sec_salvage_db(8sec)

Recovers a corrupted registry database

Synopsis

sec_salvage_db -print [-dbpath db_pathname] [-prtpath print_pathname]
[print_options] [-verbose]

sec_salvage_db -reconstruct [-dbpath db_pathname]
[-prtpath print_pathname]
[reconstruct_options] [-verbose]

sec_salvage_db -check [-dbpath db_pathname]
[db_options] [-verbose]

sec_salvage_db -fix [-dbpath db_pathname]
[db_options] [-force] [-verbose]

Options

-check
Checks the database elements specified by db_options for inconsistencies. This option sends a list to standard output of all bad list links, internal ID references, and database keys and any detectable data inconsistencies. The -check option does not check fields for legal values.

db_options
Specifies the database elements to be acted on by the -check or -fix options. If no db_options are specified, all are selected.

The db_options are:

-princ - Principals

-group - Groups

-org - Organizations

-acct - Accounts

-acl - ACLs

-policy - Policy

-state - Database State

-replicas - Replicas

Note
The mkey.prt file and the princ.prt file contain unencrypted authentication keys. Ensure that only the privileged account can access these files and that they are never transferred over a network for viewing or backup.

-fix
Checks the database for inconsistencies and prompt for whether to fix each inconsistency. After all inconsistencies have been processed, the option prompts for whether to save all fixes.

-force
Checks the database for inconsistencies and fix each one without prompting. After all inconsistencies have been processed, the option prompts for whether to save all fixes. This option is valid only when used with the -fix option.

-print
Creates files containing ASCII-formatted database records. These files are used by the -reconstruct option as a source for recreating the database. You can also manually edit the files to change information or fix problems. A separate file is created for each of the print_options specified.

By default, the -print option stores the master key file in the current directory and the database files in the rgy_print directory in the current directory. The -prtpath option lets you specify a different directory.

print_options
Specify the database elements to be acted on by the -print option. If the files exist, they are overwritten. If no print_options are specified, all are selected. The print_options and the files they create are:

· -princ
Put principal records in the file princ.prt and master key information in the file .mkey.prt.

· -group
Put group records in the file group.prt.

· -org
Put organization records in the file org.prt.

· -policy
Put policy records in the file policy.prt.

· -state
Put information about the state of the database in the file rgy_state.prt.

· -replicas
Put replica information in the file replicas.prt.

· -reconstruct
Reconstructs the registry database from the ASCII-formatted print files created by the -print option. The reconstruct_options specify the print files to use.

reconstruct_options
Specifies which elements of the registry database to reconstruct. If no reconstruct_options are specified, all are selected. The reconstruct_options are:

· -pgo
Use data in the princ.prt, group.prt, org.prt, and .mkey.prt files to reconstruct:
- Principals, groups, organizations
- Principals accounts
- ACLs on database objects
- The master key file

· -policy
Use data from the policy.prt file to reconstruct registry policies.

· -state
Use data from the rgy_state.prt file to reconstruct information about the state of the database.

· -replicas
Use data from the replicas.prt file to reconstruct the master replica list.

-dbpath db_pathname
For the -print and -check options, -dbpath specifies the directory in which the registry database and the master key file are located.

For the -reconstruct and -fix options, -dbpath specifies the directory in which to store the reconstructed or salvaged database.

The -print and -check options expects to find the master key file, .mkey, in the directory above the directory that holds the database files. For example, if db_pathname is dcelocal/var/security/new_rgy, the options look for the master key file in dcelocal/var/security and the database files in dcelocal/var/security/new_rgy.

If this option is not specified, the default path name is dcelocal/var/security/rgy_data.

db_pathname can be a global path name or a cell-relative name.

-prtpath print_pathname
For the -print and -reconstruct options only, -prtpath specifies the directory in which to create (-print) the print files, or find (-reconstruct) the print files from which to reconstruct the database.

