summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/kadmin
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/kadmin')
-rw-r--r--crypto/heimdal/kadmin/ChangeLog43
-rw-r--r--crypto/heimdal/kadmin/Makefile.in16
-rw-r--r--crypto/heimdal/kadmin/add-random-users.c4
-rw-r--r--crypto/heimdal/kadmin/cpw.c6
-rw-r--r--crypto/heimdal/kadmin/del.c6
-rw-r--r--crypto/heimdal/kadmin/del_enctype.c6
-rw-r--r--crypto/heimdal/kadmin/ext.c7
-rw-r--r--crypto/heimdal/kadmin/get.c6
-rw-r--r--crypto/heimdal/kadmin/kadm_conn.c9
-rw-r--r--crypto/heimdal/kadmin/kadmin.841
-rw-r--r--crypto/heimdal/kadmin/kadmin.c18
-rw-r--r--crypto/heimdal/kadmin/kadmin.cat8123
-rw-r--r--crypto/heimdal/kadmin/kadmind.815
-rw-r--r--crypto/heimdal/kadmin/kadmind.c17
-rw-r--r--crypto/heimdal/kadmin/kadmind.cat893
-rw-r--r--crypto/heimdal/kadmin/load.c4
-rw-r--r--crypto/heimdal/kadmin/random_password.c19
-rw-r--r--crypto/heimdal/kadmin/rename.c6
-rw-r--r--crypto/heimdal/kadmin/util.c18
19 files changed, 376 insertions, 81 deletions
diff --git a/crypto/heimdal/kadmin/ChangeLog b/crypto/heimdal/kadmin/ChangeLog
index f28577c..ccc615e 100644
--- a/crypto/heimdal/kadmin/ChangeLog
+++ b/crypto/heimdal/kadmin/ChangeLog
@@ -1,3 +1,46 @@
+2001-05-17 Assar Westerlund <assar@sics.se>
+
+ * kadm_conn.c (start_server): fix krb5_eai_to_heim_errno call
+
+2001-05-15 Assar Westerlund <assar@sics.se>
+
+ * kadmin.c (main): some error cleaning required
+
+2001-05-14 Assar Westerlund <assar@sics.se>
+
+ * kadmind.c: new krb5_config_parse_file
+ * kadmin.c: new krb5_config_parse_file
+ * kadm_conn.c: update to new krb5_sockaddr2address
+
+2001-05-07 Assar Westerlund <assar@sics.se>
+
+ * kadmin_locl.h (foreach_principal): update prototype
+ * get.c (getit): new foreach_principal
+ * ext.c (ext_keytab): new foreach_principal
+ * del.c (del_entry): new foreach_principal
+ * cpw.c (cpw_entry): new foreach_principal
+ * util.c (foreach_principal): add `funcname' and try printing the
+ error string
+
+2001-05-04 Johan Danielsson <joda@pdc.kth.se>
+
+ * rename.c: fix argument number test
+
+2001-04-19 Johan Danielsson <joda@pdc.kth.se>
+
+ * del_enctype.c: fix argument count check after getarg change;
+ spotted by mark@MCS.VUW.AC.NZ
+
+2001-02-15 Assar Westerlund <assar@sics.se>
+
+ * kadmind.c (main): use a `struct sockaddr_storage' to be able to
+ store all types of addresses
+
+2001-02-07 Assar Westerlund <assar@sics.se>
+
+ * kadmin.c: add --keytab / _K, from Leif Johansson
+ <leifj@it.su.se>
+
2001-01-29 Assar Westerlund <assar@sics.se>
* kadm_conn.c (spawn_child): close the newly created socket in the
diff --git a/crypto/heimdal/kadmin/Makefile.in b/crypto/heimdal/kadmin/Makefile.in
index 1e84e56..dd2ec13 100644
--- a/crypto/heimdal/kadmin/Makefile.in
+++ b/crypto/heimdal/kadmin/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
CHECK_LOCAL = $(PROGRAMS)
sbin_PROGRAMS = kadmin
@@ -331,7 +334,7 @@ OBJECTS = $(am_add_random_users_OBJECTS) $(am_kadmin_OBJECTS) $(am_kadmind_OBJEC
all: all-redirect
.SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
cd $(top_srcdir) && $(AUTOMAKE) --foreign kadmin/Makefile
@@ -509,6 +512,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
|| etags $(ETAGS_ARGS) $$tags $$unique $(LISP)
+GTAGS:
+ here=`CDPATH=: && cd $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $$here
+
mostlyclean-tags:
clean-tags:
diff --git a/crypto/heimdal/kadmin/add-random-users.c b/crypto/heimdal/kadmin/add-random-users.c
index 24cde70..f0b7f4c 100644
--- a/crypto/heimdal/kadmin/add-random-users.c
