/* * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" /* * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING * * Openvision retains the copyright to derivative works of * this source code. Do *NOT* create a derivative of this * source code before consulting with your legal department. * Do *NOT* integrate *ANY* of this source code into another * product before consulting with your legal department. * * For further information, read the top-level Openvision * copyright which is contained in the top-level MIT Kerberos * copyright. * * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING * */ /* * kadmin/ktutil/ktutil.c * * Copyright 1995, 1996 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. * * SS user interface for ktutil. */ #include "k5-int.h" #include "ktutil.h" #include #include #include #ifdef HAVE_STDLIB_H #include #endif #include #include extern ss_request_table ktutil_cmds; krb5_context kcontext; krb5_kt_list ktlist = NULL; int main(argc, argv) int argc; char *argv[]; { krb5_error_code retval; int sci_idx; (void) setlocale(LC_ALL, ""); #if !defined(TEXT_DOMAIN) /* Should be defined by cc -D */ #define TEXT_DOMAIN "SYS_TEST" /* Use this only if it weren't */ #endif (void) textdomain(TEXT_DOMAIN); retval = krb5_init_context(&kcontext); if (retval) { com_err(argv[0], retval, gettext("while initializing krb5")); exit(1); } retval = ktutil_initialize_cmds_table (&ktutil_cmds); if (retval) { com_err(argv[0], retval, gettext("while localizing command description messages")); exit(1); } sci_idx = ss_create_invocation("ktutil", "5.0", (char *) NULL, &ktutil_cmds, &retval); if (retval) { ss_perror(sci_idx, retval, gettext("creating invocation")); exit(1); } retval = ss_listen(sci_idx); ktutil_free_kt_list(kcontext, ktlist); exit(0); } void ktutil_clear_list(argc, argv) int argc; char *argv[]; { krb5_error_code retval; if (argc != 1) { fprintf(stderr, gettext("%s: invalid arguments\n"), argv[0]); return; } retval = ktutil_free_kt_list(kcontext, ktlist); if (retval) com_err(argv[0], retval, gettext("while freeing ktlist")); ktlist = NULL; } void ktutil_read_v5(argc, argv) int argc; char *argv[]; { krb5_error_code retval; if (argc != 2) { fprintf(stderr, gettext("%s: must specify keytab to read\n"), argv[0]); return; } retval = ktutil_read_keytab(kcontext, argv[1], &ktlist); if (retval) com_err(argv[0], retval, gettext("while reading keytab \"%s\""), argv[1]); } void ktutil_read_v4(argc, argv) int argc; char *argv[]; { #ifdef KRB5_KRB4_COMPAT krb5_error_code retval; if (argc != 2) { fprintf(stderr, gettext("%s: must specify the srvtab to read\n"), argv[0]); return; } retval = ktutil_read_srvtab(kcontext, argv[1], &ktlist); if (retval) com_err(argv[0], retval, gettext("while reading srvtab \"%s\""), argv[1]); #else fprintf(stderr, gettext("%s: krb4 support not configured\n"), argv[0]); #endif } void ktutil_write_v5(argc, argv) int argc; char *argv[]; { krb5_error_code retval; if (argc != 2) { fprintf(stderr, gettext("%s: must specify keytab to write\n"), argv[0]); return; } retval = ktutil_write_keytab(kcontext, ktlist, argv[1]); if (retval) com_err(argv[0], retval, gettext("while writing keytab \"%s\""), argv[1]); } void ktutil_write_v4(argc, argv) int argc; char *argv[]; { #ifdef KRB5_KRB4_COMPAT krb5_error_code retval; if (argc != 2) { fprintf(stderr, gettext("%s: must specify srvtab to write\n"), argv[0]); return; } retval = ktutil_write_srvtab(kcontext, ktlist, argv[1]); if (retval) com_err(argv[0], retval, gettext("while writing srvtab \"%s\""), argv[1]); #else fprintf(stderr, gettext("%s: krb4 support not configured\n"), argv[0]); #endif } void ktutil_add_entry(argc, argv) int argc; char *argv[]; { krb5_error_code retval; char *princ = NULL; char *enctype = NULL; krb5_kvno kvno = 0; int use_pass = 0, use_key = 0, i; for (i = 1; i < argc; i++) { if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-p", 2)) { princ = argv[++i]; continue; } if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) { kvno = (krb5_kvno) atoi(argv[++i]); continue; } if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) { enctype = argv[++i]; continue; } if ((strlen(argv[i]) == 9) && !strncmp(argv[i], "-password", 9)) { use_pass++; continue; } if ((strlen(argv[i]) == 4) && !strncmp(argv[i], "-key", 4)) { use_key++; continue; } } if (argc != 8 || !(princ && kvno && enctype) || (use_pass+use_key != 1)) { fprintf(stderr, "%s: %s (-key | -password) -p principal " "-k kvno -e enctype\n", gettext("usage"), argv[0]); return; } retval = ktutil_add(kcontext, &ktlist, princ, kvno, enctype, use_pass); if (retval) com_err(argv[0], retval, gettext("while adding new entry")); } void ktutil_delete_entry(argc, argv) int argc; char *argv[]; { krb5_error_code retval; if (argc != 2) { fprintf(stderr, gettext("%s: must specify entry to delete\n"), argv[0]); return; } retval = ktutil_delete(kcontext, &ktlist, atoi(argv[1])); if (retval) com_err(argv[0], retval, gettext("while deleting entry %d"), atoi(argv[1])); } void ktutil_list(argc, argv) int argc; char *argv[]; { krb5_error_code retval; krb5_kt_list lp; int show_time = 0, show_keys = 0, show_enctype = 0; int i, j; char *pname; for (i = 1; i < argc; i++) { if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-t", 2)) { show_time++; continue; } if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) { show_keys++; continue; } if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) { show_enctype++; continue; } fprintf(stderr, "%s: %s [-t] [-k] [-e]\n", gettext("usage"), argv[0]); return; } if (show_time) { printf(gettext("slot KVNO Timestamp Principal\n")); printf("---- ---- ----------------- ---------------------------------------------------\n"); } else { printf(gettext("slot KVNO Principal\n")); printf("---- ---- ---------------------------------------------------------------------\n"); } for (i = 1, lp = ktlist; lp; i++, lp = lp->next) { retval = krb5_unparse_name(kcontext, lp->entry->principal, &pname); if (retval) { com_err(argv[0], retval, gettext("while unparsing principal name")); return; } printf("%4d %4d ", i, lp->entry->vno); if (show_time) { char fmtbuf[18]; char fill; time_t tstamp; (void) localtime(&tstamp); lp->entry->timestamp = tstamp; fill = ' '; if (!krb5_timestamp_to_sfstring((krb5_timestamp)lp->entry-> timestamp, fmtbuf, sizeof(fmtbuf), &fill)) printf("%s ", fmtbuf); } printf("%40s", pname); if (show_enctype) { static char buf[256]; if ((retval = krb5_enctype_to_string( lp->entry->key.enctype, buf, 256))) { if (retval == EINVAL) snprintf(buf, sizeof(buf), gettext("unsupported encryption type %d"), lp->entry->key.enctype); else { com_err(argv[0], retval, gettext("While converting " "enctype to string")); return; } } printf(" (%s) ", buf); } if (show_keys) { printf(" (0x"); for (j = 0; j < lp->entry->key.length; j++) printf("%02x", lp->entry->key.contents[j]); printf(")"); } printf("\n"); krb5_xfree(pname); } }