diff options
Diffstat (limited to 'crypto/heimdal/admin')
-rw-r--r-- | crypto/heimdal/admin/Makefile.in | 16 | ||||
-rw-r--r-- | crypto/heimdal/admin/add.c | 55 | ||||
-rw-r--r-- | crypto/heimdal/admin/change.c | 41 | ||||
-rw-r--r-- | crypto/heimdal/admin/copy.c | 23 | ||||
-rw-r--r-- | crypto/heimdal/admin/get.c | 99 | ||||
-rw-r--r-- | crypto/heimdal/admin/ktutil.8 | 6 | ||||
-rw-r--r-- | crypto/heimdal/admin/ktutil.c | 20 | ||||
-rw-r--r-- | crypto/heimdal/admin/ktutil.cat8 | 71 | ||||
-rw-r--r-- | crypto/heimdal/admin/list.c | 68 | ||||
-rw-r--r-- | crypto/heimdal/admin/purge.c | 43 | ||||
-rw-r--r-- | crypto/heimdal/admin/remove.c | 35 |
11 files changed, 363 insertions, 114 deletions
diff --git a/crypto/heimdal/admin/Makefile.in b/crypto/heimdal/admin/Makefile.in index 9c192ad..44df52e 100644 --- a/crypto/heimdal/admin/Makefile.in +++ b/crypto/heimdal/admin/Makefile.in @@ -1,6 +1,7 @@ -# Makefile.in generated automatically by automake 1.4a from Makefile.am +# Makefile.in generated automatically by automake 1.4b from Makefile.am -# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc. +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -119,7 +120,7 @@ install_sh = @install_sh@ # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ -# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $ +# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ AUTOMAKE_OPTIONS = foreign no-dependencies @@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la +@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la + CHECK_LOCAL = $(PROGRAMS) man_MANS = ktutil.8 @@ -254,7 +257,7 @@ OBJECTS = $(am_ktutil_OBJECTS) all: all-redirect .SUFFIXES: -.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x +.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common cd $(top_srcdir) && $(AUTOMAKE) --foreign admin/Makefile @@ -387,6 +390,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) +GTAGS: + here=`CDPATH=: && cd $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $$here + mostlyclean-tags: clean-tags: diff --git a/crypto/heimdal/admin/add.c b/crypto/heimdal/admin/add.c index 954b5f8..5ad6517 100644 --- a/crypto/heimdal/admin/add.c +++ b/crypto/heimdal/admin/add.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,12 +33,13 @@ #include "ktutil_locl.h" -RCSID("$Id: add.c,v 1.1 2000/01/02 04:41:00 assar Exp $"); +RCSID("$Id: add.c,v 1.2 2001/05/10 15:39:15 assar Exp $"); int kt_add(int argc, char **argv) { krb5_error_code ret; + krb5_keytab keytab; krb5_keytab_entry entry; char buf[128]; char *principal_string = NULL; @@ -71,30 +72,47 @@ kt_add(int argc, char **argv) if(getarg(args, num_args, argc, argv, &optind)) { arg_printusage(args, num_args, "ktutil add", ""); - return 0; + return 1; } if(help_flag) { arg_printusage(args, num_args, "ktutil add", ""); - return 0; + return 1; } + if (keytab_string == NULL) { + ret = krb5_kt_default_modify_name (context, keytab_buf, + sizeof(keytab_buf)); + if (ret) { + krb5_warn(context, ret, "krb5_kt_default_modify_name"); + return 1; + } + keytab_string = keytab_buf; + } + ret = krb5_kt_resolve(context, keytab_string, &keytab); + if (ret) { + krb5_warn(context, ret, "resolving keytab %s", keytab_string); + return 1; + } + + if (verbose_flag) + fprintf (stderr, "Using keytab %s\n", keytab_string); + + memset(&entry, 