+++ b/crypto/heimdal/kadmin/add-random-users.c
@@ -33,7 +33,7 @@
#include "kadmin_locl.h"
-RCSID("$Id: add-random-users.c,v 1.2 2000/12/31 07:43:39 assar Exp $");
+RCSID("$Id: add-random-users.c,v 1.3 2001/02/20 01:44:49 assar Exp $");
#define WORDS_FILENAME "/usr/share/dict/words"
@@ -146,7 +146,7 @@ main(int argc, char **argv)
{
int optind = 0;
- set_progname(argv[0]);
+ setprogname(argv[0]);
if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
usage(1);
if (help_flag)
diff --git a/crypto/heimdal/kadmin/cpw.c b/crypto/heimdal/kadmin/cpw.c
index 3abc1d1..06200d6 100644
--- a/crypto/heimdal/kadmin/cpw.c
+++ b/crypto/heimdal/kadmin/cpw.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "kadmin_locl.h"
-RCSID("$Id: cpw.c,v 1.11 2000/04/12 10:45:54 assar Exp $");
+RCSID("$Id: cpw.c,v 1.12 2001/05/07 05:30:23 assar Exp $");
struct cpw_entry_data {
int random_key;
@@ -202,7 +202,7 @@ cpw_entry(int argc, char **argv)
argv += optind;
for(i = 0; i < argc; i++)
- ret = foreach_principal(argv[i], do_cpw_entry, &data);
+ ret = foreach_principal(argv[i], do_cpw_entry, "cpw", &data);
if (data.key_data) {
int16_t dummy;
diff --git a/crypto/heimdal/kadmin/del.c b/crypto/heimdal/kadmin/del.c
index 9d7e91b..1697656 100644
--- a/crypto/heimdal/kadmin/del.c
+++ b/crypto/heimdal/kadmin/del.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 1998, 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "kadmin_locl.h"
-RCSID("$Id: del.c,v 1.5 2000/09/10 19:17:00 joda Exp $");
+RCSID("$Id: del.c,v 1.6 2001/05/07 05:30:50 assar Exp $");
static int
do_del_entry(krb5_principal principal, void *data)
@@ -75,6 +75,6 @@ del_entry(int argc, char **argv)
}
for(i = 1; i < argc; i++)
- ret = foreach_principal(argv[i], do_del_entry, NULL);
+ ret = foreach_principal(argv[i], do_del_entry, "del", NULL);
return 0;
}
diff --git a/crypto/heimdal/kadmin/del_enctype.c b/crypto/heimdal/kadmin/del_enctype.c
index 1333a4d..985cc84 100644
--- a/crypto/heimdal/kadmin/del_enctype.c
+++ b/crypto/heimdal/kadmin/del_enctype.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1999-2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1999-2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "kadmin_locl.h"
-RCSID("$Id: del_enctype.c,v 1.6 2000/09/10 19:17:23 joda Exp $");
+RCSID("$Id: del_enctype.c,v 1.7 2001/04/19 07:26:52 joda Exp $");
/*
* del_enctype principal enctypes...
@@ -73,7 +73,7 @@ del_enctype(int argc, char **argv)
usage ();
return 0;
}
- if(argc - optind < 3 || help_flag) {
+ if(argc - optind < 2 || help_flag) {
usage ();
return 0;
}
diff --git a/crypto/heimdal/kadmin/ext.c b/crypto/heimdal/kadmin/ext.c
index 9d2be17..6b3f3af 100644
--- a/crypto/heimdal/kadmin/ext.c
+++ b/crypto/heimdal/kadmin/ext.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "kadmin_locl.h"
-RCSID("$Id: ext.c,v 1.5 2000/01/02 03:58:02 assar Exp $");
+RCSID("$Id: ext.c,v 1.6 2001/05/07 05:31:12 assar Exp $");
struct ext_keytab_data {
krb5_keytab keytab;
@@ -107,10 +107,9 @@ ext_keytab(int argc, char **argv)
argv += optind;
for(i = 0; i < argc; i++)
- foreach_principal(argv[i], do_ext_keytab, &data);
+ foreach_principal(argv[i], do_ext_keytab, "ext", &data);
krb5_kt_close(context, data.keytab);
return 0;
}
-
diff --git a/crypto/heimdal/kadmin/get.c b/crypto/heimdal/kadmin/get.c
index 7ecea7c..30eea9d 100644
--- a/crypto/heimdal/kadmin/get.c
+++ b/crypto/heimdal/kadmin/get.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -34,7 +34,7 @@
#include "kadmin_locl.h"
#include <parse_units.h>
-RCSID("$Id: get.c,v 1.12 2000/12/15 14:24:24 joda Exp $");
