extern int valid_master_key;
extern char *krb5_default_pwd_prompt1, *krb5_default_pwd_prompt2;
extern krb5_boolean dbactive;
+extern FILE *scriptfile;
-static krb5_key_salt_tuple ks_tuple_rnd_def[] = { KEYTYPE_DES, 0 };
+static krb5_key_salt_tuple ks_tuple_rnd_def[] = {{ KEYTYPE_DES, 0 }};
static int ks_tuple_rnd_def_count = 1;
static void
krb5_error_code retval;
int nprincs = 1;
- if (retval = krb5_dbe_crk(edit_context, &master_encblock, ks_tuple_rnd_def,
- ks_tuple_rnd_def_count, entry)) {
+ if ((retval = krb5_dbe_crk(edit_context, &master_encblock,
+ ks_tuple_rnd_def,
+ ks_tuple_rnd_def_count, entry))) {
com_err(argv[0], retval, "while generating random key");
krb5_db_free_principal(edit_context, entry, nprincs);
exit_status++;
return;
}
- if (retval = krb5_db_put_principal(edit_context, entry, &nprincs)) {
+ if ((retval = krb5_db_put_principal(edit_context, entry, &nprincs))) {
com_err(argv[0], retval, "while storing entry for '%s'\n", argv[1]);
krb5_db_free_principal(edit_context, entry, nprincs);
exit_status++;
com_err(argv[0], 0, Err_no_database);
} else if (!valid_master_key) {
com_err(argv[0], 0, Err_no_master_msg);
- } else if (retval = krb5_parse_name(edit_context, argv[argc-1], newprinc)) {
+ } else if ((retval = krb5_parse_name(edit_context,
+ argv[argc-1],
+ newprinc))) {
com_err(argv[0], retval, "while parsing '%s'", argv[argc-1]);
- } else if (retval = krb5_db_get_principal(edit_context, *newprinc, entry,
- &nprincs, &more)) {
+ } else if ((retval = krb5_db_get_principal(edit_context, *newprinc, entry,
+ &nprincs, &more))) {
com_err(argv[0],retval,"while trying to get principal's db entry");
} else if ((nprincs > 1) || (more)) {
krb5_db_free_principal(edit_context, entry, nprincs);
}
switch (pre_key(argc, argv, &newprinc, &entry)) {
case 0:
- if (retval = create_db_entry(newprinc, &entry)) {
+ if ((retval = create_db_entry(newprinc, &entry))) {
com_err(argv[0], retval, "While creating new db entry.");
exit_status++;
return;
int argc;
char *argv[];
{
- krb5_error_code retval;
krb5_principal newprinc;
krb5_db_entry entry;
}
}
-static krb5_key_salt_tuple ks_tuple_default[] = { KEYTYPE_DES, 0 };
+static krb5_key_salt_tuple ks_tuple_default[] = {{ KEYTYPE_DES, 0 }};
static int ks_tuple_count_default = 1;
void
krb5_error_code retval;
int one = 1;
- if (retval = krb5_read_password(edit_context, krb5_default_pwd_prompt1,
- krb5_default_pwd_prompt2,
- password, &pwsize)) {
- com_err(cmdname, retval, "while reading password for '%s'", princ);
- goto errout;
+ /* Prompt for password only if interactive */
+ if (!scriptfile) {
+ if ((retval = krb5_read_password(edit_context,
+ krb5_default_pwd_prompt1,
+ krb5_default_pwd_prompt2,
+ password, &pwsize))) {
+ com_err(cmdname, retval, "while reading password for '%s'", princ);
+ goto errout;
+ }
+ }
+ else {
+ if (!fgets(password, pwsize, scriptfile)) {
+ com_err(cmdname, errno, "while reading password for '%s'", princ);
+ retval = errno;
+ goto errout;
+ }
+ else {
+ pwsize = strlen(password);
+ if (password[pwsize-1] == '\n') {
+ password[pwsize-1] = '\0';
+ pwsize--;
+ }
+ }
}
if (ks_tuple_count == 0) {
ks_tuple_count = ks_tuple_count_default;
ks_tuple = ks_tuple_default;
}
- if (retval = krb5_dbe_cpw(edit_context, &master_encblock, ks_tuple,
- ks_tuple_count, password, entry)) {
+ if ((retval = krb5_dbe_cpw(edit_context, &master_encblock, ks_tuple,
