search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Reduce compiler warnings on Windows
[heimdal.git] / kdc / hprop.c
blob58373025b11a60f0be479b52a9ef84c8480d96ad
1 /*
2 * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #define KRB5_DEPRECATED /* uses v4 functions that will die */
35
36 #include "hprop.h"
37
38 static int version_flag;
39 static int help_flag;
40 static const char *ktname = HPROP_KEYTAB;
41 static const char *database;
42 static char *mkeyfile;
43 static int to_stdout;
44 static int verbose_flag;
45 static int encrypt_flag;
46 static int decrypt_flag;
47 static hdb_master_key mkey5;
48
49 static char *source_type;
50
51 static char *afs_cell;
52 static char *v4_realm;
53
54 static int kaspecials_flag;
55 static int ka_use_null_salt;
56
57 static char *local_realm=NULL;
58
59 static int
60 open_socket(krb5_context context, const char *hostname, const char *port)
61 {
62 struct addrinfo *ai, *a;
63 struct addrinfo hints;
64 int error;
65
66 memset (&hints, 0, sizeof(hints));
67 hints.ai_socktype = SOCK_STREAM;
68 hints.ai_protocol = IPPROTO_TCP;
69
70 error = getaddrinfo (hostname, port, &hints, &ai);
71 if (error) {
72 warnx ("%s: %s", hostname, gai_strerror(error));
73 return -1;
74 }
75
76 for (a = ai; a != NULL; a = a->ai_next) {
77 int s;
78
79 s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
80 if (s < 0)
81 continue;
82 if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
83 warn ("connect(%s)", hostname);
84 close (s);
85 continue;
86 }
87 freeaddrinfo (ai);
88 return s;
89 }
90 warnx ("failed to contact %s", hostname);
91 freeaddrinfo (ai);
92 return -1;
93 }
94
95 krb5_error_code
96 v5_prop(krb5_context context, HDB *db, hdb_entry_ex *entry, void *appdata)
97 {
98 krb5_error_code ret;
99 struct prop_data *pd = appdata;
100 krb5_data data;
101
102 if(encrypt_flag) {
103 ret = hdb_seal_keys_mkey(context, &entry->entry, mkey5);
104 if (ret) {
105 krb5_warn(context, ret, "hdb_seal_keys_mkey");
106 return ret;
107 }
108 }
109 if(decrypt_flag) {
110 ret = hdb_unseal_keys_mkey(context, &entry->entry, mkey5);
111 if (ret) {
112 krb5_warn(context, ret, "hdb_unseal_keys_mkey");
113 return ret;
114 }
115 }
116
117 ret = hdb_entry2value(context, &entry->entry, &data);
118 if(ret) {
119 krb5_warn(context, ret, "hdb_entry2value");
120 return ret;
121 }
122
123 if(to_stdout)
124 ret = krb5_write_message(context, &pd->sock, &data);
125 else
126 ret = krb5_write_priv_message(context, pd->auth_context,
127 &pd->sock, &data);
128 krb5_data_free(&data);
129 return ret;
130 }
131
132 #ifdef KRB4
133 int
134 v4_prop(void *arg, struct v4_principal *p)
135 {
136 struct prop_data *pd = arg;
137 hdb_entry_ex ent;
138 krb5_error_code ret;
139
140 memset(&ent, 0, sizeof(ent));
141
142 ret = krb5_425_conv_principal(pd->context, p->name, p->instance, v4_realm,
143 &ent.entry.principal);
144 if(ret) {
145 krb5_warn(pd->context, ret,
146 "krb5_425_conv_principal %s.%s@%s",
147 p->name, p->instance, v4_realm);
148 return 0;
149 }
150
151 if(verbose_flag) {
152 char *s;
153 krb5_unparse_name_short(pd->context, ent.entry.principal, &s);
154 krb5_warnx(pd->context, "%s.%s -> %s", p->name, p->instance, s);
155 free(s);
