summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/admin
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/admin')
-rw-r--r--crypto/heimdal/admin/Makefile.in16
-rw-r--r--crypto/heimdal/admin/add.c55
-rw-r--r--crypto/heimdal/admin/change.c41
-rw-r--r--crypto/heimdal/admin/copy.c23
-rw-r--r--crypto/heimdal/admin/get.c99
-rw-r--r--crypto/heimdal/admin/ktutil.86
-rw-r--r--crypto/heimdal/admin/ktutil.c20
-rw-r--r--crypto/heimdal/admin/ktutil.cat871
-rw-r--r--crypto/heimdal/admin/list.c68
-rw-r--r--crypto/heimdal/admin/purge.c43
-rw-r--r--crypto/heimdal/admin/remove.c35
11 files changed, 363 insertions, 114 deletions
diff --git a/crypto/heimdal/admin/Makefile.in b/crypto/heimdal/admin/Makefile.in
index 9c192ad..44df52e 100644
--- a/crypto/heimdal/admin/Makefile.in
+++ b/crypto/heimdal/admin/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
CHECK_LOCAL = $(PROGRAMS)
man_MANS = ktutil.8
@@ -254,7 +257,7 @@ OBJECTS = $(am_ktutil_OBJECTS)
all: all-redirect
.SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
cd $(top_srcdir) && $(AUTOMAKE) --foreign admin/Makefile
@@ -387,6 +390,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
|| etags $(ETAGS_ARGS) $$tags $$unique $(LISP)
+GTAGS:
+ here=`CDPATH=: && cd $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $$here
+
mostlyclean-tags:
clean-tags:
diff --git a/crypto/heimdal/admin/add.c b/crypto/heimdal/admin/add.c
index 954b5f8..5ad6517 100644
--- a/crypto/heimdal/admin/add.c
+++ b/crypto/heimdal/admin/add.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,12 +33,13 @@
#include "ktutil_locl.h"
-RCSID("$Id: add.c,v 1.1 2000/01/02 04:41:00 assar Exp $");
+RCSID("$Id: add.c,v 1.2 2001/05/10 15:39:15 assar Exp $");
int
kt_add(int argc, char **argv)
{
krb5_error_code ret;
+ krb5_keytab keytab;
krb5_keytab_entry entry;
char buf[128];
char *principal_string = NULL;
@@ -71,30 +72,47 @@ kt_add(int argc, char **argv)
if(getarg(args, num_args, argc, argv, &optind)) {
arg_printusage(args, num_args, "ktutil add", "");
- return 0;
+ return 1;
}
if(help_flag) {
arg_printusage(args, num_args, "ktutil add", "");
- return 0;
+ return 1;
}
+ if (keytab_string == NULL) {
+ ret = krb5_kt_default_modify_name (context, keytab_buf,
+ sizeof(keytab_buf));
+ if (ret) {
+ krb5_warn(context, ret, "krb5_kt_default_modify_name");
+ return 1;
+ }
+ keytab_string = keytab_buf;
+ }
+ ret = krb5_kt_resolve(context, keytab_string, &keytab);
+ if (ret) {
+ krb5_warn(context, ret, "resolving keytab %s", keytab_string);
+ return 1;
+ }
+
+ if (verbose_flag)
+ fprintf (stderr, "Using keytab %s\n", keytab_string);
+
+ memset(&entry, 0, sizeof(entry));
if(principal_string == NULL) {
printf("Principal: ");
if (fgets(buf, sizeof(buf), stdin) == NULL)
- return 0;
+ return 1;
buf[strcspn(buf, "\r\n")] = '\0';
principal_string = buf;
}
ret = krb5_parse_name(context, principal_string, &entry.principal);
if(ret) {
krb5_warn(context, ret, "%s", principal_string);
- return 0;
+ goto out;
}
if(enctype_string == NULL) {
printf("Encryption type: ");
- if (fgets(buf, sizeof(buf), stdin) == NULL) {
- krb5_free_principal (context, entry.principal);
- return 0;
- }
+ if (fgets(buf, sizeof(buf), stdin) == NULL)
+ goto out;
buf[strcspn(buf, "\r\n")] = '\0';
enctype_string = buf;
}
