summaryrefslogtreecommitdiffstats
path: root/src/admin/edit/cpw.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/admin/edit/cpw.c')
-rw-r--r--src/admin/edit/cpw.c470
1 files changed, 186 insertions, 284 deletions
diff --git a/src/admin/edit/cpw.c b/src/admin/edit/cpw.c
index fd8988253..dbf3f503b 100644
--- a/src/admin/edit/cpw.c
+++ b/src/admin/edit/cpw.c
@@ -36,200 +36,218 @@ extern char *Err_no_master_msg;
extern char *Err_no_database;
extern char *current_dbname;
-
-/*
- * XXX Ick, ick, ick. These global variables shouldn't be global....
- */
-/*
-static char search_name[40];
-static int num_name_tokens;
-static char search_instance[40];
-static int num_instance_tokens;
-static int must_be_first[2];
-static char *mkey_password = 0;
-static char *stash_file = (char *) NULL;
-*/
-
/*
* I can't figure out any way for this not to be global, given how ss
* works.
*/
-
extern int exit_status;
-
extern krb5_context edit_context;
-
extern krb5_keyblock master_keyblock;
extern krb5_principal master_princ;
extern krb5_db_entry master_entry;
extern krb5_encrypt_block master_encblock;
-extern krb5_pointer master_random;
extern int valid_master_key;
-
extern char *krb5_default_pwd_prompt1, *krb5_default_pwd_prompt2;
-
-extern char *progname;
-extern char *cur_realm;
-extern char *mkey_name;
-extern krb5_boolean manual_mkey;
extern krb5_boolean dbactive;
-/*
- * This is the guts of add_rnd_key() and change_rnd_key()
- */
-void
-enter_rnd_key(argc, argv, change)
+static krb5_key_salt_tuple ks_tuple_rnd_def[] = { KEYTYPE_DES, 0 };
+static int ks_tuple_rnd_def_count = 1;
+
+static void
+enter_rnd_key(argc, argv, entry)
int argc;
char ** argv;
- int change;
+ krb5_db_entry * entry;
{
krb5_error_code retval;
- krb5_keyblock * tempkey;
- krb5_principal newprinc;
- krb5_key_data * key_data;
- krb5_db_entry entry;
- krb5_boolean more;
int nprincs = 1;
- int vno;
-
- if (argc < 2) {
- com_err(argv[0], 0, "Too few arguments");
- com_err(argv[0], 0, "Usage: %s principal", argv[0]);
- exit_status++;
- return;
- }
- if (!dbactive) {
- com_err(argv[0], 0, Err_no_database);
- exit_status++;
- return;
- }
- if (!valid_master_key) {
- com_err(argv[0], 0, Err_no_master_msg);
- exit_status++;
- return;
- }
- if (retval = krb5_parse_name(edit_context, argv[1], &newprinc)) {
- com_err(argv[0], retval, "while parsing '%s'", argv[1]);
- exit_status++;
- return;
- }
- if (retval = krb5_db_get_principal(edit_context, newprinc, &entry,
- &nprincs, &more)) {
- com_err(argv[0], retval, "while trying to get principal's database entry");
- exit_status++;
- return;
- }
- if (change && !nprincs) {
- com_err(argv[0], 0, "No principal '%s' exists", argv[1]);
- exit_status++;
- goto errout;
- }
- if (!change && nprincs) {
- com_err(argv[0], 0, "Principal '%s' already exists.", argv[1]);
- exit_status++;
- goto errout;
- }
- if (!change) {
- if (retval = create_db_entry(newprinc, &entry)) {
- com_err(argv[0], retval, "While creating new db entry.");
- exit_status++;
- goto errout;
- }
