diff options
Diffstat (limited to 'admin')
| -rw-r--r-- | admin/ChangeLog | 70 | ||||
| -rw-r--r-- | admin/Makefile.am | 44 | ||||
| -rw-r--r-- | admin/Makefile.in | 867 | ||||
| -rw-r--r-- | admin/add.c | 157 | ||||
| -rw-r--r-- | admin/change.c | 252 | ||||
| -rw-r--r-- | admin/copy.c | 175 | ||||
| -rw-r--r-- | admin/get.c | 238 | ||||
| -rw-r--r-- | admin/ktutil-commands.in | 266 | ||||
| -rw-r--r-- | admin/ktutil.8 | 196 | ||||
| -rw-r--r-- | admin/ktutil.c | 174 | ||||
| -rw-r--r-- | admin/ktutil_locl.h | 75 | ||||
| -rw-r--r-- | admin/list.c | 157 | ||||
| -rw-r--r-- | admin/purge.c | 172 | ||||
| -rw-r--r-- | admin/remove.c | 93 | ||||
| -rw-r--r-- | admin/rename.c | 111 |
15 files changed, 3047 insertions, 0 deletions
diff --git a/admin/ChangeLog b/admin/ChangeLog new file mode 100644 index 0000000000000..6587240f60cdb --- /dev/null +++ b/admin/ChangeLog @@ -0,0 +1,70 @@ +2006-10-07 Love Hörnquist Åstrand <lha@it.su.se> + + * Makefile.am: Add man_MANS to EXTRA_DIST + + * Makefile.am: split build files into dist_ and noinst_ SOURCES + +2005-07-07 Love Hörnquist Åstrand <lha@it.su.se> + + * ktutil.c: rename optind to optidx + + * list.c: make a copy of realm and admin_server to avoid + un-consting avoid shadowing + + * get.c: make a copy of realm and admin_server to avoid + un-consting avoid shadowing + + * change.c (change_entry): just use global context to avoid + shadowing; make a copy of realm and admin_server to avoid + un-consting. + +2005-05-19 Love Hörnquist Åstrand <lha@it.su.se> + + * change.c (kt_change): plug memory leak from + krb5_kt_remove_entry, print principal on error. + +2005-05-02 Dave Love <d.love@dl.ac.uk> + + * ktutil.c (help): Don't use non-constant initializer for `fake'. + +2005-04-15 Love Hörnquist Åstrand <lha@it.su.se> + + * ktutil_locl.h: include <hex.h> + +2005-04-14 Love Hörnquist Åstrand <lha@it.su.se> + + * add.c: add option -H --hex to the add command + + * ktutil-commands.in: add option -H --hex to the add command + + * ktutil.8: document option -H --hex to the add command + +2004-09-29 Love Hörnquist Åstrand <lha@it.su.se> + + * list.c: un c99'ify, from Anders.Magnusson@ltu.se + +2004-09-23 Johan Danielsson <joda@pdc.kth.se> + + * purge.c: convert to slc; don't purge keys older that a certain + time, instead purge keys that have newer versions that are at + least a certain age + + * rename.c: convert to slc + + * remove.c: convert to slc + + * get.c: convert to slc; warn if resetting disallow-all-tix + + * copy.c: convert to slc + + * change.c: convert to slc + + * add.c: convert to slc + + * list.c: convert to slc + + * ktutil_locl.h: convert to slc + + * ktutil.c: convert to slc + + * ktutil-commands.in: slc source file diff --git a/admin/Makefile.am b/admin/Makefile.am new file mode 100644 index 0000000000000..8c679e1d46356 --- /dev/null +++ b/admin/Makefile.am @@ -0,0 +1,44 @@ +# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ + +include $(top_srcdir)/Makefile.am.common + +AM_CPPFLAGS += $(INCLUDE_readline) $(INCLUDE_hcrypto) + +SLC = $(top_builddir)/lib/sl/slc + +man_MANS = ktutil.8 + +sbin_PROGRAMS = ktutil + +dist_ktutil_SOURCES = \ + add.c \ + change.c \ + copy.c \ + get.c \ + ktutil.c \ + ktutil_locl.h \ + list.c \ + purge.c \ + remove.c \ + rename.c + +nodist_ktutil_SOURCES = \ + ktutil-commands.c + +$(ktutil_OBJECTS): ktutil-commands.h + +CLEANFILES = ktutil-commands.h ktutil-commands.c + +ktutil-commands.c ktutil-commands.h: ktutil-commands.in + $(SLC) $(srcdir)/ktutil-commands.in + +LDADD = \ + $(top_builddir)/lib/kadm5/libkadm5clnt.la \ + $(top_builddir)/lib/krb5/libkrb5.la \ + $(LIB_hcrypto) \ + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/sl/libsl.la \ + $(LIB_readline) \ + $(LIB_roken) + +EXTRA_DIST = $(man_MANS) ktutil-commands.in diff --git a/admin/Makefile.in b/admin/Makefile.in new file mode 100644 index 0000000000000..b8fc3fd728a7f --- /dev/null +++ b/admin/Makefile.in @@ -0,0 +1,867 @@ +# Makefile.in generated by automake 1.10 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ + +# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ + +# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + $(top_srcdir)/Makefile.am.common \ + $(top_srcdir)/cf/Makefile.am.common ChangeLog +sbin_PROGRAMS = ktutil$(EXEEXT) +subdir = admin +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ + $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/broken-getaddrinfo.m4 \ + $(top_srcdir)/cf/broken-glob.m4 \ + $(top_srcdir)/cf/broken-realloc.m4 \ + $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \ + $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \ + $(top_srcdir)/cf/capabilities.m4 \ + $(top_srcdir)/cf/check-compile-et.m4 \ + $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \ + $(top_srcdir)/cf/check-man.m4 \ + $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \ + $(top_srcdir)/cf/check-type-extra.m4 \ + $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ + $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ + $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ + $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/find-func-no-libs.m4 \ + $(top_srcdir)/cf/find-func-no-libs2.m4 \ + $(top_srcdir)/cf/find-func.m4 \ + $(top_srcdir)/cf/find-if-not-broken.m4 \ + $(top_srcdir)/cf/framework-security.m4 \ + $(top_srcdir)/cf/have-struct-field.m4 \ + $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \ + $(top_srcdir)/cf/krb-bigendian.m4 \ + $(top_srcdir)/cf/krb-func-getlogin.m4 \ + $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \ + $(top_srcdir)/cf/krb-readline.m4 \ + $(top_srcdir)/cf/krb-struct-spwd.m4 \ + $(top_srcdir)/cf/krb-struct-winsize.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ + $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ + $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ + $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ + $(top_srcdir)/cf/roken-frag.m4 \ + $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \ + $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ + $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ + $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/include/config.h +CONFIG_CLEAN_FILES = +am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)" +sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM) +PROGRAMS = $(sbin_PROGRAMS) +dist_ktutil_OBJECTS = add.$(OBJEXT) change.$(OBJEXT) copy.$(OBJEXT) \ + get.$(OBJEXT) ktutil.$(OBJEXT) list.$(OBJEXT) purge.$(OBJEXT) \ + remove.$(OBJEXT) rename.$(OBJEXT) +nodist_ktutil_OBJECTS = ktutil-commands.