From 1360badc25b0ed0b701381f02ef613eb45baa6ad Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Sat, 19 Feb 2000 01:57:07 +0000 Subject: [PATCH] * keytab.c (add_usage): Update usage message. (kadmin_keytab_add): Update to deal with explicit keysalt lists. (add_principal): Update to deal with explicit keysalt lists. * kadmin.c (kadmin_cpw): Add support for new api. (kadmin_parse_princ_args): Add support for new api, particularly -keepold to keep old keys around and -e to explicitly specify key-salt tuples. (kadmin_addprinc_usage): Update usage accordingly. (kadmin_addprinc): Add support for new api. (kadmin_modprinc): Update to call new parse_princ_args reasonably. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12056 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kadmin/cli/ChangeLog | 14 ++++ src/kadmin/cli/kadmin.c | 167 +++++++++++++++++++++++++++++++++++---- src/kadmin/cli/keytab.c | 36 ++++++++- 3 files changed, 197 insertions(+), 20 deletions(-) diff --git a/src/kadmin/cli/ChangeLog b/src/kadmin/cli/ChangeLog index 9b3c2010e..4ac649d1d 100644 --- a/src/kadmin/cli/ChangeLog +++ b/src/kadmin/cli/ChangeLog @@ -1,3 +1,17 @@ +2000-02-18 Tom Yu + + * keytab.c (add_usage): Update usage message. + (kadmin_keytab_add): Update to deal with explicit keysalt lists. + (add_principal): Update to deal with explicit keysalt lists. + + * kadmin.c (kadmin_cpw): Add support for new api. + (kadmin_parse_princ_args): Add support for new api, particularly + -keepold to keep old keys around and -e to explicitly specify + key-salt tuples. + (kadmin_addprinc_usage): Update usage accordingly. + (kadmin_addprinc): Add support for new api. + (kadmin_modprinc): Update to call new parse_princ_args reasonably. + 1999-10-26 Tom Yu * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES, diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c index 591cda469..23a2e4b93 100644 --- a/src/kadmin/cli/kadmin.c +++ b/src/kadmin/cli/kadmin.c @@ -516,25 +516,74 @@ void kadmin_cpw(argc, argv) static char newpw[1024]; static char prompt1[1024], prompt2[1024]; char *canon; + char *pwarg = NULL; + int n_ks_tuple = 0, keepold = 0, randkey = 0; + krb5_key_salt_tuple *ks_tuple; krb5_principal princ; if (argc < 2) { goto usage; } - - retval = kadmin_parse_name(argv[argc - 1], &princ); + for (argv++, argc--; argc > 1; argc--, argv++) { + if (!strcmp("-pw", *argv)) { + argc--; + if (argc < 1) { + fprintf(stderr, "change_password: missing password arg\n"); + goto usage; + } + pwarg = *++argv; + continue; + } + if (!strcmp("-randkey", *argv)) { + randkey++; + continue; + } + if (!strcmp("-keepold", *argv)) { + keepold++; + continue; + } + if (!strcmp("-e", *argv)) { + argc--; + if (argc < 1) { + fprintf(stderr, + "change_password: missing keysaltlist arg\n"); + goto usage; + } + retval = krb5_string_to_keysalts(*++argv, ", \t", ":.-", 0, + &ks_tuple, &n_ks_tuple); + if (retval) { + com_err("change_password", retval, + "while parsing keysalts %s", *argv); + return; + } + continue; + } + goto usage; + } + retval = kadmin_parse_name(*argv, &princ); if (retval) { com_err("change_password", retval, "while parsing principal name"); + if (ks_tuple != NULL) + free(ks_tuple); return; } retval = krb5_unparse_name(context, princ, &canon); if (retval) { com_err("change_password", retval, "while canonicalizing principal"); krb5_free_principal(context, princ); + if (ks_tuple != NULL) + free(ks_tuple); return; } - if ((argc == 4) && (strlen(argv[1]) == 3) && !strcmp("-pw", argv[1])) { - retval = kadm5_chpass_principal(handle, princ, argv[2]); + if (pwarg != NULL) { + if (keepold || ks_tuple != NULL) { + retval = kadm5_chpass_principal_3(handle, princ, keepold, + n_ks_tuple, ks_tuple, pwarg); + if (ks_tuple != NULL) + free(ks_tuple); + } else { + retval = kadm5_chpass_principal(handle, princ, pwarg); + } krb5_free_principal(context, princ); if (retval) { com_err("change_password", retval, @@ -545,9 +594,16 @@ void kadmin_cpw(argc, argv) printf("Password for \"%s\" changed.\n", canon); free(canon); return; - } else if ((argc == 3) && (strlen(argv[1]) == 8) && - !strcmp("-randkey", argv[1])) { - retval = kadm5_randkey_principal(handle, princ, NULL, NULL); + } else if (randkey) { + if (keepold || ks_tuple != NULL) { + retval = kadm5_randkey_principal_3(handle, princ, keepold, + n_ks_tuple, ks_tuple, + NULL, NULL); + if (ks_tuple != NULL) + free(ks_tuple); + } else { + retval = kadm5_randkey_principal(handle, princ, NULL, NULL); + } krb5_free_principal(context, princ); if (retval) { com_err("change_password", retval, @@ -558,24 +614,34 @@ void kadmin_cpw(argc, argv) printf("Key for \"%s\" randomized.\n", canon); free(canon); return; - } else if (argc == 2) { + } else if (argc == 1) { int i = sizeof (newpw) - 1; sprintf(prompt1, "Enter password for principal \"%.900s\": ", - argv[1]); + *argv); sprintf(prompt2, "Re-enter password for principal \"%.900s\": ", - argv[1]); + *argv); retval = krb5_read_password(context, prompt1, prompt2, newpw, &i); if (retval) { com_err("change_password", retval, "while reading password for \"%s\".", canon); free(canon); + if (ks_tuple != NULL) + free(ks_tuple); krb5_free_principal(context, princ); return; } - retval = kadm5_chpass_principal(handle, princ, newpw); + if (keepold || ks_tuple != NULL) { + retval = kadm5_chpass_principal_3(handle, princ, keepold, + n_ks_tuple, ks_tuple, + newpw); + if (ks_tuple != NULL) + free(ks_tuple); + } else { + retval = kadm5_chpass_principal(handle, princ, newpw); + } krb5_free_principal(context, princ); memset(newpw, 0, sizeof (newpw)); if (retval) { @@ -591,20 +657,27 @@ void kadmin_cpw(argc, argv) free(canon); krb5_free_principal(context, princ); usage: + if (ks_tuple != NULL) + free(ks_tuple); fprintf(stderr, - "usage: change_password [-randkey] [-pw password] " + "usage: change_password [-randkey] [-keepold] " + "[-e keysaltlist] [-pw password] " "principal\n"); return; } } -int kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey, caller) +int kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey, + keepold, ks_tuple, n_ks_tuple, caller) int argc; char *argv[]; kadm5_principal_ent_t oprinc; long *mask; char **pass; int *randkey; + int *keepold; + krb5_key_salt_tuple **ks_tuple; + int *n_ks_tuple; char *caller; { int i, j, attrib_set; @@ -614,6 +687,9 @@ int kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey, caller) *mask = 0; *pass = NULL; + *n_ks_tuple = 0; + *ks_tuple = NULL; + *keepold = 0; time(&now); *randkey = 0; for (i = 1; i < argc - 1; i++) { @@ -722,6 +798,24 @@ int kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey, caller) ++*randkey; continue; } + if (!strcmp("-e", argv[i])) { + if (++i > argc - 2) + return -1; + else { + retval = krb5_string_to_keysalts(argv[i], ", \t", ":.