diff options
Diffstat (limited to 'src/kadmin.old/client')
| -rw-r--r-- | src/kadmin.old/client/.Sanitize | 47 | ||||
| -rw-r--r-- | src/kadmin.old/client/.cvsignore | 1 | ||||
| -rw-r--r-- | src/kadmin.old/client/ChangeLog | 98 | ||||
| -rw-r--r-- | src/kadmin.old/client/Makefile.in | 49 | ||||
| -rw-r--r-- | src/kadmin.old/client/configure.in | 10 | ||||
| -rw-r--r-- | src/kadmin.old/client/kadmin.M | 2 | ||||
| -rw-r--r-- | src/kadmin.old/client/kadmin.c | 725 | ||||
| -rw-r--r-- | src/kadmin.old/client/kadmin_add.c | 236 | ||||
| -rw-r--r-- | src/kadmin.old/client/kadmin_adr.c | 129 | ||||
| -rw-r--r-- | src/kadmin.old/client/kadmin_cpr.c | 132 | ||||
| -rw-r--r-- | src/kadmin.old/client/kadmin_cpw.c | 246 | ||||
| -rw-r--r-- | src/kadmin.old/client/kadmin_del.c | 124 | ||||
| -rw-r--r-- | src/kadmin.old/client/kadmin_done.c | 70 | ||||
| -rw-r--r-- | src/kadmin.old/client/kadmin_inq.c | 198 | ||||
| -rw-r--r-- | src/kadmin.old/client/kadmin_mod.c | 185 | ||||
| -rw-r--r-- | src/kadmin.old/client/kadmin_msnd.c | 273 |
16 files changed, 2525 insertions, 0 deletions
diff --git a/src/kadmin.old/client/.Sanitize b/src/kadmin.old/client/.Sanitize new file mode 100644 index 0000000000..6aad222d52 --- /dev/null +++ b/src/kadmin.old/client/.Sanitize @@ -0,0 +1,47 @@ +# Sanitize.in for Kerberos V5 + +# Each directory to survive it's way into a release will need a file +# like this one called "./.Sanitize". All keyword lines must exist, +# and must exist in the order specified by this file. Each directory +# in the tree will be processed, top down, in the following order. + +# Hash started lines like this one are comments and will be deleted +# before anything else is done. Blank lines will also be squashed +# out. + +# The lines between the "Do-first:" line and the "Things-to-keep:" +# line are executed as a /bin/sh shell script before anything else is +# done in this + +Do-first: + +# All files listed between the "Things-to-keep:" line and the +# "Files-to-sed:" line will be kept. All other files will be removed. +# Directories listed in this section will have their own Sanitize +# called. Directories not listed will be removed in their entirety +# with rm -rf. + +Things-to-keep: + +.cvsignore +ChangeLog +Makefile.in +configure +configure.in +kadmin.M +kadmin.c +kadmin_add.c +kadmin_adr.c +kadmin_cpr.c +kadmin_cpw.c +kadmin_del.c +kadmin_done.c +kadmin_inq.c +kadmin_mod.c +kadmin_msnd.c + +Things-to-lose: + +Do-last: + +# End of file. diff --git a/src/kadmin.old/client/.cvsignore b/src/kadmin.old/client/.cvsignore new file mode 100644 index 0000000000..e8c05a6b13 --- /dev/null +++ b/src/kadmin.old/client/.cvsignore @@ -0,0 +1 @@ +configure diff --git a/src/kadmin.old/client/ChangeLog b/src/kadmin.old/client/ChangeLog new file mode 100644 index 0000000000..c51961207d --- /dev/null +++ b/src/kadmin.old/client/ChangeLog @@ -0,0 +1,98 @@ +Thu Apr 20 18:18:48 1995 Mark Eichin <eichin@cygnus.com> + + Changes from Ian Taylor <ian@cygnus.com> to support testsuite. + Support -p port argument to kadmin client. + * kadmin.c (main): parse -p argument. + (adm5_init_link): new port argument, use it in preference to + getservbyname. + (usage): document new -p argument. + +Thu Apr 20 11:45:10 1995 <tytso@rsx-11.mit.edu> + + * kadmin.c, kadmin_add.c, kadmin_adr.c, kadmin_cpr.c kadmin_cpw.c, + kadmin_del.c, kadmin_done.c, kadmin_inq.c, kadmin_mod.c, + kadmin_msnd.c: Add include of adm_defs.h, since that's no longer + included by krb5.h. + +Fri Mar 17 15:36:07 1995 Chris Provenzano (proven@mit.edu) + + * kadmin_inq.c, kadmin.c: + Cast malloc() return value to shut compiler up. + +Fri Mar 10 11:09:34 1995 Chris Provenzano (proven@mit.edu) + + * kadmin.c, kadmin_adr.c, kadmin_cpw.c, kadmin_done.c, kadmin_mod.c + * kadmin_add.c, kadmin_cpr.c, kadmin_del.c, kadmin_inq.c, kadmin_msnd.c + Use new calling convention for krb5_sendauth(), krb5_mk_priv(), + krb5_rd_priv(), krb5_mk_safe(), and krb5_rd_safe(). + +Thu Mar 2 12:24:25 1995 Theodore Y. Ts'o <tytso@dcl> + + * Makefile.in (ISODELIB): Remove reference to $(ISODELIB). + +Wed Mar 1 16:29:19 1995 Theodore Y. Ts'o <tytso@dcl> + + * configure.in: Remove ISODE_INCLUDE, replace check for -lsocket + and -lnsl with WITH_NETLIB check. + +Tue Feb 28 02:18:37 1995 John Gilmore (gnu at toad.com) + + * *.c: Avoid <krb5/...> and <com_err.h> includes. + +Tue Feb 14 15:30:55 1995 Chris Provenzano (proven@mit.edu) + + * kadmin.c Call krb5_sendauth() with new calling convention + +Fri Feb 10 17:50:39 1995 Theodore Y. Ts'o <tytso@dcl> + + * kadmin_msnd.c: Remove needless #include of <krb5/asn.1/encode.h> + +Mon Feb 06 17:19:04 1995 Chris Provenzano (proven@mit.edu) + + * kadmin.c: Removed krb5_keytype, changed krb5_enctype to + krb5_enctype *, changed krb5_preauthtype to krb5_preauthtype * + for krb5_get_in_tkt_with_password() rotuine. + +Fri Feb 3 03:03:27 1995 John Gilmore <gnu@cygnus.com> + + * kadmin.c (main): Real live non-kludged argument parsing. + Add -c option to specify ticket cache location (it really + should just use a cache in memory in the process, but that + isn't written yet). Make some error messages more explicit! + +Wed Jan 25 16:54:40 1995 Chris Provenzano (proven@mit.edu) + + * Removed all narrow types and references to wide.h and narrow.h + +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + +Mon Oct 3 19:12:43 1994 Theodore Y. Ts'o (tytso@dcl) + + * Makefile.in: Use $(srcdir) to find manual page for make install. + +Thu Sep 29 22:39:10 1994 Theodore Y. Ts'o (tytso@dcl) + + * Makefile.in: relink executable if libraries change + +Thu Sep 15 16:49:19 1994 Theodore Y. Ts'o (tytso@dcl) + + * kadm_add.c (kadm_add_user): Don't chop off last character of + principal if it was supplied by the caller (instead of + prompting the user to enter a principal). + +Wed Sep 14 22:20:46 1994 Theodore Y. Ts'o (tytso@dcl) + + * kadmin_add.c (kadm_add_user): removed a duplicated + free(inbuf.data) call. + +Sat Jul 16 02:47:38 1994 Tom Yu (tlyu at dragons-lair) + + * kadmin.c (get_first_ticket): change error code to match + +Fri Jun 24 22:48:29 1994 Theodore Y. Ts'o (tytso at tsx-11) + + * kadmin_done (kadm_done): fix memory allocation bugs + + diff --git a/src/kadmin.old/client/Makefile.in b/src/kadmin.old/client/Makefile.in new file mode 100644 index 0000000000..64140ed236 --- /dev/null +++ b/src/kadmin.old/client/Makefile.in @@ -0,0 +1,49 @@ +CFLAGS = $(CCOPTS) $(DEFS) $(LOCALINCLUDE) +LDFLAGS = -g + +COMERRLIB=$(BUILDTOP)/util/et/libcom_err.a +SSLIB=$(BUILDTOP)/util/ss/libss.a +DBMLIB= +KDBLIB=$(TOPLIBD)/libkdb5.a + +all:: + +KLIB = $(TOPLIBD)/libkrb5.a $(TOPLIBD)/libcrypto.a $(SSLIB) $(COMERRLIB) $(DBMLIB) +DEPKLIB = $(TOPLIBD)/libkrb5.a $(TOPLIBD)/libcrypto.a $(SSLIB) $(COMERRLIB) $(DBMLIB) + +SRCS = \ + $(srcdir)/kadmin.c \ + $(srcdir)/kadmin_add.c \ + $(srcdir)/kadmin_adr.c \ + $(srcdir)/kadmin_cpr.c \ + $(srcdir)/kadmin_inq.c \ + $(srcdir)/kadmin_msnd.c \ + $(srcdir)/kadmin_mod.c \ + $(srcdir)/kadmin_cpw.c \ + $(srcdir)/kadmin_del.c \ + $(srcdir)/kadmin_done.c + +OBJS = \ + kadmin.o \ + kadmin_add.o \ + kadmin_adr.o \ + kadmin_cpr.o \ + kadmin_inq.o \ + kadmin_msnd.o \ + kadmin_mod.o \ + kadmin_cpw.o \ + kadmin_del.o \ + kadmin_done.o + +all:: kadmin + +kadmin: $(KDBDEPLIB) $(OBJS) $(DEPKLIB) + $(CC) $(CFLAGS) -o kadmin $(OBJS) $(KLIB) $(LIBS) + +install:: + $(INSTALL_PROGRAM) kadmin ${DESTDIR}$(CLIENT_BINDIR)/kadmin + $(INSTALL_DATA) $(srcdir)/kadmin.M ${DESTDIR}$(CLIENT_MANDIR)/kadmin.1 + +clean:: + $(RM) kadmin + diff --git a/src/kadmin.old/client/configure.in b/src/kadmin.old/client/configure.in new file mode 100644 index 0000000000..55d33a6c87 --- /dev/null +++ b/src/kadmin.old/client/configure.in @@ -0,0 +1,10 @@ +AC_INIT(kadmin.c) +WITH_CCOPTS +CONFIG_RULES +AC_SET_BUILDTOP +AC_PROG_INSTALL +WITH_NETLIB +ET_RULES +KRB_INCLUDE +WITH_KRB5ROOT +V5_AC_OUTPUT_MAKEFILE diff --git a/src/kadmin.old/client/kadmin.M b/src/kadmin.old/client/kadmin.M new file mode 100644 index 0000000000..180a1a9589 --- /dev/null +++ b/src/kadmin.old/client/kadmin.M @@ -0,0 +1,2 @@ +.\" this file was somehow lost +.