$(OBJEXT) +ktutil_OBJECTS = $(dist_ktutil_OBJECTS) $(nodist_ktutil_OBJECTS) +ktutil_LDADD = $(LDADD) +am__DEPENDENCIES_1 = +ktutil_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5clnt.la \ + $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \ + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/sl/libsl.la $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ +depcomp = +am__depfiles_maybe = +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(dist_ktutil_SOURCES) $(nodist_ktutil_SOURCES) +DIST_SOURCES = $(dist_ktutil_SOURCES) +man8dir = $(mandir)/man8 +MANS = $(man_MANS) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CANONICAL_HOST = @CANONICAL_HOST@ +CATMAN = @CATMAN@ +CATMANEXT = @CATMANEXT@ +CC = @CC@ +CFLAGS = @CFLAGS@ +COMPILE_ET = @COMPILE_ET@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DBLIB = @DBLIB@ +DEFS = @DEFS@ +DIR_com_err = @DIR_com_err@ +DIR_hcrypto = @DIR_hcrypto@ +DIR_hdbdir = @DIR_hdbdir@ +DIR_roken = @DIR_roken@ +ECHO = @ECHO@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +F77 = @F77@ +FFLAGS = @FFLAGS@ +GREP = @GREP@ +GROFF = @GROFF@ +INCLUDES_roken = @INCLUDES_roken@ +INCLUDE_hcrypto = @INCLUDE_hcrypto@ +INCLUDE_hesiod = @INCLUDE_hesiod@ +INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_openldap = @INCLUDE_openldap@ +INCLUDE_readline = @INCLUDE_readline@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBADD_roken = @LIBADD_roken@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ +LIB_NDBM = @LIB_NDBM@ +LIB_XauFileName = @LIB_XauFileName@ +LIB_XauReadAuth = @LIB_XauReadAuth@ +LIB_XauWriteAuth = @LIB_XauWriteAuth@ +LIB_bswap16 = @LIB_bswap16@ +LIB_bswap32 = @LIB_bswap32@ +LIB_com_err = @LIB_com_err@ +LIB_com_err_a = @LIB_com_err_a@ +LIB_com_err_so = @LIB_com_err_so@ +LIB_crypt = @LIB_crypt@ +LIB_db_create = @LIB_db_create@ +LIB_dbm_firstkey = @LIB_dbm_firstkey@ +LIB_dbopen = @LIB_dbopen@ +LIB_dlopen = @LIB_dlopen@ +LIB_dn_expand = @LIB_dn_expand@ +LIB_door_create = @LIB_door_create@ +LIB_el_init = @LIB_el_init@ +LIB_freeaddrinfo = @LIB_freeaddrinfo@ +LIB_gai_strerror = @LIB_gai_strerror@ +LIB_getaddrinfo = @LIB_getaddrinfo@ +LIB_gethostbyname = @LIB_gethostbyname@ +LIB_gethostbyname2 = @LIB_gethostbyname2@ +LIB_getnameinfo = @LIB_getnameinfo@ +LIB_getpwnam_r = @LIB_getpwnam_r@ +LIB_getsockopt = @LIB_getsockopt@ +LIB_hcrypto = @LIB_hcrypto@ +LIB_hcrypto_a = @LIB_hcrypto_a@ +LIB_hcrypto_appl = @LIB_hcrypto_appl@ +LIB_hcrypto_so = @LIB_hcrypto_so@ +LIB_hesiod = @LIB_hesiod@ +LIB_hstrerror = @LIB_hstrerror@ +LIB_kdb = @LIB_kdb@ +LIB_krb4 = @LIB_krb4@ +LIB_loadquery = @LIB_loadquery@ +LIB_logout = @LIB_logout@ +LIB_logwtmp = @LIB_logwtmp@ +LIB_openldap = @LIB_openldap@ +LIB_openpty = @LIB_openpty@ +LIB_otp = @LIB_otp@ +LIB_pidfile = @LIB_pidfile@ +LIB_readline = @LIB_readline@ +LIB_res_ndestroy = @LIB_res_ndestroy@ +LIB_res_nsearch = @LIB_res_nsearch@ +LIB_res_search = @LIB_res_search@ +LIB_roken = @LIB_roken@ +LIB_security = @LIB_security@ +LIB_setsockopt = @LIB_setsockopt@ +LIB_socket = @LIB_socket@ +LIB_syslog = @LIB_syslog@ +LIB_tgetent = @LIB_tgetent@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NROFF = @NROFF@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ +PTHREADS_LIBS = @PTHREADS_LIBS@ +RANLIB = @RANLIB@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +VERSIONING = @VERSIONING@ +VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ +WFLAGS = @WFLAGS@ +WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ +WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ +XMKMF = @XMKMF@ +X_CFLAGS = @X_CFLAGS@ +X_EXTRA_LIBS = @X_EXTRA_LIBS@ +X_LIBS = @X_LIBS@ +X_PRE_LIBS = @X_PRE_LIBS@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_F77 = @ac_ct_F77@ +am__leading_dot = @am__leading_dot@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dpagaix_cflags = @dpagaix_cflags@ +dpagaix_ldadd = @dpagaix_ldadd@ +dpagaix_ldflags = @dpagaix_ldflags@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ + $(INCLUDE_readline) $(INCLUDE_hcrypto) +@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME +AM_CFLAGS = $(WFLAGS) +CP = cp +buildinclude = $(top_builddir)/include +LIB_getattr = @LIB_getattr@ +LIB_getpwent_r = @LIB_getpwent_r@ +LIB_odm_initialize = @LIB_odm_initialize@ +LIB_setpcred = @LIB_setpcred@ +HESIODLIB = @HESIODLIB@ +HESIODINCLUDE = @HESIODINCLUDE@ +NROFF_MAN = groff -mandoc -Tascii +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ +@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la + +@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la +@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la +SLC = $(top_builddir)/lib/sl/slc +man_MANS = ktutil.8 +dist_ktutil_SOURCES = \ + add.c \ + change.c \ + copy.c \ + get.c \ + ktutil.c \ + ktutil_locl.h \ + list.c \ + purge.c \ + remove.c \ + rename.c + +nodist_ktutil_SOURCES = \ + ktutil-commands.c + +CLEANFILES = ktutil-commands.h ktutil-commands.c +LDADD = \ + $(top_builddir)/lib/kadm5/libkadm5clnt.la \ + $(top_builddir)/lib/krb5/libkrb5.la \ + $(LIB_hcrypto) \ + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/sl/libsl.la \ + $(LIB_readline) \ + $(LIB_roken) + +EXTRA_DIST = $(man_MANS) ktutil-commands.in +all: all-am + +.SUFFIXES: +.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps admin/Makefile'; \ + cd $(top_srcdir) && \ + $(AUTOMAKE) --foreign --ignore-deps admin/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +install-sbinPROGRAMS: $(sbin_PROGRAMS) + @$(NORMAL_INSTALL) + test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" + @list='$(sbin_PROGRAMS)'; for p in $$list; do \ + p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ + if test -f $$p \ + || test -f $$p1 \ + ; then \ + f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(sbindir)/$$f'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(sbindir)/$$f" || exit 1; \ + else :; fi; \ + done + +uninstall-sbinPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(sbin_PROGRAMS)'; for p in $$list; do \ + f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ + echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \ + rm -f "$(DESTDIR)$(sbindir)/$$f"; \ + done + +clean-sbinPROGRAMS: + @list='$(sbin_PROGRAMS)'; for p in $$list; do \ + f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f $$p $$f"; \ + rm -f $$p $$f ; \ + done +ktutil$(EXEEXT): $(ktutil_OBJECTS) $(ktutil_DEPENDENCIES) + @rm -f ktutil$(EXEEXT) + $(LINK) $(ktutil_OBJECTS) $(ktutil_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +.c.o: + $(COMPILE) -c $< + +.c.obj: + $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: + $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-man8: $(man8_MANS) $(man_MANS) + @$(NORMAL_INSTALL) + test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" + @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.8*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ + else file=$$i; fi; \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + case "$$ext" in \ + 8*) ;; \ + *) ext='8' ;; \ + esac; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ + done +uninstall-man8: + @$(NORMAL_UNINSTALL) + @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.8*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + case "$$ext" in \ + 8*) ;; \ + *) ext='8' ;; \ + esac; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ + rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ + done + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$tags $$unique; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(CTAGS_ARGS)$$tags$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$tags $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) $$here + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + fi; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$(top_distdir)" distdir="$(distdir)" \ + dist-hook +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) check-local +check: check-am +all-am: Makefile $(PROGRAMS) $(MANS) all-local +installdirs: + for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \ + mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +info: info-am + +info-am: + +install-data-am: install-man + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook + +install-dvi: install-dvi-am + +install-exec-am: install-sbinPROGRAMS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook + +install-html: install-html-am + +install-info: install-info-am + +install-man: install-man8 + +install-pdf: install-pdf-am + +install-ps: install-ps-am + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-man uninstall-sbinPROGRAMS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) uninstall-hook + +uninstall-man: uninstall-man8 + +.MAKE: install-am install-data-am install-exec-am install-strip \ + uninstall-am + +.