@@ -105,24 +123,19 @@ kt_add(int argc, char **argv)
enctype = t;
else {
krb5_warn(context, ret, "%s", enctype_string);
- krb5_free_principal(context, entry.principal);
- return 0;
+ goto out;
}
}
if(kvno == -1) {
printf("Key version: ");
- if (fgets(buf, sizeof(buf), stdin) == NULL) {
- krb5_free_principal (context, entry.principal);
- return 0;
- }
+ if (fgets(buf, sizeof(buf), stdin) == NULL)
+ goto out;
buf[strcspn(buf, "\r\n")] = '\0';
kvno = atoi(buf);
}
if(password_string == NULL && random_flag == 0) {
- if(des_read_pw_string(buf, sizeof(buf), "Password: ", 1)) {
- krb5_free_principal (context, entry.principal);
- return 0;
- }
+ if(des_read_pw_string(buf, sizeof(buf), "Password: ", 1))
+ goto out;
password_string = buf;
}
if(password_string) {
@@ -150,6 +163,8 @@ kt_add(int argc, char **argv)
ret = krb5_kt_add_entry(context, keytab, &entry);
if(ret)
krb5_warn(context, ret, "add");
+ out:
krb5_kt_free_entry(context, &entry);
+ krb5_kt_close(context, keytab);
return 0;
}
diff --git a/crypto/heimdal/admin/change.c b/crypto/heimdal/admin/change.c
index 128395a..c523dc4 100644
--- a/crypto/heimdal/admin/change.c
+++ b/crypto/heimdal/admin/change.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,10 +33,11 @@
#include "ktutil_locl.h"
-RCSID("$Id: change.c,v 1.2 2000/06/03 12:24:03 assar Exp $");
+RCSID("$Id: change.c,v 1.3 2001/05/10 15:40:07 assar Exp $");
static void
-change_entry (krb5_context context, krb5_keytab_entry *entry,
+change_entry (krb5_context context, krb5_keytab keytab,
+ krb5_keytab_entry *entry,
const char *realm, const char *admin_server, int server_port)
{
krb5_error_code ret;
@@ -49,7 +50,7 @@ change_entry (krb5_context context, krb5_keytab_entry *entry,
ret = krb5_unparse_name (context, entry->principal, &client_name);
if (ret) {
- krb5_warn (context, ret, "kadm5_c_init_with_skey_ctx");
+ krb5_warn (context, ret, "krb5_unparse_name");
return;
}
@@ -113,6 +114,7 @@ int
kt_change (int argc, char **argv)
{
krb5_error_code ret;
+ krb5_keytab keytab;
krb5_kt_cursor cursor;
krb5_keytab_entry entry;
char *realm = NULL;
@@ -145,21 +147,39 @@ kt_change (int argc, char **argv)
|| help_flag) {
arg_printusage(args, sizeof(args) / sizeof(args[0]),
"ktutil change", "principal...");
- return 0;
+ return 1;
}
+ if (keytab_string == NULL) {
+ ret = krb5_kt_default_modify_name (context, keytab_buf,
+ sizeof(keytab_buf));
+ if (ret) {
+ krb5_warn(context, ret, "krb5_kt_default_modify_name");
+ return 1;
+ }
+ keytab_string = keytab_buf;
+ }
+ ret = krb5_kt_resolve(context, keytab_string, &keytab);
+ if (ret) {
+ krb5_warn(context, ret, "resolving keytab %s", keytab_string);
+ return 1;
+ }
+
+ if (verbose_flag)
+ fprintf (stderr, "Using keytab %s\n", keytab_string);
+
j = 0;
max = 10;
princs = malloc (max * sizeof(*princs));
if (princs == NULL) {
krb5_warnx (context, "malloc: out of memory");
- return 1;
+ goto out;
}
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
if(ret){
krb5_warn(context, ret, "krb5_kt_start_seq_get %s", keytab_string);
- return 1;
+ goto out;
}
while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) {
@@ -174,7 +194,8 @@ kt_change (int argc, char **argv)
continue;
if (optind == argc) {
- change_entry (context, &entry, realm, admin_server, server_port);
