diff options
author | Robbie Harwood <rharwood@redhat.com> | 2019-01-22 18:34:58 -0500 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2019-04-17 12:41:50 -0400 |
commit | 23b93fd48bc445005436c5be98a7269b599b1800 (patch) | |
tree | e97873387d8bb6606533297037485c1fb1f67782 /src/kadmin | |
parent | 482a366793d9338e9edb504b407d7704a4bb2f8f (diff) | |
download | krb5-23b93fd48bc445005436c5be98a7269b599b1800.zip krb5-23b93fd48bc445005436c5be98a7269b599b1800.tar.gz krb5-23b93fd48bc445005436c5be98a7269b599b1800.tar.bz2 |
Remove ovsec_adm_export dump format support
Dumping only suported single-DES principals. While importing still
functioned, it would only have been useful for extremely old (1.3-era)
KDCs.
ticket: 8798 (new)
Diffstat (limited to 'src/kadmin')
-rw-r--r-- | src/kadmin/dbutil/dump.c | 109 | ||||
-rw-r--r-- | src/kadmin/dbutil/kdb5_util.c | 4 |
2 files changed, 8 insertions, 105 deletions
diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c index c9574c6..301e347 100644 --- a/src/kadmin/dbutil/dump.c +++ b/src/kadmin/dbutil/dump.c @@ -475,83 +475,6 @@ dump_r1_11_policy(void *data, osa_policy_ent_t entry) fprintf(arg->ofile, "\n"); } -static void -print_key_data(FILE *f, krb5_key_data *kd) -{ - int c; - - fprintf(f, "%d\t%d\t", kd->key_data_type[0], kd->key_data_length[0]); - for (c = 0; c < kd->key_data_length[0]; c++) - fprintf(f, "%02x ", kd->key_data_contents[0][c]); -} - -/* Output osa_adb_princ_ent data in a printable serialized format, suitable for - * ovsec_adm_import consumption. */ -static krb5_error_code -dump_ov_princ(krb5_context context, krb5_db_entry *entry, const char *name, - FILE *fp, krb5_boolean verbose, krb5_boolean omit_nra) -{ - char *princstr; - unsigned int x; - int y, foundcrc; - krb5_tl_data tl_data; - osa_princ_ent_rec adb; - XDR xdrs; - krb5_key_data *key_data; - - tl_data.tl_data_type = KRB5_TL_KADM_DATA; - if (krb5_dbe_lookup_tl_data(context, entry, &tl_data) || - tl_data.tl_data_length == 0) - return 0; - - memset(&adb, 0, sizeof(adb)); - xdrmem_create(&xdrs, (caddr_t)tl_data.tl_data_contents, - tl_data.tl_data_length, XDR_DECODE); - if (!xdr_osa_princ_ent_rec(&xdrs, &adb)) { - xdr_destroy(&xdrs); - return KADM5_XDR_FAILURE; - } - xdr_destroy(&xdrs); - - krb5_unparse_name(context, entry->princ, &princstr); - fprintf(fp, "princ\t%s\t", princstr); - if (adb.policy == NULL) - fputc('\t', fp); - else - fprintf(fp, "%s\t", adb.policy); - fprintf(fp, "%lx\t%d\t%d\t%d", adb.aux_attributes, adb.old_key_len, - adb.old_key_next, adb.admin_history_kvno); - - for (x = 0; x < adb.old_key_len; x++) { - foundcrc = 0; - for (y = 0; y < adb.old_keys[x].n_key_data; y++) { - key_data = &adb.old_keys[x].key_data[y]; - if (key_data->key_data_type[0] != ENCTYPE_DES_CBC_CRC) - continue; - if (foundcrc) { - fprintf(stderr, _("Warning! Multiple DES-CBC-CRC keys for " - "principal %s; skipping duplicates.