Add {add,del}_key_type commands

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6467 dc483132-0cff-0310-8789-dd5450dbe970

6 files changed, 274 insertions, 126 deletions

diff --git a/src/kadmin/v5client/ChangeLog b/src/kadmin/v5client/ChangeLog
index 730f62c37..da3a8957a 100644
--- a/src/kadmin/v5client/ChangeLog
+++ b/src/kadmin/v5client/ChangeLog
@@ -1,4 +1,16 @@
 
+Tue Aug 8 17:27:04 EDT 1995	Paul Park	(pjpark@mit.edu)
+	* kadmin5_ct.ct - Add add_key_type and del_key_type to add/delete a
+		particular key/salt pair.
+	* kadmin5.c - Add kadmin_{add,del}_key_type to support add_key_type
+		and del_key_type commands.  Change -l processing to use
+		krb5_string_to_deltat().
+	* kadmin5.h - Update prototypes and remove obsolete functions.
+	* network.c - Add new protocol error message support.
+	* kadmin5.M - Remove descriptions of obsolete syntax or syntax which
+		has been made common among utilities.
+
+
 Fri Aug 4 16:13:20 EDT 1995	Paul Park	(pjpark@mit.edu)
 	* kadmin5.c - Replace explicit hand-decoded integers with macros.
 
diff --git a/src/kadmin/v5client/kadmin5.M b/src/kadmin/v5client/kadmin5.M
index 527cc2722..3901a5ff6 100644
--- a/src/kadmin/v5client/kadmin5.M
+++ b/src/kadmin/v5client/kadmin5.M
@@ -36,7 +36,7 @@ kadmin5 \- administer a Kerberos principal database over the network.
 .I ccache
 ] [
 .B \-l
-.I [hours:]minutes
+.I deltatime
 ] [
 .B \-d
 ] [
@@ -60,7 +60,7 @@ specifies a principal name to use instead of the default
 .B ccache
 specifies a credentials cache to use instead of the default.
 .IP \-l
-.B [hours:]minutes
+.B deltatime
 specifies the lifetime for an administrative ticket, if one needs to be
 acquired.
 .IP \-d
@@ -129,6 +129,14 @@ Add new entry to Kerberos database, using a random key.
 .IP change_rnd_key,crk
 Change key of an entry in the Kerberos database (selecting a new random key).
 
+.IP add_key_type,akt
+Add new key type to an existing Kerberos principal (prompting for old
+password).
+
+.IP del_key_type,dkt
+Delete key type from an existing Kerberos principal (prompting for old
+password).
+
 .IP delete_entry,delent,del
 Delete an entry from the database.
 
