add --key
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8052 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
54
kadmin/ank.c
54
kadmin/ank.c
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997 - 1999 Kungliga Tekniska H<>gskolan
|
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
|
||||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
@@ -68,6 +68,7 @@ add_one_principal (const char *name,
|
|||||||
int rand_key,
|
int rand_key,
|
||||||
int rand_password,
|
int rand_password,
|
||||||
char *password,
|
char *password,
|
||||||
|
krb5_key_data *key_data,
|
||||||
const char *max_ticket_life,
|
const char *max_ticket_life,
|
||||||
const char *max_renewable_life,
|
const char *max_renewable_life,
|
||||||
const char *attributes,
|
const char *attributes,
|
||||||
@@ -108,7 +109,7 @@ add_one_principal (const char *name,
|
|||||||
}
|
}
|
||||||
|
|
||||||
edit_entry(&princ, &mask, default_ent, default_mask);
|
edit_entry(&princ, &mask, default_ent, default_mask);
|
||||||
if(rand_key) {
|
if(rand_key || key_data) {
|
||||||
princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
|
princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
|
||||||
mask |= KADM5_ATTRIBUTES;
|
mask |= KADM5_ATTRIBUTES;
|
||||||
strlcpy (pwbuf, "hemlig", sizeof(pwbuf));
|
strlcpy (pwbuf, "hemlig", sizeof(pwbuf));
|
||||||
@@ -152,6 +153,17 @@ add_one_principal (const char *name,
|
|||||||
kadm5_modify_principal(kadm_handle, &princ,
|
kadm5_modify_principal(kadm_handle, &princ,
|
||||||
KADM5_ATTRIBUTES | KADM5_KVNO);
|
KADM5_ATTRIBUTES | KADM5_KVNO);
|
||||||
kadm5_free_principal_ent(kadm_handle, &princ);
|
kadm5_free_principal_ent(kadm_handle, &princ);
|
||||||
|
} else if (key_data) {
|
||||||
|
ret = kadm5_chpass_principal_with_key (kadm_handle, princ_ent,
|
||||||
|
3, key_data);
|
||||||
|
if (ret) {
|
||||||
|
krb5_warn(context, ret, "kadm5_chpass_principal_with_key");
|
||||||
|
}
|
||||||
|
kadm5_get_principal(kadm_handle, princ_ent, &princ,
|
||||||
|
KADM5_PRINCIPAL | KADM5_ATTRIBUTES);
|
||||||
|
princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
|
||||||
|
kadm5_modify_principal(kadm_handle, &princ, KADM5_ATTRIBUTES);
|
||||||
|
kadm5_free_principal_ent(kadm_handle, &princ);
|
||||||
} else if (rand_password) {
|
} else if (rand_password) {
|
||||||
char *princ_name;
|
char *princ_name;
|
||||||
|
|
||||||
@@ -169,6 +181,10 @@ out:
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* parse the string `key_string' into `key', returning 0 iff succesful.
|
||||||
|
*/
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* the ank command
|
* the ank command
|
||||||
*/
|
*/
|
||||||
@@ -177,6 +193,7 @@ static struct getargs args[] = {
|
|||||||
{ "random-key", 'r', arg_flag, NULL, "set random key" },
|
{ "random-key", 'r', arg_flag, NULL, "set random key" },
|
||||||
{ "random-password", 0, arg_flag, NULL, "set random password" },
|
{ "random-password", 0, arg_flag, NULL, "set random password" },
|
||||||
{ "password", 'p', arg_string, NULL, "princial's password" },
|
{ "password", 'p', arg_string, NULL, "princial's password" },
|
||||||
|
{ "key", 0, arg_string, NULL, "DES-key in hex" },
|
||||||
{ "max-ticket-life", 0, arg_string, NULL, "max ticket lifetime",
|
{ "max-ticket-life", 0, arg_string, NULL, "max ticket lifetime",
|
||||||
"lifetime"},
|
"lifetime"},
|
||||||
{ "max-renewable-life", 0, arg_string, NULL,
|
{ "max-renewable-life", 0, arg_string, NULL,
|
||||||
@@ -205,6 +222,7 @@ int
|
|||||||
add_new_key(int argc, char **argv)
|
add_new_key(int argc, char **argv)
|
||||||
{
|
{
|
||||||
char *password = NULL;
|
char *password = NULL;