+RCSID("$Id: get.c,v 1.13 2001/05/07 05:31:43 assar Exp $");
struct get_entry_data {
void (*header)(void);
@@ -270,7 +270,7 @@ getit(const char *name, int terse_flag, int argc, char **argv)
argv += optind;
for(i = 0; i < argc; i++)
- ret = foreach_principal(argv[i], do_get_entry, &data);
+ ret = foreach_principal(argv[i], do_get_entry, "get", &data);
return 0;
usage:
arg_printusage (args, num_args, name, "principal...");
diff --git a/crypto/heimdal/kadmin/kadm_conn.c b/crypto/heimdal/kadmin/kadm_conn.c
index 28bf177..3914822 100644
--- a/crypto/heimdal/kadmin/kadm_conn.c
+++ b/crypto/heimdal/kadmin/kadm_conn.c
@@ -36,7 +36,7 @@
#include <sys/wait.h>
#endif
-RCSID("$Id: kadm_conn.c,v 1.11 2001/01/29 08:43:01 assar Exp $");
+RCSID("$Id: kadm_conn.c,v 1.13 2001/05/16 22:06:44 assar Exp $");
struct kadm_port {
char *port;
@@ -137,14 +137,14 @@ spawn_child(krb5_context context, int *socks, int num_socks, int this_sock)
krb5_warn(context, errno, "accept");
return 1;
}
- e = krb5_sockaddr2address(sa, &addr);
+ e = krb5_sockaddr2address(context, sa, &addr);
if(e)
krb5_warn(context, e, "krb5_sockaddr2address");
else {
e = krb5_print_address (&addr, buf, sizeof(buf),
&buf_len);
if(e)
- krb5_warn(context, e, "krb5_sockaddr2address");
+ krb5_warn(context, e, "krb5_print_address");
else
krb5_warnx(context, "connection from %s", buf);
krb5_free_address(context, &addr);
@@ -243,7 +243,8 @@ start_server(krb5_context context)
}
if(e) {
- krb5_warn(context, krb5_eai_to_heim_errno(e), "%s", portstr);
+ krb5_warn(context, krb5_eai_to_heim_errno(e, errno),
+ "%s", portstr);
continue;
}
i = 0;
diff --git a/crypto/heimdal/kadmin/kadmin.8 b/crypto/heimdal/kadmin/kadmin.8
index fb23cfe..67072af 100644
--- a/crypto/heimdal/kadmin/kadmin.8
+++ b/crypto/heimdal/kadmin/kadmin.8
@@ -1,4 +1,4 @@
-.\" $Id: kadmin.8,v 1.2 2000/09/19 12:29:48 assar Exp $
+.\" $Id: kadmin.8,v 1.5 2001/06/08 21:27:57 joda Exp $
.\"
.Dd September 10, 2000
.Dt KADMIN 8
@@ -9,23 +9,33 @@
.Sh SYNOPSIS
.Nm
.Oo Fl p Ar string \*(Ba Xo
-.Fl -principal= Ns Ar string Oc
+.Fl -principal= Ns Ar string
+.Xc
+.Oc
+.Oo Fl K Ar string \*(Ba Xo
+.Fl -keytab= Ns Ar string
.Xc
+.Oc
.Oo Fl c Ar file \*(Ba Xo
-.Fl -config-file= Ns Ar file Oc
+.Fl -config-file= Ns Ar file
.Xc
+.Oc
.Oo Fl k Ar file \*(Ba Xo
-.Fl -key-file= Ns Ar file Oc
+.Fl -key-file= Ns Ar file
.Xc
+.Oc
.Oo Fl r Ar realm \*(Ba Xo
-.Fl -realm= Ns Ar realm Oc
+.Fl -realm= Ns Ar realm
.Xc
+.Oc
.Oo Fl a Ar host \*(Ba Xo
-.Fl -admin-server= Ns Ar host Oc
+.Fl -admin-server= Ns Ar host
.Xc
+.Oc
.Oo Fl s Ar port number \*(Ba Xo
-.Fl -server-port= Ns Ar port number Oc
+.Fl -server-port= Ns Ar port number
.Xc
+.Oc
.Op Fl l | Fl -local
.Op Fl h | Fl -help
.Op Fl v | Fl -version
@@ -47,6 +57,11 @@ Supported options:
.Xc
principal to authenticate as
.It Xo
+.Fl K Ar string Ns ,
+.Fl -keytab= Ns Ar string
+.Xc
+keytab for authentication pricipal
+.It Xo
.Fl c Ar file Ns ,
.Fl -config-file= Ns Ar file
.Xc
@@ -90,8 +105,9 @@ will prompt for commands to process. Commands include:
.Op Fl r | Fl -random-key
.Op Fl -random-password
.Oo Fl p Ar string \*(Ba Xo
-.Fl -password= Ns Ar string Oc
+.Fl -password= Ns Ar string
.Xc
+.Oc
.Op Fl -key= Ns Ar string
.Op Fl -max-ticket-life= Ns Ar lifetime
.Op Fl -max-renewable-life= Ns Ar lifetime
@@ -108,8 +124,9 @@ creates a new principal
.Op Fl r | Fl -random-key
.Op Fl -random-password
.Oo Fl p Ar string \*(Ba Xo
-.Fl -password= Ns Ar string Oc
+.Fl -password= Ns Ar string
.Xc
+.Oc
.Op Fl -key= Ns Ar string
.Ar principal...
