1 /*
2 * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
3 * Use is subject to license terms.
4 */
5
6 #pragma ident "@(#)dump.c 1.9 04/09/08 SMI"
7
8 /*
9 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
10 *
11 * Openvision retains the copyright to derivative works of
12 * this source code. Do *NOT* create a derivative of this
13 * source code before consulting with your legal department.
14 * Do *NOT* integrate *ANY* of this source code into another
15 * product before consulting with your legal department.
16 *
17 * For further information, read the top-level Openvision
18 * copyright which is contained in the top-level MIT Kerberos
19 * copyright.
20 *
21 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
22 *
23 */
24
25
26 /*
109 #define ERROR(c)
110 #define RE_BUF_SIZE 1024
111 #include <regexp.h>
112 #endif /* !HAVE_REGCOMP && HAVE_REGEXP_H */
113
114 struct dump_args {
115 char *programname;
116 FILE *ofile;
117 krb5_context kcontext;
118 char **names;
119 int nnames;
120 int verbose;
121 };
122
123 static krb5_error_code dump_k5beta_iterator
124 PROTOTYPE((krb5_pointer,
125 krb5_db_entry *));
126 static krb5_error_code dump_k5beta6_iterator
127 PROTOTYPE((krb5_pointer,
128 krb5_db_entry *));
129 static krb5_error_code dump_k5beta7_princ
130 PROTOTYPE((krb5_pointer,
131 krb5_db_entry *));
132 static krb5_error_code dump_ov_princ
133 PROTOTYPE((krb5_pointer,
134 krb5_db_entry *));
135 static void dump_k5beta7_policy PROTOTYPE((void *, osa_policy_ent_t));
136
137 typedef
138 krb5_error_code(*dump_func) PROTOTYPE((krb5_pointer,
139 krb5_db_entry *));
140
141 static int process_k5beta_record
142 PROTOTYPE((char *, krb5_context,
143 FILE *, int, int *, void *));
144 static int process_k5beta6_record
145 PROTOTYPE((char *, krb5_context,
146 FILE *, int, int *, void *));
147 static int process_k5beta7_record
148 PROTOTYPE((char *, krb5_context,
149 FILE *, int, int *, void *));
150 static int process_ov_record
151 PROTOTYPE((char *, krb5_context,
174 process_k5beta_record,
175 };
176 dump_version beta6_version = {
177 "Kerberos version 5 beta 6 format",
178 "kdb5_edit load_dump version 3.0\n",
179 0,
180 1,
181 dump_k5beta6_iterator,
182 NULL,
183 process_k5beta6_record,
184 };
185 dump_version beta7_version = {
186 "Kerberos version 5",
187 "kdb5_util load_dump version 4\n",
188 0,
189 0,
190 dump_k5beta7_princ,
191 dump_k5beta7_policy,
192 process_k5beta7_record,
193 };
194 dump_version ov_version = {
195 "OpenV*Secure V1.0",
196 "OpenV*Secure V1.0\t",
197 1,
198 1,
199 dump_ov_princ,
200 dump_k5beta7_policy,
201 process_ov_record,
202 };
203
204 /* External data */
205 extern char *current_dbname;
206 extern krb5_boolean dbactive;
207 extern int exit_status;
208 extern krb5_context util_context;
209 extern kadm5_config_params global_params;
210
211 /* Strings */
212
213 static const char k5beta_dump_header[] = "kdb5_edit load_dump version 2.0\n";
337 static const char dbname_err_fmt[] =
338 gettext("%s: cannot set database name to %s (%s)\n");
339 static const char dbdelerr_fmt[] =
340 gettext("%s: cannot delete bad database %s (%s)\n");
341 static const char dbunlockerr_fmt[] =
342 gettext("%s: cannot unlock database %s (%s)\n");
343 static const char dbrenerr_fmt[] =
344 gettext("%s: cannot rename database %s to %s (%s)\n");
345 static const char dbcreaterr_fmt[] =
346 gettext("%s: cannot create database %s (%s)\n");
347 static const char dfile_err_fmt[] =
348 gettext("%s: cannot open %s (%s)\n");
349
350 /*
351 * We now return you to your regularly scheduled program.
352 */
353 #undef gettext
354
355 static const char oldoption[] = "-old";
356 static const char b6option[] = "-b6";
357 static const char verboseoption[] = "-verbose";
358 static const char updateoption[] = "-update";
359 static const char hashoption[] = "-hash";
360 static const char ovoption[] = "-ov";
361 static const char dump_tmptrail[] = "~";
362
363 /*
364 * Re-encrypt the key_data with the new master key...
365 */
366 krb5_error_code master_key_convert(context, db_entry)
367 krb5_context context;
368 krb5_db_entry * db_entry;
369 {
370 krb5_error_code retval;
371 krb5_keyblock v5plainkey, *key_ptr;
372 krb5_keysalt keysalt;
373 int i;
374 krb5_key_data new_key_data, *key_data;
375 krb5_boolean is_mkey;
376
938 fprintf(arg->ofile, "%02x",
939 entry->e_data[i]);
940 else
941 fprintf(arg->ofile, "%d", -1);
942
943 /* Print trailer */
944 fprintf(arg->ofile, ";\n");
945
946 if (arg->verbose)
947 fprintf(stderr, "%s\n", name);
948 } else {
949 fprintf(stderr, gettext(sdump_tl_inc_err),
950 arg->programname, name, counter + skip,
951 (int) entry->n_tl_data);
952 retval = EINVAL;
953 }
954 }
955 krb5_xfree(name);
956 return(retval);
957 }
958
959 /*
960 * dump_k5beta7_iterator() - Output a dump record in krb5b7 format.
