From: John Kohl Date: Tue, 1 May 1990 17:10:57 +0000 (+0000) Subject: *** empty log message *** X-Git-Tag: krb5-1.0-alpha2~742 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=9dc09e76105eb2f865e7d6a950fb5dff09ac9dbb;p=krb5.git *** empty log message *** git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@654 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/admin/edit/kdb5_ed_ct.ct b/src/admin/edit/kdb5_ed_ct.ct new file mode 100644 index 000000000..1fa6ffd90 --- /dev/null +++ b/src/admin/edit/kdb5_ed_ct.ct @@ -0,0 +1,25 @@ +# $Source$ +# $Author$ +# $Id$ +# +# Copyright 1990 by the Massachusetts Institute of Technology. +# +# For copying and distribution information, please see the file +# . +# +# Command table for Kerberos administration edit +# + +command_table kdb5_edit_cmds; + +request add_new_key, "Add new entry to Kerberos database", + add_new_key, ank; + +# list_requests is generic -- unrelated to Kerberos + request ss_list_requests, "List available requests.", + list_requests, lr, "?"; + + request ss_abort_subsystem, "Exit program.", + quit, exit, q; + +end; diff --git a/src/admin/edit/kdb5_edit.c b/src/admin/edit/kdb5_edit.c new file mode 100644 index 000000000..18244a8f6 --- /dev/null +++ b/src/admin/edit/kdb5_edit.c @@ -0,0 +1,324 @@ +/* + * $Source$ + * $Author$ + * + * Copyright 1990 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * . + * + * Edit a KDC database. + */ + +#if !defined(lint) && !defined(SABER) +static char rcsid_kdb_edit_c[] = +"$Id$"; +#endif /* !lint & !SABER */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include + +struct mblock { + krb5_deltat max_life; + krb5_deltat max_rlife; + krb5_timestamp expiration; + krb5_flags flags; + krb5_kvno mkvno; +} mblock = { /* XXX */ + KRB5_KDB_MAX_LIFE, + KRB5_KDB_MAX_RLIFE, + KRB5_KDB_EXPIRATION, + KRB5_KDB_DEF_FLAGS, + 0 +}; + +static void +usage(who, status) +char *who; +int status; +{ + fprintf(stderr, "usage: %s [-d dbpathname] [-r realmname] [-k keytype]\n\ +\t[-e etype] [-M mkeyname]\n", + who); + exit(status); +} + +krb5_keyblock master_keyblock; +krb5_principal master_princ; +krb5_db_entry master_entry; +krb5_encrypt_block master_encblock; + +extern ss_request_table kdb5_edit_cmds; + +extern char *krb5_default_pwd_prompt1, *krb5_default_pwd_prompt2; + +static char *progname; + +void +quit() +{ + krb5_error_code retval = krb5_db_fini(); + bzero((char *)master_keyblock.contents, master_keyblock.length); + if (retval) { + com_err(progname, retval, "while closing database"); + exit(1); + } + exit(0); +} + +void +main(argc, argv) +int argc; +char *argv[]; +{ + extern char *optarg; + int optchar; + + krb5_error_code retval; + char *dbname = 0; + char *realm = 0; + char *mkey_name = 0; + char *mkey_fullname; + char defrealm[BUFSIZ]; + int keytypedone = 0; + krb5_boolean manual = FALSE; + krb5_enctype etype = -1; + register krb5_cryptosystem_entry *csentry; + int sci_idx; + krb5_boolean more; + int nentries; + + initialize_krb5_error_table(); + initialize_kdb5_error_table(); + initialize_isod_error_table(); + + if (rindex(argv[0], '/')) + argv[0] = rindex(argv[0], '/')+1; + + progname = argv[0]; + + while ((optchar = getopt(argc, argv, "d:r:k:M:e:m")) != EOF) { + switch(optchar) { + case 'd': /* set db name */ + dbname = optarg; + break; + case 'r': + realm = optarg; + break; + case 'k': + master_keyblock.keytype = atoi(optarg); + keytypedone++; + break; + case 'M': /* master key name in DB */ + mkey_name = optarg; + break; + case 'e': + etype = atoi(optarg); + break; + case 'm': + manual = TRUE; + break; + case '?': + default: + usage(argv[0], 1); + /*NOTREACHED*/ + } + } + + if (!keytypedone) + master_keyblock.keytype = KEYTYPE_DES; + + if (!valid_keytype(master_keyblock.keytype)) { + com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP, + "while setting up keytype %d", master_keyblock.keytype); + exit(1); + } + + if (etype == -1) + etype = krb5_keytype_array[master_keyblock.keytype]->system->proto_enctype; + + if (!valid_etype(etype)) { + com_err(argv[0], KRB5_PROG_ETYPE_NOSUPP, + "while setting up etype %d", etype); + exit(1); + } + master_encblock.crypto_entry = krb5_csarray[etype]->system; + csentry = master_encblock.crypto_entry; + + if (!dbname) + dbname = DEFAULT_DBM_FILE; /* XXX? */ + + sci_idx = ss_create_invocation("kdb5_edit", "5.0", (char *) NULL, + &kdb5_edit_cmds, &retval); + if (retval) { + ss_perror(sci_idx, retval, "creating invocation"); + exit(1); + } + + if (retval = krb5_db_set_name(dbname)) { + com_err(argv[0], retval, "while setting active database to '%s'", + dbname); + exit(1); + } + if (!realm) { + if (retval = krb5_get_default_realm(sizeof(defrealm), defrealm)) { + com_err(argv[0], retval, "while retrieving default realm name"); + exit(1); + } + realm = defrealm; + } + + /* assemble & parse the master key name */ + + if (retval = krb5_db_setup_mkey_name(mkey_name, realm, &mkey_fullname, + &master_princ)) { + com_err(argv[0], retval, "while setting up master key name"); + exit(1); + } + if (retval = krb5_db_fetch_mkey(master_princ, &master_encblock, manual, + &master_keyblock)) { + com_err(argv[0], retval, "while reading master key"); + exit(1); + } + if (retval = krb5_db_init()) { + com_err(argv[0], retval, "while initializing database"); + exit(1); + } + if (retval = krb5_db_verify_master_key(master_princ, &master_keyblock, + &master_encblock)) { + com_err(argv[0], retval, "while verifying master key"); + (void) krb5_db_fini(); + exit(1); + } + nentries = 1; + if (retval = krb5_db_get_principal(master_princ, &master_entry, &nentries, + &more)) { + com_err(argv[0], retval, "while retrieving master entry"); + (void) krb5_db_fini(); + exit(1); + } + if (retval = (*master_encblock.crypto_entry->process_key)(&master_encblock, + &master_keyblock)) { + com_err(argv[0], retval, "while processing master key"); + (void) krb5_db_fini(); + exit(1); + } + + mblock.max_life = master_entry.max_life; + mblock.max_rlife = master_entry.max_renewable_life; + mblock.expiration = master_entry.expiration; + /* don't set flags, master has some extra restrictions */ + mblock.mkvno = master_entry.kvno; + + ss_listen(sci_idx, &retval); + printf("\n"); + (void) (*master_encblock.crypto_entry->finish_key)(&master_encblock); + retval = krb5_db_fini(); + bzero((char *)master_keyblock.contents, master_keyblock.length); + if (retval) { + com_err(progname, retval, "while closing database"); + exit(1); + } + exit(0); +} + +krb5_error_code +add_new_key(argc, argv) +int argc; +char *argv[]; +{ + krb5_error_code retval; + krb5_keyblock tempkey; + krb5_principal newprinc; + krb5_db_entry newentry; + krb5_data pwd; + char password[BUFSIZ]; + int pwsize = sizeof(password); + int one = 1; + + if (argc < 2) { + com_err(argv[0], 0, "Too few arguments"); + com_err(argv[0], 0, "Usage: add_new_key principal"); + return 1; + } + if (retval = krb5_parse_name(argv[1], &newprinc)) { + com_err(argv[0], retval, "while parsing '%s'", argv[1]); + return 1; + } + if (retval = krb5_read_password(krb5_default_pwd_prompt1, + krb5_default_pwd_prompt2, + password, &pwsize)) { + com_err(argv[0], retval, "while reading password for '%s'", argv[1]); + krb5_free_principal(newprinc); + return 1; + } + pwd.data = password; + pwd.length = pwsize; + + retval = (*master_encblock.crypto_entry-> + string_to_key)(master_keyblock.keytype, + &tempkey, + &pwd, + newprinc); + bzero(password, sizeof(password)); /* erase it */ + if (retval) { + com_err(argv[0], retval, "while converting password to key for '%s'", argv[1]); + krb5_free_principal(newprinc); + return 1; + } + retval = krb5_kdb_encrypt_key(&master_encblock, + &tempkey, + &newentry.key); + bzero((char *)tempkey.contents, tempkey.length); + free((char *)tempkey.contents); + if (retval) { + com_err(argv[0], retval, "while encrypting key for '%s'", argv[1]); + krb5_free_principal(newprinc); + return 1; + } + newentry.principal = newprinc; + newentry.kvno = 1; + newentry.max_life = mblock.max_life; + newentry.max_renewable_life = mblock.max_rlife; + newentry.mkvno = mblock.mkvno; + newentry.expiration = mblock.expiration; + newentry.mod_name = master_princ; + if (retval = krb5_timeofday(&newentry.mod_date)) { + com_err(argv[0], retval, "while fetching date"); + bzero((char *)newentry.key.contents, newentry.key.length); + free((char *)newentry.key.contents); + krb5_free_principal(newprinc); + return 1; + } + newentry.attributes = mblock.flags; + + if (retval = krb5_db_put_principal(&newentry, &one)) { + com_err(argv[0], retval, "while storing entry for '%s'\n", argv[1]); + krb5_free_principal(newprinc); + bzero((char *)newentry.key.contents, newentry.key.length); + free((char *)newentry.key.contents); + return 1; + } + bzero((char *)newentry.key.contents, newentry.key.length); + free((char *)newentry.key.contents); + krb5_free_principal(newprinc); + if (one != 1) { + com_err(argv[0], 0, "entry not stored in database (unknown failure)"); + return 1; + } + return 0; +}