bd211b8556ef6b18ebf137419bd5555d65271664semery * CDDL HEADER START
bd211b8556ef6b18ebf137419bd5555d65271664semery * The contents of this file are subject to the terms of the
bd211b8556ef6b18ebf137419bd5555d65271664semery * Common Development and Distribution License (the "License").
bd211b8556ef6b18ebf137419bd5555d65271664semery * You may not use this file except in compliance with the License.
bd211b8556ef6b18ebf137419bd5555d65271664semery * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
bd211b8556ef6b18ebf137419bd5555d65271664semery * See the License for the specific language governing permissions
bd211b8556ef6b18ebf137419bd5555d65271664semery * and limitations under the License.
bd211b8556ef6b18ebf137419bd5555d65271664semery * When distributing Covered Code, include this CDDL HEADER in each
bd211b8556ef6b18ebf137419bd5555d65271664semery * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
bd211b8556ef6b18ebf137419bd5555d65271664semery * If applicable, add the following below this CDDL HEADER, with the
bd211b8556ef6b18ebf137419bd5555d65271664semery * fields enclosed by brackets "[]" replaced with your own identifying
bd211b8556ef6b18ebf137419bd5555d65271664semery * information: Portions Copyright [yyyy] [name of copyright owner]
bd211b8556ef6b18ebf137419bd5555d65271664semery * CDDL HEADER END
c386eb9c22c7c00fc48a982f238576e16b113bdaShawn Emery * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
bd211b8556ef6b18ebf137419bd5555d65271664semery * Use is subject to license terms.
bd211b8556ef6b18ebf137419bd5555d65271664semerystatic void kt_add_entry(krb5_context ctx, krb5_keytab kt,
c386eb9c22c7c00fc48a982f238576e16b113bdaShawn Emery const krb5_principal princ, const krb5_principal sprinc,
c386eb9c22c7c00fc48a982f238576e16b113bdaShawn Emery krb5_enctype enctype, krb5_kvno kvno, const char *pw);
bd211b8556ef6b18ebf137419bd5555d65271664semerystatic krb5_error_code kt_remove_entries(krb5_context ctx, krb5_keytab kt,
bd211b8556ef6b18ebf137419bd5555d65271664semerystatic void usage();
bd211b8556ef6b18ebf137419bd5555d65271664semery#endif /* TEXT_DOMAIN */
bd211b8556ef6b18ebf137419bd5555d65271664semery /* Misc init stuff */
bd211b8556ef6b18ebf137419bd5555d65271664semery (void) memset(&result_code_string, 0, sizeof (result_code_string));
bd211b8556ef6b18ebf137419bd5555d65271664semery (void) memset(&result_string, 0, sizeof (result_string));
bd211b8556ef6b18ebf137419bd5555d65271664semery if (code != 0) {
bd211b8556ef6b18ebf137419bd5555d65271664semery com_err(whoami, code, gettext("krb5_init_context() failed"));
c386eb9c22c7c00fc48a982f238576e16b113bdaShawn Emery while ((c = getopt(argc, argv, "v:c:k:e:ns:")) != -1) {
bd211b8556ef6b18ebf137419bd5555d65271664semery switch (c) {
bd211b8556ef6b18ebf137419bd5555d65271664semery if ((code = krb5_kt_resolve(ctx, ktname, &kt)) != 0) {
bd211b8556ef6b18ebf137419bd5555d65271664semery if ((code = krb5_cc_resolve(ctx, optarg, &cc)) != 0) {
bd211b8556ef6b18ebf137419bd5555d65271664semery if (enctype_count++ == 0) {
bd211b8556ef6b18ebf137419bd5555d65271664semery ("Couldn't allocate memory"));
bd211b8556ef6b18ebf137419bd5555d65271664semery if (code != 0) {
bd211b8556ef6b18ebf137419bd5555d65271664semery "or unsupported enctype %s"),
bd211b8556ef6b18ebf137419bd5555d65271664semery com_err(whoami, code, gettext("Could not find a ccache"));
bd211b8556ef6b18ebf137419bd5555d65271664semery com_err(whoami, code, gettext("No keytab specified"));
bd211b8556ef6b18ebf137419bd5555d65271664semery if (code != 0) {
bd211b8556ef6b18ebf137419bd5555d65271664semery com_err(whoami, code, gettext("krb5_parse_name(%s) failed"),
bd211b8556ef6b18ebf137419bd5555d65271664semery newpw = getpassphrase(gettext("Enter new password: "));
bd211b8556ef6b18ebf137419bd5555d65271664semery if (nflag == 0) {
bd211b8556ef6b18ebf137419bd5555d65271664semery code = krb5_set_password_using_ccache(ctx, cc, newpw, victim,
bd211b8556ef6b18ebf137419bd5555d65271664semery if (code != 0) {
bd211b8556ef6b18ebf137419bd5555d65271664semery result_code == 0 ? "success" : result_code_string.data,
bd211b8556ef6b18ebf137419bd5555d65271664semery if (enctype_count && (code = kt_remove_entries(ctx, kt, victim)))
bd211b8556ef6b18ebf137419bd5555d65271664semery for (i = 0; i < enctype_count; i++)
c386eb9c22c7c00fc48a982f238576e16b113bdaShawn Emery kt_add_entry(ctx, kt, victim, salt, enctypes[i], kvno, newpw);
bd211b8556ef6b18ebf137419bd5555d65271664semerykt_remove_entries(krb5_context ctx, krb5_keytab kt, const krb5_principal princ)
bd211b8556ef6b18ebf137419bd5555d65271664semery * This is not a fatal error, we expect this to fail in the majority
bd211b8556ef6b18ebf137419bd5555d65271664semery * of cases (when clients are first initialized).
