddr *)&ss; socklen_t sin_len = sizeof(ss); char addr_name[256]; krb5_ticket *ticket; char *server; sock = STDIN_FILENO; #ifdef SUPPORT_INETD if (inetd_flag == -1) { if (getpeername (sock, sa, &sin_len) < 0) { inetd_flag = 0; } else { inetd_flag = 1; } } #else inetd_flag = 0; #endif if (!inetd_flag) { mini_inetd (krb5_getportbyname (context, "hprop", "tcp", HPROP_PORT), &sock); } sin_len = sizeof(ss); if(getpeername(sock, sa, &sin_len) < 0) krb5_err(context, 1, errno, "getpeername"); if (inet_ntop(sa->sa_family, socket_get_address (sa), addr_name, sizeof(addr_name)) == NULL) strlcpy (addr_name, "unknown address", sizeof(addr_name)); krb5_log(context, fac, 0, "Connection from %s", addr_name); ret = krb5_kt_register(context, &hdb_kt_ops); if(ret) krb5_err(context, 1, ret, "krb5_kt_register"); if (ktname != NULL) { ret = krb5_kt_resolve(context, ktname, &keytab); if (ret) krb5_err (context, 1, ret, "krb5_kt_resolve %s", ktname); } else { ret = krb5_kt_default (context, &keytab); if (ret) krb5_err (context, 1, ret, "krb5_kt_default"); } ret = krb5_recvauth(context, &ac, &sock, HPROP_VERSION, NULL, 0, keytab, &ticket); if(ret) krb5_err(context, 1, ret, "krb5_recvauth"); ret = krb5_unparse_name(context, ticket->server, &server); if (ret) krb5_err(context, 1, ret, "krb5_unparse_name"); if (strncmp(server, "hprop/", 5) != 0) krb5_errx(context, 1, "ticket not for hprop (%s)", server); free(server); krb5_free_ticket (context, ticket); ret = krb5_auth_con_getauthenticator(context, ac, &authent); if(ret) krb5_err(context, 1, ret, "krb5_auth_con_getauthenticator"); ret = krb5_make_principal(context, &c1, NULL, "kadmin", "hprop", NULL); if(ret) krb5_err(context, 1, ret, "krb5_make_principal"); _krb5_principalname2krb5_principal(context, &c2, authent->cname, authent->crealm); if(!krb5_principal_compare(context, c1, c2)) { char *s; ret = krb5_unparse_name(context, c2, &s); if (ret) s = unparseable_name; krb5_errx(context, 1, "Unauthorized connection from %s", s); } krb5_free_principal(context, c1); krb5_free_principal(context, c2); ret = krb5_kt_close(context, keytab); if(ret) krb5_err(context, 1, ret, "krb5_kt_close"); } if(!print_dump) { asprintf(&tmp_db, "%s~", database); ret = hdb_create(context, &db, tmp_db); if(ret) krb5_err(context, 1, ret, "hdb_create(%s)", tmp_db); ret = db->hdb_open(context, db, O_RDWR | O_CREAT | O_TRUNC, 0600); if(ret) krb5_err(context, 1, ret, "hdb_open(%s)", tmp_db); } nprincs = 0; while(1){ krb5_data data; hdb_entry_ex entry; if(from_stdin) { ret = krb5_read_message(context, &sock, &data); if(ret != 0 && ret != HEIM_ERR_EOF) krb5_err(context, 1, ret, "krb5_read_message"); } else { ret = krb5_read_priv_message(context, ac, &sock, &data); if(ret) krb5_err(context, 1, ret, "krb5_read_priv_message"); } if(ret == HEIM_ERR_EOF || data.length == 0) { if(!from_stdin) { data.data = NULL; data.length = 0; krb5_write_priv_message(context, ac, &sock, &data); } if(!print_dump) { ret = db->hdb_close(context, db); if(ret) krb5_err(context, 1, ret, "db_close"); ret = db->hdb_rename(context, db, database); if(ret) krb5_err(context, 1, ret, "db_rename"); } break; } memset(&entry, 0, sizeof(entry)); ret = hdb_value2entry(context, &data, &entry.entry); krb5_data_free(&data); if(ret) krb5_err(context, 1, ret, "hdb_value2entry"); if(print_dump) hdb_print_entry(context, db, &entry, stdout); else { ret = db->hdb_store(context, db, 0, &entry); if(ret == HDB_ERR_EXISTS) { char *s; ret = krb5_unparse_name(context, entry.entry.principal, &s); if (ret) s = strdup(unparseable_name); krb5_warnx(context, "Entry exists: %s", s); free(s); } else if(ret) krb5_err(context, 1, ret, "db_store"); else nprincs++; } hdb_free_entry(context, &entry); } if (!print_dump) krb5_log(context, fac, 0, "Received %d principals", nprincs); if (inetd_flag == 0) rk_closesocket(sock); exit(0); }