@@ -167,26 +175,17 @@ and
 commands, an optional list of principal options may be specified.  The
 following options may be specified:
 .TP i
-.I kvno=<integer>
-Specifies the key version number for the principal.
-.TP i
-.I maxlife=<integer>
-Specifies the maximum ticket life for the principal in seconds.
+.I maxlife=<deltatime>
+Specifies the maximum ticket life for the principal.
 .TP i
-.I maxrenewlife=<integer>
-Specifies the maximum renewable ticket life for the principal in seconds.
+.I maxrenewlife=<deltatime>
+Specifies the maximum renewable ticket life for the principal.
 .TP i
 .I expiration=<date>
-Specifies the expiration date and time of the principal.  See below for the
-format of
-.I <date>.
+Specifies the expiration date and time of the principal.
 .TP i
 .I pwexpiration=<date>
-Specifies the expiration date and time of the principal's password.  See below for the format of
-.I <date>.
-.TP i
-.I salttype=[v5|v4|norealm|onlyrealm|special]
-Indicates the salt type.
+Specifies the expiration date and time of the principal's password.
 .TP i
 .I [+/-]postdateable
 Specifies that tickets for this principal [are/are not] postdateable.
@@ -194,7 +193,7 @@ Specifies that tickets for this principal [are/are not] postdateable.
 .I [+/-]forwardable
 Specifies that tickets for this principal [are/are not] forwardable.
 .TP i
-.I [+/-]tgt_req
+.I [+/-]tgt-based
 Specifies that TGT-based requests for this principal [are/are not] allowed.
 .TP i
 .I [+/-]renewable
@@ -203,11 +202,11 @@ Specifies that tickets for this principal [are/are not] renewable.
 .I [+/-]proxiable
 Specifies that tickets for this principal [are/are not] proxiable.
 .TP i
-.I [+/-]dup_skey
+.I [+/-]dup-skey
 Specifies that tickets issued by this service [may/may not] be encrypted
 using the session key instead of the private key.
 .TP i
-.I [+/-]allow_tickets
+.I [+/-]allow-tickets
 Specifies that tickets for this principal [are/are not] allowed.
 .TP i
 .I [+/-]preauth
@@ -217,10 +216,10 @@ Specifies that preauthorization [is/is not] required for this principal.
 Specifies that hardware preauthorization [is/is not] required for this
 principal.
 .TP i
-.I [+/-]pwchange_req
+.I [+/-]pwchange
 Specifies that a password change [is/is not] required for this principal.
 .TP i
-.I [+/-]server
+.I [+/-]service
 Specifies that this principal [is/is not] allowed to be a service.
 .TP i
 .I [+/-]pwservice
@@ -228,57 +227,6 @@ Specifies that this principal [is/is not] the password changing service.
 .TP i
 .I [+/-]md5
 Specifies that DES MD5 [is/is not] supported for this principal.
-
-.SH Date Format
-The format of <date>
-may be one of the following, where
-.I yy
-is the last two digits of the year;
-.I mm
-is the month number (with a leading zero if less than 10);
-.I dd
-is the day number in the month (with a leading zero if less than 10);
-.I HH
-is the hour number (24-hour clock);
-.I MM
-is the minute number; and
-.I SS
-is the second number:
-.TP i
-.I yy.mm.dd.HH.MM.SS
-e.g. 95.09.01.00.00.00 for midnight on September 1, 1995.
-.TP i
-.I yymmddHHMMSS
-e.g. 950901000000 for midnight on September 1, 1995.
-.PP
-If the
-.B strptime(3)
-function is available, then the following formats are also supported.
-.PP
-.TP i
-.I yymmddHHMM
-e.g. 9509010000 for midnight on September 1, 1995.
-.TP i
-.I HHMMSS
-e.g. 200000 for 8pm tonight.
-.TP i
-.I HHMM
-e.g. 2100 for 9pm tonight.
-.TP i
-.I HH:MM:SS
-e.g. 20:00:00 for 8pm tonight.
-.TP i
-.I HH:MM
-e.g. 21:00 for 9pm tonight.
-.TP i
-.I locale-dependent short format (mm/dd/yy:HH:MM:SS) in U.S.
-.e.g 01/09/95:00:00:00 for midnight on September 1, 1995.
-.TP i
-.I dd-<text-month>-yyyy:HH:MM:SS
-e.g. 01-Sep-1995:00:00:00 for midnight on September 1, 1995.
-.TP i
-.I dd-<text-month>-yyyy:HH:MM
-e.g. 01-Sep-1995:00:00 for midnight on September 1, 1995.
 .PP
 .SH SEE ALSO
-kadmind5(8), kpasswd(1), strptime(3)
+kadmind5(8), kpasswd(1)
diff --git a/src/kadmin/v5client/kadmin5.c b/src/kadmin/v5client/kadmin5.c
index 627a894e3..8f533d7ca 100644
--- a/src/kadmin/v5client/kadmin5.c
+++ b/src/kadmin/v5client/kadmin5.c
@@ -120,6 +120,16 @@ static const char *cpw_prompt1_fmt	= "   Enter new password for %s: ";
 static const char *cpw_prompt2_fmt	= "Re-enter new password for %s: ";
 static const char *cpw_succ_fmt		= "password changed for %s";
 static const char *cpw_nochange_fmt	= "password not changed for %s";
+static const char *akt_usage_fmt	= "usage is %s principal [key:salt]+";
+static const char *akt_prompt1_fmt	= "   Enter current password for %s: ";
+static const char *akt_prompt2_fmt	= "Re-enter current password for %s: ";
+static const char *akt_succ_fmt		= "keytypes successfully added for %s";
+static const char *akt_nochange_fmt	= "keytypes not added for %s";
+static const char *dkt_usage_fmt	= "usage is %s principal [key:salt[:kvno]]+";
+static const char *dkt_prompt1_fmt	= "   Enter current password for %s: ";
+static const char *dkt_prompt2_fmt	= "Re-enter current password for %s: ";
+static const char *dkt_succ_fmt		= "keytypes successfully deleted for %s";
+static const char *dkt_nochange_fmt	= "keytypes not deleted for %s";
 static const char *dprinc_usage_fmt	= "usage is %s [%s] principal [...]";
 static const char *del_conf_fmt		= "Enter '%c' to delete principal %s: ";
 static const char del_conf_char		= 'y';
@@ -670,6 +680,178 @@ kadmin_change_rnd(argc, argv)
 }
 