\" but CVS deals badly with 0 length files. diff --git a/src/kadmin.old/client/kadmin.c b/src/kadmin.old/client/kadmin.c new file mode 100644 index 0000000000..397a7df0ae --- /dev/null +++ b/src/kadmin.old/client/kadmin.c @@ -0,0 +1,725 @@ +/* + * kadmin/client/kadmin.c + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + */ + +/* + * Sandia National Laboratories also makes no representations about the + * suitability of the modifications, or additions to this software for + * any purpose. It is provided "as is" without express or implied warranty. + */ + + +/* + * kadmin + * Perform Remote Kerberos Administrative Functions + */ + +#include <stdio.h> +#include <ctype.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <netdb.h> +#include <signal.h> +#include <string.h> +#include <pwd.h> +#include "com_err.h" + +#ifndef MAXPATHLEN +#define MAXPATHLEN 1024 +#endif + +#include "krb5.h" +#include "adm_defs.h" + +static krb5_error_code get_first_ticket + PROTOTYPE((krb5_context, + krb5_ccache, + krb5_principal, + krb5_creds *)); + +struct sockaddr_in local_sin, remote_sin; + +char cache_name[255] = ""; + +static void get_def_princ + PROTOTYPE((krb5_context, + krb5_principal * )); + +void decode_kadmind_reply(); +int print_status_message(); +extern char *optarg; +extern int optind; + + +void +main(argc,argv) + int argc; + char *argv[]; +{ + krb5_ccache cache = NULL; + + krb5_address local_addr, foreign_addr; + + krb5_principal client; + + char *client_name; /* Single string representation of client id */ + + krb5_data *requested_realm; + krb5_creds my_creds; + + krb5_error_code retval; /* return code */ + + int local_socket; + + krb5_error *err_ret; + krb5_ap_rep_enc_part *rep_ret; + + kadmin_requests rd_priv_resp; + + krb5_context context; + krb5_data msg_data, inbuf; + char buffer[255]; + char command_type[120]; + char princ_name[120]; + int i, valid; + int option; + int oper_type; + int nflag = 0; + int port = 0; + + krb5_auth_context * new_auth_context; + krb5_replay_data replaydata; + + krb5_init_context(&context); + krb5_init_ets(context); + + client_name = (char *) malloc(755); + memset((char *) client_name, 0, sizeof(client_name)); + + while ((option = getopt(argc, argv, "c:np:")) != EOF) { + switch (option) { + case 'c': + strcpy (cache_name, optarg); + break; + case 'n': + nflag++; + break; + case 'p': + port = htons(atoi(optarg)); + break; + case '?': + default: + usage(); + break; + } + } + + if (optind < argc) { + /* Admin name specified on command line */ + strcpy(client_name, argv[optind++]); + if (retval = krb5_parse_name(context, client_name, &client)) { + fprintf(stderr, "Error Parsing %s\n", client_name); + usage(); + } + } + else { + /* Admin name should be defaulted */ + get_def_princ(context, &client); + if (retval = krb5_unparse_name(context, client, &client_name)) { + fprintf(stderr, "Unable to unparse default administrator name!\n"); + usage(); + } + } + + /* At this point, both client and client_name are set up. */ + + if (!nflag) { + strcpy(client_name, client->data[0].data); + strncat(client_name, "/admin@", 7); + strncat(client_name, client->realm.data, client->realm.length); + if (retval = krb5_parse_name(context, client_name, &client)) { + fprintf(stderr, "Unable to Parse %s\n", client_name); + usage(); + } + } + + if (optind < argc) + usage(); + + /* Create credential cache for kadmin */ + if (!cache_name[0]) + (void) sprintf(cache_name, "FILE:/tmp/tkt_adm_%d", getpid()); + + if ((retval = krb5_cc_resolve(context, cache_name, &cache))) { + fprintf(stderr, "Unable to Resolve Cache: %s!\n", cache_name); + } + + if ((retval = krb5_cc_initialize(context, cache, client))) { + fprintf(stderr, "Error initializing cache: %s!\n", cache_name); + exit(1); + } + +/* + * Verify User by Obtaining Initial Credentials prior to Initial Link + */ + + if ((retval = get_first_ticket(context, cache, client, &my_creds))) { + (void) krb5_cc_destroy(context, cache); + exit(1); + } + /* my_creds has the necessary credentials for further processing: + Destroy credential cache for security reasons */ + (void) krb5_cc_destroy(context, cache); + + requested_realm = (krb5_data *) &client->realm; + + + /* Initiate Link to Server */ + if ((retval = adm5_init_link(context, requested_realm, port, + &local_socket))) { + (void) krb5_cc_destroy(context, cache); + exit(1); + } + +#ifdef unicos61 +#define SIZEOF_INADDR SIZEOF_in_addr +#else +#define SIZEOF_INADDR sizeof(struct in_addr) +#endif + +/* V4 kpasswd Protocol Hack + * Necessary for ALL kadmind clients + */ + { + int msg_length = 0; + + retval = krb5_net_write(context, local_socket, (char *) &msg_length + 2, 2); + if (retval < 0) { + fprintf(stderr, "krb5_net_write failure!\n"); + (void) krb5_cc_destroy(context, cache); + exit(1); + } + } + + local_addr.addrtype = ADDRTYPE_INET; + local_addr.length = SIZEOF_INADDR ; + local_addr.contents = (krb5_octet *) &local_sin.sin_addr; + + foreign_addr.addrtype = ADDRTYPE_INET; + foreign_addr.length = SIZEOF_INADDR ; + foreign_addr.contents = (krb5_octet *) &remote_sin.sin_addr; + + krb5_auth_con_init(context, &new_auth_context); + krb5_auth_con_setflags(context, new_auth_context, + KRB5_AUTH_CONTEXT_RET_SEQUENCE); + + krb5_auth_con_setaddrs(context, new_auth_context, + &local_addr, &foreign_addr); + + /* call Kerberos library routine to obtain an authenticator, + pass it over the socket to the server, and obtain mutual + authentication. */ + + inbuf.data = ADM5_ADM_VERSION; + inbuf.length = strlen(ADM5_ADM_VERSION); + + if ((retval = krb5_sendauth(context, &new_auth_context, + (krb5_pointer) &local_socket, + ADM_CPW_VERSION, + my_creds.client, + my_creds.server, + AP_OPTS_MUTUAL_REQUIRED, + &inbuf, + &my_creds, + 0, + &err_ret, + &rep_ret, + NULL))) { + fprintf(stderr, "Error while performing sendauth: %s!\n", + error_message(retval)); + exit(1); + } + + /* Read back what the server has to say ... */ + if (retval = krb5_read_message(context, &local_socket, &inbuf)){ + fprintf(stderr, " Read Message Error: %s!\n", + error_message(retval)); + exit(1); + } + + if ((inbuf.length != 2) || (inbuf.data[0] != KADMIND) || + (inbuf.data[1] != KADMSAG)){ + fprintf(stderr, " Invalid ack from admin server.!\n"); + exit(1); + } + free(inbuf.data); + + if ((inbuf.data = (char *) calloc(1, 2)) == (char *) 0) { + fprintf(stderr, "No memory for command!\n"); + exit(1); + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = 0xff; + inbuf.length = 2; + + if ((retval = krb5_mk_priv(context, new_auth_context, &inbuf, + &msg_data, &replaydata))) { + fprintf(stderr, "Error during First Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + exit(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(context, &local_socket, &msg_data)){ + fprintf(stderr, "Write Error During First Message Transmission!\n"); + exit(1); + } + free(msg_data.data); + + for ( ; ; ) { + /* Ok Now let's get the private message */ + if (retval = krb5_read_message(context, &local_socket, &inbuf)){ + fprintf(stderr, "Read Error During First Reply: %s!\n", + error_message(retval)); + exit(1); + } + + if ((retval = krb5_rd_priv(context, new_auth_context, &inbuf, + &msg_data, &replaydata))) { + fprintf(stderr, "Error during First Read Decoding: %s!