+ ks_tuple_count, password, entry))) {
com_err(cmdname, retval, "while storing entry for '%s'\n", princ);
memset(password, 0, sizeof(password)); /* erase it */
krb5_dbe_free_contents(edit_context, entry);
memset(password, 0, sizeof(password)); /* erase it */
/* Write the entry back out and we're done */
- if (retval = krb5_db_put_principal(edit_context, entry, &one)) {
+ if ((retval = krb5_db_put_principal(edit_context, entry, &one))) {
com_err(cmdname, retval, "while storing entry for '%s'\n", princ);
}
{
krb5_key_salt_tuple * ks_tuple = NULL;
krb5_int32 n_ks_tuple = 0;
- krb5_error_code retval;
krb5_principal newprinc;
krb5_db_entry entry;
- krb5_kvno vno;
- int one;
int i;
if (argc < 2) {
break;
}
-change_pwd_key_error:;
if (ks_tuple) {
free(ks_tuple);
}
}
switch (pre_key(argc, argv, &newprinc, &entry)) {
case 0:
- if (retval = create_db_entry(newprinc, &entry)) {
+ if ((retval = create_db_entry(newprinc, &entry))) {
com_err(argv[0], retval, "While creating new db entry.");
exit_status++;
return;
krb5_context edit_context;
+/*
+ * Script input, specified by -s.
+ */
+FILE *scriptfile = (FILE *) NULL;
+
static void
usage(who, status)
char *who;
retval = krb5_init_context(&edit_context);
if (retval) {
fprintf(stderr, "krb5_init_context failed with error #%ld\n",
- retval);
+ (long) retval);
exit(1);
}
krb5_init_ets(edit_context);
progname = argv[0];
- while ((optchar = getopt(argc, argv, "P:d:r:R:k:M:e:m")) != EOF) {
+ while ((optchar = getopt(argc, argv, "P:d:r:R:k:M:e:ms:")) != EOF) {
switch(optchar) {
case 'P': /* Only used for testing!!! */
mkey_password = optarg;
case 'm':
manual_mkey = TRUE;
break;
+ case 's':
+ /* Open the script file */
+ if (!(scriptfile = fopen(optarg, "r"))) {
+ com_err(argv[0], errno, "while opening script file %s",
+ optarg);
+ exit(1);
+ }
+ break;
case '?':
default:
usage(progname, 1);
interface will have umask = 77 but that is not a serious problem. */
(void) umask(077);
- if (retval = krb5_kt_register(edit_context, &krb5_ktf_writable_ops)) {
+ if ((retval = krb5_kt_register(edit_context, &krb5_ktf_writable_ops))) {
com_err(progname, retval,
"while registering writable key table functions");
exit(1);
krb5_use_cstype(edit_context, &master_encblock, etype);
if (cur_realm) {
- if (retval = krb5_set_default_realm(edit_context, cur_realm)) {
+ if ((retval = krb5_set_default_realm(edit_context, cur_realm))) {
com_err(progname, retval, "while setting default realm name");
exit(1);
}
} else {
- if (retval = krb5_get_default_realm(edit_context, &defrealm)) {
+ if ((retval = krb5_get_default_realm(edit_context, &defrealm))) {
com_err(progname, retval, "while retrieving default realm name");
exit(1);
}
krb5_error_code retval;
krb5_kvno vno = 0;
- if (retval = krb5_db_get_principal(edit_context, principal, &entry,
- &nprincs, &more)) {
+ if ((retval = krb5_db_get_principal(edit_context, principal, &entry,
+ &nprincs, &more))) {
com_err(pname, retval,
"while attempting to verify principal's existence");
exit_status++;
newentry->max_renewable_life = mblock.max_rlife;
newentry->expiration = mblock.expiration;
- if (retval = krb5_copy_principal(edit_context, principal, &newentry->princ))
+ if ((retval = krb5_copy_principal(edit_context, principal,
+ &newentry->princ)))
return retval;
- if (retval = krb5_timeofday(edit_context, &mod_princ.mod_date))
+ if ((retval = krb5_timeofday(edit_context, &mod_princ.mod_date)))