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ + clean clean-generic clean-libtool clean-sbinPROGRAMS ctags \ + dist-hook distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-data-hook install-dvi install-dvi-am \ + install-exec install-exec-am install-exec-hook install-html \ + install-html-am install-info install-info-am install-man \ + install-man8 install-pdf install-pdf-am install-ps \ + install-ps-am install-sbinPROGRAMS install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-hook uninstall-man \ + uninstall-man8 uninstall-sbinPROGRAMS + + +install-suid-programs: + @foo='$(bin_SUIDS)'; \ + for file in $$foo; do \ + x=$(DESTDIR)$(bindir)/$$file; \ + if chown 0:0 $$x && chmod u+s $$x; then :; else \ + echo "*"; \ + echo "* Failed to install $$x setuid root"; \ + echo "*"; \ + fi; done + +install-exec-hook: install-suid-programs + +install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS) + @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \ + for f in $$foo; do \ + f=`basename $$f`; \ + if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ + else file="$$f"; fi; \ + if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ + : ; else \ + echo " $(CP) $$file $(buildinclude)/$$f"; \ + $(CP) $$file $(buildinclude)/$$f; \ + fi ; \ + done ; \ + foo='$(nobase_include_HEADERS)'; \ + for f in $$foo; do \ + if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ + else file="$$f"; fi; \ + $(mkdir_p) $(buildinclude)/`dirname $$f` ; \ + if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ + : ; else \ + echo " $(CP) $$file $(buildinclude)/$$f"; \ + $(CP) $$file $(buildinclude)/$$f; \ + fi ; \ + done + +all-local: install-build-headers + +check-local:: + @if test '$(CHECK_LOCAL)' = "no-check-local"; then \ + foo=''; elif test '$(CHECK_LOCAL)'; then \ + foo='$(CHECK_LOCAL)'; else \ + foo='$(PROGRAMS)'; fi; \ + if test "$$foo"; then \ + failed=0; all=0; \ + for i in $$foo; do \ + all=`expr $$all + 1`; \ + if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \ + echo "PASS: $$i"; \ + else \ + echo "FAIL: $$i"; \ + failed=`expr $$failed + 1`; \ + fi; \ + done; \ + if test "$$failed" -eq 0; then \ + banner="All $$all tests passed"; \ + else \ + banner="$$failed of $$all tests failed"; \ + fi; \ + dashes=`echo "$$banner" | sed s/./=/g`; \ + echo "$$dashes"; \ + echo "$$banner"; \ + echo "$$dashes"; \ + test "$$failed" -eq 0 || exit 1; \ + fi + +.x.c: + @cmp -s $< $@ 2> /dev/null || cp $< $@ +#NROFF_MAN = nroff -man +.1.cat1: + $(NROFF_MAN) $< > $@ +.3.cat3: + $(NROFF_MAN) $< > $@ +.5.cat5: + $(NROFF_MAN) $< > $@ +.8.cat8: + $(NROFF_MAN) $< > $@ + +dist-cat1-mans: + @foo='$(man1_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.1) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat3-mans: + @foo='$(man3_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.3) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat5-mans: + @foo='$(man5_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.5) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat8-mans: + @foo='$(man8_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.8) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans + +install-cat-mans: + $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) + +uninstall-cat-mans: + $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) + +install-data-hook: install-cat-mans +uninstall-hook: uninstall-cat-mans + +.et.h: + $(COMPILE_ET) $< +.et.c: + $(COMPILE_ET) $< + +# +# Useful target for debugging +# + +check-valgrind: + tobjdir=`cd $(top_builddir) && pwd` ; \ + tsrcdir=`cd $(top_srcdir) && pwd` ; \ + env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + +# +# Target to please samba build farm, builds distfiles in-tree. +# Will break when automake changes... +# + +distdir-in-tree: $(DISTFILES) $(INFO_DEPS) + list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" != .; then \ + (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ + fi ; \ + done + +$(ktutil_OBJECTS): ktutil-commands.h + +ktutil-commands.c ktutil-commands.h: ktutil-commands.in + $(SLC) $(srcdir)/ktutil-commands.in +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/admin/add.c b/admin/add.c new file mode 100644 index 0000000000000..1c20320951494 --- /dev/null +++ b/admin/add.c @@ -0,0 +1,157 @@ +/* + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" + +RCSID("$Id: add.c 14793 2005-04-14 16:45:14Z lha $"); + +static char * +readstring(const char *prompt, char *buf, size_t len) +{ + printf("%s", prompt); + if (fgets(buf, len, stdin) == NULL) + return NULL; + buf[strcspn(buf, "\r\n")] = '\0'; + return buf; +} + +int +kt_add(struct add_options *opt, int argc, char **argv) +{ + krb5_error_code ret; + krb5_keytab keytab; + krb5_keytab_entry entry; + char buf[1024]; + krb5_enctype enctype; + + if((keytab = ktutil_open_keytab()) == NULL) + return 1; + + memset(&entry, 0, sizeof(entry)); + if(opt->principal_string == NULL) { + if(readstring("Principal: ", buf, sizeof(buf)) == NULL) + return 1; + opt->principal_string = buf; + } + ret = krb5_parse_name(context, opt->principal_string, &entry.principal); + if(ret) { + krb5_warn(context, ret, "%s", opt->principal_string); + goto out; + } + if(opt->enctype_string == NULL) { + if(readstring("Encryption type: ", buf, sizeof(buf)) == NULL) { + ret = 1; + goto out; + } + opt->enctype_string = buf; + } + ret = krb5_string_to_enctype(context, opt->enctype_string, &enctype); + if(ret) { + int t; + if(sscanf(opt->enctype_string, "%d", &t) == 1) + enctype = t; + else { + krb5_warn(context, ret, "%s", opt->enctype_string); + goto out; + } + } + if(opt->kvno_integer == -1) { + if(readstring("Key version: ", buf, sizeof(buf)) == NULL) { + ret = 1; + goto out; + } + if(sscanf(buf, "%u", &opt->kvno_integer) != 1) + goto out; + } + if(opt->password_string == NULL && opt->random_flag == 0) { + if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Password: ", 1)) { + ret = 1; + goto out; + } + opt->password_string = buf; + } + if(opt->password_string) { + if (opt->hex_flag) { + size_t len; + void *data; + + len = (strlen(opt->password_string) + 1) / 2; + + data = malloc(len); + if (data == NULL) { + krb5_warn(context, ENOMEM, "malloc"); + goto out; + } + + if (hex_decode(opt->password_string, data, len) != len) { + free(data); + krb5_warn(context, ENOMEM, "hex decode failed"); + goto out; + } + + ret = krb5_keyblock_init(context, enctype, + data, len, &entry.keyblock); + free(data); + } else if (!opt->salt_flag) { + krb5_salt salt; + krb5_data pw; + + salt.salttype = KRB5_PW_SALT; + salt.saltvalue.data = NULL; + salt.saltvalue.length = 0; + pw.data = (void*)opt->password_string; + pw.length = strlen(opt->password_string); + ret = krb5_string_to_key_data_salt(context, enctype, pw, salt, + &entry.keyblock); + } else { + ret = krb5_string_to_key(context, enctype, opt->password_string, + entry.principal, &entry.keyblock); + } + memset (opt->password_string, 