drop the only-weak-keys checker

kdb_check_weak.c

@@ -1,183 +0,0 @@
-/*
-   Copyright 2011 Red Hat, Inc.
-   All rights reserved.
-
-   Redistribution and use in source and binary forms, with or without
-   modification, are permitted provided that the following conditions are met:
-
-    * Redistributions of source code must retain the above copyright
-      notice, this list of conditions and the following disclaimer.
-    * Redistributions in binary form must reproduce the above copyright
-      notice, this list of conditions and the following disclaimer in
-      the documentation and/or other materials provided with the
-      distribution.
-    * Neither the name of Red Hat, Inc., nor the names of its
-      contributors may be used to endorse or promote products derived
-      from this software without specific prior written permission.
-
-   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
-   IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-   TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-   PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
-   OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-   EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-   PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-   PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
-   LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-   SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* Walk the list of supplied principal names (or fragments of principal names)
- * and check if the latest kvno on file for that principal has any "strong"
- * keys.  If not, warn in various ways depending on how we were invoked. */
-
-#include <sys/types.h>
-#include <getopt.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <kdb.h>
-
-int
-main(int argc, char **argv)
-{
-	char name[256], ename[256], *realm = NULL, *defrealm, *unparsed;
-	krb5_context ctx;
-	krb5_principal princ;
-	krb5_error_code err;
-	krb5_db_entry *entry;
-	krb5_key_data *kd;
-	int problems = 0, c, i, j, verbose = 0, strong, kvno, problems_only = 0;
-
-	while ((c = getopt(argc, argv, "pr:v")) != -1) {
-		switch (c) {
-		case 'p':
-			problems_only++;
-			break;
-		case 'r':
-			realm = optarg;
-			break;
-		case 'v':
-			verbose++;
-			break;
-		default:
-			printf("kdb_check_weak: check if a principal's keys "
-			       "are all of types not allowed when\n"
-			       "                allow_weak_crypto is not "
-			       "set\n");
-			printf("%s: [-p | -v [-v [-v]]] [-r REALM] principal [...]\n",
-			       strchr(argv[0], '/') ?
-			       strrchr(argv[0], '/') + 1 :
-			       argv[0]);
-			return -1;
-			break;
-		}
-	}
-
-	/* Start up for the default (or specified) realm. */
-	ctx = NULL;
-	if ((err = krb5_init_context(&ctx)) != 0) {
-		fprintf(stderr, "Error initializing Kerberos: %s.\n",
-			error_message(err));
-		return -1;
-	}
-	if (realm != NULL) {
-		if ((err = krb5_set_default_realm(ctx, realm)) != 0) {
-			fprintf(stderr, "Error setting default realm: %s.\n",
-				error_message(err));
-			return -1;
-		}
-	}
-	defrealm = NULL;
-	if ((err = krb5_get_default_realm(ctx, &defrealm)) != 0) {
-		fprintf(stderr, "Error getting default realm: %s.\n",
-			error_message(err));
-		return -1;
-	}
-	if ((err = krb5_db_open(ctx, NULL, KRB5_KDB_OPEN_RO)) != 0) {
-		if (verbose) {
-			fprintf(stderr, "Error opening database: %s.\n",
-				error_message(err));
-		}
-		return -1;
-	}
-	for (i = optind; i < argc; i++) {
-		/* Look up the principal. */
-		princ = NULL;
-		if ((strlen(argv[i]) > 0) &&
-		    ((argv[i][strlen(argv[i]) - 1] == '/') ||
-		     (argv[i][strlen(argv[i]) - 1] == '@'))) {
-			snprintf(name, sizeof(name), "%s%s", argv[i], defrealm);
-		} else {
-			snprintf(name, sizeof(name), "%s", argv[i]);
-		}
-		if (krb5_parse_name(ctx, name, &princ) != 0) {
-			fprintf(stderr, "Error parsing name \"%s\".\n",
-				argv[i]);
-			continue;
-		}
-		entry = NULL;
-		if ((err = krb5_db_get_principal(ctx, princ, 0, &entry)) != 0) {
-			if (verbose) {
-				fprintf(stderr, "Error looking up entry: %s.\n",
-					error_message(err));
-			}
-			continue;
-		}
-		unparsed = NULL;
-		if ((err = krb5_unparse_name(ctx, entry->princ,
-					     &unparsed)) != 0) {
-			unparsed = name;
-		}
-		kvno = -1;
-		strong = 0;
-		for (j = 0; j < entry->n_key_data; j++) {
-			kd = &entry->key_data[j];
-			/* Reset the count if we find a newer key version. */
-			if (kd->key_data_kvno > kvno) {
-				kvno = kd->key_data_kvno;
-				strong = 0;
-			}
-			/* Print the types of keys we find if asked to. */
-			if (verbose >= 3) {
-				krb5_enctype_to_name(kd->key_data_type[0],
-						     FALSE,
-						     ename, sizeof(ename));
-				printf("%s: v%d %s: %s\n",
-				       unparsed, kd->key_data_kvno, ename,
-				       krb5int_c_weak_enctype(kd->key_data_type[0]) ?
-				       "weak" : "strong");
-			}
-			if (!krb5int_c_weak_enctype(kd->key_data_type[0])) {
-				strong++;
-			}
-		}
-		/* We need to have seen some strong keys. */
-		if (strong) {
-			/* Say we're okay unless we're asked to stay quiet. */
-			if (verbose >= 2) {
-				printf("%s: OK\n", unparsed);
-			}
-		} else {
-			/* Say we're not okay unless we're asked to stay quiet.
-			 * */
-			if (verbose) {
-				printf("%s: needs to be rekeyed\n", unparsed);
-			} else {
-				if (problems_only) {
-					printf("%s%s", problems ? " " : "",
-					       unparsed);
-				}
-			}
-			/* Note that there's a problem entry. */
-			problems++;
-		}
-		krb5_db_free_principal(ctx, entry);
-		if (unparsed != name) {
-			krb5_free_unparsed_name(ctx, unparsed);
-		}
-	}
-
-	return problems;
-}

