diff options
| author | markm <markm@FreeBSD.org> | 2000-01-09 20:58:00 +0000 |
|---|---|---|
| committer | markm <markm@FreeBSD.org> | 2000-01-09 20:58:00 +0000 |
| commit | 4ecbd6db44d79348bc815f31096e53104f50838b (patch) | |
| tree | 36fa73706fa0587a390c45a3fbf17c9523cb0e35 /crypto/heimdal/admin | |
| download | FreeBSD-src-4ecbd6db44d79348bc815f31096e53104f50838b.zip FreeBSD-src-4ecbd6db44d79348bc815f31096e53104f50838b.tar.gz | |
Import KTH Heimdal, which will be the core of our Kerberos5.
Userland to follow.
Diffstat (limited to 'crypto/heimdal/admin')
| -rw-r--r-- | crypto/heimdal/admin/Makefile.am | 29 | ||||
| -rw-r--r-- | crypto/heimdal/admin/Makefile.in | 680 | ||||
| -rw-r--r-- | crypto/heimdal/admin/add.c | 155 | ||||
| -rw-r--r-- | crypto/heimdal/admin/change.c | 224 | ||||
| -rw-r--r-- | crypto/heimdal/admin/copy.c | 119 | ||||
| -rw-r--r-- | crypto/heimdal/admin/get.c | 162 | ||||
| -rw-r--r-- | crypto/heimdal/admin/ktutil.8 | 119 | ||||
| -rw-r--r-- | crypto/heimdal/admin/ktutil.c | 155 | ||||
| -rw-r--r-- | crypto/heimdal/admin/ktutil_locl.h | 81 | ||||
| -rw-r--r-- | crypto/heimdal/admin/list.c | 83 | ||||
| -rw-r--r-- | crypto/heimdal/admin/purge.c | 175 | ||||
| -rw-r--r-- | crypto/heimdal/admin/remove.c | 107 | ||||
| -rw-r--r-- | crypto/heimdal/admin/srvconvert.c | 181 | ||||
| -rw-r--r-- | crypto/heimdal/admin/srvcreate.c | 124 |
14 files changed, 2394 insertions, 0 deletions
diff --git a/crypto/heimdal/admin/Makefile.am b/crypto/heimdal/admin/Makefile.am new file mode 100644 index 0000000..2b9d5b9 --- /dev/null +++ b/crypto/heimdal/admin/Makefile.am @@ -0,0 +1,29 @@ +# $Id: Makefile.am,v 1.30 2000/01/06 08:02:37 assar Exp $ + +include $(top_srcdir)/Makefile.am.common + +INCLUDES += $(INCLUDE_readline) + +man_MANS = ktutil.8 + +sbin_PROGRAMS = ktutil + +ktutil_SOURCES = add.c \ + change.c \ + copy.c \ + get.c \ + ktutil.c \ + list.c \ + purge.c \ + remove.c \ + srvconvert.c \ + srvcreate.c + +LDADD = \ + $(top_builddir)/lib/kadm5/libkadm5clnt.la \ + $(top_builddir)/lib/krb5/libkrb5.la \ + $(top_builddir)/lib/des/libdes.la \ + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/sl/libsl.la \ + $(LIB_readline) \ + $(LIB_roken) diff --git a/crypto/heimdal/admin/Makefile.in b/crypto/heimdal/admin/Makefile.in new file mode 100644 index 0000000..52665a5 --- /dev/null +++ b/crypto/heimdal/admin/Makefile.in @@ -0,0 +1,680 @@ +# Makefile.in generated automatically by automake 1.4 from Makefile.am + +# Copyright (C) 1994, 1995-8, 1999 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +# $Id: Makefile.am,v 1.30 2000/01/06 08:02:37 assar Exp $ + + +# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ + + +# $Id: Makefile.am.common,v 1.13 1999/11/01 03:19:58 assar Exp $ + + +SHELL = @SHELL@ + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ +prefix = @prefix@ +exec_prefix = @exec_prefix@ + +bindir = @bindir@ +sbindir = @sbindir@ +libexecdir = @libexecdir@ +datadir = @datadir@ +sysconfdir = @sysconfdir@ +sharedstatedir = @sharedstatedir@ +localstatedir = @localstatedir@ +libdir = @libdir@ +infodir = @infodir@ +mandir = @mandir@ +includedir = @includedir@ +oldincludedir = /usr/include + +DESTDIR = + +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ + +top_builddir = .. + +ACLOCAL = @ACLOCAL@ +AUTOCONF = @AUTOCONF@ +AUTOMAKE = @AUTOMAKE@ +AUTOHEADER = @AUTOHEADER@ + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ $(AM_INSTALL_PROGRAM_FLAGS) +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +transform = @program_transform_name@ + +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +host_alias = @host_alias@ +host_triplet = @host@ +AFS_EXTRA_LD = @AFS_EXTRA_LD@ +AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ +AWK = @AWK@ +CANONICAL_HOST = @CANONICAL_HOST@ +CATMAN = @CATMAN@ +CATMANEXT = @CATMANEXT@ +CC = @CC@ +DBLIB = @DBLIB@ +EXEEXT = @EXEEXT@ +EXTRA_LIB45 = @EXTRA_LIB45@ +GROFF = @GROFF@ +INCLUDE_ = @INCLUDE_@ +LD = @LD@ +LEX = @LEX@ +LIBOBJS = @LIBOBJS@ +LIBTOOL = @LIBTOOL@ +LIB_ = @LIB_@ +LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ +LIB_kdb = @LIB_kdb@ +LIB_otp = @LIB_otp@ +LIB_roken = @LIB_roken@ +LIB_security = @LIB_security@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MAKE_X_PROGS_BIN_PROGS = @MAKE_X_PROGS_BIN_PROGS@ +MAKE_X_PROGS_BIN_SCRPTS = @MAKE_X_PROGS_BIN_SCRPTS@ +MAKE_X_PROGS_LIBEXEC_PROGS = @MAKE_X_PROGS_LIBEXEC_PROGS@ +NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ +NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ +NM = @NM@ +NROFF = @NROFF@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +RANLIB = @RANLIB@ +VERSION = @VERSION@ +VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ +WFLAGS = @WFLAGS@ +WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ +WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ +YACC = @YACC@ + +AUTOMAKE_OPTIONS = foreign no-dependencies + +SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x + +INCLUDES = -I$(top_builddir)/include $(INCLUDE_readline) + +AM_CFLAGS = $(WFLAGS) + +COMPILE_ET = $(top_builddir)/lib/com_err/compile_et + +buildinclude = $(top_builddir)/include + +LIB_XauReadAuth = @LIB_XauReadAuth@ +LIB_crypt = @LIB_crypt@ +LIB_dbm_firstkey = @LIB_dbm_firstkey@ +LIB_dbopen = @LIB_dbopen@ +LIB_dlopen = @LIB_dlopen@ +LIB_dn_expand = @LIB_dn_expand@ +LIB_el_init = @LIB_el_init@ +LIB_getattr = @LIB_getattr@ +LIB_gethostbyname = @LIB_gethostbyname@ +LIB_getpwent_r = @LIB_getpwent_r@ +LIB_getpwnam_r = @LIB_getpwnam_r@ +LIB_getsockopt = @LIB_getsockopt@ +LIB_logout = @LIB_logout@ +LIB_logwtmp = @LIB_logwtmp@ +LIB_odm_initialize = @LIB_odm_initialize@ +LIB_readline = @LIB_readline@ +LIB_res_search = @LIB_res_search@ +LIB_setpcred = @LIB_setpcred@ +LIB_setsockopt = @LIB_setsockopt@ +LIB_socket = @LIB_socket@ +LIB_syslog = @LIB_syslog@ +LIB_tgetent = @LIB_tgetent@ + +HESIODLIB = @HESIODLIB@ +HESIODINCLUDE = @HESIODINCLUDE@ +INCLUDE_hesiod = @INCLUDE_hesiod@ +LIB_hesiod = @LIB_hesiod@ + +INCLUDE_krb4 = @INCLUDE_krb4@ +LIB_krb4 = @LIB_krb4@ + +INCLUDE_readline = @INCLUDE_readline@ + +LEXLIB = @LEXLIB@ + +cat1dir = $(mandir)/cat1 +cat3dir = $(mandir)/cat3 +cat5dir = $(mandir)/cat5 +cat8dir = $(mandir)/cat8 + +MANRX = \(.*\)\.