diff options
| author | Paul Park <pjpark@mit.edu> | 1995-07-17 19:35:58 +0000 |
|---|---|---|
| committer | Paul Park <pjpark@mit.edu> | 1995-07-17 19:35:58 +0000 |
| commit | 98b59e5b55dda7eef896bb9edfc36a5b13b1eccb (patch) | |
| tree | e24aa5a4973411a7df959bd677960864c42b874b /src/admin | |
| parent | 014c25c2a4825abf099bd91a01daa5f33be0839e (diff) | |
| download | krb5-98b59e5b55dda7eef896bb9edfc36a5b13b1eccb.tar.gz krb5-98b59e5b55dda7eef896bb9edfc36a5b13b1eccb.tar.xz krb5-98b59e5b55dda7eef896bb9edfc36a5b13b1eccb.zip | |
Add KDC profile and stash file support
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6304 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/admin')
| -rw-r--r-- | src/admin/convert/ChangeLog | 7 | ||||
| -rw-r--r-- | src/admin/convert/configure.in | 1 | ||||
| -rw-r--r-- | src/admin/convert/kdb5_convert.c | 56 | ||||
| -rw-r--r-- | src/admin/create/ChangeLog | 7 | ||||
| -rw-r--r-- | src/admin/create/configure.in | 1 | ||||
| -rw-r--r-- | src/admin/create/kdb5_create.c | 60 | ||||
| -rw-r--r-- | src/admin/edit/ChangeLog | 8 | ||||
| -rw-r--r-- | src/admin/edit/configure.in | 1 | ||||
| -rw-r--r-- | src/admin/edit/dumpv4.c | 2 | ||||
| -rw-r--r-- | src/admin/edit/kdb5_edit.c | 70 | ||||
| -rw-r--r-- | src/admin/stash/ChangeLog | 7 | ||||
| -rw-r--r-- | src/admin/stash/configure.in | 1 | ||||
| -rw-r--r-- | src/admin/stash/kdb5_stash.c | 45 |
13 files changed, 256 insertions, 10 deletions
diff --git a/src/admin/convert/ChangeLog b/src/admin/convert/ChangeLog index 2a95d0689b..02b81707f4 100644 --- a/src/admin/convert/ChangeLog +++ b/src/admin/convert/ChangeLog @@ -1,4 +1,11 @@ +Mon Jul 17 14:55:58 EDT 1995 Paul Park (pjpark@mit.edu) + * configure.in - Add KADM library. + * kdb5_convert.c - Change calling sequence to krb5_db_fetch_mkey(), + using the stash file. Add KDC profile reading/handling as + a supplement to command line supplied arguments. + + Wed Jul 12 11:55:44 EDT 1995 Paul Park (pjpark@mit.edu) * configure.in - Temporarily add --with-kdb4 option. Default is without kdb4. Without kdb4 enables a define. With kdb4 uses -lkdb4 and diff --git a/src/admin/convert/configure.in b/src/admin/convert/configure.in index e44ba56df4..444d81d74d 100644 --- a/src/admin/convert/configure.in +++ b/src/admin/convert/configure.in @@ -14,6 +14,7 @@ if test "$withval" = yes; then else AC_DEFINE(KDB4_DISABLE) fi +USE_KADM_LIBRARY USE_KDB5_LIBRARY USE_KRB4_LIBRARY KRB5_LIBRARIES diff --git a/src/admin/convert/kdb5_convert.c b/src/admin/convert/kdb5_convert.c index b1a47cb6e9..b4c4b8e178 100644 --- a/src/admin/convert/kdb5_convert.c +++ b/src/admin/convert/kdb5_convert.c @@ -41,6 +41,8 @@ static long master_key_version; #include "k5-int.h" #include "com_err.h" +#include "adm.h" +#include "adm_proto.h" #include <stdio.h> #include <netinet/in.h> /* ntohl */ @@ -168,6 +170,8 @@ char *argv[]; int tempdb = 0; char *tempdbname; krb5_context context; + char *stash_file = (char *) NULL; + krb5_realm_params *rparams; krb5_enctype etype = 0xffff; @@ -232,6 +236,56 @@ char *argv[]; } } + /* + * Attempt to read the KDC profile. If we do, then read appropriate values + * from it and augment values supplied on the command line. + */ + if (!