krb5.spec

@@ -49,7 +49,6 @@ Source31: kerberos-adm.portreserve
 Source32: krb5_prop.portreserve
 Source33: krb5kdc.logrotate
 Source34: kadmind.logrotate
-Source35: kdb_check_weak.c
 Source36: kpropd.init
 Source37: kadmind.init
 Source38: krb5kdc.init
@@ -342,13 +341,6 @@ CPPFLAGS="`echo $DEFINES $INCLUDES`"
 make
 popd
 
-# A sanity checker for upgrades.
-env LD_LIBRARY_PATH=`pwd`/src/lib \
-%{__cc} -o kdb_check_weak \
-	-I src/include `./src/krb5-config --cflags kdb` \
-	%{SOURCE35} \
-	-L src/lib `./src/krb5-config --libs kdb`
-
 %check
 # Run the test suite. We can't actually run the whole thing in the build system.
 make -C src fake-install
@@ -467,9 +459,6 @@ for library in libgssapi_krb5 libgssrpc libk5crypto libkrb5 libkrb5support ; do
 done
 %endif
 
-# A sanity checker for upgrades.
-install -m 755 kdb_check_weak $RPM_BUILD_ROOT/%{_libdir}/krb5/
-
 %find_lang %{gettext_domain}
 
 %clean
@@ -661,7 +650,6 @@ exit 0
 %{_libdir}/libverto-k5ev.so
 %{_libdir}/libverto-k5ev.so.*
 %endif
-%{_libdir}/krb5/kdb_check_weak
 %dir %{_libdir}/krb5/plugins
 %dir %{_libdir}/krb5/plugins/kdb
 %dir %{_libdir}/krb5/plugins/preauth

krb5kdc.init

@@ -41,15 +41,6 @@ PATH=/usr/lib64/krb5:/usr/lib/krb5:"$PATH"
 # Shell functions to cut down on useless shell instances.
 start() {
 	[ -x $krb5kdc ] || exit 5
-	# check that some of the basic principal names don't only have weak
-	# keys available. if they do, warn that they should be changed to
-	# get some keys for stronger ciphers added
-	if ! is_false "$KRB5CHECKWEAK" ; then
-		localhost=`hostname`
-		for principal in `kdb_check_weak -p "krbtgt/${KRB5REALM:+${KRB5REALM}@${KRB5REALM}}" "kadmin/admin${KRB5REALM:+@${KRB5REALM}}" "kadmin/changepw${KRB5REALM:+@${KRB5REALM}}" "kadmin/$localhost${KRB5REALM:+@${KRB5REALM}}"` ; do
-			echo -n "Keys for $principal should be changed to include keys for non-weak ciphers." ; warning ; echo ""
-		done
-	fi
 	echo -n $"Starting $prog: "
 	# tell portreserve to release the kerberos-iv port
 	[ -x /sbin/portrelease ] && /sbin/portrelease kerberos-iv &>/dev/null || :