| 1 | /* |
| 2 | * |
| 3 | * ka_util: Program to dump the AFS authentication server database |
| 4 | * into an ascii file. |
| 5 | * |
| 6 | * Assumptions: We *cheat* here and read the datafile directly, ie. |
| 7 | * not going through the ubik distributed data manager. |
| 8 | * therefore the database must be quiescent for the |
| 9 | * output of this program to be valid. |
| 10 | */ |
| 11 | #include <afsconfig.h> |
| 12 | #include <afs/param.h> |
| 13 | |
| 14 | #include <roken.h> |
| 15 | |
| 16 | #include <ctype.h> |
| 17 | |
| 18 | #include <lock.h> |
| 19 | #define UBIK_INTERNALS |
| 20 | #include <ubik.h> |
| 21 | #include <rx/xdr.h> |
| 22 | #include <rx/rx.h> |
| 23 | #include <rx/rxkad.h> |
| 24 | |
| 25 | #include "kauth.h" |
| 26 | #include "kaserver.h" |
| 27 | #include "kautils.h" |
| 28 | |
| 29 | #define IDHash(x) (abs(x) % HASHSIZE) |
| 30 | #define print_id(x) ( ((flags&DO_SYS)==0 && (x<-32767 || x>97536)) || \ |
| 31 | ((flags&DO_OTR)==0 && (x>-32768 && x<97537))) |
| 32 | |
| 33 | extern char *optarg; |
| 34 | extern int optind; |
| 35 | extern int errno; |
| 36 | |
| 37 | int display_entry(); |
| 38 | |
| 39 | static struct kaheader kah; |
| 40 | static struct ubik_version uv; |
| 41 | struct kadstats dynamic_statistics; |
| 42 | |
| 43 | char buffer[1024]; |
| 44 | int dbase_fd; |
| 45 | FILE *dfp; |
| 46 | |
| 47 | int nflag = 0; |
| 48 | int wflag = 0; |
| 49 | int flags = 0; |
| 50 | |
| 51 | afs_int32 |
| 52 | es_Report() |
| 53 | { |
| 54 | } |
| 55 | |
| 56 | struct afsconf_dir *KA_conf; |
| 57 | struct ubik_dbase *KA_dbase; |
| 58 | int MinHours = 0; |
| 59 | int npwSums = KA_NPWSUMS; |
| 60 | afs_int32 verbose_track = 1; |
| 61 | afs_uint32 myHost = 0; |
| 62 | |
| 63 | main(argc, argv) |
| 64 | int argc; |
| 65 | char **argv; |
| 66 | { |
| 67 | int i; |
| 68 | long code; |
| 69 | long cc, upos = 0, gpos; |
| 70 | struct ubik_hdr *uh; |
| 71 | char *dfile = 0; |
| 72 | char *pfile = "/usr/afs/db/kaserver.DB0"; |
| 73 | |
| 74 | while ((cc = getopt(argc, argv, "wugmxsnp:d:")) != EOF) { |
| 75 | switch (cc) { |
| 76 | case 'p': |
| 77 | pfile = optarg; |
| 78 | break; |
| 79 | case 'd': |
| 80 | dfile = optarg; |
| 81 | break; |
| 82 | case 'n': |
| 83 | nflag++; |
| 84 | break; |
| 85 | case 'w': |
| 86 | wflag++; |
| 87 | break; |
| 88 | default: |
| 89 | fprintf(stderr, "Usage: ka_util [options] [-d data] [-p prdb]\n"); |
| 90 | fputs(" Options:\n", stderr); |
| 91 | fputs(" -w Update prdb with contents of data file\n", stderr); |
| 92 | fputs(" -u Display users\n", stderr); |
| 93 | fputs(" -g Display groups\n", stderr); |
| 94 | fputs(" -m Display group members\n", stderr); |
| 95 | fputs(" -n Follow name hash chains (not id hashes)\n", |
| 96 | stderr); |
| 97 | fputs(" -s Display only system data\n", stderr); |
| 98 | fputs(" -x Display extra users/groups\n", stderr); |
| 99 | exit(1); |
| 100 | } |
| 101 | } |
| 102 | if ((dbase_fd = open(pfile, (wflag ? O_RDWR : O_RDONLY) | O_CREAT, 0600)) |
| 103 | < 0) { |
| 104 | fprintf(stderr, "ka_util: cannot open %s: %s\n", pfile, |
| 105 | strerror(errno)); |
| 106 | exit(1); |
| 107 | } |
| 108 | if (read(dbase_fd, buffer, HDRSIZE) < 0) { |
