static char newpw[1024];
static char prompt1[1024], prompt2[1024];
char *canon;
+ char *pwarg = NULL;
+ int n_ks_tuple = 0, keepold = 0, randkey = 0;
+ krb5_key_salt_tuple *ks_tuple;
krb5_principal princ;
if (argc < 2) {
goto usage;
}
-
- retval = kadmin_parse_name(argv[argc - 1], &princ);
+ for (argv++, argc--; argc > 1; argc--, argv++) {
+ if (!strcmp("-pw", *argv)) {
+ argc--;
+ if (argc < 1) {
+ fprintf(stderr, "change_password: missing password arg\n");
+ goto usage;
+ }
+ pwarg = *++argv;
+ continue;
+ }
+ if (!strcmp("-randkey", *argv)) {
+ randkey++;
+ continue;
+ }
+ if (!strcmp("-keepold", *argv)) {
+ keepold++;
+ continue;
+ }
+ if (!strcmp("-e", *argv)) {
+ argc--;
+ if (argc < 1) {
+ fprintf(stderr,
+ "change_password: missing keysaltlist arg\n");
+ goto usage;
+ }
+ retval = krb5_string_to_keysalts(*++argv, ", \t", ":.-", 0,
+ &ks_tuple, &n_ks_tuple);
+ if (retval) {
+ com_err("change_password", retval,
+ "while parsing keysalts %s", *argv);
+ return;
+ }
+ continue;
+ }
+ goto usage;
+ }
+ retval = kadmin_parse_name(*argv, &princ);
if (retval) {
com_err("change_password", retval, "while parsing principal name");
+ if (ks_tuple != NULL)
+ free(ks_tuple);
return;
}
retval = krb5_unparse_name(context, princ, &canon);
if (retval) {
com_err("change_password", retval, "while canonicalizing principal");
krb5_free_principal(context, princ);
+ if (ks_tuple != NULL)
+ free(ks_tuple);
return;
}
- if ((argc == 4) && (strlen(argv[1]) == 3) && !strcmp("-pw", argv[1])) {
- retval = kadm5_chpass_principal(handle, princ, argv[2]);
+ if (pwarg != NULL) {
+ if (keepold || ks_tuple != NULL) {
+ retval = kadm5_chpass_principal_3(handle, princ, keepold,
+ n_ks_tuple, ks_tuple, pwarg);
+ if (ks_tuple != NULL)
+ free(ks_tuple);
+ } else {
+ retval = kadm5_chpass_principal(handle, princ, pwarg);
+ }
krb5_free_principal(context, princ);
if (retval) {
com_err("change_password", retval,
printf("Password for \"%s\" changed.\n", canon);
free(canon);
return;
- } else if ((argc == 3) && (strlen(argv[1]) == 8) &&
- !strcmp("-randkey", argv[1])) {
- retval = kadm5_randkey_principal(handle, princ, NULL, NULL);
+ } else if (randkey) {
+ if (keepold || ks_tuple != NULL) {
+ retval = kadm5_randkey_principal_3(handle, princ, keepold,
+ n_ks_tuple, ks_tuple,
+ NULL, NULL);
+ if (ks_tuple != NULL)
+ free(ks_tuple);
+ } else {
+ retval = kadm5_randkey_principal(handle, princ, NULL, NULL);
+ }
krb5_free_principal(context, princ);
if (retval) {
com_err("change_password", retval,
printf("Key for \"%s\" randomized.\n", canon);
free(canon);
return;
- } else if (argc == 2) {
+ } else if (argc == 1) {
int i = sizeof (newpw) - 1;
sprintf(prompt1, "Enter password for principal \"%.900s\": ",
- argv[1]);
+ *argv);
sprintf(prompt2,
"Re-enter password for principal \"%.900s\": ",
- argv[1]);
+ *argv);
retval = krb5_read_password(context, prompt1, prompt2,
newpw, &i);
if (retval) {
com_err("change_password", retval,
"while reading password for \"%s\".", canon);
free(canon);
+ if (ks_tuple != NULL)
+ free(ks_tuple);
krb5_free_principal(context, princ);
return;
}
- retval = kadm5_chpass_principal(handle, princ, newpw);
+ if (keepold || ks_tuple != NULL) {
+ retval = kadm5_chpass_principal_3(handle, princ, keepold,
+ n_ks_tuple, ks_tuple,
+ newpw);
+ if (ks_tuple != NULL)
+ free(ks_tuple);
+ } else {
+ retval = kadm5_chpass_principal(handle, princ, newpw);