\n", + error_message(retval)); + exit(1); + } + free(inbuf.data); + + valid = 0; + princ_name[0] = '\0'; +repeat: + printf("\n\nCommand (add, cpw, del, inq, mod, addrnd, cpwrnd, addv4, cpwv4, q): "); + fgets(buffer, sizeof(buffer), stdin); + buffer[strlen(buffer) -1] = '\0'; + sscanf(buffer,"%s %s", command_type, princ_name); + for (i = 0; command_type[i] != '\0'; i++) + if (isupper(command_type[i])) + command_type[i] = tolower(command_type[i]); + + if (!strcmp(command_type, "add")) { + valid++; + oper_type = ADDOPER; + if (retval = kadm_add_user(context, new_auth_context, &my_creds, + &local_socket, oper_type, princ_name)) + break; + } + if (!strcmp(command_type, "cpw")) { + valid++; + oper_type = CHGOPER; + if (retval = kadm_cpw_user(context, new_auth_context, &my_creds, + &local_socket, oper_type, princ_name)) + break; + } + if (!strcmp(command_type, "addrnd")) { + valid++; + if (retval = kadm_add_user_rnd(context, new_auth_context, &my_creds, + &local_socket, princ_name)) + break; + } + if (!strcmp(command_type, "cpwrnd")) { + valid++; + if (retval = kadm_cpw_user_rnd(context, new_auth_context, &my_creds, + &local_socket, princ_name)) + break; + } + if (!strcmp(command_type, "del")) { + valid++; + if (retval = kadm_del_user(context, new_auth_context, &my_creds, + &local_socket, princ_name)) + break; + } + if (!strcmp(command_type, "inq")) { + valid++; + if (retval = kadm_inq_user(context, new_auth_context, &my_creds, + &local_socket, princ_name)) + break; + } + if (!strcmp(command_type, "mod")) { + valid++; + if (retval = kadm_mod_user(context, new_auth_context, &my_creds, + &local_socket, princ_name)) + break; + } + if (!strcmp(command_type, "addv4")) { + valid++; + oper_type = AD4OPER; + if (retval = kadm_add_user(context, new_auth_context, &my_creds, + &local_socket, oper_type, princ_name)) + break; + } + if (!strcmp(command_type, "cpwv4")) { + valid++; + oper_type = CH4OPER; + if (retval = kadm_cpw_user(context, new_auth_context, &my_creds, + &local_socket, oper_type, princ_name)) + break; + } + if (!strcmp(command_type, "q")) { + valid++; + retval = kadm_done(context, new_auth_context, &my_creds, + &local_socket); + break; + } + + if (!valid) { + fprintf(stderr, "Invalid Input - Retry\n"); + goto repeat; + } + } + + if (retval) { + exit(1); + } + + /* Ok Now let's get the final private message */ + if (retval = krb5_read_message(context, &local_socket, &inbuf)){ + fprintf(stderr, "Read Error During Final Reply: %s!\n", + error_message(retval)); + exit(1); + } + + if ((retval = krb5_rd_priv(context, new_auth_context, &inbuf, + &msg_data, &replaydata))) { + fprintf(stderr, "Error during Final Read Decoding :%s!\n", + error_message(retval)); + free(inbuf.data); + exit(1); + } + free(inbuf.data); + + decode_kadmind_reply(msg_data, &rd_priv_resp); + free(msg_data.data); + + if (!((rd_priv_resp.appl_code == KADMIN) && + (rd_priv_resp.retn_code == KADMGOOD))) { + if (rd_priv_resp.message) + fprintf(stderr, "%s\n", rd_priv_resp.message); + else + fprintf(stderr, "Generic Error During kadmin Termination!\n"); + retval = 1; + } else { + fprintf(stderr, "\nHave a Good Day.\n\n"); + } + + if (rd_priv_resp.message) + free(rd_priv_resp.message); + + + exit(retval); +} + +static krb5_error_code +get_first_ticket(context, cache, client, my_creds) + krb5_context context; + krb5_ccache cache; + krb5_principal client; + krb5_creds * my_creds; +{ + char prompt[255]; /* for the password prompt */ + + krb5_address **my_addresses; + + char *client_name; + krb5_error_code retval; + char *password; + int pwsize; + int i; + + if ((retval = krb5_unparse_name(context, client, &client_name))) { + fprintf(stderr, "Unable to Unparse Client Name!\n"); + return(1); + } + + if ((retval = krb5_os_localaddr(&my_addresses))) { + fprintf(stderr, "Unable to Get Principals Address!\n"); + return(1); + } + + memset((char *) my_creds, 0, sizeof(krb5_creds)); + + my_creds->client = client; + + if ((retval = krb5_build_principal_ext(context, &my_creds->server, + client->realm.length, + client->realm.data, + strlen(CPWNAME), + CPWNAME, /* kadmin */ + client->realm.length, + client->realm.data, + /* instance is <realm> */ + 0))) { + fprintf(stderr, "Error %s while building client name!\n", + error_message(retval)); + krb5_free_addresses(context, my_addresses); + return(1); + } + + (void) sprintf(prompt,"Password for %s: ", (char *) client_name); + + if ((password = (char *) calloc (1, 255)) == NULL) { + fprintf(stderr, "No Memory for Retrieving Admin Password!\n"); + return(1); + } + + pwsize = 255; + if ((retval = krb5_read_password(context, + prompt, + 0, + password, + &pwsize) || pwsize == 0)) { + fprintf(stderr, "Error while reading password for '%s'!\n", + client_name); + free(password); + krb5_free_addresses(context, my_addresses); + return(1); + } + + /* Build Request for Initial Credentials */ + retval = krb5_get_in_tkt_with_password(context, 0, /* options */ + my_addresses, + NULL, /* Default encryption list */ + NULL, /* Default preauth list */ + password, cache, my_creds, 0); + + /* Do NOT Forget to zap password */ + memset((char *) password, 0, pwsize); + free(password); + krb5_free_addresses(context, my_addresses); + + if (retval) { + fprintf(stderr, "\nUnable to Get Initial Credentials: %s!\n", + error_message(retval)); + return(1); + } + + return(0); +} + +krb5_error_code +adm5_init_link(context, realm_of_server, port, local_socket) + krb5_context context; + krb5_data *realm_of_server; + int port; + int * local_socket; +{ + struct servent *service_process; /* service we will talk to */ + struct hostent *remote_host; /* host we will talk to */ + char **hostlist; + int namelen; + int i; + + krb5_error_code retval; + + /* clear out the structure first */ + (void) memset((char *)&remote_sin, 0, sizeof(remote_sin)); + + if (port != 0) { + remote_sin.sin_port = port; + } else { + if ((service_process = getservbyname(CPW_SNAME, "tcp")) == NULL) { + fprintf(stderr, "Unable to find Service (%s) Check services file!\n", + CPW_SNAME); + return(1); + } + + /* Copy the Port Number */ + remote_sin.sin_port = service_process->s_port; + } + + hostlist = 0; + + /* Identify all Hosts Associated with this Realm */ + if ((retval = krb5_get_krbhst (context, realm_of_server, &hostlist))) { + fprintf(stderr, "krb5_get_krbhst: Unable to Determine Server Name!\n"); + return(retval); + } + + if (hostlist[0] == 0) { + fprintf(stderr, "No hosts found!\n"); + return KRB5_REALM_UNKNOWN; + } + + for (i=0; hostlist[i]; i++) { + remote_host = gethostbyname(hostlist[i]); + if (remote_host != 0) { + + /* set up the address of the foreign socket for connect() */ + remote_sin.sin_family = remote_host->h_addrtype; + (void) memcpy((char *) &remote_sin.sin_addr, + (char *) remote_host->h_addr, + sizeof(remote_host->h_addr)); + break; /* Only Need one */ + } + } + + krb5_free_krbhst(context, hostlist); + + /* open a TCP socket */ + *local_socket = socket(PF_INET, SOCK_STREAM, 0); + if (*local_socket < 0) { + retval = errno; + fprintf(stderr, "Cannot Open Socket!\n"); + return retval; + } + /* connect to the server */ + if (connect(*local_socket, &remote_sin, sizeof(remote_sin)) < 0) { + retval = errno; + fprintf(stderr, "Cannot Connect to Socket!\n"); + close(*local_socket); + return retval; + } + + /* find out who I am, now that we are connected and therefore bound */ + namelen = sizeof(local_sin); + if (getsockname(*local_socket, + (struct sockaddr *) &local_sin, &namelen) < 0) { + retval = errno; + fprintf(stderr, "Cannot Perform getsockname!\n"); + close(*local_socket); + return retval; + } + return 0; +} + +static void +get_def_princ(context, client) + krb5_context context; + krb5_principal *client; +{ + krb5_ccache cache = NULL; + struct passwd *pw; + int retval; + char client_name[755]; + krb5_flags cc_flags; + + /* Identify Default Credentials Cache */ + if (retval = krb5_cc_default(context, &cache)) { + fprintf(stderr, "Error while getting default ccache!\n"); + exit(1); + } + + /* + * Attempt to Modify Credentials Cache + * retval == 0 ==> ccache Exists - Use It + * retval == ENOENT ==> No Entries, but ccache Exists + * retval != 0 ==> Assume ccache does NOT Exist + */ + cc_flags = 0; + if (retval = krb5_cc_set_flags(context, cache, cc_flags)) { + /* Search passwd file for client */ + pw = getpwuid((int) getuid()); + if (pw) { + (void) strcpy(client_name, pw->pw_name); + if (!strncmp("root", client_name, strlen(client_name))) { + fprintf(stderr, + "root is not a valid Adimnistrator\n!\n"); + usage(); + } + } else { + fprintf(stderr, + "Unable to Identify Principal from Password File!\n"); + retval = 1; + usage(); + } + + /* Use this to get default_realm and format client_name */ + if ((retval = krb5_parse_name(context, client_name, client))) { + fprintf(stderr, "Unable to Parse Client Name!\n"); + usage(); + } + } else { + /* Read Client from Cache */ + if (retval = krb5_cc_get_principal(context, cache, client)) { + fprintf(stderr, + "Unable to Read Principal Credentials File!\n"); + exit(1); + } + + if (!strncmp("root", (*client)->data[0].data, + (*client)->data[0].length)) { + fprintf(stderr, "root is not a valid Administrator\n!