Make principal renaming work in libkadm5srv by converting to explicit

salts as necessary.  Add a principal rename command to the client.
(The RPC infrastructure was already present.)

Adapted from patches submitted by mdw@umich.edu and lha@apple.com.

ticket: 6323

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24604 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 67 insertions, 0 deletions

diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c
index ecac1af4c6..38244bed93 100644
--- a/src/kadmin/cli/kadmin.c
+++ b/src/kadmin/cli/kadmin.c
@@ -645,6 +645,69 @@ cleanup:
     free(canon);
 }
 
+void
+kadmin_renameprinc(int argc, char *argv[])
+{
+    kadm5_ret_t retval;
+    krb5_principal oprinc = NULL, nprinc = NULL;
+    char *ocanon = NULL, *ncanon = NULL;
+    char reply[5];
+
+    if (!(argc == 3 || (argc == 4 && !strcmp("-force", argv[1])))) {
+        fprintf(stderr, "usage: rename_principal [-force] old_principal "
+                "new_principal\n");
+        return;
+    }
+    retval = kadmin_parse_name(argv[argc - 2], &oprinc);
+    if (retval) {
+        com_err("rename_principal", retval,
+                "while parsing old principal name");
+        goto cleanup;
+    }
+    retval = kadmin_parse_name(argv[argc - 1], &nprinc);
+    if (retval) {
+        com_err("rename_principal", retval,
+                "while parsing new principal name");
+        goto cleanup;
+    }
+    retval = krb5_unparse_name(context, oprinc, &ocanon);
+    if (retval) {
+        com_err("rename_principal", retval,
+                "while canonicalizing old principal");
+        goto cleanup;
+    }
+    retval = krb5_unparse_name(context, nprinc, &ncanon);
+    if (retval) {
+        com_err("rename_principal", retval,
+                "while canonicalizing new principal");
+        goto cleanup;
+    }
+    if (argc == 3) {
+        printf("Are you sure you want to rename the principal \"%s\" "
+               "to \"%s\"? (yes/no): ", ocanon, ncanon);
+        fgets(reply, sizeof(reply), stdin);
+        if (strcmp("yes\n", reply)) {
+            fprintf(stderr, "Principal \"%s\" not renamed\n", ocanon);
+            goto cleanup;
+        }
+    }
+    retval = kadm5_rename_principal(handle, oprinc, nprinc);
+    if (retval) {
+        com_err("rename_principal", retval,
+                "while renaming principal \"%s\" to \"%s\"", ocanon, ncanon);
+        goto cleanup;
+    }
+    printf("Principal \"%s\" renamed to \"%s\".\n"
+           "Make sure that you have removed the old principal from all ACLs "
+           "before reusing.\n", ocanon, ncanon);
+
+cleanup:
+    krb5_free_principal(context, nprinc);
+    krb5_free_principal(context, oprinc);
+    free(ncanon);
+    free(ocanon);
+}
+
 static void
 cpw_usage(const char *str)
 {
diff --git a/src/kadmin/cli/kadmin.h b/src/kadmin/cli/kadmin.h
index 66496687d7..92e5faa7b6 100644
--- a/src/kadmin/cli/kadmin.h
+++ b/src/kadmin/cli/kadmin.h
@@ -37,6 +37,7 @@ extern int quit (void);
 extern void kadmin_lock(int argc, char *argv[]);
 extern void kadmin_unlock(int argc, char *argv[]);
 extern void kadmin_delprinc(int argc, char *argv[]);
+extern void kadmin_renameprinc(int argc, char *argv[]);
 extern void kadmin_cpw(int argc, char *argv[]);
 extern void kadmin_addprinc(int argc, char *argv[]);
 extern void kadmin_modprinc(int argc, char *argv[]);
diff --git a/src/kadmin/cli/kadmin_ct.ct b/src/kadmin/cli/kadmin_ct.ct
index 6228f95ad9..86ac96e708 100644
--- a/src/kadmin/cli/kadmin_ct.ct
+++ b/src/kadmin/cli/kadmin_ct.ct
@@ -35,6 +35,9 @@ request kadmin_delprinc, "Delete principal",
 request kadmin_modprinc, "Modify principal",
 	modify_principal, modprinc;
 
+request kadmin_renameprinc, "Rename principal",
+	rename_principal, renprinc;
+
 request kadmin_cpw, "Change password",
 	change_password, cpw;