- if (retval = krb5_dbe_create_key_data(edit_context, &entry)) {
- com_err(argv[0], retval, "While creating key_data for db_entry.");
- exit_status++;
- goto errout;
- }
- nprincs = 1;
- vno = 1;
- } else {
- vno = entry.key_data[0].key_data_kvno++;
- }
- /* For now we only set the first key_data */
- key_data = entry.key_data;
-
- if (retval = krb5_random_key(edit_context, &master_encblock,
- master_random, &tempkey)) {
+ if (retval = krb5_dbe_crk(edit_context, &master_encblock, ks_tuple_rnd_def,
+ ks_tuple_rnd_def_count, entry)) {
com_err(argv[0], retval, "while generating random key");
+ krb5_db_free_principal(edit_context, entry, nprincs);
exit_status++;
return;
}
- /* Encoding over an old key_data will free old key contents */
- retval = krb5_dbekd_encrypt_key_data(edit_context, &master_encblock,
- tempkey, NULL, vno, key_data);
- krb5_free_keyblock(edit_context, tempkey);
- if (retval) {
- com_err(argv[0], retval, "while encrypting key for '%s'", argv[1]);
- exit_status++;
- goto errout;
- }
-
- if (retval = krb5_db_put_principal(edit_context, &entry, &nprincs)) {
+ if (retval = krb5_db_put_principal(edit_context, entry, &nprincs)) {
com_err(argv[0], retval, "while storing entry for '%s'\n", argv[1]);
+ krb5_db_free_principal(edit_context, entry, nprincs);
exit_status++;
- goto errout;
+ return;
}
+ krb5_db_free_principal(edit_context, entry, nprincs);
+
if (nprincs != 1) {
com_err(argv[0], 0, "entry not stored in database (unknown failure)");
exit_status++;
}
-errout:
- krb5_free_principal(edit_context, newprinc);
- if (nprincs)
- krb5_db_free_principal(edit_context, &entry, nprincs);
- return;
+}
+
+static int
+pre_key(argc, argv, newprinc, entry)
+ int argc;
+ char ** argv;
+ krb5_principal * newprinc;
+ krb5_db_entry * entry;
+{
+ krb5_boolean more;
+ krb5_error_code retval;
+ int nprincs = 1;
+
+ if (!dbactive) {
+ com_err(argv[0], 0, Err_no_database);
+ } else if (!valid_master_key) {
+ com_err(argv[0], 0, Err_no_master_msg);
+ } else if (retval = krb5_parse_name(edit_context, argv[argc-1], newprinc)) {
+ com_err(argv[0], retval, "while parsing '%s'", argv[argc-1]);
+ } else if (retval = krb5_db_get_principal(edit_context, *newprinc, entry,
+ &nprincs, &more)) {
+ com_err(argv[0],retval,"while trying to get principal's db entry");
+ } else if ((nprincs > 1) || (more)) {
+ krb5_db_free_principal(edit_context, entry, nprincs);
+ krb5_free_principal(edit_context, *newprinc);
+ } else if (nprincs)
+ return(1);
+ else
+ return(0);
+ return(-1);
}
void add_rnd_key(argc, argv)
int argc;
char *argv[];
{
- enter_rnd_key(argc, argv, 0);
+ krb5_error_code retval;
+ krb5_principal newprinc;
+ krb5_db_entry entry;
+
+ if (argc < 2) {
+ com_err(argv[0], 0, "Too few arguments");
+ com_err(argv[0], 0, "Usage: %s principal", argv[0]);
+ exit_status++;
+ return;
+ }
+ switch (pre_key(argc, argv, &newprinc, &entry)) {
+ case 0:
+ if (retval = create_db_entry(newprinc, &entry)) {
+ com_err(argv[0], retval, "While creating new db entry.");
+ exit_status++;
+ return;
+ }