+ }
krb5_free_principal(context, princ);
memset(newpw, 0, sizeof (newpw));
if (retval) {
free(canon);
krb5_free_principal(context, princ);
usage:
+ if (ks_tuple != NULL)
+ free(ks_tuple);
fprintf(stderr,
- "usage: change_password [-randkey] [-pw password] "
+ "usage: change_password [-randkey] [-keepold] "
+ "[-e keysaltlist] [-pw password] "
"principal\n");
return;
}
}
-int kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey, caller)
+int kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey,
+ keepold, ks_tuple, n_ks_tuple, caller)
int argc;
char *argv[];
kadm5_principal_ent_t oprinc;
long *mask;
char **pass;
int *randkey;
+ int *keepold;
+ krb5_key_salt_tuple **ks_tuple;
+ int *n_ks_tuple;
char *caller;
{
int i, j, attrib_set;
*mask = 0;
*pass = NULL;
+ *n_ks_tuple = 0;
+ *ks_tuple = NULL;
+ *keepold = 0;
time(&now);
*randkey = 0;
for (i = 1; i < argc - 1; i++) {
++*randkey;
continue;
}
+ if (!strcmp("-e", argv[i])) {
+ if (++i > argc - 2)
+ return -1;
+ else {
+ retval = krb5_string_to_keysalts(argv[i], ", \t", ":.-", 0,
+ ks_tuple, n_ks_tuple);
+ if (retval) {
+ com_err(caller, retval,
+ "while parsing keysalts %s", argv[i]);
+ return -1;
+ }
+ }
+ continue;
+ }
+ if (!strcmp("-keepold", argv[i])) {
+ ++*keepold;
+ continue;
+ }
for (j = 0; j < sizeof (flags) / sizeof (struct pflag); j++) {
if (strlen(argv[i]) == flags[j].flaglen + 1 &&
!strcmp(flags[j].flagname,
{
fprintf(stderr, "usage: %s [options] principal\n", func);
fprintf(stderr, "\toptions are:\n");
- fprintf(stderr, "\t\t[-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-randkey] [-pw password]\n\t\t[-maxrenewlife maxrenewlife] [{+|-}attribute]\n");
+ fprintf(stderr, "\t\t[-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-randkey] [-pw password]\n\t\t[-maxrenewlife maxrenewlife]\n\t\t[-keepold] [-e keysaltlist]\n\t\t[{+|-}attribute]\n");
fprintf(stderr, "\tattributes are:\n");
fprintf(stderr, "%s%s%s",
"\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n",
kadm5_policy_ent_rec defpol;
long mask;
int randkey = 0, i;
+ int keepold, n_ks_tuple;
+ krb5_key_salt_tuple *ks_tuple;
char *pass, *canon;
krb5_error_code retval;
static char newpw[1024], dummybuf[256];
princ.attributes = 0;
if (kadmin_parse_princ_args(argc, argv,
&princ, &mask, &pass, &randkey,
+ &keepold, &ks_tuple, &n_ks_tuple,
"add_principal")) {
kadmin_addprinc_usage("add_principal");
return;
com_err("add_principal",
retval, "while canonicalizing principal");
krb5_free_principal(context, princ.principal);
+ if (ks_tuple != NULL)
+ free(ks_tuple);
return;
}
pass = newpw;
}
mask |= KADM5_PRINCIPAL;
- retval = kadm5_create_principal(handle, &princ, mask, pass);
+ if (keepold || ks_tuple != NULL) {
+ retval = kadm5_create_principal_3(handle, &princ, mask, keepold,
+ n_ks_tuple, ks_tuple, pass);
+ } else {
+ retval = kadm5_create_principal(handle, &princ, mask, pass);
+ }
if (retval) {
com_err("add_principal", retval, "while creating \"%s\".",
canon);
krb5_free_principal(context, princ.principal);
free(canon);
+ if (ks_tuple != NULL)
+ free(ks_tuple);
return;
}
if (randkey) { /* more special stuff for -randkey */
- retval = kadm5_randkey_principal(handle, princ.principal,
- NULL, NULL);
+ if (keepold || ks_tuple != NULL) {
+ retval = kadm5_randkey_principal_3(handle, princ.principal,
+ keepold,
+ n_ks_tuple, ks_tuple,
+ NULL, NULL);