0, sizeof(entry)); if(principal_string == NULL) { printf("Principal: "); if (fgets(buf, sizeof(buf), stdin) == NULL) - return 0; + return 1; buf[strcspn(buf, "\r\n")] = '\0'; principal_string = buf; } ret = krb5_parse_name(context, principal_string, &entry.principal); if(ret) { krb5_warn(context, ret, "%s", principal_string); - return 0; + goto out; } if(enctype_string == NULL) { printf("Encryption type: "); - if (fgets(buf, sizeof(buf), stdin) == NULL) { - krb5_free_principal (context, entry.principal); - return 0; - } + if (fgets(buf, sizeof(buf), stdin) == NULL) + goto out; buf[strcspn(buf, "\r\n")] = '\0'; enctype_string = buf; } @@ -105,24 +123,19 @@ kt_add(int argc, char **argv) enctype = t; else { krb5_warn(context, ret, "%s", enctype_string); - krb5_free_principal(context, entry.principal); - return 0; + goto out; } } if(kvno == -1) { printf("Key version: "); - if (fgets(buf, sizeof(buf), stdin) == NULL) { - krb5_free_principal (context, entry.principal); - return 0; - } + if (fgets(buf, sizeof(buf), stdin) == NULL) + goto out; buf[strcspn(buf, "\r\n")] = '\0'; kvno = atoi(buf); } if(password_string == NULL && random_flag == 0) { - if(des_read_pw_string(buf, sizeof(buf), "Password: ", 1)) { - krb5_free_principal (context, entry.principal); - return 0; - } + if(des_read_pw_string(buf, sizeof(buf), "Password: ", 1)) + goto out; password_string = buf; } if(password_string) { @@ -150,6 +163,8 @@ kt_add(int argc, char **argv) ret = krb5_kt_add_entry(context, keytab, &entry); if(ret) krb5_warn(context, ret, "add"); + out: krb5_kt_free_entry(context, &entry); + krb5_kt_close(context, keytab); return 0; } diff --git a/crypto/heimdal/admin/change.c b/crypto/heimdal/admin/change.c index 128395a..c523dc4 100644 --- a/crypto/heimdal/admin/change.c +++ b/crypto/heimdal/admin/change.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,10 +33,11 @@ #include "ktutil_locl.h" -RCSID("$Id: change.c,v 1.2 2000/06/03 12:24:03 assar Exp $"); +RCSID("$Id: change.c,v 1.3 2001/05/10 15:40:07 assar Exp $"); static void -change_entry (krb5_context context, krb5_keytab_entry *entry, +change_entry (krb5_context context, krb5_keytab keytab, + krb5_keytab_entry *entry, const char *realm, const char *admin_server, int server_port) { krb5_error_code ret; @@ -49,7 +50,7 @@ change_entry (krb5_context context, krb5_keytab_entry *entry, ret = krb5_unparse_name (context, entry->principal, &client_name); if (ret) { - krb5_warn (context, ret, "kadm5_c_init_with_skey_ctx"); + krb5_warn (context, ret, "krb5_unparse_name"); return; } @@ -113,6 +114,7 @@ int kt_change (int argc, char **argv) { krb5_error_code ret; + krb5_keytab keytab; krb5_kt_cursor cursor; krb5_keytab_entry entry; char *realm = NULL; @@ -145,21 +147,39 @@ kt_change (int argc, char **argv) || help_flag) { arg_printusage(args, sizeof(args) / sizeof(args[0]), "ktutil change", "principal..."); - return 0; + return 1; } + if (keytab_string == NULL) { + ret = krb5_kt_default_modify_name (context, keytab_buf, + sizeof(keytab_buf)); + if (ret) { + krb5_warn(context, ret, "krb5_kt_default_modify_name"); + return 1; + } + keytab_string = keytab_buf; + } + ret = krb5_kt_resolve(context, keytab_string, &keytab); + if (ret) { + krb5_warn(context, ret, "resolving keytab %s", keytab_string); + return 1; + } + + if (verbose_flag) + fprintf (stderr, "Using keytab %s\n", keytab_string); + j = 0; max = 10; princs = malloc (max * sizeof(*princs)); if (princs == NULL) { krb5_warnx (context, "malloc: out of memory"); - return 1; + goto out; } ret = krb5_kt_start_seq_get(context, keytab, &cursor); if(ret){ krb5_warn(context, ret, "krb5_kt_start_seq_get %s", keytab_string); - return 1; + goto out; } while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) { @@ -174,7 +194,8 @@ kt_change (int argc, char **argv) continue; if (optind == argc) { - change_entry (context, &entry, realm, admin_server, server_port); + change_entry (context, keytab, &entry, realm, admin_server, + server_port); done = 1; } else { for (i = optind; i < argc; ++i) { @@ -186,7 +207,7 @@ kt_change (int argc, char **argv) continue; } if (krb5_principal_compare (context, princ, entry.principal)) { - change_entry (context, &entry, + change_entry (context, keytab, &entry, realm, admin_server, server_port); done = 1; } @@ -220,5 +241,7 @@ kt_change (int argc, char **argv) krb5_free_principal (context, princs[j]); free (princs); ret = krb5_kt_end_seq_get(context, keytab, &cursor); + out: + krb5_kt_close(context, keytab); return 0; } diff --git a/crypto/heimdal/admin/copy.c b/crypto/heimdal/admin/copy.c index d2b5069..a446d09 100644 --- a/crypto/heimdal/admin/copy.c +++ b/crypto/heimdal/admin/copy.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "ktutil_locl.h" -RCSID("$Id: copy.c,v 1.5 2000/12/16 00:45:29 joda Exp $"); +RCSID("$Id: copy.c,v 1.7 2001/05/11 00:54:01 assar Exp $"); static krb5_boolean @@ -57,22 +57,25 @@ kt_copy_int (const char *from, const char *to) ret = krb5_kt_resolve (context, from, &src_keytab); if (ret) { krb5_warn (context, ret, "resolving src keytab `%s'", from); - return 0; + return 1; } ret = krb5_kt_resolve (context, to, &dst_keytab); if (ret) { krb5_kt_close (context, src_keytab); krb5_warn (context, ret, "resolving dst keytab `%s'", to); - return 0; + return 1; } ret = krb5_kt_start_seq_get (context, src_keytab, &cursor); if (ret) { krb5_warn (context, ret, "krb5_kt_start_seq_get %s", keytab_string); - goto fail; + goto out; } + if (verbose_flag) + fprintf(stderr, "copying %s to %s\n", from, to); + while((ret = krb5_kt_next_entry(context, src_keytab, &entry, &cursor)) == 0) { char *name_str; @@ -121,7 +124,7 @@ kt_copy_int (const char *from, const char *to) } krb5_kt_end_seq_get (context, src_keytab, &cursor); - fail: + out: krb5_kt_close (context, src_keytab); krb5_kt_close (context, dst_keytab); return 0; @@ -146,12 +149,12 @@ kt_copy (int argc, char **argv) if(getarg(args, num_args, argc, argv, &optind)) { arg_printusage(args, num_args, "ktutil copy", "keytab-src keytab-dest"); - return 0; + return 1; } if (help_flag) { arg_printusage(args, num_args, "ktutil copy", "keytab-src keytab-dest"); - return 0; + return 1; } argv += optind; @@ -160,7 +163,7 @@ kt_copy (int argc, char **argv) if (argc != 2) { arg_printusage(args, num_args, "ktutil copy", "keytab-src keytab-dest"); - return 0; + return 1; } return kt_copy_int(argv[0], argv[1]); @@ -220,7 +223,7 @@ conv(int srvconv, int argc, char **argv) if(keytab_string != NULL) return kt_copy_int(kt4, keytab_string); else { - krb5_kt_default_name(context, kt5, sizeof(kt5)); + krb5_kt_default_modify_name(context, kt5, sizeof(kt5)); return kt_copy_int(kt4, kt5); } } else { diff --git a/crypto/heimdal/admin/get.c b/crypto/heimdal/admin/get.c index 5df72a1..c9d49dd 100644 --- a/crypto/heimdal/admin/get.c +++ b/crypto/heimdal/admin/get.