+Tue Aug 8 17:27:04 EDT 1995 Paul Park (pjpark@mit.edu)
+ * kadmin5_ct.ct - Add add_key_type and del_key_type to add/delete a
+ particular key/salt pair.
+ * kadmin5.c - Add kadmin_{add,del}_key_type to support add_key_type
+ and del_key_type commands. Change -l processing to use
+ krb5_string_to_deltat().
+ * kadmin5.h - Update prototypes and remove obsolete functions.
+ * network.c - Add new protocol error message support.
+ * kadmin5.M - Remove descriptions of obsolete syntax or syntax which
+ has been made common among utilities.
+
+
Fri Aug 4 16:13:20 EDT 1995 Paul Park (pjpark@mit.edu)
* kadmin5.c - Replace explicit hand-decoded integers with macros.
.I ccache
] [
.B \-l
-.I [hours:]minutes
+.I deltatime
] [
.B \-d
] [
.B ccache
specifies a credentials cache to use instead of the default.
.IP \-l
-.B [hours:]minutes
+.B deltatime
specifies the lifetime for an administrative ticket, if one needs to be
acquired.
.IP \-d
.IP change_rnd_key,crk
Change key of an entry in the Kerberos database (selecting a new random key).
+.IP add_key_type,akt
+Add new key type to an existing Kerberos principal (prompting for old
+password).
+
+.IP del_key_type,dkt
+Delete key type from an existing Kerberos principal (prompting for old
+password).
+
.IP delete_entry,delent,del
Delete an entry from the database.
commands, an optional list of principal options may be specified. The
following options may be specified:
.TP i
-.I kvno=<integer>
-Specifies the key version number for the principal.
-.TP i
-.I maxlife=<integer>
-Specifies the maximum ticket life for the principal in seconds.
+.I maxlife=<deltatime>
+Specifies the maximum ticket life for the principal.
.TP i
-.I maxrenewlife=<integer>
-Specifies the maximum renewable ticket life for the principal in seconds.
+.I maxrenewlife=<deltatime>
+Specifies the maximum renewable ticket life for the principal.
.TP i
.I expiration=<date>
-Specifies the expiration date and time of the principal. See below for the
-format of
-.I <date>.
+Specifies the expiration date and time of the principal.
.TP i
.I pwexpiration=<date>
-Specifies the expiration date and time of the principal's password. See below for the format of
-.I <date>.
-.TP i
-.I salttype=[v5|v4|norealm|onlyrealm|special]
-Indicates the salt type.
+Specifies the expiration date and time of the principal's password.
.TP i
.I [+/-]postdateable
Specifies that tickets for this principal [are/are not] postdateable.
.I [+/-]forwardable
Specifies that tickets for this principal [are/are not] forwardable.
.TP i
-.I [+/-]tgt_req
+.I [+/-]tgt-based
Specifies that TGT-based requests for this principal [are/are not] allowed.
.TP i
.I [+/-]renewable
.I [+/-]proxiable
Specifies that tickets for this principal [are/are not] proxiable.
.TP i
-.I [+/-]dup_skey
+.I [+/-]dup-skey
Specifies that tickets issued by this service [may/may not] be encrypted
using the session key instead of the private key.
.TP i
-.I [+/-]allow_tickets
+.I [+/-]allow-tickets
Specifies that tickets for this principal [are/are not] allowed.
.TP i
.I [+/-]preauth
Specifies that hardware preauthorization [is/is not] required for this
principal.
.TP i
-.I [+/-]pwchange_req
+.I [+/-]pwchange
Specifies that a password change [is/is not] required for this principal.
.TP i
-.I [+/-]server
+.I [+/-]service
Specifies that this principal [is/is not] allowed to be a service.
.TP i
.I [+/-]pwservice
.TP i
.I [+/-]md5
Specifies that DES MD5 [is/is not] supported for this principal.
