static int num_instance_tokens;
static int must_be_first[2];
+/*
+ * I can't figure out any way for this not to be global, given how ss
+ * works.
+ */
+
+int exit_status = 0;
+
static void
usage(who, status)
char *who;
if (retval = krb5_db_get_principal(principal, &entry, &nprincs, &more)) {
com_err(pname, retval, "while attempting to verify principal's existence");
+ exit_status++;
return 0;
}
if (!nprincs)
&newentry.key);
if (retval) {
com_err(cmdname, retval, "while encrypting key for '%s'", newprinc);
+ exit_status++;
return;
}
newentry.principal = (krb5_principal) principal;
newentry.mod_name = master_princ;
if (retval = krb5_timeofday(&newentry.mod_date)) {
com_err(cmdname, retval, "while fetching date");
+ exit_status++;
memset((char *)newentry.key.contents, 0, newentry.key.length);
krb5_xfree(newentry.key.contents);
return;
krb5_xfree(newentry.key.contents);
if (retval) {
com_err(cmdname, retval, "while storing entry for '%s'\n", newprinc);
+ exit_status++;
return;
}
- if (one != 1)
+ if (one != 1) {
com_err(cmdname, 0, "entry not stored in database (unknown failure)");
+ exit_status++;
+ }
return;
}
if (argc < 3) {
com_err(argv[0], 0, "Too few arguments");
com_err(argv[0], 0, "Usage: %s dbpathname realmname", argv[0]);
+ exit_status++;
return;
}
if (dbactive) {
if ((retval = krb5_db_fini()) && retval != KRB5_KDB_DBNOTINITED) {
com_err(argv[0], retval, "while closing previous database");
+ exit_status++;
return;
}
if (valid_master_key) {
if (retval = krb5_db_set_name(current_dbname)) {
com_err(pname, retval, "while setting active database to '%s'",
dbname);
+ exit_status++;
return(1);
}
if (retval = krb5_db_init()) {
com_err(pname, retval, "while initializing database");
+ exit_status++;
return(1);
}
if (retval = krb5_db_setup_mkey_name(mkey_name, cur_realm, 0,
&master_princ)) {
com_err(pname, retval, "while setting up master key name");
+ exit_status++;
return(1);
}
nentries = 1;
if (retval = krb5_db_get_principal(master_princ, &master_entry, &nentries,
&more)) {
com_err(pname, retval, "while retrieving master entry");
+ exit_status++;
(void) krb5_db_fini();
return(1);
} else if (more) {
com_err(pname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE,
"while retrieving master entry");
+ exit_status++;
(void) krb5_db_fini();
return(1);
} else if (!nentries) {
com_err(pname, KRB5_KDB_NOENTRY, "while retrieving master entry");
+ exit_status++;
(void) krb5_db_fini();
return(1);
}
manual_mkey, FALSE, 0, &master_keyblock)) {
com_err(pname, retval, "while reading master key");
com_err(pname, 0, "Warning: proceeding without master key");
+ exit_status++;
valid_master_key = 0;
dbactive = TRUE;
return(0);
if (retval = krb5_db_verify_master_key(master_princ, &master_keyblock,
&master_encblock)) {
com_err(pname, retval, "while verifying master key");
+ exit_status++;
memset((char *)master_keyblock.contents, 0, master_keyblock.length);
krb5_xfree(master_keyblock.contents);
valid_master_key = 0;
if (retval = krb5_process_key(&master_encblock,
&master_keyblock)) {
com_err(pname, retval, "while processing master key");
+ exit_status++;
memset((char *)master_keyblock.contents, 0, master_keyblock.length);
