17c478bd9Sstevel@tonic-gate /*
2a49a392fSps * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
37c478bd9Sstevel@tonic-gate * Use is subject to license terms.
47c478bd9Sstevel@tonic-gate */
57c478bd9Sstevel@tonic-gate
67c478bd9Sstevel@tonic-gate /*
77c478bd9Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
87c478bd9Sstevel@tonic-gate *
97c478bd9Sstevel@tonic-gate * Openvision retains the copyright to derivative works of
107c478bd9Sstevel@tonic-gate * this source code. Do *NOT* create a derivative of this
117c478bd9Sstevel@tonic-gate * source code before consulting with your legal department.
127c478bd9Sstevel@tonic-gate * Do *NOT* integrate *ANY* of this source code into another
137c478bd9Sstevel@tonic-gate * product before consulting with your legal department.
147c478bd9Sstevel@tonic-gate *
157c478bd9Sstevel@tonic-gate * For further information, read the top-level Openvision
167c478bd9Sstevel@tonic-gate * copyright which is contained in the top-level MIT Kerberos
177c478bd9Sstevel@tonic-gate * copyright.
187c478bd9Sstevel@tonic-gate *
197c478bd9Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
207c478bd9Sstevel@tonic-gate *
217c478bd9Sstevel@tonic-gate */
227c478bd9Sstevel@tonic-gate
237c478bd9Sstevel@tonic-gate
247c478bd9Sstevel@tonic-gate /*
257c478bd9Sstevel@tonic-gate * kadmin/ktutil/ktutil.c
267c478bd9Sstevel@tonic-gate *
277c478bd9Sstevel@tonic-gate * Copyright 1995, 1996 by the Massachusetts Institute of Technology.
287c478bd9Sstevel@tonic-gate * All Rights Reserved.
297c478bd9Sstevel@tonic-gate *
307c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may
317c478bd9Sstevel@tonic-gate * require a specific license from the United States Government.
327c478bd9Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating
337c478bd9Sstevel@tonic-gate * export to obtain such a license before exporting.
34*2a8bcb4eSToomas Soome *
357c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
367c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and
377c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright
387c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and
397c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that
407c478bd9Sstevel@tonic-gate * the name of M.I.T. not be used in advertising or publicity pertaining
417c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior
427c478bd9Sstevel@tonic-gate * permission. Furthermore if you modify this software you must label
437c478bd9Sstevel@tonic-gate * your software as modified software and not distribute it in such a
447c478bd9Sstevel@tonic-gate * fashion that it might be confused with the original M.I.T. software.
457c478bd9Sstevel@tonic-gate * M.I.T. makes no representations about the suitability of
467c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express
477c478bd9Sstevel@tonic-gate * or implied warranty.
48*2a8bcb4eSToomas Soome *
497c478bd9Sstevel@tonic-gate * SS user interface for ktutil.
507c478bd9Sstevel@tonic-gate */
517c478bd9Sstevel@tonic-gate
527c478bd9Sstevel@tonic-gate #include "k5-int.h"
537c478bd9Sstevel@tonic-gate #include "ktutil.h"
547c478bd9Sstevel@tonic-gate #include <com_err.h>
557c478bd9Sstevel@tonic-gate #include <ss/ss.h>
567c478bd9Sstevel@tonic-gate #include <stdio.h>