-
-.SH Date Format
-The format of <date>
-may be one of the following, where
-.I yy
-is the last two digits of the year;
-.I mm
-is the month number (with a leading zero if less than 10);
-.I dd
-is the day number in the month (with a leading zero if less than 10);
-.I HH
-is the hour number (24-hour clock);
-.I MM
-is the minute number; and
-.I SS
-is the second number:
-.TP i
-.I yy.mm.dd.HH.MM.SS
-e.g. 95.09.01.00.00.00 for midnight on September 1, 1995.
-.TP i
-.I yymmddHHMMSS
-e.g. 950901000000 for midnight on September 1, 1995.
-.PP
-If the
-.B strptime(3)
-function is available, then the following formats are also supported.
-.PP
-.TP i
-.I yymmddHHMM
-e.g. 9509010000 for midnight on September 1, 1995.
-.TP i
-.I HHMMSS
-e.g. 200000 for 8pm tonight.
-.TP i
-.I HHMM
-e.g. 2100 for 9pm tonight.
-.TP i
-.I HH:MM:SS
-e.g. 20:00:00 for 8pm tonight.
-.TP i
-.I HH:MM
-e.g. 21:00 for 9pm tonight.
-.TP i
-.I locale-dependent short format (mm/dd/yy:HH:MM:SS) in U.S.
-.e.g 01/09/95:00:00:00 for midnight on September 1, 1995.
-.TP i
-.I dd-<text-month>-yyyy:HH:MM:SS
-e.g. 01-Sep-1995:00:00:00 for midnight on September 1, 1995.
-.TP i
-.I dd-<text-month>-yyyy:HH:MM
-e.g. 01-Sep-1995:00:00 for midnight on September 1, 1995.
.PP
.SH SEE ALSO
-kadmind5(8), kpasswd(1), strptime(3)
+kadmind5(8), kpasswd(1)
static const char *cpw_prompt2_fmt = "Re-enter new password for %s: ";
static const char *cpw_succ_fmt = "password changed for %s";
static const char *cpw_nochange_fmt = "password not changed for %s";
+static const char *akt_usage_fmt = "usage is %s principal [key:salt]+";
+static const char *akt_prompt1_fmt = " Enter current password for %s: ";
+static const char *akt_prompt2_fmt = "Re-enter current password for %s: ";
+static const char *akt_succ_fmt = "keytypes successfully added for %s";
+static const char *akt_nochange_fmt = "keytypes not added for %s";
+static const char *dkt_usage_fmt = "usage is %s principal [key:salt[:kvno]]+";
+static const char *dkt_prompt1_fmt = " Enter current password for %s: ";
+static const char *dkt_prompt2_fmt = "Re-enter current password for %s: ";
+static const char *dkt_succ_fmt = "keytypes successfully deleted for %s";
+static const char *dkt_nochange_fmt = "keytypes not deleted for %s";
static const char *dprinc_usage_fmt = "usage is %s [%s] principal [...]";
static const char *del_conf_fmt = "Enter '%c' to delete principal %s: ";
static const char del_conf_char = 'y';
}
}
\f
+/*
+ * kadmin_add_key_type() - Add key/salt types.
