1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
#!/usr/local/bin/perl
#
# $Id$
#
## ovsec_adm_export format
## [0]"policy" [1]name [2]pw_min_life [3]pw_max_life [4]pw_min_length [5]pw_min_classes [6]pw_history_num [7]policy_refcnt
## [0]"princ" [1]name [2]policy [3]aux_attributes [4]old_key_len [5]admin_history_kvno [6..]old_keys
$oaevers = "1.0";
open(SORT, "|sort") || die "Couldn't open pipe to sort for output: $!\n";
open(OAE, "$ENV{'TOP'}/install/admin/ovsec_adm_export|") ||
die "Couldn't get oae: $!\n";
$header = <OAE>;
die "Not ovsec_adm_export output\n"
if ($header !~ /^OpenV\*Secure V(\d+\.\d+)/);
$stdinvers = $1;
die "Expected oae version $oaevers, got $stdinvers instead.\n"
if $stdinvers ne $oaevers;
while(<OAE>) {
if (/^End of Database/) {
last;
} elsif (/^policy/) {
print SORT;
} elsif (/^princ/) {
split(/\t/);
$_[2] = "\"\"" if !$_[2];
$_[3] = hex("0x".$_[3]);
$princ{$_[1]} = sprintf("%s\t0x%04x",@_[2,3]);
}
}
## kdb_edit ddb format
## [0]strlen(principal) [1]strlen(mod_name) [2]key.length [3]alt_key.length [4]salt_length [5]alt_salt_length [6]principal [7]key.key_type [8]key.contents [9]kvno [10]max_life [11]max_renewable_life [12]mkvno [13]expiration [14]pw_expiration [15]last_pwd_change [16]last_success [17]last_failed [18]fail_auth_count [19]mod_name [20]mod_date [21]attributes [22]salt_type [23]salt [24]alt_key.contents [25]alt_salt [26..33]expansion*8;
$ddbvers = "2.0";
open(DDB, "$ENV{'TOP'}/install/admin/kdb5_edit -r SECURE-TEST.OV.COM -R ddb|") ||
die "Couldn't get ddb: $!\n";
$header = <DDB>;
die "Not a kdb5_edit ddb\n"
if ($header !~ /^kdb5_edit load_dump version (\d+\.\d+)/);
$stdinvers = $1;
die "Expected ddb version $ddbvers, got $stdinvers instead.\n"
if $stdinvers ne $ddbvers;
## [6]principal [9]kvno [19]mod_name [10]max_life [13]expiration [14]pw_expiration [21]attributes // [2]policy [3]aux_attributes
while(<DDB>) {
split;
print SORT join("\t","princ",(@_)[6,9,19,10,13,14],
sprintf("0x%04x",$_[21]),
$princ{$_[6]}),"\n";
}
close(DDB);
for $keytab (@ARGV) {
open(KLIST, "$ENV{'TOP'}/install/bin/klist -k -t -K FILE:$keytab|") ||
die "Couldn't list $keytab: $!\n";
$dummy = <KLIST>;
$dummy = <KLIST>;
$dummy = <KLIST>;
while(<KLIST>) {
s/^\s+//;
split;
printf(SORT "keytab:FILE:%s\t%s-%s\t%s\t%s,%s\n",$keytab,
@_[3,0,4,1,2]);
}
}
close(SORT);
|