577c478bd9Sstevel@tonic-gate #ifdef HAVE_STDLIB_H
587c478bd9Sstevel@tonic-gate #include <stdlib.h>
597c478bd9Sstevel@tonic-gate #endif
607c478bd9Sstevel@tonic-gate #include <libintl.h>
617c478bd9Sstevel@tonic-gate #include <locale.h>
627c478bd9Sstevel@tonic-gate
637c478bd9Sstevel@tonic-gate extern ss_request_table ktutil_cmds;
647c478bd9Sstevel@tonic-gate krb5_context kcontext;
657c478bd9Sstevel@tonic-gate krb5_kt_list ktlist = NULL;
667c478bd9Sstevel@tonic-gate
main(argc,argv)6756a424ccSmp int main(argc, argv)
6856a424ccSmp int argc;
6956a424ccSmp char *argv[];
707c478bd9Sstevel@tonic-gate {
7156a424ccSmp krb5_error_code retval;
7256a424ccSmp int sci_idx;
737c478bd9Sstevel@tonic-gate
747c478bd9Sstevel@tonic-gate (void) setlocale(LC_ALL, "");
757c478bd9Sstevel@tonic-gate
767c478bd9Sstevel@tonic-gate #if !defined(TEXT_DOMAIN) /* Should be defined by cc -D */
777c478bd9Sstevel@tonic-gate #define TEXT_DOMAIN "SYS_TEST" /* Use this only if it weren't */
787c478bd9Sstevel@tonic-gate #endif
797c478bd9Sstevel@tonic-gate
807c478bd9Sstevel@tonic-gate (void) textdomain(TEXT_DOMAIN);
817c478bd9Sstevel@tonic-gate
8256a424ccSmp retval = krb5_init_context(&kcontext);
8356a424ccSmp if (retval) {
847c478bd9Sstevel@tonic-gate com_err(argv[0], retval, gettext("while initializing krb5"));
8556a424ccSmp exit(1);
8656a424ccSmp }
877c478bd9Sstevel@tonic-gate retval = ktutil_initialize_cmds_table (&ktutil_cmds);
887c478bd9Sstevel@tonic-gate if (retval) {
897c478bd9Sstevel@tonic-gate com_err(argv[0], retval,
907c478bd9Sstevel@tonic-gate gettext("while localizing command description messages"));
917c478bd9Sstevel@tonic-gate exit(1);
927c478bd9Sstevel@tonic-gate }
9356a424ccSmp sci_idx = ss_create_invocation("ktutil", "5.0", (char *) NULL,
9456a424ccSmp &ktutil_cmds, &retval);
9556a424ccSmp if (retval) {
9656a424ccSmp ss_perror(sci_idx, retval, gettext("creating invocation"));
9756a424ccSmp exit(1);
9856a424ccSmp }
9956a424ccSmp retval = ss_listen(sci_idx);
10056a424ccSmp ktutil_free_kt_list(kcontext, ktlist);
10156a424ccSmp exit(0);
1027c478bd9Sstevel@tonic-gate }
1037c478bd9Sstevel@tonic-gate
ktutil_clear_list(argc,argv)10456a424ccSmp void ktutil_clear_list(argc, argv)
10556a424ccSmp int argc;
10656a424ccSmp char *argv[];
1077c478bd9Sstevel@tonic-gate {
10856a424ccSmp krb5_error_code retval;
1097c478bd9Sstevel@tonic-gate
11056a424ccSmp if (argc != 1) {
1117c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("%s: invalid arguments\n"), argv[0]);
11256a424ccSmp return;
11356a424ccSmp }
11456a424ccSmp retval = ktutil_free_kt_list(kcontext, ktlist);
11556a424ccSmp if (retval)
1167c478bd9Sstevel@tonic-gate com_err(argv[0], retval, gettext("while freeing ktlist"));
11756a424ccSmp ktlist = NULL;
1187c478bd9Sstevel@tonic-gate }
1197c478bd9Sstevel@tonic-gate
ktutil_read_v5(argc,argv)12056a424ccSmp void ktutil_read_v5(argc, argv)
12156a424ccSmp int argc;
12256a424ccSmp char *argv[];
1237c478bd9Sstevel@tonic-gate {
12456a424ccSmp krb5_error_code retval;
1257c478bd9Sstevel@tonic-gate
12656a424ccSmp if (argc != 2) {
1277c478bd9Sstevel@tonic-gate fprintf(stderr,
1287c478bd9Sstevel@tonic-gate gettext("%s: must specify keytab to read\n"), argv[0]);
12956a424ccSmp return;