+ */
+void
+kadmin_add_key_type(argc, argv)
+ int argc;
+ char *argv[];
+{
+ int i;
+ krb5_int32 proto_stat;
+ krb5_int32 ncomps;
+ krb5_data *complist;
+ krb5_error_code kret;
+ krb5_data *arglist;
+ char *p1;
+ char *p2;
+ char *opass;
+ int oplen;
+
+ /*
+ * Command syntax is: akt principal [keysalt]+
+ */
+ if (argc < 3) {
+ com_err(argv[0], 0, akt_usage_fmt, argv[0]);
+ return;
+ }
+
+ requestname = argv[0];
+ kret = 0;
+ arglist = (krb5_data *) malloc((size_t)(sizeof(krb5_data)*(argc-2)));
+ p1 = (char *) malloc(strlen(akt_prompt1_fmt)+strlen(argv[argc-1])+1);
+ p2 = (char *) malloc(strlen(akt_prompt2_fmt)+strlen(argv[argc-1])+1);
+ opass = (char *) malloc(KRB5_ADM_MAX_PASSWORD_LEN);
+ if (arglist && p1 && p2 && opass) {
+ memset(arglist, 0, (size_t) (sizeof(krb5_data)*(argc-2)));
+ sprintf(p1, akt_prompt1_fmt, argv[1]);
+ sprintf(p2, akt_prompt2_fmt, argv[1]);
+ for (i=2; i<argc; i++) {
+ arglist[i-2].length = strlen(argv[i]);
+ arglist[i-2].data = argv[i];
+ }
+ if (!(kret = net_connect())) {
+ oplen = KRB5_ADM_MAX_PASSWORD_LEN;
+ if (!(kret = krb5_read_password(kcontext,
+ p1,
+ p2,
+ opass,
+ &oplen))) {
+ opass[oplen] = '\0';
+ if (!(kret = net_do_proto(KRB5_ADM_ADD_KEY_CMD,
+ argv[1],
+ opass,
+ argc-2,
+ arglist,
+ &proto_stat,
+ &ncomps,
+ &complist,
+ 1))) {
+ if (proto_stat == KRB5_ADM_SUCCESS)
+ com_err(programname, 0, akt_succ_fmt, argv[1]);
+ krb5_free_adm_data(kcontext, ncomps, complist);
+ }
+ memset(opass, 0, KRB5_ADM_MAX_PASSWORD_LEN);
+ }
+ else {
+ com_err(argv[0], kret, akt_nochange_fmt, argv[1]);
+ }
+ net_disconnect(0);
+ }
+ else {
+ com_err(argv[0], kret, gen_conn_err_fmt);
+ }
+ }
+ else {
+ com_err(requestname, 0, no_memory_fmt);
+ }
+ if (p1)
+ free(p1);
+ if (p2)
+ free(p2);
+ if (opass)
+ free(opass);
+ if (arglist)
+ free(arglist);
+}
+\f
+/*
+ * kadmin_del_key_type() - Delete key/salt types.
+ */
+void
+kadmin_del_key_type(argc, argv)
+ int argc;
+ char *argv[];
+{
+ int i;
+ krb5_int32 proto_stat;
+ krb5_int32 ncomps;
+ krb5_data *complist;
+ krb5_error_code kret;
+ krb5_data *arglist;
+ char *p1;
+ char *p2;
+ char *opass;
+ int oplen;
+
+ /*
+ * Command syntax is: dkt principal [keysalt[:kvno]]+
+ */
+ if (argc < 3) {
+ com_err(argv[0], 0, dkt_usage_fmt, argv[0]);
+ return;
+ }
+
+ requestname = argv[0];
+ kret = 0;
+ arglist = (krb5_data *) malloc((size_t)(sizeof(krb5_data)*(argc-2)));
+ p1 = (char *) malloc(strlen(dkt_prompt1_fmt)+strlen(argv[argc-1])+1);
+ p2 = (char *) malloc(strlen(dkt_prompt2_fmt)+strlen(argv[argc-1])+1);
+ opass = (char *) malloc(KRB5_ADM_MAX_PASSWORD_LEN);
+ if (arglist && p1 && p2 && opass) {
+ memset(arglist, 0, (size_t) (sizeof(krb5_data)*(argc-2)));
+ sprintf(p1, dkt_prompt1_fmt, argv[1]);
+ sprintf(p2, dkt_prompt2_fmt, argv[1]);
+ for (i=2; i<argc; i++) {
+ arglist[i-2].length = strlen(argv[i]);
+ arglist[i-2].data = argv[i];
+ }
+ if (!(kret = net_connect())) {
+ oplen = KRB5_ADM_MAX_PASSWORD_LEN;
+ if (!(kret = krb5_read_password(kcontext,
+ p1,
+ p2,
+ opass,
+ &oplen))) {
+ opass[oplen] = '\0';
+ if (!(kret = net_do_proto(KRB5_ADM_DEL_KEY_CMD,
+ argv[1],
+ opass,
+ argc-2,
+ arglist,
+ &proto_stat,
+ &ncomps,
+ &complist,
+ 1))) {
+ if (proto_stat == KRB5_ADM_SUCCESS)
+ com_err(programname, 0, dkt_succ_fmt, argv[1]);
+ krb5_free_adm_data(kcontext, ncomps, complist);
+ }
+ memset(opass, 0, KRB5_ADM_MAX_PASSWORD_LEN);
+ }
+ else {
+ com_err(argv[0], kret, dkt_nochange_fmt, argv[1]);
+ }
+ net_disconnect(0);
+ }
+ else {
+ com_err(argv[0], kret, gen_conn_err_fmt);
+ }
+ }
+ else {
+ com_err(requestname, 0, no_memory_fmt);
+ }
+ if (p1)
+ free(p1);
+ if (p2)
+ free(p2);
+ if (opass)
+ free(opass);
+ if (arglist)
+ free(arglist);
+}
+\f
/*
* kadmin_delete_entry() - Delete principal.
