xref: /freebsd/crypto/heimdal/admin/add.c (revision 02e9120893770924227138ba49df1edb3896112a)
1 /*
2  * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "ktutil_locl.h"
35 
36 RCSID("$Id$");
37 
38 static char *
39 readstring(const char *prompt, char *buf, size_t len)
40 {
41     printf("%s", prompt);
42     if (fgets(buf, len, stdin) == NULL)
43 	return NULL;
44     buf[strcspn(buf, "\r\n")] = '\0';
45     return buf;
46 }
47 
48 int
49 kt_add(struct add_options *opt, int argc, char **argv)
50 {
51     krb5_error_code ret;
52     krb5_keytab keytab;
53     krb5_keytab_entry entry;
54     char buf[1024];
55     krb5_enctype enctype;
56 
57     if((keytab = ktutil_open_keytab()) == NULL)
58 	return 1;
59 
60     memset(&entry, 0, sizeof(entry));
61     if(opt->principal_string == NULL) {
62 	if(readstring("Principal: ", buf, sizeof(buf)) == NULL)
63 	    return 1;
64 	opt->principal_string = buf;
65     }
66     ret = krb5_parse_name(context, opt->principal_string, &entry.principal);
67     if(ret) {
68 	krb5_warn(context, ret, "%s", opt->principal_string);
69 	goto out;
70     }
71     if(opt->enctype_string == NULL) {
72 	if(readstring("Encryption type: ", buf, sizeof(buf)) == NULL) {
73 	    ret = 1;
74 	    goto out;
75 	}
76 	opt->enctype_string = buf;
77     }
78     ret = krb5_string_to_enctype(context, opt->enctype_string, &enctype);
79     if(ret) {
80 	int t;
81 	if(sscanf(opt->enctype_string, "%d", &t) == 1)
82 	    enctype = t;
83 	else {
84 	    krb5_warn(context, ret, "%s", opt->enctype_string);
85 	    goto out;
86 	}
87     }
88     if(opt->kvno_integer == -1) {
89 	if(readstring("Key version: ", buf, sizeof(buf)) == NULL) {
90 	    ret = 1;
91 	    goto out;
92 	}
93 	if(sscanf(buf, "%u", &opt->kvno_integer) != 1)
94 	    goto out;
95     }
96     if(opt->password_string == NULL && opt->random_flag == 0) {
97 	if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Password: ", 1)) {
98 	    ret = 1;
99 	    goto out;
100 	}
101 	opt->password_string = buf;
102     }
103     if(opt->password_string) {
104 	if (opt->hex_flag) {
105 	    size_t len;
106 	    void *data;
107 
108 	    len = (strlen(opt->password_string) + 1) / 2;
109 
110 	    data = malloc(len);
111 	    if (data == NULL) {
112 		krb5_warn(context, ENOMEM, "malloc");
113 		goto out;
114 	    }
115 
116 	    if ((size_t)hex_decode(opt->password_string, data, len) != len) {
117 		free(data);
118 		krb5_warn(context, ENOMEM, "hex decode failed");
119 		goto out;
120 	    }
121 
122 	    ret = krb5_keyblock_init(context, enctype,
123 				     data, len, &entry.keyblock);
124 	    free(data);
125 	} else if (!opt->salt_flag) {
126 	    krb5_salt salt;
127 	    krb5_data pw;
128 
129 	    salt.salttype         = KRB5_PW_SALT;
130 	    salt.saltvalue.data   = NULL;
131 	    salt.saltvalue.length = 0;
132 	    pw.data = (void*)opt->password_string;
133 	    pw.length = strlen(opt->password_string);
134 	    ret = krb5_string_to_key_data_salt(context, enctype, pw, salt,
135 					       &entry.keyblock);
136         } else {
137 	    ret = krb5_string_to_key(context, enctype, opt->password_string,
138 				     entry.principal, &entry.keyblock);
139 	}
140 	memset (opt->password_string, 0, strlen(opt->password_string));
141     } else {
142 	ret = krb5_generate_random_keyblock(context, enctype, &entry.keyblock);
143     }
144     if(ret) {
145 	krb5_warn(context, ret, "add");
146 	goto out;
147     }
148     entry.vno = opt->kvno_integer;
149     entry.timestamp = time (NULL);
150     ret = krb5_kt_add_entry(context, keytab, &entry);
151     if(ret)
152 	krb5_warn(context, ret, "add");
153  out:
154     krb5_kt_free_entry(context, &entry);
155     krb5_kt_close(context, keytab);
156     return ret != 0;
157 }
158