convert to slc; warn if resetting disallow-all-tix
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14259 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
91
admin/get.c
91
admin/get.c
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
|
||||
* Copyright (c) 1997-2004 Kungliga Tekniska H<>gskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@@ -78,89 +78,45 @@ open_kadmin_connection(char *principal,
|
||||
}
|
||||
|
||||
int
|
||||
kt_get(int argc, char **argv)
|
||||
kt_get(struct get_options *opt, int argc, char **argv)
|
||||
{
|
||||
krb5_error_code ret = 0;
|
||||
krb5_keytab keytab;
|
||||
void *kadm_handle = NULL;
|
||||
char *principal = NULL;
|
||||
char *realm = NULL;
|
||||
char *admin_server = NULL;
|
||||
int server_port = 0;
|
||||
int help_flag = 0;
|
||||
int optind = 0;
|
||||
struct getarg_strings etype_strs = {0, NULL};
|
||||
krb5_enctype *etypes = NULL;
|
||||
size_t netypes = 0;
|
||||
|
||||
struct getargs args[] = {
|
||||
{ "principal", 'p', arg_string, NULL,
|
||||
"admin principal", "principal"
|
||||
},
|
||||
{ "enctypes", 'e', arg_strings, NULL,
|
||||
"encryption types to use", "enctypes" },
|
||||
{ "realm", 'r', arg_string, NULL,
|
||||
"realm to use", "realm"
|
||||
},
|
||||
{ "admin-server", 'a', arg_string, NULL,
|
||||
"server to contact", "host"
|
||||
},
|
||||
{ "server-port", 's', arg_integer, NULL,
|
||||
"port to contact", "port number"
|
||||
},
|
||||
{ "help", 'h', arg_flag, NULL }
|
||||
};
|
||||
int i = 0, j;
|
||||
|
||||
args[i++].value = &principal;
|
||||
args[i++].value = &etype_strs;
|
||||
args[i++].value = &realm;
|
||||
args[i++].value = &admin_server;
|
||||
args[i++].value = &server_port;
|
||||
args[i++].value = &help_flag;
|
||||
|
||||
if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)
|
||||
|| help_flag) {
|
||||
arg_printusage(args, sizeof(args) / sizeof(args[0]),
|
||||
"ktutil get", "principal...");
|
||||
return 1;
|
||||
}
|
||||
if(optind == argc) {
|
||||
krb5_warnx(context, "no principals specified");
|
||||
arg_printusage(args, sizeof(args) / sizeof(args[0]),
|
||||
"ktutil get", "principal...");
|
||||
return 1;
|
||||
}
|
||||
unsigned int failed = 0;
|
||||
|
||||
if((keytab = ktutil_open_keytab()) == NULL)
|
||||
return 1;
|
||||
|
||||
if(realm)
|
||||
krb5_set_default_realm(context, realm);
|
||||
if(opt->realm_string)
|
||||
krb5_set_default_realm(context, opt->realm_string);
|
||||
|
||||
if (etype_strs.num_strings) {
|
||||
if (opt->enctypes_strings.num_strings != 0) {
|
||||
int i;
|
||||
|
||||
etypes = malloc (etype_strs.num_strings * sizeof(*etypes));
|
||||
etypes = malloc (opt->enctypes_strings.num_strings * sizeof(*etypes));
|
||||
if (etypes == NULL) {
|
||||
krb5_warnx(context, "malloc failed");
|
||||
goto out;
|
||||
}
|
||||
netypes = etype_strs.num_strings;
|
||||
netypes = opt->enctypes_strings.num_strings;
|
||||
for(i = 0; i < netypes; i++) {
|
||||
ret = krb5_string_to_enctype(context,
|
||||
etype_strs.strings[i],
|
||||
opt->enctypes_strings.strings[i],
|
||||
&etypes[i]);
|
||||