| 109 | fprintf(stderr, "ka_util: error reading %s: %s\n", pfile, |
| 110 | strerror(errno)); |
| 111 | exit(1); |
| 112 | } |
| 113 | |
| 114 | if (dfile) { |
| 115 | if ((dfp = fopen(dfile, wflag ? "r" : "w")) == 0) { |
| 116 | fprintf(stderr, "ka_util: error opening %s: %s\n", dfile, |
| 117 | strerror(errno)); |
| 118 | exit(1); |
| 119 | } |
| 120 | } else |
| 121 | dfp = (wflag ? stdin : stdout); |
| 122 | |
| 123 | uh = (struct ubik_hdr *)buffer; |
| 124 | if (ntohl(uh->magic) != UBIK_MAGIC) |
| 125 | fprintf(stderr, "ka_util: %s: Bad UBIK_MAGIC. Is %x should be %x\n", |
| 126 | pfile, ntohl(uh->magic), UBIK_MAGIC); |
| 127 | memcpy(&uv, &uh->version, sizeof(struct ubik_version)); |
| 128 | if (wflag && uv.epoch == 0 && uv.counter == 0) { |
| 129 | uv.epoch = 2; /* a ubik version of 0 or 1 has special meaning */ |
| 130 | memcpy(&uh->version, &uv, sizeof(struct ubik_version)); |
| 131 | lseek(dbase_fd, 0, SEEK_SET); |
| 132 | if (write(dbase_fd, buffer, HDRSIZE) < 0) { |
| 133 | fprintf(stderr, "ka_util: error writing ubik version to %s: %s\n", |
| 134 | pfile, strerror(errno)); |
| 135 | exit(1); |
| 136 | } |
| 137 | } |
| 138 | fprintf(stderr, "Ubik Version is: %d.%d\n", uv.epoch, uv.counter); |
| 139 | if (read(dbase_fd, &kah, sizeof(struct kaheader)) < 0) { |
| 140 | fprintf(stderr, "ka_util: error reading %s: %s\n", pfile, |
| 141 | strerror(errno)); |
| 142 | exit(1); |
| 143 | } |
| 144 | |
| 145 | initialize_KA_error_table(); |
| 146 | |
| 147 | if (wflag) { |
| 148 | struct kaheader header; |
| 149 | afs_int32 ltime = time(0); |
| 150 | memset(&header, 0, sizeof(header)); |
| 151 | header.version = htonl(KADBVERSION); |
| 152 | header.headerSize = htonl(sizeof(header)); |
| 153 | header.freePtr = 0; |
| 154 | header.eofPtr = htonl(sizeof(header)); |
| 155 | header.kvnoPtr = 0; |
| 156 | header.stats.allocs = 0; |
| 157 | header.stats.frees = 0; |
| 158 | header.stats.cpws = 0; |
| 159 | header.admin_accounts = 0; |
| 160 | header.specialKeysVersion = htonl(ltime); |
| 161 | header.hashsize = htonl(HASHSIZE); |
| 162 | header.checkVersion = htonl(KADBVERSION); |
| 163 | |
| 164 | write(dbase_fd, &header, sizeof(header)); |
| 165 | while (fgets(buffer, sizeof(buffer), dfp)) { |
| 166 | struct kaentry tentry; |
| 167 | int flags, exp, modtime, modid, cpwtime, maxlife, kvno; |
| 168 | char kaname[64 + 64 + 2], key[33], name[64], instance[64], |
| 169 | rlm[64]; |
| 170 | afs_int32 maxLifetime; |
| 171 | |
| 172 | sscanf(buffer, "%s %d %d %d %d %d %d %d %s", kaname, &flags, &exp, |
| 173 | &modtime, &modid, &cpwtime, &maxlife, &kvno, key); |
| 174 | |
| 175 | printf("%s %d %d %d %d %d %d %d %s", kaname, flags, exp, modtime, |
| 176 | modid, cpwtime, maxlife, kvno, key); |
| 177 | memset(name, 0, sizeof(name)); |
| 178 | memset(instance, 0, sizeof(instance)); |
| 179 | ka_ParseLoginName(&kaname, &name, &instance, &rlm); |
| 180 | printf("%s %s %s\n", kaname, name, instance); |
| 181 | strncpy(tentry.userID.name, name, sizeof(tentry.userID.name)); |
| 182 | strncpy(tentry.userID.instance, instance, |
| 183 | sizeof(tentry.userID.instance)); |
| 184 | tentry.flags = htonl(flags); |