(retval = krb5_read_realm_params(context, + realm, + (char *) NULL, + (char *) NULL, + &rparams))) { + /* Get the value for the database */ + if (rparams->realm_dbname && !dbname) + dbname = strdup(rparams->realm_dbname); + + /* Get the value for the master key name */ + if (rparams->realm_mkey_name && !mkey_name) + mkey_name = strdup(rparams->realm_mkey_name); + + /* Get the value for the master key type */ + if (rparams->realm_keytype_valid && !keytypedone) { + master_keyblock.keytype = rparams->realm_keytype; + keytypedone++; + } + + /* Get the value for the encryption type */ + if (rparams->realm_enctype_valid && (etype == 0xffff)) + etype = rparams->realm_enctype; + + /* Get the value for the stashfile */ + if (rparams->realm_stash_file) + stash_file = strdup(rparams->realm_stash_file); + + /* Get the value for maximum ticket lifetime. */ + if (rparams->realm_max_life_valid) + rblock.max_life = rparams->realm_max_life; + + /* Get the value for maximum renewable ticket lifetime. */ + if (rparams->realm_max_rlife_valid) + rblock.max_rlife = rparams->realm_max_rlife; + + /* Get the value for the default principal expiration */ + if (rparams->realm_expiration_valid) + rblock.expiration = rparams->realm_expiration; + + /* Get the value for the default principal flags */ + if (rparams->realm_flags_valid) + rblock.flags = rparams->realm_flags; + + krb5_free_realm_params(context, rparams); + } + #if defined(ODBM) || defined(KDB4_DISABLE) if (!v4dumpfile) { usage(PROGNAME, 1); @@ -315,7 +369,7 @@ master key name '%s'\n", } if (retval = krb5_db_fetch_mkey(context, master_princ, &master_encblock, - read_mkey, read_mkey, 0, + read_mkey, read_mkey, stash_file, 0, &master_keyblock)) { com_err(PROGNAME, retval, "while reading master key"); exit(1); diff --git a/src/admin/create/ChangeLog b/src/admin/create/ChangeLog index 0ccc3886b8..79a305406e 100644 --- a/src/admin/create/ChangeLog +++ b/src/admin/create/ChangeLog @@ -1,4 +1,11 @@ +Mon Jul 17 14:58:00 EDT 1995 Paul Park (pjpark@mit.edu) + * configure.in - Add KADM library. + * kdb5_create.c - Add KDC profile reading/handling as a supplement to + command line supplied arguments. Change calling sequence to + krb5_db_fetch_mkey(). + + Fri Jul 7 15:36:00 EDT 1995 Paul Park (pjpark@mit.edu) * Makefile.in - Remove all explicit library handling and LDFLAGS. * configure.in - Add USE_KDB5_LIBRARY and KRB5_LIBRARIES. diff --git a/src/admin/create/configure.in b/src/admin/create/configure.in index 7defabde60..09e936347a 100644 --- a/src/admin/create/configure.in +++ b/src/admin/create/configure.in @@ -15,6 +15,7 @@ else fi AC_SUBST(DBFLAGS)dnl dnl +USE_KADM_LIBRARY USE_KDB5_LIBRARY KRB5_LIBRARIES V5_USE_SHARED_LIB diff --git a/src/admin/create/kdb5_create.c b/src/admin/create/kdb5_create.c index eaaf248a90..07d724130e 100644 --- a/src/admin/create/kdb5_create.c +++ b/src/admin/create/kdb5_create.c @@ -26,6 +26,8 @@ #include "k5-int.h" #include "com_err.h" +#include "adm.h" +#include "adm_proto.h" #include <stdio.h> enum ap_op { @@ -118,7 +120,7 @@ char *argv[]; int optchar; krb5_error_code retval; - char *dbname = DEFAULT_KDB_FILE; + char *dbname = (char *) NULL; char *realm = 0; char *mkey_name = 0; char *mkey_fullname; @@ -128,6 +130,7 @@ char *argv[]; krb5_enctype etype = 0xffff; krb5_data scratch, pwd; krb5_context context; + krb5_realm_params *rparams; krb5_init_context(&context); krb5_init_ets(context); @@ -163,6 +166,55 @@ char *argv[]; } } + /* + * Attempt to read the KDC profile. If we do, then read appropriate values + * from it and augment values supplied on the command line. + */ + if (!