\n"), - princstr); - continue; - } - foundcrc++; - - fputc('\t', fp); - print_key_data(fp, key_data); - } - if (!foundcrc) { - fprintf(stderr, _("Warning! No DES-CBC-CRC key for principal %s, " - "cannot generate OV-compatible record; " - "skipping\n"), princstr); - } - } - - fputc('\n', fp); - free(princstr); - xdr_free(xdr_osa_princ_ent_rec, &adb); - return 0; -} - static krb5_error_code dump_iterator(void *ptr, krb5_db_entry *entry) { @@ -1093,14 +1016,6 @@ process_k5beta7_record(krb5_context context, const char *fname, FILE *filep, } static int -process_ov_record(krb5_context context, const char *fname, FILE *filep, - krb5_boolean verbose, int *linenop) -{ - return process_tagged(context, fname, filep, verbose, linenop, - process_ov_principal, process_k5beta7_policy); -} - -static int process_r1_8_record(krb5_context context, const char *fname, FILE *filep, krb5_boolean verbose, int *linenop) { @@ -1126,16 +1041,6 @@ dump_version beta7_version = { dump_k5beta7_policy, process_k5beta7_record, }; -dump_version ov_version = { - "OpenV*Secure V1.0", - "OpenV*Secure V1.0\t", - 1, - 0, - 0, - dump_ov_princ, - dump_k5beta7_policy, - process_ov_record -}; dump_version r1_3_version = { "Kerberos version 5 release 1.3", "kdb5_util load_dump version 5\n", @@ -1258,7 +1163,7 @@ current_dump_sno_in_ulog(krb5_context context, const char *ifile) /* * usage is: - * dump_db [-b7] [-ov] [-r13] [-r18] [-verbose] [-mkey_convert] + * dump_db [-b7] [-r13] [-r18] [-verbose] [-mkey_convert] * [-new_mkey_file mkey_file] [-rev] [-recurse] * [filename [principals...]] */ @@ -1293,7 +1198,8 @@ dump_db(int argc, char **argv) if (!strcmp(argv[aindex], "-b7")) { dump = &beta7_version; } else if (!strcmp(argv[aindex], "-ov")) { - dump = &ov_version; + fprintf(stderr, _("OV dump format not supported\n")); + goto error; } else if (!strcmp(argv[aindex], "-r13")) { dump = &r1_3_version; } else if (!strcmp(argv[aindex], "-r18")) { @@ -1506,8 +1412,7 @@ restore_dump(krb5_context context, char *dumpfile, FILE *f, } /* - * Usage: load_db [-ov] [-b7] [-r13] [-r18] [-verbose] [-update] [-hash] - * filename + * Usage: load_db [-b7] [-r13] [-r18] [-verbose] [-update] [-hash] filename */ void load_db(int argc, char **argv) @@ -1531,7 +1436,8 @@ load_db(int argc, char **argv) if (!strcmp(argv[aindex], "-b7")){ load = &beta7_version; } else if (!strcmp(argv[aindex], "-ov")) { - load = &ov_version; + fprintf(stderr, _("OV dump format not supported\n")); + goto error; } else if (!strcmp(argv[aindex], "-r13")) { load = &r1_3_version; } else if (!strcmp(argv[aindex], "-r18")){ @@ -1596,9 +1502,6 @@ load_db(int argc, char **argv) load = &r1_8_version; } else if (strcmp(buf, r1_11_version.header) == 0) { load = &r1_11_version; - } else if (strncmp(buf, ov_version.header, - strlen(ov_version.header)) == 0) { - load = &ov_version; } else { fprintf(stderr, _("%s: dump header bad in %s\n"), progname, dumpfile); diff --git a/src/kadmin/dbutil/kdb5_util.c b/src/kadmin/dbutil/kdb5_util.c index accc959..e73e2c6 100644 --- a/src/kadmin/dbutil/kdb5_util.c +++ b/src/kadmin/dbutil/kdb5_util.c @@ -85,10 +85,10 @@ void usage() "\tcreate [-s]\n" "\tdestroy [-f]\n" "\tstash [-f keyfile]\n" - "\tdump [-old|-ov|-b6|-b7|-r13|-r18] [-verbose]\n" + "\tdump [-old|-b6|-b7|-r13|-r18] [-verbose]\n" "\t [-mkey_convert] [-new_mkey_file mkey_file]\n" "\t [-rev] [-recurse] [filename [princs...]]\n" - "\tload [-old|-ov|-b6|-b7|-r13|-r18] [-verbose] [-update] " + "\tload [-old|-b6|-b7|-r13|-r18] [-verbose] [-update] " "filename\n" "\tark [-e etype_list] principal\n" "\tadd_mkey [-e etype] [-s]\n" |