goto create_db_entry_error;
- if (retval = krb5_copy_principal(edit_context, master_princ,
- &mod_princ.mod_princ))
+ if ((retval = krb5_copy_principal(edit_context, master_princ,
+ &mod_princ.mod_princ)))
goto create_db_entry_error;
retval = krb5_dbe_encode_mod_princ_data(edit_context, &mod_princ, newentry);
exit(1);
}
strcpy(current_dbname, dbname);
- if (retval = krb5_db_set_name(edit_context, current_dbname)) {
+ if ((retval = krb5_db_set_name(edit_context, current_dbname))) {
com_err(pname, retval, "while setting active database to '%s'",
dbname);
exit_status++;
return(1);
}
- if (retval = krb5_db_init(edit_context)) {
+ if ((retval = krb5_db_init(edit_context))) {
com_err(pname, retval, "while initializing database");
exit_status++;
return(1);
/* assemble & parse the master key name */
- if (retval = krb5_db_setup_mkey_name(edit_context, mkey_name, cur_realm, 0,
- &master_princ)) {
+ if ((retval = krb5_db_setup_mkey_name(edit_context, mkey_name, cur_realm,
+ 0, &master_princ))) {
com_err(pname, retval, "while setting up master key name");
exit_status++;
return(1);
}
nentries = 1;
- if (retval = krb5_db_get_principal(edit_context, master_princ, &master_entry,
- &nentries, &more)) {
+ if ((retval = krb5_db_get_principal(edit_context, master_princ,
+ &master_entry, &nentries, &more))) {
com_err(pname, retval, "while retrieving master entry");
exit_status++;
(void) krb5_db_fini(edit_context);
}
free(scratch.data);
mkey_password = 0;
- } else if (retval = krb5_db_fetch_mkey(edit_context, master_princ,
- &master_encblock, manual_mkey,
- FALSE, stash_file,
- 0, &master_keyblock)) {
+ } else if ((retval = krb5_db_fetch_mkey(edit_context, master_princ,
+ &master_encblock, manual_mkey,
+ FALSE, stash_file,
+ 0, &master_keyblock))) {
com_err(pname, retval, "while reading master key");
com_err(pname, 0, "Warning: proceeding without master key");
exit_status++;
return(0);
}
valid_master_key = 1;
- if (retval = krb5_db_verify_master_key(edit_context, master_princ,
- &master_keyblock,&master_encblock)) {
+ if ((retval = krb5_db_verify_master_key(edit_context, master_princ,
+ &master_keyblock,&master_encblock))
+ ) {
com_err(pname, retval, "while verifying master key");
exit_status++;
memset((char *)master_keyblock.contents, 0, master_keyblock.length);
dbactive = TRUE;
return(1);
}
- if (retval = krb5_process_key(edit_context, &master_encblock,
- &master_keyblock)) {
+ if ((retval = krb5_process_key(edit_context, &master_encblock,
+ &master_keyblock))) {
com_err(pname, retval, "while processing master key");
exit_status++;
memset((char *)master_keyblock.contents, 0, master_keyblock.length);
dbactive = TRUE;
return(1);
}
- if (retval = krb5_init_random_key(edit_context, &master_encblock,
- &master_keyblock,
- &master_random)) {
+ if ((retval = krb5_init_random_key(edit_context, &master_encblock,
+ &master_keyblock,
+ &master_random))) {
com_err(pname, retval, "while initializing random key generator");
exit_status++;
(void) krb5_finish_key(edit_context, &master_encblock);
krb5_xfree(master_keyblock.contents);
master_keyblock.contents = NULL;
}
- if (retval = krb5_db_fetch_mkey(edit_context, master_princ, &master_encblock,
+ if ((retval = krb5_db_fetch_mkey(edit_context, master_princ,
+ &master_encblock,
TRUE, FALSE, (char *) NULL,
- 0, &master_keyblock)) {
+ 0, &master_keyblock))) {
com_err(pname, retval, "while reading master key");