\n"); + usage(); + } + + (void) krb5_cc_close(context, cache); + } +} + +usage() +{ + fprintf(stderr, "Usage: "); + fprintf(stderr, "kadmin [-n] [-p port] [Administrator name]\n\n"); + fprintf(stderr, " If an Administrator name is not supplied, kadmin "); + fprintf(stderr, "will first\n attempt to locate the name from "); + fprintf(stderr, "the default ticket file, then\n by using the "); + fprintf(stderr, "username from the 'passwd' file.\n\n"); + fprintf(stderr, " For Cross Realm Obtain a ticket for 'Administrator "); + fprintf(stderr, "name' in the\n Destination realm or "); + fprintf(stderr, "specify the Destination Realm\n as part of the "); + fprintf(stderr, "Administrator name option.\n\n"); + fprintf(stderr, " Note: If the Administrator Name is not "); + fprintf(stderr, "supplied, then the \n"); + fprintf(stderr, " '/admin' instance will be appended to the "); + fprintf(stderr, "default name unless\n"); + fprintf(stderr, " the -n option is used.\n\n"); + exit(0); +} + +void decode_kadmind_reply(data, response) + krb5_data data; + kadmin_requests *response; +{ + response->appl_code = data.data[0]; + response->oper_code = data.data[1]; + response->retn_code = data.data[2]; + if (data.length > 3 && data.data[3]) { + response->message = (char *)malloc(data.length - 2); + if (response->message) { + memcpy(response->message, data.data + 3, data.length - 3); + response->message[data.length - 3] = 0; + } + } else + response->message = NULL; + + return; +} + +int print_status_message(response, success_msg) + kadmin_requests *response; + char *success_msg; +{ + int retval = 1; + + if (response->appl_code == KADMIN) { + if (response->retn_code == KADMGOOD) { + fprintf(stderr, "%s\n", success_msg); + retval = 0; + } else if (response->retn_code == KADMBAD) + fprintf(stderr, "%s\n", response->message); + else + fprintf(stderr, "ERROR: unknown return code from server.\n"); + } else + fprintf(stderr, "ERROR: unknown application code from server.\n"); + + if (response->message) + free(response->message); + + return retval; +} diff --git a/src/kadmin.old/client/kadmin_add.c b/src/kadmin.old/client/kadmin_add.c new file mode 100644 index 0000000000..c04eca8446 --- /dev/null +++ b/src/kadmin.old/client/kadmin_add.c @@ -0,0 +1,236 @@ +/* + * kadmin/client/kadmin_add.c + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + */ + +/* + * Sandia National Laboratories also makes no representations about the + * suitability of the modifications, or additions to this software for + * any purpose. It is provided "as is" without express or implied warranty. + */ + + +/* + * kadmin_add + * Perform Remote Kerberos Administrative Functions + */ + +#include <stdio.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <netdb.h> +#include <string.h> +#include "com_err.h" + +#include <sys/param.h> + +#include "k5-int.h" +#include "adm_defs.h" + +void decode_kadmind_reply(); +int print_status_message(); + +krb5_error_code +kadm_add_user(context, auth_context, my_creds, local_socket, + oper_type, principal) + krb5_context context; + krb5_auth_context * auth_context; + krb5_creds * my_creds; + int * local_socket; + int oper_type; + char * principal; +{ + krb5_data msg_data, inbuf; + kadmin_requests rd_priv_resp; + char username[255]; + char *password; + int pwsize; + int count; + krb5_replay_data replaydata; + krb5_error_code retval; /* return code */ + + if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) { + fprintf(stderr, "No memory for command!\n"); + return(1); + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = oper_type; + inbuf.data[2] = SENDDATA2; + + if (principal && principal[0] != '\0') + strcpy(username, principal); + else { + count = 0; + do { + fprintf(stdout, "\nName of Principal to be Added: "); + fgets(username, sizeof(username), stdin); + if (username[0] == '\n') + fprintf(stderr, "Invalid Principal name!\n"); + count++; + } while (username[0] == '\n' && count < 3); + + if (username[0] == '\n') { + fprintf(stderr, "Aborting!!\n\n"); + return(1); + } + + username[strlen(username) -1] = '\0'; + } + + (void) memcpy( inbuf.data + 3, username, strlen(username)); + inbuf.length = strlen(username) + 3; + + if ((retval = krb5_mk_priv(context, auth_context, &inbuf, + &msg_data, &replaydata))) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(context, local_socket, &msg_data)){ + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + return(1); + } + + free(msg_data.data); + + if (retval = krb5_read_message(context, local_socket, &inbuf)){ + fprintf(stderr, "Read Error During Second Reply: %s!\n", + error_message(retval)); + return(1); + } + + if (retval = krb5_rd_priv(context, auth_context, &inbuf, + &msg_data, &replaydata)) { + fprintf(stderr, "Error during Second Read Decoding :%s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + if (msg_data.data[2] == KADMBAD) { + decode_kadmind_reply(msg_data, &rd_priv_resp); + + if (rd_priv_resp.message) { + fprintf(stderr, "%s\n\n", rd_priv_resp.message); + free(rd_priv_resp.message); + } else + fprintf(stderr, "Generic error from server.\n\n"); + return(0); + } + +#ifdef MACH_PASS + pwsize = msg_data.length; + if ((password = (char *) calloc (1, pwsize)) == (char *) 0) { + fprintf(stderr, "No Memory for allocation of password!\n"); + retval = 1; + free(msg_data.data); + return(1); + } + + memcpy(password, msg_data.data, pwsize); + memset(msg_data.data, 0, pwsize); + password[pwsize] = '\0'; + fprintf(stdout, "\nPassword for \"%s\" is \"%s\"\n", username, password); + memset(password, 0, pwsize); + free(password); + fprintf(stdout, "\nThis password can only be used to execute kpasswd\n\n"); + + free(msg_data.data); + + if ((inbuf.data = (char *) calloc(1, 2)) == (char *) 0) { + fprintf(stderr, "No memory for command!\n"); + return(1); + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = KADMGOOD; + inbuf.length = 2; + +#else + + if ((password = (char *) calloc (1, ADM_MAX_PW_LENGTH+1)) == (char *) 0) { + fprintf(stderr, "No Memory for allocation of password!\n"); + return(1); + } + + pwsize = ADM_MAX_PW_LENGTH+1; + + putchar('\n'); + if (retval = krb5_read_password(context, + DEFAULT_PWD_STRING1, + DEFAULT_PWD_STRING2, + password, + &pwsize)) { + fprintf(stderr, "Error while reading new password for %s: %s!\n", + username, error_message(retval)); + (void) memset((char *) password, 0, ADM_MAX_PW_LENGTH+1); + free(password); + return(1); + } + + if ((inbuf.data = (char *) calloc(1, strlen(password) + 1)) == (char *) 0) { + fprintf(stderr, "No Memory for allocation of buffer!\n"); + (void) memset((char *) password, 0, ADM_MAX_PW_LENGTH+1); + free(password); + return(1); + } + + inbuf.length = strlen(password); + (void) memcpy(inbuf.data, password, strlen(password)); + free(password); + +#endif /* MACH_PASS */ + + if ((retval = krb5_mk_priv(context, auth_context, &inbuf, + &msg_data, &replaydata))) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(context, local_socket, &msg_data)){ + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + return(1); + } + free(msg_data.data); + + /* Ok Now let's get the final private message */ + if (retval = krb5_read_message(context, local_socket, &inbuf)){ + fprintf(stderr, "Read Error During Final Reply: %s!\n", + error_message(retval)); + retval = 1; + } + + if ((retval = krb5_rd_priv(context, auth_context, &inbuf, + &msg_data, &replaydata))) { + fprintf(stderr, "Error during Final Read Decoding :%s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + decode_kadmind_reply(msg_data, &rd_priv_resp); + + free(msg_data.data); + + retval = print_status_message(&rd_priv_resp, + "Database Addition Successful."); + + return(retval); +} diff --git a/src/kadmin.old/client/kadmin_adr.c b/src/kadmin.old/client/kadmin_adr.c new file mode 100644 index 0000000000..9a4cea7f88 --- /dev/null +++ b/src/kadmin.old/client/kadmin_adr.c @@ -0,0 +1,129 @@ +/* + * kadmin/client/kadmin_adr.c + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + */ + +/* + * Sandia National Laboratories also makes no representations about the + * suitability of the modifications, or additions to this software for + * any purpose. It is provided "as is" without express or implied warranty. + */ + + +/* + * kadmin_adr + * Perform Remote Kerberos Administrative Functions + */ + +#include <stdio.