diff options
| author | Theodore Tso <tytso@mit.edu> | 1992-09-29 14:51:34 +0000 |
|---|---|---|
| committer | Theodore Tso <tytso@mit.edu> | 1992-09-29 14:51:34 +0000 |
| commit | d4e95b17ce5d033759cb529f0cada608982ef5c8 (patch) | |
| tree | 0182c5c657e0df883466a0aa593788829919b39b /src/kadmin/client | |
| parent | d96ae575ff8eef11fe1dfb3bffdede9d31cb5e57 (diff) | |
| download | krb5-d4e95b17ce5d033759cb529f0cada608982ef5c8.tar.gz krb5-d4e95b17ce5d033759cb529f0cada608982ef5c8.tar.xz krb5-d4e95b17ce5d033759cb529f0cada608982ef5c8.zip | |
*** empty log message ***
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2444 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kadmin/client')
| -rw-r--r-- | src/kadmin/client/Imakefile | 45 | ||||
| -rw-r--r-- | src/kadmin/client/kadmin.M | 0 | ||||
| -rw-r--r-- | src/kadmin/client/kadmin.c | 773 | ||||
| -rw-r--r-- | src/kadmin/client/kadmin_add.c | 275 | ||||
| -rw-r--r-- | src/kadmin/client/kadmin_adr.c | 158 | ||||
| -rw-r--r-- | src/kadmin/client/kadmin_cpr.c | 160 | ||||
| -rw-r--r-- | src/kadmin/client/kadmin_cpw.c | 281 | ||||
| -rw-r--r-- | src/kadmin/client/kadmin_del.c | 153 | ||||
| -rw-r--r-- | src/kadmin/client/kadmin_done.c | 93 | ||||
| -rw-r--r-- | src/kadmin/client/kadmin_inq.c | 238 | ||||
| -rw-r--r-- | src/kadmin/client/kadmin_mod.c | 223 | ||||
| -rw-r--r-- | src/kadmin/client/kadmin_msnd.c | 320 |
12 files changed, 2719 insertions, 0 deletions
diff --git a/src/kadmin/client/Imakefile b/src/kadmin/client/Imakefile new file mode 100644 index 000000000..1da031b85 --- /dev/null +++ b/src/kadmin/client/Imakefile @@ -0,0 +1,45 @@ +# $Source$ +# $Author$ +# $Header$ +# +# Copyright 1989 by the Massachusetts Institute of Technology. +# +# For copying and distribution information, +# please see the file <mit-copyright.h>. +# +# Imakefile for Kerberos admin client library. + +SRCS = \ + kadmin.c \ + kadmin_add.c \ + kadmin_adr.c \ + kadmin_cpr.c \ + kadmin_inq.c \ + kadmin_msnd.c \ + kadmin_mod.c \ + kadmin_cpw.c \ + kadmin_del.c \ + kadmin_done.c + +OBJS = \ + kadmin.o \ + kadmin_add.o \ + kadmin_adr.o \ + kadmin_cpr.o \ + kadmin_inq.o \ + kadmin_msnd.o \ + kadmin_mod.o \ + kadmin_cpw.o \ + kadmin_del.o \ + kadmin_done.o + +ErrorTableObjectRule() + +all:: kadmin + +NormalProgramTarget(kadmin,$(OBJS),$(KDBDEPLIB) $(DEPKLIB), $(KLIB) ,) +Krb5InstallClientProgram(kadmin) + +clean:: + +DependTarget() diff --git a/src/kadmin/client/kadmin.M b/src/kadmin/client/kadmin.M new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/src/kadmin/client/kadmin.M diff --git a/src/kadmin/client/kadmin.c b/src/kadmin/client/kadmin.c new file mode 100644 index 000000000..91887d8a8 --- /dev/null +++ b/src/kadmin/client/kadmin.c @@ -0,0 +1,773 @@ +/* + * $Source$ + * $Author$ + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + */ + +/* + * Sandia National Laboratories also makes no representations about the + * suitability of the modifications, or additions to this software for + * any purpose. It is provided "as is" without express or implied warranty. + */ + +#if !defined(lint) && !defined(SABER) +static char rcsid_kadmin[] = + "$Header$"; +#endif /* lint */ + +/* + * kadmin + * Perform Remote Kerberos Administrative Functions + */ + +#include <stdio.h> +#include <ctype.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <netdb.h> +#include <signal.h> +#ifndef __convex__ +#include <strings.h> +#endif +#include <pwd.h> +#include <com_err.h> + +#ifndef MAXPATHLEN +#define MAXPATHLEN 1024 +#endif + +#include <krb5/adm_defs.h> + +#include <krb5/krb5.h> +#include <krb5/ext-proto.h> +#include <krb5/los-proto.h> +#include <krb5/kdb.h> +#include <krb5/kdb_dbm.h> + +krb5_error_code get_first_ticket + PROTOTYPE((krb5_ccache, + krb5_principal)); + +struct sockaddr_in local_sin, remote_sin; + +krb5_creds my_creds; + +void get_def_princ(); + +main(argc,argv) + int argc; + char *argv[]; +{ + extern char *optarg; + + krb5_ccache cache = NULL; + char cache_name[255]; + + krb5_address local_addr, foreign_addr; + + krb5_principal client; + + char *client_name; /* Single string representation of client id */ + + krb5_data *requested_realm; + + krb5_error_code retval; /* return code */ + + int local_socket; + + krb5_error *err_ret; + krb5_ap_rep_enc_part *rep_ret; + + kadmin_requests rd_priv_resp; + + krb5_checksum send_cksum; + krb5_data msg_data, inbuf; + krb5_int32 seqno; + char buffer[255]; + char command_type[120]; + char princ_name[120]; + int i, valid; + int option; + int oper_type; + + krb5_init_ets(); + client_name = (char *) malloc(755); + memset((char *) client_name, 0, sizeof(client_name)); + + if (argc > 3) + usage(); + + if (argc == 1) { /* No User Specified */ + get_def_princ(&client); + strcpy(client_name, client->data[0].data); + strncat(client_name, "/admin@", 7); + strncat(client_name, client->realm.data, client->realm.length); + if (retval = krb5_parse_name(client_name, &client)) { + fprintf(stderr, "Unable to Parse Client Name!\n"); + usage(); + } + } + else { + while ((option = getopt(argc, argv, "n")) != EOF) { + switch (option) { + case 'n': + if (argc == 3) { + strcpy(client_name, argv[2]); + if (retval = krb5_parse_name(client_name, &client)) { + fprintf(stderr, "Unable to Parse Client Name!\n"); + usage(); + } + } + else { + get_def_princ(&client); + if (retval = krb5_unparse_name(client, &client_name)) { + fprintf(stderr, "Unable to unparse Client Name!\n"); + usage(); + } + } + break; + case '?': + default: + usage(); + break; + } + } + + if (client_name[0] == '\0') { /* No -n option specified */ + if (argc > 2) + usage(); + strcpy(client_name, argv[1]); + if (!strncmp("help", client_name, strlen(client_name))) + usage(); + if (!strncmp("root", client_name, strlen(client_name))) { + fprintf(stderr, "root is not a valid Administrator!\n\n"); + usage(); + } + if (retval = krb5_parse_name(client_name, &client)) { + fprintf(stderr, "Error Parsing User Specified Name Option!\n"); + exit(1); + } + } + } /* switch */ + + /* Create credential cache for kadmin */ + (void) sprintf(cache_name, "FILE:/tmp/tkt_adm_%d", getpid()); + + if ((retval = krb5_cc_resolve(cache_name, &cache))) { + fprintf(stderr, "Unable to Resolve Cache: !\n", cache_name); + } + + if ((retval = krb5_cc_initialize(cache, client))) { + fprintf(stderr, "Error initializing cache: %s!\n", cache_name); + exit(1); + } + +/* + * Verify User by Obtaining Initial Credentials prior to Initial Link + */ + + if ((retval = get_first_ticket(cache, client))) { + (void) krb5_cc_destroy(cache); + exit(1); + } + /* my_creds has the necessary credentials for further processing: + Destroy credential cache for security reasons */ + (void) krb5_cc_destroy(cache); + + requested_realm = (krb5_data *) &client->realm; + + + /* Initiate Link to Server */ + if ((retval = adm5_init_link(requested_realm, &local_socket))) { + (void) krb5_cc_destroy(cache); + exit(1); + } + +#ifdef unicos61 +#define SIZEOF_INADDR SIZEOF_in_addr +#else +#define SIZEOF_INADDR sizeof(struct in_addr) +#endif + +/* V4 kpasswd Protocol Hack + * Necessary for ALL kadmind clients + */ + { + int msg_length = 0; + + retval = krb5_net_write(local_socket, (char *) &msg_length + 2, 2); + if (retval < 0) { + fprintf(stderr, "krb5_net_write failure!\n"); + (void) krb5_cc_destroy(cache); + exit(1); + } + } + + local_addr.addrtype = ADDRTYPE_INET; + local_addr.length = SIZEOF_INADDR ; + local_addr.contents = (krb5_octet *) &local_sin.sin_addr; + + foreign_addr.addrtype = ADDRTYPE_INET; + foreign_addr.length = SIZEOF_INADDR ; + foreign_addr.contents = (krb5_octet *) &remote_sin.sin_addr; + + /* compute checksum, using CRC-32 */ + if (!(send_cksum.contents = (krb5_octet *) + malloc(krb5_checksum_size(CKSUMTYPE_CRC32)))) { + fprintf(stderr, "Insufficient Memory while Allocating Checksum!\n"); + (void) krb5_cc_destroy(cache); + exit(1); + } + + /* choose some random stuff to compute checksum from */ + if (retval = krb5_calculate_checksum(CKSUMTYPE_CRC32, + ADM5_ADM_VERSION, + strlen(ADM5_ADM_VERSION), + 0, + 0, /* if length is 0, crc-32 doesn't + use the seed */ + &send_cksum)) { + fprintf(stderr, "Error while Computing Checksum: %s!