-", 0, + ks_tuple, n_ks_tuple); + if (retval) { + com_err(caller, retval, + "while parsing keysalts %s", argv[i]); + return -1; + } + } + continue; + } + if (!strcmp("-keepold", argv[i])) { + ++*keepold; + continue; + } for (j = 0; j < sizeof (flags) / sizeof (struct pflag); j++) { if (strlen(argv[i]) == flags[j].flaglen + 1 && !strcmp(flags[j].flagname, @@ -762,7 +856,7 @@ void kadmin_addprinc_usage(func) { fprintf(stderr, "usage: %s [options] principal\n", func); fprintf(stderr, "\toptions are:\n"); - fprintf(stderr, "\t\t[-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-randkey] [-pw password]\n\t\t[-maxrenewlife maxrenewlife] [{+|-}attribute]\n"); + fprintf(stderr, "\t\t[-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-randkey] [-pw password]\n\t\t[-maxrenewlife maxrenewlife]\n\t\t[-keepold] [-e keysaltlist]\n\t\t[{+|-}attribute]\n"); fprintf(stderr, "\tattributes are:\n"); fprintf(stderr, "%s%s%s", "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n", @@ -791,6 +885,8 @@ void kadmin_addprinc(argc, argv) kadm5_policy_ent_rec defpol; long mask; int randkey = 0, i; + int keepold, n_ks_tuple; + krb5_key_salt_tuple *ks_tuple; char *pass, *canon; krb5_error_code retval; static char newpw[1024], dummybuf[256]; @@ -807,6 +903,7 @@ void kadmin_addprinc(argc, argv) princ.attributes = 0; if (kadmin_parse_princ_args(argc, argv, &princ, &mask, &pass, &randkey, + &keepold, &ks_tuple, &n_ks_tuple, "add_principal")) { kadmin_addprinc_usage("add_principal"); return; @@ -817,6 +914,8 @@ void kadmin_addprinc(argc, argv) com_err("add_principal", retval, "while canonicalizing principal"); krb5_free_principal(context, princ.principal); + if (ks_tuple != NULL) + free(ks_tuple); return; } @@ -866,22 +965,38 @@ void kadmin_addprinc(argc, argv) pass = newpw; } mask |= KADM5_PRINCIPAL; - retval = kadm5_create_principal(handle, &princ, mask, pass); + if (keepold || ks_tuple != NULL) { + retval = kadm5_create_principal_3(handle, &princ, mask, keepold, + n_ks_tuple, ks_tuple, pass); + } else { + retval = kadm5_create_principal(handle, &princ, mask, pass); + } if (retval) { com_err("add_principal", retval, "while creating \"%s\".", canon); krb5_free_principal(context, princ.principal); free(canon); + if (ks_tuple != NULL) + free(ks_tuple); return; } if (randkey) { /* more special stuff for -randkey */ - retval = kadm5_randkey_principal(handle, princ.principal, - NULL, NULL); + if (keepold || ks_tuple != NULL) { + retval = kadm5_randkey_principal_3(handle, princ.principal, + keepold, + n_ks_tuple, ks_tuple, + NULL, NULL); + } else { + retval = kadm5_randkey_principal(handle, princ.principal, + NULL, NULL); + } if (retval) { com_err("add_principal", retval, "while randomizing key for \"%s\".", canon); krb5_free_principal(context, princ.principal); free(canon); + if (ks_tuple != NULL) + free(ks_tuple); return; } princ.attributes &= ~KRB5_KDB_DISALLOW_ALL_TIX; /* clear notix */ @@ -892,11 +1007,15 @@ void kadmin_addprinc(argc, argv) "while clearing DISALLOW_ALL_TIX for \"%s\".", canon); krb5_free_principal(context, princ.principal); free(canon); + if (ks_tuple != NULL) + free(ks_tuple); return; } } krb5_free_principal(context, princ.principal); printf("Principal \"%s\" created.