|
||||||
|
char *key = NULL;
|
||||||
int random_key = 0;
|
int random_key = 0;
|
||||||
int random_password = 0;
|
int random_password = 0;
|
||||||
int optind = 0;
|
int optind = 0;
|
||||||
@@ -216,15 +234,18 @@ add_new_key(int argc, char **argv)
|
|||||||
char *pw_expiration = NULL;
|
char *pw_expiration = NULL;
|
||||||
int i;
|
int i;
|
||||||
int num;
|
int num;
|
||||||
|
krb5_key_data key_data[3];
|
||||||
|
krb5_key_data *kdp = NULL;
|
||||||
|
|
||||||
args[0].value = &random_key;
|
args[0].value = &random_key;
|
||||||
args[1].value = &random_password;
|
args[1].value = &random_password;
|
||||||
args[2].value = &password;
|
args[2].value = &password;
|
||||||
args[3].value = &max_ticket_life;
|
args[3].value = &key;
|
||||||
args[4].value = &max_renewable_life;
|
args[4].value = &max_ticket_life;
|
||||||
args[5].value = &attributes;
|
args[5].value = &max_renewable_life;
|
||||||
args[6].value = &expiration;
|
args[6].value = &attributes;
|
||||||
args[7].value = &pw_expiration;
|
args[7].value = &expiration;
|
||||||
|
args[8].value = &pw_expiration;
|
||||||
|
|
||||||
if(getarg(args, num_args, argc, argv, &optind)) {
|
if(getarg(args, num_args, argc, argv, &optind)) {
|
||||||
usage ();
|
usage ();
|
||||||
@@ -242,16 +263,29 @@ add_new_key(int argc, char **argv)
|
|||||||
++num;
|
++num;
|
||||||
if (password)
|
if (password)
|
||||||
++num;
|
++num;
|
||||||
|
if (key)
|
||||||
|
++num;
|
||||||
|
|
||||||
if (num > 1) {
|
if (num > 1) {
|
||||||
printf ("give only one of "
|
printf ("give only one of "
|
||||||
"--random-key, --random-password, --password\n");
|
"--random-key, --random-password, --password, --key\n");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (key) {
|
||||||
|
const char *error;
|
||||||
|
|
||||||
|
if (parse_des_key (key, key_data, &error)) {
|
||||||
|
printf ("failed parsing key `%s': %s\n", key, error);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
kdp = key_data;
|
||||||
|
}
|
||||||
|
|
||||||
for (i = optind; i < argc; ++i) {
|
for (i = optind; i < argc; ++i) {
|
||||||
ret = add_one_principal (argv[i], random_key, random_password,
|
ret = add_one_principal (argv[i], random_key, random_password,
|
||||||
password,
|
password,
|
||||||
|
kdp,
|
||||||
max_ticket_life,
|
max_ticket_life,
|
||||||
max_renewable_life,
|
max_renewable_life,
|
||||||
attributes,
|
attributes,
|
||||||
@@ -262,5 +296,9 @@ add_new_key(int argc, char **argv)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if (kdp) {
|
||||||
|
int16_t dummy = 3;
|
||||||
|
kadm5_free_key_data (kadm_handle, &dummy, key_data);
|
||||||
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|||||||
46
kadmin/cpw.c
46
kadmin/cpw.c
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H<>gskolan
|
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
|
||||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
@@ -39,12 +39,14 @@ struct cpw_entry_data {
|
|||||||
int random_key;
|
int random_key;
|
||||||
int random_password;
|
int random_password;
|
||||||
char *password;
|
char *password;
|
||||||
|
krb5_key_data *key_data;
|
||||||
};
|
};
|
||||||
|
|
||||||
static struct getargs args[] = {
|
static struct getargs args[] = {
|
||||||
{ "random-key", 'r', arg_flag, NULL, "set random key" },
|
{ "random-key", 'r', arg_flag, NULL, "set random key" },
|
||||||
{ "random-password", 0, arg_flag, NULL, "set random password" },
|
{ "random-password", 0, arg_flag, NULL, "set random password" },
|
||||||
{ "password", 'p', arg_string, NULL, "princial's password" },
|
{ "password", 'p', arg_string, NULL, "princial's password" },
|
||||||
|