\n", + error_message(retval)); + free(send_cksum.contents); + (void) krb5_cc_destroy(cache); + exit(1); + } + + /* call Kerberos library routine to obtain an authenticator, + pass it over the socket to the server, and obtain mutual + authentication. */ + + if ((retval = krb5_sendauth((krb5_pointer) &local_socket, + ADM_CPW_VERSION, + my_creds.client, + my_creds.server, + AP_OPTS_MUTUAL_REQUIRED, + &send_cksum, + &my_creds, + 0, + &seqno, + 0, /* don't need a subsession key */ + &err_ret, + &rep_ret))) { + fprintf(stderr, "Error while performing sendauth: %s!\n", + error_message(retval)); + free(send_cksum.contents); + exit(1); + } + + /* Read back what the server has to say ... */ + if (retval = krb5_read_message(&local_socket, &inbuf)){ + fprintf(stderr, " Read Message Error: %s!\n", + error_message(retval)); + free(send_cksum.contents); + exit(1); + } + + if ((inbuf.length != 2) || (inbuf.data[0] != KADMIND) || + (inbuf.data[1] != KADMSAG)){ + fprintf(stderr, " Invalid ack from admin server.!\n"); + free(send_cksum.contents); + exit(1); + } + free(inbuf.data); + + if ((inbuf.data = (char *) calloc(1, 2)) == (char *) 0) { + fprintf(stderr, "No memory for command!\n"); + free(send_cksum.contents); + exit(1); + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = 0xff; + inbuf.length = 2; + + if ((retval = krb5_mk_priv(&inbuf, + ETYPE_DES_CBC_CRC, + &my_creds.keyblock, + &local_addr, + &foreign_addr, + seqno, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data))) { + fprintf(stderr, "Error during First Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + free(send_cksum.contents); + exit(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(&local_socket, &msg_data)){ + fprintf(stderr, "Write Error During First Message Transmission!\n"); + free(send_cksum.contents); + exit(1); + } + free(msg_data.data); + + for ( ; ; ) { + /* Ok Now let's get the private message */ + if (retval = krb5_read_message(&local_socket, &inbuf)){ + fprintf(stderr, "Read Error During First Reply: %s!\n", + error_message(retval)); + free(send_cksum.contents); + exit(1); + } + + if ((retval = krb5_rd_priv(&inbuf, + &my_creds.keyblock, + &foreign_addr, + &local_addr, + rep_ret->seq_number, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data))) { + fprintf(stderr, "Error during First Read Decoding: %s!\n", + error_message(retval)); + free(send_cksum.contents); + exit(1); + } + free(inbuf.data); + + valid = 0; + princ_name[0] = '\0'; +repeat: + printf("\n\nCommand (add, cpw, del, inq, mod, addrnd, cpwrnd, addv4, cpwv4, q): "); + fgets(buffer, sizeof(buffer), stdin); + buffer[strlen(buffer) -1] = '\0'; + sscanf(buffer,"%s %s", command_type, princ_name); + for (i = 0; command_type[i] != '\0'; i++) + if (isupper(command_type[i])) + command_type[i] = tolower(command_type[i]); + + if (!strcmp(command_type, "add")) { + valid++; + oper_type = ADDOPER; + if (retval = kadm_add_user(&my_creds, + rep_ret, + &local_addr, + &foreign_addr, + &local_socket, + &seqno, + oper_type, + princ_name)) break; + } + if (!strcmp(command_type, "cpw")) { + valid++; + oper_type = CHGOPER; + if (retval = kadm_cpw_user(&my_creds, + rep_ret, + &local_addr, + &foreign_addr, + &local_socket, + &seqno, + oper_type, + princ_name)) break; + } + if (!strcmp(command_type, "addrnd")) { + valid++; + if (retval = kadm_add_user_rnd(&my_creds, + rep_ret, + &local_addr, + &foreign_addr, + &local_socket, + &seqno, + princ_name)) break; + } + if (!strcmp(command_type, "cpwrnd")) { + valid++; + if (retval = kadm_cpw_user_rnd(&my_creds, + rep_ret, + &local_addr, + &foreign_addr, + &local_socket, + &seqno, + princ_name)) break; + } + if (!strcmp(command_type, "del")) { + valid++; + if (retval = kadm_del_user(&my_creds, + rep_ret, + &local_addr, + &foreign_addr, + &local_socket, + &seqno, + princ_name)) break; + } + if (!strcmp(command_type, "inq")) { + valid++; + if (retval = kadm_inq_user(&my_creds, + rep_ret, + &local_addr, + &foreign_addr, + &local_socket, + &seqno, + princ_name)) break; + } + if (!strcmp(command_type, "mod")) { + valid++; + if (retval = kadm_mod_user(&my_creds, + rep_ret, + &local_addr, + &foreign_addr, + &local_socket, + &seqno, + princ_name)) break; + } + if (!strcmp(command_type, "addv4")) { + valid++; + oper_type = AD4OPER; + if (retval = kadm_add_user(&my_creds, + rep_ret, + &local_addr, + &foreign_addr, + &local_socket, + &seqno, + oper_type, + princ_name)) break; + } + if (!strcmp(command_type, "cpwv4")) { + valid++; + oper_type = CH4OPER; + if (retval = kadm_cpw_user(&my_creds, + rep_ret, + &local_addr, + &foreign_addr, + &local_socket, + &seqno, + oper_type, + princ_name)) break; + } + if (!strcmp(command_type, "q")) { + valid++; + retval = kadm_done(&my_creds, + rep_ret, + &local_addr, + &foreign_addr, + &local_socket, + &seqno); + break; + } + + if (!valid) { + fprintf(stderr, "Invalid Input - Retry\n"); + goto repeat; + } + } + + if (retval) { + free(send_cksum.contents); + exit(1); + } + + /* Ok Now let's get the final private message */ + if (retval = krb5_read_message(&local_socket, &inbuf)){ + fprintf(stderr, "Read Error During Final Reply: %s!\n", + error_message(retval)); + free(send_cksum.contents); + exit(1); + } + + if ((retval = krb5_rd_priv(&inbuf, + &my_creds.keyblock, + &foreign_addr, + &local_addr, + rep_ret->seq_number, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data))) { + fprintf(stderr, "Error during Final Read Decoding :%s!\n", + error_message(retval)); + free(send_cksum.contents); + free(inbuf.data); + exit(1); + } + free(inbuf.data); + + memcpy(&rd_priv_resp.appl_code, msg_data.data, 1); + memcpy(&rd_priv_resp.oper_code, msg_data.data + 1, 1); + memcpy(&rd_priv_resp.retn_code, msg_data.data + 2, 1); + + free(msg_data.data); + if (!((rd_priv_resp.appl_code == KADMIN) && + (rd_priv_resp.retn_code == KADMGOOD))) { + fprintf(stderr, "Generic Error During kadmin Termination!\n"); + retval = 1; + } else { + fprintf(stderr, "\nHave a Good Day.\n\n"); + } + + free(send_cksum.contents); + + + if (retval) { + fprintf(stderr, "\n\nkadmin terminating - %s.\n\n", + kadmind_kadmin_response[rd_priv_resp.retn_code]); + exit(1); + } + exit(0); +} + +krb5_error_code +get_first_ticket(DECLARG(krb5_ccache, cache), + DECLARG(krb5_principal, client)) +OLDDECLARG(krb5_ccache, cache) +OLDDECLARG(krb5_principal, client) +{ + char prompt[255]; /* for the password prompt */ + + krb5_address **my_addresses; + + char *client_name; + krb5_error_code retval; + char *password; + int pwsize; + + if ((retval = krb5_unparse_name(client, &client_name))) { + fprintf(stderr, "Unable to Unparse Client Name!\n"); + return(1); + } + + if ((retval = krb5_os_localaddr(&my_addresses))) { + fprintf(stderr, "Unable to Get Principals Address!\n"); + return(1); + } + + memset((char *) &my_creds, 0, sizeof(my_creds)); + + my_creds.client = client; + + if ((retval = krb5_build_principal_ext(&my_creds.server, + client->realm.length, + client->realm.data, + strlen(CPWNAME), + CPWNAME, /* kadmin */ + client->realm.length, + client->realm.data, + /* instance is <realm> */ + 0))) { + fprintf(stderr, "Error %s while building client name!\n"); + krb5_free_addresses(my_addresses); + return(1); + } + + (void) sprintf(prompt,"Password for %s: ", (char *) client_name); + + if ((password = (char *) calloc (1, 255)) == NULL) { + fprintf(stderr, "No Memory for Retrieving Admin Password!\n"); + return(1); + } + + pwsize = 255; + if ((retval = krb5_read_password( + prompt, + 0, + password, + &pwsize) || pwsize == 0)) { + fprintf(stderr, "Error while reading password for '%s'!\n", + client_name); + free(password); + krb5_free_addresses(my_addresses); + return(1); + } + + /* Build Request for Initial Credentials */ + if ((retval = krb5_get_in_tkt_with_password( + 0, /* options */ + my_addresses, + KRB5_PADATA_ENC_RANDOM, /* do random preauth */ + ETYPE_DES_CBC_CRC, /* etype */ + KEYTYPE_DES, + password, + cache, + &my_creds, + 0 ))) { + fprintf(stderr, "\nUnable to Get Initial Credentials : %s!