diff options
| author | Tom Yu <tlyu@mit.edu> | 2000-02-19 01:57:07 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2000-02-19 01:57:07 +0000 |
| commit | 1360badc25b0ed0b701381f02ef613eb45baa6ad (patch) | |
| tree | fd0a0c928848b8ad72c70f98704fab72eb47e1ae /src/kadmin/cli/kadmin.c | |
| parent | f6aba826e738111a3d2e07cd2fc92cf8b0cf51bd (diff) | |
| download | krb5-1360badc25b0ed0b701381f02ef613eb45baa6ad.tar.gz krb5-1360badc25b0ed0b701381f02ef613eb45baa6ad.tar.xz krb5-1360badc25b0ed0b701381f02ef613eb45baa6ad.zip | |
* keytab.c (add_usage): Update usage message.
(kadmin_keytab_add): Update to deal with explicit keysalt lists.
(add_principal): Update to deal with explicit keysalt lists.
* kadmin.c (kadmin_cpw): Add support for new api.
(kadmin_parse_princ_args): Add support for new api, particularly
-keepold to keep old keys around and -e to explicitly specify
key-salt tuples.
(kadmin_addprinc_usage): Update usage accordingly.
(kadmin_addprinc): Add support for new api.
(kadmin_modprinc): Update to call new parse_princ_args reasonably.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12056 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kadmin/cli/kadmin.c')
| -rw-r--r-- | src/kadmin/cli/kadmin.c | 167 |
1 files changed, 150 insertions, 17 deletions
diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c index 591cda469..23a2e4b93 100644 --- a/src/kadmin/cli/kadmin.c +++ b/src/kadmin/cli/kadmin.c @@ -516,25 +516,74 @@ void kadmin_cpw(argc, argv) static char newpw[1024]; static char prompt1[1024], prompt2[1024]; char *canon; + char *pwarg = NULL; + int n_ks_tuple = 0, keepold = 0, randkey = 0; + krb5_key_salt_tuple *ks_tuple; krb5_principal princ; if (argc < 2) { goto usage; } - - retval = kadmin_parse_name(argv[argc - 1], &princ); + for (argv++, argc--; argc > 1; argc--, argv++) { + if (!strcmp("-pw", *argv)) { + argc--; + if (argc < 1) { + fprintf(stderr, "change_password: missing password arg\n"); + goto usage; + } + pwarg = *++argv; + continue; + } + if (!strcmp("-randkey", *argv)) { + randkey++; + continue; + } + if (!strcmp("-keepold", *argv)) { + keepold++; + continue; + } + if (!strcmp("-e", *argv)) { + argc--; + if (argc < 1) { + fprintf(stderr, + "change_password: missing keysaltlist arg\n"); + goto usage; + } + retval = krb5_string_to_keysalts(*++argv, ", \t", ":.-", 0, + &ks_tuple, &n_ks_tuple); + if (retval) { + com_err("change_password", retval, + "while parsing keysalts %s", *argv); + return; + } + continue; + } + goto usage; + } + retval = kadmin_parse_name(*argv, &princ); if (retval) { com_err("change_password", retval, "while parsing principal name"); + if (ks_tuple != NULL) + free(ks_tuple); return; } retval = krb5_unparse_name(context, princ, &canon); if (retval) { com_err("change_password", retval, "while canonicalizing principal"); krb5_free_principal(context, princ); + if (ks_tuple != NULL) + free(ks_tuple); return; } - if ((argc == 4) && (strlen(argv[1]) == 3) && !strcmp("-pw", argv[1])) { - retval = kadm5_chpass_principal(handle, princ, argv[2]); + if (pwarg != NULL) { + if (keepold || ks_tuple != NULL) { + retval = kadm5_chpass_principal_3(handle, princ, keepold, + n_ks_tuple, ks_tuple, pwarg); + if (ks_tuple != NULL) + free(ks_tuple); + } else { + retval = kadm5_chpass_principal(handle, princ, pwarg); + } krb5_free_principal(context, princ); if (retval) { com_err("change_password", retval, @@ -545,9 +594,16 @@ void kadmin_cpw(argc, argv) printf("Password for \"%s\" changed.