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,14 +33,15 @@ #include "ktutil_locl.h" -RCSID("$Id: get.c,v 1.16 2000/12/31 02:51:43 assar Exp $"); +RCSID("$Id: get.c,v 1.18 2001/05/10 15:42:01 assar Exp $"); int kt_get(int argc, char **argv) { - krb5_error_code ret; + krb5_error_code ret = 0; + krb5_keytab keytab; kadm5_config_params conf; - void *kadm_handle; + void *kadm_handle = NULL; char *principal = NULL; char *realm = NULL; char *admin_server = NULL; @@ -48,11 +49,16 @@ kt_get(int argc, char **argv) int help_flag = 0; int optind = 0; int i, j; + struct getarg_strings etype_strs = {0, NULL}; + krb5_enctype *etypes = NULL; + size_t netypes = 0; struct getargs args[] = { { "principal", 'p', arg_string, NULL, "admin principal", "principal" }, + { "enctypes", 'e', arg_strings, NULL, + "encryption types to use", "enctypes" }, { "realm", 'r', arg_string, NULL, "realm to use", "realm" }, @@ -66,10 +72,11 @@ kt_get(int argc, char **argv) }; args[0].value = &principal; - args[1].value = &realm; - args[2].value = &admin_server; - args[3].value = &server_port; - args[4].value = &help_flag; + args[1].value = &etype_strs; + args[2].value = &realm; + args[3].value = &admin_server; + args[4].value = &server_port; + args[5].value = &help_flag; memset(&conf, 0, sizeof(conf)); @@ -77,9 +84,45 @@ kt_get(int argc, char **argv) || help_flag) { arg_printusage(args, sizeof(args) / sizeof(args[0]), "ktutil get", "principal..."); - return 0; + return 1; } + if (keytab_string == NULL) { + ret = krb5_kt_default_modify_name (context, keytab_buf, + sizeof(keytab_buf)); + if (ret) { + krb5_warn(context, ret, "krb5_kt_default_modify_name"); + return 1; + } + keytab_string = keytab_buf; + } + ret = krb5_kt_resolve(context, keytab_string, &keytab); + if (ret) { + krb5_warn(context, ret, "resolving keytab %s", keytab_string); + return 1; + } + + if (etype_strs.num_strings) { + int i; + + etypes = malloc (etype_strs.num_strings * sizeof(*etypes)); + if (etypes == NULL) { + krb5_warnx(context, "malloc failed"); + goto out; + } + netypes = etype_strs.num_strings; + for(i = 0; i < netypes; i++) { + ret = krb5_string_to_enctype(context, + etype_strs.strings[i], + &etypes[i]); + if(ret) { + krb5_warnx(context, "unrecognized enctype: %s", + etype_strs.strings[i]); + goto out; + } + } + } + if(realm) { krb5_set_default_realm(context, realm); /* XXX should be fixed some other way */ @@ -105,10 +148,9 @@ kt_get(int argc, char **argv) &kadm_handle); if(ret) { krb5_warn(context, ret, "kadm5_init_with_password"); - return 0; + goto out; } - for(i = optind; i < argc; i++){ krb5_principal princ_ent; kadm5_principal_ent_rec princ; @@ -166,17 +208,38 @@ kt_get(int argc, char **argv) continue; } for(j = 0; j < n_keys; j++) { - entry.principal = princ_ent; - entry.vno = princ.kvno; - entry.keyblock = keys[j]; - entry.timestamp = time (NULL); - ret = krb5_kt_add_entry(context, keytab, &entry); + int do_add = TRUE; + + if (netypes) { + int i; + + do_add = FALSE; + for (i = 0; i < netypes; ++i) + if (keys[j].keytype == etypes[i]) { + do_add = TRUE; + break; + } + } + if (do_add) { + entry.principal = princ_ent; + entry.vno = princ.kvno; + entry.keyblock = keys[j]; + entry.timestamp = time (NULL); + ret = krb5_kt_add_entry(context, keytab, &entry); + if (ret) + krb5_warn(context, ret, "krb5_kt_add_entry"); + } krb5_free_keyblock_contents(context, &keys[j]); } kadm5_free_principal_ent(kadm_handle, &princ); krb5_free_principal(context, princ_ent); } - kadm5_destroy(kadm_handle); - return 0; + out: + free_getarg_strings(&etype_strs); + free(etypes); + if (kadm_handle) + kadm5_destroy(kadm_handle); + krb5_kt_close(context, keytab); + return ret != 0; } diff --git a/crypto/heimdal/admin/ktutil.8 b/crypto/heimdal/admin/ktutil.8 index b862258..48095c4 100644 --- a/crypto/heimdal/admin/ktutil.8 +++ b/crypto/heimdal/admin/ktutil.8 @@ -1,4 +1,4 @@ -.\" $Id: ktutil.8,v 1.9 2000/12/16 00:58:49 joda Exp $ +.\" $Id: ktutil.8,v 1.12 2001/06/08 21:35:31 joda Exp $ .\" .Dd December 16, 2000 .Dt KTUTIL 8 @@ -63,6 +63,10 @@ to .It get Xo .Op Fl p Ar admin principal .Op Fl -principal= Ns Ar admin principal +.Oo Fl e Ar enctype \*(Ba Xo +.Fl -enctypes= Ns Ar enctype +.Xc +.Oc .Op Fl r Ar realm .Op Fl -realm= Ns Ar realm .Op Fl a Ar admin server diff --git a/crypto/heimdal/admin/ktutil.c b/crypto/heimdal/admin/ktutil.c index 35ca1c9..36f7cd8 100644 --- a/crypto/heimdal/admin/ktutil.c +++ b/crypto/heimdal/admin/ktutil.c @@ -34,14 +34,13 @@ #include "ktutil_locl.h" #include <err.h> -RCSID("$Id: ktutil.c,v 1.30 2001/01/25 12:44:37 assar Exp $"); +RCSID("$Id: ktutil.c,v 1.33 2001/05/10 16:04:27 assar Exp $"); static int help_flag; static int version_flag; int verbose_flag; char *keytab_string; - -static char keytab_buf[256]; +char keytab_buf[256]; static int help(int argc, char **argv); @@ -108,7 +107,6 @@ static struct getargs args[] = { static int num_args = sizeof(args) / sizeof(args[0]); krb5_context context; -krb5_keytab keytab; static int help(int argc, char **argv) @@ -129,7 +127,7 @@ main(int argc, char **argv) { int optind = 0; krb5_error_code ret; - set_progname(argv[0]); + setprogname(argv[0]); ret = krb5_init_context(&context); if (ret) errx (1, "krb5_init_context failed: %d", ret); @@ -145,20 +143,8 @@ main(int argc, char **argv) argv += optind; if(argc == 0) usage(1); - if(keytab_string) { - ret = krb5_kt_resolve(context, keytab_string, &keytab); - } else { - if(krb5_kt_default_name (context, keytab_buf, sizeof(keytab_buf))) - strlcpy (keytab_buf, "unknown", sizeof(keytab_buf)); - keytab_string = keytab_buf; - - ret = krb5_kt_default(context, &keytab); - } - if(ret) - krb5_err(context, 1, ret, "resolving keytab"); ret = sl_command(cmds, argc, argv); if(ret == -1) krb5_warnx (context, "unrecognized command: %s", argv[0]); - krb5_kt_close(context, keytab); return ret; } diff --git a/crypto/heimdal/admin/ktutil.cat8 b/crypto/heimdal/admin/ktutil.cat8 new file mode 100644 index 0000000..f349f61 --- /dev/null +++ b/crypto/heimdal/admin/ktutil.cat8 @@ -0,0 +1,71 @@ + +KTUTIL(8) UNIX System Manager's Manual KTUTIL(8) + +NNAAMMEE + kkttuuttiill - manage Kerberos keytabs + +SSYYNNOOPPSSIISS + kkttuuttiill [--kk _k_e_y_t_a_b | ----kkeeyyttaabb==_k_e_y_t_a_b] [--vv | ----vveerrbboossee] [----vveerrssiioonn] [--hh | + ----hheellpp] _c_o_m_m_a_n_d [_a_r_g_s] + +DDEESSCCRRIIPPTTIIOONN + kkttuuttiill is a program for managing keytabs. _c_o_m_m_a_n_d can be one of the fol- + lowing: + + add [--pp _p_r_i_n_c_i_p_a_l] [----pprriinncciippaall==_p_r_i_n_c_i_p_a_l] [--VV _k_v_n_o] [----kkvvnnoo==_k_v_n_o] [--ee + _e_n_c_y_p_e] [----eennccttyyppee==_e_n_c_t_y_p_e] [--ww _p_a_s_s_w_o_r_d] [----ppaasssswwoorrdd==_p_a_s_s_w_o_r_d] + [--rr] [----rraannddoomm] [--ss] [----nnoo--ssaalltt] + Adds a key to the keytab. Options that are not specified will be + prompted for. + + change [--rr _r_e_a_l_m] [----rreeaallmm==_r_e_a_l_m] [----aa _h_o_s_t] [----aaddmmiinn--sseerrvveerr==_h_o_s_t] [----ss + _p_o_r_t] [----sseerrvveerr--ppoorrtt==_p_o_r_t] + Update one or several keys to new versions. By default, use the + admin server for the realm of an keytab entry. Otherwise it will + use the values specified by the options. + + If no principals are given, all the ones in the keytab are updat- + ed. + + copy _k_e_y_t_a_b_-_s_r_c _k_e_y_t_a_b_-_d_e_s_t + Copies all the entries from _k_e_y_t_a_b_-_s_r_c to _k_e_y_t_a_b_-_d_e_s_t. + + get [--pp _a_d_m_i_n _p_r_i_n_c_i_p_a_l] [----pprriinncciippaall==_a_d_m_i_n _p_r_i_n_c_i_p_a_l] [--ee _e_n_c_t_y_p_e | + ----eennccttyyppeess==_e_n_c_t_y_p_e + sseerrvveerr==_a_d_m_i_n _s_e_r_v_e_r] [--ss _s_e_r_v_e_r _p_o_r_t] [----sseerrvveerr--ppoorrtt==_s_e_r_v_e_r _p_o_r_t] + _p_r_i_n_c_i_p_a_l ][--rr _r_e_a_l_m] [----rreeaallmm==_r_e_a_l_m] [--aa _a_d_m_i_n _s_e_r_v_e_r] + [----aaddmmiinn-- Get a key for pprriinncciippaall and store it in a keytab. + + list [----kkeeyyss] [----ttiimmeessttaammpp] + List the keys stored in the keytab. + + remove [--pp _p_r_i_n_c_i_p_a_l] [----pprriinncciippaall==_p_r_i_n_c_i_p_a_l] [--VV --kkvvnnoo] [----kkvvnnoo==_k_v_n_o] + [--ee --eennccttyyppee] [----eennccttyyppee==_e_n_c_t_y_p_e] + Removes the specified key or keys. Not specifying a _k_v_n_o removes + keys with any version number. Not specifying a _e_n_c_t_y_p_e removes + keys of any type. + + purge [----aaggee==_a_g_e] + Removes all old entries (for which there is a newer version) that + are older than _a_g_e (default one week). + + srvconvert + + srv2keytab [--ss _s_r_v_t_a_b] [----ssrrvvttaabb==_s_r_v_t_a_b] + Converts the version 4 srvtab in _s_r_v_t_a_b to a version 5 keytab and + stores it in _k_e_y_t_a_b. Identical to: + + ktutil copy krb4:_s_r_v_t_a_b _k_e_y_t_a_b + + srvcreate + + key2srvtab [--ss _s_r_v_t_a_b] [----ssrrvvttaabb==_s_r_v_t_a_b] + Converts the version 5 keytab in _k_e_y_t_a_b to a version 4 srvtab and + stores it in _s_r_v_t_a_b. Identical to: + + ktutil copy _k_e_y_t_a_b krb4:_s_r_v_t_a_b + +SSEEEE AALLSSOO + kadmin(8) + + HEIMDAL December 16, 2000 2 diff --git a/crypto/heimdal/admin/list.c b/crypto/heimdal/admin/list.c index 04c1d78..3640e4f 100644 --- a/crypto/heimdal/admin/list.c +++ b/crypto/heimdal/admin/list.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "ktutil_locl.h" -RCSID("$Id: list.c,v 1.3 2000/06/29 08:21:40 joda Exp $"); +RCSID("$Id: list.c,v 1.8 2001/05/11 00:54:01 assar Exp $"); static int help_flag; static int list_keys; @@ -56,13 +56,13 @@ struct key_info { struct key_info *next; }; -int -kt_list(int argc, char **argv) +static int +do_list(const char *keytab_string) { krb5_error_code ret; - krb5_kt_cursor cursor; + krb5_keytab keytab; krb5_keytab_entry entry; - int optind = 0; + krb5_kt_cursor cursor; struct key_info *ki, **kie = &ki, *kp; int max_version = sizeof("Vno") - 1; @@ -71,27 +71,30 @@ kt_list(int argc, char **argv) int max_timestamp = sizeof("Date") - 1; int max_key = sizeof("Key") - 1; - if(verbose_flag) - list_timestamp = 1; - - if(getarg(args, num_args, argc, argv, &optind)){ - arg_printusage(args, num_args, "ktutil list", ""); - return 1; - } - if(help_flag){ - arg_printusage(args, num_args, "ktutil list", ""); + ret = krb5_kt_resolve(context, keytab_string, &keytab); + if (ret) { + krb5_warn(context, ret, "resolving keytab %s", keytab_string); return 0; } ret = krb5_kt_start_seq_get(context, keytab, &cursor); if(ret){ krb5_warn(context, ret, "krb5_kt_start_seq_get %s", keytab_string); - return 1; + goto out; } + + printf ("%s:\n\n", keytab_string); + while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){ #define CHECK_MAX(F) if(max_##F < strlen(kp->F)) max_##F = strlen(kp->F) kp = malloc(sizeof(*kp)); + if (kp == NULL) { + krb5_kt_free_entry(context, &entry); + krb5_kt_end_seq_get(context, keytab, &cursor); + krb5_warn(context, ret, "malloc failed"); + goto out; + } asprintf(&kp->version, "%d", entry.vno); CHECK_MAX(version); @@ -100,7 +103,7 @@ kt_list(int argc, char **argv) if (ret != 0) asprintf(&kp->etype, "unknown (%d)", entry.keyblock.keytype); CHECK_MAX(etype); - krb5_unparse_name_short(context, entry.principal, &kp->principal); + krb5_unparse_name(context, entry.principal, &kp->principal); CHECK_MAX(principal); if (list_timestamp) { char tstamp[256]; @@ -159,5 +162,36 @@ kt_list(int argc, char **argv) kp = kp->next; free(ki); } +out: + krb5_kt_close(context, keytab); + return 0; +} + +int +kt_list(int argc, char **argv) +{ + int optind = 0; + + if(verbose_flag) + list_timestamp = 1; + + if(getarg(args, num_args, argc, argv, &optind)){ + arg_printusage(args, num_args, "ktutil list", ""); + return 1; + } + if(help_flag){ + arg_printusage(args, num_args, "ktutil list", ""); + return 0; + } + + if (keytab_string == NULL) { + do_list("FILE:/etc/krb5.keytab"); +#ifdef KRB4 + printf ("\n"); + do_list("krb4:/etc/srvtab"); +#endif + } else { + do_list(keytab_string); + } return 0; } diff --git a/crypto/heimdal/admin/purge.c b/crypto/heimdal/admin/purge.c index 5e22de5..c99f3bf 100644 --- a/crypto/heimdal/admin/purge.c +++ b/crypto/heimdal/admin/purge.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "ktutil_locl.h" -RCSID("$Id: purge.c,v 1.3 2000/06/29 08:31:47 joda Exp $"); +RCSID("$Id: purge.c,v 1.5 2001/05/11 00:54:01 assar Exp $"); /* * keep track of the highest version for every principal. @@ -97,8 +97,9 @@ delete_list (struct e *head) int kt_purge(int argc, char **argv) { - krb5_error_code ret; + krb5_error_code ret = 0; krb5_kt_cursor cursor; + krb5_keytab keytab; krb5_keytab_entry entry; int help_flag = 0; char *age_str = "1 week"; @@ -117,26 +118,44 @@ kt_purge(int argc, char **argv) args[i++].value = &help_flag; if(getarg(args, num_args, argc, argv, &optind)) { - arg_printusage(args, num_args, "ktutil remove", ""); - return 0; + arg_printusage(args, num_args, "ktutil purge", ""); + return 1; } if(help_flag) { - arg_printusage(args, num_args, "ktutil remove", ""); - return 0; + arg_printusage(args, num_args, "ktutil purge", ""); + return 1; } age = parse_time(age_str, "s"); if(age < 0) { krb5_warnx(context, "unparasable time `%s'", age_str); - return 0; + return 1; + } + + if (keytab_string == NULL) { + ret = krb5_kt_default_modify_name (context, keytab_buf, + sizeof(keytab_buf)); + if (ret) { + krb5_warn(context, ret, "krb5_kt_default_modify_name"); + return 1; + } + keytab_string = keytab_buf; + } + ret = krb5_kt_resolve(context, keytab_string, &keytab); + if (ret) { + krb5_warn(context, ret, "resolving keytab %s", keytab_string); + return 1; } ret = krb5_kt_start_seq_get(context, keytab, &cursor); if(ret){ krb5_warn(context, ret, "krb5_kt_start_seq_get %s", keytab_string); - return 1; + goto out; } + if (verbose_flag) + fprintf (stderr, "Using keytab %s\n", keytab_string); + while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) { add_entry (entry.principal, entry.vno, &head); krb5_kt_free_entry(context, &entry); @@ -148,7 +167,7 @@ kt_purge(int argc, char **argv) ret = krb5_kt_start_seq_get(context, keytab, &cursor); if(ret){ krb5_warn(context, ret, "krb5_kt_start_seq_get, %s", keytab_string); - return 1; + goto out; } while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) { @@ -178,5 +197,7 @@ kt_purge(int argc, char **argv) delete_list (head); - return 0; + out: + krb5_kt_close (context, keytab); + return ret != 0; } diff --git a/crypto/heimdal/admin/remove.c b/crypto/heimdal/admin/remove.c index e19de0a..c6f64db 100644 --- a/crypto/heimdal/admin/remove.c +++ b/crypto/heimdal/admin/remove.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,13 +33,14 @@ #include "ktutil_locl.h" -RCSID("$Id: remove.c,v 1.1 2000/01/02 04:41:02 assar Exp $"); +RCSID("$Id: remove.c,v 1.2 2001/05/10 15:44:58 assar Exp $"); int kt_remove(int argc, char **argv) { - krb5_error_code ret; + krb5_error_code ret = 0; krb5_keytab_entry entry; + krb5_keytab keytab; char *principal_string = NULL; krb5_principal principal = NULL; int kvno = 0; @@ -61,7 +62,7 @@ kt_remove(int argc, char **argv) args[i++].value = &help_flag; if(getarg(args, num_args, argc, argv, &optind)) { arg_printusage(args, num_args, "ktutil remove", ""); - return 0; + return 1; } if(help_flag) { arg_printusage(args, num_args, "ktutil remove", ""); @@ -71,7 +72,7 @@ kt_remove(int argc, char **argv) ret = krb5_parse_name(context, principal_string, &principal); if(ret) { krb5_warn(context, ret, "%s", principal_string); - return 0; + return 1; } } if(keytype_string) { @@ -84,7 +85,7 @@ kt_remove(int argc, char **argv) krb5_warn(context, ret, "%s", keytype_string); if(principal) krb5_free_principal(context, principal); - return 0; + return 1; } } } @@ -92,12 +93,32 @@ kt_remove(int argc, char **argv) krb5_warnx(context, "You must give at least one of " "principal, enctype or kvno."); - return 0; + return 1; } + + if (keytab_string == NULL) { + ret = krb5_kt_default_modify_name (context, keytab_buf, + sizeof(keytab_buf)); + if (ret) { + krb5_warn(context, ret, "krb5_kt_default_modify_name"); + return 1; + } + keytab_string = keytab_buf; + } + ret = krb5_kt_resolve(context, keytab_string, &keytab); + if (ret) { + krb5_warn(context, ret, "resolving keytab %s", keytab_string); + return 1; + } + + if (verbose_flag) + fprintf (stderr, "Using keytab %s\n", keytab_string); + entry.principal = principal; entry.keyblock.keytype = enctype; entry.vno = kvno; ret = krb5_kt_remove_entry(context, keytab, &entry); + krb5_kt_close(context, keytab); if(ret) krb5_warn(context, ret, "remove"); if(principal) |