156 }
157
158 ent.entry.kvno = p->kvno;
159 ent.entry.keys.len = 3;
160 ent.entry.keys.val = malloc(ent.entry.keys.len * sizeof(*ent.entry.keys.val));
161 if (ent.entry.keys.val == NULL)
162 krb5_errx(pd->context, ENOMEM, "malloc");
163 if(p->mkvno != -1) {
164 ent.entry.keys.val[0].mkvno = malloc (sizeof(*ent.entry.keys.val[0].mkvno));
165 if (ent.entry.keys.val[0].mkvno == NULL)
166 krb5_errx(pd->context, ENOMEM, "malloc");
167 *(ent.entry.keys.val[0].mkvno) = p->mkvno;
168 } else
169 ent.entry.keys.val[0].mkvno = NULL;
170 ent.entry.keys.val[0].salt = calloc(1, sizeof(*ent.entry.keys.val[0].salt));
171 if (ent.entry.keys.val[0].salt == NULL)
172 krb5_errx(pd->context, ENOMEM, "calloc");
173 ent.entry.keys.val[0].salt->type = KRB5_PADATA_PW_SALT;
174 ent.entry.keys.val[0].key.keytype = ETYPE_DES_CBC_MD5;
175 krb5_data_alloc(&ent.entry.keys.val[0].key.keyvalue, DES_KEY_SZ);
176 memcpy(ent.entry.keys.val[0].key.keyvalue.data, p->key, 8);
177
178 copy_Key(&ent.entry.keys.val[0], &ent.entry.keys.val[1]);
179 ent.entry.keys.val[1].key.keytype = ETYPE_DES_CBC_MD4;
180 copy_Key(&ent.entry.keys.val[0], &ent.entry.keys.val[2]);
181 ent.entry.keys.val[2].key.keytype = ETYPE_DES_CBC_CRC;
182
183 {
184 int life = _krb5_krb_life_to_time(0, p->max_life);
185 if(life == NEVERDATE){
186 ent.entry.max_life = NULL;
187 } else {
188 /* clean up lifetime a bit */
189 if(life > 86400)
190 life = (life + 86399) / 86400 * 86400;
191 else if(life > 3600)
192 life = (life + 3599) / 3600 * 3600;
193 ALLOC(ent.entry.max_life);
194 *ent.entry.max_life = life;
195 }
196 }
197
198 ALLOC(ent.entry.valid_end);
199 *ent.entry.valid_end = p->exp_date;
200
201 ret = krb5_make_principal(pd->context, &ent.entry.created_by.principal,
202 v4_realm,
203 "kadmin",
204 "hprop",
205 NULL);
206 if(ret){
207 krb5_warn(pd->context, ret, "krb5_make_principal");
208 ret = 0;
209 goto out;
210 }
211 ent.entry.created_by.time = time(NULL);
212 ALLOC(ent.entry.modified_by);
213 ret = krb5_425_conv_principal(pd->context, p->mod_name, p->mod_instance,
214 v4_realm, &ent.entry.modified_by->principal);
215 if(ret){
216 krb5_warn(pd->context, ret, "%s.%s@%s", p->name, p->instance, v4_realm);
217 ent.entry.modified_by->principal = NULL;
218 ret = 0;
219 goto out;
220 }
221 ent.entry.modified_by->time = p->mod_date;
222
223 ent.entry.flags.forwardable = 1;
224 ent.entry.flags.renewable = 1;
225 ent.entry.flags.proxiable = 1;
226 ent.entry.flags.postdate = 1;
227 ent.entry.flags.client = 1;
228 ent.entry.flags.server = 1;
229
230 /* special case password changing service */
231 if(strcmp(p->name, "changepw") == 0 &&
232 strcmp(p->instance, "kerberos") == 0) {
233 ent.entry.flags.forwardable = 0;
234 ent.entry.flags.renewable = 0;
235 ent.entry.flags.proxiable = 0;
236 ent.entry.flags.postdate = 0;
237 ent.entry.flags.initial = 1;
238 ent.entry.flags.change_pw = 1;
239 }
240
241 ret = v5_prop(pd->context, NULL, &ent, pd);
242
243 if (strcmp (p->name, "krbtgt") == 0
244 && strcmp (v4_realm, p->instance) != 0) {
245 krb5_free_principal (pd->context, ent.entry.principal);
246 ret = krb5_425_conv_principal (pd->context, p->name,
247 v4_realm, p->instance,
248 &ent.entry.principal);
249 if (ret == 0)