.Pp
@@ -134,8 +151,9 @@ belonging to the principal is known to not handle certain enctypes
.Pp
.Nm ext_keytab
.Oo Fl k Ar string \*(Ba Xo
-.Fl -keytab= Ns Ar string Oc
+.Fl -keytab= Ns Ar string
.Xc
+.Oc
.Ar principal...
.Pp
.Bd -ragged -offset indent
@@ -163,8 +181,9 @@ renames a principal
.Pp
.Nm modify
.Oo Fl a Ar attributes \*(Ba Xo
-.Fl -attributes= Ns Ar attributes Oc
+.Fl -attributes= Ns Ar attributes
.Xc
+.Oc
.Op Fl -max-ticket-life= Ns Ar lifetime
.Op Fl -max-renewable-life= Ns Ar lifetime
.Op Fl -expiration-time= Ns Ar time
diff --git a/crypto/heimdal/kadmin/kadmin.c b/crypto/heimdal/kadmin/kadmin.c
index 5a21ffb..058187c 100644
--- a/crypto/heimdal/kadmin/kadmin.c
+++ b/crypto/heimdal/kadmin/kadmin.c
@@ -34,7 +34,7 @@
#include "kadmin_locl.h"
#include <sl.h>
-RCSID("$Id: kadmin.c,v 1.34 2001/01/26 22:20:52 joda Exp $");
+RCSID("$Id: kadmin.c,v 1.38 2001/05/15 06:34:35 assar Exp $");
static char *config_file;
static char *keyfile;
@@ -45,10 +45,13 @@ static char *realm;
static char *admin_server;
static int server_port = 0;
static char *client_name;
+static char *keytab;
static struct getargs args[] = {
{ "principal", 'p', arg_string, &client_name,
"principal to authenticate as" },
+ { "keytab", 'K', arg_string, &keytab,
+ "keytab for authentication pricipal" },
{
"config-file", 'c', arg_string, &config_file,
"location of config file", "file"
@@ -222,7 +225,7 @@ main(int argc, char **argv)
int optind = 0;
int e;
- set_progname(argv[0]);
+ setprogname(argv[0]);
ret = krb5_init_context(&context);
if (ret)
@@ -245,12 +248,13 @@ main(int argc, char **argv)
if (config_file == NULL)
config_file = HDB_DB_DIR "/kdc.conf";
- if(krb5_config_parse_file(config_file, &cf) == 0) {
+ if(krb5_config_parse_file(context, config_file, &cf) == 0) {
const char *p = krb5_config_get_string (context, cf,
"kdc", "key-file", NULL);
if (p)
keyfile = strdup(p);
}
+ krb5_clear_error_string (context);
memset(&conf, 0, sizeof(conf));
if(realm) {
@@ -278,6 +282,14 @@ main(int argc, char **argv)
&conf, 0, 0,
&kadm_handle);
actual_cmds = commands;
+ } else if (keytab) {
+ ret = kadm5_c_init_with_skey_ctx(context,
+ client_name,
+ keytab,
+ KADM5_ADMIN_SERVICE,
+ &conf, 0, 0,
+ &kadm_handle);
+ actual_cmds = commands + 4; /* XXX */
} else {
ret = kadm5_c_init_with_password_ctx(context,
client_name,
diff --git a/crypto/heimdal/kadmin/kadmin.cat8 b/crypto/heimdal/kadmin/kadmin.cat8
new file mode 100644
index 0000000..31885a7
--- /dev/null
+++ b/crypto/heimdal/kadmin/kadmin.cat8
@@ -0,0 +1,123 @@
+
+KADMIN(8) UNIX System Manager's Manual KADMIN(8)
+
+NNAAMMEE
+ kkaaddmmiinn - Kerberos administration utility
+
+SSYYNNOOPPSSIISS
+ kkaaddmmiinn [--pp _s_t_r_i_n_g | ----pprriinncciippaall==_s_t_r_i_n_g] [--KK _s_t_r_i_n_g | ----kkeeyyttaabb==_s_t_r_i_n_g] [--cc
+ _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e] [--rr _r_e_a_l_m |
+ ----rreeaallmm==_r_e_a_l_m] [--aa _h_o_s_t | ----aaddmmiinn--sseerrvveerr==_h_o_s_t] [--ss _p_o_r_t _n_u_m_b_e_r |
+ ----sseerrvveerr--ppoorrtt==_p_o_r_t _n_u_m_b_e_r] [--ll | ----llooccaall] [--hh | ----hheellpp] [--vv | ----vveerrssiioonn]
+ [_c_o_m_m_a_n_d]
+
+DDEESSCCRRIIPPTTIIOONN
+ The kkaaddmmiinn program is used to make modification to the Kerberos database,
+ either remotely via the kadmind(8) daemon, or locally (with the --ll op-
+ tion).
