xref: /freebsd/crypto/krb5/src/tests/create/kdb5_mkdums.c (revision 7f2fe78b9dd5f51c821d771b63d2e096f6fd49e9)

/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/* tests/create/kdb5_mkdums.c */
/*
 * Copyright 1990,1991 by the Massachusetts Institute of Technology.
 * All Rights Reserved.
 *
 * Export of this software from the United States of America may
 *   require a specific license from the United States Government.
 *   It is the responsibility of any person or organization contemplating
 *   export to obtain such a license before exporting.
 *
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
 * distribute this software and its documentation for any purpose and
 * without fee is hereby granted, provided that the above copyright
 * notice appear in all copies and that both that copyright notice and
 * this permission notice appear in supporting documentation, and that
 * the name of M.I.T. not be used in advertising or publicity pertaining
 * to distribution of the software without specific, written prior
 * permission.  Furthermore if you modify this software you must label
 * your software as modified software and not distribute it in such a
 * fashion that it might be confused with the original M.I.T. software.
 * M.I.T. makes no representations about the suitability of
 * this software for any purpose.  It is provided "as is" without express
 * or implied warranty.
 */

/*
 *
 * Edit a KDC database.
 */

#include "k5-int.h"
#include "kdb.h"
#include "com_err.h"
#include <ss/ss.h>
#include <stdio.h>


#define REALM_SEP       '@'
#define REALM_SEP_STR   "@"

struct mblock {
    krb5_deltat max_life;
    krb5_deltat max_rlife;
    krb5_timestamp expiration;
    krb5_flags flags;
    krb5_kvno mkvno;
} mblock = {                            /* XXX */
    KRB5_KDB_MAX_LIFE,
    KRB5_KDB_MAX_RLIFE,
    KRB5_KDB_EXPIRATION,
    KRB5_KDB_DEF_FLAGS,
    1
};

int set_dbname_help (char *, char *);

static void
usage(who, status)
    char *who;
    int status;
{
    fprintf(stderr,
            "usage: %s -p prefix -n num_to_create [-d dbpathname] [-r realmname]\n",
            who);
    fprintf(stderr, "\t [-D depth] [-k enctype] [-M mkeyname]\n");

    exit(status);
}

int master_princ_set = 0;
krb5_keyblock master_keyblock;
krb5_principal master_princ;
krb5_pointer master_random;
krb5_context test_context;

static char *progname;
static char *cur_realm = 0;
static char *mkey_name = 0;
static char *mkey_password = 0;
static krb5_boolean manual_mkey = FALSE;

void add_princ (krb5_context, char *);

int
main(argc, argv)
    int argc;
    char *argv[];
{
    extern char *optarg;
    int optchar, i, n;
    char tmp[4096], tmp2[BUFSIZ], *str_newprinc;

    krb5_error_code retval;
    char *dbname = 0;
    int enctypedone = 0;
    int num_to_create;
    char principal_string[BUFSIZ];
    char *suffix = 0;
    size_t suffix_size = 0;
    int depth;

    krb5_init_context(&test_context);

    if (strrchr(argv[0], '/'))
        argv[0] = strrchr(argv[0], '/')+1;

    progname = argv[0];

    memset(principal_string, 0, sizeof(principal_string));
    num_to_create = 0;
    depth = 1;

    while ((optchar = getopt(argc, argv, "D:P:p:n:d:r:k:M:e:m")) != -1) {
        switch(optchar) {
        case 'D':
            depth = atoi(optarg);       /* how deep to go */
            break;
        case 'P':               /* Only used for testing!!! */
            mkey_password = optarg;
            break;
        case 'p':                       /* prefix name to create */
            strncpy(principal_string, optarg, sizeof(principal_string) - 1);
            principal_string[sizeof(principal_string) - 1] = '\0';
            suffix = principal_string + strlen(principal_string);
            suffix_size = sizeof(principal_string) -
                (suffix - principal_string);
            break;
        case 'n':                        /* how many to create */
            num_to_create = atoi(optarg);
            break;
        case 'd':                       /* set db name */
            dbname = optarg;
            break;
        case 'r':
            cur_realm = optarg;
            break;
        case 'k':
            master_keyblock.enctype = atoi(optarg);
            enctypedone++;
            break;
        case 'M':                       /* master key name in DB */
            mkey_name = optarg;
            break;
        case 'm':
            manual_mkey = TRUE;
            break;
        case '?':
        default:
            usage(progname, 1);
            /*NOTREACHED*/
        }
    }

