convert to slc; warn if resetting disallow-all-tix

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14259 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
2004-09-23 14:44:57 +00:00
parent 6ea52bf4dc
commit 553e4214ea

View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997-2004 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -78,89 +78,45 @@ open_kadmin_connection(char *principal,
}
int
kt_get(int argc, char **argv)
kt_get(struct get_options *opt, int argc, char **argv)
{
krb5_error_code ret = 0;
krb5_keytab keytab;
void *kadm_handle = NULL;
char *principal = NULL;
char *realm = NULL;
char *admin_server = NULL;
int server_port = 0;
int help_flag = 0;
int optind = 0;
struct getarg_strings etype_strs = {0, NULL};
krb5_enctype *etypes = NULL;
size_t netypes = 0;
struct getargs args[] = {
{ "principal", 'p', arg_string, NULL,
"admin principal", "principal"
},
{ "enctypes", 'e', arg_strings, NULL,
"encryption types to use", "enctypes" },
{ "realm", 'r', arg_string, NULL,
"realm to use", "realm"
},
{ "admin-server", 'a', arg_string, NULL,
"server to contact", "host"
},
{ "server-port", 's', arg_integer, NULL,
"port to contact", "port number"
},
{ "help", 'h', arg_flag, NULL }
};
int i = 0, j;
args[i++].value = &principal;
args[i++].value = &etype_strs;
args[i++].value = &realm;
args[i++].value = &admin_server;
args[i++].value = &server_port;
args[i++].value = &help_flag;
if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)
|| help_flag) {
arg_printusage(args, sizeof(args) / sizeof(args[0]),
"ktutil get", "principal...");
return 1;
}
if(optind == argc) {
krb5_warnx(context, "no principals specified");
arg_printusage(args, sizeof(args) / sizeof(args[0]),
"ktutil get", "principal...");
return 1;
}
unsigned int failed = 0;
if((keytab = ktutil_open_keytab()) == NULL)
return 1;
if(realm)
krb5_set_default_realm(context, realm);
if(opt->realm_string)
krb5_set_default_realm(context, opt->realm_string);
if (etype_strs.num_strings) {
if (opt->enctypes_strings.num_strings != 0) {
int i;
etypes = malloc (etype_strs.num_strings * sizeof(*etypes));
etypes = malloc (opt->enctypes_strings.num_strings * sizeof(*etypes));
if (etypes == NULL) {
krb5_warnx(context, "malloc failed");
goto out;
}
netypes = etype_strs.num_strings;
netypes = opt->enctypes_strings.num_strings;
for(i = 0; i < netypes; i++) {
ret = krb5_string_to_enctype(context,
etype_strs.strings[i],
opt->enctypes_strings.strings[i],
&etypes[i]);
if(ret) {
krb5_warnx(context, "unrecognized enctype: %s",
etype_strs.strings[i]);
opt->enctypes_strings.strings[i]);
goto out;
}
}
}
for(i = optind; i < argc; i++){
for(i = 0; i < argc; i++){
krb5_principal princ_ent;
kadm5_principal_ent_rec princ;
int mask = 0;
@@ -172,6 +128,7 @@ kt_get(int argc, char **argv)
ret = krb5_parse_name(context, argv[i], &princ_ent);
if (ret) {
krb5_warn(context, ret, "can't parse principal %s", argv[i]);
failed++;
continue;
}
memset(&princ, 0, sizeof(princ));
@@ -184,31 +141,32 @@ kt_get(int argc, char **argv)
if(kadm_handle == NULL) {
const char *r;
if(realm != NULL)
r = realm;
if(opt->realm_string != NULL)
r = opt->realm_string;
else
r = krb5_principal_get_realm(context, princ_ent);
kadm_handle = open_kadmin_connection(principal,
kadm_handle = open_kadmin_connection(opt->principal_string,
r,
admin_server,
server_port);
if(kadm_handle == NULL) {
opt->admin_server_string,
opt->server_port_integer);
if(kadm_handle == NULL)
break;
}
}
ret = kadm5_create_principal(kadm_handle, &princ, mask, "x");
if(ret == 0)
created++;
created = 1;
else if(ret != KADM5_DUP) {
krb5_warn(context, ret, "kadm5_create_principal(%s)", argv[i]);
krb5_free_principal(context, princ_ent);
failed++;
continue;
}
ret = kadm5_randkey_principal(kadm_handle, princ_ent, &keys, &n_keys);
if (ret) {
krb5_warn(context, ret, "kadm5_randkey_principal(%s)", argv[i]);
krb5_free_principal(context, princ_ent);
failed++;
continue;
}
@@ -219,8 +177,11 @@ kt_get(int argc, char **argv)
for (j = 0; j < n_keys; j++)
krb5_free_keyblock_contents(context, &keys[j]);
krb5_free_principal(context, princ_ent);
failed++;
continue;
}
if(!created && (princ.attributes & KRB5_KDB_DISALLOW_ALL_TIX))
krb5_warnx(context, "%s: disallow-all-tix flag set - clearing", argv[i]);
princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
mask = KADM5_ATTRIBUTES;
if(created) {
@@ -233,6 +194,7 @@ kt_get(int argc, char **argv)
for (j = 0; j < n_keys; j++)
krb5_free_keyblock_contents(context, &keys[j]);
krb5_free_principal(context, princ_ent);
failed++;
continue;
}
for(j = 0; j < n_keys; j++) {
@@ -264,10 +226,9 @@ kt_get(int argc, char **argv)
krb5_free_principal(context, princ_ent);
}
out:
free_getarg_strings(&etype_strs);
free(etypes);
if (kadm_handle)
kadm5_destroy(kadm_handle);
krb5_kt_close(context, keytab);
return ret != 0;
return ret != 0 || failed > 0;
}