\n", + error_message(retval)); + (void) memset(password, 0, pwsize); + free(password); + krb5_free_addresses(my_addresses); + return(1); + } + + /* Do NOT Forget to zap password */ + memset((char *) password, 0, pwsize); + free(password); + krb5_free_addresses(my_addresses); + return(0); +} + +krb5_error_code +adm5_init_link( realm_of_server, local_socket) +krb5_data *realm_of_server; +int * local_socket; + +{ + struct servent *service_process; /* service we will talk to */ + struct hostent *remote_host; /* host we will talk to */ + char **hostlist; + int namelen; + int i; + + krb5_error_code retval; + + /* clear out the structure first */ + (void) memset((char *)&remote_sin, 0, sizeof(remote_sin)); + + if ((service_process = getservbyname(CPW_SNAME, "tcp")) == NULL) { + fprintf(stderr, "Unable to find Service (%s) Check services file!\n", + CPW_SNAME); + return(1); + } + + /* Copy the Port Number */ + remote_sin.sin_port = service_process->s_port; + + hostlist = 0; + + /* Identify all Hosts Associated with this Realm */ + if ((retval = krb5_get_krbhst (realm_of_server, &hostlist))) { + fprintf(stderr, "krb5_get_krbhst: Unable to Determine Server Name!\n"); + return(retval); + } + + if (hostlist[0] == 0) { + fprintf(stderr, "No hosts found!\n"); + return KRB5_REALM_UNKNOWN; + } + + for (i=0; hostlist[i]; i++) { + remote_host = gethostbyname(hostlist[i]); + if (remote_host != 0) { + + /* set up the address of the foreign socket for connect() */ + remote_sin.sin_family = remote_host->h_addrtype; + (void) memcpy((char *) &remote_sin.sin_addr, + (char *) remote_host->h_addr, + sizeof(remote_host->h_addr)); + break; /* Only Need one */ + } + } + + krb5_free_krbhst(hostlist); + + /* open a TCP socket */ + *local_socket = socket(PF_INET, SOCK_STREAM, 0); + if (*local_socket < 0) { + retval = errno; + fprintf(stderr, "Cannot Open Socket!\n"); + return retval; + } + /* connect to the server */ + if (connect(*local_socket, &remote_sin, sizeof(remote_sin)) < 0) { + retval = errno; + fprintf(stderr, "Cannot Connect to Socket!\n"); + close(*local_socket); + return retval; + } + + /* find out who I am, now that we are connected and therefore bound */ + namelen = sizeof(local_sin); + if (getsockname(*local_socket, + (struct sockaddr *) &local_sin, &namelen) < 0) { + retval = errno; + fprintf(stderr, "Cannot Perform getsockname!\n"); + close(*local_socket); + return retval; + } + return 0; +} + +void +get_def_princ(client) + krb5_principal *client; +{ + krb5_ccache cache = NULL; + struct passwd *pw; + int retval; + char client_name[755]; + krb5_flags cc_flags; + + /* Identify Default Credentials Cache */ + if (retval = krb5_cc_default(&cache)) { + fprintf(stderr, "Error while getting default ccache!\n"); + exit(1); + } + + /* + * Attempt to Modify Credentials Cache + * retval == 0 ==> ccache Exists - Use It + * retval == ENOENT ==> No Entries, but ccache Exists + * retval != 0 ==> Assume ccache does NOT Exist + */ + cc_flags = 0; + if (retval = krb5_cc_set_flags(cache, cc_flags)) { + /* Search passwd file for client */ + pw = getpwuid((int) getuid()); + if (pw) { + (void) strcpy(client_name, pw->pw_name); + if (!strncmp("root", client_name, strlen(client_name))) { + fprintf(stderr, + "root is not a valid Adimnistrator\n!\n"); + usage(); + } + } else { + fprintf(stderr, + "Unable to Identify Principal from Password File!\n"); + retval = 1; + usage(); + } + + /* Use this to get default_realm and format client_name */ + if ((retval = krb5_parse_name(client_name, client))) { + fprintf(stderr, "Unable to Parse Client Name!\n"); + usage(); + } + } else { + /* Read Client from Cache */ + if (retval = krb5_cc_get_principal(cache, client)) { + fprintf(stderr, + "Unable to Read Principal Credentials File!\n"); + exit(1); + } + + if (!strncmp("root", (*client)->data[0].data, + (*client)->data[0].length)) { + fprintf(stderr, "root is not a valid Administrator\n!\n"); + usage(); + } + + (void) krb5_cc_close(cache); + } +} + +usage() +{ + fprintf(stderr, "Usage: "); + fprintf(stderr, "kadmin [-n] [Administrator name]\n\n"); + fprintf(stderr, " If an Administrator name is not supplied, kadmin "); + fprintf(stderr, "will first\n attempt to locate the name from "); + fprintf(stderr, "the default ticket file, then\n by using the "); + fprintf(stderr, "username from the 'passwd' file.\n\n"); + fprintf(stderr, " For Cross Realm Obtain a ticket for 'Administrator "); + fprintf(stderr, "name' in the\n Destination realm or "); + fprintf(stderr, "specify the Destination Realm\n as part of the "); + fprintf(stderr, "Administrator name option.\n\n"); + fprintf(stderr, " Note: If the Administrator Name is not "); + fprintf(stderr, "supplied, then the \n"); + fprintf(stderr, " '/admin' instance will be appended to the "); + fprintf(stderr, "default name unless\n"); + fprintf(stderr, " the -n option is used.\n\n"); + exit(0); +} diff --git a/src/kadmin/client/kadmin_add.c b/src/kadmin/client/kadmin_add.c new file mode 100644 index 000000000..425e26ff4 --- /dev/null +++ b/src/kadmin/client/kadmin_add.c @@ -0,0 +1,275 @@ +/* + * $Source$ + * $Author$ + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + */ + +/* + * Sandia National Laboratories also makes no representations about the + * suitability of the modifications, or additions to this software for + * any purpose. It is provided "as is" without express or implied warranty. + */ + +#if !defined(lint) && !defined(SABER) +static char rcsid_kadmin_add[] = + "$Header$"; +#endif /* lint */ + +/* + * kadmin_add + * Perform Remote Kerberos Administrative Functions + */ + +#include <stdio.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <netdb.h> +#ifndef __convex__ +#include <strings.h> +#endif +#include <com_err.h> + +#include <sys/param.h> + +#include <krb5/adm_defs.h> + +#include <krb5/krb5.h> +#include <krb5/ext-proto.h> +#include <krb5/los-proto.h> +#include <krb5/kdb.h> +#include <krb5/kdb_dbm.h> + +krb5_error_code + kadm_add_user(my_creds, rep_ret, local_addr, foreign_addr, + local_socket, seqno, oper_type, principal) +krb5_creds *my_creds; +krb5_ap_rep_enc_part *rep_ret; +krb5_address *local_addr, *foreign_addr; +int *local_socket; +krb5_int32 *seqno; +int oper_type; +char *principal; +{ + krb5_data msg_data, inbuf; + kadmin_requests rd_priv_resp; + char username[255]; + char *password; + int pwsize; + int count; + krb5_error_code retval; /* return code */ + + if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) { + fprintf(stderr, "No memory for command!\n"); + return(1); + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = oper_type; + inbuf.data[2] = SENDDATA2; + + if (principal && principal[0] != '\0') + strcpy(username, principal); + else { + count = 0; + do { + fprintf(stdout, "\nName of Principal to be Added: "); + fgets(username, sizeof(username), stdin); + if (username[0] == '\n') + fprintf(stderr, "Invalid Principal name!\n"); + count++; + } while (username[0] == '\n' && count < 3); + } + + if (username[0] == '\n') { + fprintf(stderr, "Aborting!!\n\n"); + return(1); + } + + username[strlen(username) -1] = '\0'; + + (void) memcpy( inbuf.data + 3, username, strlen(username)); + inbuf.length = strlen(username) + 3; + + if ((retval = krb5_mk_priv(&inbuf, + ETYPE_DES_CBC_CRC, + &my_creds->keyblock, + local_addr, + foreign_addr, + *seqno, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data))) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(local_socket, &msg_data)){ + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + return(1); + } + + free(msg_data.data); + + if (retval = krb5_read_message(local_socket, &inbuf)){ + fprintf(stderr, "Read Error During Second Reply: %s!\n", + error_message(retval)); + return(1); + } + + if (retval = krb5_rd_priv(&inbuf, + &my_creds->keyblock, + foreign_addr, + local_addr, + rep_ret->seq_number, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data)) { + fprintf(stderr, "Error during Second Read Decoding :%s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + if (msg_data.data[2] == KADMBAD) { + fprintf(stderr, "Principal Already Exists!\n\n"); + return(0); + } + +#ifdef MACH_PASS + pwsize = msg_data.length; + if ((password = (char *) calloc (1, pwsize)) == (char *) 0) { + fprintf(stderr, "No Memory for allocation of password!