961 */
962 static krb5_error_code
963 dump_k5beta7_princ(ptr, entry)
964 krb5_pointer ptr;
965 krb5_db_entry *entry;
966 {
967 krb5_error_code retval;
968 struct dump_args *arg;
969 char *name;
970 int tmp_nnames;
971
972 /* Initialize */
973 arg = (struct dump_args *) ptr;
974 name = (char *) NULL;
975
976 /*
977 * Flatten the principal name.
978 */
979 if ((retval = krb5_unparse_name(arg->kcontext,
983 arg->programname, error_message(retval));
984 return(retval);
985 }
986 /*
987 * If we don't have any match strings, or if our name matches, then
988 * proceed with the dump, otherwise, just forget about it.
989 */
990 if (!arg->nnames || name_matches(name, arg)) {
991 fprintf(arg->ofile, "princ\t");
992
993 /* save the callee from matching the name again */
994 tmp_nnames = arg->nnames;
995 arg->nnames = 0;
996 retval = dump_k5beta6_iterator(ptr, entry);
997 arg->nnames = tmp_nnames;
998 }
999 free(name);
1000 return (retval);
1001 }
1002
1003 void
1004 dump_k5beta7_policy(void *data, osa_policy_ent_t entry)
1005 {
1006 struct dump_args *arg;
1007
1008 arg = (struct dump_args *) data;
1009 fprintf(arg->ofile, "policy\t%s\t%d\t%d\t%d\t%d\t%d\t%d\n", entry->name,
1010 entry->pw_min_life, entry->pw_max_life, entry->pw_min_length,
1011 entry->pw_min_classes, entry->pw_history_num,
1012 entry->policy_refcnt);
1013 }
1014
1015 void
1016 print_key_data(FILE * f, krb5_key_data * key_data)
1017 {
1018 int c;
1019
1020 fprintf(f, "%d\t%d\t", key_data->key_data_type[0],
1021 key_data->key_data_length[0]);
1022 for(c = 0; c < key_data->key_data_length[0]; c++)
1127 /*
1128 * usage is:
1129 * dump_db [-i] [-old] [-b6] [-ov] [-verbose] [filename [principals...]]
1130 */
1131 void
1132 dump_db(argc, argv)
1133 int argc;
1134 char **argv;
1135 {
1136 FILE *f;
1137 struct dump_args arglist;
1138 int error;
1139 char *programname;
1140 char *ofile;
1141 krb5_error_code kret, retval;
1142 dump_version *dump;
1143 int aindex;
1144 krb5_boolean locked;
1145 extern osa_adb_policy_t policy_db;
1146 char *new_mkey_file = 0;
1147
1148 /*
1149 * Parse the arguments.
1150 */
1151 programname = argv[0];
1152 if (strrchr(programname, (int) '/'))
1153 programname = strrchr(argv[0], (int) '/') + 1;
1154 ofile = (char *) NULL;
1155 error = 0;
1156 dump = &beta7_version;
1157 arglist.verbose = 0;
1158 new_mkey_file = 0;
1159 mkey_convert = 0;
1160
1161 /*
1162 * Parse the qualifiers.
1163 */
1164 for (aindex = 1; aindex < argc; aindex++) {
1165 if (strcmp(argv[aindex], oldoption) == 0)
1166 dump = &old_version;
1167 else if (strcmp(argv[aindex], b6option) == 0)
1168 dump = &beta6_version;
1169 else if (strcmp(argv[aindex], ovoption) == 0)
1170 dump = &ov_version;
1171 else if (strcmp(argv[aindex], verboseoption) == 0)
1172 arglist.verbose++;
1173 else if (!strcmp(argv[aindex], "-mkey_convert"))
1174 mkey_convert = 1;
1175 else if (!strcmp(argv[aindex], "-new_mkey_file")) {
1176 new_mkey_file = argv[++aindex];
1177 mkey_convert = 1;
1178 } else
1179 break;
1180 }
1181
1182 arglist.names = (char **) NULL;
1183 arglist.nnames = 0;
1184 if (aindex < argc) {
1185 ofile = argv[aindex];
1186 aindex++;
1187 if (aindex < argc) {
1188 arglist.names = &argv[aindex];
1189 arglist.nnames = argc - aindex;
1190 }
1259 exit_status++;
1260 return;
1261 }
1262 if ((kret = krb5_lock_file(util_context,
1263 fileno(f),
1264 KRB5_LOCKMODE_EXCLUSIVE))) {
1265 fprintf(stderr, gettext(oflock_error),
1266 programname, ofile, error_message(kret));
1267 exit_status++;
1268 } else
1269 locked = 1;
1270 } else {
1271 f = stdout;
1272 }
1273 if (f && !(kret)) {
1274 arglist.programname = programname;
1275 arglist.ofile = f;
1276 arglist.kcontext = util_context;
1277 fprintf(arglist.ofile, "%s", dump->header);
1278
1279 if (dump->header[strlen(dump->header)-1] != '\n')
1280 fputc('\n', arglist.ofile);
1281
1282 if ((kret = krb5_dbm_db_iterate(util_context,
1283 dump->dump_princ,
1284 (krb5_pointer) &arglist))) {
1285 fprintf(stderr, gettext(dumprec_err),
1286 programname, dump->name, error_message(kret));
1287 exit_status++;
1288 }
1289 if (dump->dump_policy &&
1290 (kret = osa_adb_iter_policy(policy_db, dump->dump_policy,
1291 &arglist))) {
1292 fprintf(stderr, gettext(dumprec_err),
1293 programname, dump->name,
1294 error_message(kret));
1295 exit_status++;
1296 }
1297
1298 error:
1299 if (ofile && f != stdout && !exit_status) {
1300 fclose(f);
1301 update_ok_file(ofile);
1302 }
1303 }
1304 if (locked)
1305 (void) krb5_lock_file(util_context,
1306 fileno(f), KRB5_LOCKMODE_UNLOCK);
1307 }
2303 int argc;
2304 char **argv;
2305 {
2306 kadm5_config_params newparams;
2307 osa_adb_policy_t tmppol_db;
2308 krb5_error_code kret;
2309 krb5_context kcontext;
2310 FILE *f;
2311 extern char *optarg;
2312 extern int optind;
2313 char *programname;
2314 char *dumpfile;
2315 char *dbname;
2316 char *dbname_tmp;
2317 char buf[BUFSIZ];
2318 dump_version *load;
2319 int update, verbose;
2320 krb5_int32 crflags;
2321 int aindex;
2322 bool_t add_update = TRUE;
2323 uint32_t caller, last_sno, last_seconds, last_useconds;
2324
2325 /*
2326 * Parse the arguments.
