xref: /freebsd/crypto/heimdal/admin/get.c (revision 5521ff5a4d1929056e7ffc982fac3341ca54df7c) 
1 /*
2  * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "ktutil_locl.h"
35 
36 RCSID("$Id: get.c,v 1.18 2001/05/10 15:42:01 assar Exp $");
37 
38 int
39 kt_get(int argc, char **argv)
40 {
41     krb5_error_code ret = 0;
42     krb5_keytab keytab;
43     kadm5_config_params conf;
44     void *kadm_handle = NULL;
45     char *principal = NULL;
46     char *realm = NULL;
47     char *admin_server = NULL;
48     int server_port = 0;
49     int help_flag = 0;
50     int optind = 0;
51     int i, j;
52     struct getarg_strings etype_strs = {0, NULL};
53     krb5_enctype *etypes = NULL;
54     size_t netypes = 0;
55 
56     struct getargs args[] = {
57 	{ "principal",	'p',	arg_string,   NULL,
58 	  "admin principal", "principal"
59 	},
60 	{ "enctypes",	'e',	arg_strings,	NULL,
61 	  "encryption types to use", "enctypes" },
62 	{ "realm",	'r',	arg_string,   NULL,
63 	  "realm to use", "realm"
64 	},
65 	{ "admin-server",	'a',	arg_string, NULL,
66 	  "server to contact", "host"
67 	},
68 	{ "server-port",	's',	arg_integer, NULL,
69 	  "port to contact", "port number"
70 	},
71 	{ "help",		'h',	arg_flag,    NULL }
72     };
73 
74     args[0].value = &principal;
75     args[1].value = &etype_strs;
76     args[2].value = &realm;
77     args[3].value = &admin_server;
78     args[4].value = &server_port;
79     args[5].value = &help_flag;
80 
81     memset(&conf, 0, sizeof(conf));
82 
83     if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)
84        || help_flag) {
85 	arg_printusage(args, sizeof(args) / sizeof(args[0]),
86 		       "ktutil get", "principal...");
87 	return 1;
88     }
89 
90     if (keytab_string == NULL) {
91 	ret = krb5_kt_default_modify_name (context, keytab_buf,
92 					   sizeof(keytab_buf));
93 	if (ret) {
94 	    krb5_warn(context, ret, "krb5_kt_default_modify_name");
95 	    return 1;
96 	}
97 	keytab_string = keytab_buf;
98     }
99     ret = krb5_kt_resolve(context, keytab_string, &keytab);
100     if (ret) {
101 	krb5_warn(context, ret, "resolving keytab %s", keytab_string);
102 	return 1;
103     }
104 
105     if (etype_strs.num_strings) {
106 	int i;
107 
108 	etypes = malloc (etype_strs.num_strings * sizeof(*etypes));
109 	if (etypes == NULL) {
110 	    krb5_warnx(context, "malloc failed");
111 	    goto out;
112 	}
113 	netypes = etype_strs.num_strings;
114 	for(i = 0; i < netypes; i++) {
115 	    ret = krb5_string_to_enctype(context,
116 					 etype_strs.strings[i],
117 					 &etypes[i]);
118 	    if(ret) {
119 		krb5_warnx(context, "unrecognized enctype: %s",
120 			   etype_strs.strings[i]);
121 		goto out;
122 	    }
123 	}
124     }
125 
126     if(realm) {
127 	krb5_set_default_realm(context, realm); /* XXX should be fixed
128 						   some other way */
129 	conf.realm = realm;
130 	conf.mask |= KADM5_CONFIG_REALM;
131     }
132 
133     if (admin_server) {
134 	conf.admin_server = admin_server;
135 	conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
136     }
137 
138     if (server_port) {
139 	conf.kadmind_port = htons(server_port);
140 	conf.mask |= KADM5_CONFIG_KADMIND_PORT;
141     }
142 