\n"); + retval = 1; + free(msg_data.data); + return(1); + } + + memcpy(password, msg_data.data, pwsize); + memset(msg_data.data, 0, pwsize); + password[pwsize] = '\0'; + fprintf(stdout, "\nPassword for \"%s\" is \"%s\"\n", username, password); + memset(password, 0, pwsize); + free(password); + fprintf(stdout, "\nThis password can only be used to execute kpasswd\n\n"); + + free(msg_data.data); + + if ((inbuf.data = (char *) calloc(1, 2)) == (char *) 0) { + fprintf(stderr, "No memory for command!\n"); + return(1); + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = KADMGOOD; + inbuf.length = 2; + +#else + + if ((password = (char *) calloc (1, ADM_MAX_PW_LENGTH+1)) == (char *) 0) { + fprintf(stderr, "No Memory for allocation of password!\n"); + return(1); + } + + pwsize = ADM_MAX_PW_LENGTH+1; + + putchar('\n'); + if (retval = krb5_read_password( + DEFAULT_PWD_STRING1, + DEFAULT_PWD_STRING2, + password, + &pwsize)) { + fprintf(stderr, "Error while reading new password for %s: %s!\n", + username, error_message(retval)); + (void) memset((char *) password, 0, ADM_MAX_PW_LENGTH+1); + free(password); + return(1); + } + + if ((inbuf.data = (char *) calloc(1, strlen(password) + 1)) == (char *) 0) { + fprintf(stderr, "No Memory for allocation of buffer!\n"); + (void) memset((char *) password, 0, ADM_MAX_PW_LENGTH+1); + free(password); + return(1); + } + + inbuf.length = strlen(password); + (void) memcpy(inbuf.data, password, strlen(password)); + free(password); + +#endif /* MACH_PASS */ + + if ((retval = krb5_mk_priv(&inbuf, + ETYPE_DES_CBC_CRC, + &my_creds->keyblock, + local_addr, + foreign_addr, + *seqno, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data))) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(local_socket, &msg_data)){ + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + return(1); + } + free(msg_data.data); + + /* Ok Now let's get the final private message */ + if (retval = krb5_read_message(local_socket, &inbuf)){ + fprintf(stderr, "Read Error During Final Reply: %s!\n", + error_message(retval)); + retval = 1; + } + + if ((retval = krb5_rd_priv(&inbuf, + &my_creds->keyblock, + foreign_addr, + local_addr, + rep_ret->seq_number, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data))) { + fprintf(stderr, "Error during Final Read Decoding :%s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + memcpy(&rd_priv_resp.appl_code, msg_data.data, 1); + memcpy(&rd_priv_resp.oper_code, msg_data.data + 1, 1); + memcpy(&rd_priv_resp.retn_code, msg_data.data + 2, 1); + + free(msg_data.data); + + if (!((rd_priv_resp.appl_code == KADMIN) && + (rd_priv_resp.retn_code == KADMGOOD))) { + fprintf(stderr, "Generic Error During kadmin Addition!\n"); + retval = 1; + } else { + fprintf(stderr, "\nDatabase Addition Successful.\n"); + } + return(retval); +} diff --git a/src/kadmin/client/kadmin_adr.c b/src/kadmin/client/kadmin_adr.c new file mode 100644 index 000000000..e52e80acd --- /dev/null +++ b/src/kadmin/client/kadmin_adr.c @@ -0,0 +1,158 @@ +/* + * $Source$ + * $Author$ + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + */ + +/* + * Sandia National Laboratories also makes no representations about the + * suitability of the modifications, or additions to this software for + * any purpose. It is provided "as is" without express or implied warranty. + */ + +#if !defined(lint) && !defined(SABER) +static char rcsid_kadmin_adr[] = + "$Header$"; +#endif /* lint */ + +/* + * kadmin_adr + * Perform Remote Kerberos Administrative Functions + */ + +#include <stdio.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <netdb.h> +#ifndef __convex__ +#include <strings.h> +#endif +#include <com_err.h> + +#include <sys/param.h> + +#include <krb5/adm_defs.h> + +#include <krb5/krb5.h> +#include <krb5/ext-proto.h> +#include <krb5/los-proto.h> +#include <krb5/kdb.h> +#include <krb5/kdb_dbm.h> + +krb5_error_code + kadm_add_user_rnd(my_creds, rep_ret, local_addr, foreign_addr, + local_socket, seqno, principal) +krb5_creds *my_creds; +krb5_ap_rep_enc_part *rep_ret; +krb5_address *local_addr, *foreign_addr; +int *local_socket; +krb5_int32 *seqno; +char *principal; +{ + krb5_data msg_data, inbuf; + kadmin_requests rd_priv_resp; + char username[755]; + int count; + krb5_error_code retval; /* return code */ + + if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) { + fprintf(stderr, "No memory for command!\n"); + return(1); + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = ADROPER; + inbuf.data[2] = SENDDATA2; + + if (principal && principal[0] != '\0') + strcpy(username, principal); + else { + count = 0; + do { + fprintf(stdout, "\nName of Principal to be Added: "); + fgets(username, sizeof(username), stdin); + if (username[0] == '\n') + fprintf(stderr, "Invalid Principal name!\n"); + count++; + } + while (username[0] == '\n' && count < 3); + + if (username[0] == '\n') { + fprintf(stderr, "Aborting!!\n\n"); + return(1); + } + username[strlen(username) -1] = '\0'; + } + + + (void) memcpy( inbuf.data + 3, username, strlen(username)); + inbuf.length = strlen(username) + 3; + + if ((retval = krb5_mk_priv(&inbuf, + ETYPE_DES_CBC_CRC, + &my_creds->keyblock, + local_addr, + foreign_addr, + *seqno, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data))) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(local_socket, &msg_data)){ + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + return(1); + } + + free(msg_data.data); + + /* Ok Now let's get the final private message */ + if (retval = krb5_read_message(local_socket, &inbuf)){ + fprintf(stderr, "Read Error During Final Reply: %s!\n", + error_message(retval)); + retval = 1; + } + + if ((retval = krb5_rd_priv(&inbuf, + &my_creds->keyblock, + foreign_addr, + local_addr, + rep_ret->seq_number, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data))) { + fprintf(stderr, "Error during Final Read Decoding :%s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + memcpy(&rd_priv_resp.appl_code, msg_data.data, 1); + memcpy(&rd_priv_resp.oper_code, msg_data.data + 1, 1); + memcpy(&rd_priv_resp.retn_code, msg_data.data + 2, 1); + + free(msg_data.data); + + if (!((rd_priv_resp.appl_code == KADMIN) && + (rd_priv_resp.retn_code == KADMGOOD))) + fprintf(stderr, "Principal already exists!\n"); + else + fprintf(stderr, "\nDatabase Addition Successful.\n"); + + return(retval); +} diff --git a/src/kadmin/client/kadmin_cpr.c b/src/kadmin/client/kadmin_cpr.c new file mode 100644 index 000000000..41f53eb87 --- /dev/null +++ b/src/kadmin/client/kadmin_cpr.c @@ -0,0 +1,160 @@ +/* + * $Source$ + * $Author$ + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + */ + +/* + * Sandia National Laboratories also makes no representations about the + * suitability of the modifications, or additions to this software for + * any purpose. It is provided "as is" without express or implied warranty. + */ + +#if !defined(lint) && !defined(SABER) +static char rcsid_kadmin_cpr[] = + "$Header$"; +#endif /* lint */ + +/* + * kadmin_cpr + * Perform Remote Kerberos Administrative Functions + */ + +#include <stdio.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <netdb.h> +#include <signal.h> +#ifndef __convex__ +#include <strings.h> +#endif +#include <com_err.h> + +#include <sys/param.h> + +#include <krb5/adm_defs.h> + +#include <krb5/krb5.h> +#include <krb5/ext-proto.h> +#include <krb5/los-proto.h> +#include <krb5/kdb.h> +#include <krb5/kdb_dbm.h> + +krb5_error_code +kadm_cpw_user_rnd(my_creds, rep_ret, local_addr, foreign_addr, + local_socket, seqno, principal) +krb5_creds *my_creds; +krb5_ap_rep_enc_part *rep_ret; +krb5_address *local_addr, *foreign_addr; +int *local_socket; +krb5_int32 *seqno; +char *principal; +{ + krb5_data msg_data, inbuf; + kadmin_requests rd_priv_resp; + char username[755]; + int count; + krb5_error_code retval; /* return code */ + + if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) { fprintf(stderr, "No memory for command!