2327 */
2328 programname = argv[0];
2329 if (strrchr(programname, (int) '/'))
2330 programname = strrchr(argv[0], (int) '/') + 1;
2331 dumpfile = (char *) NULL;
2332 dbname = global_params.dbname;
2333 load = NULL;
2334 update = 0;
2335 verbose = 0;
2336 crflags = KRB5_KDB_CREATE_BTREE;
2337 exit_status = 0;
2338 dbname_tmp = (char *) NULL;
2339 tmppol_db = NULL;
2340 for (aindex = 1; aindex < argc; aindex++) {
2341 if (strcmp(argv[aindex], oldoption) == 0)
2342 load = &old_version;
2343 else if (strcmp(argv[aindex], b6option) == 0)
2344 load = &beta6_version;
2345 else if (strcmp(argv[aindex], ovoption) == 0)
2346 load = &ov_version;
2347 } else if (strcmp(argv[aindex], verboseoption) == 0)
2348 verbose = 1;
2349 else if (strcmp(argv[aindex], updateoption) == 0)
2350 update = 1;
2351 else if (!strcmp(argv[aindex], hashoption))
2352 crflags = KRB5_KDB_CREATE_HASH;
2353 else
2354 break;
2355 }
2356 if ((argc - aindex) != 1) {
2357 usage();
2358 return;
2359 }
2360 dumpfile = argv[aindex];
2361
2362 if (!(dbname_tmp = (char *) malloc(strlen(dbname)+
2363 strlen(dump_tmptrail)+1))) {
2364 fprintf(stderr, gettext(no_name_mem_fmt), argv[0]);
2365 exit_status++;
2366 return;
2367 }
2368 strcpy(dbname_tmp, dbname);
2369 strcat(dbname_tmp, dump_tmptrail);
2370
2371 /*
2372 * Initialize the Kerberos context and error tables.
2373 */
2374 if ((kret = krb5_init_context(&kcontext))) {
2375 fprintf(stderr, gettext(ctx_err_fmt), programname);
2376 free(dbname_tmp);
2377 exit_status++;
2378 return;
2379 }
2380 /*
2381 * Open the dumpfile
2382 */
2383 if (dumpfile) {
2384 if ((f = fopen(dumpfile, "r+")) == NULL) {
2385 fprintf(stderr, gettext(dfile_err_fmt),
2386 programname, dumpfile,
2387 error_message(errno));
2388 exit_status++;
2389 return;
2390 }
2391 if ((kret = krb5_lock_file(kcontext, fileno(f),
2392 KRB5_LOCKMODE_SHARED))) {
2393 fprintf(stderr, gettext("%s: Cannot lock %s: %s\n"), programname,
2394 dumpfile, error_message(errno));
2395 exit_status++;
2396 return;
2397 }
2398 } else
2399 f = stdin;
2523 * Initialize the database.
2524 */
2525 if ((kret = krb5_db_init(kcontext))) {
2526 fprintf(stderr, gettext(dbinit_err_fmt),
2527 programname, error_message(kret));
2528 exit_status++;
2529 goto error;
2530 }
2531 /*
2532 * grab an extra lock, since there are no other users
2533 */
2534 if (!update) {
2535 kret = krb5_db_lock(kcontext, KRB5_LOCKMODE_EXCLUSIVE);
2536 if (kret) {
2537 fprintf(stderr, gettext(dblock_err_fmt),
2538 programname, error_message(kret));
2539 exit_status++;
2540 goto error;
2541 }
2542 }
2543
2544 if (restore_dump(programname, kcontext,
2545 (dumpfile) ? dumpfile : stdin_name,
2546 f, verbose, load, tmppol_db)) {
2547 fprintf(stderr, gettext(restfail_fmt),
2548 programname, load->name);
2549 exit_status++;
2550 }
2551 if (!update && (kret = krb5_db_unlock(kcontext))) {
2552 /* change this error? */
2553 fprintf(stderr, gettext(dbunlockerr_fmt),
2554 programname, dbname_tmp, error_message(kret));
2555 exit_status++;
2556 }
2557 if ((kret = krb5_db_fini(kcontext))) {
2558 fprintf(stderr, gettext(close_err_fmt),
2559 programname, error_message(kret));
2560 exit_status++;
2561 }
2562
|
1 /*
2 * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
3 * Use is subject to license terms.
4 */
5
6 #pragma ident "@(#)dump.c 1.8 04/05/04 SMI"
7
8 /*
9 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
10 *
11 * Openvision retains the copyright to derivative works of
12 * this source code. Do *NOT* create a derivative of this
13 * source code before consulting with your legal department.