 /*
+ * kadmin_add_key_type()	- Add key/salt types.
+ */
+void
+kadmin_add_key_type(argc, argv)
+    int		argc;
+    char	*argv[];
+{
+    int			i;
+    krb5_int32		proto_stat;
+    krb5_int32		ncomps;
+    krb5_data		*complist;
+    krb5_error_code	kret;
+    krb5_data		*arglist;
+    char		*p1;
+    char		*p2;
+    char		*opass;
+    int			oplen;
+
+    /*
+     * Command syntax is: akt principal [keysalt]+
+     */
+    if (argc < 3) {
+	com_err(argv[0], 0, akt_usage_fmt, argv[0]);
+	return;
+    }
+
+    requestname = argv[0];
+    kret = 0;
+    arglist = (krb5_data *) malloc((size_t)(sizeof(krb5_data)*(argc-2)));
+    p1 = (char *) malloc(strlen(akt_prompt1_fmt)+strlen(argv[argc-1])+1);
+    p2 = (char *) malloc(strlen(akt_prompt2_fmt)+strlen(argv[argc-1])+1);
+    opass = (char *) malloc(KRB5_ADM_MAX_PASSWORD_LEN);
+    if (arglist && p1 && p2 && opass) {
+	memset(arglist, 0, (size_t) (sizeof(krb5_data)*(argc-2)));
+	sprintf(p1, akt_prompt1_fmt, argv[1]);
+	sprintf(p2, akt_prompt2_fmt, argv[1]);
+	for (i=2; i<argc; i++) {
+	    arglist[i-2].length = strlen(argv[i]);
+	    arglist[i-2].data = argv[i];
+	}
+	if (!(kret = net_connect())) {
+	    oplen = KRB5_ADM_MAX_PASSWORD_LEN;
+	    if (!(kret = krb5_read_password(kcontext,
+					    p1,
+					    p2,
+					    opass,
+					    &oplen))) {
+		opass[oplen] = '\0';
+		if (!(kret = net_do_proto(KRB5_ADM_ADD_KEY_CMD,
+					  argv[1],
+					  opass,
+					  argc-2,
+					  arglist,
+					  &proto_stat,
+					  &ncomps,
+					  &complist,
+					  1))) {
+		    if (proto_stat == KRB5_ADM_SUCCESS)
+			com_err(programname, 0, akt_succ_fmt, argv[1]);
+		    krb5_free_adm_data(kcontext, ncomps, complist);
+		}
+		memset(opass, 0, KRB5_ADM_MAX_PASSWORD_LEN);
+	    }
+	    else {
+		com_err(argv[0], kret, akt_nochange_fmt, argv[1]);
+	    }
+	    net_disconnect(0);
+	}
+	else {
+	    com_err(argv[0], kret, gen_conn_err_fmt);
+	}
+    }
+    else {
+	com_err(requestname, 0, no_memory_fmt);
+    }
+    if (p1)
+	free(p1);
+    if (p2)
+	free(p2);
+    if (opass)
+	free(opass);
+    if (arglist)
+	free(arglist);
+}
+
+/*
+ * kadmin_del_key_type()	- Delete key/salt types.
+ */
+void
+kadmin_del_key_type(argc, argv)
+    int		argc;
+    char	*argv[];
+{
+    int			i;
+    krb5_int32		proto_stat;
+    krb5_int32		ncomps;
+    krb5_data		*complist;
+    krb5_error_code	kret;
+    krb5_data		*arglist;
+    char		*p1;
+    char		*p2;
+    char		*opass;
+    int			oplen;
+
+    /*
+     * Command syntax is: dkt principal [keysalt[:kvno]]+
+     */
+    if (argc < 3) {
+	com_err(argv[0], 0, dkt_usage_fmt, argv[0]);
+	return;
+    }
+
+    requestname = argv[0];
+    kret = 0;
+    arglist = (krb5_data *) malloc((size_t)(sizeof(krb5_data)*(argc-2)));
+    p1 = (char *) malloc(strlen(dkt_prompt1_fmt)+strlen(argv[argc-1])+1);
+    p2 = (char *) malloc(strlen(dkt_prompt2_fmt)+strlen(argv[argc-1])+1);
+    opass = (char *) malloc(KRB5_ADM_MAX_PASSWORD_LEN);
+    if (arglist && p1 && p2 && opass) {