+ krb5_free_principal(edit_context, newprinc);
+ enter_rnd_key(argc, argv, &entry);
+ return;
+ case 1:
+ com_err(argv[0], 0, "Principal '%s' already exists.", argv[1]);
+ krb5_db_free_principal(edit_context, &entry, 1);
+ krb5_free_principal(edit_context, newprinc);
+ default:
+ exit_status++;
+ break;
+ }
}
void change_rnd_key(argc, argv)
int argc;
char *argv[];
{
- enter_rnd_key(argc, argv, 1);
+ krb5_error_code retval;
+ krb5_principal newprinc;
+ krb5_db_entry entry;
+
+ if (argc < 2) {
+ com_err(argv[0], 0, "Too few arguments");
+ com_err(argv[0], 0, "Usage: %s principal", argv[0]);
+ exit_status++;
+ return;
+ }
+ switch (pre_key(argc, argv, &newprinc, &entry)) {
+ case 1:
+ krb5_free_principal(edit_context, newprinc);
+ enter_rnd_key(argc, argv, &entry);
+ break;
+ case 0:
+ com_err(argv[0], 0, "No principal '%s' exists", argv[1]);
+ default:
+ exit_status++;
+ break;
+ }
+}
+
+static krb5_key_salt_tuple ks_tuple_default[] = { KEYTYPE_DES, 0 };
+static int ks_tuple_count_default = 1;
+
+void
+enter_pwd_key(cmdname, princ, ks_tuple, ks_tuple_count, entry)
+ char * cmdname;
+ char * princ;
+ krb5_key_salt_tuple * ks_tuple;
+ int ks_tuple_count;
+ krb5_db_entry * entry;
+{
+ char password[KRB5_ADM_MAX_PASSWORD_LEN];
+ int pwsize = KRB5_ADM_MAX_PASSWORD_LEN;
+ krb5_error_code retval;
+ int one = 1;
+
+ if (retval = krb5_read_password(edit_context, krb5_default_pwd_prompt1,
+ krb5_default_pwd_prompt2,
+ password, &pwsize)) {
+ com_err(cmdname, retval, "while reading password for '%s'", princ);
+ goto errout;
+ }
+
+ if (ks_tuple_count == 0) {
+ ks_tuple_count = ks_tuple_count_default;
+ ks_tuple = ks_tuple_default;
+ }
+ if (retval = krb5_dbe_cpw(edit_context, &master_encblock, ks_tuple,
+ ks_tuple_count, password, entry)) {
+ com_err(cmdname, retval, "while storing entry for '%s'\n", princ);
+ memset(password, 0, sizeof(password)); /* erase it */
+ krb5_dbe_free_contents(edit_context, entry);
+ goto errout;
+ }
+ memset(password, 0, sizeof(password)); /* erase it */
+
+ /* Write the entry back out and we're done */
+ if (retval = krb5_db_put_principal(edit_context, entry, &one)) {
+ com_err(cmdname, retval, "while storing entry for '%s'\n", princ);
+ }
+
+ if (one != 1) {
+ com_err(cmdname, 0, "entry not stored in database (unknown failure)");
+ exit_status++;
+ }
+
+errout:;
+ krb5_db_free_principal(edit_context, entry, one);
+ if (retval)
+ exit_status++;
+ return;
}
-krb5_key_salt_tuple ks_tuple_default = { KEYTYPE_DES, 0 };
void change_pwd_key(argc, argv)
int argc;
char *argv[];
{
krb5_key_salt_tuple * ks_tuple = NULL;
- krb5_db_entry db_entry;
krb5_error_code retval;
- krb5_principal princ;
- krb5_boolean more;
+ krb5_principal newprinc;
+ krb5_db_entry entry;
+
krb5_kvno vno;
int one;
int i;
- char password[KRB5_ADM_MAX_PASSWORD_LEN];
- int pwsize = KRB5_ADM_MAX_PASSWORD_LEN;
-
- if (!dbactive) {
- com_err(argv[0], 0, Err_no_database);
- exit_status++;
- return;
- }
- if (!valid_master_key) {
- com_err(argv[0], 0, Err_no_master_msg);
- exit_status++;
- return;