14 * Do *NOT* integrate *ANY* of this source code into another
15 * product before consulting with your legal department.
16 *
17 * For further information, read the top-level Openvision
18 * copyright which is contained in the top-level MIT Kerberos
19 * copyright.
20 *
21 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
22 *
23 */
24
25
26 /*
109 #define ERROR(c)
110 #define RE_BUF_SIZE 1024
111 #include <regexp.h>
112 #endif /* !HAVE_REGCOMP && HAVE_REGEXP_H */
113
114 struct dump_args {
115 char *programname;
116 FILE *ofile;
117 krb5_context kcontext;
118 char **names;
119 int nnames;
120 int verbose;
121 };
122
123 static krb5_error_code dump_k5beta_iterator
124 PROTOTYPE((krb5_pointer,
125 krb5_db_entry *));
126 static krb5_error_code dump_k5beta6_iterator
127 PROTOTYPE((krb5_pointer,
128 krb5_db_entry *));
129 static krb5_error_code dump_iprop_iterator
130 PROTOTYPE((krb5_pointer,
131 krb5_db_entry *));
132 static krb5_error_code dump_k5beta7_princ
133 PROTOTYPE((krb5_pointer,
134 krb5_db_entry *));
135 static krb5_error_code dump_iprop_princ
136 PROTOTYPE((krb5_pointer,
137 krb5_db_entry *));
138 static krb5_error_code dump_ov_princ
139 PROTOTYPE((krb5_pointer,
140 krb5_db_entry *));
141 static void dump_k5beta7_policy PROTOTYPE((void *, osa_policy_ent_t));
142
143 typedef
144 krb5_error_code(*dump_func) PROTOTYPE((krb5_pointer,
145 krb5_db_entry *));
146
147 static int process_k5beta_record
148 PROTOTYPE((char *, krb5_context,
149 FILE *, int, int *, void *));
150 static int process_k5beta6_record
151 PROTOTYPE((char *, krb5_context,
152 FILE *, int, int *, void *));
153 static int process_k5beta7_record
154 PROTOTYPE((char *, krb5_context,
155 FILE *, int, int *, void *));
156 static int process_ov_record
157 PROTOTYPE((char *, krb5_context,
180 process_k5beta_record,
181 };
182 dump_version beta6_version = {
183 "Kerberos version 5 beta 6 format",
184 "kdb5_edit load_dump version 3.0\n",
185 0,
186 1,
187 dump_k5beta6_iterator,
188 NULL,
189 process_k5beta6_record,
190 };
191 dump_version beta7_version = {
192 "Kerberos version 5",
193 "kdb5_util load_dump version 4\n",
194 0,
195 0,
196 dump_k5beta7_princ,
197 dump_k5beta7_policy,
198 process_k5beta7_record,
199 };
200 dump_version iprop_version = {
201 "Kerberos iprop version",
202 "iprop",
203 0,
204 0,
205 dump_iprop_princ,
206 dump_k5beta7_policy,
207 process_k5beta7_record,
208 };
209 dump_version ov_version = {
210 "OpenV*Secure V1.0",
211 "OpenV*Secure V1.0\t",
212 1,
213 1,
214 dump_ov_princ,
215 dump_k5beta7_policy,
216 process_ov_record,
217 };
218
219 /* External data */
220 extern char *current_dbname;
221 extern krb5_boolean dbactive;
222 extern int exit_status;
223 extern krb5_context util_context;
224 extern kadm5_config_params global_params;
225
226 /* Strings */
227
228 static const char k5beta_dump_header[] = "kdb5_edit load_dump version 2.0\n";
352 static const char dbname_err_fmt[] =
353 gettext("%s: cannot set database name to %s (%s)\n");
354 static const char dbdelerr_fmt[] =
355 gettext("%s: cannot delete bad database %s (%s)\n");
356 static const char dbunlockerr_fmt[] =
357 gettext("%s: cannot unlock database %s (%s)\n");
358 static const char dbrenerr_fmt[] =
359 gettext("%s: cannot rename database %s to %s (%s)\n");
360 static const char dbcreaterr_fmt[] =
361 gettext("%s: cannot create database %s (%s)\n");
362 static const char dfile_err_fmt[] =
363 gettext("%s: cannot open %s (%s)\n");
364
365 /*
366 * We now return you to your regularly scheduled program.
367 */
368 #undef gettext
369
370 static const char oldoption[] = "-old";
371 static const char b6option[] = "-b6";
372 static const char ipropoption[] = "-i";
373 static const char verboseoption[] = "-verbose";
374 static const char updateoption[] = "-update";
375 static const char hashoption[] = "-hash";
376 static const char ovoption[] = "-ov";
377 static const char dump_tmptrail[] = "~";
378
379 /*
380 * Re-encrypt the key_data with the new master key...
381 */
382 krb5_error_code master_key_convert(context, db_entry)
383 krb5_context context;
384 krb5_db_entry * db_entry;
385 {
386 krb5_error_code retval;
387 krb5_keyblock v5plainkey, *key_ptr;
388 krb5_keysalt keysalt;
389 int i;
390 krb5_key_data new_key_data, *key_data;
391 krb5_boolean is_mkey;
392
954 fprintf(arg->ofile, "%02x",
955 entry->e_data[i]);
956 else
957 fprintf(arg->ofile, "%d", -1);
958
959 /* Print trailer */
960 fprintf(arg->ofile, ";\n");
961
962 if (arg->verbose)
963 fprintf(stderr, "%s\n", name);
964 } else {
965 fprintf(stderr, gettext(sdump_tl_inc_err),
966 arg->programname, name, counter + skip,
967 (int) entry->n_tl_data);
968 retval = EINVAL;
969 }
970 }
971 krb5_xfree(name);
972 return(retval);
973 }
974 /*
975 * dump_iprop_iterator() - Output a dump record in iprop format.