*/
saveit = 1;
break;
case 'l':
- {
- int hours, minutes;
-
- if (sscanf(optarg, "%d:%d", &hours, &minutes) == 2)
- ticket_life = (hours * 3600) + (minutes * 60);
- else if (sscanf(optarg, "%d", &minutes) == 1)
- ticket_life = minutes * 60;
- else {
- com_err(argv[0], 0, kadmin_badtime_fmt, optarg);
- exit(1);
- }
+ if (krb5_string_to_deltat(optarg, (krb5_deltat *) &ticket_life)) {
+ com_err(argv[0], 0, kadmin_badtime_fmt, optarg);
+ exit(1);
}
break;
case 'r':
*/
/* network.c */
void print_proto_sreply
- PROTOTYPE((krb5_int32, krb5_data *));
+ KRB5_PROTOTYPE((krb5_int32, krb5_data *));
void print_proto_error
- PROTOTYPE((char *,
- krb5_int32,
- krb5_int32,
- krb5_data *));
+ KRB5_PROTOTYPE((char *,
+ krb5_int32,
+ krb5_int32,
+ krb5_data *));
krb5_error_code net_connect();
void net_disconnect
- PROTOTYPE((krb5_boolean));
+ KRB5_PROTOTYPE((krb5_boolean));
krb5_error_code net_do_proto
- PROTOTYPE((char *,
- char *,
- char *,
- krb5_int32,
- krb5_data *,
- krb5_int32 *,
- krb5_int32 *,
- krb5_data **,
- krb5_boolean));
+ KRB5_PROTOTYPE((char *,
+ char *,
+ char *,
+ krb5_int32,
+ krb5_data *,
+ krb5_int32 *,
+ krb5_int32 *,
+ krb5_data **,
+ krb5_boolean));
/* convert.c */
-char * delta2string PROTOTYPE((krb5_deltat));
-char * abs2string PROTOTYPE((krb5_timestamp));
-char * dbflags2string PROTOTYPE((krb5_flags));
-char * salt2string PROTOTYPE((krb5_int32));
-krb5_boolean parse_princ_options PROTOTYPE((int,
- char **,
- krb5_ui_4 *,
- krb5_db_entry *));
+char * delta2string KRB5_PROTOTYPE((krb5_deltat));
+char * abs2string KRB5_PROTOTYPE((krb5_timestamp));
+char * dbflags2string KRB5_PROTOTYPE((krb5_flags));
+char * salt2string KRB5_PROTOTYPE((krb5_int32));
+krb5_boolean parse_princ_options KRB5_PROTOTYPE((int,
+ char **,
+ krb5_ui_4 *,
+ krb5_db_entry *));
void help_princ_options();
/* kadmin5.c */
-void kadmin_show_principal PROTOTYPE((int, char **));
-void kadmin_add_new_key PROTOTYPE((int, char **));
-void kadmin_change_pwd PROTOTYPE((int, char **));
-void kadmin_add_rnd_key PROTOTYPE((int, char **));
-void kadmin_change_rnd PROTOTYPE((int, char **));
-void kadmin_add_v4_key PROTOTYPE((int, char **));
-void kadmin_change_v4_key PROTOTYPE((int, char **));
-void kadmin_delete_entry PROTOTYPE((int, char **));
-void kadmin_extract PROTOTYPE((int, char **));
-void kadmin_extract_v4 PROTOTYPE((int, char **));
-void kadmin_modify PROTOTYPE((int, char **));
-void kadmin_rename PROTOTYPE((int, char **));
-void kadmin_list PROTOTYPE((int, char **));
-void kadmin_language PROTOTYPE((int, char **));
-void kadmin_mime PROTOTYPE((int, char **));
-void kadmin_cd PROTOTYPE((int, char **));