- }
-
if (argc < 2) {
- com_err(argv[0], 0, "Usage: % [-<key_type[:<salt_type>]> principal",
+ com_err(argv[0], 0, "Too few arguments");
+ com_err(argv[0], 0, "Usage: %s [-<key_type[:<salt_type>]> principal",
argv[0]);
- exit_status++;
+ exit_status++;
return;
}
@@ -280,173 +298,57 @@ void change_pwd_key(argc, argv)
goto change_pwd_key_error;
}
- if (retval = krb5_parse_name(edit_context, argv[i], &princ)) {
- com_err(argv[0], retval, "while parsing '%s'", argv[i]);
- goto change_pwd_key_error;
- }
- if ((retval = krb5_db_get_principal(edit_context, princ, &db_entry,
- &one, &more)) || (!one) || (more)) {
- com_err(argv[0], 0, "No principal '%s' exists!", argv[i]);
- krb5_free_principal(edit_context, princ);
- goto change_pwd_key_error;
- }
-
- /* Done with principal */
- krb5_free_principal(edit_context, princ);
-
- if (retval = krb5_read_password(edit_context, krb5_default_pwd_prompt1,
- krb5_default_pwd_prompt2,
- password, &pwsize)) {
- com_err(argv[0], retval, "while reading password for '%s'", argv[i]);
- goto change_pwd_key_error;
- }
-
- if (retval = krb5_dbe_cpw(edit_context, &master_encblock, &db_entry,
- ks_tuple ? ks_tuple : &ks_tuple_default,
- i, password)) {
- com_err(argv[0], retval, "while storing entry for '%s'\n", argv[i]);
- krb5_dbe_free_contents(edit_context, &db_entry);
- goto change_pwd_key_error;
- }
-
- /* Write the entry back out and we're done */
- if (retval = krb5_db_put_principal(edit_context, &db_entry, &one)) {
- com_err(argv[0], retval, "while storing entry for '%s'\n", argv[i]);
+ switch (pre_key(argc, argv, &newprinc, &entry)) {
+ case 1:
+ /* Done with principal */
+ krb5_free_principal(edit_context, newprinc);
+ enter_pwd_key(argv[0], argv[i], ks_tuple, i-1, &entry);
+ break;
+ case 0:
+ com_err(argv[0], 0, "No principal '%s' exists", argv[i]);
+ default:
+ exit_status++;
+ break;
}
change_pwd_key_error:;
- krb5_xfree(ks_tuple);
- if (retval)
- exit_status++;
- return;
+ if (ks_tuple) {
+ free(ks_tuple);
+ }
}
-void change_v4_key(argc, argv)
+void add_new_key(argc, argv)
int argc;
char *argv[];
{
- krb5_error_code retval;
- krb5_principal newprinc;
- krb5_kvno vno;
+ krb5_error_code retval;
+ krb5_principal newprinc;
+ krb5_db_entry entry;
if (argc < 2) {
com_err(argv[0], 0, "Too few arguments");
- com_err(argv[0], 0, "Usage: %s principal", argv[0]);
- exit_status++;
- return;
- }
- if (!dbactive) {
- com_err(argv[0], 0, Err_no_database);
- exit_status++;
- return;
- }
- if (!valid_master_key) {
- com_err(argv[0], 0, Err_no_master_msg);
- exit_status++;
- return;
- }
- if (retval = krb5_parse_name(edit_context, argv[1], &newprinc)) {
- com_err(argv[0], retval, "while parsing '%s'", argv[1]);
- exit_status++;
- return;
- }
- if ((vno = princ_exists(argv[0], newprinc)) == 0) {
- com_err(argv[0], 0, "No principal '%s' exists!", argv[1]);
- exit_status++;
- krb5_free_principal(edit_context, newprinc);
- return;
- }
- enter_pwd_key(argv[0], argv[1], newprinc, newprinc, vno,
- KRB5_KDB_SALTTYPE_V4);
- krb5_free_principal(edit_context, newprinc);
