Add a kadm5 RPC for purging old keys from the KDB (e.g., from

change_password -keepold), and add a kadmin CLI command for it.

Keeping ticket open because an automated test needs to be added.

Long-term future work includes start/expire dates on keys, or
not-yet-valid flags.

ticket: 1219
status: open
target_version: 1.9

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24442 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 63 insertions, 8 deletions

diff --git a/src/kadmin/cli/kadmin.M b/src/kadmin/cli/kadmin.M
index d6f2df522..7e6db2c61 100644
--- a/src/kadmin/cli/kadmin.M
+++ b/src/kadmin/cli/kadmin.M
@@ -562,8 +562,7 @@ enctype\-salttype pairs.  This will not function against kadmin
 daemons earlier than krb5\-1.2.
 .TP
 \fB\-keepold \fP 
-Keeps the previous kvno's keys around.  There is no
-easy way to delete the old keys, and this flag is usually not
+Keeps the previous kvno's keys around.  This flag is usually not
 necessary except perhaps for TGS keys.  Don't use this flag unless you
 know what you're doing. This option is not supported for the LDAP database.
 .nf
@@ -586,6 +585,18 @@ expired)
 .RE
 .fi
 .TP
+\fBpurgekeys\fP [\fB-keepkvno\fP \fIoldest_kvno_to_keep\fP] \fIprincipal\fP
+purges previously retained old keys (e.g., from
+.B change_password
+.BR -keepold )
+from
+.IR principal .
+If
+.B -keepkvno
+is specified, then only purges keys with kvnos lower than
+.IR oldest_kvno_to_keep .
+.fi
+.TP
 \fBget_principal\fP [\fB-terse\fP] \fIprincipal\fP
 gets the attributes of
 .IR principal .
@@ -922,9 +933,3 @@ OpenVision Kerberos administration program.
 .SH BUGS
 .PP
 Command output needs to be cleaned up.
-
-There is no way to delete a key kept around from a "\-keepold" option
-to a password-changing command, other than to do a password change
-without the "\-keepold" option, which will of course cause problems if
-the key is a TGS key.  There will be more powerful key-manipulation
-commands in the future.
diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c
index ff6eeca6b..bf37bbedb 100644
--- a/src/kadmin/cli/kadmin.c
+++ b/src/kadmin/cli/kadmin.c
@@ -1742,3 +1742,50 @@ kadmin_getprivs(int argc, char *argv[])
     }
     printf("\n");
 }
+
+void
+kadmin_purgekeys(int argc, char *argv[])
+{
+    kadm5_ret_t retval;
+    int keepkvno = -1;
+    char *pname = NULL, *canon = NULL;
+    krb5_principal princ;
+
+    if (argc == 4 && strcmp(argv[1], "-keepkvno") == 0) {
+        keepkvno = atoi(argv[2]);
+        pname = argv[3];
+    }
+    if (argc == 2) {
+        pname = argv[1];
+    }
+    if (pname == NULL) {
+        fprintf(stderr, "usage: purgekeys [-keepkvno oldest_kvno_to_keep] "
+                "principal\n");
+        return;
+    }
+
+    retval = kadmin_parse_name(pname, &princ);
+    if (retval) {
+        com_err("purgekeys", retval, "while parsing principal");
+        return;
+    }
+
+    retval = krb5_unparse_name(context, princ, &canon);
+    if (retval) {
+        com_err("purgekeys", retval, "while canonicalizing principal");
+        goto cleanup;
+    }
+
+    retval = kadm5_purgekeys(handle, princ, keepkvno);
+    if (retval) {
+        com_err("purgekeys", retval,
+                "while purging keys for principal \"%s\"", canon);
+        goto cleanup;
+    }
+
+    printf("Old keys for principal \"%s\" purged.\n", canon);
+cleanup:
+    krb5_free_principal(context, princ);
+    free(canon);
+    return;
+}
diff --git a/src/kadmin/cli/kadmin_ct.ct b/src/kadmin/cli/kadmin_ct.ct
index 05a4efb84..6228f95ad 100644
--- a/src/kadmin/cli/kadmin_ct.ct
+++ b/src/kadmin/cli/kadmin_ct.ct
@@ -74,6 +74,9 @@ request kadmin_lock, "Lock database exclusively (use with extreme caution!)",
 request kadmin_unlock, "Release exclusive database lock",
 	unlock;
 
+request kadmin_purgekeys, "Purge previously retained old keys from a principal",
+	purgekeys;
+
 # list_requests is generic -- unrelated to Kerberos
 request	ss_list_requests, "List available requests.",
 	list_requests, lr, "?";