* kadmin/dbutil dumpv4 expiration ("never") fixes

	* kadmin/dbutil loadv4 stashfile, default fixes

(original changelogs included.)

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9372 dc483132-0cff-0310-8789-dd5450dbe970

8 files changed, 205 insertions, 9 deletions

diff --git a/src/kadmin/dbutil/ChangeLog b/src/kadmin/dbutil/ChangeLog
index ee6a8779d..4d529ed54 100644
--- a/src/kadmin/dbutil/ChangeLog
+++ b/src/kadmin/dbutil/ChangeLog
@@ -1,3 +1,45 @@
+Mon Nov 11 16:50:25 1996  Mark Eichin  <eichin@cygnus.com>
+
+	* kadmin/dbutil dumpv4 expiration ("never") fixes
+	* kadmin/dbutil loadv4 stashfile, default fixes
+
+	Fri Sep 27 18:45:43 1996  Mark Eichin  <eichin@cygnus.com>
+
+	* dump.c (read_string): fgetc doesn't return char.
+	
+	Wed Sep 11 23:45:11 1996  Mark Eichin  <eichin@cygnus.com>
+
+	* loadv4.c (enter_in_v5_db): set last_pwd_change from the
+	mod_time, not only the mod_princ_data.
+	
+	Wed Sep 11 00:02:33 1996  Mark Eichin  <eichin@cygnus.com>
+
+	* dumpv4.c (dump_v4_iterator): detect expiration time of "never"
+	and fill in a reasonable default (namely, the Cygnus 96q1 default
+	of 12/31/2009.)
+
+	* loadv4.c (v4_dump_find_default): New function. Scans a dumpfile
+ 	for a "default" entry, which was probably created at kdb_init time
+ 	and probably hasn't changed from either the MIT default of
+ 	12/31/1999 or the Cygnus 96q1 default of 12/31/2009.  Check for
+ 	either value, and replace it with 0, which is understood as
+ 	"never" in V5.  If verbose is set (-v flag), log either the match
+	or the non-matching value.
+	(process_v4_dump): new argument default_exp_time, the value found
+ 	by v4_dump_find_default, actually performs the replacement of
+	matching entries.
+	(load_v4db): call v4_dump_find_default to get the default
+	expiration time.
+	* kdb5_util.M: document the above changes.
+
+	Sun Sep  8 01:02:47 1996  Mark W. Eichin  <eichin@kitten.gen.ma.us>
+
+	* kdb5_util.c (usage): document load_v4 -s stashfile.
+	(main): fix typo in usage message.
+	* kdb5_util.M: document load_v4, including new options, removing
+	previously eliminated -f option.
+	* loadv4.c (load_v4db): support -s stashfile option.
+
 Thu Nov  7 20:53:17 1996  Tom Yu  <tlyu@mit.edu>
 
 	* configure.in: Remove spurious WITH_KRB4.
diff --git a/src/kadmin/dbutil/configure.in b/src/kadmin/dbutil/configure.in
index 4d3b06a8a..539020aeb 100644
--- a/src/kadmin/dbutil/configure.in
+++ b/src/kadmin/dbutil/configure.in
@@ -1,5 +1,6 @@
 AC_INIT(kdb5_create.c)
 CONFIG_RULES
+AC_HAVE_FUNCS(getcwd strstr)
 AC_PROG_INSTALL
 AC_PROG_AWK
 USE_KADMSRV_LIBRARY
diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c
index 6f9b4b7d7..64522f6c9 100644
--- a/src/kadmin/dbutil/dump.c
+++ b/src/kadmin/dbutil/dump.c
@@ -1012,7 +1012,7 @@ read_string(f, buf, len, lp)
 
     retval = 0;
     for (i=0; i<len; i++) {
-	c = (char) fgetc(f);
+	c = fgetc(f);
 	if (c < 0) {
 	    retval = 1;
 	    break;
diff --git a/src/kadmin/dbutil/dumpv4.c b/src/kadmin/dbutil/dumpv4.c
index 45babee24..fd5d0b2f4 100644
--- a/src/kadmin/dbutil/dumpv4.c
+++ b/src/kadmin/dbutil/dumpv4.c
@@ -233,7 +233,16 @@ found_one:;
 	if (i == 3) fputc(' ', arg->f);
     }
 