\n"); + exit(1); + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = CHROPER; + inbuf.data[2] = SENDDATA2; + + if (principal && principal[0] != '\0') + strcpy(username, principal); + else { + count = 0; + do { + fprintf(stdout, + "\nName of Principal Whose Password is to Change: "); + fgets(username, sizeof(username), stdin); + if (username[0] == '\n') + fprintf(stderr, "Invalid Principal name!\n"); + count++; + } + while (username[0] == '\n' && count < 3); + + if (username[0] == '\n') { + fprintf(stderr, "Aborting!!\n\n"); + return(1); + } + username[strlen(username) -1] = '\0'; + } + + (void) memcpy( inbuf.data + 3, username, strlen(username)); + inbuf.length = strlen(username) + 3; + + /* Transmit Principal Name */ + if ((retval = krb5_mk_priv(&inbuf, + ETYPE_DES_CBC_CRC, + &my_creds->keyblock, + local_addr, + foreign_addr, + *seqno, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data))) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(local_socket, &msg_data)){ + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + return(1); + } + free(msg_data.data); + + /* Ok Now let's get the final private message */ + if (retval = krb5_read_message(local_socket, &inbuf)){ + fprintf(stderr, "Read Error During Final Reply: %s!\n", + error_message(retval)); + retval = 1; + } + + if ((retval = krb5_rd_priv(&inbuf, + &my_creds->keyblock, + foreign_addr, + local_addr, + rep_ret->seq_number, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data))) { + fprintf(stderr, "Error during Final Read Decoding :%s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + memcpy(&rd_priv_resp.appl_code, msg_data.data, 1); + memcpy(&rd_priv_resp.oper_code, msg_data.data + 1, 1); + memcpy(&rd_priv_resp.retn_code, msg_data.data + 2, 1); + + free(msg_data.data); + + if (!((rd_priv_resp.appl_code == KADMIN) && + (rd_priv_resp.retn_code == KADMGOOD))) + fprintf(stderr, "Principal does NOT exist!\n"); + else + fprintf(stderr, "\nPassword Modification Successful.\n"); + + return(0); +} + + diff --git a/src/kadmin/client/kadmin_cpw.c b/src/kadmin/client/kadmin_cpw.c new file mode 100644 index 000000000..697e1bde0 --- /dev/null +++ b/src/kadmin/client/kadmin_cpw.c @@ -0,0 +1,281 @@ +/* + * $Source$ + * $Author$ + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + */ + +/* + * Sandia National Laboratories also makes no representations about the + * suitability of the modifications, or additions to this software for + * any purpose. It is provided "as is" without express or implied warranty. + */ + +#if !defined(lint) && !defined(SABER) +static char rcsid_kadmin_cpw[] = + "$Header$"; +#endif /* lint */ + +/* + * kadmin_cpw + * Perform Remote Kerberos Administrative Functions + */ + +#include <stdio.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <netdb.h> +#include <signal.h> +#ifndef __convex__ +#include <strings.h> +#endif +#include <com_err.h> + +#include <sys/param.h> + +#include <krb5/adm_defs.h> + +#include <krb5/krb5.h> +#include <krb5/ext-proto.h> +#include <krb5/los-proto.h> +#include <krb5/kdb.h> +#include <krb5/kdb_dbm.h> + +krb5_error_code +kadm_cpw_user(my_creds, rep_ret, local_addr, foreign_addr, + local_socket, seqno, oper_type, principal) +krb5_creds *my_creds; +krb5_ap_rep_enc_part *rep_ret; +krb5_address *local_addr, *foreign_addr; +int *local_socket; +krb5_int32 *seqno; +int oper_type; +char *principal; +{ + krb5_data msg_data, inbuf; + kadmin_requests rd_priv_resp; + char username[255]; + char *password; + int pwsize; + int count; + krb5_error_code retval; /* return code */ + + if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) { fprintf(stderr, "No memory for command!\n"); + exit(1); + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = oper_type; + inbuf.data[2] = SENDDATA2; + + if (principal && principal[0] != '\0') + strcpy(username, principal); + else { + count = 0; + do { + fprintf(stdout, + "\nName of Principal Whose Password is to Change: "); + fgets(username, sizeof(username), stdin); + if (username[0] == '\n') + fprintf(stderr, "Invalid Principal name!\n"); + count++; + } + while (username[0] == '\n' && count < 3); + + if (username[0] == '\n') { + fprintf(stderr, "Aborting!!\n\n"); + return(1); + } + + username[strlen(username) -1] = '\0'; + } + + (void) memcpy( inbuf.data + 3, username, strlen(username)); + inbuf.length = strlen(username) + 3; + + /* Transmit Principal Name */ + if ((retval = krb5_mk_priv(&inbuf, + ETYPE_DES_CBC_CRC, + &my_creds->keyblock, + local_addr, + foreign_addr, + *seqno, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data))) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(local_socket, &msg_data)){ + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + return(1); + } + free(msg_data.data); + + if (retval = krb5_read_message(local_socket, &inbuf)){ + fprintf(stderr, "Read Error During Second Reply: %s!\n", + error_message(retval)); + return(1); + } + + if ((retval = krb5_rd_priv(&inbuf, + &my_creds->keyblock, + foreign_addr, + local_addr, + rep_ret->seq_number, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data))) { + fprintf(stderr, "Error during Second Read Decoding :%s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + if (msg_data.data[2] == KADMBAD) { + fprintf(stderr, "Principal Does NOT Exist!\n\n"); + return(0); + } + + if ((oper_type == CHGOPER && msg_data.data[3] == KRB5_KDB_SALTTYPE_V4) || + (oper_type == CH4OPER && msg_data.data[3] == KRB5_KDB_SALTTYPE_NORMAL)) + fprintf(stderr, "WARNING: Changing Principal Salt type to %s!\n", + (msg_data.data[3] == KRB5_KDB_SALTTYPE_V4) ? + "Version 5 Normal" : "Version 4"); + +#ifdef MACH_PASS /* Machine-generated passwords */ + pwsize = msg_data.length; + if ((password = (char *) calloc (1, pwsize)) == (char *) 0) { + fprintf(stderr, "No Memory for allocation of password!\n"); + return(1); + } + + memcpy(password, msg_data.data, pwsize); + memset(msg_data.data, 0, pwsize); + free(msg_data.data); + password[pwsize] = '\0'; + fprintf(stdout, "\nPassword for \"%s\" is \"%s\"\n", username, password); + memset(password, 0, pwsize); + free(password); + fprintf(stdout, "\nThis password can only be used to execute kpasswd\n\n"); + + if ((inbuf.data = (char *) calloc(1, 2)) == (char *) 0) { + fprintf(stderr, "No memory for command!\n"); + return(1); + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = KADMGOOD; + inbuf.length = 2; + +#else + + if ((password = (char *) calloc (1, ADM_MAX_PW_LENGTH+1)) == (char *) 0) { + fprintf(stderr, "No Memory for allocation of password!\n"); + return(1); + } + + pwsize = ADM_MAX_PW_LENGTH+1; + + putchar('\n'); + if ((retval = krb5_read_password( + DEFAULT_PWD_STRING1, + DEFAULT_PWD_STRING2, + password, + &pwsize))) { + fprintf(stderr, "Error while reading new password for %s: %s!\n", + username, error_message(retval)); + (void) memset((char *) password, 0, ADM_MAX_PW_LENGTH+1); + free(password); + return(1); + } + + if ((inbuf.data = (char *) calloc (1, strlen(password) + 1)) == + (char *) 0) { + fprintf(stderr, "No Memory for allocation of buffer!\n"); + (void) memset((char *) password, 0, ADM_MAX_PW_LENGTH+1); + free(password); + return(1); /* No Memory */ + } + + inbuf.length = strlen(password); + (void) memcpy(inbuf.data, password, strlen(password)); + free(password); + +#endif /* MACH_PASS */ + + if ((retval = krb5_mk_priv(&inbuf, + ETYPE_DES_CBC_CRC, + &my_creds->keyblock, + local_addr, + foreign_addr, + *seqno, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data))) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(local_socket, &msg_data)){ + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + return(1); + } + free(msg_data.data); + + /* Ok Now let's get the final private message */ + if (retval = krb5_read_message(local_socket, &inbuf)){ + fprintf(stderr, "Read Error During Final Reply: %s!\n", + error_message(retval)); + retval = 1; + } + + if ((retval = krb5_rd_priv(&inbuf, + &my_creds->keyblock, + foreign_addr, + local_addr, + rep_ret->seq_number, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data))) { + fprintf(stderr, "Error during Final Read Decoding :%s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + memcpy(&rd_priv_resp.appl_code, msg_data.data, 1); + memcpy(&rd_priv_resp.oper_code, msg_data.data + 1, 1); + memcpy(&rd_priv_resp.retn_code, msg_data.data + 2, 1); + + free(msg_data.data); + + if (!