keytab.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* Copyright 2004 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
*
* $Id: keytab.c,v 1.26 2000/02/19 01:57:07 tlyu Exp $
*/
/*
* Copyright (C) 1998 by the FundsXpress, INC.
*
* All rights reserved.
*
* Export of this software from the United States of America may require
* a specific license from the United States Government. It is the
* responsibility of any person or organization contemplating export to
* obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of FundsXpress. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. FundsXpress makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
#if !defined(lint) && !defined(__CODECENTER__)
static char *rcsid = "$Header: /cvs/krbdev/krb5/src/kadmin/cli/keytab.c,v 1.26 2000/02/19 01:57:07 tlyu Exp $";
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <libintl.h>
#include <krb5.h>
#include <k5-int.h>
int keepold,
char *princ_str);
extern char *krb5_defkeyname;
extern char *whoami;
extern krb5_context context;
extern void *handle;
static int quiet;
void
{
"ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] "
"[principal | -glob princ-exp] [...]\n");
}
void
{
gettext("Usage"),
"ktremove [-k[eytab] keytab] [-q] principal "
"[kvno|\"all\"|\"old\"]\n");
}
int
{
int code;
if (*keytab_str == NULL) {
return (1);
}
return (1);
}
return(1);
}
} else {
if (*keytab_str == NULL) {
gettext("while creating keytab name"));
return (1);
}
} else {
char *tmp = *keytab_str;
*keytab_str = (char *)
if (*keytab_str == NULL) {
gettext("while creating keytab name"));
return (1);
}
}
if (code != 0) {
return (1);
}
}
return (0);
}
void
{
krb5_keytab keytab = 0;
int keepold = 0, n_ks_tuple = 0;
argc--;
argv++;
quiet = 0;
while (argc) {
argc--;
argv++;
if (!argc || keytab_str) {
add_usage();
return;
}
keytab_str = *argv;
quiet++;
argc--;
if (argc < 1) {
add_usage();
return;
}
&ks_tuple, &n_ks_tuple);
if (retval) {
gettext("while parsing keysalts %s"),
*argv);
return;
}
} else
break;
argc--;
argv++;
}
if (argc == 0) {
add_usage();
return;
}
return;
while (*argv) {
add_usage();
break;
}
gettext("while expanding expression "
"\"%s\"."),
*argv);
argv++;
continue;
}
for (i = 0; i < num; i++)
princs[i]);
} else
*argv);
argv++;
}
if (code != 0)
}
void
{
krb5_keytab keytab = 0;
int code;
argc--;
argv++;
quiet = 0;
while (argc) {
argc--;
argv++;
if (!argc || keytab_str) {
rem_usage();
return;
}
keytab_str = *argv;
quiet++;
} else
break;
argc--;
argv++;
}
rem_usage();
return;
}
return;
if (code != 0)
}
int keepold, int n_ks_tuple,
char *princ_str)
{
int nktypes = 0;
nkeys = 0;
if (code != 0) {
gettext("while parsing -add principal name %s"),
goto cleanup;
}
/*
* Count the results. This is stupid, the API above
* should have included an output param to indicate
* the size of the list that is returned.
*/
/* Allocate a new key-salt tuple set */
sizeof (krb5_key_salt_tuple) * nktypes);
if (permitted_etypes == NULL) {
return (ENOMEM);
}
/*
* Because the keysalt parameter doesn't matter for
* keys stored in the keytab, use the default "normal"
* salt for all keys
*/
for (i = 0; i < nktypes; i++) {
}
} else {
if (ktypes)
goto cleanup;
}
} else {
}
#ifndef _KADMIN_LOCAL_
/* this block is not needed in the kadmin.local client */
/*
* If the above call failed, we may be talking to an older
* admin server, so try the older API.
*/
if (code == KADM5_RPC_ERROR) {
}
#endif /* !KADMIN_LOCAL */
if (code != 0) {
if (code == KADM5_UNK_PRINC) {
gettext("%s: Principal %s does not exist.\n"),
} else {
gettext("while changing %s's key"),
}
goto cleanup;
}
if (code != 0) {
goto cleanup;
}
for (i = 0; i < nkeys; i++) {
if (code != 0) {
gettext("while adding key to keytab"));
goto cleanup;
}
if (!quiet)
"encryption type %s added to keytab %s.\n"),
}
if (code != 0) {
goto cleanup;
}
if (nkeys) {
for (i = 0; i < nkeys; i++)
}
if (princ)
return (code);
}
int
{
enum {
} mode;
if (code != 0) {
gettext("while parsing principal name %s"),
return (code);
}
kvno = 0;
kvno = 0;
kvno = 0;
} else {
}
/* kvno is set to specified value for SPEC, 0 otherwise */
if (code != 0) {
gettext("%s: Keytab %s does not exist.\n"),
whoami, keytab_str);
} else if (code == KRB5_KT_NOTFOUND) {
gettext("%s: No entry for principal "
"%s exists in keytab %s\n"),
else
gettext("%s: No entry for principal "
"%s with kvno %d exists in "
"keytab %s.\n"),
} else {
gettext("while retrieving highest "
"kvno from keytab"));
}
return (code);
}
/* set kvno to spec'ed value for SPEC, highest kvno otherwise */
if (code != 0) {
return (code);
}
did_something = 0;
/*
* Ack! What a kludge... the scanning functions
* lock the keytab so entries cannot be removed
* while they are operating.
*/
if (code != 0) {
gettext("while temporarily "
"ending keytab scan"));
return (code);
}
if (code != 0) {
gettext("while deleting entry "
"from keytab"));
return (code);
}
if (code != 0) {
gettext("while restarting keytab scan"));
return (code);
}
if (!quiet)
"%s with kvno %d "
"removed from keytab %s.\n"),
}
}
return (code);
}
return (code);
}
/*
* If !did_someting then mode must be OLD or we would have already
* returned with an error. But check it anyway just to prevent
* unexpected error messages...
*/
gettext("%s: There is only one entry for principal "
"%s in keytab %s\n"),
return (1);
}
return (0);
}
/*
* etype_string(enctype): return a string representation of the
* encryption type. XXX copied from klist.c; this should be a
* library function, or perhaps just #defines
*/
static char *
{
static char buf[100];
return (buf);
}