krb5_xfree(master_keyblock.contents);
valid_master_key = 0;
&master_keyblock,
&master_random)) {
com_err(pname, retval, "while initializing random key generator");
+ exit_status++;
(void) krb5_finish_key(&master_encblock);
memset((char *)master_keyblock.contents, 0, master_keyblock.length);
krb5_xfree(master_keyblock.contents);
if (!dbactive) {
com_err(pname, 0, Err_no_database);
+ exit_status++;
return;
}
if (valid_master_key) {
if (retval = krb5_db_fetch_mkey(master_princ, &master_encblock,
TRUE, FALSE, 0, &master_keyblock)) {
com_err(pname, retval, "while reading master key");
+ exit_status++;
return;
}
if (retval = krb5_db_verify_master_key(master_princ, &master_keyblock,
&master_encblock)) {
com_err(pname, retval, "while verifying master key");
+ exit_status++;
return;
}
if (retval = krb5_process_key(&master_encblock,
&master_keyblock)) {
com_err(pname, retval, "while processing master key");
+ exit_status++;
return;
}
if (retval = krb5_init_random_key(&master_encblock,
&master_keyblock,
&master_random)) {
com_err(pname, retval, "while initializing random key generator");
+ exit_status++;
(void) krb5_finish_key(&master_encblock);
return;
}
if (argc < 3) {
com_err(argv[0], 0, "Too few arguments");
com_err(argv[0], 0, "Usage: %s instance name [name ...]", argv[0]);
+ exit_status++;
return;
}
if (!dbactive) {
com_err(argv[0], 0, Err_no_database);
+ exit_status++;
return;
}
if (!valid_master_key) {
com_err(argv[0], 0, Err_no_master_msg);
+ exit_status++;
return;
}
strcat(ktname, "-new-srvtab");
if (retval = krb5_kt_resolve(ktname, &ktid)) {
com_err(argv[0], retval, "while resolving keytab name '%s'", ktname);
+ exit_status++;
return;
}
com_err(argv[0], ENOMEM,
"while preparing to extract key for %s/%s",
argv[i], argv[1]);
+ exit_status++;
continue;
}
strcpy(pname, argv[i]);
if (retval = krb5_parse_name(pname, &princ)) {
com_err(argv[0], retval, "while parsing %s", pname);
+ exit_status++;
free(pname);
continue;
}
if (retval = krb5_db_get_principal(princ, &dbentry, &nentries,
&more)) {
com_err(argv[0], retval, "while retrieving %s", pname);
+ exit_status++;
goto cleanmost;
} else if (more) {
com_err(argv[0], KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE,
"while retrieving %s", pname);
+ exit_status++;
if (nentries)
krb5_db_free_principal(&dbentry, nentries);
goto cleanmost;
} else if (!nentries) {
com_err(argv[0], KRB5_KDB_NOENTRY, "while retrieving %s", pname);
+ exit_status++;
goto cleanmost;
}
if (retval = krb5_kdb_decrypt_key(&master_encblock,
&dbentry.key,
&newentry.key)) {
com_err(argv[0], retval, "while decrypting key for '%s'", pname);
+ exit_status++;
goto cleanall;
}
newentry.principal = princ;
if (retval = krb5_kt_add_entry(ktid, &newentry)) {
com_err(argv[0], retval, "while adding key to keytab '%s'",
ktname);
+ exit_status++;
} else
printf("'%s' added to keytab '%s'\n",
pname, ktname);
free(pname);
krb5_free_principal(princ);
}
- if (retval = krb5_kt_close(ktid))
+ if (retval = krb5_kt_close(ktid)) {
com_err(argv[0], retval, "while closing keytab");
+ exit_status++;
+ }
return;
}
if (argc < 3) {
com_err(argv[0], 0, "Too few arguments");
com_err(argv[0], 0, "Usage: %s instance name [name ...]", argv[0]);