\n", canon); free(canon); return; - } else if ((argc == 3) && (strlen(argv[1]) == 8) && - !strcmp("-randkey", argv[1])) { - retval = kadm5_randkey_principal(handle, princ, NULL, NULL); + } else if (randkey) { + if (keepold || ks_tuple != NULL) { + retval = kadm5_randkey_principal_3(handle, princ, keepold, + n_ks_tuple, ks_tuple, + NULL, NULL); + if (ks_tuple != NULL) + free(ks_tuple); + } else { + retval = kadm5_randkey_principal(handle, princ, NULL, NULL); + } krb5_free_principal(context, princ); if (retval) { com_err("change_password", retval, @@ -558,24 +614,34 @@ void kadmin_cpw(argc, argv) printf("Key for \"%s\" randomized.\n", canon); free(canon); return; - } else if (argc == 2) { + } else if (argc == 1) { int i = sizeof (newpw) - 1; sprintf(prompt1, "Enter password for principal \"%.900s\": ", - argv[1]); + *argv); sprintf(prompt2, "Re-enter password for principal \"%.900s\": ", - argv[1]); + *argv); retval = krb5_read_password(context, prompt1, prompt2, newpw, &i); if (retval) { com_err("change_password", retval, "while reading password for \"%s\".", canon); free(canon); + if (ks_tuple != NULL) + free(ks_tuple); krb5_free_principal(context, princ); return; } - retval = kadm5_chpass_principal(handle, princ, newpw); + if (keepold || ks_tuple != NULL) { + retval = kadm5_chpass_principal_3(handle, princ, keepold, + n_ks_tuple, ks_tuple, + newpw); + if (ks_tuple != NULL) + free(ks_tuple); + } else { + retval = kadm5_chpass_principal(handle, princ, newpw); + } krb5_free_principal(context, princ); memset(newpw, 0, sizeof (newpw)); if (retval) { @@ -591,20 +657,27 @@ void kadmin_cpw(argc, argv) free(canon); krb5_free_principal(context, princ); usage: + if (ks_tuple != NULL) + free(ks_tuple); fprintf(stderr, - "usage: change_password [-randkey] [-pw password] " + "usage: change_password [-randkey] [-keepold] " + "[-e keysaltlist] [-pw password] " "principal\n"); return; } } -int kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey, caller) +int kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey, + keepold, ks_tuple, n_ks_tuple, caller) int argc; char *argv[]; kadm5_principal_ent_t oprinc; long *mask; char **pass; int *randkey; + int *keepold; + krb5_key_salt_tuple **ks_tuple; + int *n_ks_tuple; char *caller; { int i, j, attrib_set; @@ -614,6 +687,9 @@ int kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey, caller) *mask = 0; *pass = NULL; + *n_ks_tuple = 0; + *ks_tuple = NULL; + *keepold = 0; time(&now); *randkey = 0; for (i = 1; i < argc - 1; i++) { @@ -722,6 +798,24 @@ int kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey, caller) ++*randkey; continue; } + if (!strcmp("-e", argv[i])) { + if (++i > argc - 2) + return -1; + else { + retval = krb5_string_to_keysalts(argv[i], ", \t", ":.-", 0, + ks_tuple, n_ks_tuple); + if (retval) { + com_err(caller, retval, + "while parsing keysalts %s", argv[i]); + return -1; + } + } + continue; + } + if (!strcmp("-keepold", argv[i])) { + ++*keepold; + continue; + } for (j = 0; j < sizeof (flags) / sizeof (struct pflag); j++) { if (strlen(argv[i]) == flags[j].flaglen + 1 && !strcmp(flags[j].flagname, @@ -762,7 +856,7 @@ void kadmin_addprinc_usage(func) { fprintf(stderr, "usage: %s [options] principal\n", func); fprintf(stderr, "\toptions are:\n"); - fprintf(stderr, "\t\t[-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-randkey] [-pw