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <netdb.h> +#include <string.h> +#include <com_err.h> + +#include <sys/param.h> + +#include <krb5.h> +#include "adm_defs.h" + +void decode_kadmind_reply(); +int print_status_message(); + +krb5_error_code +kadm_add_user_rnd(context, auth_context, my_creds, + local_socket, seqno, principal) + krb5_context context; + krb5_auth_context *auth_context; + int *local_socket; + krb5_int32 *seqno; + char *principal; +{ + krb5_data msg_data, inbuf; + kadmin_requests rd_priv_resp; + char username[755]; + int count; + krb5_replay_data replaydata; + krb5_error_code retval; /* return code */ + + if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) { + fprintf(stderr, "No memory for command!\n"); + return(1); + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = ADROPER; + inbuf.data[2] = SENDDATA2; + + if (principal && principal[0] != '\0') + strcpy(username, principal); + else { + count = 0; + do { + fprintf(stdout, "\nName of Principal to be Added: "); + fgets(username, sizeof(username), stdin); + if (username[0] == '\n') + fprintf(stderr, "Invalid Principal name!\n"); + count++; + } + while (username[0] == '\n' && count < 3); + + if (username[0] == '\n') { + fprintf(stderr, "Aborting!!\n\n"); + return(1); + } + username[strlen(username) -1] = '\0'; + } + + + (void) memcpy( inbuf.data + 3, username, strlen(username)); + inbuf.length = strlen(username) + 3; + + if ((retval = krb5_mk_priv(context, auth_context, &inbuf, + &msg_data, &replaydata))) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(context, local_socket, &msg_data)){ + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + return(1); + } + + free(msg_data.data); + + /* Ok Now let's get the final private message */ + if (retval = krb5_read_message(context, local_socket, &inbuf)){ + fprintf(stderr, "Read Error During Final Reply: %s!\n", + error_message(retval)); + retval = 1; + } + + if ((retval = krb5_rd_priv(context, auth_context, &inbuf, + &msg_data, &replaydata))) { + fprintf(stderr, "Error during Final Read Decoding :%s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + + decode_kadmind_reply(msg_data, &rd_priv_resp); + + free(inbuf.data); + free(msg_data.data); + + retval = print_status_message(&rd_priv_resp, + "Database Addition Successful."); + + return(retval); +} diff --git a/src/kadmin.old/client/kadmin_cpr.c b/src/kadmin.old/client/kadmin_cpr.c new file mode 100644 index 0000000000..ee0b946b6e --- /dev/null +++ b/src/kadmin.old/client/kadmin_cpr.c @@ -0,0 +1,132 @@ +/* + * kadmin/client/kadmin_cpr.c + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + */ + +/* + * Sandia National Laboratories also makes no representations about the + * suitability of the modifications, or additions to this software for + * any purpose. It is provided "as is" without express or implied warranty. + */ + + +/* + * kadmin_cpr + * Perform Remote Kerberos Administrative Functions + */ + +#include <stdio.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <netdb.h> +#include <signal.h> +#include <string.h> +#include <com_err.h> + +#include <sys/param.h> + +#include <krb5.h> +#include "adm_defs.h" + +void decode_kadmind_reply(); +int print_status_message(); + +krb5_error_code +kadm_cpw_user_rnd(context, auth_context, my_creds, + local_socket, seqno, principal) + krb5_context context; + krb5_auth_context *auth_context; + int *local_socket; + krb5_int32 *seqno; + char *principal; +{ + krb5_data msg_data, inbuf; + kadmin_requests rd_priv_resp; + char username[755]; + int count; + krb5_replay_data replaydata; + krb5_error_code retval; /* return code */ + + if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) { fprintf(stderr, "No memory for command!\n"); + exit(1); + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = CHROPER; + inbuf.data[2] = SENDDATA2; + + if (principal && principal[0] != '\0') + strcpy(username, principal); + else { + count = 0; + do { + fprintf(stdout, + "\nName of Principal Whose Password is to Change: "); + fgets(username, sizeof(username), stdin); + if (username[0] == '\n') + fprintf(stderr, "Invalid Principal name!\n"); + count++; + } + while (username[0] == '\n' && count < 3); + + if (username[0] == '\n') { + fprintf(stderr, "Aborting!!\n\n"); + return(1); + } + username[strlen(username) -1] = '\0'; + } + + (void) memcpy( inbuf.data + 3, username, strlen(username)); + inbuf.length = strlen(username) + 3; + + /* Transmit Principal Name */ + if ((retval = krb5_mk_priv(context, auth_context, &inbuf, + &msg_data, &replaydata))) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(context, local_socket, &msg_data)){ + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + return(1); + } + free(msg_data.data); + + /* Ok Now let's get the final private message */ + if (retval = krb5_read_message(context, local_socket, &inbuf)){ + fprintf(stderr, "Read Error During Final Reply: %s!\n", + error_message(retval)); + retval = 1; + } + + if ((retval = krb5_rd_priv(context, auth_context, &inbuf, + &msg_data, &replaydata))) { + fprintf(stderr, "Error during Final Read Decoding :%s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + decode_kadmind_reply(msg_data, &rd_priv_resp); + + free(inbuf.data); + free(msg_data.data); + + print_status_message(&rd_priv_resp, + "Password Modification Successful."); + + return(0); +} + + diff --git a/src/kadmin.old/client/kadmin_cpw.c b/src/kadmin.old/client/kadmin_cpw.c new file mode 100644 index 0000000000..5705b9f5e1 --- /dev/null +++ b/src/kadmin.old/client/kadmin_cpw.c @@ -0,0 +1,246 @@ +/* + * kadmin/client/kadmin_cpw.c + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + */ + +/* + * Sandia National Laboratories also makes no representations about the + * suitability of the modifications, or additions to this software for + * any purpose. It is provided "as is" without express or implied warranty. + */ + + +/* + * kadmin_cpw + * Perform Remote Kerberos Administrative Functions + */ + +#include <stdio.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <netdb.h> +#include <signal.h> +#include <string.h> +#include <com_err.h> + +#include <sys/param.h> + +#include <k5-int.h> +#include "adm_defs.h" + +void decode_kadmind_reply(); +int print_status_message(); + +krb5_error_code +kadm_cpw_user(context, auth_context, my_creds, + local_socket, oper_type, principal) + krb5_context context; + krb5_auth_context *auth_context; + int *local_socket; + int oper_type; + char *principal; +{ + krb5_data msg_data, inbuf; + kadmin_requests rd_priv_resp; + char username[255]; + char *password; + int pwsize; + int count; + krb5_replay_data replaydata; + krb5_error_code retval; /* return code */ + + if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) { fprintf(stderr, "No memory for command!\n"); + exit(1); + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = oper_type; + inbuf.data[2] = SENDDATA2; + + if (principal && principal[0] != '\0') + strcpy(username, principal); + else { + count = 0; + do { + fprintf(stdout, + "\nName of Principal Whose Password is to Change: "); + fgets(username, sizeof(username), stdin); + if (username[0] == '\n') + fprintf(stderr, "Invalid Principal name!\n"); + count++; + } + while (username[0] == '\n' && count < 3); + + if (username[0] == '\n') { + fprintf(stderr, "Aborting!!\n\n"); + return(1); + } + + username[strlen(username) -1] = '\0'; + } + + (void) memcpy( inbuf.data + 3, username, strlen(username)); + inbuf.length = strlen(username) + 3; + + /* Transmit Principal Name */ + if ((retval = krb5_mk_priv(context, auth_context, &inbuf, + &msg_data, &replaydata))) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(context, local_socket, &msg_data)){ + free(msg_data.data); + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + return(1); + } + free(msg_data.data); + + if (retval = krb5_read_message(context, local_socket, &inbuf)){ + fprintf(stderr, "Read Error During Second Reply: %s!