2 * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "ktutil_locl.h"
36 RCSID("$Id: get.c,v 1.22.2.1 2004/06/21 10:55:46 lha Exp $");
39 open_kadmin_connection(char *principal
,
44 static kadm5_config_params conf
;
47 memset(&conf
, 0, sizeof(conf
));
50 conf
.realm
= (char*)realm
;
51 conf
.mask
|= KADM5_CONFIG_REALM
;
55 conf
.admin_server
= admin_server
;
56 conf
.mask
|= KADM5_CONFIG_ADMIN_SERVER
;
60 conf
.kadmind_port
= htons(server_port
);
61 conf
.mask
|= KADM5_CONFIG_KADMIND_PORT
;
64 /* should get realm from each principal, instead of doing
65 everything with the same (local) realm */
67 ret
= kadm5_init_with_password_ctx(context
,
74 krb5_warn(context
, ret
, "kadm5_init_with_password");
81 kt_get(int argc
, char **argv
)
83 krb5_error_code ret
= 0;
85 void *kadm_handle
= NULL
;
86 char *principal
= NULL
;
88 char *admin_server
= NULL
;
92 struct getarg_strings etype_strs
= {0, NULL
};
93 krb5_enctype
*etypes
= NULL
;
96 struct getargs args
[] = {
97 { "principal", 'p', arg_string
, NULL
,
98 "admin principal", "principal"
100 { "enctypes", 'e', arg_strings
, NULL
,
101 "encryption types to use", "enctypes" },
102 { "realm", 'r', arg_string
, NULL
,
103 "realm to use", "realm"
105 { "admin-server", 'a', arg_string
, NULL
,
106 "server to contact", "host"
108 { "server-port", 's', arg_integer
, NULL
,
109 "port to contact", "port number"
111 { "help", 'h', arg_flag
, NULL
}
115 args
[i
++].value
= &principal
;
116 args
[i
++].value
= &etype_strs
;
117 args
[i
++].value
= &realm
;
118 args
[i
++].value
= &admin_server
;
119 args
[i
++].value
= &server_port
;
120 args
[i
++].value
= &help_flag
;
122 if(getarg(args
, sizeof(args
) / sizeof(args
[0]), argc
, argv
, &optind
)
124 arg_printusage(args
, sizeof(args
) / sizeof(args
[0]),
125 "ktutil get", "principal...");
129 krb5_warnx(context
, "no principals specified");
130 arg_printusage(args
, sizeof(args
) / sizeof(args
[0]),
131 "ktutil get", "principal...");
135 if((keytab
= ktutil_open_keytab()) == NULL
)
139 krb5_set_default_realm(context
, realm
);
141 if (etype_strs
.num_strings
) {
144 etypes
= malloc (etype_strs
.num_strings
* sizeof(*etypes
));
145 if (etypes
== NULL
) {
146 krb5_warnx(context
, "malloc failed");
149 netypes
= etype_strs
.num_strings
;
150 for(i
= 0; i
< netypes
; i
++) {
151 ret
= krb5_string_to_enctype(context
,
152 etype_strs
.strings
[i
],
155 krb5_warnx(context
, "unrecognized enctype: %s",
156 etype_strs
.strings
[i
]);
163 for(i
= optind
; i
< argc
; i
++){
164 krb5_principal princ_ent
;
165 kadm5_principal_ent_rec princ
;
170 krb5_keytab_entry entry
;
172 ret
= krb5_parse_name(context
, argv
[i
], &princ_ent
);
174 krb5_warn(context
, ret
, "can't parse principal %s", argv
[i
]);
177 memset(&princ
, 0, sizeof(princ
));
178 princ
.principal
= princ_ent
;
179 mask
|= KADM5_PRINCIPAL
;
180 princ
.attributes
|= KRB5_KDB_DISALLOW_ALL_TIX
;
181 mask
|= KADM5_ATTRIBUTES
;
182 princ
.princ_expire_time
= 0;
183 mask
|= KADM5_PRINC_EXPIRE_TIME
;
185 if(kadm_handle
== NULL
) {
190 r
= krb5_principal_get_realm(context
, princ_ent
);
191 kadm_handle
= open_kadmin_connection(principal
,
195 if(kadm_handle
== NULL
) {
200 ret
= kadm5_create_principal(kadm_handle
, &princ
, mask
, "x");
203 else if(ret
!= KADM5_DUP
) {
204 krb5_warn(context
, ret
, "kadm5_create_principal(%s)", argv
[i
]);
205 krb5_free_principal(context
, princ_ent
);
208 ret
= kadm5_randkey_principal(kadm_handle
, princ_ent
, &keys
, &n_keys
);
210 krb5_warn(context
, ret
, "kadm5_randkey_principal(%s)", argv
[i
]);
211 krb5_free_principal(context
, princ_ent
);
215 ret
= kadm5_get_principal(kadm_handle
, princ_ent
, &princ
,
216 KADM5_PRINCIPAL
| KADM5_KVNO
| KADM5_ATTRIBUTES
);
218 krb5_warn(context
, ret
, "kadm5_get_principal(%s)", argv
[i
]);
219 for (j
= 0; j
< n_keys
; j
++)
220 krb5_free_keyblock_contents(context
, &keys
[j
]);
221 krb5_free_principal(context
, princ_ent
);
224 princ
.attributes
&= (~KRB5_KDB_DISALLOW_ALL_TIX
);
225 mask
= KADM5_ATTRIBUTES
;
230 ret
= kadm5_modify_principal(kadm_handle
, &princ
, mask
);
232 krb5_warn(context
, ret
, "kadm5_modify_principal(%s)", argv
[i
]);
233 for (j
= 0; j
< n_keys
; j
++)
234 krb5_free_keyblock_contents(context
, &keys
[j
]);
235 krb5_free_principal(context
, princ_ent
);
238 for(j
= 0; j
< n_keys
; j
++) {
245 for (i
= 0; i
< netypes
; ++i
)
246 if (keys
[j
].keytype
== etypes
[i
]) {
252 entry
.principal
= princ_ent
;
253 entry
.vno
= princ
.kvno
;
254 entry
.keyblock
= keys
[j
];
255 entry
.timestamp
= time (NULL
);
256 ret
= krb5_kt_add_entry(context
, keytab
, &entry
);
258 krb5_warn(context
, ret
, "krb5_kt_add_entry");
260 krb5_free_keyblock_contents(context
, &keys
[j
]);
263 kadm5_free_principal_ent(kadm_handle
, &princ
);
264 krb5_free_principal(context
, princ_ent
);
267 free_getarg_strings(&etype_strs
);
270 kadm5_destroy(kadm_handle
);
271 krb5_kt_close(context
, keytab
);