+
+ Supported options:
+
+ --pp _s_t_r_i_n_g, ----pprriinncciippaall==_s_t_r_i_n_g
+ principal to authenticate as
+
+ --KK _s_t_r_i_n_g, ----kkeeyyttaabb==_s_t_r_i_n_g
+ keytab for authentication pricipal
+
+ --cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e
+ location of config file
+
+ --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e
+ location of master key file
+
+ --rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m
+ realm to use
+
+ --aa _h_o_s_t, ----aaddmmiinn--sseerrvveerr==_h_o_s_t
+ server to contact
+
+ --ss _p_o_r_t _n_u_m_b_e_r, ----sseerrvveerr--ppoorrtt==_p_o_r_t _n_u_m_b_e_r
+ port to use
+
+ --ll, ----llooccaall
+ local admin mode
+
+ If no _c_o_m_m_a_n_d is given on the command line, kkaaddmmiinn will prompt for com-
+ mands to process. Commands include:
+
+ aadddd [--rr | ----rraannddoomm--kkeeyy] [----rraannddoomm--ppaasssswwoorrdd] [--pp _s_t_r_i_n_g |
+ ----ppaasssswwoorrdd==_s_t_r_i_n_g] [----kkeeyy==_s_t_r_i_n_g] [----mmaaxx--ttiicckkeett--lliiffee==_l_i_f_e_t_i_m_e]
+ [----mmaaxx--rreenneewwaabbllee--lliiffee==_l_i_f_e_t_i_m_e] [----aattttrriibbuutteess==_a_t_t_r_i_b_u_t_e_s]
+ [----eexxppiirraattiioonn--ttiimmee==_t_i_m_e] [----ppww--eexxppiirraattiioonn--ttiimmee==_t_i_m_e] _p_r_i_n_c_i_p_a_l_._._.
+
+ creates a new principal
+
+ ppaasssswwdd [--rr | ----rraannddoomm--kkeeyy] [----rraannddoomm--ppaasssswwoorrdd] [--pp _s_t_r_i_n_g |
+ ----ppaasssswwoorrdd==_s_t_r_i_n_g] [----kkeeyy==_s_t_r_i_n_g] _p_r_i_n_c_i_p_a_l_._._.
+
+ changes the password of an existing principal
+
+ ddeelleettee _p_r_i_n_c_i_p_a_l_._._.
+
+ removes a principal
+
+ ddeell__eennccttyyppee _p_r_i_n_c_i_p_a_l _e_n_c_t_y_p_e_s_._._.
+
+
+ removes some enctypes from a principal, this can be useful
+ the service belonging to the principal is known to not handle
+ certain enctypes
+
+ eexxtt__kkeeyyttaabb [--kk _s_t_r_i_n_g | ----kkeeyyttaabb==_s_t_r_i_n_g] _p_r_i_n_c_i_p_a_l_._._.
+
+ creates a keytab with the keys of the specified principals
+
+ ggeett [--ll | ----lloonngg] [--ss | ----sshhoorrtt] [--tt | ----tteerrssee] _e_x_p_r_e_s_s_i_o_n_._._.
+
+ lists the principals that match the expressions (which are
+ shell glob like), long format gives more information, and
+ terse just prints the names
+
+ rreennaammee _f_r_o_m _t_o
+
+ renames a principal
+
+ mmooddiiffyy [--aa _a_t_t_r_i_b_u_t_e_s | ----aattttrriibbuutteess==_a_t_t_r_i_b_u_t_e_s]
+ [----mmaaxx--ttiicckkeett--lliiffee==_l_i_f_e_t_i_m_e] [----mmaaxx--rreenneewwaabbllee--lliiffee==_l_i_f_e_t_i_m_e]
+ [----eexxppiirraattiioonn--ttiimmee==_t_i_m_e] [----ppww--eexxppiirraattiioonn--ttiimmee==_t_i_m_e]
+ [----kkvvnnoo==_n_u_m_b_e_r] _p_r_i_n_c_i_p_a_l
+
+ modifies certain attributes of a principal
+
+ pprriivviilleeggeess
+
+ lists the operations you are allowd to perform
+
+ When running in local mode, the following commands can also be used.