((rd_priv_resp.appl_code == KADMIN) && + (rd_priv_resp.retn_code == KADMGOOD))) { + fprintf(stderr, "Generic Error During kadmin Password Modification!\n"); + return(1); + } else { + fprintf(stderr, "\nPassword Modification Successful.\n"); + } + return(0); +} diff --git a/src/kadmin/client/kadmin_del.c b/src/kadmin/client/kadmin_del.c new file mode 100644 index 000000000..c76aa1e0b --- /dev/null +++ b/src/kadmin/client/kadmin_del.c @@ -0,0 +1,153 @@ +/* + * $Source$ + * $Author$ + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + */ + +/* + * Sandia National Laboratories also makes no representations about the + * suitability of the modifications, or additions to this software for + * any purpose. It is provided "as is" without express or implied warranty. + */ + +#if !defined(lint) && !defined(SABER) +static char rcsid_kadmin_del[] = + "$Header$"; +#endif /* lint */ + +/* + * kadmin_del + * Perform Remote Kerberos Administrative Functions + */ + +#include <stdio.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <netdb.h> +#ifndef __convex__ +#include <strings.h> +#endif +#include <com_err.h> + +#include <krb5/adm_defs.h> + +#include <krb5/krb5.h> +#include <krb5/ext-proto.h> +#include <krb5/los-proto.h> +#include <krb5/kdb.h> +#include <krb5/kdb_dbm.h> + +krb5_error_code +kadm_del_user(my_creds, rep_ret, local_addr, foreign_addr, + local_socket, seqno, principal) +krb5_creds *my_creds; +krb5_ap_rep_enc_part *rep_ret; +krb5_address *local_addr, *foreign_addr; +int *local_socket; +krb5_int32 *seqno; +char *principal; +{ + krb5_data msg_data, inbuf; + kadmin_requests rd_priv_resp; + char username[755]; + int count; + krb5_error_code retval; /* return code */ + + if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) { + fprintf(stderr, "No memory for command!\n"); + return(1); + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = DELOPER; + inbuf.data[2] = SENDDATA2; + + if (principal && principal[0] != '\0') + strcpy(username, principal); + else { + count = 0; + do { + fprintf(stdout, "\nName of Principal to be Deleted: "); + fgets(username, sizeof(username), stdin); + if (username[0] == '\n') + fprintf(stderr, "Invalid Principal name!\n"); + count++; + } + while (username[0] == '\n' && count < 3); + + if (username[0] == '\n') { + fprintf(stderr, "Aborting!!\n\n"); + return(1); + } + + username[strlen(username) -1] = '\0'; + } + + (void) memcpy( inbuf.data + 3, username, strlen(username)); + inbuf.length = strlen(username) + 3; + + if ((retval = krb5_mk_priv(&inbuf, + ETYPE_DES_CBC_CRC, + &my_creds->keyblock, + local_addr, + foreign_addr, + *seqno, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data))) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(local_socket, &msg_data)){ + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + return(1); + } + free(msg_data.data); + + /* Ok Now let's get the final private message */ + if (retval = krb5_read_message(local_socket, &inbuf)){ + fprintf(stderr, "Read Error During Final Reply: %s!\n", + error_message(retval)); + return(1); + } + + if ((retval = krb5_rd_priv(&inbuf, + &my_creds->keyblock, + foreign_addr, + local_addr, + rep_ret->seq_number, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data))) { + fprintf(stderr, "Error during Second Decoding :%s!\n", + error_message(retval)); + return(1); + } + + memcpy(&rd_priv_resp.appl_code, msg_data.data, 1); + memcpy(&rd_priv_resp.oper_code, msg_data.data + 1, 1); + memcpy(&rd_priv_resp.retn_code, msg_data.data + 2, 1); + + free(inbuf.data); + free(msg_data.data); + if (!((rd_priv_resp.appl_code == KADMIN) && + (rd_priv_resp.retn_code == KADMGOOD))) + fprintf(stderr, "Principal Does NOT Exist!\n"); + else + fprintf(stderr, "\nDatabase Deletion Successful.\n"); + + return(0); +} diff --git a/src/kadmin/client/kadmin_done.c b/src/kadmin/client/kadmin_done.c new file mode 100644 index 000000000..7ae8d579f --- /dev/null +++ b/src/kadmin/client/kadmin_done.c @@ -0,0 +1,93 @@ +/* + * $Source$ + * $Author$ + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + */ + +/* + * Sandia National Laboratories also makes no representations about the + * suitability of the modifications, or additions to this software for + * any purpose. It is provided "as is" without express or implied warranty. + */ + +#if !defined(lint) && !defined(SABER) +static char rcsid_kadmin_done[] = + "$Header$"; +#endif /* lint */ + +/* + * kadmin_done + * Perform Remote Kerberos Administrative Functions + */ + +#include <stdio.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <netdb.h> +#ifndef __convex__ +#include <strings.h> +#endif +#include <com_err.h> + +#include <krb5/adm_defs.h> + +#include <krb5/krb5.h> +#include <krb5/ext-proto.h> +#include <krb5/los-proto.h> +#include <krb5/kdb.h> +#include <krb5/kdb_dbm.h> + +krb5_error_code +kadm_done(my_creds, rep_ret, local_addr, foreign_addr, local_socket, seqno) +krb5_creds *my_creds; +krb5_ap_rep_enc_part *rep_ret; +krb5_address *local_addr, *foreign_addr; +int *local_socket; +krb5_int32 *seqno; +{ + krb5_data msg_data, inbuf; + krb5_error_code retval; /* return code */ + + /* XXX 755 was sizeof( char username[755]) */ + if ((inbuf.data = (char *) calloc(1, 8 + 755)) == (char *) 0) { + fprintf(stderr, "No memory for command!\n"); + exit(1); + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = COMPLETE; + inbuf.data[2] = SENDDATA2; + inbuf.data[3] = 0xff; + (void) memset( inbuf.data + 4, 0, 4); + inbuf.length = 16; + + if ((retval = krb5_mk_priv(&inbuf, + ETYPE_DES_CBC_CRC, + &my_creds->keyblock, + local_addr, + foreign_addr, + *seqno, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data))) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(local_socket, &msg_data)){ + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + return(1); + } + free(msg_data.data); + return(0); +} diff --git a/src/kadmin/client/kadmin_inq.c b/src/kadmin/client/kadmin_inq.c new file mode 100644 index 000000000..0b7b04289 --- /dev/null +++ b/src/kadmin/client/kadmin_inq.c @@ -0,0 +1,238 @@ +/* + * $Source$ + * $Author$ + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + */ + +/* + * Sandia National Laboratories also makes no representations about the + * suitability of the modifications, or additions to this software for + * any purpose. It is provided "as is" without express or implied warranty. + */ + +#if !defined(lint) && !defined(SABER) +static char rcsid_kadmin_inq[] = + "$Header$"; +#endif /* lint */ + +/* + * kadmin_inq + * Perform Remote Kerberos Administrative Functions + */ + +#include <stdio.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <netdb.h> +#include <signal.h> +#ifndef __convex__ +#include <strings.h> +#endif +#include <com_err.h> + +#include <krb5/adm_defs.h> + +#include <krb5/krb5.h> +#include <krb5/ext-proto.h> +#include <krb5/los-proto.h> +#include <krb5/kdb.h> +#include <krb5/kdb_dbm.h> + +krb5_error_code +kadm_inq_user(my_creds, rep_ret, local_addr, foreign_addr, + local_socket, seqno, principal) +krb5_creds *my_creds; +krb5_ap_rep_enc_part *rep_ret; +krb5_address *local_addr, *foreign_addr; +int *local_socket; +krb5_int32 *seqno; +char *principal; +{ + krb5_data msg_data, inbuf; + kadmin_requests rd_priv_resp; + char username[755]; + int count; + krb5_error_code retval; /* return code */ + + char *my_data; + + if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) { + fprintf(stderr, "No memory for command!\n"); + return(1); + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = INQOPER; + inbuf.data[2] = SENDDATA2; + + if (principal && principal[0] != '\0') + strcpy(username, principal); + else { + count = 0; + do { + fprintf(stdout, "\nName of Principal to be Displayed: "); + fgets(username, sizeof(username), stdin); + if (username[0] == '\n') + fprintf(stderr, "Invalid Principal name!\n"); + count++; + } + while (username[0] == '\n' && count < 3); + + if (username[0] == '\n') { + fprintf(stderr, "Aborting!!