\n", + error_message(retval)); + return(1); + } + + if ((retval = krb5_rd_priv(context, auth_context, &inbuf, + &msg_data, &replaydata))) { + fprintf(stderr, "Error during Second Read Decoding :%s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + if (msg_data.data[2] == KADMBAD) { + decode_kadmind_reply(msg_data, &rd_priv_resp); + + if (rd_priv_resp.message) { + fprintf(stderr, "%s\n\n", rd_priv_resp.message); + free(rd_priv_resp.message); + } else + fprintf(stderr, "Generic error from server.\n\n"); + memset(msg_data.data, 0, msg_data.length); + free(msg_data.data); + return(0); + } + + if ((oper_type == CHGOPER && msg_data.data[3] == KRB5_KDB_SALTTYPE_V4) || + (oper_type == CH4OPER && msg_data.data[3] == KRB5_KDB_SALTTYPE_NORMAL)) + fprintf(stderr, "WARNING: Changing Principal Salt type to %s!\n", + (msg_data.data[3] == KRB5_KDB_SALTTYPE_V4) ? + "Version 5 Normal" : "Version 4"); + +#ifdef MACH_PASS /* Machine-generated passwords */ + pwsize = msg_data.length; + if ((password = (char *) calloc (1, pwsize)) == (char *) 0) { + fprintf(stderr, "No Memory for allocation of password!\n"); + memset(msg_data.data, 0, msg_data.length); + free(msg_data.data); + return(1); + } + + memcpy(password, msg_data.data, pwsize); + memset(msg_data.data, 0, pwsize); + free(msg_data.data); + password[pwsize] = '\0'; + fprintf(stdout, "\nPassword for \"%s\" is \"%s\"\n", username, password); + memset(password, 0, pwsize); + free(password); + fprintf(stdout, "\nThis password can only be used to execute kpasswd\n\n"); + + if ((inbuf.data = (char *) calloc(1, 2)) == (char *) 0) { + fprintf(stderr, "No memory for command!\n"); + return(1); + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = KADMGOOD; + inbuf.length = 2; + +#else + + if ((password = (char *) calloc (1, ADM_MAX_PW_LENGTH+1)) == (char *) 0) { + fprintf(stderr, "No Memory for allocation of password!\n"); + return(1); + } + + pwsize = ADM_MAX_PW_LENGTH+1; + + putchar('\n'); + if ((retval = krb5_read_password(context, + DEFAULT_PWD_STRING1, + DEFAULT_PWD_STRING2, + password, + &pwsize))) { + fprintf(stderr, "Error while reading new password for %s: %s!\n", + username, error_message(retval)); + (void) memset((char *) password, 0, ADM_MAX_PW_LENGTH+1); + free(password); + return(1); + } + + if ((inbuf.data = (char *) calloc (1, strlen(password) + 1)) == + (char *) 0) { + fprintf(stderr, "No Memory for allocation of buffer!\n"); + (void) memset((char *) password, 0, ADM_MAX_PW_LENGTH+1); + free(password); + return(1); /* No Memory */ + } + + inbuf.length = strlen(password); + (void) memcpy(inbuf.data, password, strlen(password)); + free(password); + +#endif /* MACH_PASS */ + + if ((retval = krb5_mk_priv(context, auth_context, &inbuf, + &msg_data, &replaydata))) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(context, local_socket, &msg_data)){ + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + return(1); + } + free(msg_data.data); + + /* Ok Now let's get the final private message */ + if (retval = krb5_read_message(context, local_socket, &inbuf)){ + fprintf(stderr, "Read Error During Final Reply: %s!\n", + error_message(retval)); + retval = 1; + } + + if ((retval = krb5_rd_priv(context, auth_context, &inbuf, + &msg_data, &replaydata))) { + fprintf(stderr, "Error during Final Read Decoding :%s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + + decode_kadmind_reply(msg_data, &rd_priv_resp); + + free(inbuf.data); + free(msg_data.data); + + print_status_message(&rd_priv_resp, + "Password Modification Successful."); + + return(0); +} diff --git a/src/kadmin.old/client/kadmin_del.c b/src/kadmin.old/client/kadmin_del.c new file mode 100644 index 0000000000..1753f007ca --- /dev/null +++ b/src/kadmin.old/client/kadmin_del.c @@ -0,0 +1,124 @@ +/* + * kadmin/client/kadmin_del.c + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + */ + +/* + * Sandia National Laboratories also makes no representations about the + * suitability of the modifications, or additions to this software for + * any purpose. It is provided "as is" without express or implied warranty. + */ + + +/* + * kadmin_del + * Perform Remote Kerberos Administrative Functions + */ + +#include <stdio.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <netdb.h> +#include <string.h> +#include <com_err.h> + +#include <krb5.h> +#include "adm_defs.h" + +void decode_kadmind_reply(); +int print_status_message(); + +krb5_error_code +kadm_del_user(context, auth_context, my_creds, local_socket, principal) + krb5_context context; + krb5_auth_context *auth_context; + int *local_socket; + char *principal; +{ + krb5_data msg_data, inbuf; + kadmin_requests rd_priv_resp; + char username[755]; + int count; + krb5_replay_data replaydata; + krb5_error_code retval; /* return code */ + + if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) { + fprintf(stderr, "No memory for command!\n"); + return(1); + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = DELOPER; + inbuf.data[2] = SENDDATA2; + + if (principal && principal[0] != '\0') + strcpy(username, principal); + else { + count = 0; + do { + fprintf(stdout, "\nName of Principal to be Deleted: "); + fgets(username, sizeof(username), stdin); + if (username[0] == '\n') + fprintf(stderr, "Invalid Principal name!\n"); + count++; + } + while (username[0] == '\n' && count < 3); + + if (username[0] == '\n') { + fprintf(stderr, "Aborting!!\n\n"); + return(1); + } + + username[strlen(username) -1] = '\0'; + } + + (void) memcpy( inbuf.data + 3, username, strlen(username)); + inbuf.length = strlen(username) + 3; + + if ((retval = krb5_mk_priv(context, auth_context, &inbuf, + &msg_data, &replaydata))) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(context, local_socket, &msg_data)){ + free(msg_data.data); + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + return(1); + } + free(msg_data.data); + + /* Ok Now let's get the final private message */ + if (retval = krb5_read_message(context, local_socket, &inbuf)){ + fprintf(stderr, "Read Error During Final Reply: %s!\n", + error_message(retval)); + return(1); + } + + if ((retval = krb5_rd_priv(context, auth_context, &inbuf, + &msg_data, &replaydata))) { + fprintf(stderr, "Error during Second Decoding :%s!\n", + error_message(retval)); + return(1); + } + + decode_kadmind_reply(msg_data, &rd_priv_resp); + + free(inbuf.data); + free(msg_data.data); + + print_status_message(&rd_priv_resp, + "Database Deletion Successful."); + + return(0); +} diff --git a/src/kadmin.old/client/kadmin_done.c b/src/kadmin.old/client/kadmin_done.c new file mode 100644 index 0000000000..7f3f7bb94e --- /dev/null +++ b/src/kadmin.old/client/kadmin_done.c @@ -0,0 +1,70 @@ +/* + * kadmin/client/kadmin_done.c + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + */ + +/* + * Sandia National Laboratories also makes no representations about the + * suitability of the modifications, or additions to this software for + * any purpose. It is provided "as is" without express or implied warranty. + */ + + +/* + * kadmin_done + * Perform Remote Kerberos Administrative Functions + */ + +#include <stdio.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <netdb.h> +#include <string.h> +#include <com_err.h> + +#include <krb5.h> +#include "adm_defs.h" + +krb5_error_code +kadm_done(context, auth_context, my_creds, local_socket, seqno) + krb5_context context; + krb5_auth_context *auth_context; + int *local_socket; + krb5_int32 *seqno; +{ + krb5_replay_data replaydata; + krb5_data msg_data, inbuf; + krb5_error_code retval; /* return code */ + char buf[16]; + + inbuf.data = buf; + + inbuf.data[0] = KADMIN; + inbuf.data[1] = COMPLETE; + inbuf.data[2] = SENDDATA2; + inbuf.data[3] = 0xff; + (void) memset( inbuf.data + 4, 0, 4); + inbuf.length = 16; + + if ((retval = krb5_mk_priv(context, auth_context, &inbuf, + &msg_data, &replaydata))) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + return(1); + } + + /* write private message to server */ + if (krb5_write_message(context, local_socket, &msg_data)) { + free(msg_data.data); + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + return(1); + } + free(msg_data.data); + return(0); +} diff --git a/src/kadmin.old/client/kadmin_inq.c b/src/kadmin.old/client/kadmin_inq.c new file mode 100644 index 0000000000..374455b7c5 --- /dev/null +++ b/src/kadmin.old/client/kadmin_inq.c @@ -0,0 +1,198 @@ +/* + * kadmin/client/kadmin_inq.c + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + */ + +/* + * Sandia National Laboratories also makes no representations about the + * suitability of the modifications, or additions to this software for + * any purpose. It is provided "as is" without express or implied warranty. + */ + + +/* + * kadmin_inq + * Perform Remote Kerberos Administrative Functions + */ + +#include <stdio.