+    if (entry->expiration == 0) {
+        /* 0 means "never" expire. V4 didn't support that, so rather than
+	   having everything appear to have expired in 1970, we nail in the
+	   Cygnus 96q1 default value.  The value quoted here is directly 
+	   from src/admin/kdb_init.c in Cygnus CNS V4 96q1, and is
+	   roughly 12/31/2009. */
+        v4_print_time(arg->f, 946702799+((365*10+3)*24*60*60));
+    } else {
     v4_print_time(arg->f, entry->expiration);
+    }
     v4_print_time(arg->f, mod_time);
 
     fprintf(arg->f, " %s %s\n", principal->mod_name, principal->mod_instance);
diff --git a/src/kadmin/dbutil/kdb5_util.M b/src/kadmin/dbutil/kdb5_util.M
index b364eeb4b..829e55af8 100644
--- a/src/kadmin/dbutil/kdb5_util.M
+++ b/src/kadmin/dbutil/kdb5_util.M
@@ -159,7 +159,41 @@ if not specified.
 \fBdump_v4\fP [\fIfilename\fP]
 Dumps the current database into the Kerberos 4 database dump format.
 .TP
-\fBload_v4\fP [\fB\-t\fP] [\fB-n\fP] [\fB\-K\fP] [\fB-f\fP] \fIinputfile\fP
-Loads a Kerberos 4 database dump file.
+\fBload_v4\fP [\fB\-t\fP] [\fB-n\fP] [\fB\-K\fP] [\fB-s \fIstashfile\fP] \fIinputfile\fP
+Loads a Kerberos 4 database dump file.  Options:
+.RS
+.TP
+.B \-K
+prompts for the V5 master key instead of using the stashed version.
+.TP
+.B \-n
+prompts for the V4 master key, instead of reading from the stash file.
+.TP
+.B \-s \fIstashfile
+gets the V4 master key out of \fIstashfile\fP instead of /.k
+.TP
+.B \-T
+creates a new \fIkrbtgt\fP instead of converting the V4 one.  The V5 server
+will thus not recognize outstanding tickets, so this should be used 
+with caution.
+.TP
+.B \-v
+lists each principal as it is converted or ignored.
+.TP
+.B \-t
+uses a temporary database, then moves that into place, instead of adding 
+the keys to the current database.
+.PP
+Note: if the Kerberos 4 database had a default expiration date of 12/31/1999
+or 12/31/2009 (the compiled in defaults for older or newer Kerberos
+releases) then any entries which have the same expiration date will be
+converted to "never" expire in the version 5 database.  If the default
+did not match either value, all expiration dates will be preserved. 
+.PP
+Also, Kerberos 4 stored a single modification time for any change to a
+record; Version 5 stores a seperate modification time and last
+password change time.  In practice, Version 4 "modifications" were
+always password changes.  \fIload_v4\fP copies the value into both
+fields.
 .SH SEE ALSO
 kadmin(8)
diff --git a/src/kadmin/dbutil/kdb5_util.c b/src/kadmin/dbutil/kdb5_util.c
index 06597e7df..c259eba32 100644
--- a/src/kadmin/dbutil/kdb5_util.c
+++ b/src/kadmin/dbutil/kdb5_util.c
@@ -60,7 +60,7 @@ usage()
 	     "\tdump	[-old] [-ov] [-b6] [-verbose] [filename	[princs...]]\n"
 	     "\tload	[-old] [-ov] [-b6] [-verbose] [-update] filename\n"
 	     "\tdump_v4	[filename]\n"
-	     "\tload_v4	[-t] [-n] [-v] [-K] inputfile\n");
+	     "\tload_v4	[-t] [-n] [-v] [-K] [-s stashfile] inputfile\n");
      exit(1);
 }
 