0, strlen(opt->password_string)); + } else { + ret = krb5_generate_random_keyblock(context, enctype, &entry.keyblock); + } + if(ret) { + krb5_warn(context, ret, "add"); + goto out; + } + entry.vno = opt->kvno_integer; + entry.timestamp = time (NULL); + ret = krb5_kt_add_entry(context, keytab, &entry); + if(ret) + krb5_warn(context, ret, "add"); + out: + krb5_kt_free_entry(context, &entry); + krb5_kt_close(context, keytab); + return ret != 0; +} diff --git a/admin/change.c b/admin/change.c new file mode 100644 index 0000000000000..01f69c41574cc --- /dev/null +++ b/admin/change.c @@ -0,0 +1,252 @@ +/* + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" + +RCSID("$Id: change.c 15578 2005-07-07 20:44:48Z lha $"); + +static krb5_error_code +change_entry (krb5_keytab keytab, + krb5_principal principal, krb5_kvno kvno, + const char *realm, const char *admin_server, int server_port) +{ + krb5_error_code ret; + kadm5_config_params conf; + void *kadm_handle; + char *client_name; + krb5_keyblock *keys; + int num_keys; + int i; + + ret = krb5_unparse_name (context, principal, &client_name); + if (ret) { + krb5_warn (context, ret, "krb5_unparse_name"); + return ret; + } + + memset (&conf, 0, sizeof(conf)); + + if(realm == NULL) + realm = krb5_principal_get_realm(context, principal); + conf.realm = strdup(realm); + if (conf.realm == NULL) { + free (client_name); + krb5_set_error_string(context, "malloc failed"); + return ENOMEM; + } + conf.mask |= KADM5_CONFIG_REALM; + + if (admin_server) { + conf.admin_server = strdup(admin_server); + if (conf.admin_server == NULL) { + free(client_name); + free(conf.realm); + krb5_set_error_string(context, "malloc failed"); + return ENOMEM; + } + conf.mask |= KADM5_CONFIG_ADMIN_SERVER; + } + + if (server_port) { + conf.kadmind_port = htons(server_port); + conf.mask |= KADM5_CONFIG_KADMIND_PORT; + } + + ret = kadm5_init_with_skey_ctx (context, + client_name, + keytab_string, + KADM5_ADMIN_SERVICE, + &conf, 0, 0, + &kadm_handle); + free(conf.admin_server); + free(conf.realm); + if (ret) { + krb5_warn (context, ret, + "kadm5_c_init_with_skey_ctx: %s:", client_name); + free (client_name); + return ret; + } + ret = kadm5_randkey_principal (kadm_handle, principal, &keys, &num_keys); + kadm5_destroy (kadm_handle); + if (ret) { + krb5_warn(context, ret, "kadm5_randkey_principal: %s:", client_name); + free (client_name); + return ret; + } + free (client_name); + for (i = 0; i < num_keys; ++i) { + krb5_keytab_entry new_entry; + + new_entry.principal = principal; + new_entry.timestamp = time (NULL); + new_entry.vno = kvno + 1; + new_entry.keyblock = keys[i]; + + ret = krb5_kt_add_entry (context, keytab, &new_entry); + if (ret) + krb5_warn (context, ret, "krb5_kt_add_entry"); + krb5_free_keyblock_contents (context, &keys[i]); + } + return ret; +} + +/* + * loop over all the entries in the keytab (or those given) and change + * their keys, writing the new keys + */ + +struct change_set { + krb5_principal principal; + krb5_kvno kvno; +}; + +int +kt_change (struct change_options *opt, int argc, char **argv) +{ + krb5_error_code ret; + krb5_keytab keytab; + krb5_kt_cursor cursor; + krb5_keytab_entry entry; + int i, j, max; + struct change_set *changeset; + int errors = 0; + + if((keytab = ktutil_open_keytab()) == NULL) + return 1; + + j = 0; + max = 0; + changeset = NULL; + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if(ret){ + krb5_warn(context, ret, "%s", keytab_string); + goto out; + } + + while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) { + int add = 0; + + for (i = 0; i < j; ++i) { + if (krb5_principal_compare (context, changeset[i].principal, + entry.principal)) { + if (changeset[i].kvno < entry.vno) + changeset[i].kvno = entry.vno; + break; + } + } + if (i < j) { + krb5_kt_free_entry (context, &entry); + continue; + } + + if (argc == 0) { + add = 1; + } else { + for (i = 0; i < argc; ++i) { + krb5_principal princ; + + ret = krb5_parse_name (context, argv[i], &princ); + if (ret) { + krb5_warn (context, ret, "%s", argv[i]); + continue; + } + if (krb5_principal_compare (context, princ, entry.principal)) + add = 1; + + krb5_free_principal (context, princ); + } + } + + if (add) { + if (j >= max) { + void *tmp; + + max = max(max * 2, 1); + tmp = realloc (changeset, max * sizeof(*changeset)); + if (tmp == NULL) { + krb5_kt_free_entry (context, &entry); + krb5_warnx (context, "realloc: out of memory"); + ret = ENOMEM; + break; + } + changeset = tmp; + } + ret = krb5_copy_principal (context, entry.principal, + &changeset[j].principal); + if (ret) { + krb5_warn (context, ret, "krb5_copy_principal"); + krb5_kt_free_entry (context, &entry); + break; + } + changeset[j].kvno = entry.vno; + ++j; + } + krb5_kt_free_entry (context, &entry); + } + krb5_kt_end_seq_get(context, keytab, &cursor); + + if (ret == KRB5_KT_END) { + ret = 0; + for (i = 0; i < j; i++) { + if (verbose_flag) { + char *client_name; + + ret = krb5_unparse_name (context, changeset[i].principal, + &client_name); + if (ret) { + krb5_warn (context, ret, "krb5_unparse_name"); + } else { + printf("Changing %s kvno %d\n", + client_name, changeset[i].kvno); + free(client_name); + } + } + ret = change_entry (keytab, + changeset[i].principal, changeset[i].kvno, + opt->realm_string, + opt->admin_server_string, + opt->server_port_integer); + if (ret != 0) + errors = 1; + } + } else + errors = 1; + for (i = 0; i < j; i++) + krb5_free_principal (context, changeset[i].principal); + free (changeset); + + out: + krb5_kt_close(context, keytab); + return errors; +} diff --git a/admin/copy.c b/admin/copy.c new file mode 100644 index 0000000000000..83b65b61a0a34 --- /dev/null +++ b/admin/copy.c @@ -0,0 +1,175 @@ +/* + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" + +RCSID("$Id: copy.c 14260 2004-09-23 14:45:29Z joda $"); + + +static krb5_boolean +compare_keyblock(const krb5_keyblock *a, const krb5_keyblock *b) +{ + if(a->keytype != b->keytype || + a->keyvalue.length != b->keyvalue.length || + memcmp(a->keyvalue.data, b->keyvalue.data, a->keyvalue.length) != 0) + return FALSE; + return TRUE; +} + +static int +kt_copy_int (const char *from, const char *to) +{ + krb5_error_code ret; + krb5_keytab src_keytab, dst_keytab; + krb5_kt_cursor cursor; + krb5_keytab_entry entry, dummy; + + ret = krb5_kt_resolve (context, from, &src_keytab); + if (ret) { + krb5_warn (context, ret, "resolving src keytab `%s'", from); + return 1; + } + + ret = krb5_kt_resolve (context, to, &dst_keytab); + if (ret) { + krb5_kt_close (context, src_keytab); + krb5_warn (context, ret, "resolving dst keytab `%s'", to); + return 1; + } + + ret = krb5_kt_start_seq_get (context, src_keytab, &cursor); + if (ret) { + krb5_warn (context, ret, "krb5_kt_start_seq_get %s", keytab_string); + goto out; + } + + if (verbose_flag) + fprintf(stderr, "copying %s to %s\n", from, to); + + while((ret = krb5_kt_next_entry(context, src_keytab, + &entry, &cursor)) == 0) { + char *name_str; + char *etype_str; + ret = krb5_unparse_name (context, entry.principal, &name_str); + if(ret) { + krb5_warn(context, ret, "krb5_unparse_name"); + name_str = NULL; /* XXX */ + } + ret = krb5_enctype_to_string(context, entry.keyblock.keytype, &etype_str); + if(ret) { + krb5_warn(context, ret, "krb5_enctype_to_string"); + etype_str = NULL; /* XXX */ + } + ret = krb5_kt_get_entry(context, dst_keytab, + entry.principal, + entry.vno, + entry.keyblock.keytype, + &dummy); + if(ret == 0) { + /* this entry is already in the new keytab, so no need to + copy it; if the keyblocks are not the same, something + is weird, so complain about that */ + if(!compare_keyblock(&entry.keyblock, &dummy.keyblock)) { + krb5_warnx(context, "entry with different keyvalue " + "already exists for %s, keytype %s, kvno %d", + name_str, etype_str, entry.vno); + } + krb5_kt_free_entry(context, &dummy); + krb5_kt_free_entry (context, &entry); + free(name_str); + free(etype_str); + continue; + } else if(ret != KRB5_KT_NOTFOUND) { + krb5_warn (context, ret, "%s: fetching %s/%s/%u", + to, name_str, etype_str, entry.vno); + krb5_kt_free_entry (context, &entry); + free(name_str); + free(etype_str); + break; + } + if (verbose_flag) + fprintf (stderr, "copying %s, keytype %s, kvno %d\n", name_str, + etype_str, entry.vno); + ret = krb5_kt_add_entry (context, dst_keytab, &entry); + krb5_kt_free_entry (context, &entry); + if (ret) { + krb5_warn (context, ret, "%s: adding %s/%s/%u", + to, name_str, etype_str, entry.vno); + free(name_str); + free(etype_str); + break; + } + free(name_str); + free(etype_str); + } + krb5_kt_end_seq_get (context, src_keytab, &cursor); + + out: + krb5_kt_close (context, src_keytab); + krb5_kt_close (context, dst_keytab); + return ret != 0; +} + +int +kt_copy (void *opt, int argc, char **argv) +{ + return kt_copy_int(argv[0], argv[1]); +} + +int +srvconv(struct srvconvert_options *opt, int argc, char **argv) +{ + char kt4[1024], kt5[1024]; + + snprintf(kt4, sizeof(kt4), "krb4:%s", opt->srvtab_string); + + if(keytab_string != NULL) + return kt_copy_int(kt4, keytab_string); + + krb5_kt_default_modify_name(context, kt5, sizeof(kt5)); + return kt_copy_int(kt4, kt5); +} + +int +srvcreate(struct srvcreate_options *opt, int argc, char **argv) +{ + char kt4[1024], kt5[1024]; + + snprintf(kt4, sizeof(kt4), "krb4:%s", opt->srvtab_string); + + if(keytab_string != NULL) + return kt_copy_int(keytab_string, kt4); + + krb5_kt_default_name(context, kt5, sizeof(kt5)); + return kt_copy_int(kt5, kt4); +} diff --git a/admin/get.c b/admin/get.c new file mode 100644 index 0000000000000..7ad1fc4bc13f9 --- /dev/null +++ b/admin/get.c @@ -0,0 +1,238 @@ +/* + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" + +RCSID("$Id: get.c 15583 2005-07-07 21:44:37Z lha $"); + +static void* +open_kadmin_connection(char *principal, + const char *realm, + char *admin_server, + int server_port) +{ + static kadm5_config_params conf; + krb5_error_code ret; + void *kadm_handle; + memset(&conf, 0, sizeof(conf)); + + if(realm) { + conf.realm = strdup(realm); + if (conf.realm == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return NULL; + } + conf.mask |= KADM5_CONFIG_REALM; + } + + if (admin_server) { + conf.admin_server = admin_server; + conf.mask |= KADM5_CONFIG_ADMIN_SERVER; + } + + if (server_port) { + conf.kadmind_port = htons(server_port); + conf.mask |= KADM5_CONFIG_KADMIND_PORT; + } + + /* should get realm from each principal, instead of doing + everything with the same (local) realm */ + + ret = kadm5_init_with_password_ctx(context, + principal, + NULL, + KADM5_ADMIN_SERVICE, + &conf, 0, 0, + &kadm_handle); + free(conf.realm); + if(ret) { + krb5_warn(context, ret, "kadm5_init_with_password"); + return NULL; + } + return kadm_handle; +} + +int +kt_get(struct get_options *opt, int argc, char **argv) +{ + krb5_error_code ret = 0; + krb5_keytab keytab; + void *kadm_handle = NULL; + krb5_enctype *etypes = NULL; + size_t netypes = 0; + int i, j; + unsigned int failed = 0; + + if((keytab = ktutil_open_keytab()) == NULL) + return 1; + + if(opt->realm_string) + krb5_set_default_realm(context, opt->realm_string); + + if (opt->enctypes_strings.num_strings != 0) { + + etypes = malloc (opt->enctypes_strings.num_strings * sizeof(*etypes)); + if (etypes == NULL) { + krb5_warnx(context, "malloc failed"); + goto out; + } + netypes = opt->enctypes_strings.num_strings; + for(i = 0; i < netypes; i++) { + ret = krb5_string_to_enctype(context, + opt->enctypes_strings.strings[i], + &etypes[i]); + if(ret) { + krb5_warnx(context, "unrecognized enctype: %s", + opt->enctypes_strings.strings[i]); + goto out; + } + } + } + + + for(i = 0; i < argc; i++){ + krb5_principal princ_ent; + kadm5_principal_ent_rec princ; + int mask = 0; + krb5_keyblock *keys; + int n_keys; + int created = 0; + krb5_keytab_entry entry; + + ret = krb5_parse_name(context, argv[i], &princ_ent); + if (ret) { + krb5_warn(context, ret, "can't parse principal %s", argv[i]); + failed++; + continue; + } + memset(&princ, 0, sizeof(princ)); + princ.principal = princ_ent; + mask |= KADM5_PRINCIPAL; + princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX; + mask |= KADM5_ATTRIBUTES; + princ.princ_expire_time = 0; + mask |= KADM5_PRINC_EXPIRE_TIME; + + if(kadm_handle == NULL) { + const char *r; + if(opt->realm_string != NULL) + r = opt->realm_string; + else + r = krb5_principal_get_realm(context, princ_ent); + kadm_handle = open_kadmin_connection(opt->principal_string, + r, + opt->admin_server_string, + opt->server_port_integer); + if(kadm_handle == NULL) + break; + } + + ret = kadm5_create_principal(kadm_handle, &princ, mask, "x"); + if(ret == 0) + created = 1; + else if(ret != KADM5_DUP) { + krb5_warn(context, ret, "kadm5_create_principal(%s)", argv[i]); + krb5_free_principal(context, princ_ent); + failed++; + continue; + } + ret = kadm5_randkey_principal(kadm_handle, princ_ent, &keys, &n_keys); + if (ret) { + krb5_warn(context, ret, "kadm5_randkey_principal(%s)", argv[i]); + krb5_free_principal(context, princ_ent); + failed++; + continue; + } + + ret = kadm5_get_principal(kadm_handle, princ_ent, &princ, + KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES); + if (ret) { + krb5_warn(context, ret, "kadm5_get_principal(%s)", argv[i]); + for (j = 0; j < n_keys; j++) + krb5_free_keyblock_contents(context, &keys[j]); + krb5_free_principal(context, princ_ent); + failed++; + continue; + } + if(!created && (princ.attributes & KRB5_KDB_DISALLOW_ALL_TIX)) + krb5_warnx(context, "%s: disallow-all-tix flag set - clearing", argv[i]); + princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX); + mask = KADM5_ATTRIBUTES; + if(created) { + princ.kvno = 1; + mask |= KADM5_KVNO; + } + ret = kadm5_modify_principal(kadm_handle, &princ, mask); + if (ret) { + krb5_warn(context, ret, "kadm5_modify_principal(%s)", argv[i]); + for (j = 0; j < n_keys; j++) + krb5_free_keyblock_contents(context, &keys[j]); + krb5_free_principal(context, princ_ent); + failed++; + continue; + } + for(j = 0; j < n_keys; j++) { + int do_add = TRUE; + + if (netypes) { + int k; + + do_add = FALSE; + for (k = 0; k < netypes; ++k) + if (keys[j].keytype == etypes[k]) { + do_add = TRUE; + break; + } + } + if (do_add) { + entry.principal = princ_ent; + entry.vno = princ.kvno; + entry.keyblock = keys[j]; + entry.timestamp = time (NULL); + ret = krb5_kt_add_entry(context, keytab, &entry); + if (ret) + krb5_warn(context, ret, "krb5_kt_add_entry"); + } + krb5_free_keyblock_contents(context, &keys[j]); + } + + kadm5_free_principal_ent(kadm_handle, &princ); + krb5_free_principal(context, princ_ent); + } + out: + free(etypes); + if (kadm_handle) + kadm5_destroy(kadm_handle); + krb5_kt_close(context, keytab); + return ret != 0 || failed > 0; +} diff --git a/admin/ktutil-commands.in b/admin/ktutil-commands.in new file mode 100644 index 