    if (!(num_to_create && suffix)) usage(progname, 1);

    if (!enctypedone)
        master_keyblock.enctype = DEFAULT_KDC_ENCTYPE;

    if (!krb5_c_valid_enctype(master_keyblock.enctype)) {
        com_err(progname, KRB5_PROG_ETYPE_NOSUPP,
                "while setting up enctype %d", master_keyblock.enctype);
        exit(1);
    }

    if (!dbname)
        dbname = DEFAULT_KDB_FILE;      /* XXX? */

    if (!cur_realm) {
        if ((retval = krb5_get_default_realm(test_context, &cur_realm))) {
            com_err(progname, retval, "while retrieving default realm name");
            exit(1);
        }
    }
    if ((retval = set_dbname_help(progname, dbname)))
        exit(retval);

    for (n = 1; n <= num_to_create; n++) {
        /* build the new principal name */
        /* we can't pick random names because we need to generate all the names
           again given a prefix and count to test the db lib and kdb */
        (void) snprintf(suffix, suffix_size, "%d", n);
        (void) snprintf(tmp, sizeof(tmp), "%s-DEPTH-1", principal_string);
        tmp[sizeof(tmp) - 1] = '\0';
        str_newprinc = tmp;
        add_princ(test_context, str_newprinc);

        for (i = 2; i <= depth; i++) {
            (void) snprintf(tmp2, sizeof(tmp2), "/%s-DEPTH-%d",
                            principal_string, i);
            tmp2[sizeof(tmp2) - 1] = '\0';
            strncat(tmp, tmp2, sizeof(tmp) - 1 - strlen(tmp));
            str_newprinc = tmp;
            add_princ(test_context, str_newprinc);
        }
    }

    retval = krb5_db_fini(test_context);
    memset(master_keyblock.contents, 0,
           (size_t) master_keyblock.length);
    if (retval && retval != KRB5_KDB_DBNOTINITED) {
        com_err(progname, retval, "while closing database");
        exit(1);
    }
    if (master_princ_set)
        krb5_free_principal(test_context, master_princ);
    krb5_free_context(test_context);
    exit(0);
}

void
add_princ(context, str_newprinc)
    krb5_context          context;
    char                * str_newprinc;
{
    krb5_error_code       retval;
    krb5_principal        newprinc;
    krb5_db_entry         *newentry;
    char                  princ_name[4096];

    newentry = calloc(1, sizeof(*newentry));
    if (newentry == NULL) {
        com_err(progname, ENOMEM, "while allocating DB entry");
        return;
    }
    snprintf(princ_name, sizeof(princ_name), "%s@%s", str_newprinc, cur_realm);
    if ((retval = krb5_parse_name(context, princ_name, &newprinc))) {
        com_err(progname, retval, "while parsing '%s'", princ_name);
        return;
    }

    /* Add basic data */
    newentry->len = KRB5_KDB_V1_BASE_LENGTH;
    newentry->attributes = mblock.flags;
    newentry->max_life = mblock.max_life;
    newentry->max_renewable_life = mblock.max_rlife;
    newentry->expiration = mblock.expiration;
    newentry->pw_expiration = mblock.expiration;

    /* Add princ to db entry */
    if ((retval = krb5_copy_principal(context, newprinc, &newentry->princ))) {
        com_err(progname, retval, "while encoding princ to db entry for '%s'",
                princ_name);
        krb5_free_principal(context, newprinc);
        goto error;
    }

    {
        /* Add mod princ to db entry */
        krb5_timestamp now;

        retval = krb5_timeofday(context, &now);
        if (retval) {
            com_err(progname, retval, "while fetching date");
            krb5_free_principal(context, newprinc);
            goto error;
        }
        retval = krb5_dbe_update_mod_princ_data(context, newentry, now,
                                                master_princ);
        if (retval) {
            com_err(progname, retval, "while encoding mod_princ data");
            krb5_free_principal(context, newprinc);
            goto error;
        }
    }

