diff options
Diffstat (limited to 'crypto/heimdal/admin/change.c')
-rw-r--r-- | crypto/heimdal/admin/change.c | 224 |
1 files changed, 224 insertions, 0 deletions
diff --git a/crypto/heimdal/admin/change.c b/crypto/heimdal/admin/change.c new file mode 100644 index 0000000..3de4f86 --- /dev/null +++ b/crypto/heimdal/admin/change.c @@ -0,0 +1,224 @@ +/* + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" + +RCSID("$Id: change.c,v 1.1 2000/01/02 04:41:00 assar Exp $"); + +static void +change_entry (krb5_context context, krb5_keytab_entry *entry, + const char *realm, const char *admin_server, int server_port) +{ + krb5_error_code ret; + kadm5_config_params conf; + void *kadm_handle; + char *client_name; + krb5_keyblock *keys; + int num_keys; + int i; + + ret = krb5_unparse_name (context, entry->principal, &client_name); + if (ret) { + krb5_warn (context, ret, "kadm5_c_init_with_skey_ctx"); + return; + } + + memset (&conf, 0, sizeof(conf)); + + if(realm) + conf.realm = (char *)realm; + else + conf.realm = *krb5_princ_realm (context, entry->principal); + conf.mask |= KADM5_CONFIG_REALM; + + if (admin_server) { + conf.admin_server = (char *)admin_server; + conf.mask |= KADM5_CONFIG_ADMIN_SERVER; + } + + if (server_port) { + conf.kadmind_port = htons(server_port); + conf.mask |= KADM5_CONFIG_KADMIND_PORT; + } + + ret = kadm5_init_with_skey_ctx (context, + client_name, + keytab_string, + KADM5_ADMIN_SERVICE, + &conf, 0, 0, + &kadm_handle); + free (client_name); + if (ret) { + krb5_warn (context, ret, "kadm5_c_init_with_skey_ctx"); + return; + } + ret = kadm5_randkey_principal (kadm_handle, entry->principal, + &keys, &num_keys); + kadm5_destroy (kadm_handle); + if (ret) { + krb5_warn(context, ret, "kadm5_randkey_principal"); + return; + } + for (i = 0; i < num_keys; ++i) { + krb5_keytab_entry new_entry; + + new_entry = *entry; + new_entry.timestamp = time (NULL); + ++new_entry.vno; + new_entry.keyblock = keys[i]; + + ret = krb5_kt_add_entry (context, keytab, &new_entry); + if (ret) + krb5_warn (context, ret, "krb5_kt_add_entry"); + krb5_free_keyblock_contents (context, &keys[i]); + } +} + +/* + * loop over all the entries in the keytab (or those given) and change + * their keys, writing the new keys + */ + +int +kt_change (int argc, char **argv) +{ + krb5_error_code ret; + krb5_kt_cursor cursor; + krb5_keytab_entry entry; + char *realm = NULL; + char *admin_server = NULL; + int server_port = 0; + int help_flag = 0; + int optind = 0; + int j, max; + krb5_principal *princs; + + struct getargs args[] = { + { "realm", 'r', arg_string, NULL, + "realm to use", "realm" + }, + { "admin-server", 'a', arg_string, NULL, + "server to contact", "host" + }, + { "server-port", 's', arg_integer, NULL, + "port to contact", "port number" + }, + { "help", 'h', arg_flag, NULL } + }; + + args[0].value = &realm; + args[1].value = &admin_server; + args[2].value = &server_port; + args[3].value = &help_flag; + + if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind) + || help_flag) { + arg_printusage(args, sizeof(args) / sizeof(args[0]), + "ktutil change", "principal..."); + return 0; + } + + j = 0; + max = 10; + princs = malloc (max * sizeof(*princs)); + if (princs == NULL) { + krb5_warnx (context, "malloc: out of memory"); + return 1; + } + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if(ret){ + krb5_warn(context, ret, "krb5_kt_start_seq_get"); + return 1; + } + + while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) { + int i; + int done = 0; + + for (i = 0; i < j; ++i) + if (krb5_principal_compare (context, princs[i], + entry.principal)) + break; + if (i < j) + continue; + + if (optind == argc) { + change_entry (context, &entry, realm, admin_server, server_port); + done = 1; + } else { + for (i = optind; i < argc; ++i) { + krb5_principal princ; + + ret = krb5_parse_name (context, argv[i], &princ); + if (ret) { + krb5_warn (context, ret, "krb5_parse_name %s", argv[i]); + continue; + } + if (krb5_principal_compare (context, princ, entry.principal)) { + change_entry (context, &entry, + realm, admin_server, server_port); + done = 1; + } + krb5_free_principal (context, princ); + } + } + if (done) { + if (j >= max) { + void *tmp; + + max *= 2; + tmp = realloc (princs, max * sizeof(*princs)); + if (tmp == NULL) { + krb5_kt_free_entry (context, &entry); + krb5_warnx (context, "realloc: out of memory"); + break; + } + princs = tmp; + } + ret = krb5_copy_principal (context, entry.principal, &princs[j]); + if (ret) { + krb5_warn (context, ret, "krb5_copy_principal"); + krb5_kt_free_entry (context, &entry); + break; + } + ++j; + } + krb5_kt_free_entry (context, &entry); + } + while (j-- > 0) + krb5_free_principal (context, princs[j]); + free (princs); + ret = krb5_kt_end_seq_get(context, keytab, &cursor); + return 0; +} |