143     ret = kadm5_init_with_password_ctx(context,
144 				       principal,
145 				       NULL,
146 				       KADM5_ADMIN_SERVICE,
147 				       &conf, 0, 0,
148 				       &kadm_handle);
149     if(ret) {
150 	krb5_warn(context, ret, "kadm5_init_with_password");
151 	goto out;
152     }
153 
154     for(i = optind; i < argc; i++){
155 	krb5_principal princ_ent;
156 	kadm5_principal_ent_rec princ;
157 	int mask = 0;
158 	krb5_keyblock *keys;
159 	int n_keys;
160 	int created = 0;
161 	krb5_keytab_entry entry;
162 
163 	ret = krb5_parse_name(context, argv[i], &princ_ent);
164 	memset(&princ, 0, sizeof(princ));
165 	princ.principal = princ_ent;
166 	mask |= KADM5_PRINCIPAL;
167 	princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
168 	mask |= KADM5_ATTRIBUTES;
169 	princ.princ_expire_time = 0;
170 	mask |= KADM5_PRINC_EXPIRE_TIME;
171 
172 	ret = kadm5_create_principal(kadm_handle, &princ, mask, "x");
173 	if(ret == 0)
174 	    created++;
175 	else if(ret != KADM5_DUP) {
176 	    krb5_warn(context, ret, "kadm5_create_principal(%s)", argv[i]);
177 	    krb5_free_principal(context, princ_ent);
178 	    continue;
179 	}
180 	ret = kadm5_randkey_principal(kadm_handle, princ_ent, &keys, &n_keys);
181 	if (ret) {
182 	    krb5_warn(context, ret, "kadm5_randkey_principal(%s)", argv[i]);
183 	    krb5_free_principal(context, princ_ent);
184 	    continue;
185 	}
186 
187 	ret = kadm5_get_principal(kadm_handle, princ_ent, &princ,
188 			      KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES);
189 	if (ret) {
190 	    krb5_warn(context, ret, "kadm5_get_principal(%s)", argv[i]);
191 	    for (j = 0; j < n_keys; j++)
192 		krb5_free_keyblock_contents(context, &keys[j]);
193 	    krb5_free_principal(context, princ_ent);
194 	    continue;
195 	}
196 	princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
197 	mask = KADM5_ATTRIBUTES;
198 	if(created) {
199 	    princ.kvno = 1;
200 	    mask |= KADM5_KVNO;
201 	}
202 	ret = kadm5_modify_principal(kadm_handle, &princ, mask);
203 	if (ret) {
204 	    krb5_warn(context, ret, "kadm5_modify_principal(%s)", argv[i]);
205 	    for (j = 0; j < n_keys; j++)
206 		krb5_free_keyblock_contents(context, &keys[j]);
207 	    krb5_free_principal(context, princ_ent);
208 	    continue;
209 	}
210 	for(j = 0; j < n_keys; j++) {
211 	    int do_add = TRUE;
212 
213 	    if (netypes) {
214 		int i;
215 
216 		do_add = FALSE;
217 		for (i = 0; i < netypes; ++i)
218 		    if (keys[j].keytype == etypes[i]) {
219 			do_add = TRUE;
220 			break;
221 		    }
222 	    }
223 	    if (do_add) {
224 		entry.principal = princ_ent;
225 		entry.vno = princ.kvno;
226 		entry.keyblock = keys[j];
227 		entry.timestamp = time (NULL);
228 		ret = krb5_kt_add_entry(context, keytab, &entry);
229 		if (ret)
230 		    krb5_warn(context, ret, "krb5_kt_add_entry");
231 	    }
232 	    krb5_free_keyblock_contents(context, &keys[j]);
233 	}
234 
235 	kadm5_free_principal_ent(kadm_handle, &princ);
236 	krb5_free_principal(context, princ_ent);
237     }
238  out:
239     free_getarg_strings(&etype_strs);
240     free(etypes);
241     if (kadm_handle)
242 	kadm5_destroy(kadm_handle);
243     krb5_kt_close(context, keytab);
244     return ret != 0;
245 }
246