+	memset(arglist, 0, (size_t) (sizeof(krb5_data)*(argc-2)));
+	sprintf(p1, dkt_prompt1_fmt, argv[1]);
+	sprintf(p2, dkt_prompt2_fmt, argv[1]);
+	for (i=2; i<argc; i++) {
+	    arglist[i-2].length = strlen(argv[i]);
+	    arglist[i-2].data = argv[i];
+	}
+	if (!(kret = net_connect())) {
+	    oplen = KRB5_ADM_MAX_PASSWORD_LEN;
+	    if (!(kret = krb5_read_password(kcontext,
+					    p1,
+					    p2,
+					    opass,
+					    &oplen))) {
+		opass[oplen] = '\0';
+		if (!(kret = net_do_proto(KRB5_ADM_DEL_KEY_CMD,
+					  argv[1],
+					  opass,
+					  argc-2,
+					  arglist,
+					  &proto_stat,
+					  &ncomps,
+					  &complist,
+					  1))) {
+		    if (proto_stat == KRB5_ADM_SUCCESS)
+			com_err(programname, 0, dkt_succ_fmt, argv[1]);
+		    krb5_free_adm_data(kcontext, ncomps, complist);
+		}
+		memset(opass, 0, KRB5_ADM_MAX_PASSWORD_LEN);
+	    }
+	    else {
+		com_err(argv[0], kret, dkt_nochange_fmt, argv[1]);
+	    }
+	    net_disconnect(0);
+	}
+	else {
+	    com_err(argv[0], kret, gen_conn_err_fmt);
+	}
+    }
+    else {
+	com_err(requestname, 0, no_memory_fmt);
+    }
+    if (p1)
+	free(p1);
+    if (p2)
+	free(p2);
+    if (opass)
+	free(opass);
+    if (arglist)
+	free(arglist);
+}
+
+/*
  * kadmin_delete_entry()	- Delete principal.
  */
 void
@@ -1365,17 +1547,9 @@ kadmin_startup(argc, argv)
 	    saveit = 1;
 	    break;
 	case 'l':
-	    {
-		int hours, minutes;
-
-		if (sscanf(optarg, "%d:%d", &hours, &minutes) == 2)
-		    ticket_life = (hours * 3600) + (minutes * 60);
-		else if (sscanf(optarg, "%d", &minutes) == 1)
-		    ticket_life = minutes * 60;
-		else {
-		    com_err(argv[0], 0, kadmin_badtime_fmt, optarg);
-		    exit(1);
-		}
+	    if (krb5_string_to_deltat(optarg, (krb5_deltat *) &ticket_life)) {
+		com_err(argv[0], 0, kadmin_badtime_fmt, optarg);
+		exit(1);
 	    }
 	    break;
 	case 'r':
diff --git a/src/kadmin/v5client/kadmin5.h b/src/kadmin/v5client/kadmin5.h
index d7fed8464..a8f44c3ca 100644
--- a/src/kadmin/v5client/kadmin5.h
+++ b/src/kadmin/v5client/kadmin5.h
@@ -47,56 +47,56 @@ extern krb5_boolean	delete_ccache;
  */
 /* network.c */
 void		print_proto_sreply
-			PROTOTYPE((krb5_int32, krb5_data *));
+			KRB5_PROTOTYPE((krb5_int32, krb5_data *));
 void		print_proto_error
-			PROTOTYPE((char *,
-				   krb5_int32,
-				   krb5_int32,
-				   krb5_data *));
+			KRB5_PROTOTYPE((char *,
+					krb5_int32,
+					krb5_int32,
+					krb5_data *));
 krb5_error_code	net_connect();
 void		net_disconnect
-			PROTOTYPE((krb5_boolean));
+			KRB5_PROTOTYPE((krb5_boolean));
 krb5_error_code	net_do_proto
-			PROTOTYPE((char *,
-				   char *,
-				   char *,
-				   krb5_int32,
-				   krb5_data *,
-				   krb5_int32 *,
-				   krb5_int32 *,
-				   krb5_data **,
-				   krb5_boolean));
+			KRB5_PROTOTYPE((char *,
+					char *,
+					char *,
+					krb5_int32,
+					krb5_data *,
+					krb5_int32 *,
+					krb5_int32 *,
+					krb5_data **,
+					krb5_boolean));
 