250 ret = v5_prop (pd->context, NULL, &ent, pd);
251 }
252
253 out:
254 hdb_free_entry(pd->context, &ent);
255 return ret;
256 }
257 #endif
258
259 #include "kadb.h"
260
261 /* read a `ka_entry' from `fd' at offset `pos' */
262 static void
263 read_block(krb5_context context, int fd, int32_t pos, void *buf, size_t len)
264 {
265 krb5_error_code ret;
266 #ifdef HAVE_PREAD
267 if((ret = pread(fd, buf, len, 64 + pos)) < 0)
268 krb5_err(context, 1, errno, "pread(%u)", 64 + pos);
269 #else
270 if(lseek(fd, 64 + pos, SEEK_SET) == (off_t)-1)
271 krb5_err(context, 1, errno, "lseek(%u)", 64 + pos);
272 ret = read(fd, buf, len);
273 if(ret < 0)
274 krb5_err(context, 1, errno, "read(%lu)", (unsigned long)len);
275 #endif
276 if(ret != len)
277 krb5_errx(context, 1, "read(%lu) = %u", (unsigned long)len, ret);
278 }
279
280 #ifdef KRB4
281
282 static int
283 ka_convert(struct prop_data *pd, int fd, struct ka_entry *ent)
284 {
285 int32_t flags = ntohl(ent->flags);
286 krb5_error_code ret;
287 hdb_entry_ex hdb;
288
289 if(!kaspecials_flag
290 && (flags & KAFNORMAL) == 0) /* remove special entries */
291 return 0;
292 memset(&hdb, 0, sizeof(hdb));
293 ret = krb5_425_conv_principal(pd->context, ent->name, ent->instance,
294 v4_realm, &hdb.entry.principal);
295 if(ret) {
296 krb5_warn(pd->context, ret,
297 "krb5_425_conv_principal (%s.%s@%s)",
298 ent->name, ent->instance, v4_realm);
299 return 0;
300 }
301 hdb.entry.kvno = ntohl(ent->kvno);
302 hdb.entry.keys.len = 3;
303 hdb.entry.keys.val =
304 malloc(hdb.entry.keys.len * sizeof(*hdb.entry.keys.val));
305 if (hdb.entry.keys.val == NULL)
306 krb5_errx(pd->context, ENOMEM, "malloc");
307 hdb.entry.keys.val[0].mkvno = NULL;
308 hdb.entry.keys.val[0].salt = calloc(1, sizeof(*hdb.entry.keys.val[0].salt));
309 if (hdb.entry.keys.val[0].salt == NULL)
310 krb5_errx(pd->context, ENOMEM, "calloc");
311 if (ka_use_null_salt) {
312 hdb.entry.keys.val[0].salt->type = hdb_pw_salt;
313 hdb.entry.keys.val[0].salt->salt.data = NULL;
314 hdb.entry.keys.val[0].salt->salt.length = 0;
315 } else {
316 hdb.entry.keys.val[0].salt->type = hdb_afs3_salt;
317 hdb.entry.keys.val[0].salt->salt.data = strdup(afs_cell);
318 if (hdb.entry.keys.val[0].salt->salt.data == NULL)
319 krb5_errx(pd->context, ENOMEM, "strdup");
320 hdb.entry.keys.val[0].salt->salt.length = strlen(afs_cell);
321 }
322
323 hdb.entry.keys.val[0].key.keytype = ETYPE_DES_CBC_MD5;
324 krb5_data_copy(&hdb.entry.keys.val[0].key.keyvalue,
325 ent->key,
326 sizeof(ent->key));
327 copy_Key(&hdb.entry.keys.val[0], &hdb.entry.keys.val[1]);
328 hdb.entry.keys.val[1].key.keytype = ETYPE_DES_CBC_MD4;
329 copy_Key(&hdb.entry.keys.val[0], &hdb.entry.keys.val[2]);
330 hdb.entry.keys.val[2].key.keytype = ETYPE_DES_CBC_CRC;
331
332 ALLOC(hdb.entry.max_life);
333 *hdb.entry.max_life = ntohl(ent->max_life);
334
335 if(ntohl(ent->valid_end) != NEVERDATE && ntohl(ent->valid_end) != 0xffffffff) {
336 ALLOC(hdb.entry.valid_end);
337 *hdb.entry.valid_end = ntohl(ent->valid_end);
338 }
339
340 if (ntohl(ent->pw_change) != NEVERDATE &&
341 ent->pw_expire != 255 &&
342 ent->pw_expire != 0) {
343 ALLOC(hdb.entry.pw_end);
344 *hdb.entry.pw_end = ntohl(ent->pw_change)