+ exit_status++;
return;
}
if (!dbactive) {
com_err(argv[0], 0, Err_no_database);
+ exit_status++;
return;
}
if (!valid_master_key) {
com_err(argv[0], 0, Err_no_master_msg);
+ exit_status++;
return;
}
strcat(ktname, "-new-v4-srvtab");
if ((fout = fopen(ktname, "w")) == NULL) {
com_err(argv[0], 0, "Couldn't create file '%s'.\n", ktname);
+ exit_status++;
return;
}
for (i = 2; i < argc; i++) {
com_err(argv[0], ENOMEM,
"while preparing to extract key for %s/%s",
argv[i], argv[1]);
+ exit_status++;
continue;
}
strcpy(pname, argv[i]);
if (retval = krb5_parse_name(pname, &princ)) {
com_err(argv[0], retval, "while parsing %s", pname);
+ exit_status++;
free(pname);
continue;
}
if (retval = krb5_db_get_principal(princ, &dbentry, &nentries,
&more)) {
com_err(argv[0], retval, "while retrieving %s", pname);
+ exit_status++;
goto cleanmost;
} else if (more) {
com_err(argv[0], KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE,
"while retrieving %s", pname);
+ exit_status++;
if (nentries)
krb5_db_free_principal(&dbentry, nentries);
goto cleanmost;
} else if (!nentries) {
com_err(argv[0], KRB5_KDB_NOENTRY, "while retrieving %s", pname);
+ exit_status++;
goto cleanmost;
}
if (retval = krb5_kdb_decrypt_key(&master_encblock,
&dbentry.key,
&key)) {
com_err(argv[0], retval, "while decrypting key for '%s'", pname);
+ exit_status++;
goto cleanall;
}
if (key.keytype != 1) {
com_err(argv[0], 0, "%s does not have a DES key!", pname);
+ exit_status++;
memset((char *)key.contents, 0, key.length);
krb5_xfree(key.contents);
continue;
if (retval = krb5_unparse_name(entry->principal, &name)) {
com_err(lis->cmdname, retval, "while unparsing principal");
+ exit_status++;
return retval;
}
if (check_print(entry)) {
if (!dbactive) {
com_err(argv[0], 0, Err_no_database);
+ exit_status++;
return;
}
if (!valid_master_key) {
com_err(argv[0], 0, Err_no_master_msg);
+ exit_status++;
return;
}
lis.cmdname = argv[0];
if (argc < 2) {
com_err(argv[0], 0, "Too few arguments");
com_err(argv[0], 0, "Usage: %s principal", argv[0]);
+ exit_status++;
return;
}
if (!dbactive) {
com_err(argv[0], 0, Err_no_database);
+ exit_status++;
return;
}
if (!valid_master_key) {
com_err(argv[0], 0, Err_no_master_msg);
+ exit_status++;
return;
}
if (retval = krb5_parse_name(argv[1], &newprinc)) {
com_err(argv[0], retval, "while parsing '%s'", argv[1]);
+ exit_status++;
return;
}
if (princ_exists(argv[0], newprinc) == NO_PRINC) {
com_err(argv[0], 0, "principal '%s' is not in the database", argv[1]);
+ exit_status++;
krb5_free_principal(newprinc);
return;
}
printf("OK, deleting '%s'\n", argv[1]);
if (retval = krb5_db_delete_principal(newprinc, &one)) {
com_err(argv[0], retval, "while deleting '%s'", argv[1]);
+ exit_status++;
} else if (one != 1) {
com_err(argv[0], 0, "no principal deleted? unknown error");
+ exit_status++;
}
#ifdef __STDC__
printf("\a\a\aWARNING: Be sure to take '%s' off all access control lists\n\tbefore reallocating the name\n", argv[1]);
if (argc < 2) {
com_err(argv[0], 0, "Too few arguments");
com_err(argv[0], 0, "Usage: %s principal", argv[0]);
+ exit_status++;
return;
}
if (!dbactive) {
com_err(argv[0], 0, Err_no_database);
+ exit_status++;
return;