\n\n"); + return(1); + } + + username[strlen(username) -1] = '\0'; + } + + (void) memcpy( inbuf.data + 3, username, strlen(username)); + inbuf.length = strlen(username) + 3; + + if (retval = krb5_mk_priv(&inbuf, + ETYPE_DES_CBC_CRC, + &my_creds->keyblock, + local_addr, + foreign_addr, + *seqno, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data)) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(local_socket, &msg_data)){ + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + return(1); + } + free(msg_data.data); + + /* Ok Now let's get the private message */ + if ((retval = krb5_read_message(local_socket, &inbuf))){ + fprintf(stderr, "Read Error During Second Reply: %s!\n", + error_message(retval)); + return(1); + } + + if (retval = krb5_rd_priv(&inbuf, + &my_creds->keyblock, + foreign_addr, + local_addr, + rep_ret->seq_number, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data)) { + fprintf(stderr, "Error during Second Read Decoding :%s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + if (!msg_data.data) { + fprintf(stderr, "kadm_inq_user: Error - empty message received!\n\n"); + return(0); + } + + if (msg_data.data[2] == KADMBAD) { + fprintf(stderr, "Principal Does Not Exist!\n\n"); + return(0); + } + + if ((my_data = (char *) calloc(1, msg_data.length + 1)) == (char *) 0) { + fprintf(stderr, "No Memory Allocating Inquiry Buffer!\n"); + return(1); + } + + (void) memcpy(my_data, msg_data.data, msg_data.length); + + /* Print Inquiry Information */ + fprintf(stdout, "%s\n", my_data); + free(my_data); + free(msg_data.data); + + if ((inbuf.data = (char *) calloc(1, 3)) == (char *) 0) { + fprintf(stderr, "inbuf.data allocation error!\n"); + return(1); + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = KADMGOOD; + inbuf.length = 2; + + if (retval = krb5_mk_priv(&inbuf, + ETYPE_DES_CBC_CRC, + &my_creds->keyblock, + local_addr, + foreign_addr, + *seqno, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data)) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(local_socket, &msg_data)){ + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + free(msg_data.data); + return(1); + } + free(msg_data.data); + + /* Ok Now let's get the final private message */ + if (retval = krb5_read_message(local_socket, &inbuf)){ + fprintf(stderr, "Read Error During Final Reply: %s!\n", + error_message(retval)); + retval = 1; + } + + if (retval = krb5_rd_priv(&inbuf, + &my_creds->keyblock, + foreign_addr, + local_addr, + rep_ret->seq_number, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data)) { + fprintf(stderr, "Error during Final Read Decoding :%s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + memcpy(&rd_priv_resp.appl_code, msg_data.data, 1); + memcpy(&rd_priv_resp.oper_code, msg_data.data + 1, 1); + memcpy(&rd_priv_resp.retn_code, msg_data.data + 2, 1); + + free(msg_data.data); + + if (!((rd_priv_resp.appl_code == KADMIN) && + (rd_priv_resp.retn_code == KADMGOOD))) { + fprintf(stderr, "Generic Error During kadmin Inquiry!\n"); + retval = 1; + } else { + fprintf(stderr, "\nDatabase Inquiry Successful.\n"); + } + return(0); +} diff --git a/src/kadmin/client/kadmin_mod.c b/src/kadmin/client/kadmin_mod.c new file mode 100644 index 000000000..25a6587c1 --- /dev/null +++ b/src/kadmin/client/kadmin_mod.c @@ -0,0 +1,223 @@ +/* + * $Source$ + * $Author$ + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + */ + +/* + * Sandia National Laboratories also makes no representations about the + * suitability of the modifications, or additions to this software for + * any purpose. It is provided "as is" without express or implied warranty. + */ + +#if !defined(lint) && !defined(SABER) +static char rcsid_kadmin_mod[] = + "$Header$"; +#endif /* lint */ + +/* + * kadmin_mod + * Perform Remote Kerberos Administrative Functions + */ + +#include <stdio.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <netdb.h> +#include <signal.h> +#ifndef __convex__ +#include <strings.h> +#endif +#include <com_err.h> + +#include <krb5/adm_defs.h> + +#include <krb5/krb5.h> +#include <krb5/ext-proto.h> +#include <krb5/los-proto.h> +#include <krb5/kdb.h> +#include <krb5/kdb_dbm.h> + +krb5_error_code +kadm_mod_user(my_creds, rep_ret, local_addr, foreign_addr, + local_socket, seqno, principal) +krb5_creds *my_creds; +krb5_ap_rep_enc_part *rep_ret; +krb5_address *local_addr, *foreign_addr; +int *local_socket; +krb5_int32 *seqno; +char *principal; +{ + krb5_data msg_data, inbuf; + kadmin_requests rd_priv_resp; + char username[755]; + int count; + krb5_error_code retval; /* return code */ + + if ((inbuf.data = (char *) calloc(1, 3 + sizeof(username))) == (char *) 0) { fprintf(stderr, "No memory for command!\n"); + exit(1); + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = MODOPER; + inbuf.data[2] = SENDDATA2; + + if (principal && principal[0] != '\0') + strcpy(username, principal); + else { + count = 0; + do { + fprintf(stdout, "\nName of Principal to be Modified: "); + fgets(username, sizeof(username), stdin); + if (username[0] == '\n') + fprintf(stderr, "Invalid Principal name!\n"); + count++; + } + while (username[0] == '\n' && count < 3); + + if (username[0] == '\n') { + fprintf(stderr, "Aborting!!\n\n"); + return(1); + } + + username[strlen(username) -1] = '\0'; + } + + (void) memcpy( inbuf.data + 3, username, strlen(username)); + inbuf.length = strlen(username) + 3; + + if ((retval = krb5_mk_priv(&inbuf, + ETYPE_DES_CBC_CRC, + &my_creds->keyblock, + local_addr, + foreign_addr, + *seqno, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data))) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(local_socket, &msg_data)){ + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + return(1); + } + free(msg_data.data); + + /* Ok Now let's get the private message */ + if (retval = krb5_read_message(local_socket, &inbuf)){ + fprintf(stderr, "Read Error During Second Reply: %s!\n", + error_message(retval)); + return(1); + } + + if ((retval = krb5_rd_priv(&inbuf, + &my_creds->keyblock, + foreign_addr, + local_addr, + rep_ret->seq_number, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data))) { + fprintf(stderr, "Error during Second Read Decoding :%s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + free(msg_data.data); + + if (msg_data.data[2] == KADMBAD) { + fprintf(stderr, "Principal Does NOT Exist!\n\n"); + return(0); + } + + kadm_snd_mod(my_creds, rep_ret, local_addr, + foreign_addr, local_socket, seqno); + + if ((inbuf.data = (char *) calloc(1, 2)) == (char *) 0) { + fprintf(stderr, "No memory for command!\n"); + return(1); + } + + + inbuf.data[0] = KADMIN; + inbuf.data[1] = KADMGOOD; + inbuf.data[2] = SENDDATA3; + inbuf.length = 3; + + if ((retval = krb5_mk_priv(&inbuf, + ETYPE_DES_CBC_CRC, + &my_creds->keyblock, + local_addr, + foreign_addr, + *seqno, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data))) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(local_socket, &msg_data)){ + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + return(1); + } + free(msg_data.data); + + /* Ok Now let's get the final private message */ + if (retval = krb5_read_message(local_socket, &inbuf)){ + fprintf(stderr, "Read Error During Final Reply: %s!\n", + error_message(retval)); + retval = 1; + } + + if ((retval = krb5_rd_priv(&inbuf, + &my_creds->keyblock, + foreign_addr, + local_addr, + rep_ret->seq_number, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data))) { + fprintf(stderr, "Error during Final Read Decoding :%s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + memcpy(&rd_priv_resp.appl_code, msg_data.data, 1); + memcpy(&rd_priv_resp.oper_code, msg_data.data + 1, 1); + memcpy(&rd_priv_resp.retn_code, msg_data.data + 2, 1); + + free(msg_data.data); + + if (!((rd_priv_resp.appl_code == KADMIN) && + (rd_priv_resp.retn_code == KADMGOOD))) { + fprintf(stderr, "Error Performing kadmin service!\n"); + retval = 1; + } else { + fprintf(stderr, "\nDatabase Modification Successful.