\([0-9]\) +CATSUFFIX = @CATSUFFIX@ + +NROFF_MAN = groff -mandoc -Tascii + +@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) + +@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la $(top_builddir)/lib/asn1/libasn1.la +@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la + +CHECK_LOCAL = $(PROGRAMS) + +man_MANS = ktutil.8 + +sbin_PROGRAMS = ktutil + +ktutil_SOURCES = add.c change.c copy.c get.c ktutil.c list.c purge.c remove.c srvconvert.c srvcreate.c + + +LDADD = $(top_builddir)/lib/kadm5/libkadm5clnt.la $(top_builddir)/lib/krb5/libkrb5.la $(top_builddir)/lib/des/libdes.la $(top_builddir)/lib/asn1/libasn1.la $(top_builddir)/lib/sl/libsl.la $(LIB_readline) $(LIB_roken) + +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = ../include/config.h +CONFIG_CLEAN_FILES = +sbin_PROGRAMS = ktutil$(EXEEXT) +PROGRAMS = $(sbin_PROGRAMS) + + +DEFS = @DEFS@ -I. -I$(srcdir) -I../include +CPPFLAGS = @CPPFLAGS@ +LDFLAGS = @LDFLAGS@ +LIBS = @LIBS@ +X_CFLAGS = @X_CFLAGS@ +X_LIBS = @X_LIBS@ +X_EXTRA_LIBS = @X_EXTRA_LIBS@ +X_PRE_LIBS = @X_PRE_LIBS@ +ktutil_OBJECTS = add.$(OBJEXT) change.$(OBJEXT) copy.$(OBJEXT) \ +get.$(OBJEXT) ktutil.$(OBJEXT) list.$(OBJEXT) purge.$(OBJEXT) \ +remove.$(OBJEXT) srvconvert.$(OBJEXT) srvcreate.$(OBJEXT) +ktutil_LDADD = $(LDADD) +ktutil_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5clnt.la \ +$(top_builddir)/lib/krb5/libkrb5.la $(top_builddir)/lib/des/libdes.la \ +$(top_builddir)/lib/asn1/libasn1.la $(top_builddir)/lib/sl/libsl.la +ktutil_LDFLAGS = +CFLAGS = @CFLAGS@ +COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(LDFLAGS) -o $@ +man8dir = $(mandir)/man8 +MANS = $(man_MANS) +DIST_COMMON = Makefile.am Makefile.in + + +DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST) + +TAR = tar +GZIP_ENV = --best +SOURCES = $(ktutil_SOURCES) +OBJECTS = $(ktutil_OBJECTS) + +all: all-redirect +.SUFFIXES: +.SUFFIXES: .1 .3 .5 .8 .S .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .s .x +$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common + cd $(top_srcdir) && $(AUTOMAKE) --foreign admin/Makefile + +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + cd $(top_builddir) \ + && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status + + +mostlyclean-sbinPROGRAMS: + +clean-sbinPROGRAMS: + -test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS) + +distclean-sbinPROGRAMS: + +maintainer-clean-sbinPROGRAMS: + +install-sbinPROGRAMS: $(sbin_PROGRAMS) + @$(NORMAL_INSTALL) + $(mkinstalldirs) $(DESTDIR)$(sbindir) + @list='$(sbin_PROGRAMS)'; for p in $$list; do \ + if test -f $$p; then \ + echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(sbindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`"; \ + $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(sbindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \ + else :; fi; \ + done + +uninstall-sbinPROGRAMS: + @$(NORMAL_UNINSTALL) + list='$(sbin_PROGRAMS)'; for p in $$list; do \ + rm -f $(DESTDIR)$(sbindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \ + done + +.c.o: + $(COMPILE) -c $< + +# FIXME: We should only use cygpath when building on Windows, +# and only if it is available. +.c.obj: + $(COMPILE) -c `cygpath -w $<` + +.s.o: + $(COMPILE) -c $< + +.S.o: + $(COMPILE) -c $< + +mostlyclean-compile: + -rm -f *.o core *.core + -rm -f *.$(OBJEXT) + +clean-compile: + +distclean-compile: + -rm -f *.tab.c + +maintainer-clean-compile: + +.c.lo: + $(LIBTOOL) --mode=compile $(COMPILE) -c $< + +.s.lo: + $(LIBTOOL) --mode=compile $(COMPILE) -c $< + +.S.lo: + $(LIBTOOL) --mode=compile $(COMPILE) -c $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +distclean-libtool: + +maintainer-clean-libtool: + +ktutil$(EXEEXT): $(ktutil_OBJECTS) $(ktutil_DEPENDENCIES) + @rm -f ktutil$(EXEEXT) + $(LINK) $(ktutil_LDFLAGS) $(ktutil_OBJECTS) $(ktutil_LDADD) $(LIBS) + +install-man8: + $(mkinstalldirs) $(DESTDIR)$(man8dir) + @list='$(man8_MANS)'; \ + l2='$(man_MANS)'; for i in $$l2; do \ + case "$$i" in \ + *.8*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ + else file=$$i; fi; \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \ + $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \ + done + +uninstall-man8: + @list='$(man8_MANS)'; \ + l2='$(man_MANS)'; for i in $$l2; do \ + case "$$i" in \ + *.8*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \ + rm -f $(DESTDIR)$(man8dir)/$$inst; \ + done +install-man: $(MANS) + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-man8 +uninstall-man: + @$(NORMAL_UNINSTALL) + $(MAKE) $(AM_MAKEFLAGS) uninstall-man8 + +tags: TAGS + +ID: $(HEADERS) $(SOURCES) $(LISP) + list='$(SOURCES) $(HEADERS)'; \ + unique=`for i in $$list; do echo $$i; done | \ + awk ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + here=`pwd` && cd $(srcdir) \ + && mkid -f$$here/ID $$unique $(LISP) + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS)'; \ + unique=`for i in $$list; do echo $$i; done | \ + awk ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ + || (cd $(srcdir) && etags $(ETAGS_ARGS) $$tags $$unique $(LISP) -o $$here/TAGS) + +mostlyclean-tags: + +clean-tags: + +distclean-tags: + -rm -f TAGS ID + +maintainer-clean-tags: + +distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir) + +subdir = admin + +distdir: $(DISTFILES) + @for file in $(DISTFILES); do \ + d=$(srcdir); \ + if test -d $$d/$$file; then \ + cp -pr $$/$$file $(distdir)/$$file; \ + else \ + test -f $(distdir)/$$file \ + || ln $$d/$$file $(distdir)/$$file 2> /dev/null \ + || cp -p $$d/$$file $(distdir)/$$file || :; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook +info-am: +info: info-am +dvi-am: +dvi: dvi-am +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) check-local +check: check-am +installcheck-am: +installcheck: installcheck-am +install-exec-am: install-sbinPROGRAMS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook +install-exec: install-exec-am + +install-data-am: install-man install-data-local +install-data: install-data-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am +install: install-am +uninstall-am: uninstall-sbinPROGRAMS uninstall-man +uninstall: uninstall-am +all-am: Makefile $(PROGRAMS) $(MANS) all-local +all-redirect: all-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) AM_INSTALL_PROGRAM_FLAGS=-s install +installdirs: + $(mkinstalldirs) $(DESTDIR)$(sbindir) $(DESTDIR)$(mandir)/man8 + + +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -rm -f Makefile $(CONFIG_CLEAN_FILES) + -rm -f config.cache config.log stamp-h stamp-h[0-9]* + +maintainer-clean-generic: +mostlyclean-am: mostlyclean-sbinPROGRAMS mostlyclean-compile \ + mostlyclean-libtool mostlyclean-tags \ + mostlyclean-generic + +mostlyclean: mostlyclean-am + +clean-am: clean-sbinPROGRAMS clean-compile clean-libtool clean-tags \ + clean-generic mostlyclean-am + +clean: clean-am + +distclean-am: distclean-sbinPROGRAMS distclean-compile \ + distclean-libtool distclean-tags distclean-generic \ + clean-am + -rm -f libtool + +distclean: distclean-am + +maintainer-clean-am: maintainer-clean-sbinPROGRAMS \ + maintainer-clean-compile maintainer-clean-libtool \ + maintainer-clean-tags maintainer-clean-generic \ + distclean-am + @echo "This command is intended for maintainers to use;" + @echo "it deletes files that may require special tools to rebuild." + +maintainer-clean: maintainer-clean-am + +.PHONY: mostlyclean-sbinPROGRAMS distclean-sbinPROGRAMS \ +clean-sbinPROGRAMS maintainer-clean-sbinPROGRAMS uninstall-sbinPROGRAMS \ +install-sbinPROGRAMS mostlyclean-compile distclean-compile \ +clean-compile maintainer-clean-compile mostlyclean-libtool \ +distclean-libtool clean-libtool maintainer-clean-libtool install-man8 \ +uninstall-man8 install-man uninstall-man tags mostlyclean-tags \ +distclean-tags clean-tags maintainer-clean-tags distdir info-am info \ +dvi-am dvi check-local check check-am installcheck-am installcheck \ +install-exec-am install-exec install-data-local install-data-am \ +install-data install-am install uninstall-am uninstall all-local \ +all-redirect all-am all installdirs mostlyclean-generic \ +distclean-generic clean-generic maintainer-clean-generic clean \ +mostlyclean distclean maintainer-clean + + +install-suid-programs: + @foo='$(bin_SUIDS)'; \ + for file in $$foo; do \ + x=$(DESTDIR)$(bindir)/$$file; \ + if chown 0:0 $$x && chmod u+s $$x; then :; else \ + chmod 0 $$x; fi; done + +install-exec-hook: install-suid-programs + +install-build-headers:: $(include_HEADERS) $(build_HEADERZ) + @foo='$(include_HEADERS) $(build_HEADERZ)'; \ + for f in $$foo; do \ + f=`basename $$f`; \ + if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ + else file="$$f"; fi; \ + if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ + : ; else \ + echo " cp $$file $(buildinclude)/$$f"; \ + cp $$file $(buildinclude)/$$f; \ + fi ; \ + done + +all-local: install-build-headers +#NROFF_MAN = nroff -man +.1.cat1: + $(NROFF_MAN) $< > $@ +.3.cat3: + $(NROFF_MAN) $< > $@ +.5.cat5: + $(NROFF_MAN) $< > $@ +.8.cat8: + $(NROFF_MAN) $< > $@ + +dist-cat1-mans: + @foo='$(man1_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.1) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat3-mans: + @foo='$(man3_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.3) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat5-mans: + @foo='$(man5_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.5) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat8-mans: + @foo='$(man8_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.8) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans + +install-cat1-mans: + @ext=1;\ + foo='$(man1_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.1) foo="$$foo $$i";; \ + esac; done; \ + if test "$$foo"; then \ + $(mkinstalldirs) $(DESTDIR)$(cat1dir); \ + for x in $$foo; do \ + f=`echo $$x | sed 's/\.[^.]*$$/.cat1/'`; \ + if test -f "$(srcdir)/$$f"; then \ + b=`echo $$x | sed 's!$(MANRX)!\1!'`; \ + echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat1dir)/$$b.$(CATSUFFIX)";\ + $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat1dir)/$$b.$(CATSUFFIX);\ + fi; \ + done ;\ + fi + +install-cat3-mans: + @ext=3;\ + foo='$(man3_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.3) foo="$$foo $$i";; \ + esac; done; \ + if test "$$foo"; then \ + $(mkinstalldirs) $(DESTDIR)$(cat3dir); \ + for x in $$foo; do \ + f=`echo $$x | sed 's/\.[^.]*$$/.cat3/'`; \ + if test -f "$(srcdir)/$$f"; then \ + b=`echo $$x | sed 's!$(MANRX)!\1!'`; \ + echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat3dir)/$$b.$(CATSUFFIX)";\ + $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat3dir)/$$b.$(CATSUFFIX);\ + fi; \ + done ;\ + fi + +install-cat5-mans: + @ext=5;\ + foo='$(man5_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.5) foo="$$foo $$i";; \ + esac; done; \ + if test "$$foo"; then \ + $(mkinstalldirs) $(DESTDIR)$(cat5dir); \ + for x in $$foo; do \ + f=`echo $$x | sed 's/\.[^.]*$$/.cat5/'`; \ + if test -f "$(srcdir)/$$f"; then \ + b=`echo $$x | sed 's!$(MANRX)!\1!'`; \ + echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat5dir)/$$b.$(CATSUFFIX)";\ + $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat5dir)/$$b.$(CATSUFFIX);\ + fi; \ + done ;\ + fi + +install-cat8-mans: + @ext=8;\ + foo='$(man8_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.8) foo="$$foo $$i";; \ + esac; done; \ + if test "$$foo"; then \ + $(mkinstalldirs) $(DESTDIR)$(cat8dir); \ + for x in $$foo; do \ + f=`echo $$x | sed 's/\.[^.]*$$/.cat8/'`; \ + if test -f "$(srcdir)/$$f"; then \ + b=`echo $$x | sed 's!$(MANRX)!\1!'`; \ + echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat8dir)/$$b.$(CATSUFFIX)";\ + $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat8dir)/$$b.$(CATSUFFIX);\ + fi; \ + done ;\ + fi + +install-cat-mans: install-cat1-mans install-cat3-mans install-cat5-mans install-cat8-mans + +install-data-local: install-cat-mans + +.et.h: + $(COMPILE_ET) $< +.et.c: + $(COMPILE_ET) $< + +.x.c: + @cmp -s $< $@ 2> /dev/null || cp $< $@ + +check-local:: + @foo='$(CHECK_LOCAL)'; \ + if test "$$foo"; then \ + failed=0; all=0; \ + for i in $$foo; do \ + all=`expr $$all + 1`; \ + if ./$$i --version > /dev/null 2>&1; then \ + echo "PASS: $$i"; \ + else \ + echo "FAIL: $$i"; \ + failed=`expr $$failed + 1`; \ + fi; \ + done; \ + if test "$$failed" -eq 0; then \ + banner="All $$all tests passed"; \ + else \ + banner="$$failed of $$all tests failed"; \ + fi; \ + dashes=`echo "$$banner" | sed s/./=/g`; \ + echo "$$dashes"; \ + echo "$$banner"; \ + echo "$$dashes"; \ + test "$$failed" -eq 0; \ + fi + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/crypto/heimdal/admin/add.c b/crypto/heimdal/admin/add.c new file mode 100644 index 0000000..954b5f8 --- /dev/null +++ b/crypto/heimdal/admin/add.c @@ -0,0 +1,155 @@ +/* + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" + +RCSID("$Id: add.c,v 1.1 2000/01/02 04:41:00 assar Exp $"); + +int +kt_add(int argc, char **argv) +{ + krb5_error_code ret; + krb5_keytab_entry entry; + char buf[128]; + char *principal_string = NULL; + int kvno = -1; + char *enctype_string = NULL; + krb5_enctype enctype; + char *password_string = NULL; + int salt_flag = 1; + int random_flag = 0; + int help_flag = 0; + struct getargs args[] = { + { "principal", 'p', arg_string, NULL, "principal of key", "principal"}, + { "kvno", 