{ "key", 0, arg_string, NULL, "DES key in hex" }
|
||||||
};
|
};
|
||||||
|
|
||||||
static int num_args = sizeof(args) / sizeof(args[0]);
|
static int num_args = sizeof(args) / sizeof(args[0]);
|
||||||
@@ -118,6 +120,16 @@ set_password (krb5_principal principal, char *password)
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
set_key_data (krb5_principal principal, krb5_key_data *key_data)
|
||||||
|
{
|
||||||
|
krb5_error_code ret;
|
||||||
|
|
||||||
|
ret = kadm5_chpass_principal_with_key (kadm_handle, principal,
|
||||||
|
3, key_data);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
do_cpw_entry(krb5_principal principal, void *data)
|
do_cpw_entry(krb5_principal principal, void *data)
|
||||||
{
|
{
|
||||||
@@ -127,8 +139,12 @@ do_cpw_entry(krb5_principal principal, void *data)
|
|||||||
return set_random_key (principal);
|
return set_random_key (principal);
|
||||||
else if (e->random_password)
|
else if (e->random_password)
|
||||||
return set_random_password (principal);
|
return set_random_password (principal);
|
||||||
else
|
else if (e->password)
|
||||||
return set_password (principal, e->password);
|
return set_password (principal, e->password);
|
||||||
|
else if (e->key_data)
|
||||||
|
return set_key_data (principal, e->key_data);
|
||||||
|
else
|
||||||
|
abort ();
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
@@ -139,14 +155,20 @@ cpw_entry(int argc, char **argv)
|
|||||||
int optind = 0;
|
int optind = 0;
|
||||||
struct cpw_entry_data data;
|
struct cpw_entry_data data;
|
||||||
int num;
|
int num;
|
||||||
|
char *key_string;
|
||||||
|
krb5_key_data key_data[3];
|
||||||
|
|
||||||
data.random_key = 0;
|
data.random_key = 0;
|
||||||
data.random_password = 0;
|
data.random_password = 0;
|
||||||
data.password = NULL;
|
data.password = NULL;
|
||||||
|
data.key_data = NULL;
|
||||||
|
|
||||||
|
key_string = NULL;
|
||||||
|
|
||||||
args[0].value = &data.random_key;
|
args[0].value = &data.random_key;
|
||||||
args[1].value = &data.random_password;
|
args[1].value = &data.random_password;
|
||||||
args[2].value = &data.password;
|
args[2].value = &data.password;
|
||||||
|
args[3].value = &key_string;
|
||||||
if(getarg(args, num_args, argc, argv, &optind)){
|
if(getarg(args, num_args, argc, argv, &optind)){
|
||||||
usage();
|
usage();
|
||||||
return 0;
|
return 0;
|
||||||
@@ -159,19 +181,35 @@ cpw_entry(int argc, char **argv)
|
|||||||
++num;
|
++num;
|
||||||
if (data.password)
|
if (data.password)
|
||||||
++num;
|
++num;
|
||||||
|
if (key_string)
|
||||||
|
++num;
|
||||||
|
|
||||||
if (num > 1) {
|
if (num > 1) {
|
||||||
printf ("give only one of "
|
printf ("give only one of "
|
||||||
"--random-key, --random-password, --password\n");
|
"--random-key, --random-password, --password, --key\n");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (key_string) {
|
||||||
|
const char *error;
|
||||||
|
|
||||||
|
if (parse_des_key (key_string, key_data, &error)) {
|
||||||
|
printf ("failed parsing key `%s': %s\n", key_string, error);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
data.key_data = key_data;
|
||||||
|
}
|
||||||
|
|
||||||
argc -= optind;
|
argc -= optind;
|
||||||
argv += optind;
|
argv += optind;
|
||||||
|
|
||||||
for(i = 0; i < argc; i++)
|
for(i = 0; i < argc; i++)
|
||||||
ret = foreach_principal(argv[i], do_cpw_entry, &data);
|
ret = foreach_principal(argv[i], do_cpw_entry, &data);
|
||||||
|
|
||||||
|
if (data.key_data) {
|
||||||
|
int16_t dummy;
|
||||||
|
kadm5_free_key_data (kadm_handle, &dummy, key_data);
|
||||||
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user