From 4bfe69645df8e8175c8c8be33e233e5b368520c6 Mon Sep 17 00:00:00 2001 From: Assar Westerlund Date: Thu, 23 Mar 2000 15:20:43 +0000 Subject: [PATCH] add --key git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8052 ec53bebd-3082-4978-b11e-865c3cabbd6b --- kadmin/ank.c | 54 ++++++++++++++++++++++++++++++++++++++++++++-------- kadmin/cpw.c | 46 ++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 88 insertions(+), 12 deletions(-) diff --git a/kadmin/ank.c b/kadmin/ank.c index bc2f485b9..668c4d812 100644 --- a/kadmin/ank.c +++ b/kadmin/ank.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -68,6 +68,7 @@ add_one_principal (const char *name, int rand_key, int rand_password, char *password, + krb5_key_data *key_data, const char *max_ticket_life, const char *max_renewable_life, const char *attributes, @@ -108,7 +109,7 @@ add_one_principal (const char *name, } edit_entry(&princ, &mask, default_ent, default_mask); - if(rand_key) { + if(rand_key || key_data) { princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX; mask |= KADM5_ATTRIBUTES; strlcpy (pwbuf, "hemlig", sizeof(pwbuf)); @@ -152,6 +153,17 @@ add_one_principal (const char *name, kadm5_modify_principal(kadm_handle, &princ, KADM5_ATTRIBUTES | KADM5_KVNO); kadm5_free_principal_ent(kadm_handle, &princ); + } else if (key_data) { + ret = kadm5_chpass_principal_with_key (kadm_handle, princ_ent, + 3, key_data); + if (ret) { + krb5_warn(context, ret, "kadm5_chpass_principal_with_key"); + } + kadm5_get_principal(kadm_handle, princ_ent, &princ, + KADM5_PRINCIPAL | KADM5_ATTRIBUTES); + princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX); + kadm5_modify_principal(kadm_handle, &princ, KADM5_ATTRIBUTES); + kadm5_free_principal_ent(kadm_handle, &princ); } else if (rand_password) { char *princ_name; @@ -169,6 +181,10 @@ out: return ret; } +/* + * parse the string `key_string' into `key', returning 0 iff succesful. + */ + /* * the ank command */ @@ -177,6 +193,7 @@ static struct getargs args[] = { { "random-key", 'r', arg_flag, NULL, "set random key" }, { "random-password", 0, arg_flag, NULL, "set random password" }, { "password", 'p', arg_string, NULL, "princial's password" }, + { "key", 0, arg_string, NULL, "DES-key in hex" }, { "max-ticket-life", 0, arg_string, NULL, "max ticket lifetime", "lifetime"}, { "max-renewable-life", 0, arg_string, NULL, @@ -205,6 +222,7 @@ int add_new_key(int argc, char **argv) { char *password = NULL; + char *key = NULL; int random_key = 0; int random_password = 0; int optind = 0; @@ -216,15 +234,18 @@ add_new_key(int argc, char **argv) char *pw_expiration = NULL; int i; int num; + krb5_key_data key_data[3]; + krb5_key_data *kdp = NULL; args[0].value = &random_key; args[1].value = &random_password; args[2].value = &password; - args[3].value = &max_ticket_life; - args[4].value = &max_renewable_life; - args[5].value = &attributes; - args[6].value = &expiration; - args[7].value = &pw_expiration; + args[3].value = &key; + args[4].value = &max_ticket_life; + args[5].value = &max_renewable_life; + args[6].value = &attributes; + args[7].value = &expiration; + args[8].value = &pw_expiration; if(getarg(args, num_args, argc, argv, &optind)) { usage (); @@ -242,16 +263,29 @@ add_new_key(int argc, char **argv) ++num; if (password) ++num; + if (key) + ++num; if (num > 1) { printf ("give only one of " - "--random-key, --random-password, --password\n"); + "--random-key, --random-password, --password, --key\n"); return 0; } + if (key) { + const char *error; + + if (parse_des_key (key, key_data, &error)) { + printf ("failed parsing key `%s': %s\n", key, error); + return 0; + } + kdp = key_data; + } + for (i = optind; i < argc; ++i) { ret = add_one_principal (argv[i], random_key, random_password, password, + kdp, max_ticket_life, max_renewable_life, attributes, @@ -262,5 +296,9 @@ add_new_key(int argc, char **argv) break; } } + if (kdp) { + int16_t dummy = 3; + kadm5_free_key_data (kadm_handle, &dummy, key_data); + } return 0; } diff --git a/kadmin/cpw.c b/kadmin/cpw.c index 7dd9df175..d2b9169ff 100644 --- a/kadmin/cpw.c +++ b/kadmin/cpw.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -39,12 +39,14 @@ struct cpw_entry_data { int random_key; int random_password; char *password; + krb5_key_data *key_data; }; static struct getargs args[] = { { "random-key", 'r', arg_flag, NULL, "set random key" }, { "random-password", 0, arg_flag, NULL, "set random password" }, { "password", 'p', arg_string, NULL, "princial's password" }, + { "key", 0, arg_string, NULL, "DES key in hex" } }; static int num_args = sizeof(args) / sizeof(args[0]); @@ -118,6 +120,16 @@ set_password (krb5_principal principal, char *password) return ret; } +static int +set_key_data (krb5_principal principal, krb5_key_data *key_data) +{ + krb5_error_code ret; + + ret = kadm5_chpass_principal_with_key (kadm_handle, principal, + 3, key_data); + return ret; +} + static int do_cpw_entry(krb5_principal principal, void *data) { @@ -127,8 +139,12 @@ do_cpw_entry(krb5_principal principal, void *data) return set_random_key (principal); else if (e->random_password) return set_random_password (principal); - else + else if (e->password) return set_password (principal, e->password); + else if (e->key_data) + return set_key_data (principal, e->key_data); + else + abort (); } int @@ -139,14 +155,20 @@ cpw_entry(int argc, char **argv) int optind = 0; struct cpw_entry_data data; int num; + char *key_string; + krb5_key_data key_data[3]; data.random_key = 0; data.random_password = 0; data.password = NULL; + data.key_data = NULL; + + key_string = NULL; args[0].value = &data.random_key; args[1].value = &data.random_password; args[2].value = &data.password; + args[3].value = &key_string; if(getarg(args, num_args, argc, argv, &optind)){ usage(); return 0; @@ -159,19 +181,35 @@ cpw_entry(int argc, char **argv) ++num; if (data.password) ++num; + if (key_string) + ++num; if (num > 1) { printf ("give only one of " - "--random-key, --random-password, --password\n"); + "--random-key, --random-password, --password, --key\n"); return 0; } + if (key_string) { + const char *error; + + if (parse_des_key (key_string, key_data, &error)) { + printf ("failed parsing key `%s': %s\n", key_string, error); + return 0; + } + data.key_data = key_data; + } + argc -= optind; argv += optind; for(i = 0; i < argc; i++) ret = foreach_principal(argv[i], do_cpw_entry, &data); + if (data.key_data) { + int16_t dummy; + kadm5_free_key_data (kadm_handle, &dummy, key_data); + } + return 0; } -