345 + 24 * 60 * 60 * ent->pw_expire;
346 }
347
348 ret = krb5_make_principal(pd->context, &hdb.entry.created_by.principal,
349 v4_realm,
350 "kadmin",
351 "hprop",
352 NULL);
353 hdb.entry.created_by.time = time(NULL);
354
355 if(ent->mod_ptr){
356 struct ka_entry mod;
357 ALLOC(hdb.entry.modified_by);
358 read_block(pd->context, fd, ntohl(ent->mod_ptr), &mod, sizeof(mod));
359
360 krb5_425_conv_principal(pd->context, mod.name, mod.instance, v4_realm,
361 &hdb.entry.modified_by->principal);
362 hdb.entry.modified_by->time = ntohl(ent->mod_time);
363 memset(&mod, 0, sizeof(mod));
364 }
365
366 hdb.entry.flags.forwardable = 1;
367 hdb.entry.flags.renewable = 1;
368 hdb.entry.flags.proxiable = 1;
369 hdb.entry.flags.postdate = 1;
370 /* XXX - AFS 3.4a creates krbtgt.REALMOFCELL as NOTGS+NOSEAL */
371 if (strcmp(ent->name, "krbtgt") == 0 &&
372 (flags & (KAFNOTGS|KAFNOSEAL)) == (KAFNOTGS|KAFNOSEAL))
373 flags &= ~(KAFNOTGS|KAFNOSEAL);
374
375 hdb.entry.flags.client = (flags & KAFNOTGS) == 0;
376 hdb.entry.flags.server = (flags & KAFNOSEAL) == 0;
377
378 ret = v5_prop(pd->context, NULL, &hdb, pd);
379 hdb_free_entry(pd->context, &hdb);
380 return ret;
381 }
382
383 static int
384 ka_dump(struct prop_data *pd, const char *file)
385 {
386 struct ka_header header;
387 int i;
388 int fd = open(file, O_RDONLY);
389
390 if(fd < 0)
391 krb5_err(pd->context, 1, errno, "open(%s)", file);
392 read_block(pd->context, fd, 0, &header, sizeof(header));
393 if(header.version1 != header.version2)
394 krb5_errx(pd->context, 1, "Version mismatch in header: %ld/%ld",
395 (long)ntohl(header.version1), (long)ntohl(header.version2));
396 if(ntohl(header.version1) != 5)
397 krb5_errx(pd->context, 1, "Unknown database version %ld (expected 5)",
398 (long)ntohl(header.version1));
399 for(i = 0; i < ntohl(header.hashsize); i++){
400 int32_t pos = ntohl(header.hash[i]);
401 while(pos){
402 struct ka_entry ent;
403 read_block(pd->context, fd, pos, &ent, sizeof(ent));
404 ka_convert(pd, fd, &ent);
405 pos = ntohl(ent.next);
406 }
407 }
408 return 0;
409 }
410 #endif /* KRB4 */
411
412
413 struct getargs args[] = {
414 { "master-key", 'm', arg_string, &mkeyfile, "v5 master key file", "file" },
415 { "database", 'd', arg_string, &database, "database", "file" },
416 { "source", 0, arg_string, &source_type, "type of database to read",
417 "heimdal"
418 "|mit-dump"
419 #ifdef KRB4
420 "|krb4-dump"
421 "|kaserver"
422 #endif
423 },
424
425 #ifdef KRB4
426 { "v4-realm", 'r', arg_string, &v4_realm, "v4 realm to use" },
427 #endif
428 { "cell", 'c', arg_string, &afs_cell, "name of AFS cell" },
429 #ifdef KRB4
430 { "kaspecials", 'S', arg_flag, &kaspecials_flag, "dump KASPECIAL keys"},
431 #endif
432 { "keytab", 'k', arg_string, &ktname, "keytab to use for authentication", "keytab" },
433 { "v5-realm", 'R', arg_string, &local_realm, "v5 realm to use" },
434 { "decrypt", 'D', arg_flag, &decrypt_flag, "decrypt keys" },
435 { "encrypt", 'E', arg_flag, &encrypt_flag, "encrypt keys" },
436 { "stdout", 'n', arg_flag, &to_stdout, "dump to stdout" },
437 { "verbose", 'v', arg_flag, &verbose_flag },
438 { "version", 0, arg_flag, &version_flag },
439 { "help", 'h', arg_flag, &help_flag }