13056a424ccSmp }
13156a424ccSmp retval = ktutil_read_keytab(kcontext, argv[1], &ktlist);
13256a424ccSmp if (retval)
1337c478bd9Sstevel@tonic-gate com_err(argv[0], retval,
1347c478bd9Sstevel@tonic-gate gettext("while reading keytab \"%s\""), argv[1]);
1357c478bd9Sstevel@tonic-gate }
1367c478bd9Sstevel@tonic-gate
ktutil_read_v4(argc,argv)13756a424ccSmp void ktutil_read_v4(argc, argv)
13856a424ccSmp int argc;
13956a424ccSmp char *argv[];
1407c478bd9Sstevel@tonic-gate {
1417c478bd9Sstevel@tonic-gate #ifdef KRB5_KRB4_COMPAT
14256a424ccSmp krb5_error_code retval;
1437c478bd9Sstevel@tonic-gate
14456a424ccSmp if (argc != 2) {
1457c478bd9Sstevel@tonic-gate fprintf(stderr,
1467c478bd9Sstevel@tonic-gate gettext("%s: must specify the srvtab to read\n"), argv[0]);
14756a424ccSmp return;
14856a424ccSmp }
14956a424ccSmp retval = ktutil_read_srvtab(kcontext, argv[1], &ktlist);
15056a424ccSmp if (retval)
1517c478bd9Sstevel@tonic-gate com_err(argv[0], retval,
1527c478bd9Sstevel@tonic-gate gettext("while reading srvtab \"%s\""), argv[1]);
1537c478bd9Sstevel@tonic-gate #else
1547c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("%s: krb4 support not configured\n"), argv[0]);
1557c478bd9Sstevel@tonic-gate #endif
1567c478bd9Sstevel@tonic-gate }
1577c478bd9Sstevel@tonic-gate
ktutil_write_v5(argc,argv)15856a424ccSmp void ktutil_write_v5(argc, argv)
15956a424ccSmp int argc;
16056a424ccSmp char *argv[];
1617c478bd9Sstevel@tonic-gate {
16256a424ccSmp krb5_error_code retval;
1637c478bd9Sstevel@tonic-gate
16456a424ccSmp if (argc != 2) {
1657c478bd9Sstevel@tonic-gate fprintf(stderr,
1667c478bd9Sstevel@tonic-gate gettext("%s: must specify keytab to write\n"), argv[0]);
16756a424ccSmp return;
16856a424ccSmp }
16956a424ccSmp retval = ktutil_write_keytab(kcontext, ktlist, argv[1]);
17056a424ccSmp if (retval)
1717c478bd9Sstevel@tonic-gate com_err(argv[0], retval,
1727c478bd9Sstevel@tonic-gate gettext("while writing keytab \"%s\""), argv[1]);
1737c478bd9Sstevel@tonic-gate }
1747c478bd9Sstevel@tonic-gate
ktutil_write_v4(argc,argv)17556a424ccSmp void ktutil_write_v4(argc, argv)
17656a424ccSmp int argc;
17756a424ccSmp char *argv[];
1787c478bd9Sstevel@tonic-gate {
1797c478bd9Sstevel@tonic-gate #ifdef KRB5_KRB4_COMPAT
18056a424ccSmp krb5_error_code retval;
1817c478bd9Sstevel@tonic-gate
18256a424ccSmp if (argc != 2) {
1837c478bd9Sstevel@tonic-gate fprintf(stderr,
1847c478bd9Sstevel@tonic-gate gettext("%s: must specify srvtab to write\n"), argv[0]);
18556a424ccSmp return;
18656a424ccSmp }
18756a424ccSmp retval = ktutil_write_srvtab(kcontext, ktlist, argv[1]);
18856a424ccSmp if (retval)
1897c478bd9Sstevel@tonic-gate com_err(argv[0], retval,
1907c478bd9Sstevel@tonic-gate gettext("while writing srvtab \"%s\""), argv[1]);
1917c478bd9Sstevel@tonic-gate #else
1927c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("%s: krb4 support not configured\n"), argv[0]);
1937c478bd9Sstevel@tonic-gate #endif
1947c478bd9Sstevel@tonic-gate }
1957c478bd9Sstevel@tonic-gate
ktutil_add_entry(argc,argv)1967c478bd9Sstevel@tonic-gate void ktutil_add_entry(argc, argv)
1977c478bd9Sstevel@tonic-gate int argc;
1987c478bd9Sstevel@tonic-gate char *argv[];
1997c478bd9Sstevel@tonic-gate {
2007c478bd9Sstevel@tonic-gate krb5_error_code retval;