By default, the -print option creates and the -reconstruct option looks for the master key file in the current directory and the database files in the rgy_print subdirectory of the current directory. The -prtpath option lets you specify the directory that should be used instead of the current directory. For example, if you specify print_pathname as dcelocal/var/security/registry, the master key print file will be created in that directory and the database print files in dcelocal/var/security/registry/rgy_print.

If any or all of the print files exist in print_pathname or the default directory, their contents are overwritten.

print_pathname can be a global path name or a cell-relative name.

Description

The sec_salvage_db tool is an aid to database administration and troubleshooting. Although day-to-day administration is handled by the rgy_edit command, sec_salvage_db can be useful for listing registry data, reconstructing databases, and salvaging corrupted databases.

The sec_salvage_db command supports two methods of operation: the check and fix method, and the print and reconstruct method. These methods can be used in tandem.

Check and Fix Method
Note that the -check and -fix options are not currently available.

The check and fix method recovers data from a corrupted database, fixing corrupted data links, data retrieval keys, and other internal references. You can use it on a database so corrupted that it prevents the security server (secd) from running or registry clients from operating correctly. The check and fix method repairs the database structure so that secd can run. (Note that data may be lost if corrupted pointers in the registry data files irreversibly sever the links between records.) The check and fix method uses the sec_salvage_db -check, -fix, and -force options.

The -check option accesses each record in the database and reports all errors, but makes no fixes. Although you can run it to see the state of the database before you run the -fix option, it is not required to be run.

The -fix option also accesses each record in the database and reports all errors, but as it finds each error, it prompts for whether or not to fix the error. When processing is complete, sec_salvage_db prompts for whether or not to save the changes.

The -force option can only be used with the -fix option. If you use it, sec_salvage_db does not prompt for confirmation before it fixes each error it finds. sec_salvage_db will still prompt for confirmation before it saves the changes.

The Print and Reconstruct Method
The print and reconstruct method allows you to reconstruct a database. It first creates ASCII files, called print files, that contain all accessible data in the database. Then, it reads the data in these files to construct a new database. If you cannot start a security server on the database host machine, you cannot use the print and reconstruct method, but must use the check and fix method. (Note that before you run sec_salvage_db with the -print and -reconstruct options, you must stop the security server.)

In addition to reconstructing the database, the print and reconstruct method has other uses. You can use it to

· Make changes to the database by manually editing the print files created by the -print option and then reconstructing them from the changed print files. This can be especially useful for changing many user passwords, which may be necessary if the master key file is corrupted or for re-adding data missing from a corrupted database.

· Obtain a listing of database contents.

· Copy databases between different platforms.

To use the print and reconstruct method, run sec_salvage_db first with the -print option and then with the -reconstruct option.

The -print option creates the ASCII print files from the registry database files. These files can be reviewed and edited to correct faulty information, such as name-to-UNIX ID mismatches or missing data, or to update existing data. The -reconstruct option recreates the registry database files from the print files.

Because the -print option creates files containing all data in the database and the -reconstruct option recreates the database based on these files, you can use this method to move a database to another machine or even another cell. For example, if you run sec_salvage_db -print on an uncorrupted database, you can then run sec_salvage_db -reconstruct and specify a path name on a different machine for where the database should be created.

Editing the Print Files
To edit the print files, your entries must be in the following format:

field_name optional_white_space=optional_white_space value

Although you can leave spaces between the field name, the equals sign, and the value, field names and values cannot contain white space.