\n"); + } + return(0); +} diff --git a/src/kadmin/client/kadmin_msnd.c b/src/kadmin/client/kadmin_msnd.c new file mode 100644 index 000000000..41a36c117 --- /dev/null +++ b/src/kadmin/client/kadmin_msnd.c @@ -0,0 +1,320 @@ +/* + * $Source$ + * $Author$ + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + */ + +/* + * Sandia National Laboratories also makes no representations about the + * suitability of the modifications, or additions to this software for + * any purpose. It is provided "as is" without express or implied warranty. + */ + +#if !defined(lint) && !defined(SABER) +static char rcsid_kadmin[] = + "$Header$"; +#endif /* lint */ + +/* + * kadmin_snd_mod + * Perform Remote Kerberos Administrative Functions + */ + +#include <stdio.h> +#include <ctype.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <netdb.h> +#include <signal.h> +#ifndef __convex__ +#include <strings.h> +#endif +#include <com_err.h> + +#ifndef MAXPATHLEN +#define MAXPATHLEN 1024 +#endif + +#include <sys/param.h> +#include <pwd.h> + +#include <krb5/adm_defs.h> + +#include <sys/stat.h> + +#include <krb5/krb5.h> +#include <krb5/kdb.h> +#include <krb5/kdb_dbm.h> +#include <krb5/ext-proto.h> +#include <krb5/los-proto.h> +#include <krb5/asn1.h> +#include <krb5/config.h> +#include <krb5/base-defs.h> +#include <krb5/asn.1/encode.h> + +#include <krb5/widen.h> + +#include <krb5/adm_err.h> +#include <krb5/errors.h> +#include <krb5/kdb5_err.h> +#include <krb5/krb5_err.h> + +krb5_error_code +kadm_snd_mod(my_creds, rep_ret, local_addr, foreign_addr, local_socket, seqno) +krb5_creds *my_creds; +krb5_ap_rep_enc_part *rep_ret; +krb5_address *local_addr, *foreign_addr; +int *local_socket; +krb5_int32 *seqno; +{ + krb5_error_code retval; /* return code */ + krb5_data msg_data, inbuf; + char mod_type[10]; + char attrib[20]; + char version[10]; + int value; + int valid_command; + extern int errno; + int i; + + for ( ; ; ) { + valid_command = 0; +repeat1: +#ifdef SANDIA + fprintf(stdout, "\nParameter Type to be Modified (fcnt, vno, attr, or q): "); +#else + fprintf(stdout, "\nParameter Type to be Modified (vno, attr, or q): "); +#endif + + (void) fgets(mod_type, 10, stdin); + mod_type[strlen(mod_type) - 1] = '\0'; + + if ((inbuf.data = (char *) calloc(1, 80)) == (char *) 0) { + fprintf(stderr, "No memory for command!\n"); + exit(1); + } + + if (!strcmp(mod_type, "q")) { + free(inbuf.data); + goto alldone; + } +#ifdef SANDIA + if (!strcmp(mod_type, "fcnt")) { + valid_command = 1; +repeat_cnt: + fprintf(stdout, "\nFailure Count: "); + (void) fgets(version, sizeof(version), stdin); + /* Make sure version is null terminated */ + version[sizeof(version) -1] = '\0'; + /* Strip linefeed */ + if (version[strlen(version) - 1] == '\n') + version[strlen(version) - 1] = '\0'; + if (!strcmp(version, "q")) { + free(inbuf.data); + goto alldone; + } + value = -1; + sscanf(version,"%d",&value); + if (value < 0 || value > 10 ) { + fprintf(stderr, "Value must be between 0 and 10!\n"); + goto repeat_cnt; + } + inbuf.data[3] = KMODFCNT; + (void) memcpy(inbuf.data + 4, version, strlen(version)); + inbuf.length = strlen(version) + 4; + } +#endif + if (!strcmp(mod_type, "vno")) { + valid_command = 1; +repeat2: + fprintf(stdout, "\nVersion Number: "); + (void) fgets(version, sizeof(version), stdin); + /* Make sure version is null terminated */ + version[sizeof(version) -1] = '\0'; + /* Strip linefeed */ + if (version[strlen(version) - 1] == '\n') + version[strlen(version) - 1] = '\0'; + if (!strcmp(version, "q")) { + free(inbuf.data); + goto alldone; + } + value = -1; + sscanf(version,"%d",&value); + if (value < 0 || value > 255 ) { + fprintf(stderr, "Value must be between 0 and 255!\n"); + goto repeat2; + } + inbuf.data[3] = KMODVNO; + (void) memcpy(inbuf.data + 4, version, strlen(version)); + inbuf.length = strlen(version) + 4; + } + + if (!strcmp(mod_type, "attr")) { + valid_command = 1; +repeat3: + fprintf(stdout, "\nAttribute: "); + fgets(attrib, 20, stdin); + attrib[strlen(attrib) - 1] = '\0'; + for (i = 0; attrib[i] != '\0'; i++) + if (isupper(attrib[i])) + attrib[i] = tolower(attrib[i]); + + inbuf.data[3] = KMODATTR; + inbuf.data[4] = BADATTR; + inbuf.length = 5; + if (!strcmp(attrib, "post")) inbuf.data[4] = ATTRPOST; + if (!strcmp(attrib, "nopost")) inbuf.data[4] = ATTRNOPOST; + if (!strcmp(attrib, "forward")) inbuf.data[4] = ATTRFOR; + if (!strcmp(attrib, "noforward")) inbuf.data[4] = ATTRNOFOR; + if (!strcmp(attrib, "tgt")) inbuf.data[4] = ATTRTGT; + if (!strcmp(attrib, "notgt")) inbuf.data[4] = ATTRNOTGT; + if (!strcmp(attrib, "ren")) inbuf.data[4] = ATTRREN; + if (!strcmp(attrib, "noren")) inbuf.data[4] = ATTRNOREN; + if (!strcmp(attrib, "proxy")) inbuf.data[4] = ATTRPROXY; + if (!strcmp(attrib, "noproxy")) inbuf.data[4] = ATTRNOPROXY; + if (!strcmp(attrib, "dskey")) inbuf.data[4] = ATTRDSKEY; + if (!strcmp(attrib, "nodskey")) inbuf.data[4] = ATTRNODSKEY; + if (!strcmp(attrib, "lock")) inbuf.data[4] = ATTRLOCK; + if (!strcmp(attrib, "unlock")) inbuf.data[4] = ATTRUNLOCK; + if (!strcmp(attrib, "svr")) inbuf.data[4] = ATTRSVR; + if (!strcmp(attrib, "nosvr")) inbuf.data[4] = ATTRNOSVR; + +#ifdef SANDIA + if (!strcmp(attrib, "preauth")) inbuf.data[4] = ATTRPRE; + if (!strcmp(attrib, "nopreauth")) inbuf.data[4] = ATTRNOPRE; + if (!strcmp(attrib, "pwok")) inbuf.data[4] = ATTRPWOK; + if (!strcmp(attrib, "pwchange")) inbuf.data[4] = ATTRPWCHG; + if (!strcmp(attrib, "sid")) inbuf.data[4] = ATTRSID; + if (!strcmp(attrib, "nosid")) inbuf.data[4] = ATTRNOSID; +#endif + if (!strcmp(attrib, "q")){ + free(inbuf.data); + goto alldone; + } + if (inbuf.data[4] == BADATTR) { + fprintf(stderr, "Valid Responses are:\n"); + fprintf(stderr, "post/nopost - Allow/Disallow postdating\n"); + fprintf(stderr, "forward/noforward - Allow/Disallow forwarding\n"); + fprintf(stderr, "tgt/notgt - Allow/Disallow initial tickets\n"); + fprintf(stderr, "ren/noren - Allow/Disallow renewable tickets\n"); + fprintf(stderr, + "proxy/noproxy - Allow/Disallow proxiable tickets\n"); + fprintf(stderr, + "dskey/nodskey - Allow/Disallow Duplicate Session Keys\n"); + fprintf(stderr, "lock/unlock - Lock/Unlock client\n"); + fprintf(stderr, + "svr/nosvr - Allow/Disallow Use of Principal as Server\n"); +#ifdef SANDIA + fprintf(stderr, + "preauth/nopreauth - Require/Do Not Require preauthentication\n"); + fprintf(stderr, + "pwok/pwchange - Password is OK/Needs to be changed\n"); + fprintf(stderr, + "sid/nosid - Require/Do Not Require Hardware Authentication\n"); +#endif + fprintf(stderr, "q - Quit from setting attributes.\n"); + goto repeat3; + } + } + + if (!valid_command) { + free(inbuf.data); + fprintf(stderr, "Invalid command - Try Again\n"); + goto repeat1; + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = MODOPER; + inbuf.data[2] = SENDDATA3; + + if ((retval = krb5_mk_priv(&inbuf, + ETYPE_DES_CBC_CRC, + &my_creds->keyblock, + local_addr, + foreign_addr, + *seqno, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data))) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(local_socket, &msg_data)) { + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + return(1); + } + free(msg_data.data); + + /* Ok Now let's get the private message */ + if (retval = krb5_read_message(local_socket, &inbuf)){ + fprintf(stderr, "Read Error During Second Reply: %s!\n", + error_message(retval)); + return(1); + } + + if ((retval = krb5_rd_priv(&inbuf, + &my_creds->keyblock, + foreign_addr, + local_addr, + rep_ret->seq_number, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data))) { + fprintf(stderr, "Error during Second Read Decoding :%s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + } /* for */ + +alldone: + if ((inbuf.data = (char *) calloc(1, 80)) == (char *) 0) { + fprintf(stderr, "No memory for command!\n"); + exit(1); + } + + inbuf.data[0] = KADMIN; + inbuf.data[1] = KADMGOOD; + inbuf.data[2] = SENDDATA3; + inbuf.length = 3; + + if ((retval = krb5_mk_priv(&inbuf, + ETYPE_DES_CBC_CRC, + &my_creds->keyblock, + local_addr, + foreign_addr, + *seqno, + KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, + 0, + 0, + &msg_data))) { + fprintf(stderr, "Error during Second Message Encoding: %s!\n", + error_message(retval)); + free(inbuf.data); + return(1); + } + free(inbuf.data); + + /* write private message to server */ + if (krb5_write_message(local_socket, &msg_data)) { + fprintf(stderr, "Write Error During Second Message Transmission!\n"); + return(1); + } + free(msg_data.data); + + return(0); +} |