search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
No empty .Rs/.Re
[netbsd-mini2440.git] / crypto / dist / heimdal / admin / change.c
blob7af7c03d25ddfbca1d7d6c47c8c264d9cf766947
1 /*
2 * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "ktutil_locl.h"
35
36 __RCSID("$Heimdal: change.c 15578 2005-07-07 20:44:48Z lha $"
37 "$NetBSD$");
38
39 static krb5_error_code
40 change_entry (krb5_keytab keytab,
41 krb5_principal principal, krb5_kvno kvno,
42 const char *realm, const char *admin_server, int server_port)
43 {
44 krb5_error_code ret;
45 kadm5_config_params conf;
46 void *kadm_handle;
47 char *client_name;
48 krb5_keyblock *keys;
49 int num_keys;
50 int i;
51
52 ret = krb5_unparse_name (context, principal, &client_name);
53 if (ret) {
54 krb5_warn (context, ret, "krb5_unparse_name");
55 return ret;
56 }
57
58 memset (&conf, 0, sizeof(conf));
59
60 if(realm == NULL)
61 realm = krb5_principal_get_realm(context, principal);
62 conf.realm = strdup(realm);
63 if (conf.realm == NULL) {
64 free (client_name);
65 krb5_set_error_string(context, "malloc failed");
66 return ENOMEM;
67 }
68 conf.mask |= KADM5_CONFIG_REALM;
69
70 if (admin_server) {
71 conf.admin_server = strdup(admin_server);
72 if (conf.admin_server == NULL) {
73 free(client_name);
74 free(conf.realm);
75 krb5_set_error_string(context, "malloc failed");
76 return ENOMEM;
77 }
78 conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
79 }
80
81 if (server_port) {
82 conf.kadmind_port = htons(server_port);
83 conf.mask |= KADM5_CONFIG_KADMIND_PORT;
84 }
85
86 ret = kadm5_init_with_skey_ctx (context,
87 client_name,
88 keytab_string,
89 KADM5_ADMIN_SERVICE,
90 &conf, 0, 0,
91 &kadm_handle);
92 free(conf.admin_server);
93 free(conf.realm);
94 if (ret) {
95 krb5_warn (context, ret,
96 "kadm5_c_init_with_skey_ctx: %s:", client_name);
97 free (client_name);
98 return ret;
99 }
100 ret = kadm5_randkey_principal (kadm_handle, principal, &keys, &num_keys);
101 kadm5_destroy (kadm_handle);
102 if (ret) {
103 krb5_warn(context, ret, "kadm5_randkey_principal: %s:", client_name);
104 free (client_name);
105 return ret;
106 }
107 free (client_name);
108 for (i = 0; i < num_keys; ++i) {
109 krb5_keytab_entry new_entry;
110
111 new_entry.principal = principal;
112 new_entry.timestamp = time (NULL);
113 new_entry.vno = kvno + 1;
114 new_entry.keyblock = keys[i];
115
116 ret = krb5_kt_add_entry (context, keytab, &new_entry);
117 if (ret)
118 krb5_warn (context, ret, "krb5_kt_add_entry");
119 krb5_free_keyblock_contents (context, &keys[i]);
120 }
121 return ret;
122 }
123
124 /*
125 * loop over all the entries in the keytab (or those given) and change
126 * their keys, writing the new keys
127 */
128
129 struct change_set {
130 krb5_principal principal;
131 krb5_kvno kvno;
132 };
133
134 int
135 kt_change (struct change_options *opt, int argc, char **argv)
136 {
137 krb5_error_code ret;
138 krb5_keytab keytab;
139 krb5_kt_cursor cursor;
140 krb5_keytab_entry entry;
141 int i, j, max;
142 struct change_set *changeset;
143 int errors = 0;
144
145 if((keytab = ktutil_open_keytab()) == NULL)
146 return 1;
147
148 j = 0;
149 max = 0;
150 changeset = NULL;
151
152 ret = krb5_kt_start_seq_get(context, keytab, &cursor);
153 if(ret){
154 krb5_warn(context, ret, "%s", keytab_string);
155 goto out;
156 }
157
158 while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) {
159 int add = 0;
160
161 for (i = 0; i < j; ++i) {
162 if (krb5_principal_compare (context, changeset[i].principal,
163 entry.principal)) {
164 if (changeset[i].kvno < entry.vno)
165 changeset[i].kvno = entry.vno;
166 break;
167 }
168 }
169 if (i < j) {
170 krb5_kt_free_entry (context, &entry);
171 continue;
172 }
173
174 if (argc == 0) {
175 add = 1;
176 } else {
177 for (i = 0; i < argc; ++i) {
178 krb5_principal princ;
179
180 ret = krb5_parse_name (context, argv[i], &princ);
181 if (ret) {
182 krb5_warn (context, ret, "%s", argv[i]);
183 continue;
184 }
185 if (krb5_principal_compare (context, princ, entry.principal))
186 add = 1;
187
188 krb5_free_principal (context, princ);
189 }
190 }
191
192 if (add) {
193 if (j >= max) {
194 void *tmp;
195
196 max = max(max * 2, 1);
197 tmp = realloc (changeset, max * sizeof(*changeset));
198 if (tmp == NULL) {
199 krb5_kt_free_entry (context, &entry);
200 krb5_warnx (context, "realloc: out of memory");
201 ret = ENOMEM;
202 break;
203 }
204 changeset = tmp;
205 }
206 ret = krb5_copy_principal (context, entry.principal,
207 &changeset[j].principal);
208 if (ret) {
209 krb5_warn (context, ret, "krb5_copy_principal");
210 krb5_kt_free_entry (context, &entry);
211 break;
212 }
213 changeset[j].kvno = entry.vno;
214 ++j;
215 }
216 krb5_kt_free_entry (context, &entry);
217 }
218 krb5_kt_end_seq_get(context, keytab, &cursor);
219
220 if (ret == KRB5_KT_END) {
221 ret = 0;
222 for (i = 0; i < j; i++) {
223 if (verbose_flag) {
224 char *client_name;
225
226 ret = krb5_unparse_name (context, changeset[i].principal,
227 &client_name);
228 if (ret) {
229 krb5_warn (context, ret, "krb5_unparse_name");
230 } else {
231 printf("Changing %s kvno %d\n",
232 client_name, changeset[i].kvno);
233 free(client_name);
234 }
235 }
236 ret = change_entry (keytab,
237 changeset[i].principal, changeset[i].kvno,
238 opt->realm_string,
239 opt->admin_server_string,
240 opt->server_port_integer);
241 if (ret != 0)
242 errors = 1;
243 }
244 } else
245 errors = 1;
246 for (i = 0; i < j; i++)
247 krb5_free_principal (context, changeset[i].principal);
248 free (changeset);
249
250 out:
251 krb5_kt_close(context, keytab);
252 return errors;
253 }
NetBSD on the FriendlyARM MINI2440