From 1bd4a80305b98777efe3120234e05cce4cda7913 Mon Sep 17 00:00:00 2001 From: Chris Provenzano Date: Mon, 7 Aug 1995 15:47:07 +0000 Subject: [PATCH] * cpw.c : Uses new kdb change password routines for ank, ark, cpw, and crk. Also remove v4 variants of ank and cpw. * krb5_edit.c : Deleted old variants of routines now in cpw.c * kdb5_ed_ct.ct, kdb5_edit.M, tcl_wrapper.c: Removed references to v4 variants of ank and cpw. * kdb5_edit.h (enter_pwd_key()) : Removed proto, it's nolonger necessary as it's a static routine in cpw.c git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6428 dc483132-0cff-0310-8789-dd5450dbe970 --- src/admin/edit/ChangeLog | 10 + src/admin/edit/Makefile.in | 2 + src/admin/edit/cpw.c | 470 ++++++++++++++--------------------- src/admin/edit/kdb5_ed_ct.ct | 6 - src/admin/edit/kdb5_edit.M | 6 - src/admin/edit/kdb5_edit.c | 436 -------------------------------- src/admin/edit/kdb5_edit.h | 3 - src/admin/edit/tcl_wrapper.c | 12 +- 8 files changed, 199 insertions(+), 746 deletions(-) diff --git a/src/admin/edit/ChangeLog b/src/admin/edit/ChangeLog index 32085fb43..b6457060f 100644 --- a/src/admin/edit/ChangeLog +++ b/src/admin/edit/ChangeLog @@ -1,4 +1,14 @@ +Mon Aug 07 11:16:03 1995 Chris Provenzano (proven@mit.edu) + + * cpw.c : Uses new kdb change password routines for ank, ark, cpw, + and crk. Also remove v4 variants of ank and cpw. + * krb5_edit.c : Deleted old variants of rotuines now in cpw.c + * kdb5_ed_ct.ct, kdb5_edit.M, tcl_wrapper.c: + Removed references to v4 variants of ank and cpw. + * kdb5_edit.h (enter_pwd_key()) : Removed proto, it's nolonger + necessary as it's a static routine in cpw.c + Thu Aug 03 12:13:50 1995 Chris Provenzano (proven@mit.edu) * cpw.c : New change password code for kdb5_edit. diff --git a/src/admin/edit/Makefile.in b/src/admin/edit/Makefile.in index dcc8bf9d1..dd976ffc7 100644 --- a/src/admin/edit/Makefile.in +++ b/src/admin/edit/Makefile.in @@ -6,6 +6,7 @@ LOCALINCLUDE=-I$(SRCTOP)/include/kerberosIV -I$(BUILDTOP)/include/kerberosIV OBJS= kdb5_edit.o \ kdb5_ed_ct.o \ + cpw.o \ util.o \ dump.o \ dumpv4.o \ @@ -14,6 +15,7 @@ OBJS= kdb5_edit.o \ SRCS= $(srcdir)/kdb5_edit.c \ $(srcdir)/kdb5_ed_ct.c \ + $(srcdir)/cpw.c \ $(srcdir)/util.c \ $(srcdir)/dump.c \ $(srcdir)/ss_wrapper.c \ diff --git a/src/admin/edit/cpw.c b/src/admin/edit/cpw.c index fd8988253..dbf3f503b 100644 --- a/src/admin/edit/cpw.c +++ b/src/admin/edit/cpw.c @@ -36,200 +36,218 @@ extern char *Err_no_master_msg; extern char *Err_no_database; extern char *current_dbname; - -/* - * XXX Ick, ick, ick. These global variables shouldn't be global.... - */ -/* -static char search_name[40]; -static int num_name_tokens; -static char search_instance[40]; -static int num_instance_tokens; -static int must_be_first[2]; -static char *mkey_password = 0; -static char *stash_file = (char *) NULL; -*/ - /* * I can't figure out any way for this not to be global, given how ss * works. */ - extern int exit_status; - extern krb5_context edit_context; - extern krb5_keyblock master_keyblock; extern krb5_principal master_princ; extern krb5_db_entry master_entry; extern krb5_encrypt_block master_encblock; -extern krb5_pointer master_random; extern int valid_master_key; - extern char *krb5_default_pwd_prompt1, *krb5_default_pwd_prompt2; - -extern char *progname; -extern char *cur_realm; -extern char *mkey_name; -extern krb5_boolean manual_mkey; extern krb5_boolean dbactive; -/* - * This is the guts of add_rnd_key() and change_rnd_key() - */ -void -enter_rnd_key(argc, argv, change) +static krb5_key_salt_tuple ks_tuple_rnd_def[] = { KEYTYPE_DES, 0 }; +static int ks_tuple_rnd_def_count = 1; + +static void +enter_rnd_key(argc, argv, entry) int argc; char ** argv; - int change; + krb5_db_entry * entry; { krb5_error_code retval; - krb5_keyblock * tempkey; - krb5_principal newprinc; - krb5_key_data * key_data; - krb5_db_entry entry; - krb5_boolean more; int nprincs = 1; - int vno; - - if (argc < 2) { - com_err(argv[0], 0, "Too few arguments"); - com_err(argv[0], 0, "Usage: %s principal", argv[0]); - exit_status++; - return; - } - if (!dbactive) { - com_err(argv[0], 0, Err_no_database); - exit_status++; - return; - } - if (!valid_master_key) { - com_err(argv[0], 0, Err_no_master_msg); - exit_status++; - return; - } - if (retval = krb5_parse_name(edit_context, argv[1], &newprinc)) { - com_err(argv[0], retval, "while parsing '%s'", argv[1]); - exit_status++; - return; - } - if (retval = krb5_db_get_principal(edit_context, newprinc, &entry, - &nprincs, &more)) { - com_err(argv[0], retval, "while trying to get principal's database entry"); - exit_status++; - return; - } - if (change && !nprincs) { - com_err(argv[0], 0, "No principal '%s' exists", argv[1]); - exit_status++; - goto errout; - } - if (!change && nprincs) { - com_err(argv[0], 0, "Principal '%s' already exists.", argv[1]); - exit_status++; - goto errout; - } - if (!change) { - if (retval = create_db_entry(newprinc, &entry)) { - com_err(argv[0], retval, "While creating new db entry."); - exit_status++; - goto errout; - } - if (retval = krb5_dbe_create_key_data(edit_context, &entry)) { - com_err(argv[0], retval, "While creating key_data for db_entry."); - exit_status++; - goto errout; - } - nprincs = 1; - vno = 1; - } else { - vno = entry.key_data[0].key_data_kvno++; - } - /* For now we only set the first key_data */ - key_data = entry.key_data; - - if (retval = krb5_random_key(edit_context, &master_encblock, - master_random, &tempkey)) { + if (retval = krb5_dbe_crk(edit_context, &master_encblock, ks_tuple_rnd_def, + ks_tuple_rnd_def_count, entry)) { com_err(argv[0], retval, "while generating random key"); + krb5_db_free_principal(edit_context, entry, nprincs); exit_status++; return; } - /* Encoding over an old key_data will free old key contents */ - retval = krb5_dbekd_encrypt_key_data(edit_context, &master_encblock, - tempkey, NULL, vno, key_data); - krb5_free_keyblock(edit_context, tempkey); - if (retval) { - com_err(argv[0], retval, "while encrypting key for '%s'", argv[1]); - exit_status++; - goto errout; - } - - if (retval = krb5_db_put_principal(edit_context, &entry, &nprincs)) { + if (retval = krb5_db_put_principal(edit_context, entry, &nprincs)) { com_err(argv[0], retval, "while storing entry for '%s'\n", argv[1]); + krb5_db_free_principal(edit_context, entry, nprincs); exit_status++; - goto errout; + return; } + krb5_db_free_principal(edit_context, entry, nprincs); + if (nprincs != 1) { com_err(argv[0], 0, "entry not stored in database (unknown failure)"); exit_status++; } -errout: - krb5_free_principal(edit_context, newprinc); - if (nprincs) - krb5_db_free_principal(edit_context, &entry, nprincs); - return; +} + +static int +pre_key(argc, argv, newprinc, entry) + int argc; + char ** argv; + krb5_principal * newprinc; + krb5_db_entry * entry; +{ + krb5_boolean more; + krb5_error_code retval; + int nprincs = 1; + + if (!dbactive) { + com_err(argv[0], 0, Err_no_database); + } else if (!valid_master_key) { + com_err(argv[0], 0, Err_no_master_msg); + } else if (retval = krb5_parse_name(edit_context, argv[argc-1], newprinc)) { + com_err(argv[0], retval, "while parsing '%s'", argv[argc-1]); + } else if (retval = krb5_db_get_principal(edit_context, *newprinc, entry, + &nprincs, &more)) { + com_err(argv[0],retval,"while trying to get principal's db entry"); + } else if ((nprincs > 1) || (more)) { + krb5_db_free_principal(edit_context, entry, nprincs); + krb5_free_principal(edit_context, *newprinc); + } else if (nprincs) + return(1); + else + return(0); + return(-1); } void add_rnd_key(argc, argv) int argc; char *argv[]; { - enter_rnd_key(argc, argv, 0); + krb5_error_code retval; + krb5_principal newprinc; + krb5_db_entry entry; + + if (argc < 2) { + com_err(argv[0], 0, "Too few arguments"); + com_err(argv[0], 0, "Usage: %s principal", argv[0]); + exit_status++; + return; + } + switch (pre_key(argc, argv, &newprinc, &entry)) { + case 0: + if (retval = create_db_entry(newprinc, &entry)) { + com_err(argv[0], retval, "While creating new db entry."); + exit_status++; + return; + } + krb5_free_principal(edit_context, newprinc); + enter_rnd_key(argc, argv, &entry); + return; + case 1: + com_err(argv[0], 0, "Principal '%s' already exists.", argv[1]); + krb5_db_free_principal(edit_context, &entry, 1); + krb5_free_principal(edit_context, newprinc); + default: + exit_status++; + break; + } } void change_rnd_key(argc, argv) int argc; char *argv[]; { - enter_rnd_key(argc, argv, 1); + krb5_error_code retval; + krb5_principal newprinc; + krb5_db_entry entry; + + if (argc < 2) { + com_err(argv[0], 0, "Too few arguments"); + com_err(argv[0], 0, "Usage: %s principal", argv[0]); + exit_status++; + return; + } + switch (pre_key(argc, argv, &newprinc, &entry)) { + case 1: + krb5_free_principal(edit_context, newprinc); + enter_rnd_key(argc, argv, &entry); + break; + case 0: + com_err(argv[0], 0, "No principal '%s' exists", argv[1]); + default: + exit_status++; + break; + } +} + +static krb5_key_salt_tuple ks_tuple_default[] = { KEYTYPE_DES, 0 }; +static int ks_tuple_count_default = 1; + +void +enter_pwd_key(cmdname, princ, ks_tuple, ks_tuple_count, entry) + char * cmdname; + char * princ; + krb5_key_salt_tuple * ks_tuple; + int ks_tuple_count; + krb5_db_entry * entry; +{ + char password[KRB5_ADM_MAX_PASSWORD_LEN]; + int pwsize = KRB5_ADM_MAX_PASSWORD_LEN; + krb5_error_code retval; + int one = 1; + + if (retval = krb5_read_password(edit_context, krb5_default_pwd_prompt1, + krb5_default_pwd_prompt2, + password, &pwsize)) { + com_err(cmdname, retval, "while reading password for '%s'", princ); + goto errout; + } + + if (ks_tuple_count == 0) { + ks_tuple_count = ks_tuple_count_default; + ks_tuple = ks_tuple_default; + } + if (retval = krb5_dbe_cpw(edit_context, &master_encblock, ks_tuple, + ks_tuple_count, password, entry)) { + com_err(cmdname, retval, "while storing entry for '%s'\n", princ); + memset(password, 0, sizeof(password)); /* erase it */ + krb5_dbe_free_contents(edit_context, entry); + goto errout; + } + memset(password, 0, sizeof(password)); /* erase it */ + + /* Write the entry back out and we're done */ + if (retval = krb5_db_put_principal(edit_context, entry, &one)) { + com_err(cmdname, retval, "while storing entry for '%s'\n", princ); + } + + if (one != 1) { + com_err(cmdname, 0, "entry not stored in database (unknown failure)"); + exit_status++; + } + +errout:; + krb5_db_free_principal(edit_context, entry, one); + if (retval) + exit_status++; + return; } -krb5_key_salt_tuple ks_tuple_default = { KEYTYPE_DES, 0 }; void change_pwd_key(argc, argv) int argc; char *argv[]; { krb5_key_salt_tuple * ks_tuple = NULL; - krb5_db_entry db_entry; krb5_error_code retval; - krb5_principal princ; - krb5_boolean more; + krb5_principal newprinc; + krb5_db_entry entry; + krb5_kvno vno; int one; int i; - char password[KRB5_ADM_MAX_PASSWORD_LEN]; - int pwsize = KRB5_ADM_MAX_PASSWORD_LEN; - - if (!dbactive) { - com_err(argv[0], 0, Err_no_database); - exit_status++; - return; - } - if (!valid_master_key) { - com_err(argv[0], 0, Err_no_master_msg); - exit_status++; - return; - } - if (argc < 2) { - com_err(argv[0], 0, "Usage: % [-]> principal", + com_err(argv[0], 0, "Too few arguments"); + com_err(argv[0], 0, "Usage: %s [-]> principal", argv[0]); - exit_status++; + exit_status++; return; } @@ -280,173 +298,57 @@ void change_pwd_key(argc, argv) goto change_pwd_key_error; } - if (retval = krb5_parse_name(edit_context, argv[i], &princ)) { - com_err(argv[0], retval, "while parsing '%s'", argv[i]); - goto change_pwd_key_error; - } - if ((retval = krb5_db_get_principal(edit_context, princ, &db_entry, - &one, &more)) || (!one) || (more)) { - com_err(argv[0], 0, "No principal '%s' exists!", argv[i]); - krb5_free_principal(edit_context, princ); - goto change_pwd_key_error; - } - - /* Done with principal */ - krb5_free_principal(edit_context, princ); - - if (retval = krb5_read_password(edit_context, krb5_default_pwd_prompt1, - krb5_default_pwd_prompt2, - password, &pwsize)) { - com_err(argv[0], retval, "while reading password for '%s'", argv[i]); - goto change_pwd_key_error; - } - - if (retval = krb5_dbe_cpw(edit_context, &master_encblock, &db_entry, - ks_tuple ? ks_tuple : &ks_tuple_default, - i, password)) { - com_err(argv[0], retval, "while storing entry for '%s'\n", argv[i]); - krb5_dbe_free_contents(edit_context, &db_entry); - goto change_pwd_key_error; - } - - /* Write the entry back out and we're done */ - if (retval = krb5_db_put_principal(edit_context, &db_entry, &one)) { - com_err(argv[0], retval, "while