}
if (!valid_master_key) {
com_err(argv[0], 0, Err_no_master_msg);
+ exit_status++;
return;
}
if (retval = krb5_parse_name(argv[1], &newprinc)) {
com_err(argv[0], retval, "while parsing '%s'", argv[1]);
+ exit_status++;
return;
}
if (retval = krb5_db_get_principal(newprinc, &entry, &nprincs, &more)) {
com_err(argv[0], retval, "while trying to get principal's database entry");
+ exit_status++;
return;
}
if (change && !nprincs) {
com_err(argv[0], 0, "No principal '%s' exists", argv[1]);
+ exit_status++;
goto errout;
}
if (!change && nprincs) {
com_err(argv[0], 0, "Principal '%s' already exists.", argv[1]);
+ exit_status++;
goto errout;
}
retval = create_db_entry(newprinc, &entry);
if (retval) {
com_err(argv[0], retval, "While creating new db entry.");
+ exit_status++;
goto errout;
}
nprincs = 1;
if (retval = krb5_random_key(&master_encblock, master_random, &tempkey)) {
com_err(argv[0], retval, "while generating random key");
+ exit_status++;
return;
}
krb5_free_keyblock(tempkey);
if (retval) {
com_err(argv[0], retval, "while encrypting key for '%s'", argv[1]);
+ exit_status++;
goto errout;
}
if (retval = krb5_db_put_principal(&entry, &nprincs)) {
com_err(argv[0], retval, "while storing entry for '%s'\n", argv[1]);
+ exit_status++;
goto errout;
}
- if (nprincs != 1)
+ if (nprincs != 1) {
com_err(argv[0], 0, "entry not stored in database (unknown failure)");
+ exit_status++;
+ }
errout:
krb5_free_principal(newprinc);
if (argc != 2) {
com_err(cmdname, 0,
"Usage: %s [-onlyrealmsalt|-norealmsalt] principal", argv[0]);
+ exit_status++;
return;
}
if (!valid_master_key) {
com_err(cmdname, 0, Err_no_master_msg);
+ exit_status++;
return;
}
if (retval = krb5_parse_name(argv[1], &newprinc)) {
com_err(cmdname, retval, "while parsing '%s'", argv[1]);
+ exit_status++;
return;
}
if (princ_exists(cmdname, newprinc) != NO_PRINC) {
com_err(cmdname, 0, "principal '%s' already exists", argv[1]);
+ exit_status++;
krb5_free_principal(newprinc);
return;
}
if (argc < 2) {
com_err(argv[0], 0, "Too few arguments");
com_err(argv[0], 0, "Usage: %s principal", argv[0]);
+ exit_status++;
return;
}
if (!valid_master_key) {
com_err(argv[0], 0, Err_no_master_msg);
+ exit_status++;
return;
}
if (retval = krb5_parse_name(argv[1], &newprinc)) {
com_err(argv[0], retval, "while parsing '%s'", argv[1]);
+ exit_status++;
return;
}
if (princ_exists(argv[0], newprinc) != NO_PRINC) {
com_err(argv[0], 0, "principal '%s' already exists", argv[1]);
+ exit_status++;
krb5_free_principal(newprinc);
return;
}
if (argc != 2) {
com_err(cmdname, 0,
"Usage: %s [-onlyrealmsalt|-norealmsalt] principal", argv[0]);
+ exit_status++;
return;
}
if (!dbactive) {
com_err(cmdname, 0, Err_no_database);
+ exit_status++;
return;
}
if (!valid_master_key) {
com_err(cmdname, 0, Err_no_master_msg);
+ exit_status++;
return;
}
if (retval = krb5_parse_name(argv[1], &newprinc)) {
com_err(cmdname, retval, "while parsing '%s'", argv[1]);
+ exit_status++;
return;
}
if ((vno = princ_exists(argv[0], newprinc)) == NO_PRINC) {
com_err(cmdname, 0, "No principal '%s' exists!", argv[1]);
+ exit_status++;
krb5_free_principal(newprinc);
return;
}
if (argc < 2) {
com_err(argv[0], 0, "Too few arguments");