+ change_entry (context, keytab, &entry, realm, admin_server,
+ server_port);
done = 1;
} else {
for (i = optind; i < argc; ++i) {
@@ -186,7 +207,7 @@ kt_change (int argc, char **argv)
continue;
}
if (krb5_principal_compare (context, princ, entry.principal)) {
- change_entry (context, &entry,
+ change_entry (context, keytab, &entry,
realm, admin_server, server_port);
done = 1;
}
@@ -220,5 +241,7 @@ kt_change (int argc, char **argv)
krb5_free_principal (context, princs[j]);
free (princs);
ret = krb5_kt_end_seq_get(context, keytab, &cursor);
+ out:
+ krb5_kt_close(context, keytab);
return 0;
}
diff --git a/crypto/heimdal/admin/copy.c b/crypto/heimdal/admin/copy.c
index d2b5069..a446d09 100644
--- a/crypto/heimdal/admin/copy.c
+++ b/crypto/heimdal/admin/copy.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "ktutil_locl.h"
-RCSID("$Id: copy.c,v 1.5 2000/12/16 00:45:29 joda Exp $");
+RCSID("$Id: copy.c,v 1.7 2001/05/11 00:54:01 assar Exp $");
static krb5_boolean
@@ -57,22 +57,25 @@ kt_copy_int (const char *from, const char *to)
ret = krb5_kt_resolve (context, from, &src_keytab);
if (ret) {
krb5_warn (context, ret, "resolving src keytab `%s'", from);
- return 0;
+ return 1;
}
ret = krb5_kt_resolve (context, to, &dst_keytab);
if (ret) {
krb5_kt_close (context, src_keytab);
krb5_warn (context, ret, "resolving dst keytab `%s'", to);
- return 0;
+ return 1;
}
ret = krb5_kt_start_seq_get (context, src_keytab, &cursor);
if (ret) {
krb5_warn (context, ret, "krb5_kt_start_seq_get %s", keytab_string);
- goto fail;
+ goto out;
}
+ if (verbose_flag)
+ fprintf(stderr, "copying %s to %s\n", from, to);
+
while((ret = krb5_kt_next_entry(context, src_keytab,
&entry, &cursor)) == 0) {
char *name_str;
@@ -121,7 +124,7 @@ kt_copy_int (const char *from, const char *to)
}
krb5_kt_end_seq_get (context, src_keytab, &cursor);
- fail:
+ out:
krb5_kt_close (context, src_keytab);
krb5_kt_close (context, dst_keytab);
return 0;
@@ -146,12 +149,12 @@ kt_copy (int argc, char **argv)
if(getarg(args, num_args, argc, argv, &optind)) {
arg_printusage(args, num_args, "ktutil copy",
"keytab-src keytab-dest");
- return 0;
+ return 1;
}
if (help_flag) {
arg_printusage(args, num_args, "ktutil copy",
"keytab-src keytab-dest");
- return 0;
+ return 1;
}
argv += optind;
@@ -160,7 +163,7 @@ kt_copy (int argc, char **argv)
if (argc != 2) {
arg_printusage(args, num_args, "ktutil copy",
"keytab-src keytab-dest");
- return 0;
+ return 1;
}
return kt_copy_int(argv[0], argv[1]);
@@ -220,7 +223,7 @@ conv(int srvconv, int argc, char **argv)
if(keytab_string != NULL)
return kt_copy_int(kt4, keytab_string);
else {
- krb5_kt_default_name(context, kt5, sizeof(kt5));
+ krb5_kt_default_modify_name(context, kt5, sizeof(kt5));
return kt_copy_int(kt4, kt5);
}
} else {
diff --git a/crypto/heimdal/admin/get.c b/crypto/heimdal/admin/get.c
index 5df72a1..c9d49dd 100644
--- a/crypto/heimdal/admin/get.c
+++ b/crypto/heimdal/admin/get.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,14 +33,15 @@
#include "ktutil_locl.h"
-RCSID("$Id: get.c,v 1.16 2000/12/31 02:51:43 assar Exp $");
+RCSID("$Id: get.c,v 1.18 2001/05/10 15:42:01 assar Exp $");
int
kt_get(int argc, char **argv)
{
- krb5_error_code ret;
+ krb5_error_code ret = 0;
+ krb5_keytab keytab;