if(ret) {
|
||||
krb5_warnx(context, "unrecognized enctype: %s",
|
||||
etype_strs.strings[i]);
|
||||
opt->enctypes_strings.strings[i]);
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
for(i = optind; i < argc; i++){
|
||||
for(i = 0; i < argc; i++){
|
||||
krb5_principal princ_ent;
|
||||
kadm5_principal_ent_rec princ;
|
||||
int mask = 0;
|
||||
@@ -172,6 +128,7 @@ kt_get(int argc, char **argv)
|
||||
ret = krb5_parse_name(context, argv[i], &princ_ent);
|
||||
if (ret) {
|
||||
krb5_warn(context, ret, "can't parse principal %s", argv[i]);
|
||||
failed++;
|
||||
continue;
|
||||
}
|
||||
memset(&princ, 0, sizeof(princ));
|
||||
@@ -184,31 +141,32 @@ kt_get(int argc, char **argv)
|
||||
|
||||
if(kadm_handle == NULL) {
|
||||
const char *r;
|
||||
if(realm != NULL)
|
||||
r = realm;
|
||||
if(opt->realm_string != NULL)
|
||||
r = opt->realm_string;
|
||||
else
|
||||
r = krb5_principal_get_realm(context, princ_ent);
|
||||
kadm_handle = open_kadmin_connection(principal,
|
||||
kadm_handle = open_kadmin_connection(opt->principal_string,
|
||||
r,
|
||||
admin_server,
|
||||
server_port);
|
||||
if(kadm_handle == NULL) {
|
||||
opt->admin_server_string,
|
||||
opt->server_port_integer);
|
||||
if(kadm_handle == NULL)
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
ret = kadm5_create_principal(kadm_handle, &princ, mask, "x");
|
||||
if(ret == 0)
|
||||
created++;
|
||||
created = 1;
|
||||
else if(ret != KADM5_DUP) {
|
||||
krb5_warn(context, ret, "kadm5_create_principal(%s)", argv[i]);
|
||||
krb5_free_principal(context, princ_ent);
|
||||
failed++;
|
||||
continue;
|
||||
}
|
||||
ret = kadm5_randkey_principal(kadm_handle, princ_ent, &keys, &n_keys);
|
||||
if (ret) {
|
||||
krb5_warn(context, ret, "kadm5_randkey_principal(%s)", argv[i]);
|
||||
krb5_free_principal(context, princ_ent);
|
||||
failed++;
|
||||
continue;
|
||||
}
|
||||
|
||||
@@ -219,8 +177,11 @@ kt_get(int argc, char **argv)
|
||||
for (j = 0; j < n_keys; j++)
|
||||
krb5_free_keyblock_contents(context, &keys[j]);
|
||||
krb5_free_principal(context, princ_ent);
|
||||
failed++;
|
||||
continue;
|
||||
}
|
||||
if(!created && (princ.attributes & KRB5_KDB_DISALLOW_ALL_TIX))
|
||||
krb5_warnx(context, "%s: disallow-all-tix flag set - clearing", argv[i]);
|
||||
princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
|
||||
mask = KADM5_ATTRIBUTES;
|
||||
if(created) {
|
||||
@@ -233,6 +194,7 @@ kt_get(int argc, char **argv)
|
||||
for (j = 0; j < n_keys; j++)
|
||||
krb5_free_keyblock_contents(context, &keys[j]);
|
||||
krb5_free_principal(context, princ_ent);
|
||||
failed++;
|
||||
continue;
|
||||
}
|
||||
for(j = 0; j < n_keys; j++) {
|
||||
@@ -264,10 +226,9 @@ kt_get(int argc, char **argv)
|
||||
krb5_free_principal(context, princ_ent);
|
||||
}
|
||||
out:
|
||||
free_getarg_strings(&etype_strs);
|
||||
free(etypes);
|
||||
if (kadm_handle)
|
||||
kadm5_destroy(kadm_handle);
|
||||
krb5_kt_close(context, keytab);
|
||||
return ret != 0;
|
||||
return ret != 0 || failed > 0;
|
||||
}
|
||||
|
Reference in New Issue
Block a user