440 };
441
442 static int num_args = sizeof(args) / sizeof(args[0]);
443
444 static void
445 usage(int ret)
446 {
447 arg_printusage (args, num_args, NULL, "[host[:port]] ...");
448 exit (ret);
449 }
450
451 static void
452 get_creds(krb5_context context, krb5_ccache *cache)
453 {
454 krb5_keytab keytab;
455 krb5_principal client;
456 krb5_error_code ret;
457 krb5_get_init_creds_opt *init_opts;
458 krb5_preauthtype preauth = KRB5_PADATA_ENC_TIMESTAMP;
459 krb5_creds creds;
460
461 ret = krb5_kt_register(context, &hdb_kt_ops);
462 if(ret) krb5_err(context, 1, ret, "krb5_kt_register");
463
464 ret = krb5_kt_resolve(context, ktname, &keytab);
465 if(ret) krb5_err(context, 1, ret, "krb5_kt_resolve");
466
467 ret = krb5_make_principal(context, &client, NULL,
468 "kadmin", HPROP_NAME, NULL);
469 if(ret) krb5_err(context, 1, ret, "krb5_make_principal");
470
471 ret = krb5_get_init_creds_opt_alloc(context, &init_opts);
472 if(ret) krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc");
473 krb5_get_init_creds_opt_set_preauth_list(init_opts, &preauth, 1);
474
475 ret = krb5_get_init_creds_keytab(context, &creds, client, keytab, 0, NULL, init_opts);
476 if(ret) krb5_err(context, 1, ret, "krb5_get_init_creds");
477
478 krb5_get_init_creds_opt_free(context, init_opts);
479
480 ret = krb5_kt_close(context, keytab);
481 if(ret) krb5_err(context, 1, ret, "krb5_kt_close");
482
483 ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, cache);
484 if(ret) krb5_err(context, 1, ret, "krb5_cc_new_unique");
485
486 ret = krb5_cc_initialize(context, *cache, client);
487 if(ret) krb5_err(context, 1, ret, "krb5_cc_initialize");
488
489 krb5_free_principal(context, client);
490
491 ret = krb5_cc_store_cred(context, *cache, &creds);
492 if(ret) krb5_err(context, 1, ret, "krb5_cc_store_cred");
493
494 krb5_free_cred_contents(context, &creds);
495 }
496
497 enum hprop_source {
498 HPROP_HEIMDAL = 1,
499 HPROP_KRB4_DUMP,
500 HPROP_KASERVER,
501 HPROP_MIT_DUMP
502 };
503
504 #define IS_TYPE_V4(X) ((X) == HPROP_KRB4_DUMP || (X) == HPROP_KASERVER)
505
506 struct {
507 int type;
508 const char *name;
509 } types[] = {
510 { HPROP_HEIMDAL, "heimdal" },
511 { HPROP_KRB4_DUMP, "krb4-dump" },
512 { HPROP_KASERVER, "kaserver" },
513 { HPROP_MIT_DUMP, "mit-dump" }
514 };
515
516 static int
517 parse_source_type(const char *s)
518 {
519 int i;
520 for(i = 0; i < sizeof(types) / sizeof(types[0]); i++) {
521 if(strstr(types[i].name, s) == types[i].name)
522 return types[i].type;
523 }
524 return 0;
525 }
526
527 static int
528 iterate (krb5_context context,
529 const char *database_name,
530 HDB *db,
531 int type,
532 struct prop_data *pd)
533 {
534 int ret;
535
536 switch(type) {
537 #ifdef KRB4
538 case HPROP_KRB4_DUMP:
539 ret = v4_prop_dump(pd, database_name);
540 if(ret)
541 krb5_warn(context, ret, "v4_prop_dump");
542 break;
543 case HPROP_KASERVER:
544 ret = ka_dump(pd, database_name);
545 if(ret)
546 krb5_warn(context, ret, "ka_dump");
547 break;
548 #endif
549 case HPROP_MIT_DUMP:
550 ret = mit_prop_dump(pd, database_name);
551 if (ret)
552 krb5_warn(context, ret, "mit_prop_dump");
553 break;
554 case HPROP_HEIMDAL:
555 ret = hdb_foreach(context, db, HDB_F_DECRYPT, v5_prop, pd);