2017c478bd9Sstevel@tonic-gate char *princ = NULL;
2027c478bd9Sstevel@tonic-gate char *enctype = NULL;
2037c478bd9Sstevel@tonic-gate krb5_kvno kvno = 0;
204*2a8bcb4eSToomas Soome int use_pass = 0, use_key = 0, i;
2057c478bd9Sstevel@tonic-gate
2067c478bd9Sstevel@tonic-gate for (i = 1; i < argc; i++) {
2077c478bd9Sstevel@tonic-gate if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-p", 2)) {
2087c478bd9Sstevel@tonic-gate princ = argv[++i];
2097c478bd9Sstevel@tonic-gate continue;
2107c478bd9Sstevel@tonic-gate }
2117c478bd9Sstevel@tonic-gate if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) {
2127c478bd9Sstevel@tonic-gate kvno = (krb5_kvno) atoi(argv[++i]);
2137c478bd9Sstevel@tonic-gate continue;
2147c478bd9Sstevel@tonic-gate }
2157c478bd9Sstevel@tonic-gate if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) {
2167c478bd9Sstevel@tonic-gate enctype = argv[++i];
2177c478bd9Sstevel@tonic-gate continue;
2187c478bd9Sstevel@tonic-gate }
2197c478bd9Sstevel@tonic-gate if ((strlen(argv[i]) == 9) && !strncmp(argv[i], "-password", 9)) {
2207c478bd9Sstevel@tonic-gate use_pass++;
2217c478bd9Sstevel@tonic-gate continue;
2227c478bd9Sstevel@tonic-gate }
2237c478bd9Sstevel@tonic-gate if ((strlen(argv[i]) == 4) && !strncmp(argv[i], "-key", 4)) {
2247c478bd9Sstevel@tonic-gate use_key++;
2257c478bd9Sstevel@tonic-gate continue;
2267c478bd9Sstevel@tonic-gate }
2277c478bd9Sstevel@tonic-gate }
2287c478bd9Sstevel@tonic-gate
2297c478bd9Sstevel@tonic-gate if (argc != 8 || !(princ && kvno && enctype) || (use_pass+use_key != 1)) {
2307c478bd9Sstevel@tonic-gate fprintf(stderr, "%s: %s (-key | -password) -p principal "
2317c478bd9Sstevel@tonic-gate "-k kvno -e enctype\n", gettext("usage"), argv[0]);
2327c478bd9Sstevel@tonic-gate return;
2337c478bd9Sstevel@tonic-gate }
2347c478bd9Sstevel@tonic-gate
2357c478bd9Sstevel@tonic-gate retval = ktutil_add(kcontext, &ktlist, princ, kvno, enctype, use_pass);
2367c478bd9Sstevel@tonic-gate if (retval)
2377c478bd9Sstevel@tonic-gate com_err(argv[0], retval, gettext("while adding new entry"));
2387c478bd9Sstevel@tonic-gate }
2397c478bd9Sstevel@tonic-gate
ktutil_delete_entry(argc,argv)24056a424ccSmp void ktutil_delete_entry(argc, argv)
24156a424ccSmp int argc;
24256a424ccSmp char *argv[];
2437c478bd9Sstevel@tonic-gate {
24456a424ccSmp krb5_error_code retval;
2457c478bd9Sstevel@tonic-gate
24656a424ccSmp if (argc != 2) {
24756a424ccSmp fprintf(stderr,
24856a424ccSmp gettext("%s: must specify entry to delete\n"), argv[0]);
24956a424ccSmp return;
25056a424ccSmp }
25156a424ccSmp retval = ktutil_delete(kcontext, &ktlist, atoi(argv[1]));
25256a424ccSmp if (retval)
25356a424ccSmp com_err(argv[0], retval,
2547c478bd9Sstevel@tonic-gate gettext("while deleting entry %d"), atoi(argv[1]));
2557c478bd9Sstevel@tonic-gate }
2567c478bd9Sstevel@tonic-gate
ktutil_list(argc,argv)25756a424ccSmp void ktutil_list(argc, argv)
25856a424ccSmp int argc;
25956a424ccSmp char *argv[];
2607c478bd9Sstevel@tonic-gate {
26156a424ccSmp krb5_error_code retval;
26256a424ccSmp krb5_kt_list lp;
26356a424ccSmp int show_time = 0, show_keys = 0, show_enctype = 0;
26456a424ccSmp int i, j;
26556a424ccSmp char *pname;
26656a424ccSmp
26756a424ccSmp for (i = 1; i < argc; i++) {