+
+ dduummpp [--dd | ----ddeeccrryypptt] [_d_u_m_p_-_f_i_l_e]
+
+ writes the database in ``human readable'' form to the speci-
+ fied file, or standard out
+
+ iinniitt [----rreeaallmm--mmaaxx--ttiicckkeett--lliiffee==_s_t_r_i_n_g]
+ [----rreeaallmm--mmaaxx--rreenneewwaabbllee--lliiffee==_s_t_r_i_n_g] _r_e_a_l_m
+
+ initialises the Kerberos database with entries for a new
+ realm, it's possible to have more than one realm served by
+ one server
+
+ llooaadd _f_i_l_e
+
+ reads a previously dumped database, and re-creates that
+ database from scratch
+
+ mmeerrggee _f_i_l_e
+
+ similar to lliisstt but just modifies the database with the en-
+ tries in the dump file
+
+SSEEEE AALLSSOO
+ kadmind(8), kdc(8)
+
+ HEIMDAL September 10, 2000 2
diff --git a/crypto/heimdal/kadmin/kadmind.8 b/crypto/heimdal/kadmin/kadmind.8
index 9b76683..928d12f 100644
--- a/crypto/heimdal/kadmin/kadmind.8
+++ b/crypto/heimdal/kadmin/kadmind.8
@@ -7,19 +7,23 @@
.Sh SYNOPSIS
.Nm
.Oo Fl c Ar file \*(Ba Xo
-.Fl -config-file= Ns Ar file Oc
+.Fl -config-file= Ns Ar file
.Xc
+.Oc
.Oo Fl k Ar file \*(Ba Xo
-.Fl -key-file= Ns Ar file Oc
+.Fl -key-file= Ns Ar file
.Xc
+.Oc
.Op Fl -keytab= Ns Ar keytab
.Oo Fl r Ar realm \*(Ba Xo
-.Fl -realm= Ns Ar realm Oc
+.Fl -realm= Ns Ar realm
.Xc
+.Oc
.Op Fl d | Fl -debug
.Oo Fl p Ar port \*(Ba Xo
-.Fl -ports= Ns Ar port Oc
+.Fl -ports= Ns Ar port
.Xc
+.Oc
.Sh DESCRIPTION
.Nm
listens for requests for changes to the Kerberos database and performs
@@ -40,7 +44,8 @@ but the
.Xr kpasswdd 8
daemon is responsible for the Kerberos 5 password changing protocol
(used by
-.Xr kpasswd 1 ).
+.Xr kpasswd 1 )
+.
.Pp
This daemon should only be run on ther master server, and not on any
slaves.
diff --git a/crypto/heimdal/kadmin/kadmind.c b/crypto/heimdal/kadmin/kadmind.c
index 7c1696b..c8fe8ec 100644
--- a/crypto/heimdal/kadmin/kadmind.c
+++ b/crypto/heimdal/kadmin/kadmind.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "kadmin_locl.h"
-RCSID("$Id: kadmind.c,v 1.24 2000/12/31 07:45:23 assar Exp $");
+RCSID("$Id: kadmind.c,v 1.27 2001/05/14 06:16:41 assar Exp $");
static char *check_library = NULL;
static char *check_function = NULL;
@@ -98,7 +98,7 @@ main(int argc, char **argv)
krb5_log_facility *logf;
krb5_keytab keytab;
- set_progname(argv[0]);
+ setprogname(argv[0]);
ret = krb5_init_context(&context);
if (ret)
@@ -128,7 +128,7 @@ main(int argc, char **argv)
if (config_file == NULL)
config_file = HDB_DB_DIR "/kdc.conf";
- if(krb5_config_parse_file(config_file, &cf) == 0) {
+ if(krb5_config_parse_file(context, config_file, &cf) == 0) {
const char *p = krb5_config_get_string (context, cf,
"kdc", "key-file", NULL);
if (p)
@@ -143,11 +143,12 @@ main(int argc, char **argv)
{
int fd = 0;
- struct sockaddr sa;
- socklen_t sa_size;
+ struct sockaddr_storage __ss;
+ struct sockaddr *sa = (struct sockaddr *)&__ss;
+ socklen_t sa_size = sizeof(__ss);
krb5_auth_context ac = NULL;
int debug_port;
- sa_size = sizeof(sa);
+
if(debug_flag) {
if(port_str == NULL)
debug_port = krb5_getportbyname (context, "kerberos-adm",
@@ -155,7 +156,7 @@ main(int argc, char **argv)
else
debug_port = htons(atoi(port_str));