storing entry for '%s'\n", argv[i]); + switch (pre_key(argc, argv, &newprinc, &entry)) { + case 1: + /* Done with principal */ + krb5_free_principal(edit_context, newprinc); + enter_pwd_key(argv[0], argv[i], ks_tuple, i-1, &entry); + break; + case 0: + com_err(argv[0], 0, "No principal '%s' exists", argv[i]); + default: + exit_status++; + break; } change_pwd_key_error:; - krb5_xfree(ks_tuple); - if (retval) - exit_status++; - return; + if (ks_tuple) { + free(ks_tuple); + } } -void change_v4_key(argc, argv) +void add_new_key(argc, argv) int argc; char *argv[]; { - krb5_error_code retval; - krb5_principal newprinc; - krb5_kvno vno; + krb5_error_code retval; + krb5_principal newprinc; + krb5_db_entry entry; if (argc < 2) { com_err(argv[0], 0, "Too few arguments"); - com_err(argv[0], 0, "Usage: %s principal", argv[0]); - exit_status++; - return; - } - if (!dbactive) { - com_err(argv[0], 0, Err_no_database); - exit_status++; - return; - } - if (!valid_master_key) { - com_err(argv[0], 0, Err_no_master_msg); - exit_status++; - return; - } - if (retval = krb5_parse_name(edit_context, argv[1], &newprinc)) { - com_err(argv[0], retval, "while parsing '%s'", argv[1]); - exit_status++; - return; - } - if ((vno = princ_exists(argv[0], newprinc)) == 0) { - com_err(argv[0], 0, "No principal '%s' exists!", argv[1]); - exit_status++; - krb5_free_principal(edit_context, newprinc); - return; - } - enter_pwd_key(argv[0], argv[1], newprinc, newprinc, vno, - KRB5_KDB_SALTTYPE_V4); - krb5_free_principal(edit_context, newprinc); - return; -} - -void -enter_pwd_key(cmdname, newprinc, princ, string_princ, vno, salttype) - char * cmdname; - char * newprinc; - krb5_const_principal princ; - krb5_const_principal string_princ; - krb5_kvno vno; - int salttype; -{ - krb5_error_code retval; - char password[BUFSIZ]; - int pwsize = sizeof(password); - krb5_keyblock tempkey; - krb5_keysalt salt; - krb5_data pwd; - - if (retval = krb5_read_password(edit_context, krb5_default_pwd_prompt1, - krb5_default_pwd_prompt2, - password, &pwsize)) { - com_err(cmdname, retval, "while reading password for '%s'", newprinc); - exit_status++; + com_err(argv[0], 0, "Usage: %s [-]> principal", + argv[0]); + exit_status++; return; } - pwd.data = password; - pwd.length = pwsize; - - switch (salt.type = salttype) { - case KRB5_KDB_SALTTYPE_NORMAL: - if (retval = krb5_principal2salt(edit_context,string_princ,&salt.data)){ - com_err(cmdname, retval, - "while converting principal to salt for '%s'", newprinc); - exit_status++; - return; - } - break; - case KRB5_KDB_SALTTYPE_V4: - salt.data.length = 0; - salt.data.data = 0; - break; - case KRB5_KDB_SALTTYPE_NOREALM: - if (retval = krb5_principal2salt_norealm(edit_context, string_princ, - &salt.data)) { - com_err(cmdname, retval, - "while converting principal to salt for '%s'", newprinc); - exit_status++; - return; - } - break; - case KRB5_KDB_SALTTYPE_ONLYREALM: { - krb5_data * saltdata; - if (retval = krb5_copy_data(edit_context, - krb5_princ_realm(edit_context,string_princ), - &saltdata)) { - com_err(cmdname, retval, - "while converting principal to salt for '%s'", newprinc); + switch (pre_key(argc, argv, &newprinc, &entry)) { + case 0: + if (retval = create_db_entry(newprinc, &entry)) { + com_err(argv[0], retval, "While creating new db entry."); exit_status++; return; } - salt.data = *saltdata; - krb5_xfree(saltdata); - break; - } - default: - com_err(cmdname, 0, "Don't know how to enter salt type %d", salttype); - exit_status++; - return; - } - retval = krb5_string_to_key(edit_context, &master_encblock, - master_keyblock.keytype, &tempkey, - &pwd, &salt.data); - memset(password, 0, sizeof(password)); /* erase it */ - if (retval) { - com_err(cmdname, retval, "while converting password to key for '%s'", - newprinc); - if (salt.data.data) - krb5_xfree(salt.data.data); - exit_status++; + enter_pwd_key(argv[0], argv[argc - 1], NULL, 0, &entry); + krb5_free_principal(edit_context, newprinc); return; + case 1: + com_err(argv[0], 0, "Principal '%s' already exists.", argv[argc - 1]); + krb5_db_free_principal(edit_context, &entry, 1); + krb5_free_principal(edit_context, newprinc); + default: + exit_status++; + break; } - add_key(cmdname, newprinc, princ, &tempkey, ++vno, - (salttype == KRB5_KDB_SALTTYPE_NORMAL) ? NULL : &salt); - memset((char *)tempkey.contents, 0, tempkey.length); - if (salt.data.data) - krb5_xfree(salt.data.data); - krb5_xfree(tempkey.contents); - return; } diff --git a/src/admin/edit/kdb5_ed_ct.ct b/src/admin/edit/kdb5_ed_ct.ct index 423962f9d..f00af1e76 100644 --- a/src/admin/edit/kdb5_ed_ct.ct +++ b/src/admin/edit/kdb5_ed_ct.ct @@ -42,12 +42,6 @@ request add_rnd_key, "Add new entry to Kerberos database, using a random key", request change_rnd_key, "Change key of an entry in the Kerberos database (select a new random key)", change_rnd_key, crk; -request add_v4_key, "Add new entry to Kerberos database (using V4 string-to-key)", - add_v4_key, av4k; - -request change_v4_key, "Change key of an entry in the Kerberos database (using V4 string-to-key)", - change_v4_key, cv4k; - request delete_entry, "Delete an entry from the database", delete_entry, delent, del; diff --git a/src/admin/edit/kdb5_edit.M b/src/admin/edit/kdb5_edit.M index ce9a19ac9..db7e514fb 100644 --- a/src/admin/edit/kdb5_edit.M +++ b/src/admin/edit/kdb5_edit.M @@ -107,12 +107,6 @@ Add new entry to Kerberos database, using a random key .IP change_rnd_key,crk Change key of an entry in the Kerberos database (select a new random key) -.IP add_v4_key,av4k -Add new entry to Kerberos database (using V4 string-to-key) - -.IP change_v4_key,cv4k -Change key of an entry in the Kerberos database (using V4 string-to-key) - .IP delete_entry,delent,del Delete an entry from the database diff --git a/src/admin/edit/kdb5_edit.c b/src/admin/edit/kdb5_edit.c index 05b9a97f3..3fcdf239f 100644 --- a/src/admin/edit/kdb5_edit.c +++ b/src/admin/edit/kdb5_edit.c @@ -348,54 +348,6 @@ create_db_entry_error: return retval; } -void -add_key(cmdname, newprinc, principal, key, vno, salt) - char const * cmdname; - char const * newprinc; - krb5_const_principal principal; - const krb5_keyblock * key; - krb5_kvno vno; - krb5_keysalt * salt; -{ - krb5_error_code retval; - krb5_db_entry entry; - int one = 1; - - /* First create a db_entry */ - if (retval = create_db_entry(principal, &entry)) { - com_err(cmdname, retval, "while creating db_entry."); - return; - } - - /* Now add the key */ - if (retval = krb5_dbe_create_key_data(edit_context, &entry)) { - com_err(cmdname, retval, "while creating key_data for db_entry."); - goto add_key_error; - } - - if (retval = krb5_dbekd_encrypt_key_data(edit_context, &master_encblock, - key, salt, vno, entry.key_data)) { - com_err(cmdname, retval, "while encrypting key for '%s'", newprinc); - goto add_key_error; - } - - if (retval = krb5_db_put_principal(edit_context, &entry, &one)) { - com_err(cmdname, retval, "while storing entry for '%s'\n", newprinc); - goto add_key_error; - } - - if (one != 1) { - com_err(cmdname, 0, "entry not stored in database (unknown failure)"); - goto add_key_error; - } - -add_key_error: - krb5_dbe_free_contents(edit_context, &entry); - if (retval) - exit_status++; - return; -} - void set_dbname(argc, argv) int argc; @@ -1055,394 +1007,6 @@ void delete_entry(argc, argv) return; } -/* - * This is the guts of add_rnd_key() and change_rnd_key() - */ -void -enter_rnd_key(argc, argv, change) - int argc; - char ** argv; - int change; -{ - krb5_error_code retval; - krb5_keyblock * tempkey; - krb5_principal newprinc; - krb5_key_data * key_data; - krb5_db_entry entry; - krb5_boolean more; - int nprincs = 1; - int vno; - - if (argc < 2) { - com_err(argv[0], 0, "Too few arguments"); - com_err(argv[0], 0, "Usage: %s principal", argv[0]); - exit_status++; - return; - } - if (!dbactive) { - com_err(argv[0], 0, Err_no_database); - exit_status++; - return; - } - if (!valid_master_key) { - com_err(argv[0], 0, Err_no_master_msg); - exit_status++; - return; - } - if (retval = krb5_parse_name(edit_context, argv[1], &newprinc)) { - com_err(argv[0], retval, "while parsing '%s'", argv[1]); - exit_status++; - return; - } - if (retval = krb5_db_get_principal(edit_context, newprinc, &entry, - &nprincs, &more)) { - com_err(argv[0], retval, "while trying to get principal's database