-void kadmin_pwd PROTOTYPE((int, char **));
-char * kadmin_startup PROTOTYPE((int, char **));
+void kadmin_show_principal KRB5_PROTOTYPE((int, char **));
+void kadmin_add_new_key KRB5_PROTOTYPE((int, char **));
+void kadmin_change_pwd KRB5_PROTOTYPE((int, char **));
+void kadmin_add_rnd_key KRB5_PROTOTYPE((int, char **));
+void kadmin_change_rnd KRB5_PROTOTYPE((int, char **));
+void kadmin_add_key_type KRB5_PROTOTYPE((int, char **));
+void kadmin_del_key_type KRB5_PROTOTYPE((int, char **));
+void kadmin_delete_entry KRB5_PROTOTYPE((int, char **));
+void kadmin_extract KRB5_PROTOTYPE((int, char **));
+void kadmin_extract_v4 KRB5_PROTOTYPE((int, char **));
+void kadmin_modify KRB5_PROTOTYPE((int, char **));
+void kadmin_rename KRB5_PROTOTYPE((int, char **));
+void kadmin_list KRB5_PROTOTYPE((int, char **));
+void kadmin_language KRB5_PROTOTYPE((int, char **));
+void kadmin_mime KRB5_PROTOTYPE((int, char **));
+void kadmin_cd KRB5_PROTOTYPE((int, char **));
+void kadmin_pwd KRB5_PROTOTYPE((int, char **));
+char * kadmin_startup KRB5_PROTOTYPE((int, char **));
int kadmin_cleanup();
#endif /* KADMIN5_H__ */
request kadmin_change_rnd, "Change key of an entry in the Kerberos database (selecting a new random key).",
change_rnd_key, crk;
+request kadmin_add_key_type, "Add new key type to an existing Kerberos principal (prompting for old password).",
+ add_key_type, akt;
+
+request kadmin_del_key_type, "Delete key type from an existing Kerberos principal (prompting for old password).",
+ del_key_type, dkt;
+
request kadmin_delete_entry, "Delete an entry from the database.",
delete_entry, delent, del;
static const char *proto_bad_opt_fmt = "(%s) option not recognized by server";
static const char *proto_value_req_fmt = "(%s) value required for option";
static const char *proto_system_err_fmt = "(%s) remote system error";
+static const char *proto_key_exists_fmt = "(%s) key/salt type already present";
+static const char *proto_key_ufo_fmt = "(%s) key/salt type not present";
static const char *proto_ufo_err_fmt = "- (%s) protocol command %s returned unexpected error %d";
static const char *net_conn_err_fmt = "- %s: cannot connect to server";
static const char *net_ccache_fmt = "- cannot find credential cache %s";
case KRB5_ADM_SYSTEM_ERROR:
com_err(programname, 0, proto_system_err_fmt, requestname);
break;
+ case KRB5_ADM_KEY_ALREADY_EXISTS:
+ com_err(programname, 0, proto_key_exists_fmt, requestname);
+ break;
+ case KRB5_ADM_KEY_DOES_NOT_EXIST:
+ com_err(programname, 0, proto_key_ufo_fmt, requestname);
+ break;
default:
com_err(programname, cstat, proto_ufo_err_fmt, requestname,
cmd, cstat);
projects / krb5.git / commitdiff