26856a424ccSmp if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-t", 2)) {
26956a424ccSmp show_time++;
27056a424ccSmp continue;
27156a424ccSmp }
27256a424ccSmp if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) {
27356a424ccSmp show_keys++;
27456a424ccSmp continue;
27556a424ccSmp }
27656a424ccSmp if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) {
27756a424ccSmp show_enctype++;
27856a424ccSmp continue;
2797c478bd9Sstevel@tonic-gate }
28056a424ccSmp
28156a424ccSmp fprintf(stderr, "%s: %s [-t] [-k] [-e]\n", gettext("usage"), argv[0]);
28256a424ccSmp return;
28356a424ccSmp }
28456a424ccSmp if (show_time) {
28556a424ccSmp printf(gettext("slot KVNO Timestamp Principal\n"));
28656a424ccSmp printf("---- ---- ----------------- ---------------------------------------------------\n");
28756a424ccSmp } else {
28856a424ccSmp printf(gettext("slot KVNO Principal\n"));
28956a424ccSmp printf("---- ---- ---------------------------------------------------------------------\n");
29056a424ccSmp }
29156a424ccSmp for (i = 1, lp = ktlist; lp; i++, lp = lp->next) {
29256a424ccSmp retval = krb5_unparse_name(kcontext, lp->entry->principal, &pname);
29356a424ccSmp if (retval) {
29456a424ccSmp com_err(argv[0], retval,
29556a424ccSmp gettext("while unparsing principal name"));
29656a424ccSmp return;
29756a424ccSmp }
29856a424ccSmp printf("%4d %4d ", i, lp->entry->vno);
2997c478bd9Sstevel@tonic-gate if (show_time) {
30056a424ccSmp char fmtbuf[18];
30156a424ccSmp char fill;
30256a424ccSmp time_t tstamp;
30356a424ccSmp
30456a424ccSmp (void) localtime(&tstamp);
30556a424ccSmp lp->entry->timestamp = tstamp;
30656a424ccSmp fill = ' ';
30756a424ccSmp if (!krb5_timestamp_to_sfstring((krb5_timestamp)lp->entry->
30856a424ccSmp timestamp,
30956a424ccSmp fmtbuf,
31056a424ccSmp sizeof(fmtbuf),
31156a424ccSmp &fill))
31256a424ccSmp printf("%s ", fmtbuf);
3137c478bd9Sstevel@tonic-gate }
31456a424ccSmp printf("%40s", pname);
31556a424ccSmp if (show_enctype) {
31656a424ccSmp static char buf[256];
31756a424ccSmp if ((retval = krb5_enctype_to_string(
31856a424ccSmp lp->entry->key.enctype, buf, 256))) {
319a49a392fSps if (retval == EINVAL)
320a49a392fSps snprintf(buf, sizeof(buf), gettext("unsupported encryption type %d"),
321a49a392fSps lp->entry->key.enctype);
322a49a392fSps else {
323a49a392fSps com_err(argv[0], retval,
324a49a392fSps gettext("While converting "
325a49a392fSps "enctype to string"));
326a49a392fSps return;
327a49a392fSps }
3287c478bd9Sstevel@tonic-gate }
32956a424ccSmp printf(" (%s) ", buf);
3307c478bd9Sstevel@tonic-gate }
331*2a8bcb4eSToomas Soome
33256a424ccSmp if (show_keys) {
33356a424ccSmp printf(" (0x");
33456a424ccSmp for (j = 0; j < lp->entry->key.length; j++)
33556a424ccSmp printf("%02x", lp->entry->key.contents[j]);
33656a424ccSmp printf(")");
33756a424ccSmp }
33856a424ccSmp printf("\n");
33956a424ccSmp krb5_xfree(pname);
34056a424ccSmp }
3417c478bd9Sstevel@tonic-gate }
3427c478bd9Sstevel@tonic-gate
3437c478bd9Sstevel@tonic-gate
3447c478bd9Sstevel@tonic-gate
3457c478bd9Sstevel@tonic-gate
3467c478bd9Sstevel@tonic-gate
3477c478bd9Sstevel@tonic-gate
3487c478bd9Sstevel@tonic-gate
3497c478bd9Sstevel@tonic-gate
3507c478bd9Sstevel@tonic-gate
3517c478bd9Sstevel@tonic-gate
352