diff --git a/kdb_check_weak.c b/kdb_check_weak.c deleted file mode 100644 index a175bbd..0000000 --- a/kdb_check_weak.c +++ /dev/null @@ -1,183 +0,0 @@ -/* - Copyright 2011 Red Hat, Inc. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in - the documentation and/or other materials provided with the - distribution. - * Neither the name of Red Hat, Inc., nor the names of its - contributors may be used to endorse or promote products derived - from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS - IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER - OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* Walk the list of supplied principal names (or fragments of principal names) - * and check if the latest kvno on file for that principal has any "strong" - * keys. If not, warn in various ways depending on how we were invoked. */ - -#include -#include -#include -#include -#include -#include - -int -main(int argc, char **argv) -{ - char name[256], ename[256], *realm = NULL, *defrealm, *unparsed; - krb5_context ctx; - krb5_principal princ; - krb5_error_code err; - krb5_db_entry *entry; - krb5_key_data *kd; - int problems = 0, c, i, j, verbose = 0, strong, kvno, problems_only = 0; - - while ((c = getopt(argc, argv, "pr:v")) != -1) { - switch (c) { - case 'p': - problems_only++; - break; - case 'r': - realm = optarg; - break; - case 'v': - verbose++; - break; - default: - printf("kdb_check_weak: check if a principal's keys " - "are all of types not allowed when\n" - " allow_weak_crypto is not " - "set\n"); - printf("%s: [-p | -v [-v [-v]]] [-r REALM] principal [...]\n", - strchr(argv[0], '/') ? - strrchr(argv[0], '/') + 1 : - argv[0]); - return -1; - break; - } - } - - /* Start up for the default (or specified) realm. */ - ctx = NULL; - if ((err = krb5_init_context(&ctx)) != 0) { - fprintf(stderr, "Error initializing Kerberos: %s.\n", - error_message(err)); - return -1; - } - if (realm != NULL) { - if ((err = krb5_set_default_realm(ctx, realm)) != 0) { - fprintf(stderr, "Error setting default realm: %s.\n", - error_message(err)); - return -1; - } - } - defrealm = NULL; - if ((err = krb5_get_default_realm(ctx, &defrealm)) != 0) { - fprintf(stderr, "Error getting default realm: %s.\n", - error_message(err)); - return -1; - } - if ((err = krb5_db_open(ctx, NULL, KRB5_KDB_OPEN_RO)) != 0) { - if (verbose) { - fprintf(stderr, "Error opening database: %s.\n", - error_message(err)); - } - return -1; - } - for (i = optind; i < argc; i++) { - /* Look up the principal. */ - princ = NULL; - if ((strlen(argv[i]) > 0) && - ((argv[i][strlen(argv[i]) - 1] == '/') || - (argv[i][strlen(argv[i]) - 1] == '@'))) { - snprintf(name, sizeof(name), "%s%s", argv[i], defrealm); - } else { - snprintf(name, sizeof(name), "%s", argv[i]); - } - if (krb5_parse_name(ctx, name, &princ) != 0) { - fprintf(stderr, "Error parsing name \"%s\".\n", - argv[i]); - continue; - } - entry = NULL; - if ((err = krb5_db_get_principal(ctx, princ, 0, &entry)) != 0) { - if (verbose) { - fprintf(stderr, "Error looking up entry: %s.