1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* kadmin/ktutil/ktutil.c - SS user interface for ktutil */
3 /*
4 * Copyright 1995, 1996, 2008 by the Massachusetts Institute of Technology.
5 * All Rights Reserved.
6 *
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
11 *
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. Furthermore if you modify this software you must label
20 * your software as modified software and not distribute it in such a
21 * fashion that it might be confused with the original M.I.T. software.
22 * M.I.T. makes no representations about the suitability of
23 * this software for any purpose. It is provided "as is" without express
24 * or implied warranty.
25 */
26
27 #include "k5-int.h"
28 #include "ktutil.h"
29 #include <com_err.h>
30 #include <locale.h>
31 #include "adm_proto.h"
32 #include <ss/ss.h>
33 #include <stdio.h>
34 #ifdef HAVE_STDLIB_H
35 #include <stdlib.h>
36 #endif
37
38 extern ss_request_table ktutil_cmds;
39 krb5_context kcontext;
40 krb5_kt_list ktlist = NULL;
41
main(argc,argv)42 int main(argc, argv)
43 int argc;
44 char *argv[];
45 {
46 krb5_error_code retval;
47 int sci_idx;
48
49 setlocale(LC_ALL, "");
50 retval = krb5_init_context(&kcontext);
51 if (retval) {
52 com_err(argv[0], retval, _("while initializing krb5"));
53 exit(1);
54 }
55 sci_idx = ss_create_invocation("ktutil", "5.0", (char *)NULL,
56 &ktutil_cmds, &retval);
57 if (retval) {
58 ss_perror(sci_idx, retval, _("creating invocation"));
59 exit(1);
60 }
61 retval = ss_listen(sci_idx);
62 ktutil_free_kt_list(kcontext, ktlist);
63 exit(0);
64 }
65
ktutil_clear_list(argc,argv)66 void ktutil_clear_list(argc, argv)
67 int argc;
68 char *argv[];
69 {
70 krb5_error_code retval;
71
72 if (argc != 1) {
73 fprintf(stderr, _("%s: invalid arguments\n"), argv[0]);
74 return;
75 }
76 retval = ktutil_free_kt_list(kcontext, ktlist);
77 if (retval)
78 com_err(argv[0], retval, _("while freeing ktlist"));
79 ktlist = NULL;
80 }
81
ktutil_read_v5(argc,argv)82 void ktutil_read_v5(argc, argv)
83 int argc;
84 char *argv[];
85 {
86 krb5_error_code retval;
87
88 if (argc != 2) {
89 fprintf(stderr, _("%s: must specify keytab to read\n"), argv[0]);
90 return;
91 }
92 retval = ktutil_read_keytab(kcontext, argv[1], &ktlist);
93 if (retval)
94 com_err(argv[0], retval, _("while reading keytab \"%s\""), argv[1]);
95 }
96
ktutil_read_v4(argc,argv)97 void ktutil_read_v4(argc, argv)
98 int argc;
99 char *argv[];
100 {
101 fprintf(stderr, _("%s: reading srvtabs is no longer supported\n"),
102 argv[0]);
103 }
104
ktutil_write_v5(argc,argv)105 void ktutil_write_v5(argc, argv)
106 int argc;
107 char *argv[];
108 {
109 krb5_error_code retval;
110
111 if (argc != 2) {
112 fprintf(stderr, _("%s: must specify keytab to write\n"), argv[0]);
113 return;
114 }
115 retval = ktutil_write_keytab(kcontext, ktlist, argv[1]);
116 if (retval)
117 com_err(argv[0], retval, _("while writing keytab \"%s\""), argv[1]);
118 }
119
ktutil_write_v4(argc,argv)120 void ktutil_write_v4(argc, argv)
121 int argc;
122 char *argv[];
123 {
124 fprintf(stderr, _("%s: writing srvtabs is no longer supported\n"),
125 argv[0]);
126 }
127
ktutil_add_entry(argc,argv)128 void ktutil_add_entry(argc, argv)
129 int argc;
130 char *argv[];
131 {
132 krb5_error_code retval;
133 char *princ = NULL;
134 char *enctype = NULL;
135 krb5_kvno kvno = 0;
136 int use_pass = 0, use_key = 0, use_kvno = 0, fetch = 0, i;
137 char *salt = NULL;
138
139 for (i = 1; i < argc; i++) {
140 if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-p", 2)) {
141 princ = argv[++i];
142 continue;
143 }
144 if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) {
145 kvno = (krb5_kvno) atoi(argv[++i]);