    {   /* Add key and salt data to db entry */
        krb5_data pwd, salt;
        krb5_keyblock key;

        if ((retval = krb5_principal2salt(context, newprinc, &salt))) {
            com_err(progname, retval, "while converting princ to salt for '%s'",
                    princ_name);
            krb5_free_principal(context, newprinc);
            goto error;
        }

        krb5_free_principal(context, newprinc);

        pwd.length = strlen(princ_name);
        pwd.data = princ_name;  /* must be able to regenerate */
        if ((retval = krb5_c_string_to_key(context, master_keyblock.enctype,
                                           &pwd, &salt, &key))) {
            com_err(progname,retval,"while converting password to key for '%s'",
                    princ_name);
            krb5_free_data_contents(context, &salt);
            goto error;
        }
        krb5_free_data_contents(context, &salt);

        if ((retval = krb5_dbe_create_key_data(context, newentry))) {
            com_err(progname, retval, "while creating key_data for '%s'",
                    princ_name);
            free(key.contents);
            goto error;
        }

        if ((retval = krb5_dbe_encrypt_key_data(context, &master_keyblock,
                                                &key, NULL, 1,
                                                newentry->key_data))) {
            com_err(progname, retval, "while encrypting key for '%s'",
                    princ_name);
            free(key.contents);
            goto error;
        }
        free(key.contents);
    }

    if ((retval = krb5_db_put_principal(context, newentry))) {
        com_err(progname, retval, "while storing principal date");
        goto error;
    }

error: /* Do cleanup of newentry regardless of error */
    krb5_db_free_principal(context, newentry);
    return;
}

int
set_dbname_help(pname, dbname)
    char *pname;
    char *dbname;
{
    krb5_error_code retval;
    krb5_data pwd, scratch;
    char *args[2];
    krb5_db_entry *master_entry;

    /* assemble & parse the master key name */

    if ((retval = krb5_db_setup_mkey_name(test_context, mkey_name, cur_realm,
                                          0, &master_princ))) {
        com_err(pname, retval, "while setting up master key name");
        return(1);
    }
    master_princ_set = 1;
    if (mkey_password) {
        pwd.data = mkey_password;
        pwd.length = strlen(mkey_password);
        retval = krb5_principal2salt(test_context, master_princ, &scratch);
        if (retval) {
            com_err(pname, retval, "while calculated master key salt");
            return(1);
        }
        if ((retval = krb5_c_string_to_key(test_context,
                                           master_keyblock.enctype,
                                           &pwd, &scratch,
                                           &master_keyblock))) {
            com_err(pname, retval,
                    "while transforming master key from password");
            return(1);
        }
        free(scratch.data);
    } else {
        if ((retval = krb5_db_fetch_mkey(test_context, master_princ,
                                         master_keyblock.enctype, manual_mkey,
                                         FALSE, 0, NULL, NULL,
                                         &master_keyblock))) {
            com_err(pname, retval, "while reading master key");
            return(1);
        }
    }

    /* Ick!  Current DAL interface requires that the default_realm
       field be set in the krb5_context.  */
    if ((retval = krb5_set_default_realm(test_context, cur_realm))) {
        com_err(pname, retval, "setting default realm");
        return 1;
    }
    /* Pathname is passed to db2 via 'args' parameter.  */
    args[1] = NULL;
    if (asprintf(&args[0], "dbname=%s", dbname) < 0) {
        com_err(pname, errno, "while setting up db parameters");
        return 1;
    }

    if ((retval = krb5_db_open(test_context, args, KRB5_KDB_OPEN_RO))) {
        com_err(pname, retval, "while initializing database");
        return(1);
    }
    /* Done with args */
    free(args[0]);

    if ((retval = krb5_db_fetch_mkey_list(test_context, master_princ,
                                          &master_keyblock))){
        com_err(pname, retval, "while verifying master key");
        (void) krb5_db_fini(test_context);
        return(1);
    }
    if ((retval = krb5_db_get_principal(test_context, master_princ, 0,
                                        &master_entry))) {
        com_err(pname, retval, "while retrieving master entry");
        (void) krb5_db_fini(test_context);
        return(1);
    }

    mblock.max_life = master_entry->max_life;
    mblock.max_rlife = master_entry->max_renewable_life;
    mblock.expiration = master_entry->expiration;

    /* don't set flags, master has some extra restrictions */
    mblock.mkvno = master_entry->key_data[0].key_data_kvno;

    krb5_db_free_principal(test_context, master_entry);
    return 0;
}