A sample group.prt file follows:

Record_Number = 7
Object_Type = ADMIN
Name = group/admin
UUID = 0000001b9-7b61-21cf-bd01-0800097086cb
Unix_ID = 441
Is_Alias_Flag = false
Is_Required_Flag = false
Projlist_Ok_Flag = true
Num_Attr_List_Entries = 0
Fullname =
Member_Name = admin_1
Member_Name = admin_2
Member_Name = admin_3
Foreign_Member_Name = /…/engobe/person1

Cell_UUID = 964dc902-7b54-11cf-b1ff-08000919bba7

Princ_UUID = 0000006a-7b54-11cf-bb00-08000919bba7
Foreign_Member_Name = /…/engobe/person10
Cell_UUID = 964dc902-7b54-11cf-b1ff-08000919bba7

Princ_UUID = 0000006a-7b54-11cf-bb00-08000919bba7
Obj_Acl_Def_Cell_Name = /.../abc.com
Num_Acl_Entries = 6
Obj_Acl_Entry = any_other:r-t-----
Obj_Acl_Entry = group:acct-admin:rctDnfmM
Obj_Acl_Entry = group_obj:r-t-----
Obj_Acl_Entry = other_obj:r-t-----
Obj_Acl_Entry = unauthenticated:r-t-----
Obj_Acl_Entry = user:cell-admin:rctDnfmM

Updating Entries
To update existing entries, simply supply a new value. For example, to update a principals full name, the entry in the princ.prt file is

Fullname = fullname

The fullname variable is the principals full name. The princ.prt file contains the following entry that allows you to update a principals password in plain text:

Plaintext_Passwd =

This field does not display the principals password. To update the password, simply enter the new one in plain text after the equals sign. When the database is reconstructed, the password is encrypted and any keys derived from that password are regenerated and used to overwrite any existing encryption key entries.

To specify a NULL value, delete the existing value. For example, to specify a NULL value for a fullname in the princ.prt file, the entry is

Fullname =

Print File Fields and Values
The following lists describe the fields in the princ.prt, group.prt, org.prt, .mkey.prt, policy.prt, rgy_state.prt, and replicas.prt files. In the lists, an * (asterisk) indicates a segment or field that can appear multiple times in succession; a + (plus sign) indicates that if a stored UUID does not map to a name required for the field, the UUID is displayed.

The princ.prt File
The fields in the princ.prt file follow:

For all records:

Record_Number
The sequential number of the record in the database.

Object_Type
An indication of the type of object: PRINC=principal, DIR=directory.

Name
Name of the object.

UUID
Unique Identifier of the object.

For principals:

Unix_ID
The principals UNIX ID.

Is_Alias_Flag
An indication of whether or not the principal name is an alias or a primary name: true=alias, false=primary.

Is_Required_Flag
An indication of whether or not the principal is reserved: true=principal is reserved and cannot be deleted, false=principal is not reserved.

Quota
The principals object creation quota: a non-negative integer or unlimited.

Fullname
The principals full name: a text string.

Member_Name*
The names of the groups to which the principal belongs.

Obj_Acl_Def_Cell_Name
The default cell name of this principals object ACL.

Num_Acl_Entries
The number of entries in the principals object ACL.

Obj_Acl_Entry*+
The contents of the principals object ACL.

Acct_Group_Name
The accounts group name.

Acct_Org_Name
The accounts organization name.

Acct_Creator_Name
The name of principal who created this account.

Acct_Creation_Time
The date and time the account was created in yyyy/mm/dd.hh:mm format. The first two digits of the year, the hours, and the minutes are optional.

Acct_Changer_Name
Name of principal who last changed the account.

Acct_Change_Time
The date and time the account was last changed in yyyy/mm/dd.hh:mm format. (The first two digits of the year, the hours and the minutes are optional.)

Acct_Expire_Time
The date and time the account expires or none for no expiration date. The date and time are in yyyy/mm/dd.hh:mm format. (The first two digits of the year, the hours and the minutes are optional.)

Acct_Good_Since_Time
The date and time the principals account was last known to be in an uncompromised state in yyyy/mm/dd.hh:mm, format or no for current time and date. (The first two digits of the year, the hours and the minutes are optional.)

Acct_Valid_For_Login_Flag
An indication of whether or not the account can be logged into: true=account is valid for login, false=account cannot be logged into.