146 use_kvno++;
147 continue;
148 }
149 if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) {
150 enctype = argv[++i];
151 continue;
152 }
153 if ((strlen(argv[i]) == 9) && !strncmp(argv[i], "-password", 9)) {
154 use_pass++;
155 continue;
156 }
157 if ((strlen(argv[i]) == 4) && !strncmp(argv[i], "-key", 4)) {
158 use_key++;
159 continue;
160 }
161 if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-s", 2)) {
162 salt = argv[++i];
163 continue;
164 }
165 if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-f", 2))
166 fetch++;
167 }
168
169 if (princ == NULL || use_pass + use_key != 1 || !use_kvno ||
170 (fetch && salt != NULL)) {
171 fprintf(stderr, _("usage: %s (-key | -password) -p principal "
172 "-k kvno [-e enctype] [-f|-s salt]\n"), argv[0]);
173 return;
174 }
175 if (!fetch && enctype == NULL) {
176 fprintf(stderr, _("enctype must be specified if not using -f\n"));
177 return;
178 }
179
180 retval = ktutil_add(kcontext, &ktlist, princ, fetch, kvno, enctype,
181 use_pass, salt);
182 if (retval)
183 com_err(argv[0], retval, _("while adding new entry"));
184 }
185
ktutil_delete_entry(argc,argv)186 void ktutil_delete_entry(argc, argv)
187 int argc;
188 char *argv[];
189 {
190 krb5_error_code retval;
191
192 if (argc != 2) {
193 fprintf(stderr, _("%s: must specify entry to delete\n"), argv[0]);
194 return;
195 }
196 retval = ktutil_delete(kcontext, &ktlist, atoi(argv[1]));
197 if (retval)
198 com_err(argv[0], retval, _("while deleting entry %d"), atoi(argv[1]));
199 }
200
ktutil_list(argc,argv)201 void ktutil_list(argc, argv)
202 int argc;
203 char *argv[];
204 {
205 krb5_error_code retval;
206 krb5_kt_list lp;
207 int show_time = 0, show_keys = 0, show_enctype = 0;
208 int i;
209 unsigned int j;
210 char *pname;
211
212 for (i = 1; i < argc; i++) {
213 if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-t", 2)) {
214 show_time++;
215 continue;
216 }
217 if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) {
218 show_keys++;
219 continue;
220 }
221 if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) {
222 show_enctype++;
223 continue;
224 }
225
226 fprintf(stderr, _("%s: usage: %s [-t] [-k] [-e]\n"), argv[0], argv[0]);
227 return;
228 }
229 /* XXX Translating would disturb table alignment; skip for now. */
230 if (show_time) {
231 printf("slot KVNO Timestamp Principal\n");
232 printf("---- ---- ----------------- ---------------------------------------------------\n");
233 } else {
234 printf("slot KVNO Principal\n");
235 printf("---- ---- ---------------------------------------------------------------------\n");
236 }
237 for (i = 1, lp = ktlist; lp; i++, lp = lp->next) {
238 retval = krb5_unparse_name(kcontext, lp->entry->principal, &pname);
239 if (retval) {
240 com_err(argv[0], retval, "while unparsing principal name");
241 return;
242 }
243 printf("%4d %4d ", i, lp->entry->vno);
244 if (show_time) {
245 char fmtbuf[18];
246 char fill;
247 time_t tstamp;
248
249 tstamp = lp->entry->timestamp;
250 lp->entry->timestamp = tstamp;
251 fill = ' ';
252 if (!krb5_timestamp_to_sfstring((krb5_timestamp)lp->entry->
253 timestamp,
254 fmtbuf,
255 sizeof(fmtbuf),
256 &fill))
257 printf("%s ", fmtbuf);
258 }
259 printf("%40s", pname);
260 if (show_enctype) {
261 static char buf[256];
262 if ((retval = krb5_enctype_to_name(lp->entry->key.enctype, FALSE,
263 buf, sizeof(buf)))) {
264 com_err(argv[0], retval,
265 _("While converting enctype to string"));
266 return;
267 }
268 printf(" (%s) ", buf);
269 }
270
271 if (show_keys) {
272 printf(" (0x");
273 for (j = 0; j < lp->entry->key.length; j++)
274 printf("%02x", lp->entry->key.contents[j]);
275 printf(")");
276 }
277 printf("\n");
278 free(pname);
279 }
280 }
281