976 */
977 static krb5_error_code
978 dump_iprop_iterator(ptr, entry)
979 krb5_pointer ptr;
980 krb5_db_entry *entry;
981 {
982 krb5_error_code retval;
983 struct dump_args *arg;
984 char *name;
985 krb5_tl_data *tlp;
986 krb5_key_data *kdata;
987 int counter, i, j;
988
989 /* Initialize */
990 arg = (struct dump_args *) ptr;
991 name = (char *) NULL;
992
993 /*
994 * Flatten the principal name.
995 */
996 if ((retval = krb5_unparse_name(arg->kcontext,
997 entry->princ,
998 &name))) {
999 fprintf(stderr, gettext(pname_unp_err),
1000 arg->programname, error_message(retval));
1001 return(retval);
1002 }
1003
1004 /*
1005 * Re-encode the keys in the new master key, if necessary.
1006 */
1007 if (mkey_convert) {
1008 retval = master_key_convert(arg->kcontext, entry);
1009 if (retval) {
1010 com_err(arg->programname, retval, remaster_err_fmt, name);
1011 return retval;
1012 }
1013 }
1014
1015 /*
1016 * If we don't have any match strings, or if our name matches, then
1017 * proceed with the dump, otherwise, just forget about it.
1018 */
1019 if (!arg->nnames || name_matches(name, arg)) {
1020 /*
1021 * We'd like to just blast out the contents as they would
1022 * appear in the database so that we can just suck it back
1023 * in, but it doesn't lend itself to easy editing.
1024 */
1025
1026 /*
1027 * The dump format is as follows: len strlen(name)
1028 * n_tl_data n_key_data e_length name attributes max_life
1029 * max_renewable_life expiration pw_expiration last_success
1030 * last_failed fail_auth_count n_tl_data*[type length
1031 * <contents>] n_key_data*[ver kvno ver*(type length
1032 * <contents>)] <e_data> Fields which are not encapsulated
1033 * by angle-brackets are to appear verbatim. Bracketed
1034 * fields absence is indicated by a -1 in its place
1035 */
1036
1037 /*
1038 * Make sure that the tagged list is reasonably correct.
1039 */
1040 counter = 0;
1041 for (tlp = entry->tl_data; tlp; tlp = tlp->tl_data_next)
1042 counter++;
1043
1044 if (counter == entry->n_tl_data) {
1045 /* Pound out header */
1046 fprintf(arg->ofile, "%d\t%d\t%d\t%d\t%d\t%s\t",
1047 (int) entry->len,
1048 strlen(name),
1049 (int) entry->n_tl_data,
1050 (int) entry->n_key_data,
1051 (int) entry->e_length,
1052 name);
1053 fprintf(arg->ofile, "%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t",
1054 entry->attributes,
1055 entry->max_life,
1056 entry->max_renewable_life,
1057 entry->expiration,
1058 entry->pw_expiration,
1059 entry->last_success,
1060 entry->last_failed,
1061 entry->fail_auth_count);
1062 /* Pound out tagged data. */
1063 for (tlp = entry->tl_data; tlp;
1064 tlp = tlp->tl_data_next) {
1065 fprintf(arg->ofile, "%d\t%d\t",
1066 (int) tlp->tl_data_type,
1067 (int) tlp->tl_data_length);
1068 if (tlp->tl_data_length)
1069 for (i = 0;
1070 i < tlp->tl_data_length;
1071 i++)
1072 fprintf(arg->ofile, "%02x",
1073 tlp->
1074 tl_data_contents[i]);
1075 else
1076 fprintf(arg->ofile, "%d", -1);
1077 fprintf(arg->ofile, "\t");
1078 }
1079
1080 /* Pound out key data */
1081 for (counter = 0;
1082 counter < entry->n_key_data; counter++) {
1083 kdata = &entry->key_data[counter];
1084 fprintf(arg->ofile, "%d\t%d\t",
1085 (int) kdata->key_data_ver,
1086 (int) kdata->key_data_kvno);
1087 for (i=0; i<kdata->key_data_ver; i++) {
1088 fprintf(arg->ofile, "%d\t%d\t",
1089 kdata->key_data_type[i],
1090 kdata->key_data_length[i]);
1091 if (kdata->key_data_length[i])
1092 for (j = 0;
1093 j < kdata->
1094 key_data_length[i];
1095 j++)
1096 fprintf(arg->ofile,
1097 "%02x",
1098 kdata->
1099 key_data_contents
1100 [i][j]);
1101 else
1102 fprintf(arg->ofile, "%d", -1);
1103 fprintf(arg->ofile, "\t");
1104 }
1105 }
1106
1107 /* Pound out extra data */
1108 if (entry->e_length)
1109 for (i=0; i<entry->e_length; i++)
1110 fprintf(arg->ofile, "%02x",
1111 entry->e_data[i]);
1112 else
1113 fprintf(arg->ofile, "%d", -1);
1114
1115 /* Print trailer */
1116 fprintf(arg->ofile, ";\n");
1117
1118 if (arg->verbose)
1119 fprintf(stderr, "%s\n", name);
1120 } else {
1121 fprintf(stderr, gettext(sdump_tl_inc_err),
1122 arg->programname, name, counter,
1123 (int) entry->n_tl_data);
1124 retval = EINVAL;
1125 }
1126 }
1127 krb5_xfree(name);
1128 return(retval);
1129 }
1130
1131 /*
1132 * dump_k5beta7_iterator() - Output a dump record in krb5b7 format.