0000000000000..fc5d1bf2e1595 --- /dev/null +++ b/admin/ktutil-commands.in @@ -0,0 +1,266 @@ +/* + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +/* $Id: ktutil-commands.in 14793 2005-04-14 16:45:14Z lha $ */ + +command = { + name = "add" + option = { + long = "principal" + short = "p" + type = "string" + help = "principal to add" + argument = "principal" + default = "" + } + option = { + long = "kvno" + short = "V" + type = "integer" + help = "key version number" + default = "-1" + } + option = { + long = "enctype" + short = "e" + type = "string" + argument = "enctype" + help = "encryption type" + } + option = { + long = "password" + short = "w" + type = "string" + help = "password for key" + } + option = { + long = "salt" + short = "s" + type = "-flag" + help = "use unsalted keys" + default = "1" + } + option = { + long = "random" + short = "r" + type = "flag" + help = "generate random key" + } + option = { + long = "hex" + short = "H" + type = "flag" + help = "password is a hexadecimal string" + } + function = "kt_add" + help = "Adds a key to a keytab." + max_args = "0" +} +command = { + name = "change" + option = { + long = "realm" + short = "r" + type = "string" + argument = "realm" + help = "realm to use" + } + option = { + long = "admin-server" + short = "a" + type = "string" + argument = "host" + help = "server to contact" + } + option = { + long = "server-port" + short = "s" + type = "integer" + argument = "port number" + help = "port number on server" + } + function = "kt_change" + argument = "[principal...]" + help = "Change keys for specified principals (default all)." +} +command = { + name = "copy" + function = "kt_copy" + argument = "source destination" + min_args = "2" + max_args = "2" + help = "Copies one keytab to another." +} +command = { + name = "get" + option = { + long = "principal" + short = "p" + type = "string" + help = "admin principal" + argument = "principal" + } + option = { + long = "enctypes" + short = "e" + type = "strings" + help = "encryption types to use" + argument = "enctype" + } + option = { + long = "realm" + short = "r" + type = "string" + argument = "realm" + help = "realm to use" + } + option = { + long = "admin-server" + short = "a" + type = "string" + argument = "host" + help = "server to contact" + } + option = { + long = "server-port" + short = "s" + type = "integer" + argument = "port number" + help = "port number on server" + } + function = "kt_get" + min_args = "1" + argument = "principal..." + help = "Change keys for specified principals, and add them to the keytab." +} +command = { + name = "list" + option = { + long = "keys" + type = "flag" + help = "show key values" + } + option = { + long = "timestamp" + type = "flag" + help = "show timestamps" + } + max_args = "0" + function = "kt_list" + help = "Show contents of keytab." +} +command = { + name = "purge" + option = { + long = "age" + type = "string" + help = "age to retiere" + default = "1 week"; + argument = "time" + } + max_args = "0" + function = "kt_purge" + help = "Remove superceded keys from keytab." +} +command = { + name = "remove" + name = "delete" + option = { + long = "principal" + short = "p" + type = "string" + help = "principal to remove" + argument = "principal" + } + option = { + long = "kvno" + short = "V" + type = "integer" + help = "key version to remove" + argument = "enctype" + default = "0" + } + option = { + long = "enctype" + short = "e" + type = "string" + help = "enctype to remove" + argument = "enctype" + } + max_args = "0" + function = "kt_remove" + help = "Remove keys from keytab." +} +command = { + name = "rename" + function = "kt_rename" + argument = "from to" + min_args = "2" + max_args = "2" + help = "Renames an entry in the keytab." +} +command = { + name = "srvconvert" + name = "srv2keytab" + option = { + long = "srvtab" + short = "s" + type = "string" + argument = "file" + help = "name of Kerberos 4 srvtab" + default = "/etc/srvtab" + } + max_args = "0" + function = "srvconv" + help = "Convert a Kerberos 4 srvtab to a keytab." +} +command = { + name = "srvcreate" + name = "key2srvtab" + option = { + long = "srvtab" + short = "s" + type = "string" + argument = "file" + help = "name of Kerberos 4 srvtab" + default = "/etc/srvtab" + } + max_args = "0" + function = "srvcreate" + help = "Convert a keytab to a Kerberos 4 srvtab." +} +command = { + name = "help" + argument = "command" + max_args = "1" + function = "help" +} diff --git a/admin/ktutil.8 b/admin/ktutil.8 new file mode 100644 index 0000000000000..15523b4337212 --- /dev/null +++ b/admin/ktutil.8 @@ -0,0 +1,196 @@ +.\" Copyright (c) 1997-2004 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: ktutil.8 14792 2005-04-14 16:43:57Z lha $ +.\" +.Dd April 14, 2005 +.Dt KTUTIL 8 +.Os HEIMDAL +.Sh NAME +.Nm ktutil +.Nd manage Kerberos keytabs +.Sh SYNOPSIS +.Nm +.Oo Fl k Ar keytab \*(Ba Xo +.Fl -keytab= Ns Ar keytab +.Xc +.Oc +.Op Fl v | Fl -verbose +.Op Fl -version +.Op Fl h | Fl -help +.Ar command +.Op Ar args +.Sh DESCRIPTION +.Nm +is a program for managing keytabs. +Supported options: +.Bl -tag -width Ds +.It Xo +.Fl v , +.Fl -verbose +.Xc +Verbose output. +.El +.Pp +.Ar command +can be one of the following: +.Bl -tag -width srvconvert +.It add Xo +.Op Fl p Ar principal +.Op Fl -principal= Ns Ar principal +.Op Fl V Ar kvno +.Op Fl -kvno= Ns Ar kvno +.Op Fl e Ar enctype +.Op Fl -enctype= Ns Ar enctype +.Op Fl w Ar password +.Op Fl -password= Ns Ar password +.Op Fl r +.Op Fl -random +.Op Fl s +.Op Fl -no-salt +.Op Fl H +.Op Fl -hex +.Xc +Adds a key to the keytab. Options that are not specified will be +prompted for. This requires that you know the password or the hex key of the +principal to add; if what you really want is to add a new principal to +the keytab, you should consider the +.Ar get +command, which talks to the kadmin server. +.It change Xo +.Op Fl r Ar realm +.Op Fl -realm= Ns Ar realm +.Op Fl -a Ar host +.Op Fl -admin-server= Ns Ar host +.Op Fl -s Ar port +.Op Fl -server-port= Ns Ar port +.Xc +Update one or several keys to new versions. By default, use the admin +server for the realm of a keytab entry. Otherwise it will use the +values specified by the options. +.Pp +If no principals are given, all the ones in the keytab are updated. +.It copy Xo +.Ar keytab-src +.Ar keytab-dest +.Xc +Copies all the entries from +.Ar keytab-src +to +.Ar keytab-dest . +.It get Xo +.Op Fl p Ar admin principal +.Op Fl -principal= Ns Ar admin principal +.Op Fl e Ar enctype +.Op Fl -enctypes= Ns Ar enctype +.Op Fl r Ar realm +.Op Fl -realm= Ns Ar realm +.Op Fl a Ar admin server +.Op Fl -admin-server= Ns Ar admin server +.Op Fl s Ar server port +.Op Fl -server-port= Ns Ar server port +.Ar principal ... +.Xc +For each +.Ar principal , +generate a new key for it (creating it if it doesn't already exist), +and put that key in the keytab. +.Pp +If no +.Ar realm +is specified, the realm to operate on is taken from the first +principal. +.It list Xo +.Op Fl -keys +.Op Fl -timestamp +.Xc +List the keys stored in the keytab. +.It remove Xo +.Op Fl p Ar principal +.Op Fl -principal= Ns Ar principal +.Op Fl V kvno +.Op Fl -kvno= Ns Ar kvno +.Op Fl e enctype +.Op Fl -enctype= Ns Ar enctype +.Xc +Removes the specified key or keys. Not specifying a +.Ar kvno +removes keys with any version number. Not specifying an +.Ar enctype +removes keys of any type. +.It rename