password]\n\t\t[-maxrenewlife maxrenewlife] [{+|-}attribute]\n"); + fprintf(stderr, "\t\t[-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-randkey] [-pw password]\n\t\t[-maxrenewlife maxrenewlife]\n\t\t[-keepold] [-e keysaltlist]\n\t\t[{+|-}attribute]\n"); fprintf(stderr, "\tattributes are:\n"); fprintf(stderr, "%s%s%s", "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n", @@ -791,6 +885,8 @@ void kadmin_addprinc(argc, argv) kadm5_policy_ent_rec defpol; long mask; int randkey = 0, i; + int keepold, n_ks_tuple; + krb5_key_salt_tuple *ks_tuple; char *pass, *canon; krb5_error_code retval; static char newpw[1024], dummybuf[256]; @@ -807,6 +903,7 @@ void kadmin_addprinc(argc, argv) princ.attributes = 0; if (kadmin_parse_princ_args(argc, argv, &princ, &mask, &pass, &randkey, + &keepold, &ks_tuple, &n_ks_tuple, "add_principal")) { kadmin_addprinc_usage("add_principal"); return; @@ -817,6 +914,8 @@ void kadmin_addprinc(argc, argv) com_err("add_principal", retval, "while canonicalizing principal"); krb5_free_principal(context, princ.principal); + if (ks_tuple != NULL) + free(ks_tuple); return; } @@ -866,22 +965,38 @@ void kadmin_addprinc(argc, argv) pass = newpw; } mask |= KADM5_PRINCIPAL; - retval = kadm5_create_principal(handle, &princ, mask, pass); + if (keepold || ks_tuple != NULL) { + retval = kadm5_create_principal_3(handle, &princ, mask, keepold, + n_ks_tuple, ks_tuple, pass); + } else { + retval = kadm5_create_principal(handle, &princ, mask, pass); + } if (retval) { com_err("add_principal", retval, "while creating \"%s\".", canon); krb5_free_principal(context, princ.principal); free(canon); + if (ks_tuple != NULL) + free(ks_tuple); return; } if (randkey) { /* more special stuff for -randkey */ - retval = kadm5_randkey_principal(handle, princ.principal, - NULL, NULL); + if (keepold || ks_tuple != NULL) { + retval = kadm5_randkey_principal_3(handle, princ.principal, + keepold, + n_ks_tuple, ks_tuple, + NULL, NULL); + } else { + retval = kadm5_randkey_principal(handle, princ.principal, + NULL, NULL); + } if (retval) { com_err("add_principal", retval, "while randomizing key for \"%s\".", canon); krb5_free_principal(context, princ.principal); free(canon); + if (ks_tuple != NULL) + free(ks_tuple); return; } princ.attributes &= ~KRB5_KDB_DISALLOW_ALL_TIX; /* clear notix */ @@ -892,11 +1007,15 @@ void kadmin_addprinc(argc, argv) "while clearing DISALLOW_ALL_TIX for \"%s\".", canon); krb5_free_principal(context, princ.principal); free(canon); + if (ks_tuple != NULL) + free(ks_tuple); return; } } krb5_free_principal(context, princ.principal); printf("Principal \"%s\" created.\n", canon); + if (ks_tuple != NULL) + free(ks_tuple); free(canon); } @@ -910,6 +1029,8 @@ void kadmin_modprinc(argc, argv) krb5_error_code retval; char *pass, *canon; int randkey = 0; + int keepold = 0, n_ks_tuple = 0; + krb5_key_salt_tuple *ks_tuple; if (argc < 2) { kadmin_modprinc_usage("modify_principal"); @@ -945,7 +1066,19 @@ void kadmin_modprinc(argc, argv) retval = kadmin_parse_princ_args(argc, argv, &princ, &mask, &pass, &randkey, + &keepold, &ks_tuple, &n_ks_tuple, "modify_principal"); + if (ks_tuple != NULL) { + free(ks_tuple); + kadmin_modprinc_usage("modify_principal"); + free(canon); + return; + } + if (keepold) { + kadmin_modprinc_usage("modify_principal"); + free(canon); + return; + } if (retval) { kadmin_modprinc_usage("modify_principal"); free(canon); |