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <netdb.h> +#include <signal.h> +#include <string.h> +#include <com_err.h> + +#include <krb5.h> +#include "adm_defs.h" + +void decode_kadmind_reply(); +int print_status_message(); + +krb5_error_code +kadm_inq_user(context, auth_context, my_creds, local_socket, principal) + krb5_context context; + krb5_auth_context *auth_context; + int *local_socket; + char *principal; +{ + krb5_replay_data replaydata; + krb5_data msg_data, inbuf; + kadmin_requests rd_priv_resp; + char username[755]; + int count; + krb5_error_code retval; /* return code */ + char *my_data; + + if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) { + fprintf(stderr, "No memory for command!\n"); + return(1); + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = INQOPER; + inbuf.data[2] = SENDDATA2; + + if (principal && principal[0] != '\0') + strcpy(username, principal); + else { + count = 0; + do { + fprintf(stdout, "\nName of Principal to be Displayed: "); + fgets(username, sizeof(username), stdin); + if (username[0] == '\n') + fprintf(stderr, "Invalid Principal name!\n"); + count++; + } + while (username[0] == '\n' && count < 3); + + if (username[0] == '\n') { + fprintf(stderr, "Aborting!!\n\n"); + return(1); + } + + username[strlen(username) -1] = '\0'; + } + + (void) memcpy( inbuf.data + 3, username, strlen(username)); + inbuf.length = strlen(username) + 3; + + if (retval = krb5_mk_priv(context, auth_context, &inbuf, + &msg_data, &replaydata)) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(context, local_socket, &msg_data)){ + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + return(1); + } + free(msg_data.data); + + /* Ok Now let's get the private message */ + if ((retval = krb5_read_message(context, local_socket, &inbuf))){ + fprintf(stderr, "Read Error During Second Reply: %s!\n", + error_message(retval)); + return(1); + } + + if (retval = krb5_rd_priv(context, auth_context, &inbuf, + &msg_data, &replaydata)) { + fprintf(stderr, "Error during Second Read Decoding :%s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + if (!msg_data.data) { + fprintf(stderr, "kadm_inq_user: Error - empty message received!\n\n"); + return(0); + } + + if (msg_data.data[2] == KADMBAD) { + decode_kadmind_reply(msg_data, &rd_priv_resp); + + if (rd_priv_resp.message) { + fprintf(stderr, "%s\n\n", rd_priv_resp.message); + free(rd_priv_resp.message); + } else + fprintf(stderr, "Generic error from server.\n\n"); + return(0); + } + + my_data = (char *)malloc(msg_data.length + 1); + if (!my_data) { + fprintf(stderr, "kadmin_inq: Couldn't allocate space for my_data!\n"); + exit(1); + } + memcpy(my_data, msg_data.data, msg_data.length); + my_data[msg_data.length] = 0; + + /* Print Inquiry Information */ + fprintf(stdout, "%s\n", my_data); + free(my_data); + free(msg_data.data); + + if ((inbuf.data = (char *) calloc(1, 3)) == (char *) 0) { + fprintf(stderr, "inbuf.data allocation error!\n"); + return(1); + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = KADMGOOD; + inbuf.length = 2; + + if (retval = krb5_mk_priv(context, auth_context, &inbuf, + &msg_data, &replaydata)) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(context, local_socket, &msg_data)){ + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + free(msg_data.data); + return(1); + } + free(msg_data.data); + + /* Ok Now let's get the final private message */ + if (retval = krb5_read_message(context, local_socket, &inbuf)){ + fprintf(stderr, "Read Error During Final Reply: %s!\n", + error_message(retval)); + retval = 1; + } + + if (retval = krb5_rd_priv(context, auth_context, &inbuf, + &msg_data, &replaydata)) { + fprintf(stderr, "Error during Final Read Decoding :%s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + decode_kadmind_reply(msg_data, &rd_priv_resp); + + free(inbuf.data); + free(msg_data.data); + + print_status_message(&rd_priv_resp, + "Password Inquiry Successful."); + + return(0); +} diff --git a/src/kadmin.old/client/kadmin_mod.c b/src/kadmin.old/client/kadmin_mod.c new file mode 100644 index 0000000000..e7d5654133 --- /dev/null +++ b/src/kadmin.old/client/kadmin_mod.c @@ -0,0 +1,185 @@ +/* + * kadmin/client/kadmin_mod.c + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + */ + +/* + * Sandia National Laboratories also makes no representations about the + * suitability of the modifications, or additions to this software for + * any purpose. It is provided "as is" without express or implied warranty. + */ + + +/* + * kadmin_mod + * Perform Remote Kerberos Administrative Functions + */ + +#include <stdio.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <netdb.h> +#include <signal.h> +#include <string.h> +#include <com_err.h> + +#include <krb5.h> +#include "adm_defs.h" + +void decode_kadmind_reply(); +int print_status_message(); + +krb5_error_code +kadm_mod_user(context, auth_context, my_creds, local_socket, principal) + krb5_context context; + krb5_auth_context *auth_context; + krb5_creds *my_creds; + int *local_socket; + char *principal; +{ + krb5_data msg_data, inbuf; + kadmin_requests rd_priv_resp; + char username[755]; + int count; + krb5_replay_data replaydata; + krb5_error_code retval; /* return code */ + + if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) { fprintf(stderr, "No memory for command!\n"); + exit(1); + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = MODOPER; + inbuf.data[2] = SENDDATA2; + + if (principal && principal[0] != '\0') + strcpy(username, principal); + else { + count = 0; + do { + fprintf(stdout, "\nName of Principal to be Modified: "); + fgets(username, sizeof(username), stdin); + if (username[0] == '\n') + fprintf(stderr, "Invalid Principal name!\n"); + count++; + } + while (username[0] == '\n' && count < 3); + + if (username[0] == '\n') { + fprintf(stderr, "Aborting!!\n\n"); + return(1); + } + + username[strlen(username) -1] = '\0'; + } + + (void) memcpy( inbuf.data + 3, username, strlen(username)); + inbuf.length = strlen(username) + 3; + + if ((retval = krb5_mk_priv(context, auth_context, &inbuf, + &msg_data, &replaydata))) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(context, local_socket, &msg_data)){ + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + return(1); + } + free(msg_data.data); + + /* Ok Now let's get the private message */ + if (retval = krb5_read_message(context, local_socket, &inbuf)){ + fprintf(stderr, "Read Error During Second Reply: %s!\n", + error_message(retval)); + return(1); + } + + if ((retval = krb5_rd_priv(context, auth_context, &inbuf, + &msg_data, &replaydata))) { + fprintf(stderr, "Error during Second Read Decoding :%s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + if (msg_data.data[2] == KADMBAD) { + decode_kadmind_reply(msg_data, &rd_priv_resp); + + if (rd_priv_resp.message) { + fprintf(stderr, "%s\n\n", rd_priv_resp.message); + free(rd_priv_resp.message); + } else + fprintf(stderr, "Generic error from server.\n\n"); + free(msg_data.data); + return(0); + } + free(msg_data.data); + + kadm_snd_mod(context, auth_context, my_creds, local_socket); + + if ((inbuf.data = (char *) calloc(1, 2)) == (char *) 0) { + fprintf(stderr, "No memory for command!\n"); + return(1); + } + + + inbuf.data[0] = KADMIN; + inbuf.data[1] = KADMGOOD; + inbuf.data[2] = SENDDATA3; + inbuf.length = 3; + + if ((retval = krb5_mk_priv(context, auth_context, &inbuf, + &msg_data, &replaydata))) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(context, local_socket, &msg_data)){ + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + free(msg_data.data); + return(1); + } + free(msg_data.data); + + /* Ok Now let's get the final private message */ + if (retval = krb5_read_message(context, local_socket, &inbuf)){ + fprintf(stderr, "Read Error During Final Reply: %s!