1133 */
1134 static krb5_error_code
1135 dump_k5beta7_princ(ptr, entry)
1136 krb5_pointer ptr;
1137 krb5_db_entry *entry;
1138 {
1139 krb5_error_code retval;
1140 struct dump_args *arg;
1141 char *name;
1142 int tmp_nnames;
1143
1144 /* Initialize */
1145 arg = (struct dump_args *) ptr;
1146 name = (char *) NULL;
1147
1148 /*
1149 * Flatten the principal name.
1150 */
1151 if ((retval = krb5_unparse_name(arg->kcontext,
1155 arg->programname, error_message(retval));
1156 return(retval);
1157 }
1158 /*
1159 * If we don't have any match strings, or if our name matches, then
1160 * proceed with the dump, otherwise, just forget about it.
1161 */
1162 if (!arg->nnames || name_matches(name, arg)) {
1163 fprintf(arg->ofile, "princ\t");
1164
1165 /* save the callee from matching the name again */
1166 tmp_nnames = arg->nnames;
1167 arg->nnames = 0;
1168 retval = dump_k5beta6_iterator(ptr, entry);
1169 arg->nnames = tmp_nnames;
1170 }
1171 free(name);
1172 return (retval);
1173 }
1174
1175 /*
1176 * dump_iprop_princ() - Output a dump record in iprop format.
1177 * This was created in order to dump more data, such as kadm5 tl
1178 */
1179 static krb5_error_code
1180 dump_iprop_princ(ptr, entry)
1181 krb5_pointer ptr;
1182 krb5_db_entry *entry;
1183 {
1184 krb5_error_code retval;
1185 struct dump_args *arg;
1186 char *name;
1187 int tmp_nnames;
1188
1189 /* Initialize */
1190 arg = (struct dump_args *) ptr;
1191 name = (char *) NULL;
1192
1193 /*
1194 * Flatten the principal name.
1195 */
1196 if ((retval = krb5_unparse_name(arg->kcontext,
1197 entry->princ,
1198 &name))) {
1199 fprintf(stderr, gettext(pname_unp_err),
1200 arg->programname, error_message(retval));
1201 return(retval);
1202 }
1203 /*
1204 * If we don't have any match strings, or if our name matches, then
1205 * proceed with the dump, otherwise, just forget about it.
1206 */
1207 if (!arg->nnames || name_matches(name, arg)) {
1208 fprintf(arg->ofile, "princ\t");
1209
1210 /* save the callee from matching the name again */
1211 tmp_nnames = arg->nnames;
1212 arg->nnames = 0;
1213 retval = dump_iprop_iterator(ptr, entry);
1214 arg->nnames = tmp_nnames;
1215 }
1216 free(name);
1217 return (retval);
1218 }
1219 void
1220 dump_k5beta7_policy(void *data, osa_policy_ent_t entry)
1221 {
1222 struct dump_args *arg;
1223
1224 arg = (struct dump_args *) data;
1225 fprintf(arg->ofile, "policy\t%s\t%d\t%d\t%d\t%d\t%d\t%d\n", entry->name,
1226 entry->pw_min_life, entry->pw_max_life, entry->pw_min_length,
1227 entry->pw_min_classes, entry->pw_history_num,
1228 entry->policy_refcnt);
1229 }
1230
1231 void
1232 print_key_data(FILE * f, krb5_key_data * key_data)
1233 {
1234 int c;
1235
1236 fprintf(f, "%d\t%d\t", key_data->key_data_type[0],
1237 key_data->key_data_length[0]);
1238 for(c = 0; c < key_data->key_data_length[0]; c++)
1343 /*
1344 * usage is:
1345 * dump_db [-i] [-old] [-b6] [-ov] [-verbose] [filename [principals...]]
1346 */
1347 void
1348 dump_db(argc, argv)
1349 int argc;
1350 char **argv;
1351 {
1352 FILE *f;
1353 struct dump_args arglist;
1354 int error;
1355 char *programname;
1356 char *ofile;
1357 krb5_error_code kret, retval;
1358 dump_version *dump;
1359 int aindex;
1360 krb5_boolean locked;
1361 extern osa_adb_policy_t policy_db;
1362 char *new_mkey_file = 0;
1363 bool_t dump_sno = FALSE;
1364 kdb_log_context *log_ctx;
1365
1366 /*
1367 * Parse the arguments.
1368 */
1369 programname = argv[0];
1370 if (strrchr(programname, (int) '/'))
1371 programname = strrchr(argv[0], (int) '/') + 1;
1372 ofile = (char *) NULL;
1373 error = 0;
1374 dump = &beta7_version;
1375 arglist.verbose = 0;
1376 new_mkey_file = 0;
1377 mkey_convert = 0;
1378 log_ctx = util_context->kdblog_context;
1379
1380 /*
1381 * Parse the qualifiers.
