diff --git a/admin/ank.c b/admin/ank.c index 9ed38cd25..7d728c100 100644 --- a/admin/ank.c +++ b/admin/ank.c @@ -40,34 +40,25 @@ RCSID("$Id$"); + static void -doit(char *principal, int mod) +doit2(HDB *db, hdb_entry *ent, int mod) { - HDB *db; - int err; - hdb_entry ent; + int ret; hdb_entry def; int32_t tmp; char buf[1024]; - krb5_parse_name(context, principal, &ent.principal); + ret = db->fetch(context, db, ent); - if((err = hdb_open(context, &db, database, O_RDWR, 0600))){ - fprintf(stderr, "hdb_open: %s\n", krb5_get_err_text(context, err)); - return; - } - - err = db->fetch(context, db, &ent); - - switch(err){ + switch(ret){ case KRB5_HDB_NOENTRY: if(mod){ fprintf(stderr, "Entry not found in database\n"); - goto out; + return; }else{ krb5_realm *realm; - - realm = krb5_princ_realm(context, ent.principal); + realm = krb5_princ_realm(context, ent->principal); krb5_build_principal(context, &def.principal, strlen(*realm), *realm, @@ -76,79 +67,133 @@ doit(char *principal, int mod) if(db->fetch(context, db, &def)){ /* XXX */ } - ent.flags.i = 0; - ent.kvno = 0; - ent.max_life = def.max_life; - ent.max_renew = def.max_renew; - ent.expires = def.expires; - hdb_free_entry(context, &def); - if(ent.expires) - ent.expires += time(NULL); + memset(&ent->flags, 0, sizeof(ent->flags)); + ent->flags.client = 1; + ent->flags.server = 1; + ent->flags.forwardable = 1; + ent->flags.proxiable = 1; + ent->flags.renewable = 1; + ent->flags.postdate = 1; + ent->max_life = malloc(sizeof(*ent->max_life)); + *ent->max_life = *def.max_life; + ent->max_renew = malloc(sizeof(*ent->max_renew)); + *ent->max_renew = *def.max_renew; + hdb_free_entry(context, &def); break; } case 0: if(!mod){ warnx("Principal exists"); - goto out; + return; } break; default: - errx(1, "dbget: %s", krb5_get_err_text(context, err)); + errx(1, "dbget: %s", krb5_get_err_text(context, ret)); + } + { + time_t t; + if(ent->max_life){ + char *p; + asprintf(&p, "%ds", *ent->max_life); + t = gettime ("Max ticket life", p, 1); + free(p); + }else{ + t = gettime ("Max ticket life", "unlimited", 1); + } + if(t){ + if(ent->max_life == NULL) + ent->max_life = malloc(sizeof(*ent->max_life)); + *ent->max_life = t; + }else if(ent->max_life){ + free(ent->max_life); + ent->max_life = NULL; + } + if(ent->max_renew){ + char *p; + asprintf(&p, "%ds", *ent->max_renew); + t = gettime ("Max renewable life", p, 1); + free(p); + }else{ + t = gettime ("Max renewable life", "unlimited", 1); + } + if(t){ + if(ent->max_renew == NULL) + ent->max_renew = malloc(sizeof(*ent->max_renew)); + *ent->max_renew = t; + }else if(ent->max_renew){ + free(ent->max_renew); + ent->max_renew = NULL; + } } - printf("Max ticket life [%d]: ", ent.max_life); - fgets(buf, sizeof(buf), stdin); - if(sscanf(buf, "%d", &tmp) == 1) - ent.max_life = tmp; - printf("Max renewable ticket [%d]: ", ent.max_renew); - fgets(buf, sizeof(buf), stdin); - if(sscanf(buf, "%d", &tmp) == 1) - ent.max_renew = tmp; while(mod){ fprintf(stderr, "Change password? (y/n) "); fgets(buf, sizeof(buf), stdin); if(buf[0] == 'n' || buf[0] == 'y') break; - else { - fprintf(stderr, "Please answer yes or no.\n"); - continue; - } + fprintf(stderr, "Please answer yes or no.\n"); + } + if(!mod){ + ent->keys.len = 1; + ent->keys.val = calloc(1, sizeof(*ent->keys.val)); } if(mod == 0 || buf[0] == 'y'){ krb5_data salt; des_read_pw_string(buf, sizeof(buf), "Password:", 1); if(strcasecmp(buf, "random") == 0) - krb5_generate_random_keyblock(context, - KEYTYPE_DES, - &ent.keyblock); + init_des_key(ent); else{ - memset(&salt, 0, sizeof(salt)); - krb5_get_salt(ent.principal, &salt); - memset(&ent.keyblock, 0, sizeof(ent.keyblock)); - krb5_string_to_key(buf, &salt, &ent.keyblock); - krb5_data_free(&salt); + set_keys(ent, buf); } - ent.kvno++; } - ent.last_change = time(NULL); { - krb5_realm *realm = krb5_princ_realm(context, ent.principal); + Event *ev; + krb5_realm *realm; + ev = malloc(sizeof(*ev)); + ev->time = time(NULL); + realm = krb5_princ_realm(context, ent->principal); - krb5_build_principal(context, &ent.changed_by, + krb5_build_principal(context, &ev->principal, strlen(*realm), *realm, "kadmin", NULL); + if(mod){ + if(ent->modified_by){ + free_Event(ent->modified_by); + free(ent->modified_by); + } + ent->modified_by = ev; + }else{ + ent->created_by = *ev; + free(ev); + } } - err = db->store(context, db, &ent); - if(err == -1){ + ret = db->store(context, db, ent); + if(ret == -1){ perror("dbput"); exit(1); } - hdb_free_entry(context, &ent); -out: - db->close(context, db); } +void +doit(const char *principal, int mod) +{ + HDB *db; + hdb_entry ent; + krb5_error_code ret; + memset(&ent, 0, sizeof(ent)); + if((ret = hdb_open(context, &db, database, O_RDWR, 0600))){ + fprintf(stderr, "hdb_open: %s\n", krb5_get_err_text(context, ret)); + return; + } + krb5_parse_name(context, principal, &ent.principal); + + doit2(db, &ent, mod); + db->close(context, db); + hdb_free_entry(context, &ent); +} + + int add_new_key(int argc, char **argv) diff --git a/admin/get.c b/admin/get.c index e5c61a543..3b3cab6af 100644 --- a/admin/get.c +++ b/admin/get.c @@ -44,8 +44,9 @@ int get_entry(int argc, char **argv) { HDB *db; - int err; + int ret; hdb_entry ent; + int i; if(argc != 2){ fprintf(stderr, "Usage: get_entry principal\n"); @@ -54,14 +55,14 @@ get_entry(int argc, char **argv) krb5_parse_name(context, argv[1], &ent.principal); - if((err = hdb_open(context, &db, database, O_RDONLY, 0600))){ - fprintf(stderr, "hdb_open: %s\n", krb5_get_err_text(context, err)); + if((ret = hdb_open(context, &db, database, O_RDONLY, 0600))){ + fprintf(stderr, "hdb_open: %s\n", krb5_get_err_text(context, ret)); return 0; } - err = db->fetch(context, db, &ent); + ret = db->fetch(context, db, &ent); - switch(err){ + switch(ret){ case KRB5_HDB_NOENTRY: fprintf(stderr, "Entry not found in database\n"); break; @@ -72,16 +73,19 @@ get_entry(int argc, char **argv) free(name); printf("Max ticket life: %d\n", ent.max_life); printf("Max renewable ticket life: %d\n", ent.max_renew); - printf("Key type: "); - if(ent.keyblock.keytype == KEYTYPE_DES) - printf("DES"); - else - printf("%d", (int)ent.keyblock.keytype); - printf("\tKvno: %d\n", ent.kvno); + printf("Kvno: %d\n", ent.kvno); + printf("Keys: "); + for(i = 0; i < ent.keys.len; i++){ + if(i) printf(", "); + printf("type = %d, len = %d", ent.keys.val[i].key.keytype, + ent.keys.val[i].key.keyvalue.length); + } + printf("\n"); + break; } default: - fprintf(stderr, "dbget: %s\n", krb5_get_err_text(context, err));; + fprintf(stderr, "dbget: %s\n", krb5_get_err_text(context, ret));; break; } memset(&ent, 0, sizeof(ent)); diff --git a/admin/init.c b/admin/init.c index 52bd9ac07..a0277a5b7 100644 --- a/admin/init.c +++ b/admin/init.c @@ -109,30 +109,33 @@ init(int argc, char **argv) return 0; } - max_life = get_time("Realm max ticket life", max_life); - max_renew = get_time("Realm max renewable ticket life", max_renew); - default_life = get_time("Default ticket life", default_life); - default_renew = get_time("Default renewable ticket life", - default_renew); + max_life = gettime("Realm max ticket life", "infinite", 1); + max_renew = gettime("Realm max renewable ticket life", "infinite", 1); + default_life = gettime("Default ticket life", "1 day", 1); + default_renew = gettime("Default renewable ticket life", "7 days", 1); /* Create `krbtgt/REALM' */ - ent.keyblock.keytype = KEYTYPE_DES; - ent.keyblock.keyvalue.length = 8; - ent.keyblock.keyvalue.data = malloc(ent.keyblock.keyvalue.length); - des_new_random_key(ent.keyblock.keyvalue.data); + init_des_key(&ent); ent.kvno = 1; - ent.max_life = max_life; - ent.max_renew = max_renew; - ent.last_change = time(NULL); - krb5_build_principal(context, &ent.changed_by, + if(max_life){ + ent.max_life = malloc(sizeof(*ent.max_life)); + *ent.max_life = max_life; + } + if(max_renew){ + ent.max_renew = malloc(sizeof(*ent.max_renew)); + *ent.max_renew = max_renew; + } + ent.created_by.time = time(NULL); + krb5_build_principal(context, &ent.created_by.principal, strlen(argv[i]), argv[i], "kadmin", NULL); - ent.expires = 0; - ent.flags.b.forwardable = 1; - ent.flags.b.renewable = 1; - ent.flags.b.server = 1; + ent.flags.forwardable = 1; + ent.flags.proxiable = 1; + ent.flags.renewable = 1; + ent.flags.postdate = 1; + ent.flags.server = 1; db->store(context, db, &ent); hdb_free_entry(context, &ent); @@ -142,19 +145,20 @@ init(int argc, char **argv) strlen(argv[i]), argv[i], "default", NULL); - ent.keyblock.keytype = KEYTYPE_DES; - ent.keyblock.keyvalue.length = 0; - ent.keyblock.keyvalue.data = NULL; - ent.kvno = 1; - ent.max_life = default_life; - ent.max_renew = default_renew; - ent.last_change = time(NULL); - krb5_build_principal(context, &ent.changed_by, + if(default_life){ + ent.max_life = malloc(sizeof(*ent.max_life)); + *ent.max_life = default_life; + } + if(default_renew){ + ent.max_renew = malloc(sizeof(*ent.max_renew)); + *ent.max_renew = default_renew; + } + ent.created_by.time = time(NULL); + krb5_build_principal(context, &ent.created_by.principal, strlen(argv[i]), argv[i], "kadmin", NULL); - ent.expires = 0; - ent.flags.b.locked = 1; + ent.flags.invalid = 1; db->store(context, db, &ent); hdb_free_entry(context, &ent); } diff --git a/kadmin/init.c b/kadmin/init.c index 52bd9ac07..a0277a5b7 100644 --- a/kadmin/init.c +++ b/kadmin/init.c @@ -109,30 +109,33 @@ init(int argc, char **argv) return 0; } - max_life = get_time("Realm max ticket life", max_life); - max_renew = get_time("Realm max renewable ticket life", max_renew); - default_life = get_time("Default ticket life", default_life); - default_renew = get_time("Default renewable ticket life", - default_renew); + max_life = gettime("Realm max ticket life", "infinite", 1); + max_renew = gettime("Realm max renewable ticket life", "infinite", 1); + default_life = gettime("Default ticket life", "1 day", 1); + default_renew = gettime("Default renewable ticket life", "7 days", 1); /* Create `krbtgt/REALM' */ - ent.keyblock.keytype = KEYTYPE_DES; - ent.keyblock.keyvalue.length = 8; - ent.keyblock.keyvalue.data = malloc(ent.keyblock.keyvalue.length); - des_new_random_key(ent.keyblock.keyvalue.data); + init_des_key(&ent); ent.kvno = 1; - ent.max_life = max_life; - ent.max_renew = max_renew; - ent.last_change = time(NULL); - krb5_build_principal(context, &ent.changed_by, + if(max_life){ + ent.max_life = malloc(sizeof(*ent.max_life)); + *ent.max_life = max_life; + } + if(max_renew){ + ent.max_renew = malloc(sizeof(*ent.max_renew)); + *ent.max_renew = max_renew; + } + ent.created_by.time = time(NULL); + krb5_build_principal(context, &ent.created_by.principal, strlen(argv[i]), argv[i], "kadmin", NULL); - ent.expires = 0; - ent.flags.b.forwardable = 1; - ent.flags.b.renewable = 1; - ent.flags.b.server = 1; + ent.flags.forwardable = 1; + ent.flags.proxiable = 1; + ent.flags.renewable = 1; + ent.flags.postdate = 1; + ent.flags.server = 1; db->store(context, db, &ent); hdb_free_entry(context, &ent); @@ -142,19 +145,20 @@ init(int argc, char **argv) strlen(argv[i]), argv[i], "default", NULL); - ent.keyblock.keytype = KEYTYPE_DES; - ent.keyblock.keyvalue.length = 0; - ent.keyblock.keyvalue.data = NULL; - ent.kvno = 1; - ent.max_life = default_life; - ent.max_renew = default_renew; - ent.last_change = time(NULL); - krb5_build_principal(context, &ent.changed_by, + if(default_life){ + ent.max_life = malloc(sizeof(*ent.max_life)); + *ent.max_life = default_life; + } + if(default_renew){ + ent.max_renew = malloc(sizeof(*ent.max_renew)); + *ent.max_renew = default_renew; + } + ent.created_by.time = time(NULL); + krb5_build_principal(context, &ent.created_by.principal, strlen(argv[i]), argv[i], "kadmin", NULL); - ent.expires = 0; - ent.flags.b.locked = 1; + ent.flags.invalid = 1; db->store(context, db, &ent); hdb_free_entry(context, &ent); }