Acct_Valid_As_Server_Flag
Indicates whether or not the account is a server and can engage in authenticated communication: true=account is a server, false=account is not server.

Acct_Valid_As_Client_Flag
Indicates whether or not the account is a client and can log in, acquire tickets, and be authenticated: true=account is a client, false=account is not a client.

Acct_Post_Dated_Cert_Ok_Flag
Indicates whether or not tickets with a start time some time in the future can be issued to the accounts principal: true=postdated tickets can be issued, false=postdated tickets cannot be issued.

Acct_Forwardable_Cert_Ok_Flag
Indicates whether or not a new ticket-granting ticket with a network address that differs from the present ticket-granting address can be issued to the accounts principal: true=account can get forwardable certificates, false=account cannot.

Acct_TGT_Auth_Cert_Ok_Flag
Indicates whether or not tickets issued to the accounts principal can use the ticket-granting-ticket authentication mechanism: true=tickets can use the ticket-granting-ticket authentication mechanism, false=they cannot.

Acct_Renewable_Cert_Ok_Flag
Indicates whether or not tickets issued to the principals ticket-granting ticket to be renewed: true=tickets can be renewed, false=tickets cannot be renewed.

Acct_Proxiable_Cert_Ok_Flag
Indicates whether or not a new ticket with a different network address than the present ticket can be issued to the accounts principal: true=such a ticket can be issued, false=such a ticket cannot be issued.

Acct_Dup_Session_Key_Ok_Flag
Indicates whether or not tickets issued to the accounts principal can have duplicate keys: true=account can have duplicate session keys, false=account cannot.

Unix_Key
The account principals encrypted UNIX password: ASCII string.

Plaintext_Passwd
Stores the principals password in plain text. This field is provided to allow principals passwords to be changed. When the princ.prt file is processed by the sec_salvage_db -reconstruct option, this password is encrypted using UNIX system encryption. This encrypted password is then stored as the principals encrypted UNIX password in the Unix_Key field.

Home_Dir
The account principals home directory: text string.

Shell
The account principals login shell: text string.

Gecos
The accounts GECOS information: text string.

Passwd_Valid_Flag
Indicates whether or not the account principals password is valid: true=password is valid, false=password not valid.

Passwd_Change_Time
The date and time the account principals password was last changed in yyyy/mm/dd.hh:mm format or now for the current date and time. The first two digits of the year, the hours and the minutes are optional.

Max_Certificate_Lifetime
The number of hours before the Authentication Service must renew the account principals service certificates: an integer indicating the time in hours or default-policy to use the registry default.

Max_Renewable_Lifetime
The number of hours before a session with the account principals identity expires and the principal must log in again to reauthenticate: an integer indicating the time in hours or default-policy to use the registry default.

Master_Key_Version
The version of the master key used to encrypt the account principals key.

Num_Auth_Keys
The number of the account principals authentication keys.

Auth_Key_Version*
A list of the version numbers of the account principals authentication key. The first version number on the list represents the current authentication key.

Auth_Key_Pepper*
The pepper algorithm used for the account principals key: a text string or blank to use the default pepper algorithm.

Auth_Key_Len*
The length in bytes of the account principals authentication key.

Auth_Key*
The account principals authentication key: hexadecimal string.

Auth_Key_Expire_Time*
The date and time the account principals authentication key expires or none for no expiration. Date and time are in yyyy/mm/dd.hh:mm format. (The first two digits of the year, the hours and the minutes are optional.)

For directories:

Obj_Acl_Def_Cell_Name+
The default cell name of the directorys object ACL.

Num_Acl_Entries
The number of entries in the directorys object ACL.

Obj_Acl_Entry*+
The contents of the directorys object ACL.

Init_Obj_Acl_Def_Cell_Name+
The default cell name of the directorys initial object ACL.

Num_Acl_Entries
The number of entries in the directorys initial object ACL.