 /* convert.c */
-char *		delta2string PROTOTYPE((krb5_deltat));
-char *		abs2string PROTOTYPE((krb5_timestamp));
-char *		dbflags2string PROTOTYPE((krb5_flags));
-char *		salt2string PROTOTYPE((krb5_int32));
-krb5_boolean	parse_princ_options PROTOTYPE((int,
-					       char **,
-					       krb5_ui_4 *,
-					       krb5_db_entry *));
+char *		delta2string KRB5_PROTOTYPE((krb5_deltat));
+char *		abs2string KRB5_PROTOTYPE((krb5_timestamp));
+char *		dbflags2string KRB5_PROTOTYPE((krb5_flags));
+char *		salt2string KRB5_PROTOTYPE((krb5_int32));
+krb5_boolean	parse_princ_options KRB5_PROTOTYPE((int,
+						    char **,
+						    krb5_ui_4 *,
+						    krb5_db_entry *));
 void		help_princ_options();
 
 /* kadmin5.c */
-void		kadmin_show_principal PROTOTYPE((int, char **));
-void		kadmin_add_new_key PROTOTYPE((int, char **));
-void		kadmin_change_pwd PROTOTYPE((int, char **));
-void		kadmin_add_rnd_key PROTOTYPE((int, char **));
-void		kadmin_change_rnd PROTOTYPE((int, char **));
-void		kadmin_add_v4_key PROTOTYPE((int, char **));
-void		kadmin_change_v4_key PROTOTYPE((int, char **));
-void		kadmin_delete_entry PROTOTYPE((int, char **));
-void		kadmin_extract PROTOTYPE((int, char **));
-void		kadmin_extract_v4 PROTOTYPE((int, char **));
-void		kadmin_modify PROTOTYPE((int, char **));
-void		kadmin_rename PROTOTYPE((int, char **));
-void		kadmin_list PROTOTYPE((int, char **));
-void		kadmin_language PROTOTYPE((int, char **));
-void		kadmin_mime PROTOTYPE((int, char **));
-void		kadmin_cd PROTOTYPE((int, char **));
-void		kadmin_pwd PROTOTYPE((int, char **));
-char *		kadmin_startup PROTOTYPE((int, char **));
+void		kadmin_show_principal KRB5_PROTOTYPE((int, char **));
+void		kadmin_add_new_key KRB5_PROTOTYPE((int, char **));
+void		kadmin_change_pwd KRB5_PROTOTYPE((int, char **));
+void		kadmin_add_rnd_key KRB5_PROTOTYPE((int, char **));
+void		kadmin_change_rnd KRB5_PROTOTYPE((int, char **));
+void		kadmin_add_key_type KRB5_PROTOTYPE((int, char **));
+void		kadmin_del_key_type KRB5_PROTOTYPE((int, char **));
+void		kadmin_delete_entry KRB5_PROTOTYPE((int, char **));
+void		kadmin_extract KRB5_PROTOTYPE((int, char **));
+void		kadmin_extract_v4 KRB5_PROTOTYPE((int, char **));
+void		kadmin_modify KRB5_PROTOTYPE((int, char **));
+void		kadmin_rename KRB5_PROTOTYPE((int, char **));
+void		kadmin_list KRB5_PROTOTYPE((int, char **));
+void		kadmin_language KRB5_PROTOTYPE((int, char **));
+void		kadmin_mime KRB5_PROTOTYPE((int, char **));
+void		kadmin_cd KRB5_PROTOTYPE((int, char **));
+void		kadmin_pwd KRB5_PROTOTYPE((int, char **));
+char *		kadmin_startup KRB5_PROTOTYPE((int, char **));
 int		kadmin_cleanup();
 #endif	/* KADMIN5_H__ */
 