'V', arg_integer, NULL, "key version of key" }, + { "enctype", 'e', arg_string, NULL, "encryption type of key" }, + { "password", 'w', arg_string, NULL, "password for key"}, + { "salt", 's', arg_negative_flag, NULL, "no salt" }, + { "random", 'r', arg_flag, NULL, "generate random key" }, + { "help", 'h', arg_flag, NULL } + }; + int num_args = sizeof(args) / sizeof(args[0]); + int optind = 0; + int i = 0; + args[i++].value = &principal_string; + args[i++].value = &kvno; + args[i++].value = &enctype_string; + args[i++].value = &password_string; + args[i++].value = &salt_flag; + args[i++].value = &random_flag; + args[i++].value = &help_flag; + + if(getarg(args, num_args, argc, argv, &optind)) { + arg_printusage(args, num_args, "ktutil add", ""); + return 0; + } + if(help_flag) { + arg_printusage(args, num_args, "ktutil add", ""); + return 0; + } + if(principal_string == NULL) { + printf("Principal: "); + if (fgets(buf, sizeof(buf), stdin) == NULL) + return 0; + buf[strcspn(buf, "\r\n")] = '\0'; + principal_string = buf; + } + ret = krb5_parse_name(context, principal_string, &entry.principal); + if(ret) { + krb5_warn(context, ret, "%s", principal_string); + return 0; + } + if(enctype_string == NULL) { + printf("Encryption type: "); + if (fgets(buf, sizeof(buf), stdin) == NULL) { + krb5_free_principal (context, entry.principal); + return 0; + } + buf[strcspn(buf, "\r\n")] = '\0'; + enctype_string = buf; + } + ret = krb5_string_to_enctype(context, enctype_string, &enctype); + if(ret) { + int t; + if(sscanf(enctype_string, "%d", &t) == 1) + enctype = t; + else { + krb5_warn(context, ret, "%s", enctype_string); + krb5_free_principal(context, entry.principal); + return 0; + } + } + if(kvno == -1) { + printf("Key version: "); + if (fgets(buf, sizeof(buf), stdin) == NULL) { + krb5_free_principal (context, entry.principal); + return 0; + } + buf[strcspn(buf, "\r\n")] = '\0'; + kvno = atoi(buf); + } + if(password_string == NULL && random_flag == 0) { + if(des_read_pw_string(buf, sizeof(buf), "Password: ", 1)) { + krb5_free_principal (context, entry.principal); + return 0; + } + password_string = buf; + } + if(password_string) { + if (!salt_flag) { + krb5_salt salt; + krb5_data pw; + + salt.salttype = KRB5_PW_SALT; + salt.saltvalue.data = NULL; + salt.saltvalue.length = 0; + pw.data = (void*)password_string; + pw.length = strlen(password_string); + krb5_string_to_key_data_salt(context, enctype, pw, salt, + &entry.keyblock); + } else { + krb5_string_to_key(context, enctype, password_string, + entry.principal, &entry.keyblock); + } + memset (password_string, 0, strlen(password_string)); + } else { + krb5_generate_random_keyblock(context, enctype, &entry.keyblock); + } + entry.vno = kvno; + entry.timestamp = time (NULL); + ret = krb5_kt_add_entry(context, keytab, &entry); + if(ret) + krb5_warn(context, ret, "add"); + krb5_kt_free_entry(context, &entry); + return 0; +} diff --git a/crypto/heimdal/admin/change.c b/crypto/heimdal/admin/change.c new file mode 100644 index 0000000..3de4f86 --- /dev/null +++ b/crypto/heimdal/admin/change.c @@ -0,0 +1,224 @@ +/* + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" + +RCSID("$Id: change.c,v 1.1 2000/01/02 04:41:00 assar Exp $"); + +static void +change_entry (krb5_context context, krb5_keytab_entry *entry, + const char *realm, const char *admin_server, int server_port) +{ + krb5_error_code ret; + kadm5_config_params conf; + void *kadm_handle; + char *client_name; + krb5_keyblock *keys; + int num_keys; + int i; + + ret = krb5_unparse_name (context, entry->principal, &client_name); + if (ret) { + krb5_warn (context, ret, "kadm5_c_init_with_skey_ctx"); + return; + } + + memset (&conf, 0, sizeof(conf)); + + if(realm) + conf.realm = (char *)realm; + else + conf.realm = *krb5_princ_realm (context, entry->principal); + conf.mask |= KADM5_CONFIG_REALM; + + if (admin_server) { + conf.admin_server = (char *)admin_server; + conf.mask |= KADM5_CONFIG_ADMIN_SERVER; + } + + if (server_port) { + conf.kadmind_port = htons(server_port); + conf.mask |= KADM5_CONFIG_KADMIND_PORT; + } + + ret = kadm5_init_with_skey_ctx (context, + client_name, + keytab_string, + KADM5_ADMIN_SERVICE, + &conf, 0, 0, + &kadm_handle); + free (client_name); + if (ret) { + krb5_warn (context, ret, "kadm5_c_init_with_skey_ctx"); + return; + } + ret = kadm5_randkey_principal (kadm_handle, entry->principal, + &keys, &num_keys); + kadm5_destroy (kadm_handle); + if (ret) { + krb5_warn(context, ret, "kadm5_randkey_principal"); + return; + } + for (i = 0; i < num_keys; ++i) { + krb5_keytab_entry new_entry; + + new_entry = *entry; + new_entry.timestamp = time (NULL); + ++new_entry.vno; + new_entry.keyblock = keys[i]; + + ret = krb5_kt_add_entry (context, keytab, &new_entry); + if (ret) + krb5_warn (context, ret, "krb5_kt_add_entry"); + krb5_free_keyblock_contents (context, &keys[i]); + } +} + +/* + * loop over all the entries in the keytab (or those given) and change + * their keys, writing the new keys + */ + +int +kt_change (int argc, char **argv) +{ + krb5_error_code ret; + krb5_kt_cursor cursor; + krb5_keytab_entry entry; + char *realm = NULL; + char *admin_server = NULL; + int server_port = 0; + int help_flag = 0; + int optind = 0; + int j, max; + krb5_principal *princs; + + struct getargs args[] = { + { "realm", 'r', arg_string, NULL, + "realm to use", "realm" + }, + { "admin-server", 'a', arg_string, NULL, + "server to contact", "host" + }, + { "server-port", 's', arg_integer, NULL, + "port to contact", "port number" + }, + { "help", 'h', arg_flag, NULL } + }; + + args[0].value = &realm; + args[1].value = &admin_server; + args[2].value = &server_port; + args[3].value = &help_flag; + + if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind) + || help_flag) { + arg_printusage(args, sizeof(args) / sizeof(args[0]), + "ktutil change", "principal..."); + return 0; + } + + j = 0; + max = 10; + princs = malloc (max * sizeof(*princs)); + if (princs == NULL) { + krb5_warnx (context, "malloc: out of memory"); + return 1; + } + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if(ret){ + krb5_warn(context, ret, "krb5_kt_start_seq_get"); + return 1; + } + + while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) { + int i; + int done = 0; + + for (i = 0; i < j; ++i) + if (krb5_principal_compare (context, princs[i], + entry.principal)) + break; + if (i < j) + continue; + + if (optind == argc) { + change_entry (context, &entry, realm, admin_server, server_port); + done = 1; + } else { + for (i = optind; i < argc; ++i) { + krb5_principal princ; + + ret = krb5_parse_name (context, argv[i], &princ); + if (ret) { + krb5_warn (context, ret, "krb5_parse_name %s", argv[i]); + continue; + } + if (krb5_principal_compare (context, princ, entry.principal)) { + change_entry (context, &entry, + realm, admin_server, server_port); + done = 1; + } + krb5_free_principal (context, princ); + } + } + if (done) { + if (j >= max) { + void *tmp; + + max *= 2; + tmp = realloc (princs, max * sizeof(*princs)); + if (tmp == NULL) { + krb5_kt_free_entry (context, &entry); + krb5_warnx (context, "realloc: out of memory"); + break; + } + princs = tmp; + } + ret = krb5_copy_principal (context, entry.principal, &princs[j]); + if (ret) { + krb5_warn (context, ret, "krb5_copy_principal"); + krb5_kt_free_entry (context, &entry); + break; + } + ++j; + } + krb5_kt_free_entry (context, &entry); + } + while (j-- > 0) + krb5_free_principal (context, princs[j]); + free (princs); + ret = krb5_kt_end_seq_get(context, keytab, &cursor); + return 0; +} diff --git a/crypto/heimdal/admin/copy.c b/crypto/heimdal/admin/copy.c new file mode 100644 index 0000000..d846610 --- /dev/null +++ b/crypto/heimdal/admin/copy.c @@ -0,0 +1,119 @@ +/* + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" + +RCSID("$Id: copy.c,v 1.1 2000/01/02 04:41:01 assar Exp $"); + +int +kt_copy (int argc, char **argv) +{ + krb5_error_code ret; + int help_flag = 0; + int optind = 0; + krb5_keytab src_keytab, dst_keytab; + krb5_kt_cursor cursor; + krb5_keytab_entry entry; + + struct getargs args[] = { + { "help", 'h', arg_flag, NULL} + }; + + int num_args = sizeof(args) / sizeof(args[0]); + int i = 0; + + args[i++].value = &help_flag; + + if(getarg(args, num_args, argc, argv, &optind)) { + arg_printusage(args, num_args, "ktutil copy", + "keytab-src keytab-dest"); + return 0; + } + if (help_flag) { + arg_printusage(args, num_args, "ktutil copy", + "keytab-src keytab-dest"); + return 0; + } + + argv += optind; + argc -= optind; + + if (argc != 2) { + arg_printusage(args, num_args, "ktutil copy", + "keytab-src keytab-dest"); + return 0; + } + + ret = krb5_kt_resolve (context, argv[0], &src_keytab); + if (ret) { + krb5_warn (context, ret, "resolving src keytab `%s'", argv[0]); + return 0; + } + + ret = krb5_kt_resolve (context, argv[1], &dst_keytab); + if (ret) { + krb5_kt_close (context, src_keytab); + krb5_warn (context, ret, "resolving dst keytab `%s'", argv[1]); + return 0; + } + + ret = krb5_kt_start_seq_get (context, src_keytab, &cursor); + if (ret) { + krb5_warn (context, ret, "krb5_kt_start_seq_get"); + goto fail; + } + + while((ret = krb5_kt_next_entry(context, src_keytab, + &entry, &cursor)) == 0) { + ret = krb5_kt_add_entry (context, dst_keytab, &entry); + if (verbose_flag) { + char *name_str; + + krb5_unparse_name (context, entry.principal, &name_str); + printf ("copying %s\n", name_str); + free (name_str); + } + + krb5_kt_free_entry (context, &entry); + if (ret) { + krb5_warn (context, ret, "krb5_kt_add_entry"); + break; + } + } + krb5_kt_end_seq_get (context, src_keytab, &cursor); + +fail: + krb5_kt_close (context, src_keytab); + krb5_kt_close (context, dst_keytab); + return 0; +} diff --git a/crypto/heimdal/admin/get.c b/crypto/heimdal/admin/get.c new file mode 100644 index 0000000..143ffa2 --- /dev/null +++ b/crypto/heimdal/admin/get.c @@ -0,0 +1,162 @@ +/* + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" + +RCSID("$Id: get.c,v 1.15 2000/01/02 04:41:01 assar Exp $"); + +int +kt_get(int argc, char **argv) +{ + krb5_error_code ret; + kadm5_config_params conf; + void *kadm_handle; + char *principal = NULL; + char *realm = NULL; + char *admin_server = NULL; + int server_port = 0; + int help_flag = 0; + int optind = 0; + int i, j; + + struct getargs args[] = { + { "principal", 'p', arg_string, NULL, + "admin principal", "principal" + }, + { "realm", 'r', arg_string, NULL, + "realm to use", "realm" + }, + { "admin-server", 'a', arg_string, NULL, + "server to contact", "host" + }, + { "server-port", 's', arg_integer, NULL, + "port to contact", "port number" + }, + { "help", 'h', arg_flag, NULL } + }; + + args[0].value = &principal; + args[1].value = &realm; + args[2].value = &admin_server; + args[3].value = &server_port; + args[4].value = &help_flag; + + memset(&conf, 0, sizeof(conf)); + + if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind) + || help_flag) { + arg_printusage(args, sizeof(args) / sizeof(args[0]), + "ktutil get", "principal..."); + return 0; + } + + if(realm) { + krb5_set_default_realm(context, realm); /* XXX should be fixed + some other way */ + conf.realm = realm; + conf.mask |= KADM5_CONFIG_REALM; + } + + if (admin_server) { + conf.admin_server = admin_server; + conf.mask |= KADM5_CONFIG_ADMIN_SERVER; + } + + if (server_port) { + conf.kadmind_port = htons(server_port); + conf.mask |= KADM5_CONFIG_KADMIND_PORT; + } + + ret = kadm5_init_with_password_ctx(context, + principal, + NULL, + KADM5_ADMIN_SERVICE, + &conf, 0, 0, + &kadm_handle); + if(ret) { + krb5_warn(context, ret, "kadm5_init_with_password"); + return 0; + } + + + for(i = optind; i < argc; i++){ + krb5_principal princ_ent; + kadm5_principal_ent_rec princ; + int mask = 0; + krb5_keyblock *keys; + int n_keys; + int created = 0; + krb5_keytab_entry entry; + + ret = krb5_parse_name(context, argv[i], &princ_ent); + memset(&princ, 0, sizeof(princ)); + princ.principal = princ_ent; + mask |= KADM5_PRINCIPAL; + princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX; + mask |= KADM5_ATTRIBUTES; + princ.princ_expire_time = 0; + mask |= KADM5_PRINC_EXPIRE_TIME; + + ret = kadm5_create_principal(kadm_handle, &princ, mask, "x"); + if(ret == 0) + created++; + else if(ret != KADM5_DUP) { + krb5_free_principal(context, princ_ent); + continue; + } + ret = kadm5_randkey_principal(kadm_handle, princ_ent, &keys, &n_keys); + + ret = kadm5_get_principal(kadm_handle, princ_ent, &princ, + KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES); + princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX); + mask = KADM5_ATTRIBUTES; + if(created) { + princ.kvno = 1; + mask |= KADM5_KVNO; + } + ret = kadm5_modify_principal(kadm_handle, &princ, mask); + for(j = 0; j < n_keys; j++) { + entry.principal = princ_ent; + entry.vno = princ.kvno; + entry.keyblock = keys[j]; + entry.timestamp = time (NULL); + ret = krb5_kt_add_entry(context, keytab, &entry); + krb5_free_keyblock_contents(context, &keys[j]); + } + + kadm5_free_principal_ent(kadm_handle, &princ); + krb5_free_principal(context, princ_ent); + } + kadm5_destroy(kadm_handle); + return 0; +} diff --git a/crypto/heimdal/admin/ktutil.8 b/crypto/heimdal/admin/ktutil.8 new file mode 100644 index 0000000..b70fc93 --- /dev/null +++ b/crypto/heimdal/admin/ktutil.8 @@ -0,0 +1,119 @@ +.