\n", + error_message(retval)); + retval = 1; + } + + if ((retval = krb5_rd_priv(context, auth_context, &inbuf, + &msg_data, &replaydata))) { + fprintf(stderr, "Error during Final Read Decoding :%s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + + + decode_kadmind_reply(msg_data, &rd_priv_resp); + + free(inbuf.data); + free(msg_data.data); + + print_status_message(&rd_priv_resp, + "Database Modification Successful."); + + return(0); +} diff --git a/src/kadmin.old/client/kadmin_msnd.c b/src/kadmin.old/client/kadmin_msnd.c new file mode 100644 index 0000000000..7887e435e2 --- /dev/null +++ b/src/kadmin.old/client/kadmin_msnd.c @@ -0,0 +1,273 @@ +/* + * kadmin/client/kadmin_msnd.c + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + */ + +/* + * Sandia National Laboratories also makes no representations about the + * suitability of the modifications, or additions to this software for + * any purpose. It is provided "as is" without express or implied warranty. + */ + + +/* + * kadmin_snd_mod + * Perform Remote Kerberos Administrative Functions + */ + +#include <stdio.h> +#include <ctype.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <netdb.h> +#include <signal.h> +#include <string.h> +#include <com_err.h> + +#include <sys/param.h> +#include <pwd.h> + +#include <sys/stat.h> + +#include <krb5.h> +#include "adm_defs.h" + +#ifndef MAXPATHLEN +#define MAXPATHLEN 1024 +#endif + +krb5_error_code +kadm_snd_mod(context, auth_context, my_creds, local_socket) + krb5_context context; + krb5_auth_context *auth_context; + krb5_creds *my_creds; + int *local_socket; +{ + krb5_replay_data replaydata; + krb5_error_code retval; /* return code */ + krb5_data msg_data, inbuf; + char mod_type[10]; + char attrib[20]; + char version[10]; + int value; + int valid_command; + int i; + + for ( ; ; ) { + valid_command = 0; +repeat1: +#ifdef SANDIA + fprintf(stdout, "\nParameter Type to be Modified (fcnt, vno, attr, or q): "); +#else + fprintf(stdout, "\nParameter Type to be Modified (vno, attr, or q): "); +#endif + + (void) fgets(mod_type, 10, stdin); + mod_type[strlen(mod_type) - 1] = '\0'; + + if ((inbuf.data = (char *) calloc(1, 80)) == (char *) 0) { + fprintf(stderr, "No memory for command!\n"); + exit(1); + } + + if (!strcmp(mod_type, "q")) { + free(inbuf.data); + goto alldone; + } +#ifdef SANDIA + if (!strcmp(mod_type, "fcnt")) { + valid_command = 1; +repeat_cnt: + fprintf(stdout, "\nFailure Count: "); + (void) fgets(version, sizeof(version), stdin); + /* Make sure version is null terminated */ + version[sizeof(version) -1] = '\0'; + /* Strip linefeed */ + if (version[strlen(version) - 1] == '\n') + version[strlen(version) - 1] = '\0'; + if (!strcmp(version, "q")) { + free(inbuf.data); + goto alldone; + } + value = -1; + sscanf(version,"%d",&value); + if (value < 0 || value > 10 ) { + fprintf(stderr, "Value must be between 0 and 10!\n"); + goto repeat_cnt; + } + inbuf.data[3] = KMODFCNT; + (void) memcpy(inbuf.data + 4, version, strlen(version)); + inbuf.length = strlen(version) + 4; + } +#endif + if (!strcmp(mod_type, "vno")) { + valid_command = 1; +repeat2: + fprintf(stdout, "\nVersion Number: "); + (void) fgets(version, sizeof(version), stdin); + /* Make sure version is null terminated */ + version[sizeof(version) -1] = '\0'; + /* Strip linefeed */ + if (version[strlen(version) - 1] == '\n') + version[strlen(version) - 1] = '\0'; + if (!strcmp(version, "q")) { + free(inbuf.data); + goto alldone; + } + value = -1; + sscanf(version,"%d",&value); + if (value < 0 || value > 255 ) { + fprintf(stderr, "Value must be between 0 and 255!\n"); + goto repeat2; + } + inbuf.data[3] = KMODVNO; + (void) memcpy(inbuf.data + 4, version, strlen(version)); + inbuf.length = strlen(version) + 4; + } + + if (!strcmp(mod_type, "attr")) { + valid_command = 1; +repeat3: + fprintf(stdout, "\nAttribute: "); + fgets(attrib, 20, stdin); + attrib[strlen(attrib) - 1] = '\0'; + for (i = 0; attrib[i] != '\0'; i++) + if (isupper(attrib[i])) + attrib[i] = tolower(attrib[i]); + + inbuf.data[3] = KMODATTR; + inbuf.data[4] = BADATTR; + inbuf.length = 5; + if (!strcmp(attrib, "post")) inbuf.data[4] = ATTRPOST; + if (!strcmp(attrib, "nopost")) inbuf.data[4] = ATTRNOPOST; + if (!strcmp(attrib, "forward")) inbuf.data[4] = ATTRFOR; + if (!strcmp(attrib, "noforward")) inbuf.data[4] = ATTRNOFOR; + if (!strcmp(attrib, "tgt")) inbuf.data[4] = ATTRTGT; + if (!strcmp(attrib, "notgt")) inbuf.data[4] = ATTRNOTGT; + if (!strcmp(attrib, "ren")) inbuf.data[4] = ATTRREN; + if (!strcmp(attrib, "noren")) inbuf.data[4] = ATTRNOREN; + if (!strcmp(attrib, "proxy")) inbuf.data[4] = ATTRPROXY; + if (!strcmp(attrib, "noproxy")) inbuf.data[4] = ATTRNOPROXY; + if (!strcmp(attrib, "dskey")) inbuf.data[4] = ATTRDSKEY; + if (!strcmp(attrib, "nodskey")) inbuf.data[4] = ATTRNODSKEY; + if (!strcmp(attrib, "lock")) inbuf.data[4] = ATTRLOCK; + if (!strcmp(attrib, "unlock")) inbuf.data[4] = ATTRUNLOCK; + if (!strcmp(attrib, "svr")) inbuf.data[4] = ATTRSVR; + if (!strcmp(attrib, "nosvr")) inbuf.data[4] = ATTRNOSVR; + +#ifdef SANDIA + if (!strcmp(attrib, "preauth")) inbuf.data[4] = ATTRPRE; + if (!strcmp(attrib, "nopreauth")) inbuf.data[4] = ATTRNOPRE; + if (!strcmp(attrib, "pwok")) inbuf.data[4] = ATTRPWOK; + if (!strcmp(attrib, "pwchange")) inbuf.data[4] = ATTRPWCHG; + if (!strcmp(attrib, "sid")) inbuf.data[4] = ATTRSID; + if (!strcmp(attrib, "nosid")) inbuf.data[4] = ATTRNOSID; +#endif + if (!strcmp(attrib, "q")){ + free(inbuf.data); + goto alldone; + } + if (inbuf.data[4] == BADATTR) { + fprintf(stderr, "Valid Responses are:\n"); + fprintf(stderr, "post/nopost - Allow/Disallow postdating\n"); + fprintf(stderr, "forward/noforward - Allow/Disallow forwarding\n"); + fprintf(stderr, "tgt/notgt - Allow/Disallow initial tickets\n"); + fprintf(stderr, "ren/noren - Allow/Disallow renewable tickets\n"); + fprintf(stderr, + "proxy/noproxy - Allow/Disallow proxiable tickets\n"); + fprintf(stderr, + "dskey/nodskey - Allow/Disallow Duplicate Session Keys\n"); + fprintf(stderr, "lock/unlock - Lock/Unlock client\n"); + fprintf(stderr, + "svr/nosvr - Allow/Disallow Use of Principal as Server\n"); +#ifdef SANDIA + fprintf(stderr, + "preauth/nopreauth - Require/Do Not Require preauthentication\n"); + fprintf(stderr, + "pwok/pwchange - Password is OK/Needs to be changed\n"); + fprintf(stderr, + "sid/nosid - Require/Do Not Require Hardware Authentication\n"); +#endif + fprintf(stderr, "q - Quit from setting attributes.\n"); + goto repeat3; + } + } + + if (!valid_command) { + free(inbuf.data); + fprintf(stderr, "Invalid command - Try Again\n"); + goto repeat1; + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = MODOPER; + inbuf.data[2] = SENDDATA3; + + if ((retval = krb5_mk_priv(context, auth_context, &inbuf, + &msg_data, &replaydata))) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(context, local_socket, &msg_data)) { + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + return(1); + } + free(msg_data.data); + + /* Ok Now let's get the private message */ + if (retval = krb5_read_message(context, local_socket, &inbuf)){ + fprintf(stderr, "Read Error During Second Reply: %s!\n", + error_message(retval)); + return(1); + } + + if ((retval = krb5_rd_priv(context, auth_context, &inbuf, + &msg_data, &replaydata))) { + fprintf(stderr, "Error during Second Read Decoding :%s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + } /* for */ + +alldone: + if ((inbuf.data = (char *) calloc(1, 80)) == (char *) 0) { + fprintf(stderr, "No memory for command!\n"); + exit(1); + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = KADMGOOD; + inbuf.data[2] = SENDDATA3; + inbuf.length = 3; + + if ((retval = krb5_mk_priv(context, auth_context, &inbuf, + &msg_data, &replaydata))) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(context, local_socket, &msg_data)) { + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + return(1); + } + free(msg_data.data); + + return(0); +} |