diff --git a/src/kadmin/v5client/kadmin5_ct.ct b/src/kadmin/v5client/kadmin5_ct.ct
index 5defef69e..6eee054d5 100644
--- a/src/kadmin/v5client/kadmin5_ct.ct
+++ b/src/kadmin/v5client/kadmin5_ct.ct
@@ -42,6 +42,12 @@ request kadmin_add_rnd_key, "Add new entry to Kerberos database, using a random
 request kadmin_change_rnd, "Change key of an entry in the Kerberos database (selecting a new random key).",
 	change_rnd_key, crk;
 
+request kadmin_add_key_type, "Add new key type to an existing Kerberos principal (prompting for old password).",
+	add_key_type, akt;
+
+request kadmin_del_key_type, "Delete key type from an existing Kerberos principal (prompting for old password).",
+	del_key_type, dkt;
+
 request kadmin_delete_entry, "Delete an entry from the database.",
 	delete_entry, delent, del;
 
diff --git a/src/kadmin/v5client/network.c b/src/kadmin/v5client/network.c
index 27f096912..e4ae98a4a 100644
--- a/src/kadmin/v5client/network.c
+++ b/src/kadmin/v5client/network.c
@@ -59,6 +59,8 @@ static const char *proto_no_auth_fmt	= "(%s) not authorized for this operation";
 static const char *proto_bad_opt_fmt	= "(%s) option not recognized by server";
 static const char *proto_value_req_fmt	= "(%s) value required for option";
 static const char *proto_system_err_fmt	= "(%s) remote system error";
+static const char *proto_key_exists_fmt	= "(%s) key/salt type already present";
+static const char *proto_key_ufo_fmt	= "(%s) key/salt type not present";
 static const char *proto_ufo_err_fmt	= "- (%s) protocol command %s returned unexpected error %d";
 static const char *net_conn_err_fmt	= "- %s: cannot connect to server";
 static const char *net_ccache_fmt	= "- cannot find credential cache %s";
@@ -128,6 +130,12 @@ print_proto_error(cmd, cstat, ncomps, complist)
     case KRB5_ADM_SYSTEM_ERROR:
 	com_err(programname, 0, proto_system_err_fmt, requestname);
 	break;
+    case KRB5_ADM_KEY_ALREADY_EXISTS:
+	com_err(programname, 0, proto_key_exists_fmt, requestname);
+	break;
+    case KRB5_ADM_KEY_DOES_NOT_EXIST:
+	com_err(programname, 0, proto_key_ufo_fmt, requestname);
+	break;
     default:
 	com_err(programname, cstat, proto_ufo_err_fmt, requestname,
 		cmd, cstat);