1382 */
1383 for (aindex = 1; aindex < argc; aindex++) {
1384 if (strcmp(argv[aindex], oldoption) == 0)
1385 dump = &old_version;
1386 else if (strcmp(argv[aindex], b6option) == 0)
1387 dump = &beta6_version;
1388 else if (strcmp(argv[aindex], ovoption) == 0)
1389 dump = &ov_version;
1390 else if (!strcmp(argv[aindex], ipropoption)) {
1391 if (log_ctx && log_ctx->iproprole) {
1392 dump = &iprop_version;
1393 /*
1394 * dump_sno is used to indicate if the serial
1395 * # should be populated in the output
1396 * file to be used later by iprop for updating
1397 * the slave's update log when loading
1398 */
1399 dump_sno = TRUE;
1400 } else {
1401 fprintf(stderr, gettext("Iprop not enabled\n"));
1402 exit_status++;
1403 return;
1404 }
1405 }
1406 else if (strcmp(argv[aindex], verboseoption) == 0)
1407 arglist.verbose++;
1408 else if (!strcmp(argv[aindex], "-mkey_convert"))
1409 mkey_convert = 1;
1410 else if (!strcmp(argv[aindex], "-new_mkey_file")) {
1411 new_mkey_file = argv[++aindex];
1412 mkey_convert = 1;
1413 } else
1414 break;
1415 }
1416
1417 arglist.names = (char **) NULL;
1418 arglist.nnames = 0;
1419 if (aindex < argc) {
1420 ofile = argv[aindex];
1421 aindex++;
1422 if (aindex < argc) {
1423 arglist.names = &argv[aindex];
1424 arglist.nnames = argc - aindex;
1425 }
1494 exit_status++;
1495 return;
1496 }
1497 if ((kret = krb5_lock_file(util_context,
1498 fileno(f),
1499 KRB5_LOCKMODE_EXCLUSIVE))) {
1500 fprintf(stderr, gettext(oflock_error),
1501 programname, ofile, error_message(kret));
1502 exit_status++;
1503 } else
1504 locked = 1;
1505 } else {
1506 f = stdout;
1507 }
1508 if (f && !(kret)) {
1509 arglist.programname = programname;
1510 arglist.ofile = f;
1511 arglist.kcontext = util_context;
1512 fprintf(arglist.ofile, "%s", dump->header);
1513
1514 if (dump_sno) {
1515 if (ulog_map(util_context, &global_params, FKCOMMAND)) {
1516 fprintf(stderr,
1517 gettext("%s: Could not map log\n"), programname);
1518 exit_status++;
1519 goto error;
1520 }
1521
1522 /*
1523 * We grab the lock twice (once again in the iterator call),
1524 * but that's ok since the lock func handles incr locks held.
1525 */
1526 if (krb5_db_lock(util_context, KRB5_LOCKMODE_SHARED)) {
1527 fprintf(stderr,
1528 gettext("%s: Couldn't grab lock\n"), programname);
1529 exit_status++;
1530 goto error;
1531 }
1532
1533 fprintf(f, " %u", log_ctx->ulog->kdb_last_sno);
1534 fprintf(f, " %u", log_ctx->ulog->kdb_last_time.seconds);
1535 fprintf(f, " %u", log_ctx->ulog->kdb_last_time.useconds);
1536 }
1537
1538 if (dump->header[strlen(dump->header)-1] != '\n')
1539 fputc('\n', arglist.ofile);
1540
1541 if ((kret = krb5_dbm_db_iterate(util_context,
1542 dump->dump_princ,
1543 (krb5_pointer) &arglist))) {
1544 fprintf(stderr, gettext(dumprec_err),
1545 programname, dump->name, error_message(kret));
1546 exit_status++;
1547 if (dump_sno)
1548 (void) krb5_db_unlock(util_context);
1549 }
1550 if (dump->dump_policy &&
1551 (kret = osa_adb_iter_policy(policy_db, dump->dump_policy,
1552 &arglist))) {
1553 fprintf(stderr, gettext(dumprec_err),
1554 programname, dump->name,
1555 error_message(kret));
1556 exit_status++;
1557 }
1558
1559 error:
1560 if (ofile && f != stdout && !exit_status) {
1561 fclose(f);
1562 update_ok_file(ofile);
1563 }
1564 }
1565 if (locked)
1566 (void) krb5_lock_file(util_context,
1567 fileno(f), KRB5_LOCKMODE_UNLOCK);
1568 }
2564 int argc;
2565 char **argv;
2566 {
2567 kadm5_config_params newparams;
2568 osa_adb_policy_t tmppol_db;
2569 krb5_error_code kret;
2570 krb5_context kcontext;
2571 FILE *f;
2572 extern char *optarg;
2573 extern int optind;
2574 char *programname;
2575 char *dumpfile;
2576 char *dbname;
2577 char *dbname_tmp;
2578 char buf[BUFSIZ];
2579 dump_version *load;
2580 int update, verbose;
2581 krb5_int32 crflags;
2582 int aindex;
2583 bool_t add_update = TRUE;
2584 char iheader[MAX_HEADER];
2585 uint32_t caller, last_sno, last_seconds, last_useconds;
2586 kdb_log_context *log_ctx;
2587
2588 /*
2589 * Parse the arguments.