exit_status++;
return;
}
- if (retval = krb5_db_verify_master_key(edit_context, master_princ,
- &master_keyblock,
- &master_encblock)) {
+ if ((retval = krb5_db_verify_master_key(edit_context, master_princ,
+ &master_keyblock,
+ &master_encblock))) {
com_err(pname, retval, "while verifying master key");
exit_status++;
return;
}
- if (retval = krb5_process_key(edit_context, &master_encblock,
- &master_keyblock)) {
+ if ((retval = krb5_process_key(edit_context, &master_encblock,
+ &master_keyblock))) {
com_err(pname, retval, "while processing master key");
exit_status++;
return;
}
- if (retval = krb5_init_random_key(edit_context, &master_encblock,
- &master_keyblock,
- &master_random)) {
+ if ((retval = krb5_init_random_key(edit_context, &master_encblock,
+ &master_keyblock,
+ &master_random))) {
com_err(pname, retval, "while initializing random key generator");
exit_status++;
(void) krb5_finish_key(edit_context, &master_encblock);
strcat(ktname, argv[1]);
strcat(ktname, "-new-srvtab");
- if (retval = krb5_kt_resolve(edit_context, ktname, &ktid)) {
+ if ((retval = krb5_kt_resolve(edit_context, ktname, &ktid))) {
com_err(argv[0], retval, "while resolving keytab name '%s'", ktname);
exit_status++;
return;
strcat(pname, cur_realm);
}
- if (retval = krb5_parse_name(edit_context, pname, &princ)) {
+ if ((retval = krb5_parse_name(edit_context, pname, &princ))) {
com_err(argv[0], retval, "while parsing %s", pname);
exit_status++;
free(pname);
continue;
}
nentries = 1;
- if (retval = krb5_db_get_principal(edit_context, princ, &dbentry, &nentries,
- &more)) {
+ if ((retval = krb5_db_get_principal(edit_context, princ, &dbentry,
+ &nentries, &more))) {
com_err(argv[0], retval, "while retrieving %s", pname);
exit_status++;
goto cleanmost;
exit_status++;
goto cleanmost;
}
- if (retval = krb5_dbekd_decrypt_key_data(edit_context, &master_encblock,
- &dbentry.key_data[0],
- &newentry.key, NULL)) {
+ if ((retval = krb5_dbekd_decrypt_key_data(edit_context,
+ &master_encblock,
+ &dbentry.key_data[0],
+ &newentry.key, NULL))) {
com_err(argv[0], retval, "while decrypting key for '%s'", pname);
exit_status++;
goto cleanall;
}
newentry.principal = princ;
newentry.vno = dbentry.key_data[0].key_data_kvno;
- if (retval = krb5_kt_add_entry(edit_context, ktid, &newentry)) {
+ if ((retval = krb5_kt_add_entry(edit_context, ktid, &newentry))) {
com_err(argv[0], retval, "while adding key to keytab '%s'",
ktname);
exit_status++;
free(pname);
krb5_free_principal(edit_context, princ);
}
- if (retval = krb5_kt_close(edit_context, ktid)) {
+ if ((retval = krb5_kt_close(edit_context, ktid))) {
com_err(argv[0], retval, "while closing keytab");
exit_status++;
}
strcat(pname, cur_realm);
}
- if (retval = krb5_parse_name(edit_context, pname, &princ)) {
+ if ((retval = krb5_parse_name(edit_context, pname, &princ))) {
com_err(argv[0], retval, "while parsing %s", pname);
exit_status++;
free(pname);
continue;
}
nentries = 1;
- if (retval = krb5_db_get_principal(edit_context, princ, &dbentry, &nentries,
- &more)) {
+ if ((retval = krb5_db_get_principal(edit_context, princ, &dbentry,
+ &nentries, &more))) {
com_err(argv[0], retval, "while retrieving %s", pname);
exit_status++;
goto cleanmost;
exit_status++;
goto cleanmost;
}
- if (retval = krb5_dbekd_decrypt_key_data(edit_context, &master_encblock,
- &dbentry.key_data[0],
- &key, NULL)) {