\n", canon); + if (ks_tuple != NULL) + free(ks_tuple); free(canon); } @@ -910,6 +1029,8 @@ void kadmin_modprinc(argc, argv) krb5_error_code retval; char *pass, *canon; int randkey = 0; + int keepold = 0, n_ks_tuple = 0; + krb5_key_salt_tuple *ks_tuple; if (argc < 2) { kadmin_modprinc_usage("modify_principal"); @@ -945,7 +1066,19 @@ void kadmin_modprinc(argc, argv) retval = kadmin_parse_princ_args(argc, argv, &princ, &mask, &pass, &randkey, + &keepold, &ks_tuple, &n_ks_tuple, "modify_principal"); + if (ks_tuple != NULL) { + free(ks_tuple); + kadmin_modprinc_usage("modify_principal"); + free(canon); + return; + } + if (keepold) { + kadmin_modprinc_usage("modify_principal"); + free(canon); + return; + } if (retval) { kadmin_modprinc_usage("modify_principal"); free(canon); diff --git a/src/kadmin/cli/keytab.c b/src/kadmin/cli/keytab.c index 8a474b92c..832628e02 100644 --- a/src/kadmin/cli/keytab.c +++ b/src/kadmin/cli/keytab.c @@ -44,6 +44,8 @@ static char *rcsid = "$Header$"; #include static int add_principal(void *handle, char *keytab_str, krb5_keytab keytab, + int keepold, + int n_ks_tuple, krb5_key_salt_tuple *ks_tuple, char *princ_str); static int remove_principal(char *keytab_str, krb5_keytab keytab, char *princ_str, char *kvno_str); @@ -57,7 +59,7 @@ static int quiet; void add_usage() { - fprintf(stderr, "Usage: ktadd [-k[eytab] keytab] [-q] [principal | -glob princ-exp] [...]\n"); + fprintf(stderr, "Usage: ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] [principal | -glob princ-exp] [...]\n"); } void rem_usage() @@ -119,6 +121,9 @@ void kadmin_keytab_add(int argc, char **argv) krb5_keytab keytab = 0; char *princ_str, *keytab_str = NULL, **princs; int code, num, i; + krb5_error_code retval; + int keepold = 0, n_ks_tuple = 0; + krb5_key_salt_tuple *ks_tuple = NULL; argc--; argv++; quiet = 0; @@ -132,6 +137,20 @@ void kadmin_keytab_add(int argc, char **argv) keytab_str = *argv; } else if (strcmp(*argv, "-q") == 0) { quiet++; + } else if (strcmp(*argv, "-e") == 0) { + argc--; + if (argc < 1) { + add_usage(); + return; + } + retval = krb5_string_to_keysalts(*++argv, ", \t", ":.-", 0, + &ks_tuple, &n_ks_tuple); + if (retval) { + com_err("ktadd", retval, "while parsing keysalts %s", + *argv); + + return; + } } else break; argc--; argv++; @@ -161,10 +180,13 @@ void kadmin_keytab_add(int argc, char **argv) for (i = 0; i < num; i++) (void) add_principal(handle, keytab_str, keytab, + keepold, n_ks_tuple, ks_tuple, princs[i]); kadm5_free_name_list(handle, princs, num); } else - (void) add_principal(handle, keytab_str, keytab, *argv); + (void) add_principal(handle, keytab_str, keytab, + keepold, n_ks_tuple, ks_tuple, + *argv); argv++; } @@ -215,6 +237,8 @@ void kadmin_keytab_remove(int argc, char **argv) } int add_principal(void *handle, char *keytab_str, krb5_keytab keytab, + int keepold, int n_ks_tuple, + krb5_key_salt_tuple *ks_tuple, char *princ_str) { kadm5_principal_ent_rec princ_rec; @@ -236,7 +260,13 @@ int add_principal(void *handle, char *keytab_str, krb5_keytab keytab, goto cleanup; } - code = kadm5_randkey_principal(handle, princ, &keys, &nkeys); + if (keepold || ks_tuple != NULL) { + code = kadm5_randkey_principal_3(handle, princ, + keepold, n_ks_tuple, ks_tuple, + &keys, &nkeys); + } else { + code = kadm5_randkey_principal(handle, princ, &keys, &nkeys); + } if (code != 0) { if (code == KADM5_UNK_PRINC) { fprintf(stderr, "%s: Principal %s does not exist.\n", -- 2.26.2