2590 */
2591 programname = argv[0];
2592 if (strrchr(programname, (int) '/'))
2593 programname = strrchr(argv[0], (int) '/') + 1;
2594 dumpfile = (char *) NULL;
2595 dbname = global_params.dbname;
2596 load = NULL;
2597 update = 0;
2598 verbose = 0;
2599 crflags = KRB5_KDB_CREATE_BTREE;
2600 exit_status = 0;
2601 dbname_tmp = (char *) NULL;
2602 tmppol_db = NULL;
2603 log_ctx = util_context->kdblog_context;
2604
2605 for (aindex = 1; aindex < argc; aindex++) {
2606 if (strcmp(argv[aindex], oldoption) == 0)
2607 load = &old_version;
2608 else if (strcmp(argv[aindex], b6option) == 0)
2609 load = &beta6_version;
2610 else if (strcmp(argv[aindex], ovoption) == 0)
2611 load = &ov_version;
2612 else if (!strcmp(argv[aindex], ipropoption)) {
2613 if (log_ctx && log_ctx->iproprole) {
2614 load = &iprop_version;
2615 add_update = FALSE;
2616 } else {
2617 fprintf(stderr, gettext("Iprop not enabled\n"));
2618 exit_status++;
2619 return;
2620 }
2621 } else if (strcmp(argv[aindex], verboseoption) == 0)
2622 verbose = 1;
2623 else if (strcmp(argv[aindex], updateoption) == 0)
2624 update = 1;
2625 else if (!strcmp(argv[aindex], hashoption))
2626 crflags = KRB5_KDB_CREATE_HASH;
2627 else
2628 break;
2629 }
2630 if ((argc - aindex) != 1) {
2631 usage();
2632 return;
2633 }
2634 dumpfile = argv[aindex];
2635
2636 if (!(dbname_tmp = (char *) malloc(strlen(dbname)+
2637 strlen(dump_tmptrail)+1))) {
2638 fprintf(stderr, gettext(no_name_mem_fmt), argv[0]);
2639 exit_status++;
2640 return;
2641 }
2642 strcpy(dbname_tmp, dbname);
2643 strcat(dbname_tmp, dump_tmptrail);
2644
2645 /*
2646 * Initialize the Kerberos context and error tables.
2647 */
2648 if ((kret = krb5_init_context(&kcontext))) {
2649 fprintf(stderr, gettext(ctx_err_fmt), programname);
2650 free(dbname_tmp);
2651 exit_status++;
2652 return;
2653 }
2654
2655 if (log_ctx && log_ctx->iproprole)
2656 kcontext->kdblog_context = (void *)log_ctx;
2657
2658 /*
2659 * Open the dumpfile
2660 */
2661 if (dumpfile) {
2662 if ((f = fopen(dumpfile, "r+")) == NULL) {
2663 fprintf(stderr, gettext(dfile_err_fmt),
2664 programname, dumpfile,
2665 error_message(errno));
2666 exit_status++;
2667 return;
2668 }
2669 if ((kret = krb5_lock_file(kcontext, fileno(f),
2670 KRB5_LOCKMODE_SHARED))) {
2671 fprintf(stderr, gettext("%s: Cannot lock %s: %s\n"), programname,
2672 dumpfile, error_message(errno));
2673 exit_status++;
2674 return;
2675 }
2676 } else
2677 f = stdin;
2801 * Initialize the database.
2802 */
2803 if ((kret = krb5_db_init(kcontext))) {
2804 fprintf(stderr, gettext(dbinit_err_fmt),
2805 programname, error_message(kret));
2806 exit_status++;
2807 goto error;
2808 }
2809 /*
2810 * grab an extra lock, since there are no other users
2811 */
2812 if (!update) {
2813 kret = krb5_db_lock(kcontext, KRB5_LOCKMODE_EXCLUSIVE);
2814 if (kret) {
2815 fprintf(stderr, gettext(dblock_err_fmt),
2816 programname, error_message(kret));
2817 exit_status++;
2818 goto error;
2819 }
2820 }
2821
2822 if (log_ctx && log_ctx->iproprole) {
2823 if (add_update)
2824 caller = FKCOMMAND;
2825 else
2826 caller = FKPROPD;
2827
2828 if (ulog_map(kcontext, &global_params, caller)) {
2829 fprintf(stderr,
2830 gettext("%s: Could not map log\n"),
2831 programname);
2832 exit_status++;
2833 goto error;
2834 }
2835
2836 /*
2837 * We don't want to take out the ulog out from underneath
2838 * kadmind so we reinit the header log.
2839 *
2840 * We also don't want to add to the update log since we
2841 * are doing a whole sale replace of the db, because:
2842 * we could easily exceed # of update entries
2843 * we could implicity delete db entries during a replace
2844 * no advantage in incr updates when entire db is replaced
2845 */
2846 if (!update) {
2847 memset(log_ctx->ulog, 0, sizeof (kdb_hlog_t));
2848
2849 log_ctx->ulog->kdb_hmagic = KDB_HMAGIC;
2850 log_ctx->ulog->db_version_num = KDB_VERSION;
2851 log_ctx->ulog->kdb_state = KDB_STABLE;
2852 log_ctx->ulog->kdb_block = ULOG_BLOCK;
2853
2854 log_ctx->iproprole = IPROP_NULL;
2855
2856 if (!add_update) {
2857 sscanf(buf, "%s %u %u %u", iheader, &last_sno,
2858 &last_seconds, &last_useconds);
2859
2860 log_ctx->ulog->kdb_last_sno = last_sno;
2861 log_ctx->ulog->kdb_last_time.seconds =
2862 last_seconds;
2863 log_ctx->ulog->kdb_last_time.useconds =
2864 last_useconds;
2865 }
2866 }
2867 }
2868
2869 if (restore_dump(programname, kcontext,
2870 (dumpfile) ? dumpfile : stdin_name,
2871 f, verbose, load, tmppol_db)) {
2872 fprintf(stderr, gettext(restfail_fmt),
2873 programname, load->name);
2874 exit_status++;
2875 }
2876 if (!update && (kret = krb5_db_unlock(kcontext))) {
2877 /* change this error? */
2878 fprintf(stderr, gettext(dbunlockerr_fmt),
2879 programname, dbname_tmp, error_message(kret));
2880 exit_status++;
2881 }
2882 if ((kret = krb5_db_fini(kcontext))) {
2883 fprintf(stderr, gettext(close_err_fmt),
2884 programname, error_message(kret));
2885 exit_status++;
2886 }
2887
|