kadm5_config_params conf;
- void *kadm_handle;
+ void *kadm_handle = NULL;
char *principal = NULL;
char *realm = NULL;
char *admin_server = NULL;
@@ -48,11 +49,16 @@ kt_get(int argc, char **argv)
int help_flag = 0;
int optind = 0;
int i, j;
+ struct getarg_strings etype_strs = {0, NULL};
+ krb5_enctype *etypes = NULL;
+ size_t netypes = 0;
struct getargs args[] = {
{ "principal", 'p', arg_string, NULL,
"admin principal", "principal"
},
+ { "enctypes", 'e', arg_strings, NULL,
+ "encryption types to use", "enctypes" },
{ "realm", 'r', arg_string, NULL,
"realm to use", "realm"
},
@@ -66,10 +72,11 @@ kt_get(int argc, char **argv)
};
args[0].value = &principal;
- args[1].value = &realm;
- args[2].value = &admin_server;
- args[3].value = &server_port;
- args[4].value = &help_flag;
+ args[1].value = &etype_strs;
+ args[2].value = &realm;
+ args[3].value = &admin_server;
+ args[4].value = &server_port;
+ args[5].value = &help_flag;
memset(&conf, 0, sizeof(conf));
@@ -77,9 +84,45 @@ kt_get(int argc, char **argv)
|| help_flag) {
arg_printusage(args, sizeof(args) / sizeof(args[0]),
"ktutil get", "principal...");
- return 0;
+ return 1;
}
+ if (keytab_string == NULL) {
+ ret = krb5_kt_default_modify_name (context, keytab_buf,
+ sizeof(keytab_buf));
+ if (ret) {
+ krb5_warn(context, ret, "krb5_kt_default_modify_name");
+ return 1;
+ }
+ keytab_string = keytab_buf;
+ }
+ ret = krb5_kt_resolve(context, keytab_string, &keytab);
+ if (ret) {
+ krb5_warn(context, ret, "resolving keytab %s", keytab_string);
+ return 1;
+ }
+
+ if (etype_strs.num_strings) {
+ int i;
+
+ etypes = malloc (etype_strs.num_strings * sizeof(*etypes));
+ if (etypes == NULL) {
+ krb5_warnx(context, "malloc failed");
+ goto out;
+ }
+ netypes = etype_strs.num_strings;
+ for(i = 0; i < netypes; i++) {
+ ret = krb5_string_to_enctype(context,
+ etype_strs.strings[i],
+ &etypes[i]);
+ if(ret) {
+ krb5_warnx(context, "unrecognized enctype: %s",
+ etype_strs.strings[i]);
+ goto out;
+ }
+ }
+ }
+
if(realm) {
krb5_set_default_realm(context, realm); /* XXX should be fixed
some other way */
@@ -105,10 +148,9 @@ kt_get(int argc, char **argv)
&kadm_handle);
if(ret) {
krb5_warn(context, ret, "kadm5_init_with_password");
- return 0;
+ goto out;
}
-
for(i = optind; i < argc; i++){
krb5_principal princ_ent;
kadm5_principal_ent_rec princ;
@@ -166,17 +208,38 @@ kt_get(int argc, char **argv)
continue;
}
for(j = 0; j < n_keys; j++) {
- entry.principal = princ_ent;
- entry.vno = princ.kvno;
- entry.keyblock = keys[j];
- entry.timestamp = time (NULL);
- ret = krb5_kt_add_entry(context, keytab, &entry);
+ int do_add = TRUE;
+
+ if (netypes) {
+ int i;
+
+ do_add = FALSE;
+ for (i = 0; i < netypes; ++i)
+ if (keys[j].keytype == etypes[i]) {
+ do_add = TRUE;
+ break;
+ }
+ }
+ if (do_add) {
+ entry.principal = princ_ent;
+ entry.vno = princ.kvno;
+ entry.keyblock = keys[j];
+ entry.timestamp = time (NULL);
+ ret = krb5_kt_add_entry(context, keytab, &entry);
+ if (ret)
+ krb5_warn(context, ret, "krb5_kt_add_entry");
+ }
krb5_free_keyblock_contents(context, &keys[j]);
}
kadm5_free_principal_ent(kadm_handle, &princ);
krb5_free_principal(context, princ_ent);
}
- kadm5_destroy(kadm_handle);
- return 0;
+ out:
+ free_getarg_strings(&etype_strs);
+ free(etypes);