- return;
-}
-
-void
-enter_pwd_key(cmdname, newprinc, princ, string_princ, vno, salttype)
- char * cmdname;
- char * newprinc;
- krb5_const_principal princ;
- krb5_const_principal string_princ;
- krb5_kvno vno;
- int salttype;
-{
- krb5_error_code retval;
- char password[BUFSIZ];
- int pwsize = sizeof(password);
- krb5_keyblock tempkey;
- krb5_keysalt salt;
- krb5_data pwd;
-
- if (retval = krb5_read_password(edit_context, krb5_default_pwd_prompt1,
- krb5_default_pwd_prompt2,
- password, &pwsize)) {
- com_err(cmdname, retval, "while reading password for '%s'", newprinc);
- exit_status++;
+ com_err(argv[0], 0, "Usage: %s [-<key_type[:<salt_type>]> principal",
+ argv[0]);
+ exit_status++;
return;
}
- pwd.data = password;
- pwd.length = pwsize;
-
- switch (salt.type = salttype) {
- case KRB5_KDB_SALTTYPE_NORMAL:
- if (retval = krb5_principal2salt(edit_context,string_princ,&salt.data)){
- com_err(cmdname, retval,
- "while converting principal to salt for '%s'", newprinc);
- exit_status++;
- return;
- }
- break;
- case KRB5_KDB_SALTTYPE_V4:
- salt.data.length = 0;
- salt.data.data = 0;
- break;
- case KRB5_KDB_SALTTYPE_NOREALM:
- if (retval = krb5_principal2salt_norealm(edit_context, string_princ,
- &salt.data)) {
- com_err(cmdname, retval,
- "while converting principal to salt for '%s'", newprinc);
- exit_status++;
- return;
- }
- break;
- case KRB5_KDB_SALTTYPE_ONLYREALM: {
- krb5_data * saltdata;
- if (retval = krb5_copy_data(edit_context,
- krb5_princ_realm(edit_context,string_princ),
- &saltdata)) {
- com_err(cmdname, retval,
- "while converting principal to salt for '%s'", newprinc);
+ switch (pre_key(argc, argv, &newprinc, &entry)) {
+ case 0:
+ if (retval = create_db_entry(newprinc, &entry)) {
+ com_err(argv[0], retval, "While creating new db entry.");
exit_status++;
return;
}
- salt.data = *saltdata;
- krb5_xfree(saltdata);
- break;
- }
- default:
- com_err(cmdname, 0, "Don't know how to enter salt type %d", salttype);
- exit_status++;
- return;
- }
- retval = krb5_string_to_key(edit_context, &master_encblock,
- master_keyblock.keytype, &tempkey,
- &pwd, &salt.data);
- memset(password, 0, sizeof(password)); /* erase it */
- if (retval) {
- com_err(cmdname, retval, "while converting password to key for '%s'",
- newprinc);
- if (salt.data.data)
- krb5_xfree(salt.data.data);
- exit_status++;
+ enter_pwd_key(argv[0], argv[argc - 1], NULL, 0, &entry);
+ krb5_free_principal(edit_context, newprinc);
return;
+ case 1:
+ com_err(argv[0], 0, "Principal '%s' already exists.", argv[argc - 1]);
+ krb5_db_free_principal(edit_context, &entry, 1);
+ krb5_free_principal(edit_context, newprinc);
+ default:
+ exit_status++;
+ break;
}
- add_key(cmdname, newprinc, princ, &tempkey, ++vno,
- (salttype == KRB5_KDB_SALTTYPE_NORMAL) ? NULL : &salt);
- memset((char *)tempkey.contents, 0, tempkey.length);
- if (salt.data.data)
- krb5_xfree(salt.data.data);
- krb5_xfree(tempkey.contents);
- return;
}
generated by cgit (git 2.34.1) at 2024-09-20 15:37:49 +0000