Init_Obj_Acl_Entry*+
The contents of the directorys initial object ACL.

Init_Cont_Acl_Def_Cell_Name+
The default cell name of the directorys initial container ACL.

Num_Acl_Entries
The number of entries in the directorys initial container ACL.

Init_Cont_Acl_Entry*+
The contents of the directorys initial container ACL.

The group.prt File
The fields in the group.prt file follow:

For all records:

Record_Number
The sequential number of the record in the database.

Object_Type
An indication of the type of object: GROUP=group, DIR=directory.

Name
Name of the object.

UUID
Unique Identifier of the object.

For groups:

Unix_ID
UNIX ID of the group.

Is_Alias_Flag
An indication of whether or not the group name is an alias or a primary name: true=alias, false=primary.

Is_Required_Flag
An indication of whether or not the group is reserved: true=group is reserved and cannot be deleted, false=group is not reserved.

Projlist_Ok_Flag
An indication of whether or not the group can be included in project lists: true=group can be included on project lists, false=group cannot be included.

Fullname
The groups full name: a text string.

Member_Name*
The names of the groups local members.

Foreign_Member_Name
The names of the groups foreign members.

Cell_UUID
The UUID of the cell for the principal identified in Foreign_Member_Name.

Princ_UUID
The UUID of the principal identified in Foreign_Member_Name.

Obj_Acl_Def_Cell_Name+
The default cell name of this groups object ACL.

Num_Acl_Entries
The number of entries in the groups object ACL.

Obj_Acl_Entry*
The contents of the groups object ACL.

For directories:

Obj_Acl_Def_Cell_Name+
The default cell name of this directorys object ACL.

Num_Acl_Entries
The number of entries in the directorys object ACL.

Obj_Acl_Entry*
The contents of the directorys object ACL.

Init_Obj_Acl_Def_Cell_Name+
The default cell name of the directorys initial object ACL.

Num_Acl_Entries
The number of entries in the directorys initial object ACL.

Init_Obj_Acl_Entry*+
The contents of the directorys initial object ACL.

Init_Cont_Acl_Def_Cell_Name+
The default cell name of the directorys initial container ACL.

Num_Acl_Entries
The number of entries in the directorys initial container ACL.

Init_Cont_Acl_Entry*+
The contents of the directorys initial container ACL.

The org.prt File
The fields in the org.prt file follow:

For all records:

Record_Number
The sequential number of the record in the database.

Object_Type
An indication of the type of object: ORG=organization, DIR=directory.

Name
Name of the object.

UUID
Unique Identifier of the object.

For organizations:

Unix_ID
UNIX ID of the organization.

Is_Alias_Flag
An indication of whether or not the organization is an alias or a primary name: true=alias, false=primary.

Is_Required_Flag
An indication of whether the organization is reserved: true=organization is reserved and cannot be deleted, false=organization is not reserved.

Fullname
The organizations full name: a text string.

Member_Name*
The names of the organizations members.

Obj_Acl_Def_Cell_Name
The default cell name of this organizations object ACL.

Num_Acl_Entries
The number of entries in the organizations object ACL.

Obj_Acl_Entry*+
The contents of the organizations object ACL.

For organizations with policy:

Acct_Lifetime
The period during which accounts for the organization are valid: a integer number representing days or forever.

Passwd_Min_Len
The minimum length of the organizations password: a non-negative integer.

Passwd_Lifetime
The span in days of the lifetime of the organizations password: an integer or forever.

Passwd_Expire_Time
The date and time the organizations password expires in yyyy/mm/dd.hh:mm format. (The first two digits of the year, the hours and the minutes are optional.)

Passwd_All_Spaces_Ok
An indication of whether or not the organizations password can consist of all spaces: true=can consist of spaces, false=cannot.

Passwd_All_Alphanumeric_Ok
An indication of whether or not the organizations password can consist of all alphanumeric characters: true=can be all alphanumeric, false=cannot.