556 if(ret)
557 krb5_warn(context, ret, "hdb_foreach");
558 break;
559 default:
560 krb5_errx(context, 1, "unknown prop type: %d", type);
561 }
562 return ret;
563 }
564
565 static int
566 dump_database (krb5_context context, int type,
567 const char *database_name, HDB *db)
568 {
569 krb5_error_code ret;
570 struct prop_data pd;
571 krb5_data data;
572
573 pd.context = context;
574 pd.auth_context = NULL;
575 pd.sock = STDOUT_FILENO;
576
577 ret = iterate (context, database_name, db, type, &pd);
578 if (ret)
579 krb5_errx(context, 1, "iterate failure");
580 krb5_data_zero (&data);
581 ret = krb5_write_message (context, &pd.sock, &data);
582 if (ret)
583 krb5_err(context, 1, ret, "krb5_write_message");
584
585 return 0;
586 }
587
588 static int
589 propagate_database (krb5_context context, int type,
590 const char *database_name,
591 HDB *db, krb5_ccache ccache,
592 int optidx, int argc, char **argv)
593 {
594 krb5_principal server;
595 krb5_error_code ret;
596 int i, failed = 0;
597
598 for(i = optidx; i < argc; i++){
599 krb5_auth_context auth_context;
600 int fd;
601 struct prop_data pd;
602 krb5_data data;
603
604 char *port, portstr[NI_MAXSERV];
605 char *host = argv[i];
606
607 port = strchr(host, ':');
608 if(port == NULL) {
609 snprintf(portstr, sizeof(portstr), "%u",
610 ntohs(krb5_getportbyname (context, "hprop", "tcp",
611 HPROP_PORT)));
612 port = portstr;
613 } else
614 *port++ = '\0';
615
616 fd = open_socket(context, host, port);
617 if(fd < 0) {
618 failed++;
619 krb5_warn (context, errno, "connect %s", host);
620 continue;
621 }
622
623 ret = krb5_sname_to_principal(context, argv[i],
624 HPROP_NAME, KRB5_NT_SRV_HST, &server);
625 if(ret) {
626 failed++;
627 krb5_warn(context, ret, "krb5_sname_to_principal(%s)", host);
628 close(fd);
629 continue;
630 }
631
632 if (local_realm) {
633 krb5_realm my_realm;
634 krb5_get_default_realm(context,&my_realm);
635 krb5_principal_set_realm(context,server,my_realm);
636 krb5_xfree(my_realm);
637 }
638
639 auth_context = NULL;
640 ret = krb5_sendauth(context,
641 &auth_context,
642 &fd,
643 HPROP_VERSION,
644 NULL,
645 server,
646 AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
647 NULL, /* in_data */
648 NULL, /* in_creds */
649 ccache,
650 NULL,
651 NULL,
652 NULL);
653
654 krb5_free_principal(context, server);
655
656 if(ret) {
657 failed++;
658 krb5_warn(context, ret, "krb5_sendauth (%s)", host);
659 close(fd);
660 goto next_host;
661 }
662
663 pd.context = context;
664 pd.auth_context = auth_context;
665 pd.sock = fd;
666
667 ret = iterate (context, database_name, db, type, &pd);
668 if (ret) {
669 krb5_warnx(context, "iterate to host %s failed", host);
670 failed++;
671 goto next_host;
672 }
673
674 krb5_data_zero (&data);
675 ret = krb5_write_priv_message(context, auth_context, &fd, &data);
676 if(ret) {
677 krb5_warn(context, ret, "krb5_write_priv_message");
678 failed++;
679 goto next_host;
680 }
681
682 ret = krb5_read_priv_message(context, auth_context, &fd, &data);
683 if(ret) {
684 krb5_warn(context, ret, "krb5_read_priv_message: %s", host);
685 failed++;
686 goto next_host;
687 } else
688 krb5_data_free (&data);
689
690 next_host:
691 krb5_auth_con_free(context, auth_context);
692 close(fd);
693 }
694 if (failed)
695 return 1;
696 return 0;
697 }
698
699 int
700 main(int argc, char **argv)
701 {
702 krb5_error_code ret;
703 krb5_context context;
704 krb5_ccache ccache = NULL;
705 HDB *db = NULL;
706 int optidx = 0;
707
708 int type, exit_code;
709
710 setprogname(argv[0]);
711
712 if(getarg(args, num_args, argc, argv, &optidx))
713 usage(1);
714
715 if(help_flag)
716 usage(0);
717
718 if(version_flag){
719 print_version(NULL);
720 exit(0);
721 }
722
723 ret = krb5_init_context(&context);
724 if(ret)
725 exit(1);
726
727 /* We may be reading an old database encrypted with a DES master key. */
728 ret = krb5_allow_weak_crypto(context, 1);
729 if(ret)
730 krb5_err(context, 1, ret, "krb5_allow_weak_crypto");
731
732 if(local_realm)
733 krb5_set_default_realm(context, local_realm);
734
735 if(v4_realm == NULL) {
736 ret = krb5_get_default_realm(context, &v4_realm);
737 if(ret)
738 krb5_err(context, 1, ret, "krb5_get_default_realm");
739 }
740
741 if(afs_cell == NULL) {
742 afs_cell = strdup(v4_realm);
743 if(afs_cell == NULL)
744 krb5_errx(context, 1, "out of memory");
745 strlwr(afs_cell);
746 }
747
748
749 if(encrypt_flag && decrypt_flag)
750 krb5_errx(context, 1,
751 "only one of `--encrypt' and `--decrypt' is meaningful");
752
753 if(source_type != NULL) {
754 type = parse_source_type(source_type);
755 if(type == 0)
756 krb5_errx(context, 1, "unknown source type `%s'", source_type);
757 } else
758 type = HPROP_HEIMDAL;
759
760 if(!to_stdout)
761 get_creds(context, &ccache);
762
763 if(decrypt_flag || encrypt_flag) {
764 ret = hdb_read_master_key(context, mkeyfile, &mkey5);
765 if(ret && ret != ENOENT)
766 krb5_err(context, 1, ret, "hdb_read_master_key");
767 if(ret)
768 krb5_errx(context, 1, "No master key file found");
769 }
770
771 if (IS_TYPE_V4(type) && v4_realm == NULL)
772 krb5_errx(context, 1, "Its a Kerberos 4 database "
773 "but no realm configured");
774
775 switch(type) {
776 case HPROP_KASERVER:
777 if (database == NULL)
778 database = DEFAULT_DATABASE;
779 ka_use_null_salt = krb5_config_get_bool_default(context, NULL, FALSE,
780 "hprop",
781 "afs_uses_null_salt",
782 NULL);
783
784 break;
785 case HPROP_KRB4_DUMP:
786 if (database == NULL)
787 krb5_errx(context, 1, "no dump file specified");
788
789 break;
790 case HPROP_MIT_DUMP:
791 if (database == NULL)
792 krb5_errx(context, 1, "no dump file specified");
793 break;
794 case HPROP_HEIMDAL:
795 ret = hdb_create (context, &db, database);
796 if(ret)
797 krb5_err(context, 1, ret, "hdb_create: %s", database);
798 ret = db->hdb_open(context, db, O_RDONLY, 0);
799 if(ret)
800 krb5_err(context, 1, ret, "db->hdb_open");
801 break;
802 default:
803 krb5_errx(context, 1, "unknown dump type `%d'", type);
804 break;
805 }
806
807 if (to_stdout)
808 exit_code = dump_database (context, type, database, db);
809 else
810 exit_code = propagate_database (context, type, database,
811 db, ccache, optidx, argc, argv);
812
813 if(ccache != NULL)
814 krb5_cc_destroy(context, ccache);
815
816 if(db != NULL)
817 (*db->hdb_destroy)(context, db);
818
819 krb5_free_context(context);
820 return exit_code;
821 }
Heimdal