diff --git a/src/kadmin/dbutil/loadv4.c b/src/kadmin/dbutil/loadv4.c
index d49429b6f..2562eb947 100644
--- a/src/kadmin/dbutil/loadv4.c
+++ b/src/kadmin/dbutil/loadv4.c
@@ -83,7 +83,9 @@ static int v4init PROTOTYPE((char *, int, char *));
 static krb5_error_code enter_in_v5_db PROTOTYPE((krb5_context,
 						 char *, Principal *));
 static krb5_error_code process_v4_dump PROTOTYPE((krb5_context, char *,
-						  char *));
+						  char *, long));
+static krb5_error_code v4_dump_find_default PROTOTYPE((krb5_context, char *,
+						       char *, long *));
 static krb5_error_code fixup_database PROTOTYPE((krb5_context, char *));
 	
 static int create_local_tgt = 0;
@@ -142,6 +144,7 @@ char *argv[];
     int	persist, op_ind;
     kadm5_config_params newparams;
     extern kadm5_config_params global_params;
+    long exp_time = 0;
 
     krb5_init_context(&context);
 
@@ -168,6 +171,14 @@ char *argv[];
 	else if (!strcmp(argv[op_ind], "-n")) {
 	    v4manual++;
 	}
+	else if (!strcmp(argv[op_ind], "-s")) {
+	    if ((argc - op_ind) >= 1) {
+	        v4_mkeyfile = argv[op_ind+1];
+		op_ind++;
+	    } else {
+		usage();
+	    }
+	}
 	else if ((argc - op_ind) >= 1) {
 	    v4dumpfile = argv[op_ind];
 	    op_ind++;
@@ -326,7 +337,12 @@ master key name '%s'\n",
 	return;
     }
 
-    retval = process_v4_dump(context, v4dumpfile, realm);
+    retval = v4_dump_find_default(context, v4dumpfile, realm, &exp_time);
+    if (retval) {
+        com_err(PROGNAME, retval, "warning: default entry not found");
+    }
+
+    retval = process_v4_dump(context, v4dumpfile, realm, exp_time);
     putchar('\n');
     if (retval)
 	com_err(PROGNAME, retval, "while translating entries to the database");
@@ -514,6 +530,9 @@ Principal *princ;
     if (!retval)
 	retval = krb5_dbe_update_mod_princ_data(context, &entry,
 						mod_time, mod_princ);
+    if (!retval)
+        retval = krb5_dbe_update_last_pwd_change(context, &entry, mod_time);
+
     if (retval) {
 	krb5_db_free_principal(context, &entry, 1);
 	krb5_free_principal(context, mod_princ);
@@ -731,10 +750,11 @@ register char *cp;
 }
 
 static krb5_error_code
-process_v4_dump(context, dumpfile, realm)
+process_v4_dump(context, dumpfile, realm, default_exp_time)
 krb5_context context;
 char *dumpfile;
 char *realm;
+long default_exp_time;
 {
     krb5_error_code retval;
     FILE *input_file;
@@ -776,6 +796,8 @@ char *realm;
 	aprinc.kdc_key_ver = (unsigned char) temp2;
 	aprinc.key_version = (unsigned char) temp3;
 	aprinc.exp_date = time_explode(exp_date_str);
+	if (aprinc.exp_date == default_exp_time)
+	    aprinc.exp_date = 0;
 	aprinc.mod_date = time_explode(mod_date_str);
 	if (aprinc.instance[0] == '*')
 	    aprinc.instance[0] = '\0';
@@ -790,6 +812,94 @@ char *realm;
     return retval;
 }
 