bd211b8556ef6b18ebf137419bd5555d65271664semery code = krb5_kt_get_entry(ctx, kt, princ, 0, 0, &entry);
bd211b8556ef6b18ebf137419bd5555d65271664semery if (code != 0) {
bd211b8556ef6b18ebf137419bd5555d65271664semery return (0);
bd211b8556ef6b18ebf137419bd5555d65271664semery if (code != 0) {
bd211b8556ef6b18ebf137419bd5555d65271664semery com_err(whoami, code, gettext("While starting keytab scan"));
bd211b8556ef6b18ebf137419bd5555d65271664semery while ((code = krb5_kt_next_entry(ctx, kt, &entry, &cursor)) == 0) {
bd211b8556ef6b18ebf137419bd5555d65271664semery if (krb5_principal_compare(ctx, princ, entry.principal)) {
bd211b8556ef6b18ebf137419bd5555d65271664semery if (code != 0) {
bd211b8556ef6b18ebf137419bd5555d65271664semery "ending keytab scan"));
bd211b8556ef6b18ebf137419bd5555d65271664semery if (code != 0) {
bd211b8556ef6b18ebf137419bd5555d65271664semery "from keytab"));
bd211b8556ef6b18ebf137419bd5555d65271664semery if (code != 0) {
bd211b8556ef6b18ebf137419bd5555d65271664semery com_err(whoami, code, gettext("While scanning keytab"));
bd211b8556ef6b18ebf137419bd5555d65271664semery if ((code = krb5_kt_end_seq_get(ctx, kt, &cursor))) {
bd211b8556ef6b18ebf137419bd5555d65271664semery com_err(whoami, code, gettext("While ending keytab scan"));
bd211b8556ef6b18ebf137419bd5555d65271664semery return (0);
bd211b8556ef6b18ebf137419bd5555d65271664semerykt_add_entry(krb5_context ctx, krb5_keytab kt, const krb5_principal princ,
c386eb9c22c7c00fc48a982f238576e16b113bdaShawn Emery const krb5_principal sprinc, krb5_enctype enctype, krb5_kvno kvno,
c386eb9c22c7c00fc48a982f238576e16b113bdaShawn Emery const char *pw)
bd211b8556ef6b18ebf137419bd5555d65271664semery if ((code = krb5_enctype_to_string(enctype, buf, sizeof (buf)))) {
bd211b8556ef6b18ebf137419bd5555d65271664semery com_err(whoami, code, gettext("Enctype %d has no name!"),
bd211b8556ef6b18ebf137419bd5555d65271664semery if ((entry = (krb5_keytab_entry *) malloc(sizeof (*entry))) == NULL) {
bd211b8556ef6b18ebf137419bd5555d65271664semery (void) fprintf(stderr, gettext("Couldn't allocate memory"));
c386eb9c22c7c00fc48a982f238576e16b113bdaShawn Emery if ((code = krb5_principal2salt(ctx, sprinc, &salt)) != 0) {
bd211b8556ef6b18ebf137419bd5555d65271664semery code = krb5_c_string_to_key(ctx, enctype, &password, &salt, &key);
bd211b8556ef6b18ebf137419bd5555d65271664semery if (code != 0) {
bd211b8556ef6b18ebf137419bd5555d65271664semery com_err(whoami, code, gettext("Could not compute salt for %s"),
bd211b8556ef6b18ebf137419bd5555d65271664semery (void) memcpy(&entry->key, &key, sizeof (krb5_keyblock));
bd211b8556ef6b18ebf137419bd5555d65271664semery if ((code = krb5_kt_add_entry(ctx, kt, entry)) != 0) {
bd211b8556ef6b18ebf137419bd5555d65271664semery (void) fprintf(stderr, gettext("Usage: %s [-c ccache] [-k keytab] "
72f0806acd90f56fb47a8087c33cfeaec527fddaShawn Emery "[-e enctype_list] [-s salt_name] [-n] princ\n"), whoami);
bd211b8556ef6b18ebf137419bd5555d65271664semery gettext("\t-n\tDon't set the principal's password\n"));
bd211b8556ef6b18ebf137419bd5555d65271664semery (void) fprintf(stderr, gettext("\tenctype_list is a comma or whitespace"
bd211b8556ef6b18ebf137419bd5555d65271664semery " separated list\n"));
bd211b8556ef6b18ebf137419bd5555d65271664semery (void) fprintf(stderr, gettext("\tIf -n is used then -k and -e must be "
bd211b8556ef6b18ebf137419bd5555d65271664semery "used\n"));