+ } else {
+ retval = kadm5_randkey_principal(handle, princ.principal,
+ NULL, NULL);
+ }
if (retval) {
com_err("add_principal", retval,
"while randomizing key for \"%s\".", canon);
krb5_free_principal(context, princ.principal);
free(canon);
+ if (ks_tuple != NULL)
+ free(ks_tuple);
return;
}
princ.attributes &= ~KRB5_KDB_DISALLOW_ALL_TIX; /* clear notix */
"while clearing DISALLOW_ALL_TIX for \"%s\".", canon);
krb5_free_principal(context, princ.principal);
free(canon);
+ if (ks_tuple != NULL)
+ free(ks_tuple);
return;
}
}
krb5_free_principal(context, princ.principal);
printf("Principal \"%s\" created.\n", canon);
+ if (ks_tuple != NULL)
+ free(ks_tuple);
free(canon);
}
krb5_error_code retval;
char *pass, *canon;
int randkey = 0;
+ int keepold = 0, n_ks_tuple = 0;
+ krb5_key_salt_tuple *ks_tuple;
if (argc < 2) {
kadmin_modprinc_usage("modify_principal");
retval = kadmin_parse_princ_args(argc, argv,
&princ, &mask,
&pass, &randkey,
+ &keepold, &ks_tuple, &n_ks_tuple,
"modify_principal");
+ if (ks_tuple != NULL) {
+ free(ks_tuple);
+ kadmin_modprinc_usage("modify_principal");
+ free(canon);
+ return;
+ }
+ if (keepold) {
+ kadmin_modprinc_usage("modify_principal");
+ free(canon);
+ return;
+ }
if (retval) {
kadmin_modprinc_usage("modify_principal");
free(canon);
#include <kadm5/admin.h>
static int add_principal(void *handle, char *keytab_str, krb5_keytab keytab,
+ int keepold,
+ int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
char *princ_str);
static int remove_principal(char *keytab_str, krb5_keytab keytab, char
*princ_str, char *kvno_str);
void add_usage()
{
- fprintf(stderr, "Usage: ktadd [-k[eytab] keytab] [-q] [principal | -glob princ-exp] [...]\n");
+ fprintf(stderr, "Usage: ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] [principal | -glob princ-exp] [...]\n");
}
void rem_usage()
krb5_keytab keytab = 0;
char *princ_str, *keytab_str = NULL, **princs;
int code, num, i;
+ krb5_error_code retval;
+ int keepold = 0, n_ks_tuple = 0;
+ krb5_key_salt_tuple *ks_tuple = NULL;
argc--; argv++;
quiet = 0;
keytab_str = *argv;
} else if (strcmp(*argv, "-q") == 0) {
quiet++;
+ } else if (strcmp(*argv, "-e") == 0) {
+ argc--;
+ if (argc < 1) {
+ add_usage();
+ return;
+ }
+ retval = krb5_string_to_keysalts(*++argv, ", \t", ":.-", 0,
+ &ks_tuple, &n_ks_tuple);
+ if (retval) {
+ com_err("ktadd", retval, "while parsing keysalts %s",
+ *argv);
+
+ return;
+ }
} else
break;
argc--; argv++;
for (i = 0; i < num; i++)
(void) add_principal(handle, keytab_str, keytab,
+ keepold, n_ks_tuple, ks_tuple,
princs[i]);
kadm5_free_name_list(handle, princs, num);
} else
- (void) add_principal(handle, keytab_str, keytab, *argv);
+ (void) add_principal(handle, keytab_str, keytab,
+ keepold, n_ks_tuple, ks_tuple,
+ *argv);
argv++;
}
}
int add_principal(void *handle, char *keytab_str, krb5_keytab keytab,
+ int keepold, int n_ks_tuple,
+ krb5_key_salt_tuple *ks_tuple,
char *princ_str)
{
kadm5_principal_ent_rec princ_rec;
goto cleanup;
}
- code = kadm5_randkey_principal(handle, princ, &keys, &nkeys);
+ if (keepold || ks_tuple != NULL) {
+ code = kadm5_randkey_principal_3(handle, princ,
+ keepold, n_ks_tuple, ks_tuple,
+ &keys, &nkeys);
+ } else {
+ code = kadm5_randkey_principal(handle, princ, &keys, &nkeys);
+ }
if (code != 0) {
if (code == KADM5_UNK_PRINC) {
fprintf(stderr, "%s: Principal %s does not exist.\n",