static int write_dump (krb5_context context, krb5_storage *dump, const char *database, uint32_t current_version) { krb5_error_code ret; krb5_storage *sp; HDB *db; krb5_data data; char buf[8]; /* we assume that the caller has obtained an exclusive lock */ ret = krb5_storage_truncate(dump, 0); if (ret) return ret; if (krb5_storage_seek(dump, 0, SEEK_SET) != 0) return errno; /* * First we store zero as the HDB version, this will indicate to a * later reader that the dumpfile is invalid. We later write the * correct version in the file after we have written all of the * messages. A dump with a zero version will not be considered * to be valid. */ ret = krb5_store_uint32(dump, 0); ret = hdb_create (context, &db, database); if (ret) krb5_err (context, IPROPD_RESTART, ret, "hdb_create: %s", database); ret = db->hdb_open (context, db, O_RDONLY, 0); if (ret) krb5_err (context, IPROPD_RESTART, ret, "db->open"); sp = krb5_storage_from_mem (buf, 4); if (sp == NULL) krb5_errx (context, IPROPD_RESTART, "krb5_storage_from_mem"); krb5_store_uint32 (sp, TELL_YOU_EVERYTHING); krb5_storage_free (sp); data.data = buf; data.length = 4; ret = krb5_store_data(dump, data); if (ret) { krb5_warn (context, ret, "write_dump"); return ret; } ret = hdb_foreach (context, db, HDB_F_ADMIN_DATA, dump_one, dump); if (ret) { krb5_warn (context, ret, "write_dump: hdb_foreach"); return ret; } (*db->hdb_close)(context, db); (*db->hdb_destroy)(context, db); sp = krb5_storage_from_mem (buf, 8); if (sp == NULL) krb5_errx (context, IPROPD_RESTART, "krb5_storage_from_mem"); ret = krb5_store_uint32(sp, NOW_YOU_HAVE); if (ret == 0) krb5_store_uint32(sp, current_version); krb5_storage_free (sp); data.length = 8; if (ret == 0) ret = krb5_store_data(dump, data); /* * We must ensure that the entire valid dump is written to disk * before we write the current version at the front thus making * it a valid dump file. If we crash around here, this can be * important upon reboot. */ if (ret == 0) ret = krb5_storage_fsync(dump); if (ret == 0 && krb5_storage_seek(dump, 0, SEEK_SET) == -1) ret = errno; /* Write current version at the front making the dump valid */ if (ret == 0) ret = krb5_store_uint32(dump, current_version); /* * We don't need to fsync(2) after the real version is written as * it is not a disaster if it doesn't make it to disk if we crash. * After all, we'll just create a new dumpfile. */ if (ret == 0) krb5_warnx(context, "wrote new dumpfile (version %u)", current_version); else krb5_warn(context, ret, "failed to write new dumpfile (version %u)", current_version); return ret; }
static krb5_error_code receive_everything (krb5_context context, int fd, kadm5_server_context *server_context, krb5_auth_context auth_context) { int ret; krb5_data data; int32_t vno = 0; int32_t opcode; krb5_storage *sp; char *dbname; HDB *mydb; krb5_warnx(context, "receive complete database"); asprintf(&dbname, "%s-NEW", server_context->db->hdb_name); ret = hdb_create(context, &mydb, dbname); if(ret) krb5_err(context,1, ret, "hdb_create"); free(dbname); ret = hdb_set_master_keyfile (context, mydb, server_context->config.stash_file); if(ret) krb5_err(context,1, ret, "hdb_set_master_keyfile"); /* I really want to