(retval = krb5_read_realm_params(context, + realm, + (char *) NULL, + (char *) NULL, + &rparams))) { + /* Get the value for the database */ + if (rparams->realm_dbname && !dbname) + dbname = strdup(rparams->realm_dbname); + + /* Get the value for the master key name */ + if (rparams->realm_mkey_name && !mkey_name) + mkey_name = strdup(rparams->realm_mkey_name); + + /* Get the value for the master key type */ + if (rparams->realm_keytype_valid && !keytypedone) { + master_keyblock.keytype = rparams->realm_keytype; + keytypedone++; + } + + /* Get the value for the encryption type */ + if (rparams->realm_enctype_valid && (etype == 0xffff)) + etype = rparams->realm_enctype; + + /* Get the value for maximum ticket lifetime. */ + if (rparams->realm_max_life_valid) + rblock.max_life = rparams->realm_max_life; + + /* Get the value for maximum renewable ticket lifetime. */ + if (rparams->realm_max_rlife_valid) + rblock.max_rlife = rparams->realm_max_rlife; + + /* Get the value for the default principal expiration */ + if (rparams->realm_expiration_valid) + rblock.expiration = rparams->realm_expiration; + + /* Get the value for the default principal flags */ + if (rparams->realm_flags_valid) + rblock.flags = rparams->realm_flags; + + krb5_free_realm_params(context, rparams); + } + + if (!dbname) + dbname = DEFAULT_KDB_FILE; + if (!keytypedone) master_keyblock.keytype = DEFAULT_KDC_KEYTYPE; @@ -241,8 +293,10 @@ master key name '%s'\n", fflush(stdout); /* TRUE here means read the keyboard, and do it twice */ - if (retval = krb5_db_fetch_mkey(context, master_princ, &master_encblock, - TRUE, TRUE, 0, &master_keyblock)) { + if (retval = krb5_db_fetch_mkey(context, master_princ, + &master_encblock, + TRUE, TRUE, (char *) NULL, + 0, &master_keyblock)) { com_err(argv[0], retval, "while reading master key"); exit(1); } diff --git a/src/admin/edit/ChangeLog b/src/admin/edit/ChangeLog index 4cfb5dd3b1..8faff7c7b1 100644 --- a/src/admin/edit/ChangeLog +++ b/src/admin/edit/ChangeLog @@ -1,4 +1,12 @@ +Mon Jul 17 15:00:08 EDT 1995 Paul Park (pjpark@mit.edu) + * configure.in - Add KADM library. + * dumpv4.c - Change calling sequence to krb5_db_fetch_mkey(). + * kdb5_edit.c - Change calling sequence to krb5_db_fetch_mkey() which + uses the stash file. Add KDC profile reading/handling as a + supplement to command line supplied arguments. + + Wed Jul 12 12:01:04 EDT 1995 Paul Park (pjpark@mit.edu) * configure.in - Temporarily add --with-kdb4 option. Default is without kdb4. Without kdb4 enables a define. With kdb4 uses -lkdb4 and diff --git a/src/admin/edit/configure.in b/src/admin/edit/configure.in index 10896bdf54..208b6fba84 100644 --- a/src/admin/edit/configure.in +++ b/src/admin/edit/configure.in @@ -21,6 +21,7 @@ if test "$withval" = yes; then else AC_DEFINE(KDB4_DISABLE) fi +USE_KADM_LIBRARY USE_KDB5_LIBRARY USE_KRB4_LIBRARY USE_SS_LIBRARY diff --git a/src/admin/edit/dumpv4.c b/src/admin/edit/dumpv4.c index 70a6ebc7a4..50b081f62d 100644 --- a/src/admin/edit/dumpv4.c +++ b/src/admin/edit/dumpv4.c @@ -322,7 +322,7 @@ int handle_keys(arg) master_keyblock.keytype = DEFAULT_KDC_KEYTYPE; if (retval = krb5_db_fetch_mkey(edit_context, master_princ, &master_encblock, 0, - 0, 0, &master_keyblock)) { + 0, (char *) NULL, 0, &master_keyblock)) { com_err(arg->comerr_name, retval, "while reading master key"); exit(1); } diff --git a/src/admin/edit/kdb5_edit.c b/src/admin/edit/kdb5_edit.c index 52596c67b2..39b0d51657 100644 --- a/src/admin/edit/kdb5_edit.c +++ b/src/admin/edit/kdb5_edit.c @@ -26,6 +26,8 @@ #include "k5-int.h" #include "com_err.h" +#include "adm.h" +#include "adm_proto.h" #include <stdio.h> #include <time.h> /* timeb is part of the interface to get_date. */ @@ -78,6 +80,7 @@ static char search_instance[40]; static int num_instance_tokens; static int must_be_first[2]; static char *mkey_password = 0; +static char *stash_file = (char *) NULL; /* * I can't figure out any way for this not to be global, given how ss @@ -123,12 +126,14 @@ char *kdb5_edit_Init(argc, argv) int optchar; krb5_error_code retval; - char *dbname = DEFAULT_KDB_FILE; + char *dbname = (char *) NULL; char *defrealm; int keytypedone = 0; + int etypedone = 0; krb5_enctype etype = DEFAULT_KDC_ETYPE; extern krb5_kt_ops krb5_ktf_writable_ops; char *request = NULL; + krb5_realm_params *rparams; retval = krb5_init_context(&edit_context); if (retval) { @@ -173,6 +178,7 @@ char *kdb5_edit_Init(argc, argv) break; case 'e': etype = atoi(optarg); + etypedone++; break; case 'm': manual_mkey = TRUE; @@ -184,6 +190,56 @@ char *kdb5_edit_Init(argc, argv) } } + /* + * Attempt to read the KDC profile. If we do, then read appropriate values + * from it and augment values supplied on the command line. + */ + if (!(retval = krb5_read_realm_params(edit_context, + cur_realm, + (char *) NULL, + (char *) NULL, + &rparams))) { + /* Get the value for the database */ + if (rparams->realm_dbname && !dbname) + dbname = strdup(rparams->realm_dbname); + + /* Get the value for the master key name */ + if (rparams->realm_mkey_name && !mkey_name) + mkey_name = strdup(rparams->realm_mkey_name); + + /* Get the value for the master key type */ + if (rparams->realm_keytype_valid && !keytypedone) { + master_keyblock.keytype = rparams->realm_keytype; + keytypedone++; + } + + /* Get the value for the encryption type */ + if (rparams->realm_enctype_valid && !etypedone) + etype = rparams->realm_enctype; + + /* Get the value for the stashfile */ + if (rparams->realm_stash_file) + stash_file = strdup(rparams->realm_stash_file); + + /* Get the value for maximum ticket lifetime. */ + if (rparams->realm_max_life_valid) + mblock.max_life = rparams->realm_max_life; + + /* Get the value for maximum renewable ticket lifetime. */ + if (rparams->realm_max_rlife_valid) + mblock.max_rlife = rparams->realm_max_rlife; + + /* Get the value for the default principal expiration */ + if (rparams->realm_expiration_valid) + mblock.expiration = rparams->realm_expiration; + + /* Get the value for the default principal flags */ + if (rparams->realm_flags_valid) + mblock.flags = rparams->realm_flags; + + krb5_free_realm_params(edit_context, rparams); + } + /* Dump creates files which should not be world-readable. It is easiest to do a single umask call here; any shells run by the ss command interface will have umask = 77 but that is not a serious problem. */ @@ -195,6 +251,10 @@ char *kdb5_edit_Init(argc, argv) exit(1); } + /* Handle defaults */ + if (!dbname) + dbname = DEFAULT_KDB_FILE; + if (!keytypedone) master_keyblock.keytype = DEFAULT_KDC_KEYTYPE; @@ -456,9 +516,11 @@ set_dbname_help(pname, dbname) (void) krb5_db_fini(edit_context); return(1); } +#ifdef notdef mblock.max_life = master_entry.max_life; mblock.max_rlife = master_entry.max_renewable_life; mblock.expiration = master_entry.expiration; +#endif /* notdef */ /* don't set flags, master has some extra restrictions */ mblock.mkvno = master_entry.kvno; @@ -483,7 +545,8 @@ set_dbname_help(pname, dbname) mkey_password = 0; } else if (retval = krb5_db_fetch_mkey(edit_context, master_princ, &master_encblock, manual_mkey, - FALSE, 0, &master_keyblock)) { + FALSE, stash_file, + 0, &master_keyblock)) { com_err(pname, retval, "while reading master