entry"); - exit_status++; - return; - } - if (change && !nprincs) { - com_err(argv[0], 0, "No principal '%s' exists", argv[1]); - exit_status++; - goto errout; - } - if (!change && nprincs) { - com_err(argv[0], 0, "Principal '%s' already exists.", argv[1]); - exit_status++; - goto errout; - } - - if (!change) { - if (retval = create_db_entry(newprinc, &entry)) { - com_err(argv[0], retval, "While creating new db entry."); - exit_status++; - goto errout; - } - if (retval = krb5_dbe_create_key_data(edit_context, &entry)) { - com_err(argv[0], retval, "While creating key_data for db_entry."); - exit_status++; - goto errout; - } - nprincs = 1; - vno = 1; - } else { - vno = entry.key_data[0].key_data_kvno++; - } - /* For now we only set the first key_data */ - key_data = entry.key_data; - - if (retval = krb5_random_key(edit_context, &master_encblock, - master_random, &tempkey)) { - com_err(argv[0], retval, "while generating random key"); - exit_status++; - return; - } - - /* Encoding over an old key_data will free old key contents */ - retval = krb5_dbekd_encrypt_key_data(edit_context, &master_encblock, - tempkey, NULL, vno, key_data); - krb5_free_keyblock(edit_context, tempkey); - if (retval) { - com_err(argv[0], retval, "while encrypting key for '%s'", argv[1]); - exit_status++; - goto errout; - } - - if (retval = krb5_db_put_principal(edit_context, &entry, &nprincs)) { - com_err(argv[0], retval, "while storing entry for '%s'\n", argv[1]); - exit_status++; - goto errout; - } - - if (nprincs != 1) { - com_err(argv[0], 0, "entry not stored in database (unknown failure)"); - exit_status++; - } - -errout: - krb5_free_principal(edit_context, newprinc); - if (nprincs) - krb5_db_free_principal(edit_context, &entry, nprincs); - return; -} - -void add_rnd_key(argc, argv) - int argc; - char *argv[]; -{ - enter_rnd_key(argc, argv, 0); -} - -void change_rnd_key(argc, argv) - int argc; - char *argv[]; -{ - enter_rnd_key(argc, argv, 1); -} - -void add_new_key(argc, argv) - int argc; - char *argv[]; -{ - krb5_error_code retval; - krb5_principal newprinc; - int salttype = KRB5_KDB_SALTTYPE_NORMAL; - char *cmdname = argv[0]; - - if (argc > 2) { - if (!strcmp(argv[1], "-onlyrealmsalt")) { - salttype = KRB5_KDB_SALTTYPE_ONLYREALM; - argc--; - argv++; - } else if (!strcmp(argv[1], "-norealmsalt")) { - salttype = KRB5_KDB_SALTTYPE_NOREALM; - argc--; - argv++; - } - } - if (argc != 2) { - com_err(cmdname, 0, - "Usage: %s [-onlyrealmsalt|-norealmsalt] principal", argv[0]); - exit_status++; - return; - } - if (!valid_master_key) { - com_err(cmdname, 0, Err_no_master_msg); - exit_status++; - return; - } - if (retval = krb5_parse_name(edit_context, argv[1], &newprinc)) { - com_err(cmdname, retval, "while parsing '%s'", argv[1]); - exit_status++; - return; - } - if (princ_exists(cmdname, newprinc) != NO_PRINC) { - com_err(cmdname, 0, "principal '%s' already exists", argv[1]); - exit_status++; - krb5_free_principal(edit_context, newprinc); - return; - } - enter_pwd_key(cmdname, argv[1], newprinc, newprinc, 0, salttype); - krb5_free_principal(edit_context, newprinc); - return; -} - -void add_v4_key(argc, argv) - int argc; - char *argv[]; -{ - krb5_error_code retval; - krb5_principal newprinc; - - if (argc < 2) { - com_err(argv[0], 0, "Too few arguments"); - com_err(argv[0], 0, "Usage: %s principal", argv[0]); - exit_status++; - return; - } - if (!valid_master_key) { - com_err(argv[0], 0, Err_no_master_msg); - exit_status++; - return; - } - if (retval = krb5_parse_name(edit_context, argv[1], &newprinc)) { - com_err(argv[0], retval, "while parsing '%s'", argv[1]); - exit_status++; - return; - } - if (princ_exists(argv[0], newprinc) != NO_PRINC) { - com_err(argv[0], 0, "principal '%s' already exists", argv[1]); - exit_status++; - krb5_free_principal(edit_context, newprinc); - return; - } - enter_pwd_key(argv[0], argv[1], newprinc, newprinc, 0, - KRB5_KDB_SALTTYPE_V4); - krb5_free_principal(edit_context, newprinc); - return; -} - -void change_pwd_key(argc, argv) - int argc; - char *argv[]; -{ - krb5_error_code retval; - krb5_principal newprinc; - krb5_kvno vno; - int salttype = KRB5_KDB_SALTTYPE_NORMAL; - char *cmdname = argv[0]; - - if (argc > 2) { - if (!strcmp(argv[1], "-onlyrealmsalt")) { - salttype = KRB5_KDB_SALTTYPE_ONLYREALM; - argc--; - argv++; - } else if (!strcmp(argv[1], "-norealmsalt")) { - salttype = KRB5_KDB_SALTTYPE_NOREALM; - argc--; - argv++; - } - } - if (argc != 2) { - com_err(cmdname, 0, - "Usage: %s [-onlyrealmsalt|-norealmsalt] principal", argv[0]); - exit_status++; - return; - } - if (!dbactive) { - com_err(cmdname, 0, Err_no_database); - exit_status++; - return; - } - if (!valid_master_key) { - com_err(cmdname, 0, Err_no_master_msg); - exit_status++; - return; - } - if (retval = krb5_parse_name(edit_context, argv[1], &newprinc)) { - com_err(cmdname, retval, "while parsing '%s'", argv[1]); - exit_status++; - return; - } - if ((vno = princ_exists(argv[0], newprinc)) == NO_PRINC) { - com_err(cmdname, 0, "No principal '%s' exists!", argv[1]); - exit_status++; - krb5_free_principal(edit_context, newprinc); - return; - } - enter_pwd_key(cmdname, argv[1], newprinc, newprinc, vno, salttype); - krb5_free_principal(edit_context, newprinc); - return; -} - -void change_v4_key(argc, argv) - int argc; - char *argv[]; -{ - krb5_error_code retval; - krb5_principal newprinc; - krb5_kvno vno; - - if (argc < 2) { - com_err(argv[0], 0, "Too few arguments"); - com_err(argv[0], 0, "Usage: %s principal", argv[0]); - exit_status++; - return; - } - if (!dbactive) { - com_err(argv[0], 0, Err_no_database); - exit_status++; - return; - } - if (!valid_master_key) { - com_err(argv[0], 0, Err_no_master_msg); - exit_status++; - return; - } - if (retval = krb5_parse_name(edit_context, argv[1], &newprinc)) { - com_err(argv[0], retval, "while parsing '%s'", argv[1]); - exit_status++; - return; - } - if ((vno = princ_exists(argv[0], newprinc)) == NO_PRINC) { - com_err(argv[0], 0, "No principal '%s' exists!", argv[1]); - exit_status++; - krb5_free_principal(edit_context, newprinc); - return; - } - enter_pwd_key(argv[0], argv[1], newprinc, newprinc, vno, - KRB5_KDB_SALTTYPE_V4); - krb5_free_principal(edit_context, newprinc); - return; -} - -void -enter_pwd_key(cmdname, newprinc, princ, string_princ, vno, salttype) - char * cmdname; - char * newprinc; - krb5_const_principal princ; - krb5_const_principal string_princ; - krb5_kvno vno; - int salttype; -{ - krb5_error_code retval; - char password[BUFSIZ]; - int pwsize = sizeof(password); - krb5_keyblock tempkey; - krb5_keysalt salt; - krb5_data pwd; - - if (retval = krb5_read_password(edit_context, krb5_default_pwd_prompt1, - krb5_default_pwd_prompt2, - password, &pwsize)) { - com_err(cmdname, retval, "while reading password for '%s'", newprinc); - exit_status++; - return; - } - pwd.data = password; - pwd.length = pwsize; - - switch (salt.type = salttype) { - case KRB5_KDB_SALTTYPE_NORMAL: - if (retval = krb5_principal2salt(edit_context,string_princ,&salt.data)){ - com_err(cmdname, retval, - "while converting principal to salt for '%s'", newprinc); - exit_status++; - return; - } - break; - case KRB5_KDB_SALTTYPE_V4: - salt.data.length = 0; - salt.data.data = 0; - break; - case KRB5_KDB_SALTTYPE_NOREALM: - if (retval = krb5_principal2salt_norealm(edit_context, string_princ, - &salt.data)) { - com_err(cmdname, retval, - "while converting principal to salt for '%s'", newprinc); - exit_status++; - return; - } - break; - case KRB5_KDB_SALTTYPE_ONLYREALM: { - krb5_data * saltdata; - if (retval = krb5_copy_data(edit_context, - krb5_princ_realm(edit_context,string_princ), - &saltdata)) { - com_err(cmdname, retval, - "while converting principal to salt for '%s'", newprinc); - exit_status++; - return; - } - salt.data = *saltdata; - krb5_xfree(saltdata); - break; - } - default: - com_err(cmdname, 0, "Don't know how to enter salt type %d", salttype); - exit_status++; - return; - } - retval = krb5_string_to_key(edit_context, &master_encblock, - master_keyblock.keytype, &tempkey, - &pwd, &salt.data); - memset(password, 0, sizeof(password)); /* erase it */ - if (retval) { - com_err(cmdname, retval, "while converting password to key for '%s'", - newprinc); - if (salt.data.data) - krb5_xfree(salt.data.data); - exit_status++; - return; - } - add_key(cmdname, newprinc, princ, &tempkey, ++vno, - (salttype == KRB5_KDB_SALTTYPE_NORMAL) ? NULL : &salt); - memset((char *)tempkey.contents, 0, tempkey.length); - if (salt.data.data) - krb5_xfree(salt.data.data); - krb5_xfree(tempkey.contents); - return; -} - static char * strdur(deltat) krb5_deltat deltat; diff --git a/src/admin/edit/kdb5_edit.h b/src/admin/edit/kdb5_edit.h index e0d90ff95..28778404f 100644 --- a/src/admin/edit/kdb5_edit.h +++ b/src/admin/edit/kdb5_edit.h @@ -40,9 +40,6 @@ void add_key PROTOTYPE((char const *, char const *, krb5_const_principal, const krb5_keyblock *, krb5_kvno, krb5_keysalt *)); -void enter_pwd_key - PROTOTYPE((char *, char *, krb5_const_principal, - krb5_const_principal, krb5_kvno, int)); int set_dbname_help PROTOTYPE((char *, char *)); diff --git a/src/admin/edit/tcl_wrapper.c b/src/admin/edit/tcl_wrapper.c index a8f0722cc..d527fa0d1 100644 --- a/src/admin/edit/tcl_wrapper.c +++ b/src/admin/edit/tcl_wrapper.c @@ -51,8 +51,6 @@ void add_new_key PROTOTYPE((int, char **)); void change_pwd_key PROTOTYPE((int, char **)); void add_rnd_key PROTOTYPE((int, char **)); void change_rnd_key PROTOTYPE((int, char **)); -void add_v4_key PROTOTYPE((int, char **)); -void change_v4_key PROTOTYPE((int, char **)); void delete_entry PROTOTYPE((int, char **)); void extract_srvtab PROTOTYPE((krb5_context, int, char **)); void extract_v4_srvtab PROTOTYPE((int, char **)); @@ -97,7 +95,7 @@ int list_requests(clientData, interp, argc, argv) int argc; char *argv[]; { - Tcl_SetResult(interp, "show_principal, show: Show the Kerberos database entry for a principal\nadd_new_key, ank: Add new entry to the Kerberos database (prompting for password\nchange_pwd_key, cpw: Change key of an entry in the Kerberos database (prompting for password)\nadd_rnd_key, ark: Add new entry to Kerberos database, using a random key\nchange_rnd_key, crk: Change key of an entry in the Kerberos database (select a random key)\nadd_v4_key, av4k: Add new entry to Kerberos database (using V4 string-to-key)\nchange_v4_key, cv4k: Change key of an entry in the Kerberos database (using V4 string-to-key)\ndelete_entry, delent: Delete an entry from the database\nextract_srvtab, xst, ex_st: Extract service key table\nextract_v4_srvtab, xst4: Extract service key table\nlist_db, ldb: List database entries\nset_dbname, sdbn: Change database name\nenter_master_key, emk: Enter the master key for a database\nchange_working_directory, cwd, cd: Change working directory\nprint_working_directory, pwd: Print working directory\nlist_requests, lr: List available requests\nquit, exit: Exit program", TCL_STATIC); + Tcl_SetResult(interp, "show_principal, show: Show the Kerberos database entry for a principal\nadd_new_key, ank: Add new entry to the Kerberos database (prompting for password\nchange_pwd_key, cpw: Change key of an entry in the Kerberos database (prompting for password)\nadd_rnd_key, ark: Add new entry to Kerberos database, using a random key\nchange_rnd_key, crk: Change key of an entry in the Kerberos database (select a random key)\ndelete_entry, delent: Delete an entry from the database\nextract_srvtab, xst, ex_st: Extract service key table\nextract_v4_srvtab, xst4: Extract service key table\nlist_db, ldb: List database entries\nset_dbname, sdbn: Change database name\nenter_master_key, emk: Enter the master key for a database\nchange_working_directory, cwd, cd: Change working directory\nprint_working_directory, pwd: Print working directory\nlist_requests, lr: List available requests\nquit, exit: Exit program", TCL_STATIC); return TCL_OK; } @@ -197,14 +195,6 @@ int Tcl_AppInit(interp) (Tcl_CmdDeleteProc *)0); Tcl_CreateCommand(interp, "crk", wrapper, change_rnd_key, (Tcl_CmdDeleteProc *)0); - Tcl_CreateCommand(interp, "add_v4_key", wrapper, add_v4_key, - (Tcl_CmdDeleteProc *)0); - Tcl_CreateCommand(interp, "av4k", wrapper, add_v4_key, - (Tcl_CmdDeleteProc *)0); - Tcl_CreateCommand(interp, "change_v4_key", wrapper, change_v4_key, - (Tcl_CmdDeleteProc *)0); - Tcl_CreateCommand(interp, "cv4k", wrapper, change_v4_key, - (Tcl_CmdDeleteProc *)0); Tcl_CreateCommand(interp, "delete_entry", wrapper, delete_entry, (Tcl_CmdDeleteProc *)0); Tcl_CreateCommand(interp, "delent", wrapper, delete_entry, -- 2.26.2