Xo +.Ar from-principal +.Ar to-principal +.Xc +Renames all entries in the keytab that match the +.Ar from-principal +to +.Ar to-principal . +.It purge Xo +.Op Fl -age= Ns Ar age +.Xc +Removes all old versions of a key for which there is a newer version +that is at least +.Ar age +(default one week) old. +.It srvconvert +.It srv2keytab Xo +.Op Fl s Ar srvtab +.Op Fl -srvtab= Ns Ar srvtab +.Xc +Converts the version 4 srvtab in +.Ar srvtab +to a version 5 keytab and stores it in +.Ar keytab . +Identical to: +.Bd -ragged -offset indent +.Li ktutil copy +.Li krb4: Ns Ar srvtab +.Ar keytab +.Ed +.It srvcreate +.It key2srvtab Xo +.Op Fl s Ar srvtab +.Op Fl -srvtab= Ns Ar srvtab +.Xc +Converts the version 5 keytab in +.Ar keytab +to a version 4 srvtab and stores it in +.Ar srvtab . +Identical to: +.Bd -ragged -offset indent +.Li ktutil copy +.Ar keytab +.Li krb4: Ns Ar srvtab +.Ed +.El +.Sh SEE ALSO +.Xr kadmin 8 diff --git a/admin/ktutil.c b/admin/ktutil.c new file mode 100644 index 0000000000000..dfcbbfd401fe2 --- /dev/null +++ b/admin/ktutil.c @@ -0,0 +1,174 @@ +/* + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" +#include <err.h> + +RCSID("$Id: ktutil.c 15585 2005-07-07 21:52:04Z lha $"); + +static int help_flag; +static int version_flag; +int verbose_flag; +char *keytab_string; +static char keytab_buf[256]; + +static struct getargs args[] = { + { + "version", + 0, + arg_flag, + &version_flag, + NULL, + NULL + }, + { + "help", + 'h', + arg_flag, + &help_flag, + NULL, + NULL + }, + { + "keytab", + 'k', + arg_string, + &keytab_string, + "keytab", + "keytab to operate on" + }, + { + "verbose", + 'v', + arg_flag, + &verbose_flag, + "verbose", + "run verbosely" + } +}; + +static int num_args = sizeof(args) / sizeof(args[0]); + +krb5_context context; + +krb5_keytab +ktutil_open_keytab(void) +{ + krb5_error_code ret; + krb5_keytab keytab; + if (keytab_string == NULL) { + ret = krb5_kt_default_name (context, keytab_buf, sizeof(keytab_buf)); + if (ret) { + krb5_warn(context, ret, "krb5_kt_default_name"); + return NULL; + } + keytab_string = keytab_buf; + } + ret = krb5_kt_resolve(context, keytab_string, &keytab); + if (ret) { + krb5_warn(context, ret, "resolving keytab %s", keytab_string); + return NULL; + } + if (verbose_flag) + fprintf (stderr, "Using keytab %s\n", keytab_string); + + return keytab; +} + +int +help(void *opt, int argc, char **argv) +{ + if(argc == 0) { + sl_help(commands, 1, argv - 1 /* XXX */); + } else { + SL_cmd *c = sl_match (commands, argv[0], 0); + if(c == NULL) { + fprintf (stderr, "No such command: %s. " + "Try \"help\" for a list of commands\n", + argv[0]); + } else { + if(c->func) { + char *fake[] = { NULL, "--help", NULL }; + fake[0] = argv[0]; + (*c->func)(2, fake); + fprintf(stderr, "\n"); + } + if(c->help && *c->help) + fprintf (stderr, "%s\n", c->help); + if((++c)->name && c->func == NULL) { + int f = 0; + fprintf (stderr, "Synonyms:"); + while (c->name && c->func == NULL) { + fprintf (stderr, "%s%s", f ? ", " : " ", (c++)->name); + f = 1; + } + fprintf (stderr, "\n"); + } + } + } + return 0; +} + +static void +usage(int status) +{ + arg_printusage(args, num_args, NULL, "command"); + exit(status); +} + +int +main(int argc, char **argv) +{ + int optidx = 0; + krb5_error_code ret; + setprogname(argv[0]); + ret = krb5_init_context(&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + if(getarg(args, num_args, argc, argv, &optidx)) + usage(1); + if(help_flag) + usage(0); + if(version_flag) { + print_version(NULL); + exit(0); + } + argc -= optidx; + argv += optidx; + if(argc == 0) + usage(1); + ret = sl_command(commands, argc, argv); + if(ret == -1) + krb5_warnx (context, "unrecognized command: %s", argv[0]); + return ret; +} diff --git a/admin/ktutil_locl.h b/admin/ktutil_locl.h new file mode 100644 index 0000000000000..676f27b5f377d --- /dev/null +++ b/admin/ktutil_locl.h @@ -0,0 +1,75 @@ +/* + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: ktutil_locl.h 14799 2005-04-15 05:02:39Z lha $ + */ + +#ifndef __KTUTIL_LOCL_H__ +#define __KTUTIL_LOCL_H__ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#include <parse_time.h> +#include <roken.h> + +#include "crypto-headers.h" +#include <krb5.h> +#include <kadm5/admin.h> +#include <kadm5/kadm5_err.h> + +#include <sl.h> +#include <getarg.h> +#include <hex.h> + +extern krb5_context context; + +extern int verbose_flag; +extern char *keytab_string; + +krb5_keytab ktutil_open_keytab(void); + +#include "ktutil-commands.h" + +#endif /* __KTUTIL_LOCL_H__ */ diff --git a/admin/list.c b/admin/list.c new file mode 100644 index 0000000000000..f305ab3a8036b --- /dev/null +++ b/admin/list.c @@ -0,0 +1,157 @@ +/* + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" +#include <rtbl.h> + +RCSID("$Id: list.c 21745 2007-07-31 16:11:25Z lha $"); + +static int +do_list(struct list_options *opt, const char *keytab_str) +{ + krb5_error_code ret; + krb5_keytab keytab; + krb5_keytab_entry entry; + krb5_kt_cursor cursor; + rtbl_t table; + + /* XXX specialcase the ANY type */ + if(strncasecmp(keytab_str, "ANY:", 4) == 0) { + int flag = 0; + char buf[1024]; + keytab_str += 4; + ret = 0; + while (strsep_copy((const char**)&keytab_str, ",", + buf, sizeof(buf)) != -1) { + if(flag) + printf("\n"); + if(do_list(opt, buf)) + ret = 1; + flag = 1; + } + return ret; + } + + ret = krb5_kt_resolve(context, keytab_str, &keytab); + if (ret) { + krb5_warn(context, ret, "resolving keytab %s", keytab_str); + return ret; + } + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if(ret) { + krb5_warn(context, ret, "krb5_kt_start_seq_get %s", keytab_str); + krb5_kt_close(context, keytab); + return ret; + } + + printf ("%s:\n\n", keytab_str); + + table = rtbl_create(); + rtbl_add_column_by_id(table, 0, "Vno", RTBL_ALIGN_RIGHT); + rtbl_add_column_by_id(table, 1, "Type", 0); + rtbl_add_column_by_id(table, 2, "Principal", 0); + if (opt->timestamp_flag) + rtbl_add_column_by_id(table, 3, "Date", 0); + if(opt->keys_flag) + rtbl_add_column_by_id(table, 4, "Key", 0); + rtbl_set_separator(table, " "); + + while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){ + char buf[1024], *s; + + snprintf(buf, sizeof(buf), "%d", entry.vno); + rtbl_add_column_entry_by_id(table, 0, buf); + + ret = krb5_enctype_to_string(context, + entry.keyblock.keytype, &s); + if (ret != 0) { + snprintf(buf, sizeof(buf), "unknown (%d)", entry.keyblock.keytype); + rtbl_add_column_entry_by_id(table, 1, buf); + } else { + rtbl_add_column_entry_by_id(table, 1, s); + free(s); + } + + krb5_unparse_name_fixed(context, entry.principal, buf, sizeof(buf)); + rtbl_add_column_entry_by_id(table, 2, buf); + + if (opt->timestamp_flag) { + krb5_format_time(context, entry.timestamp, buf, + sizeof(buf), FALSE); + rtbl_add_column_entry_by_id(table, 3, buf); + } + if(opt->keys_flag) { + int i; + s = malloc(2 * entry.keyblock.keyvalue.length + 1); + if (s == NULL) { + krb5_warnx(context, "malloc failed"); + ret = ENOMEM; + goto out; + } + for(i = 0; i < entry.keyblock.keyvalue.length; i++) + snprintf(s + 2 * i, 3, "%02x", + ((unsigned char*)entry.keyblock.keyvalue.data)[i]); + rtbl_add_column_entry_by_id(table, 4, s); + free(s); + } + krb5_kt_free_entry(context, &entry); + } + ret = krb5_kt_end_seq_get(context, keytab, &cursor); + rtbl_format(table, stdout); + +out: + rtbl_destroy(table); + + krb5_kt_close(context, keytab); + return ret; +} + +int +kt_list(struct