+static krb5_error_code
+v4_dump_find_default(context, dumpfile, realm, exptime)
+krb5_context context;
+char *dumpfile;
+char *realm;
+long *exptime;
+{
+    krb5_error_code retval = 0;
+    FILE *input_file;
+    Principal aprinc;
+    char    exp_date_str[50];
+    char    mod_date_str[50];
+    int     temp1, temp2, temp3;
+    long time_explode();
+    long foundtime, guess1, guess2;
+
+    /* kdb_init is usually the only thing to touch the time in the 
+       default entry, and everything else just copies that time.  If
+       the site hasn't changed it, we can assume that "never" is an
+       appropriate value for V5.  There have been two values compiled
+       in, typically:
+
+       MIT V4 had the code
+       principal.exp_date = 946702799;
+       strncpy(principal.exp_date_txt, "12/31/99", DATE_SZ);
+
+       Cygnus CNS V4 had the code
+       principal.exp_date = 946702799+((365*10+3)*24*60*60);
+       strncpy(principal.exp_date_txt, "12/31/2009", DATE_SZ);
+
+       However, the dump files only store minutes -- so these values
+       are 59 seconds high.
+
+       Other values could be added later, but in practice these are
+       likely to be the only ones. */
+
+    guess1 = 946702799-59;
+    guess2 = 946702799+((365*10+3)*24*60*60);
+
+    input_file = fopen(dumpfile, "r");
+    if (!input_file)
+	return errno;
+
+    for (;;) {			/* explicit break on eof from fscanf */
+	int nread;
+
+	memset((char *)&aprinc, 0, sizeof(aprinc));
+	nread = fscanf(input_file,
+		       "%s %s %d %d %d %hd %x %x %s %s %s %s\n",
+		       aprinc.name,
+		       aprinc.instance,
+		       &temp1,
+		       &temp2,
+		       &temp3,
+		       &aprinc.attributes,
+		       &aprinc.key_low,
+		       &aprinc.key_high,
+		       exp_date_str,
+		       mod_date_str,
+		       aprinc.mod_name,
+		       aprinc.mod_instance);
+	if (nread != 12) {
+	    retval = nread == EOF ? 0 : KRB5_KDB_DB_CORRUPT;
+	    break;
+	}
+	if (!strcmp(aprinc.name, "default")
+	    && !strcmp(aprinc.instance, "*")) {
+	    foundtime = time_explode(exp_date_str);
+	    if (foundtime == guess1 || foundtime == guess2)
+	        *exptime = foundtime;
+	    if (verbose) {
+	        printf("\ndefault expiration found: ");
+	        if (foundtime == guess1) {
+		    printf("MIT or pre96q1 value (1999)");
+		} else if (foundtime == guess2) {
+		    printf("Cygnus CNS post 96q1 value (2009)");
+		} else {
+		    printf("non-default start time (%d,%s)",
+			   foundtime, exp_date_str);
+		}
+	    }
+	    break;
+	}
+    }
+    (void) fclose(input_file);
+    return retval;
+}
+
 static krb5_error_code fixup_database(context, realm)
     krb5_context context;
     char * realm;
diff --git a/src/kadmin/dbutil/util.c b/src/kadmin/dbutil/util.c
index 78de2cd6f..5fdb7aad2 100644
--- a/src/kadmin/dbutil/util.c
+++ b/src/kadmin/dbutil/util.c
@@ -33,7 +33,7 @@
 #include "k5-int.h"
 #include "./kdb5_edit.h"
 
-#if defined(sysvimp) || ( defined(mips) && defined(SYSTYPE_BSD43)) || (defined(vax) && !defined(ultrix))
+#ifndef HAVE_STRSTR
 char *
 strstr(s1, s2)
 char *s1;
@@ -50,7 +50,7 @@ char *s2;
    }
    return ((char *) 0);
 }
-#endif	/* sysvimp */
+#endif	/* HAVE_STRSTR */
 
 void
 parse_token(token_in, must_be_first_char, num_tokens, tokens_out)