\" $Id: ktutil.8,v 1.6 2000/01/02 05:07:50 assar Exp $ +.\" +.Dd Aug 27, 1997 +.Dt KTUTIL 8 +.Os HEIMDAL +.Sh NAME +.Nm ktutil +.Ar command +.Nd +handle a keytab +.Sh SYNOPSIS +.Nm +.Op Fl k Ar keytab +.Op Fl -keytab= Ns Ar keytab +.Op Fl v +.Op Fl -version +.Op Fl h +.Op Fl -help +.Ar command +.Sh DESCRIPTION +.Nm +is a program for managing keytabs. +.Ar command +can be one of the following: +.Bl -tag -width Ds +.It add Xo +.Op Fl p Ar principal +.Op Fl -principal= Ns Ar principal +.Op Fl V Ar kvno +.Op Fl -kvno= Ns Ar kvno +.Op Fl e Ar encype +.Op Fl -enctype= Ns Ar enctype +.Op Fl w Ar password +.Op Fl -password= Ns Ar password +.Op Fl r +.Op Fl -random +.Op Fl s +.Op Fl -no-salt +.Xc +Adds a key to the keytab. Options that are not specified will be +prompted for. +.It change Xo +.Op Fl r Ar realm +.Op Fl -realm= Ns Ar realm +.Op Fl -a Ar host +.Op Fl -admin-server= Ns Ar hots +.Op Fl -s Ar port +.Op Fl -server-port= Ns Ar port +.Xc +Update one or several keys to new versions. By default, use the admin +server for the realm of an keytab entry. Otherwise it will use the +values specified by the options. +.Pp +If no principals are given, all the ones in the keytab are updated. +.It copy Xo +.Ar keytab-src +.Ar keytab-dest +.Xc +Copies all the entries from +.Ar keytab-src +to +.Ar keytab-dest . +.It get Xo +.Op Fl p Ar admin principal +.Op Fl -principal= Ns Ar admin principal +.Op Fl r Ar realm +.Op Fl -realm= Ns Ar realm +.Op Fl a Ar admin server +.Op Fl -admin-server= Ns Ar admin server +.Op Fl s Ar server port +.Op Fl -server-port= Ns Ar server port +.Ar principal +.Xc +Get a key for +.Nm principal +and store it in a keytab. +.It list +List the keys stored in the keytab. +.It remove Xo +.Op Fl p Ar principal +.Op Fl -principal= Ns Ar principal +.Op Fl V kvno +.Op Fl -kvno= Ns Ar kvno +.Op Fl e enctype +.Op Fl -enctype= Ns Ar enctype +.Xc +Removes the specified key or keys. Not specifying a +.Ar kvno +removes keys with any version number. Not specifying a +.Ar enctype +removes keys of any type. +.It purge Xo +.Op Fl -age= Ns Ar age +.Xc +Removes all old entries (for which there is a newer version) that are +older than +.Ar age +seconds. +.It srvconvert +.It srv2keytab Xo +.Op Fl s Ar srvtab +.Op Fl -srvtab= Ns Ar srvtab +.Xc +Converts the version 4 srvtab in +.Ar srvtab +to a version 5 keytab and stores it in +.Ar keytab . +.It srvcreate +.It key2srvtab Xo +.Op Fl s Ar srvtab +.Op Fl -srvtab= Ns Ar srvtab +.Xc +Converts the version 5 keytab in +.Ar keytab +to a version 4 srvtab and stores it in +.Ar srvtab . +.El +.Sh SEE ALSO +.Xr kadmin 8 diff --git a/crypto/heimdal/admin/ktutil.c b/crypto/heimdal/admin/ktutil.c new file mode 100644 index 0000000..4893f2d --- /dev/null +++ b/crypto/heimdal/admin/ktutil.c @@ -0,0 +1,155 @@ +/* + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" + +RCSID("$Id: ktutil.c,v 1.25 2000/01/02 05:07:34 assar Exp $"); + +int help_flag; +int version_flag; +int verbose_flag; +char *keytab_string; + +static int help(int argc, char **argv); + +static SL_cmd cmds[] = { + { "add", kt_add, "add", + "adds key to keytab" }, + { "change", kt_change, "change [principal...]", + "get new key for principals (all)" }, + { "copy", kt_copy, "copy src dst", + "copy one keytab to another" }, + { "get", kt_get, "get [principal...]", + "create key in database and add to keytab" }, + { "list", kt_list, "list", + "shows contents of a keytab" }, + { "purge", kt_purge, "purge", + "remove old and superceeded entries" }, + { "remove", kt_remove, "remove", + "remove key from keytab" }, + { "srvconvert", srvconv, "srvconvert [flags]", + "convert v4 srvtab to keytab" }, + { "srv2keytab" }, + { "srvcreate", srvcreate, "srvcreate [flags]", + "convert keytab to v4 srvtab" }, + { "key2srvtab" }, + { "help", help, "help", "" }, + { NULL, NULL, NULL, NULL } +}; + +static struct getargs args[] = { + { + "version", + 0, + arg_flag, + &version_flag, + NULL, + NULL + }, + { + "help", + 'h', + arg_flag, + &help_flag, + NULL, + NULL + }, + { + "keytab", + 'k', + arg_string, + &keytab_string, + "keytab", + "keytab to operate on" + }, + { + "verbose", + 'v', + arg_flag, + &verbose_flag, + "verbose", + "run verbosely" + } +}; + +static int num_args = sizeof(args) / sizeof(args[0]); + +krb5_context context; +krb5_keytab keytab; + +static int +help(int argc, char **argv) +{ + sl_help(cmds, argc, argv); + return 0; +} + +static void +usage(int status) +{ + arg_printusage(args, num_args, NULL, "command"); + exit(status); +} + +int +main(int argc, char **argv) +{ + int optind = 0; + krb5_error_code ret; + set_progname(argv[0]); + krb5_init_context(&context); + if(getarg(args, num_args, argc, argv, &optind)) + usage(1); + if(help_flag) + usage(0); + if(version_flag) { + print_version(NULL); + exit(0); + } + argc -= optind; + argv += optind; + if(argc == 0) + usage(1); + if(keytab_string) { + ret = krb5_kt_resolve(context, keytab_string, &keytab); + } else { + ret = krb5_kt_default(context, &keytab); + } + if(ret) + krb5_err(context, 1, ret, "resolving keytab"); + ret = sl_command(cmds, argc, argv); + if(ret == -1) + krb5_warnx (context, "unrecognized command: %s", argv[0]); + krb5_kt_close(context, keytab); + return ret; +} diff --git a/crypto/heimdal/admin/ktutil_locl.h b/crypto/heimdal/admin/ktutil_locl.h new file mode 100644 index 0000000..6a45f51 --- /dev/null +++ b/crypto/heimdal/admin/ktutil_locl.h @@ -0,0 +1,81 @@ +/* + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: ktutil_locl.h,v 1.9 2000/01/06 08:03:06 assar Exp $ + */ + +#ifndef __KTUTIL_LOCL_H__ +#define __KTUTIL_LOCL_H__ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#include <roken.h> + +#include <krb5.h> +#include <kadm5/admin.h> +#include <kadm5/kadm5_err.h> + +#include <sl.h> +#include <getarg.h> + +extern krb5_context context; +extern krb5_keytab keytab; + +extern int help_flag; +extern int version_flag; +extern int verbose_flag; +extern char *keytab_string; + +int kt_add (int argc, char **argv); +int kt_change (int argc, char **argv); +int kt_copy (int argc, char **argv); +int kt_get (int argc, char **argv); +int kt_list(int argc, char **argv); +int kt_purge(int argc, char **argv); +int kt_remove(int argc, char **argv); +int srvconv(int