+ if (kadm_handle)
+ kadm5_destroy(kadm_handle);
+ krb5_kt_close(context, keytab);
+ return ret != 0;
}
diff --git a/crypto/heimdal/admin/ktutil.8 b/crypto/heimdal/admin/ktutil.8
index b862258..48095c4 100644
--- a/crypto/heimdal/admin/ktutil.8
+++ b/crypto/heimdal/admin/ktutil.8
@@ -1,4 +1,4 @@
-.\" $Id: ktutil.8,v 1.9 2000/12/16 00:58:49 joda Exp $
+.\" $Id: ktutil.8,v 1.12 2001/06/08 21:35:31 joda Exp $
.\"
.Dd December 16, 2000
.Dt KTUTIL 8
@@ -63,6 +63,10 @@ to
.It get Xo
.Op Fl p Ar admin principal
.Op Fl -principal= Ns Ar admin principal
+.Oo Fl e Ar enctype \*(Ba Xo
+.Fl -enctypes= Ns Ar enctype
+.Xc
+.Oc
.Op Fl r Ar realm
.Op Fl -realm= Ns Ar realm
.Op Fl a Ar admin server
diff --git a/crypto/heimdal/admin/ktutil.c b/crypto/heimdal/admin/ktutil.c
index 35ca1c9..36f7cd8 100644
--- a/crypto/heimdal/admin/ktutil.c
+++ b/crypto/heimdal/admin/ktutil.c
@@ -34,14 +34,13 @@
#include "ktutil_locl.h"
#include <err.h>
-RCSID("$Id: ktutil.c,v 1.30 2001/01/25 12:44:37 assar Exp $");
+RCSID("$Id: ktutil.c,v 1.33 2001/05/10 16:04:27 assar Exp $");
static int help_flag;
static int version_flag;
int verbose_flag;
char *keytab_string;
-
-static char keytab_buf[256];
+char keytab_buf[256];
static int help(int argc, char **argv);
@@ -108,7 +107,6 @@ static struct getargs args[] = {
static int num_args = sizeof(args) / sizeof(args[0]);
krb5_context context;
-krb5_keytab keytab;
static int
help(int argc, char **argv)
@@ -129,7 +127,7 @@ main(int argc, char **argv)
{
int optind = 0;
krb5_error_code ret;
- set_progname(argv[0]);
+ setprogname(argv[0]);
ret = krb5_init_context(&context);
if (ret)
errx (1, "krb5_init_context failed: %d", ret);
@@ -145,20 +143,8 @@ main(int argc, char **argv)
argv += optind;
if(argc == 0)
usage(1);
- if(keytab_string) {
- ret = krb5_kt_resolve(context, keytab_string, &keytab);
- } else {
- if(krb5_kt_default_name (context, keytab_buf, sizeof(keytab_buf)))
- strlcpy (keytab_buf, "unknown", sizeof(keytab_buf));
- keytab_string = keytab_buf;
-
- ret = krb5_kt_default(context, &keytab);
- }
- if(ret)
- krb5_err(context, 1, ret, "resolving keytab");
ret = sl_command(cmds, argc, argv);
if(ret == -1)
krb5_warnx (context, "unrecognized command: %s", argv[0]);
- krb5_kt_close(context, keytab);
return ret;
}
diff --git a/crypto/heimdal/admin/ktutil.cat8 b/crypto/heimdal/admin/ktutil.cat8
new file mode 100644
index 0000000..f349f61
--- /dev/null
+++ b/crypto/heimdal/admin/ktutil.cat8
@@ -0,0 +1,71 @@
+
+KTUTIL(8) UNIX System Manager's Manual KTUTIL(8)
+
+NNAAMMEE
+ kkttuuttiill - manage Kerberos keytabs
+
+SSYYNNOOPPSSIISS
+ kkttuuttiill [--kk _k_e_y_t_a_b | ----kkeeyyttaabb==_k_e_y_t_a_b] [--vv | ----vveerrbboossee] [----vveerrssiioonn] [--hh |
+ ----hheellpp] _c_o_m_m_a_n_d [_a_r_g_s]
+
+DDEESSCCRRIIPPTTIIOONN
+ kkttuuttiill is a program for managing keytabs. _c_o_m_m_a_n_d can be one of the fol-
+ lowing:
+
+ add [--pp _p_r_i_n_c_i_p_a_l] [----pprriinncciippaall==_p_r_i_n_c_i_p_a_l] [--VV _k_v_n_o] [----kkvvnnoo==_k_v_n_o] [--ee
+ _e_n_c_y_p_e] [----eennccttyyppee==_e_n_c_t_y_p_e] [--ww _p_a_s_s_w_o_r_d] [----ppaasssswwoorrdd==_p_a_s_s_w_o_r_d]
+ [--rr] [----rraannddoomm] [--ss] [----nnoo--ssaalltt]
+ Adds a key to the keytab. Options that are not specified will be
+ prompted for.