+ if ((retval = krb5_dbekd_decrypt_key_data(edit_context,
+ &master_encblock,
+ &dbentry.key_data[0],
+ &key, NULL))) {
com_err(argv[0], retval, "while decrypting key for '%s'", pname);
exit_status++;
goto cleanall;
struct list_iterator_struct *lis = (struct list_iterator_struct *)ptr;
char *name;
- if (retval = krb5_unparse_name(edit_context, entry->princ, &name)) {
+ if ((retval = krb5_unparse_name(edit_context, entry->princ, &name))) {
com_err(lis->cmdname, retval, "while unparsing principal");
exit_status++;
return retval;
exit_status++;
return;
}
- if (retval = krb5_parse_name(edit_context, argv[1], &newprinc)) {
+ if ((retval = krb5_parse_name(edit_context, argv[1], &newprinc))) {
com_err(argv[0], retval, "while parsing '%s'", argv[1]);
exit_status++;
return;
exit_status++;
return;
}
- printf("Are you sure you want to delete '%s'?\nType 'yes' to confirm:",
- argv[1]);
- if ((fgets(yesno, sizeof(yesno), stdin) == NULL) ||
- strcmp(yesno, "yes\n")) {
- printf("NOT removing '%s'\n", argv[1]);
- krb5_free_principal(edit_context, newprinc);
- return;
+ if (!scriptfile) {
+ /* Only confirm if we're interactive */
+ printf("Are you sure you want to delete '%s'?\nType 'yes' to confirm:",
+ argv[1]);
+ if ((fgets(yesno, sizeof(yesno), stdin) == NULL) ||
+ strcmp(yesno, "yes\n")) {
+ printf("NOT removing '%s'\n", argv[1]);
+ krb5_free_principal(edit_context, newprinc);
+ return;
+ }
+ printf("OK, deleting '%s'\n", argv[1]);
}
- printf("OK, deleting '%s'\n", argv[1]);
- if (retval = krb5_db_delete_principal(edit_context, newprinc, &one)) {
+ if ((retval = krb5_db_delete_principal(edit_context, newprinc, &one))) {
com_err(argv[0], retval, "while deleting '%s'", argv[1]);
exit_status++;
} else if (one != 1) {
krb5_boolean more;
krb5_error_code retval;
char *pr_name = 0;
- int i;
char buffer[256];
if (argc < 2) {
exit_status++;
return;
}
- if (retval = krb5_parse_name(edit_context, argv[1], &princ)) {
+ if ((retval = krb5_parse_name(edit_context, argv[1], &princ))) {
com_err(argv[0], retval, "while parsing '%s'", argv[1]);
exit_status++;
return;
}
- if (retval = krb5_db_get_principal(edit_context,princ,&entry,&nprincs,&more)) {
+ if ((retval = krb5_db_get_principal(edit_context,princ,&entry,
+ &nprincs,&more))) {
com_err(argv[0], retval,
"while trying to get principal's database entry");
exit_status++;
goto errout;
}
- if (retval = krb5_unparse_name(edit_context, entry.princ, &pr_name)) {
+ if ((retval = krb5_unparse_name(edit_context, entry.princ, &pr_name))) {
com_err(argv[0], retval, "while unparsing principal");
exit_status++;
goto errout;
int *randkey;
char *caller;
{
- int i, j, attrib_set;
- time_t date;
+ int i, attrib_set;
+ krb5_timestamp date;
krb5_error_code retval;
*pass = NULL;
return;
}
mod_princ.mod_princ = master_princ;
- if (retval = krb5_timeofday(edit_context, &mod_princ.mod_date)) {
+ if ((retval = krb5_timeofday(edit_context, &mod_princ.mod_date))) {
com_err(argv[0], retval, "while fetching date");
krb5_free_principal(edit_context, entry.princ);
exit_status++;
free(canon);
return;
}
- if (retval=krb5_dbe_encode_mod_princ_data(edit_context,&mod_princ,&entry)) {
+ if ((retval=krb5_dbe_encode_mod_princ_data(edit_context,
+ &mod_princ,&entry))) {
com_err(argv[0], retval, "while setting mod_prince and mod_date");
krb5_free_principal(edit_context, entry.princ);
exit_status++;
projects / krb5.git / commitdiff