key"); com_err(pname, 0, "Warning: proceeding without master key"); exit_status++; @@ -550,7 +613,8 @@ void enter_master_key(argc, argv) master_keyblock.contents = NULL; } if (retval = krb5_db_fetch_mkey(edit_context, master_princ, &master_encblock, - TRUE, FALSE, 0, &master_keyblock)) { + TRUE, FALSE, (char *) NULL, + 0, &master_keyblock)) { com_err(pname, retval, "while reading master key"); exit_status++; return; diff --git a/src/admin/stash/ChangeLog b/src/admin/stash/ChangeLog index 65ca88b742..f0f9a9603c 100644 --- a/src/admin/stash/ChangeLog +++ b/src/admin/stash/ChangeLog @@ -1,4 +1,11 @@ +Mon Jul 17 15:02:29 EDT 1995 Paul Park (pjpark@mit.edu) + * configure.in - Add KADM library. + * kdb5_stash.c - Change calling sequence to krb5_db_fetch_mkey(). Add + KDC profile reading/handling as a supplement to command line + arguments. + + Fri Jul 7 15:38:50 EDT 1995 Paul Park (pjpark@mit.edu) * Makefile.in - Remove all explicit library handling and LDFLAGS. * configure.in - Add USE_KDB5_LIBRARY and KRB5_LIBRARIES. diff --git a/src/admin/stash/configure.in b/src/admin/stash/configure.in index eb8220e6d0..c37cbcf82e 100644 --- a/src/admin/stash/configure.in +++ b/src/admin/stash/configure.in @@ -15,6 +15,7 @@ else fi AC_SUBST(DBFLAGS)dnl dnl +USE_KADM_LIBRARY USE_KDB5_LIBRARY KRB5_LIBRARIES V5_USE_SHARED_LIB diff --git a/src/admin/stash/kdb5_stash.c b/src/admin/stash/kdb5_stash.c index 1cc87def0d..6d5157316f 100644 --- a/src/admin/stash/kdb5_stash.c +++ b/src/admin/stash/kdb5_stash.c @@ -26,6 +26,8 @@ #include "k5-int.h" #include "com_err.h" +#include "adm.h" +#include "adm_proto.h" #include <stdio.h> extern int errno; @@ -54,12 +56,13 @@ char *argv[]; extern char *optarg; int optchar; krb5_error_code retval; - char *dbname = DEFAULT_KDB_FILE; + char *dbname = (char *) NULL; char *realm = 0; char *mkey_name = 0; char *mkey_fullname; char *keyfile = 0; krb5_context context; + krb5_realm_params *rparams; int keytypedone = 0; krb5_enctype etype = 0xffff; @@ -98,6 +101,43 @@ char *argv[]; } } + /* + * Attempt to read the KDC profile. If we do, then read appropriate values + * from it and augment values supplied on the command line. + */ + if (!(retval = krb5_read_realm_params(context, + realm, + (char *) NULL, + (char *) NULL, + &rparams))) { + /* Get the value for the database */ + if (rparams->realm_dbname && !dbname) + dbname = strdup(rparams->realm_dbname); + + /* Get the value for the master key name */ + if (rparams->realm_mkey_name && !mkey_name) + mkey_name = strdup(rparams->realm_mkey_name); + + /* Get the value for the master key type */ + if (rparams->realm_keytype_valid && !keytypedone) { + master_keyblock.keytype = rparams->realm_keytype; + keytypedone++; + } + + /* Get the value for the stash file */ + if (rparams->realm_stash_file && !keyfile) + keyfile = strdup(rparams->realm_stash_file); + + /* Get the value for the encryption type */ + if (rparams->realm_enctype_valid && (etype == 0xffff)) + etype = rparams->realm_enctype; + + krb5_free_realm_params(context, rparams); + } + + if (!dbname) + dbname = DEFAULT_KDB_FILE; + if (!keytypedone) master_keyblock.keytype = DEFAULT_KDC_KEYTYPE; @@ -146,7 +186,8 @@ char *argv[]; /* TRUE here means read the keyboard, but only once */ if (retval = krb5_db_fetch_mkey(context, master_princ, &master_encblock, - TRUE, FALSE, 0, &master_keyblock)) { + TRUE, FALSE, (char *) NULL, + 0, &master_keyblock)) { com_err(argv[0], retval, "while reading master key"); (void) krb5_db_fini(context); exit(1); |