use O_EXCL here, but given that I can't easily clean up on error, I won't */ ret = mydb->hdb_open(context, mydb, O_RDWR | O_CREAT | O_TRUNC, 0600); if (ret) krb5_err (context, 1, ret, "db->open"); sp = NULL; do { ret = krb5_read_priv_message(context, auth_context, &fd, &data); if (ret) { krb5_warn (context, ret, "krb5_read_priv_message"); goto cleanup; } sp = krb5_storage_from_data (&data); if (sp == NULL) krb5_errx (context, 1, "krb5_storage_from_data"); krb5_ret_int32 (sp, &opcode); if (opcode == ONE_PRINC) { krb5_data fake_data; hdb_entry_ex entry; krb5_storage_free(sp); fake_data.data = (char *)data.data + 4; fake_data.length = data.length - 4; memset(&entry, 0, sizeof(entry)); ret = hdb_value2entry (context, &fake_data, &entry.entry); if (ret) krb5_err (context, 1, ret, "hdb_value2entry"); ret = mydb->hdb_store(server_context->context, mydb, 0, &entry); if (ret) krb5_err (context, 1, ret, "hdb_store"); hdb_free_entry (context, &entry); krb5_data_free (&data); } else if (opcode == NOW_YOU_HAVE) ; else krb5_errx (context, 1, "strange opcode %d", opcode); } while (opcode == ONE_PRINC); if (opcode != NOW_YOU_HAVE) krb5_errx (context, 1, "receive_everything: strange %d", opcode); krb5_ret_int32 (sp, &vno); krb5_storage_free(sp); ret = kadm5_log_reinit (server_context); if (ret) krb5_err(context, 1, ret, "kadm5_log_reinit"); ret = kadm5_log_set_version (server_context, vno - 1); if (ret) krb5_err (context, 1, ret, "kadm5_log_set_version"); ret = kadm5_log_nop (server_context); if (ret) krb5_err (context, 1, ret, "kadm5_log_nop"); ret = mydb->hdb_rename (context, mydb, server_context->db->hdb_name); if (ret) krb5_err (context, 1, ret, "db->rename"); cleanup: krb5_data_free (&data); ret = mydb->hdb_close (context, mydb); if (ret) krb5_err (context, 1, ret, "db->close"); ret = mydb->hdb_destroy (context, mydb); if (ret) krb5_err (context, 1, ret, "db->destroy"); krb5_warnx(context, "receive complete database, version %ld", (long)vno); return ret; }
int main(int argc, char **argv) { krb5_error_code ret; krb5_context context; krb5_ccache ccache = NULL; HDB *db = NULL; int optidx = 0; int type, exit_code; setprogname(argv[0]); if(getarg(args, num_args, argc, argv, &optidx)) usage(1); if(help_flag) usage(0); if(version_flag){ print_version(NULL); exit(0); } ret = krb5_init_context(&context); if(ret) exit(1); /* We may be reading an old database encrypted with a DES master key. */ ret = krb5_allow_weak_crypto(context, 1); if(ret) krb5_err(context, 1, ret, "krb5_allow_weak_crypto"); if(local_realm) krb5_set_default_realm(context, local_realm); if(encrypt_flag && decrypt_flag) krb5_errx(context, 1, "only one of `--encrypt' and `--decrypt' is meaningful"); if(source_type != NULL) { type = parse_source_type(source_type); if(type == 0) krb5_errx(context, 1, "unknown source type `%s'", source_type); } else type = HPROP_HEIMDAL; if(!to_stdout) get_creds(context, &ccache); if(decrypt_flag || encrypt_flag) { ret = hdb_read_master_key(context, mkeyfile, &mkey5); if(ret && ret != ENOENT) krb5_err(context, 1, ret, "hdb_read_master_key"); if(ret) krb5_errx(context, 1, "No master key file found"); } switch(type) { case HPROP_MIT_DUMP: if (database == NULL) krb5_errx(context, 1, "no dump file specified"); break; case HPROP_HEIMDAL: ret = hdb_create (context, &db, database); if(ret) krb5_err(context, 1, ret, "hdb_create: %s", database); ret = db->hdb_open(context, db, O_RDONLY, 0); if(ret) krb5_err(context, 1, ret, "db->hdb_open"); break; default: krb5_errx(context, 1, "unknown dump type `%d'", type); break; } if (to_stdout) exit_code = dump_database (context, type, database, db); else exit_code = propagate_database (context, type, database, db, ccache, optidx, argc, argv); if(ccache != NULL) krb5_cc_destroy(context, ccache); if(db != NULL) (*db->hdb_destroy)(context, db); krb5_free_context(context); return exit_code; }