com_err(argv[0], 0, "Usage: %s principal", argv[0]);
+ exit_status++;
return;
}
if (!dbactive) {
com_err(argv[0], 0, Err_no_database);
+ exit_status++;
return;
}
if (!valid_master_key) {
com_err(argv[0], 0, Err_no_master_msg);
+ exit_status++;
return;
}
if (retval = krb5_parse_name(argv[1], &newprinc)) {
com_err(argv[0], retval, "while parsing '%s'", argv[1]);
+ exit_status++;
return;
}
if ((vno = princ_exists(argv[0], newprinc)) == NO_PRINC) {
com_err(argv[0], 0, "No principal '%s' exists!", argv[1]);
+ exit_status++;
krb5_free_principal(newprinc);
return;
}
krb5_default_pwd_prompt2,
password, &pwsize)) {
com_err(cmdname, retval, "while reading password for '%s'", newprinc);
+ exit_status++;
return;
}
pwd.data = password;
if (retval = krb5_principal2salt(string_princ, &salt.saltdata)) {
com_err(cmdname, retval,
"while converting principal to salt for '%s'", newprinc);
+ exit_status++;
return;
}
break;
&salt.saltdata)) {
com_err(cmdname, retval,
"while converting principal to salt for '%s'", newprinc);
+ exit_status++;
return;
}
break;
&foo)) {
com_err(cmdname, retval,
"while converting principal to salt for '%s'", newprinc);
+ exit_status++;
return;
}
salt.saltdata = *foo;
}
default:
com_err(cmdname, 0, "Don't know how to enter salt type %d", salttype);
+ exit_status++;
return;
}
retval = krb5_string_to_key(&master_encblock, master_keyblock.keytype,
if (retval) {
com_err(cmdname, retval, "while converting password to key for '%s'",
newprinc);
+ exit_status++;
krb5_xfree(salt.saltdata.data);
return;
}
if (argc < 2) {
com_err(argv[0], 0, "Too few arguments");
com_err(argv[0], 0, "Usage: %s principal", argv[0]);
+ exit_status++;
return;
}
if (!dbactive) {
com_err(argv[0], 0, Err_no_database);
+ exit_status++;
return;
}
if (!valid_master_key) {
com_err(argv[0], 0, Err_no_master_msg);
+ exit_status++;
return;
}
if (retval = krb5_parse_name(argv[1], &princ)) {
com_err(argv[0], retval, "while parsing '%s'", argv[1]);
+ exit_status++;
return;
}
if (retval = krb5_db_get_principal(princ, &entry, &nprincs, &more)) {
com_err(argv[0], retval, "while trying to get principal's database entry");
+ exit_status++;
goto errout;
}
if (!nprincs) {
com_err(argv[0], 0, "Principal %s not found.", argv[1]);
+ exit_status++;
goto errout;
}
if (retval = krb5_unparse_name(entry.principal, &pr_name)) {
com_err(argv[0], retval, "while unparsing principal");
+ exit_status++;
goto errout;
}
if (retval = krb5_unparse_name(entry.mod_name, &pr_mod)) {
com_err(argv[0], retval, "while unparsing 'modified by' principal");
+ exit_status++;
goto errout;
}
if (!nprincs) {
com_err(argv[0], 0, "Principal '%s' does not exist", argv[1]);
+ exit_status++;
goto errout;
}
{
if (argc != 2) {
com_err(argv[0], 0, "Usage: %s directory", argv[0]);
+ exit_status++;
return;
}
if (chdir(argv[1])) {
com_err(argv[0], errno,
"Couldn't change directory to %s", argv[1]);
+ exit_status++;
}
}
if (!getwd(buf)) {
com_err(argv[0], 0, "Couldn't get working directory: %s",
buf);
+ exit_status++;
return;
}
puts(buf);
finished = TRUE;
if (retval && retval != KRB5_KDB_DBNOTINITED) {
com_err(progname, retval, "while closing database");
+ exit_status++;
return 1;
}
return 0;