+
+ change [--rr _r_e_a_l_m] [----rreeaallmm==_r_e_a_l_m] [----aa _h_o_s_t] [----aaddmmiinn--sseerrvveerr==_h_o_s_t] [----ss
+ _p_o_r_t] [----sseerrvveerr--ppoorrtt==_p_o_r_t]
+ Update one or several keys to new versions. By default, use the
+ admin server for the realm of an keytab entry. Otherwise it will
+ use the values specified by the options.
+
+ If no principals are given, all the ones in the keytab are updat-
+ ed.
+
+ copy _k_e_y_t_a_b_-_s_r_c _k_e_y_t_a_b_-_d_e_s_t
+ Copies all the entries from _k_e_y_t_a_b_-_s_r_c to _k_e_y_t_a_b_-_d_e_s_t.
+
+ get [--pp _a_d_m_i_n _p_r_i_n_c_i_p_a_l] [----pprriinncciippaall==_a_d_m_i_n _p_r_i_n_c_i_p_a_l] [--ee _e_n_c_t_y_p_e |
+ ----eennccttyyppeess==_e_n_c_t_y_p_e
+ sseerrvveerr==_a_d_m_i_n _s_e_r_v_e_r] [--ss _s_e_r_v_e_r _p_o_r_t] [----sseerrvveerr--ppoorrtt==_s_e_r_v_e_r _p_o_r_t]
+ _p_r_i_n_c_i_p_a_l ][--rr _r_e_a_l_m] [----rreeaallmm==_r_e_a_l_m] [--aa _a_d_m_i_n _s_e_r_v_e_r]
+ [----aaddmmiinn-- Get a key for pprriinncciippaall and store it in a keytab.
+
+ list [----kkeeyyss] [----ttiimmeessttaammpp]
+ List the keys stored in the keytab.
+
+ remove [--pp _p_r_i_n_c_i_p_a_l] [----pprriinncciippaall==_p_r_i_n_c_i_p_a_l] [--VV --kkvvnnoo] [----kkvvnnoo==_k_v_n_o]
+ [--ee --eennccttyyppee] [----eennccttyyppee==_e_n_c_t_y_p_e]
+ Removes the specified key or keys. Not specifying a _k_v_n_o removes
+ keys with any version number. Not specifying a _e_n_c_t_y_p_e removes
+ keys of any type.
+
+ purge [----aaggee==_a_g_e]
+ Removes all old entries (for which there is a newer version) that
+ are older than _a_g_e (default one week).
+
+ srvconvert
+
+ srv2keytab [--ss _s_r_v_t_a_b] [----ssrrvvttaabb==_s_r_v_t_a_b]
+ Converts the version 4 srvtab in _s_r_v_t_a_b to a version 5 keytab and
+ stores it in _k_e_y_t_a_b. Identical to:
+
+ ktutil copy krb4:_s_r_v_t_a_b _k_e_y_t_a_b
+
+ srvcreate
+
+ key2srvtab [--ss _s_r_v_t_a_b] [----ssrrvvttaabb==_s_r_v_t_a_b]
+ Converts the version 5 keytab in _k_e_y_t_a_b to a version 4 srvtab and
+ stores it in _s_r_v_t_a_b. Identical to:
+
+ ktutil copy _k_e_y_t_a_b krb4:_s_r_v_t_a_b
+
+SSEEEE AALLSSOO
+ kadmin(8)
+
+ HEIMDAL December 16, 2000 2
diff --git a/crypto/heimdal/admin/list.c b/crypto/heimdal/admin/list.c
index 04c1d78..3640e4f 100644
--- a/crypto/heimdal/admin/list.c
+++ b/crypto/heimdal/admin/list.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "ktutil_locl.h"
-RCSID("$Id: list.c,v 1.3 2000/06/29 08:21:40 joda Exp $");
+RCSID("$Id: list.c,v 1.8 2001/05/11 00:54:01 assar Exp $");
static int help_flag;
static int list_keys;
@@ -56,13 +56,13 @@ struct key_info {
struct key_info *next;
};
-int
-kt_list(int argc, char **argv)
+static int
+do_list(const char *keytab_string)
