1 /* $NetBSD: get.c,v 1.1.1.2 2014/04/24 12:45:26 pettai Exp $ */
4 * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
5 * (Royal Institute of Technology, Stockholm, Sweden).
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 #include "ktutil_locl.h"
41 open_kadmin_connection(char *principal
,
46 static kadm5_config_params conf
;
49 memset(&conf
, 0, sizeof(conf
));
52 conf
.realm
= strdup(realm
);
53 if (conf
.realm
== NULL
) {
54 krb5_set_error_message(context
, 0, "malloc: out of memory");
57 conf
.mask
|= KADM5_CONFIG_REALM
;
61 conf
.admin_server
= admin_server
;
62 conf
.mask
|= KADM5_CONFIG_ADMIN_SERVER
;
66 conf
.kadmind_port
= htons(server_port
);
67 conf
.mask
|= KADM5_CONFIG_KADMIND_PORT
;
70 /* should get realm from each principal, instead of doing
71 everything with the same (local) realm */
73 ret
= kadm5_init_with_password_ctx(context
,
81 krb5_warn(context
, ret
, "kadm5_init_with_password");
88 kt_get(struct get_options
*opt
, int argc
, char **argv
)
90 krb5_error_code ret
= 0;
92 void *kadm_handle
= NULL
;
93 krb5_enctype
*etypes
= NULL
;
97 unsigned int failed
= 0;
99 if((keytab
= ktutil_open_keytab()) == NULL
)
102 if(opt
->realm_string
)
103 krb5_set_default_realm(context
, opt
->realm_string
);
105 if (opt
->enctypes_strings
.num_strings
!= 0) {
107 etypes
= malloc (opt
->enctypes_strings
.num_strings
* sizeof(*etypes
));
108 if (etypes
== NULL
) {
109 krb5_warnx(context
, "malloc failed");
112 netypes
= opt
->enctypes_strings
.num_strings
;
113 for(i
= 0; i
< netypes
; i
++) {
114 ret
= krb5_string_to_enctype(context
,
115 opt
->enctypes_strings
.strings
[i
],
118 krb5_warnx(context
, "unrecognized enctype: %s",
119 opt
->enctypes_strings
.strings
[i
]);
126 for(a
= 0; a
< argc
; a
++){
127 krb5_principal princ_ent
;
128 kadm5_principal_ent_rec princ
;
133 krb5_keytab_entry entry
;
135 ret
= krb5_parse_name(context
, argv
[a
], &princ_ent
);
137 krb5_warn(context
, ret
, "can't parse principal %s", argv
[a
]);
141 memset(&princ
, 0, sizeof(princ
));
142 princ
.principal
= princ_ent
;
143 mask
|= KADM5_PRINCIPAL
;
144 princ
.attributes
|= KRB5_KDB_DISALLOW_ALL_TIX
;
145 mask
|= KADM5_ATTRIBUTES
;
146 princ
.princ_expire_time
= 0;
147 mask
|= KADM5_PRINC_EXPIRE_TIME
;
149 if(kadm_handle
== NULL
) {
151 if(opt
->realm_string
!= NULL
)
152 r
= opt
->realm_string
;
154 r
= krb5_principal_get_realm(context
, princ_ent
);
155 kadm_handle
= open_kadmin_connection(opt
->principal_string
,
157 opt
->admin_server_string
,
158 opt
->server_port_integer
);
159 if(kadm_handle
== NULL
)
163 ret
= kadm5_create_principal(kadm_handle
, &princ
, mask
, "x");
166 else if(ret
!= KADM5_DUP
) {
167 krb5_warn(context
, ret
, "kadm5_create_principal(%s)", argv
[a
]);
168 krb5_free_principal(context
, princ_ent
);
172 ret
= kadm5_randkey_principal(kadm_handle
, princ_ent
, &keys
, &n_keys
);
174 krb5_warn(context
, ret
, "kadm5_randkey_principal(%s)", argv
[a
]);
175 krb5_free_principal(context
, princ_ent
);
180 ret
= kadm5_get_principal(kadm_handle
, princ_ent
, &princ
,
181 KADM5_PRINCIPAL
| KADM5_KVNO
| KADM5_ATTRIBUTES
);
183 krb5_warn(context
, ret
, "kadm5_get_principal(%s)", argv
[a
]);
184 for (j
= 0; j
< n_keys
; j
++)
185 krb5_free_keyblock_contents(context
, &keys
[j
]);
186 krb5_free_principal(context
, princ_ent
);
190 if(!created
&& (princ
.attributes
& KRB5_KDB_DISALLOW_ALL_TIX
))
191 krb5_warnx(context
, "%s: disallow-all-tix flag set - clearing", argv
[a
]);
192 princ
.attributes
&= (~KRB5_KDB_DISALLOW_ALL_TIX
);
193 mask
= KADM5_ATTRIBUTES
;
198 ret
= kadm5_modify_principal(kadm_handle
, &princ
, mask
);
200 krb5_warn(context
, ret
, "kadm5_modify_principal(%s)", argv
[a
]);
201 for (j
= 0; j
< n_keys
; j
++)
202 krb5_free_keyblock_contents(context
, &keys
[j
]);
203 krb5_free_principal(context
, princ_ent
);
207 for(j
= 0; j
< n_keys
; j
++) {
214 for (k
= 0; k
< netypes
; ++k
)
215 if (keys
[j
].keytype
== etypes
[k
]) {
221 entry
.principal
= princ_ent
;
222 entry
.vno
= princ
.kvno
;
223 entry
.keyblock
= keys
[j
];
224 entry
.timestamp
= time (NULL
);
225 ret
= krb5_kt_add_entry(context
, keytab
, &entry
);
227 krb5_warn(context
, ret
, "krb5_kt_add_entry");
229 krb5_free_keyblock_contents(context
, &keys
[j
]);
232 kadm5_free_principal_ent(kadm_handle
, &princ
);
233 krb5_free_principal(context
, princ_ent
);
238 kadm5_destroy(kadm_handle
);
239 krb5_kt_close(context
, keytab
);
240 return ret
!= 0 || failed
> 0;