mini_inetd(debug_port);
- } else if(roken_getsockname(STDIN_FILENO, &sa, &sa_size) < 0 &&
+ } else if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 &&
errno == ENOTSOCK) {
parse_ports(context, port_str ? port_str : "+");
pidfile(NULL);
diff --git a/crypto/heimdal/kadmin/kadmind.cat8 b/crypto/heimdal/kadmin/kadmind.cat8
new file mode 100644
index 0000000..c03ae18
--- /dev/null
+++ b/crypto/heimdal/kadmin/kadmind.cat8
@@ -0,0 +1,93 @@
+
+KADMIND(8) UNIX System Manager's Manual KADMIND(8)
+
+NNAAMMEE
+ kkaaddmmiinndd - server for administrative access to kerberos database
+
+SSYYNNOOPPSSIISS
+ kkaaddmmiinndd [--cc _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e]
+ [----kkeeyyttaabb==_k_e_y_t_a_b] [--rr _r_e_a_l_m | ----rreeaallmm==_r_e_a_l_m] [--dd | ----ddeebbuugg] [--pp _p_o_r_t |
+ ----ppoorrttss==_p_o_r_t]
+
+DDEESSCCRRIIPPTTIIOONN
+ kkaaddmmiinndd listens for requests for changes to the Kerberos database and
+ performs these, subject to permissions. When starting, if stdin is a
+ socket it assumes that it has been started by inetd(8), otherwise it be-
+ haves as a daemon, forking processes for each new connection. The ----ddeebbuugg
+ option causes kkaaddmmiinndd to accept exactly one connection, which is useful
+ for debugging.
+
+ If built with krb4 support, it implements both the Heimdal Kerberos 5 ad-
+ ministrative protocol and the Kerberos 4 protocol. Password changes via
+ the Kerberos 4 protocol are also performed by kkaaddmmiinndd, but the kpass-
+ wdd(8) daemon is responsible for the Kerberos 5 password changing proto-
+ col (used by kpasswd(1))
+
+ This daemon should only be run on ther master server, and not on any
+ slaves.
+
+ Principals are always allowed to change their own password and list their
+ own principals. Apart from that, doing any operation requires permission
+ explicitly added in the ACL file _/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l. The format of
+ this file is:
+
+ _p_r_i_n_c_i_p_a_l _r_i_g_h_t_s [_p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n]
+
+ Where rights is any combination of:
+
+ ++oo change-password | cpw
+
+ ++oo list
+
+ ++oo delete
+
+ ++oo modify
+
+ ++oo add
+
+ ++oo get
+
+ ++oo all
+
+ And the optional _p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n restricts the rights to principals
+ that match the glob-style pattern.
+
+ Supported options:
+
+ --cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e
+ location of config file
+
+ --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e
+ location of master key file
+
+ ----kkeeyyttaabb==_k_e_y_t_a_b
+
+
+ what keytab to use
+
+ --rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m
+ realm to use
+
+ --dd, ----ddeebbuugg
+ enable debugging
+
+ --pp _p_o_r_t, ----ppoorrttss==_p_o_r_t
+ ports to listen to. By default, if run as a daemon, it listen to
+ ports 749, and 751 (if built with Kerberos 4 support), but you
+ can add any number of ports with this option. The port string is
+ a whitespace separated list of port specifications, with the spe-
+ cial string ``+'' representing the default set of ports.