{
krb5_error_code ret;
- krb5_kt_cursor cursor;
+ krb5_keytab keytab;
krb5_keytab_entry entry;
- int optind = 0;
+ krb5_kt_cursor cursor;
struct key_info *ki, **kie = &ki, *kp;
int max_version = sizeof("Vno") - 1;
@@ -71,27 +71,30 @@ kt_list(int argc, char **argv)
int max_timestamp = sizeof("Date") - 1;
int max_key = sizeof("Key") - 1;
- if(verbose_flag)
- list_timestamp = 1;
-
- if(getarg(args, num_args, argc, argv, &optind)){
- arg_printusage(args, num_args, "ktutil list", "");
- return 1;
- }
- if(help_flag){
- arg_printusage(args, num_args, "ktutil list", "");
+ ret = krb5_kt_resolve(context, keytab_string, &keytab);
+ if (ret) {
+ krb5_warn(context, ret, "resolving keytab %s", keytab_string);
return 0;
}
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
if(ret){
krb5_warn(context, ret, "krb5_kt_start_seq_get %s", keytab_string);
- return 1;
+ goto out;
}
+
+ printf ("%s:\n\n", keytab_string);
+
while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){
#define CHECK_MAX(F) if(max_##F < strlen(kp->F)) max_##F = strlen(kp->F)
kp = malloc(sizeof(*kp));
+ if (kp == NULL) {
+ krb5_kt_free_entry(context, &entry);
+ krb5_kt_end_seq_get(context, keytab, &cursor);
+ krb5_warn(context, ret, "malloc failed");
+ goto out;
+ }
asprintf(&kp->version, "%d", entry.vno);
CHECK_MAX(version);
@@ -100,7 +103,7 @@ kt_list(int argc, char **argv)
if (ret != 0)
asprintf(&kp->etype, "unknown (%d)", entry.keyblock.keytype);
CHECK_MAX(etype);
- krb5_unparse_name_short(context, entry.principal, &kp->principal);
+ krb5_unparse_name(context, entry.principal, &kp->principal);
CHECK_MAX(principal);
if (list_timestamp) {
char tstamp[256];
@@ -159,5 +162,36 @@ kt_list(int argc, char **argv)
kp = kp->next;
free(ki);
}
+out:
+ krb5_kt_close(context, keytab);
+ return 0;
+}
+
+int
+kt_list(int argc, char **argv)
+{
+ int optind = 0;
+
+ if(verbose_flag)
+ list_timestamp = 1;
+
+ if(getarg(args, num_args, argc, argv, &optind)){
+ arg_printusage(args, num_args, "ktutil list", "");
+ return 1;
+ }
+ if(help_flag){
+ arg_printusage(args, num_args, "ktutil list", "");
+ return 0;
+ }
+
+ if (keytab_string == NULL) {
+ do_list("FILE:/etc/krb5.keytab");
+#ifdef KRB4
+ printf ("\n");
+ do_list("krb4:/etc/srvtab");
+#endif
+ } else {
+ do_list(keytab_string);
+ }
return 0;
}
diff --git a/crypto/heimdal/admin/purge.c b/crypto/heimdal/admin/purge.c
index 5e22de5..c99f3bf 100644
--- a/crypto/heimdal/admin/purge.c
+++ b/crypto/heimdal/admin/purge.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "ktutil_locl.h"
-RCSID("$Id: purge.c,v 1.3 2000/06/29 08:31:47 joda Exp $");
+RCSID("$Id: purge.c,v 1.5 2001/05/11 00:54:01 assar Exp $");
/*
* keep track of the highest version for every principal.