| 185 | memcpy(&tentry.key, key, sizeof(tentry.key)); |
| 186 | tentry.key_version = htonl(kvno); |
| 187 | |
| 188 | tentry.user_expiration = htonl(exp); |
| 189 | |
| 190 | /* time and addr of entry for guy changing this entry */ |
| 191 | tentry.modification_time = htonl(modtime); |
| 192 | tentry.modification_id = htonl(modid); |
| 193 | tentry.change_password_time = htonl(cpwtime); |
| 194 | |
| 195 | if (strcmp(name, KA_TGS_NAME) == 0) |
| 196 | maxLifetime = MAXKTCTICKETLIFETIME; |
| 197 | else if (strcmp(name, KA_ADMIN_NAME) == 0) |
| 198 | maxLifetime = 10 * 3600; |
| 199 | else if (strcmp(name, AUTH_SUPERUSER) == 0) |
| 200 | maxLifetime = 100 * 3600; |
| 201 | else |
| 202 | maxLifetime = 25 * 3600; /* regular users */ |
| 203 | if (maxlife) |
| 204 | tentry.max_ticket_lifetime = htonl(maxlife); |
| 205 | else |
| 206 | tentry.max_ticket_lifetime = htonl(maxLifetime); |
| 207 | |
| 208 | write(dbase_fd, &tentry, sizeof(tentry)); |
| 209 | } |
| 210 | /*CheckInit(0,0); */ |
| 211 | } else { |
| 212 | while (1) { |
| 213 | gpos = display_entry(upos * sizeof(struct kaentry)); |
| 214 | if (gpos < 0) |
| 215 | break; |
| 216 | upos++; |
| 217 | } |
| 218 | } |
| 219 | |
| 220 | lseek(dbase_fd, 0, L_SET); /* rewind to beginning of file */ |
| 221 | if (read(dbase_fd, buffer, HDRSIZE) < 0) { |
| 222 | fprintf(stderr, "ka_util: error reading %s: %s\n", pfile, |
| 223 | strerror(errno)); |
| 224 | exit(1); |
| 225 | } |
| 226 | uh = (struct ubik_hdr *)buffer; |
| 227 | if ((uh->version.epoch != uv.epoch) |
| 228 | || (uh->version.counter != uv.counter)) { |
| 229 | fprintf(stderr, |
| 230 | "ka_util: Ubik Version number changed during execution.\n"); |
| 231 | fprintf(stderr, "Old Version = %d.%d, new version = %d.%d\n", |
| 232 | uv.epoch, uv.counter, uh->version.epoch, uh->version.counter); |
| 233 | } |
| 234 | close(dbase_fd); |
| 235 | exit(0); |
| 236 | } |
| 237 | |
| 238 | int |
| 239 | display_entry(offset) |
| 240 | int offset; |
| 241 | { |
| 242 | int i; |
| 243 | struct kaentry dbentry; |
| 244 | int count; |
| 245 | unsigned char x[8]; |
| 246 | char thiskey[33]; |
| 247 | |
| 248 | if (lseek(dbase_fd, offset + HDRSIZE + sizeof(struct kaheader), L_SET) < |
| 249 | 0) |
| 250 | return -1; |
| 251 | i = read(dbase_fd, &dbentry, sizeof(struct kaentry)); |
| 252 | if (i < sizeof(struct kaentry)) |
| 253 | return -1; |
| 254 | if (!strcmp(dbentry.userID.name, "")) |
| 255 | return 1; |
| 256 | memcpy(x, &dbentry.key, 8); |
| 257 | |
| 258 | fprintf(dfp, "%s%s%s %d %d %d %d %d %d %d ", dbentry.userID.name, |
| 259 | ((dbentry.userID.instance && strcmp(dbentry.userID.instance, "")) |
| 260 | ? "." : ""), ((dbentry.userID.instance |
| 261 | && strcmp(dbentry.userID.instance, "")) |
| 262 | ? dbentry.userID.instance : ""), dbentry.flags, |
| 263 | dbentry.user_expiration, dbentry.modification_time, |
| 264 | dbentry.modification_id, dbentry.change_password_time, |
| 265 | dbentry.max_ticket_lifetime, dbentry.key_version); |
| 266 | for (count = 0; count < 8; count++) { |
| 267 | fprintf(dfp, "\\%03o", (unsigned char *)x[count]); |
| 268 | } |
| 269 | |
| 270 | fprintf(dfp, "\n"); |
| 271 | return 0; |
| 272 | } |