+
+FFIILLEESS
+ _/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l
+
+EEXXAAMMPPLLEESS
+ This will cause kadmind to listen to port 4711 in addition to any com-
+ piled in defaults:
+
+ # kadmind --ports="+ 4711" &
+
+SSEEEE AALLSSOO
+ kdc(8), kadmin(1), kpasswdd(8), kpasswd(1)
+
+ HEIMDAL June 7, 2000 2
diff --git a/crypto/heimdal/kadmin/load.c b/crypto/heimdal/kadmin/load.c
index c53a7ad..f117554 100644
--- a/crypto/heimdal/kadmin/load.c
+++ b/crypto/heimdal/kadmin/load.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -34,7 +34,7 @@
#include "kadmin_locl.h"
#include <kadm5/private.h>
-RCSID("$Id: load.c,v 1.40 2001/01/04 15:59:26 assar Exp $");
+RCSID("$Id: load.c,v 1.41 2001/02/20 01:44:49 assar Exp $");
struct entry {
char *principal;
diff --git a/crypto/heimdal/kadmin/random_password.c b/crypto/heimdal/kadmin/random_password.c
index aabe08c..92fb2fc 100644
--- a/crypto/heimdal/kadmin/random_password.c
+++ b/crypto/heimdal/kadmin/random_password.c
@@ -33,7 +33,7 @@
#include "kadmin_locl.h"
-RCSID("$Id: random_password.c,v 1.3 1999/12/02 17:04:58 joda Exp $");
+RCSID("$Id: random_password.c,v 1.4 2001/02/15 04:20:53 assar Exp $");
/* This file defines some a function that generates a random password,
that can be used when creating a large amount of principals (such
@@ -57,9 +57,9 @@ random_password(char *pw, size_t len)
{
#ifdef OTP_STYLE
{
- des_cblock newkey;
+ OtpKey newkey;
- des_new_random_key(&newkey);
+ krb5_generate_random_block(&newkey, sizeof(newkey));
otp_print_stddict (newkey, pw, len);
strlwr(pw);
}
@@ -80,11 +80,11 @@ random_password(char *pw, size_t len)
#ifndef OTP_STYLE
/* return a random value in range 0-127 */
static int
-RND(des_cblock *key, int *left)
+RND(unsigned char *key, int keylen, int *left)
{
if(*left == 0){
- des_new_random_key(key);
- *left = 8;
+ krb5_generate_random_block(key, keylen);
+ *left = keylen;
}
(*left)--;
return ((unsigned char*)key)[*left];
@@ -120,7 +120,7 @@ generate_password(char **pw, int num_classes, ...)
} *classes;
va_list ap;
int len, i;
- des_cblock rbuf; /* random buffer */
+ unsigned char rbuf[8]; /* random buffer */
int rleft = 0;
classes = malloc(num_classes * sizeof(*classes));
@@ -138,11 +138,12 @@ generate_password(char **pw, int num_classes, ...)
return;
for(i = 0; i < len; i++) {
int j;
- int x = RND(&rbuf, &rleft) % (len - i);
+ int x = RND(rbuf, sizeof(rbuf), &rleft) % (len - i);
int t = 0;
for(j = 0; j < num_classes; j++) {
if(x < t + classes[j].freq) {
- (*pw)[i] = classes[j].str[RND(&rbuf, &rleft) % classes[j].len];
+ (*pw)[i] = classes[j].str[RND(rbuf, sizeof(rbuf), &rleft)
+ % classes[j].len];
classes[j].freq--;
break;
}
diff --git a/crypto/heimdal/kadmin/rename.c b/crypto/heimdal/kadmin/rename.c
index 0ba2a58..ac5f4d6 100644
--- a/crypto/heimdal/kadmin/rename.c
+++ b/crypto/heimdal/kadmin/rename.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "kadmin_locl.h"
-RCSID("$Id: rename.c,v 1.3 2000/09/10 19:19:20 joda Exp $");
+RCSID("$Id: rename.c,v 1.4 2001/05/04 13:07:03 joda Exp $");
static struct getargs args[] = {
{ "help", 'h', arg_flag, NULL }
@@ -62,7 +62,7 @@ rename_entry(int argc, char **argv)
usage ();
return 0;
}
- if(argc - optind < 3 || help_flag) {
+ if(argc - optind != 2 || help_flag) {
usage ();
return 0;
}
diff --git a/crypto/heimdal/kadmin/util.c b/crypto/heimdal/kadmin/util.c
index 8d7abc3..4a5e1c0 100644
--- a/crypto/heimdal/kadmin/util.c
+++ b/crypto/heimdal/kadmin/util.c
@@ -34,7 +34,7 @@
#include "kadmin_locl.h"
#include <parse_units.h>
-RCSID("$Id: util.c,v 1.30 2001/01/11 23:07:29 assar Exp $");
+RCSID("$Id: util.c,v 1.32 2001/05/14 06:17:20 assar Exp $");
/*
* util.c - functions for parsing, unparsing, and editing different
@@ -461,6 +461,7 @@ is_expression(const char *string)
int
foreach_principal(const char *exp,
int (*func)(krb5_principal, void*),
+ const char *funcname,
void *data)
{
char **princs;
@@ -498,19 +499,8 @@ foreach_principal(const char *exp,
continue;
}
ret = (*func)(princ_ent, data);
- if(ret) {
- char *tmp;
- krb5_error_code ret2;
-
- ret2 = krb5_unparse_name(context, princ_ent, &tmp);
- if(ret2) {
- krb5_warn(context, ret2, "krb5_unparse_name");
- krb5_warn(context, ret, "<unknown principal>");
- } else {
- krb5_warn(context, ret, "%s", tmp);
- free(tmp);
- }
- }
+ if(ret)
+ krb5_warn(context, ret, "%s %s", funcname, princs[i]);
krb5_free_principal(context, princ_ent);
}
kadm5_free_name_list(kadm_handle, princs, &num_princs);
OpenPOWER on IntegriCloud