@@ -97,8 +97,9 @@ delete_list (struct e *head)
int
kt_purge(int argc, char **argv)
{
- krb5_error_code ret;
+ krb5_error_code ret = 0;
krb5_kt_cursor cursor;
+ krb5_keytab keytab;
krb5_keytab_entry entry;
int help_flag = 0;
char *age_str = "1 week";
@@ -117,26 +118,44 @@ kt_purge(int argc, char **argv)
args[i++].value = &help_flag;
if(getarg(args, num_args, argc, argv, &optind)) {
- arg_printusage(args, num_args, "ktutil remove", "");
- return 0;
+ arg_printusage(args, num_args, "ktutil purge", "");
+ return 1;
}
if(help_flag) {
- arg_printusage(args, num_args, "ktutil remove", "");
- return 0;
+ arg_printusage(args, num_args, "ktutil purge", "");
+ return 1;
}
age = parse_time(age_str, "s");
if(age < 0) {
krb5_warnx(context, "unparasable time `%s'", age_str);
- return 0;
+ return 1;
+ }
+
+ if (keytab_string == NULL) {
+ ret = krb5_kt_default_modify_name (context, keytab_buf,
+ sizeof(keytab_buf));
+ if (ret) {
+ krb5_warn(context, ret, "krb5_kt_default_modify_name");
+ return 1;
+ }
+ keytab_string = keytab_buf;
+ }
+ ret = krb5_kt_resolve(context, keytab_string, &keytab);
+ if (ret) {
+ krb5_warn(context, ret, "resolving keytab %s", keytab_string);
+ return 1;
}
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
if(ret){
krb5_warn(context, ret, "krb5_kt_start_seq_get %s", keytab_string);
- return 1;
+ goto out;
}
+ if (verbose_flag)
+ fprintf (stderr, "Using keytab %s\n", keytab_string);
+
while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) {
add_entry (entry.principal, entry.vno, &head);
krb5_kt_free_entry(context, &entry);
@@ -148,7 +167,7 @@ kt_purge(int argc, char **argv)
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
if(ret){
krb5_warn(context, ret, "krb5_kt_start_seq_get, %s", keytab_string);
- return 1;
+ goto out;
}
while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) {
@@ -178,5 +197,7 @@ kt_purge(int argc, char **argv)
delete_list (head);
- return 0;
+ out:
+ krb5_kt_close (context, keytab);
+ return ret != 0;
}
diff --git a/crypto/heimdal/admin/remove.c b/crypto/heimdal/admin/remove.c
index e19de0a..c6f64db 100644
--- a/crypto/heimdal/admin/remove.c
+++ b/crypto/heimdal/admin/remove.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,13 +33,14 @@
#include "ktutil_locl.h"
-RCSID("$Id: remove.c,v 1.1 2000/01/02 04:41:02 assar Exp $");
+RCSID("$Id: remove.c,v 1.2 2001/05/10 15:44:58 assar Exp $");
int
kt_remove(int argc, char **argv)
{
- krb5_error_code ret;
+ krb5_error_code ret = 0;
krb5_keytab_entry entry;
+ krb5_keytab keytab;
char *principal_string = NULL;
krb5_principal principal = NULL;
int kvno = 0;
@@ -61,7 +62,7 @@ kt_remove(int argc, char **argv)
args[i++].value = &help_flag;
if(getarg(args, num_args, argc, argv, &optind)) {
arg_printusage(args, num_args, "ktutil remove", "");
- return 0;
+ return 1;
}
if(help_flag) {
arg_printusage(args, num_args, "ktutil remove", "");
@@ -71,7 +72,7 @@ kt_remove(int argc, char **argv)
ret = krb5_parse_name(context, principal_string, &principal);
if(ret) {
krb5_warn(context, ret, "%s", principal_string);
- return 0;
+ return 1;
}
}
if(keytype_string) {
@@ -84,7 +85,7 @@ kt_remove(int argc, char **argv)
krb5_warn(context, ret, "%s", keytype_string);
if(principal)
krb5_free_principal(context, principal);
- return 0;
+ return 1;
}
}
}
@@ -92,12 +93,32 @@ kt_remove(int argc, char **argv)
krb5_warnx(context,
"You must give at least one of "
"principal, enctype or kvno.");
- return 0;
+ return 1;
}
+
+ if (keytab_string == NULL) {
+ ret = krb5_kt_default_modify_name (context, keytab_buf,
+ sizeof(keytab_buf));
+ if (ret) {
+ krb5_warn(context, ret, "krb5_kt_default_modify_name");
+ return 1;
+ }
+ keytab_string = keytab_buf;
+ }
+ ret = krb5_kt_resolve(context, keytab_string, &keytab);
+ if (ret) {
+ krb5_warn(context, ret, "resolving keytab %s", keytab_string);
+ return 1;
+ }
+
+ if (verbose_flag)
+ fprintf (stderr, "Using keytab %s\n", keytab_string);
+
entry.principal = principal;
entry.keyblock.keytype = enctype;
entry.vno = kvno;
ret = krb5_kt_remove_entry(context, keytab, &entry);
+ krb5_kt_close(context, keytab);
if(ret)
krb5_warn(context, ret, "remove");
if(principal)
OpenPOWER on IntegriCloud