\n", - error_message(err)); - } - continue; - } - unparsed = NULL; - if ((err = krb5_unparse_name(ctx, entry->princ, - &unparsed)) != 0) { - unparsed = name; - } - kvno = -1; - strong = 0; - for (j = 0; j < entry->n_key_data; j++) { - kd = &entry->key_data[j]; - /* Reset the count if we find a newer key version. */ - if (kd->key_data_kvno > kvno) { - kvno = kd->key_data_kvno; - strong = 0; - } - /* Print the types of keys we find if asked to. */ - if (verbose >= 3) { - krb5_enctype_to_name(kd->key_data_type[0], - FALSE, - ename, sizeof(ename)); - printf("%s: v%d %s: %s\n", - unparsed, kd->key_data_kvno, ename, - krb5int_c_weak_enctype(kd->key_data_type[0]) ? - "weak" : "strong"); - } - if (!krb5int_c_weak_enctype(kd->key_data_type[0])) { - strong++; - } - } - /* We need to have seen some strong keys. */ - if (strong) { - /* Say we're okay unless we're asked to stay quiet. */ - if (verbose >= 2) { - printf("%s: OK\n", unparsed); - } - } else { - /* Say we're not okay unless we're asked to stay quiet. - * */ - if (verbose) { - printf("%s: needs to be rekeyed\n", unparsed); - } else { - if (problems_only) { - printf("%s%s", problems ? " " : "", - unparsed); - } - } - /* Note that there's a problem entry. */ - problems++; - } - krb5_db_free_principal(ctx, entry); - if (unparsed != name) { - krb5_free_unparsed_name(ctx, unparsed); - } - } - - return problems; -} diff --git a/krb5.spec b/krb5.spec index e438f3b..2ee81f7 100644 --- a/krb5.spec +++ b/krb5.spec @@ -49,7 +49,6 @@ Source31: kerberos-adm.portreserve Source32: krb5_prop.portreserve Source33: krb5kdc.logrotate Source34: kadmind.logrotate -Source35: kdb_check_weak.c Source36: kpropd.init Source37: kadmind.init Source38: krb5kdc.init @@ -342,13 +341,6 @@ CPPFLAGS="`echo $DEFINES $INCLUDES`" make popd -# A sanity checker for upgrades. -env LD_LIBRARY_PATH=`pwd`/src/lib \ -%{__cc} -o kdb_check_weak \ - -I src/include `./src/krb5-config --cflags kdb` \ - %{SOURCE35} \ - -L src/lib `./src/krb5-config --libs kdb` - %check # Run the test suite. We can't actually run the whole thing in the build system. make -C src fake-install @@ -467,9 +459,6 @@ for library in libgssapi_krb5 libgssrpc libk5crypto libkrb5 libkrb5support ; do done %endif -# A sanity checker for upgrades. -install -m 755 kdb_check_weak $RPM_BUILD_ROOT/%{_libdir}/krb5/ - %find_lang %{gettext_domain} %clean @@ -661,7 +650,6 @@ exit 0 %{_libdir}/libverto-k5ev.so %{_libdir}/libverto-k5ev.so.* %endif -%{_libdir}/krb5/kdb_check_weak %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/kdb %dir %{_libdir}/krb5/plugins/preauth diff --git a/krb5kdc.init b/krb5kdc.init index c765790..3462ca6 100755 --- a/krb5kdc.init +++ b/krb5kdc.init @@ -41,15 +41,6 @@ PATH=/usr/lib64/krb5:/usr/lib/krb5:"$PATH" # Shell functions to cut down on useless shell instances. start() { [ -x $krb5kdc ] || exit 5 - # check that some of the basic principal names don't only have weak - # keys available. if they do, warn that they should be changed to - # get some keys for stronger ciphers added - if ! is_false "$KRB5CHECKWEAK" ; then - localhost=`hostname` - for principal in `kdb_check_weak -p "krbtgt/${KRB5REALM:+${KRB5REALM}@${KRB5REALM}}" "kadmin/admin${KRB5REALM:+@${KRB5REALM}}" "kadmin/changepw${KRB5REALM:+@${KRB5REALM}}" "kadmin/$localhost${KRB5REALM:+@${KRB5REALM}}"` ; do - echo -n "Keys for $principal should be changed to include keys for non-weak ciphers." ; warning ; echo "" - done - fi echo -n $"Starting $prog: " # tell portreserve to release the kerberos-iv port [ -x /sbin/portrelease ] && /sbin/portrelease kerberos-iv &>/dev/null || :