int dump(struct dump_options *opt, int argc, char **argv) { krb5_error_code (*func)(krb5_context, HDB *, hdb_entry_ex *, void *); krb5_error_code ret; void *arg; const char *format = "heimdal"; FILE *f = NULL; if (opt->format_string) format = opt->format_string; if (strcasecmp(format, "heimdal") == 0) { func = hdb_print_entry; if (argc == 0) { arg = stdout; } else { arg = f = fopen(argv[0], "w"); if (f == NULL) { krb5_warn(context, errno, "failed to open %s", argv[0]); return 0; } } #ifdef __APPLE__ } else if (strcasecmp(format, "od") == 0) { func = od_dump_entry; if (argc == 0) arg = rk_UNCONST("."); else arg = argv[0]; #endif } else { krb5_warnx(context, "unknown dump format: %s", format); return 0; } if (opt->mit_dump_file_string) { ret = hdb_mit_dump(context, opt->mit_dump_file_string, func, arg); if (ret) krb5_warn(context, ret, "hdb_mit_dump"); } else { HDB *db = NULL; if (!local_flag) { krb5_warnx(context, "od-dump is only available in local (-l) mode"); return 0; } db = _kadm5_s_get_db(kadm_handle); ret = db->hdb_open(context, db, O_RDONLY, 0600); if (ret) { krb5_warn(context, ret, "hdb_open"); goto out; } ret = hdb_foreach(context, db, opt->decrypt_flag ? HDB_F_DECRYPT : 0, func, arg); if (ret) krb5_warn(context, ret, "hdb_foreach"); db->hdb_close(context, db); } if (f) fclose(f); out: return ret != 0; }
int main(int argc, char **argv) { krb5_error_code ret; krb5_context context; krb5_ccache ccache = NULL; HDB *db = NULL; int optidx = 0; int type, exit_code; setprogname(argv[0]); if(getarg(args, num_args, argc, argv, &optidx)) usage(1); if(help_flag) usage(0); if(version_flag){ print_version(NULL); exit(0); } ret = krb5_init_context(&context); if(ret) exit(1); if(local_realm) krb5_set_default_realm(context, local_realm); if(v4_realm == NULL) { ret = krb5_get_default_realm(context, &v4_realm); if(ret) krb5_err(context, 1, ret, "krb5_get_default_realm"); } if(afs_cell == NULL) { afs_cell = strdup(v4_realm); if(afs_cell == NULL) krb5_errx(context, 1, "out of memory"); strlwr(afs_cell); } if(encrypt_flag && decrypt_flag) krb5_errx(context, 1, "only one of `--encrypt' and `--decrypt' is meaningful"); if(source_type != NULL) { type = parse_source_type(source_type); if(type == 0) krb5_errx(context, 1, "unknown source type `%s'", source_type); } else type = HPROP_HEIMDAL; if(!to_stdout) get_creds(context, &ccache); if(decrypt_flag || encrypt_flag) { ret = hdb_read_master_key(context, mkeyfile, &mkey5); if(ret && ret != ENOENT) krb5_err(context, 1, ret, "hdb_read_master_key"); if(ret) krb5_errx(context, 1, "No master key file found"); } if (IS_TYPE_V4(type) && v4_realm == NULL) krb5_errx(context, 1, "Its a Kerberos 4 database " "but no realm configured"); switch(type) { case HPROP_KASERVER: if (database == NULL) database = DEFAULT_DATABASE; ka_use_null_salt = krb5_config_get_bool_default(context, NULL, FALSE, "hprop", "afs_uses_null_salt", NULL); break; case HPROP_KRB4_DUMP: if (database == NULL) krb5_errx(context, 1, "no dump file specified"); break; case HPROP_MIT_DUMP: if (database == NULL) krb5_errx(context, 1, "no dump file specified"); break; case HPROP_HEIMDAL: ret = hdb_create (context, &db, database); if(ret) krb5_err(context, 1, ret, "hdb_create: %s", database); ret = db->hdb_open(context, db, O_RDONLY, 0); if(ret) krb5_err(context, 1, ret, "db->hdb_open"); break; default: krb5_errx(context, 1, "unknown dump type `%d'", type); break; } if (to_stdout) exit_code = dump_database (context, type, database, db); else exit_code = propagate_database (context, type, database, db, ccache, optidx, argc, argv); if(ccache != NULL) krb5_cc_destroy(context, ccache); if(db != NULL) (*db->hdb_destroy)(context, db); krb5_free_context(context); return exit_code; }
bool HDBNode::remove(HDBHandle& hdl) { // If node hasn't been written yet, don't do anything. if (m_pdata->m_offset <= 0) { return false; } File file = hdl.getFile(); HDB* pdb = hdl.getHDB(); HDBBlock fblk; // Remove all children Int32 coffset = m_pdata->m_blk.lastChild; Int32 toffset; while (coffset > 0) { HDB::readBlock(fblk, file, coffset); toffset = coffset; // Save offset for deletion class coffset = fblk.prevSib; // Save offset for next read // Remove node and all of its children. This call will modify fblk. removeBlock(hdl, fblk, toffset); } // Set pointer on next sibling if it exists if (m_pdata->m_blk.nextSib > 0) { HDB::readBlock(fblk, file, m_pdata->m_blk.nextSib); fblk.prevSib = m_pdata->m_blk.prevSib; HDB::writeBlock(fblk, file, m_pdata->m_blk.nextSib); } // Set pointer on prev sibling if it exists if (m_pdata->m_blk.prevSib > 0) { HDB::readBlock(fblk, file, m_pdata->m_blk.prevSib); fblk.nextSib = m_pdata->m_blk.nextSib; HDB::writeBlock(fblk, file, m_pdata->m_blk.prevSib); } // If it has a parent, insure parent doesn't contain it's offset if (m_pdata->m_blk.parent > 0) { // Read parent block HDB::readBlock(fblk, file, m_pdata->m_blk.parent); bool changed = false; // If this was the first child in the list, then update the // first child pointer in the parent block if (fblk.firstChild == m_pdata->m_offset) { changed = true; fblk.firstChild = m_pdata->m_blk.nextSib; } // If this was the last child in the list, then update the // last child pointer in the parent block if (fblk.lastChild == m_pdata->m_offset) { changed = true; fblk.lastChild = m_pdata->m_blk.prevSib; } // If any offsets changed in the parent block, then update the parent if (changed) { HDB::writeBlock(fblk, file, m_pdata->m_blk.parent); } } else { // Must be a root node if (pdb->getFirstRootOffSet() == m_pdata->m_offset) { pdb->setFirstRootOffSet(file, m_pdata->m_blk.nextSib); } if (pdb->getLastRootOffset() == m_pdata->m_offset) { pdb->setLastRootOffset(file, m_pdata->m_blk.prevSib); } } // Add block to free list pdb->addBlockToFreeList(file, m_pdata->m_blk, m_pdata->m_offset); // Remove the index entry for this node hdl.removeIndexEntry(m_pdata->m_key.c_str()); m_pdata->m_offset = -1; m_pdata->m_blk.isFree = true; m_pdata->m_blk.parent = -1; m_pdata->m_blk.firstChild = -1; m_pdata->m_blk.lastChild = -1; m_pdata->m_blk.prevSib = -1; m_pdata->m_blk.nextSib = -1; m_pdata->m_blk.size = 0; hdl.registerWrite(); return true; }