list_options *opt, int argc, char **argv) +{ + krb5_error_code ret; + char kt[1024]; + + if(verbose_flag) + opt->timestamp_flag = 1; + + if (keytab_string == NULL) { + if((ret = krb5_kt_default_name(context, kt, sizeof(kt))) != 0) { + krb5_warn(context, ret, "getting default keytab name"); + return 1; + } + keytab_string = kt; + } + return do_list(opt, keytab_string) != 0; +} diff --git a/admin/purge.c b/admin/purge.c new file mode 100644 index 0000000000000..e928c3e22d570 --- /dev/null +++ b/admin/purge.c @@ -0,0 +1,172 @@ +/* + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" + +RCSID("$Id: purge.c 14261 2004-09-23 14:46:43Z joda $"); + +/* + * keep track of the highest version for every principal. + */ + +struct e { + krb5_principal principal; + int max_vno; + time_t timestamp; + struct e *next; +}; + +static struct e * +get_entry (krb5_principal princ, struct e *head) +{ + struct e *e; + + for (e = head; e != NULL; e = e->next) + if (krb5_principal_compare (context, princ, e->principal)) + return e; + return NULL; +} + +static void +add_entry (krb5_principal princ, int vno, time_t timestamp, struct e **head) +{ + krb5_error_code ret; + struct e *e; + + e = get_entry (princ, *head); + if (e != NULL) { + if(e->max_vno < vno) { + e->max_vno = vno; + e->timestamp = timestamp; + } + return; + } + e = malloc (sizeof (*e)); + if (e == NULL) + krb5_errx (context, 1, "malloc: out of memory"); + ret = krb5_copy_principal (context, princ, &e->principal); + if (ret) + krb5_err (context, 1, ret, "krb5_copy_principal"); + e->max_vno = vno; + e->timestamp = timestamp; + e->next = *head; + *head = e; +} + +static void +delete_list (struct e *head) +{ + while (head != NULL) { + struct e *next = head->next; + krb5_free_principal (context, head->principal); + free (head); + head = next; + } +} + +/* + * Remove all entries that have newer versions and that are older + * than `age' + */ + +int +kt_purge(struct purge_options *opt, int argc, char **argv) +{ + krb5_error_code ret = 0; + krb5_kt_cursor cursor; + krb5_keytab keytab; + krb5_keytab_entry entry; + int age; + struct e *head = NULL; + time_t judgement_day; + + age = parse_time(opt->age_string, "s"); + if(age < 0) { + krb5_warnx(context, "unparasable time `%s'", opt->age_string); + return 1; + } + + if((keytab = ktutil_open_keytab()) == NULL) + return 1; + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if(ret){ + krb5_warn(context, ret, "%s", keytab_string); + goto out; + } + + while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) { + add_entry (entry.principal, entry.vno, entry.timestamp, &head); + krb5_kt_free_entry(context, &entry); + } + ret = krb5_kt_end_seq_get(context, keytab, &cursor); + + judgement_day = time (NULL); + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if(ret){ + krb5_warn(context, ret, "%s", keytab_string); + goto out; + } + + while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) { + struct e *e = get_entry (entry.principal, head); + + if (e == NULL) { + krb5_warnx (context, "ignoring extra entry"); + continue; + } + + if (entry.vno < e->max_vno + && judgement_day - e->timestamp > age) { + if (verbose_flag) { + char *name_str; + + krb5_unparse_name (context, entry.principal, &name_str); + printf ("removing %s vno %d\n", name_str, entry.vno); + free (name_str); + } + ret = krb5_kt_remove_entry (context, keytab, &entry); + if (ret) + krb5_warn (context, ret, "remove"); + } + krb5_kt_free_entry(context, &entry); + } + ret = krb5_kt_end_seq_get(context, keytab, &cursor); + + delete_list (head); + + out: + krb5_kt_close (context, keytab); + return ret != 0; +} diff --git a/admin/remove.c b/admin/remove.c new file mode 100644 index 0000000000000..15f88cfee6636 --- /dev/null +++ b/admin/remove.c @@ -0,0 +1,93 @@ +/* + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" + +RCSID("$Id: remove.c 17004 2006-04-07 13:06:37Z lha $"); + +int +kt_remove(struct remove_options *opt, int argc, char **argv) +{ + krb5_error_code ret = 0; + krb5_keytab_entry entry; + krb5_keytab keytab; + krb5_principal principal = NULL; + krb5_enctype enctype = 0; + + if(opt->principal_string) { + ret = krb5_parse_name(context, opt->principal_string, &principal); + if(ret) { + krb5_warn(context, ret, "%s", opt->principal_string); + return 1; + } + } + if(opt->enctype_string) { + ret = krb5_string_to_enctype(context, opt->enctype_string, &enctype); + if(ret) { + int t; + if(sscanf(opt->enctype_string, "%d", &t) == 1) + enctype = t; + else { + krb5_warn(context, ret, "%s", opt->enctype_string); + if(principal) + krb5_free_principal(context, principal); + return 1; + } + } + } + if (!principal && !enctype && !opt->kvno_integer) { + krb5_warnx(context, + "You must give at least one of " + "principal, enctype or kvno."); + ret = EINVAL; + goto out; + } + + if((keytab = ktutil_open_keytab()) == NULL) { + ret = 1; + goto out; + } + + entry.principal = principal; + entry.keyblock.keytype = enctype; + entry.vno = opt->kvno_integer; + ret = krb5_kt_remove_entry(context, keytab, &entry); + krb5_kt_close(context, keytab); + if(ret) + krb5_warn(context, ret, "remove"); + out: + if(principal) + krb5_free_principal(context, principal); + return ret != 0; +} + diff --git a/admin/rename.c b/admin/rename.c new file mode 100644 index 0000000000000..aea02b07507a5 --- /dev/null +++ b/admin/rename.c @@ -0,0 +1,111 @@ +/* + * Copyright (c) 2001-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ktutil_locl.h" + +RCSID("$Id: rename.c 14260 2004-09-23 14:45:29Z joda $"); + +int +kt_rename(void *opt, int argc, char **argv) +{ + krb5_error_code ret = 0; + krb5_keytab_entry entry; + krb5_keytab keytab; + krb5_kt_cursor cursor; + krb5_principal from_princ, to_princ; + + ret = krb5_parse_name(context, argv[0], &from_princ); + if(ret != 0) { + krb5_warn(context, ret, "%s", argv[0]); + return 1; + } + + ret = krb5_parse_name(context, argv[1], &to_princ); + if(ret != 0) { + krb5_free_principal(context, from_princ); + krb5_warn(context, ret, "%s", argv[1]); + return 1; + } + + if((keytab = ktutil_open_keytab()) == NULL) { + krb5_free_principal(context, from_princ); + krb5_free_principal(context, to_princ); + return 1; + } + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if(ret) { + krb5_kt_close(context, keytab); + krb5_free_principal(context, from_princ); + krb5_free_principal(context, to_princ); + return 1; + } + while(1) { + ret = krb5_kt_next_entry(context, keytab, &entry, &cursor); + if(ret != 0) { + if(ret != KRB5_CC_END && ret != KRB5_KT_END) + krb5_warn(context, ret, "getting entry from keytab"); + else + ret = 0; + break; + } + if(krb5_principal_compare(context, entry.principal, from_princ)) { + krb5_free_principal(context, entry.principal); + entry.principal = to_princ; + ret = krb5_kt_add_entry(context, keytab, &entry); + if(ret) { + entry.principal = NULL; + krb5_kt_free_entry(context, &entry); + krb5_warn(context, ret, "adding entry"); + break; + } + entry.principal = from_princ; + ret = krb5_kt_remove_entry(context, keytab, &entry); + if(ret) { + entry.principal = NULL; + krb5_kt_free_entry(context, &entry); + krb5_warn(context, ret, "removing entry"); + break; + } + entry.principal = NULL; + } + krb5_kt_free_entry(context, &entry); + } + krb5_kt_end_seq_get(context, keytab, &cursor); + + krb5_free_principal(context, from_princ); + krb5_free_principal(context, to_princ); + + return ret != 0; +} + |