argc, char **argv); +int srvcreate(int argc, char **argv); + +#endif /* __KTUTIL_LOCL_H__ */ diff --git a/crypto/heimdal/admin/list.c b/crypto/heimdal/admin/list.c new file mode 100644 index 0000000..1924a21 --- /dev/null +++ b/crypto/heimdal/admin/list.c @@ -0,0 +1,83 @@ +/* + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" + +RCSID("$Id: list.c,v 1.1 2000/01/02 04:41:02 assar Exp $"); + +int +kt_list(int argc, char **argv) +{ + krb5_error_code ret; + krb5_kt_cursor cursor; + krb5_keytab_entry entry; + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if(ret){ + krb5_warn(context, ret, "krb5_kt_start_seq_get"); + return 1; + } + printf("%s", "Version"); + printf(" "); + printf("%-15s", "Type"); + printf(" "); + printf("%s", "Principal"); + printf("\n"); + while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){ + char *p; + printf(" %3d ", entry.vno); + printf(" "); + ret = krb5_enctype_to_string(context, entry.keyblock.keytype, &p); + if (ret != 0) + asprintf(&p, "unknown (%d)", entry.keyblock.keytype); + printf("%-15s", p); + free(p); + printf(" "); + krb5_unparse_name(context, entry.principal, &p); + printf("%s ", p); + free(p); + printf("\n"); + if (verbose_flag) { + char tstamp[256]; + struct tm *tm; + time_t ts = entry.timestamp; + + tm = gmtime (&ts); + strftime (tstamp, sizeof(tstamp), "%Y-%m-%d %H:%M:%S UTC", tm); + printf(" Timestamp: %s\n", tstamp); + } + krb5_kt_free_entry(context, &entry); + } + ret = krb5_kt_end_seq_get(context, keytab, &cursor); + return 0; +} diff --git a/crypto/heimdal/admin/purge.c b/crypto/heimdal/admin/purge.c new file mode 100644 index 0000000..3e262c5 --- /dev/null +++ b/crypto/heimdal/admin/purge.c @@ -0,0 +1,175 @@ +/* + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" + +RCSID("$Id: purge.c,v 1.1 2000/01/02 05:06:50 assar Exp $"); + +/* + * keep track of the highest version for every principal. + */ + +struct e { + krb5_principal principal; + int max_vno; + struct e *next; +}; + +static struct e * +get_entry (krb5_principal princ, struct e *head) +{ + struct e *e; + + for (e = head; e != NULL; e = e->next) + if (krb5_principal_compare (context, princ, e->principal)) + return e; + return NULL; +} + +static void +add_entry (krb5_principal princ, int vno, struct e **head) +{ + krb5_error_code ret; + struct e *e; + + e = get_entry (princ, *head); + if (e != NULL) { + e->max_vno = max (e->max_vno, vno); + return; + } + e = malloc (sizeof (*e)); + if (e == NULL) + krb5_errx (context, 1, "malloc: out of memory"); + ret = krb5_copy_principal (context, princ, &e->principal); + if (ret) + krb5_err (context, 1, ret, "krb5_copy_principal"); + e->max_vno = vno; + e->next = *head; + *head = e; +} + +static void +delete_list (struct e *head) +{ + while (head != NULL) { + struct e *next = head->next; + krb5_free_principal (context, head->principal); + free (head); + head = next; + } +} + +/* + * Remove all entries that have newer versions and that are older + * than `age' + */ + +int +kt_purge(int argc, char **argv) +{ + krb5_error_code ret; + krb5_kt_cursor cursor; + krb5_keytab_entry entry; + int help_flag = 0; + int age = 7 * 24 * 60 * 60; + struct getargs args[] = { + { "age", 0, arg_integer, NULL, "age to retire" }, + { "help", 'h', arg_flag, NULL } + }; + int num_args = sizeof(args) / sizeof(args[0]); + int optind = 0; + int i = 0; + struct e *head = NULL; + time_t judgement_day; + + args[i++].value = &age; + args[i++].value = &help_flag; + + if(getarg(args, num_args, argc, argv, &optind)) { + arg_printusage(args, num_args, "ktutil remove", ""); + return 0; + } + if(help_flag) { + arg_printusage(args, num_args, "ktutil remove", ""); + return 0; + } + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if(ret){ + krb5_warn(context, ret, "krb5_kt_start_seq_get"); + return 1; + } + + while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) { + add_entry (entry.principal, entry.vno, &head); + krb5_kt_free_entry(context, &entry); + } + ret = krb5_kt_end_seq_get(context, keytab, &cursor); + + judgement_day = time (NULL); + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if(ret){ + krb5_warn(context, ret, "krb5_kt_start_seq_get"); + return 1; + } + + while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) { + struct e *e = get_entry (entry.principal, head); + + if (e == NULL) { + krb5_warnx (context, "ignoring extra entry"); + continue; + } + + if (entry.vno < e->max_vno + && judgement_day - entry.timestamp > age) { + if (verbose_flag) { + char *name_str; + + krb5_unparse_name (context, entry.principal, &name_str); + printf ("removing %s vno %d\n", name_str, entry.vno); + free (name_str); + } + ret = krb5_kt_remove_entry (context, keytab, &entry); + if (ret) + krb5_warn (context, ret, "remove"); + } + krb5_kt_free_entry(context, &entry); + } + ret = krb5_kt_end_seq_get(context, keytab, &cursor); + + delete_list (head); + + return 0; +} diff --git a/crypto/heimdal/admin/remove.c b/crypto/heimdal/admin/remove.c new file mode 100644 index 0000000..e19de0a --- /dev/null +++ b/crypto/heimdal/admin/remove.c @@ -0,0 +1,107 @@ +/* + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" + +RCSID("$Id: remove.c,v 1.1 2000/01/02 04:41:02 assar Exp $"); + +int +kt_remove(int argc, char **argv) +{ + krb5_error_code ret; + krb5_keytab_entry entry; + char *principal_string = NULL; + krb5_principal principal = NULL; + int kvno = 0; + char *keytype_string = NULL; + krb5_enctype enctype = 0; + int help_flag = 0; + struct getargs args[] = { + { "principal", 'p', arg_string, NULL, "principal to remove" }, + { "kvno", 'V', arg_integer, NULL, "key version to remove" }, + { "enctype", 'e', arg_string, NULL, "enctype to remove" }, + { "help", 'h', arg_flag, NULL } + }; + int num_args = sizeof(args) / sizeof(args[0]); + int optind = 0; + int i = 0; + args[i++].value = &principal_string; + args[i++].value = &kvno; + args[i++].value = &keytype_string; + args[i++].value = &help_flag; + if(getarg(args, num_args, argc, argv, &optind)) { + arg_printusage(args, num_args, "ktutil remove", ""); + return 0; + } + if(help_flag) { + arg_printusage(args, num_args, "ktutil remove", ""); + return 0; + } + if(principal_string) { + ret = krb5_parse_name(context, principal_string, &principal); + if(ret) { + krb5_warn(context, ret, "%s", principal_string); + return 0; + } + } + if(keytype_string) { + ret = krb5_string_to_enctype(context, keytype_string, &enctype); + if(ret) { + int t; + if(sscanf(keytype_string, "%d", &t) == 1) + enctype = t; + else { + krb5_warn(context, ret, "%s", keytype_string); + if(principal) + krb5_free_principal(context, principal); + return 0; + } + } + } + if (!principal && !enctype && !kvno) { + krb5_warnx(context, + "You must give at least one of " + "principal, enctype or kvno."); + return 0; + } + entry.principal = principal; + entry.keyblock.keytype = enctype; + entry.vno = kvno; + ret = krb5_kt_remove_entry(context, keytab, &entry); + if(ret) + krb5_warn(context, ret, "remove"); + if(principal) + krb5_free_principal(context, principal); + return 0; +} + diff --git a/crypto/heimdal/admin/srvconvert.c b/crypto/heimdal/admin/srvconvert.c new file mode 100644 index 0000000..e4a2b11 --- /dev/null +++ b/crypto/heimdal/admin/srvconvert.c @@ -0,0 +1,181 @@ +/* + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" + +RCSID("$Id: srvconvert.c,v 1.11 2000/01/02 03:56:21 assar Exp $"); + +/* convert a version 4 srvtab to a version 5 keytab */ + +#ifndef KEYFILE +#define KEYFILE "/etc/srvtab" +#endif + +static char *srvtab = KEYFILE; +static int help_flag; +static int verbose; + +static struct getargs args[] = { + { "srvtab", 's', arg_string, &srvtab, "srvtab to convert", "file" }, + { "help", 'h', arg_flag, &help_flag }, + { "verbose", 'v', arg_flag, &verbose }, +}; + +static int num_args = sizeof(args) / sizeof(args[0]); + +int +srvconv(int argc, char **argv) +{ + krb5_error_code ret; + int optind = 0; + int fd; + krb5_storage *sp; + + if(getarg(args, num_args, argc, argv, &optind)){ + arg_printusage(args, num_args, "ktutil srvconvert", ""); + return 1; + } + if(help_flag){ + arg_printusage(args, num_args, "ktutil srvconvert", ""); + return 0; + } + + argc -= optind; + argv += optind; + + if (argc != 0) { + arg_printusage(args, num_args, "ktutil srvconvert", ""); + return 1; + } + + fd = open(srvtab, O_RDONLY); + if(fd < 0){ + krb5_warn(context, errno, "%s", srvtab); + return 1; + } + sp = krb5_storage_from_fd(fd); + if(sp == NULL){ + close(fd); + return 1; + } + while(1){ + char *service, *instance, *realm; + int8_t kvno; + des_cblock key; + krb5_keytab_entry entry; + + ret = krb5_ret_stringz(sp, &service); + if(ret == KRB5_CC_END) { + ret = 0; + break; + } + if(ret) { + krb5_warn(context, ret, "reading service"); + break; + } + ret = krb5_ret_stringz(sp, &instance); + if(ret) { + krb5_warn(context, ret, "reading instance"); + free(service); + break; + } + ret = krb5_ret_stringz(sp, &realm); + if(ret) { + krb5_warn(context, ret, "reading realm"); + free(service); + free(instance); + break; + } + ret = krb5_425_conv_principal(context, service, instance, realm, + &entry.principal); + free(service); + free(instance); + free(realm); + if (ret) { + krb5_warn(context, ret, "krb5_425_conv_principal (%s.%s@%s)", + service, instance, realm); + break; + } + + ret = krb5_ret_int8(sp, &kvno); + if(ret) { + krb5_warn(context, ret, "reading kvno"); + krb5_free_principal(context, entry.principal); + break; + } + ret = sp->fetch(sp, key, 8); + if(ret < 0){ + krb5_warn(context, errno, "reading key"); + krb5_free_principal(context, entry.principal); + break; + } + if(ret < 8) { + krb5_warn(context, errno, "end of file while reading key"); + krb5_free_principal(context, entry.principal); + break; + } + + entry.vno = kvno; + entry.timestamp = time (NULL); + entry.keyblock.keyvalue.data = key; + entry.keyblock.keyvalue.length = 8; + + if(verbose){ + char *p; + ret = krb5_unparse_name(context, entry.principal, &p); + if(ret){ + krb5_warn(context, ret, "krb5_unparse_name"); + krb5_free_principal(context, entry.principal); + break; + } else{ + fprintf(stderr, "Storing keytab for %s\n", p); + free(p); + } + + } + entry.keyblock.keytype = ETYPE_DES_CBC_MD5; + ret = krb5_kt_add_entry(context, keytab, &entry); + entry.keyblock.keytype = ETYPE_DES_CBC_MD4; + ret = krb5_kt_add_entry(context, keytab, &entry); + entry.keyblock.keytype = ETYPE_DES_CBC_CRC; + ret = krb5_kt_add_entry(context, keytab, &entry); + krb5_free_principal(context, entry.principal); + if(ret) { + krb5_warn(context, ret, "krb5_kt_add_entry"); + break; + } + } + krb5_storage_free(sp); + close(fd); + return ret; +} diff --git a/crypto/heimdal/admin/srvcreate.c b/crypto/heimdal/admin/srvcreate.c new file mode 100644 index 0000000..bc86bc8 --- /dev/null +++ b/crypto/heimdal/admin/srvcreate.c @@ -0,0 +1,124 @@ +/* + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" + +RCSID("$Id: srvcreate.c,v 1.3 1999/12/02 17:04:53 joda Exp $"); + +/* convert a version 5 keytab to a version 4 srvtab */ + +#ifndef KEYFILE +#define KEYFILE "/etc/srvtab" +#endif + +static char *srvtab = KEYFILE; +static int help_flag; +static int verbose; + +static struct getargs args[] = { + { "srvtab", 's', arg_string, &srvtab, "srvtab to create", "file" }, + { "help", 'h', arg_flag, &help_flag }, + { "verbose", 'v', arg_flag, &verbose }, +}; + +static int num_args = sizeof(args) / sizeof(args[0]); + +int +srvcreate(int argc, char **argv) +{ + krb5_error_code ret; + int optind = 0; + int fd; + krb5_kt_cursor cursor; + krb5_keytab_entry entry; + char service[100], instance[100], realm[100]; + int8_t kvno; + + if(getarg(args, num_args, argc, argv, &optind)){ + arg_printusage(args, num_args, "ktutil srvcreate", ""); + return 1; + } + if(help_flag){ + arg_printusage(args, num_args, "ktutil srvcreate", ""); + return 0; + } + + argc -= optind; + argv += optind; + + if (argc != 0) { + arg_printusage(args, num_args, "ktutil srvcreate", ""); + return 1; + } + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if(ret){ + krb5_warn(context, ret, "krb5_kt_start_seq_get"); + return 1; + } + + fd = open(srvtab, O_WRONLY |O_APPEND |O_CREAT, 0600); + if(fd < 0){ + krb5_warn(context, errno, "%s", srvtab); + return 1; + } + + while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){ + ret = krb5_524_conv_principal(context, entry.principal, + service, instance, realm); + if(ret) { + krb5_warn(context, ret, "krb5_524_conv_principal"); + close(fd); + return 1; + } + if ( (entry.keyblock.keyvalue.length == 8) && + (entry.keyblock.keytype == ETYPE_DES_CBC_MD5) ) { + if (verbose) { + printf ("%s.%s@%s vno %d\n", service, instance, realm, + entry.vno); + } + + write(fd, service, strlen(service)+1); + write(fd, instance, strlen(instance)+1); + write(fd, realm, strlen(realm)+1); + kvno = entry.vno; + write(fd, &kvno, sizeof(kvno)); + write(fd, entry.keyblock. keyvalue.data, 8); + } + krb5_kt_free_entry(context, &entry); + } + + close(fd); + ret = krb5_kt_end_seq_get(context, keytab, &cursor); + return ret; +} |