void HDBNode::updateOffsets(HDBHandle& hdl, Int32 offset) { if (offset <= 0L || !m_pdata || !hdl) { return; } HDB* pdb = hdl.getHDB(); File file = hdl.getFile(); HDBBlock fblk; if (m_pdata->m_blk.prevSib > 0) { HDB::readBlock(fblk, file, m_pdata->m_blk.prevSib); fblk.nextSib = offset; HDB::writeBlock(fblk, file, m_pdata->m_blk.prevSib); } if (m_pdata->m_blk.nextSib > 0) { HDB::readBlock(fblk, file, m_pdata->m_blk.nextSib); fblk.prevSib = offset; HDB::writeBlock(fblk, file, m_pdata->m_blk.nextSib); } if (m_pdata->m_blk.parent > 0) { HDB::readBlock(fblk, file, m_pdata->m_blk.parent); bool doUpdate = false; if (fblk.firstChild == m_pdata->m_offset) { fblk.firstChild = offset; doUpdate = true; } if (fblk.lastChild == m_pdata->m_offset) { fblk.lastChild = offset; doUpdate = true; } if (doUpdate) { HDB::writeBlock(fblk, file, m_pdata->m_blk.parent); } } else // No parent. Must be a root node { if (pdb->getFirstRootOffSet() == m_pdata->m_offset) { pdb->setFirstRootOffSet(file, offset); } if (pdb->getLastRootOffset() == m_pdata->m_offset) { pdb->setLastRootOffset(file, offset); } } // Now update the parent offset on all children Int32 coffset = m_pdata->m_blk.firstChild; while (coffset > 0) { HDB::readBlock(fblk, file, coffset); fblk.parent = offset; HDB::writeBlock(fblk, file, coffset); coffset = fblk.nextSib; } // Update the index entry associated with this node hdl.updateIndexEntry(m_pdata->m_key.c_str(), offset); m_pdata->m_offset = offset; }
Int32 HDBNode::write(HDBHandle& hdl, EWriteHeaderFlag onlyHeader) { if (!m_pdata) { OW_THROW(HDBException, "Internal error: Cannot write null node"); } bool newRecord = false; m_pdata->m_blk.keyLength = m_pdata->m_key.length() + 1; m_pdata->m_blk.dataLength = m_pdata->m_bfrLen + m_pdata->m_key.length() + 1; File file = hdl.getFile(); HDB* phdb = hdl.getHDB(); int totalSize = m_pdata->m_blk.dataLength + sizeof(m_pdata->m_blk); m_pdata->m_blk.isFree = false; if (m_pdata->m_offset <= 0) // Is this a new node? { newRecord = true; m_pdata->m_blk.size = totalSize; m_pdata->m_offset = phdb->findBlock(file, totalSize); if (m_pdata->m_blk.parent <= 0) { phdb->addRootNode(file, m_pdata->m_blk, m_pdata->m_offset); } else { HDB::writeBlock(m_pdata->m_blk, file, m_pdata->m_offset); } // Add this entry to the index if (!hdl.addIndexEntry(m_pdata->m_key.c_str(), m_pdata->m_offset)) { OW_THROW(HDBException, "Failed to write index entry"); } } else { // If the size required to hold this node has increased, // then delete the old block and add a new one. if (totalSize > int(m_pdata->m_blk.size)) { HDBBlock node = m_pdata->m_blk; phdb->addBlockToFreeList(file, node, m_pdata->m_offset); // delete old m_pdata->m_blk.size = totalSize; updateOffsets(hdl, phdb->findBlock(file, totalSize)); } HDB::writeBlock(m_pdata->m_blk, file, m_pdata->m_offset); } if (onlyHeader == false || newRecord == true) { // Now write key and data for node if (file.write(m_pdata->m_key.c_str(), m_pdata->m_key.length()+1) != m_pdata->m_key.length()+1) { OW_THROW_ERRNO_MSG(HDBException, "Failed to write node key"); } if (file.write(m_pdata->m_bfr, m_pdata->m_bfrLen) != size_t(m_pdata->m_bfrLen)) { OW_THROW_ERRNO_MSG(HDBException, "Failed to write node data"); } } m_pdata->m_version = hdl.registerWrite(); return m_pdata->m_offset; }
static int doit(const char *filename, int mergep) { krb5_error_code ret = 0; FILE *f; char s[8192]; /* XXX should fix this properly */ char *p; int line; int flags = O_RDWR; struct entry e; hdb_entry_ex ent; HDB *db = _kadm5_s_get_db(kadm_handle); f = fopen(filename, "r"); if(f == NULL){ krb5_warn(context, errno, "fopen(%s)", filename); return 1; } /* * We don't have a version number in the dump, so we don't know which iprop * log entries to keep, if any. We throw the log away. * * We could merge the ipropd-master/slave dump/load here as an option, in * which case we would first load the dump. * * If we're merging, first recover unconfirmed records in the existing log. */ if (mergep) ret = kadm5_log_init(kadm_handle); if (ret == 0) ret = kadm5_log_reinit(kadm_handle, 0); if (ret) { fclose (f); krb5_warn(context, ret, "kadm5_log_reinit"); return 1; } if(!mergep) flags |= O_CREAT | O_TRUNC; ret = db->hdb_open(context, db, flags, 0600); if(ret){ krb5_warn(context, ret, "hdb_open"); fclose(f); return 1; } line = 0; ret = 0; while(fgets(s, sizeof(s), f) != NULL) { line++; p = s; while (isspace((unsigned char)*p)) p++; e.principal = p; for(p = s; *p; p++){ if(*p == '\\') p++; else if(isspace((unsigned char)*p)) { *p = 0; break; } } p = skip_next(p); e.key = p; p = skip_next(p); e.created = p; p = skip_next(p); e.modified = p; p = skip_next(p); e.valid_start = p; p = skip_next(p); e.valid_end = p; p = skip_next(p); e.pw_end = p; p = skip_next(p); e.max_life = p; p = skip_next(p); e.max_renew = p; p = skip_next(p); e.flags = p; p = skip_next(p); e.generation = p; p = skip_next(p); e.extensions = p; skip_next(p); memset(&ent, 0, sizeof(ent)); ret = krb5_parse_name(context, e.principal, &ent.entry.principal); if(ret) { const char *msg = krb5_get_error_message(context, ret); fprintf(stderr, "%s:%d:%s (%s)\n", filename, line, msg, e.principal); krb5_free_error_message(context, msg); continue; } if (parse_keys(&ent.entry, e.key)) { fprintf (stderr, "%s:%d:error parsing keys (%s)\n", filename, line, e.key); hdb_free_entry (context, &ent); continue; } if (parse_event(&ent.entry.created_by, e.created) == -1) { fprintf (stderr, "%s:%d:error parsing created event (%s)\n", filename, line, e.created); hdb_free_entry (context, &ent); continue; } if (parse_event_alloc (&ent.entry.modified_by, e.modified) == -1) { fprintf (stderr, "%s:%d:error parsing event (%s)\n", filename, line, e.modified); hdb_free_entry (context, &ent); continue; } if (parse_time_string_alloc (&ent.entry.valid_start, e.valid_start) == -1) { fprintf (stderr, "%s:%d:error parsing time (%s)\n", filename, line, e.valid_start); hdb_free_entry (context, &ent); continue; } if (parse_time_string_alloc (&ent.entry.valid_end, e.valid_end) == -1) { fprintf (stderr, "%s:%d:error parsing time (%s)\n", filename, line, e.valid_end); hdb_free_entry (context, &ent); continue; } if (parse_time_string_alloc (&ent.entry.pw_end, e.pw_end) == -1) { fprintf (stderr, "%s:%d:error parsing time (%s)\n", filename, line, e.pw_end); hdb_free_entry (context, &ent); continue; } if (parse_integer_alloc (&ent.entry.max_life, e.max_life) == -1) { fprintf (stderr, "%s:%d:error parsing lifetime (%s)\n", filename, line, e.max_life); hdb_free_entry (context, &ent); continue; } if (parse_integer_alloc (&ent.entry.max_renew, e.max_renew) == -1) { fprintf (stderr, "%s:%d:error parsing lifetime (%s)\n", filename, line, e.max_renew); hdb_free_entry (context, &ent); continue; } if (parse_hdbflags2int (&ent.entry.flags, e.flags) != 1) { fprintf (stderr, "%s:%d:error parsing flags (%s)\n", filename, line, e.flags); hdb_free_entry (context, &ent); continue; } if(parse_generation(e.generation, &ent.entry.generation) == -1) { fprintf (stderr, "%s:%d:error parsing generation (%s)\n", filename, line, e.generation); hdb_free_entry (context, &ent); continue; } if(parse_extensions(e.extensions, &ent.entry.extensions) == -1) { fprintf (stderr, "%s:%d:error parsing extension (%s)\n", filename, line, e.extensions); hdb_free_entry (context, &ent); continue; } ret = db->hdb_store(context, db, HDB_F_REPLACE, &ent); hdb_free_entry (context, &ent); if (ret) { krb5_warn(context, ret, "db_store"); break; } } (void) kadm5_log_end(kadm_handle); db->hdb_close(context, db); fclose(f); return ret != 0; }