2 * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 /* $FreeBSD: src/crypto/kerberosIV/kadmin/ksrvutil_get.c,v 1.1.1.3.2.1 2003/02/14 22:37:37 nectar Exp $ */
35 #include "kadm_locl.h"
38 RCSID("$Id: ksrvutil_get.c,v 1.43 1999/12/02 16:58:36 joda Exp $");
42 #define FUDGE_VALUE 15 /* for ticket expiration time */
47 static char tktstring[MaxPathLen];
50 princ_exists(char *name, char *instance, char *realm)
54 status = krb_get_pw_in_tkt(name, instance, realm,
55 KRB_TICKET_GRANTING_TICKET,
58 if ((status == KSUCCESS) || (status == INTK_BADPW))
60 else if (status == KDC_PR_UNKNOWN)
67 get_admin_password(char *myname, char *myinst, char *myrealm)
70 char admin_passwd[MAX_KPW_LEN]; /* Admin's password */
71 int ticket_life = 1; /* minimum ticket lifetime */
75 if (princ_exists(myname, myinst, myrealm) != PE_NO) {
76 snprintf(buf, sizeof(buf), "Password for %s: ",
77 krb_unparse_name_long (myname, myinst, myrealm));
78 if (des_read_pw_string(admin_passwd, sizeof(admin_passwd)-1,
80 fprintf(stderr, "Error reading admin password.\n");
83 status = krb_get_pw_in_tkt(myname, myinst, myrealm, PWSERV_NAME,
84 KADM_SINST, ticket_life, admin_passwd);
85 memset(admin_passwd, 0, sizeof(admin_passwd));
87 status = KDC_PR_UNKNOWN;
93 printf("Principal %s does not exist.\n",
94 krb_unparse_name_long(myname, myinst, myrealm));
97 printf("Incorrect admin password.\n");
100 com_err("kadmin", status+krb_err_base,
101 "while getting password tickets");
106 memset(admin_passwd, 0, sizeof(admin_passwd));
112 srvtab_put_key (int fd, char *filename, char *name, char *inst, char *realm,
113 int8_t kvno, des_cblock key)
115 char sname[ANAME_SZ]; /* name of service */
116 char sinst[INST_SZ]; /* instance of service */
117 char srealm[REALM_SZ]; /* realm of service */
121 lseek(fd, 0, SEEK_SET);
123 while(getst(fd, sname, SNAME_SZ) > 0 &&
124 getst(fd, sinst, INST_SZ) > 0 &&
125 getst(fd, srealm, REALM_SZ) > 0 &&
126 read(fd, &skvno, sizeof(skvno)) > 0 &&
127 read(fd, skey, sizeof(skey)) > 0) {
128 if(strcmp(name, sname) == 0 &&
129 strcmp(inst, sinst) == 0 &&
130 strcmp(realm, srealm) == 0) {
131 lseek(fd, lseek(fd,0,SEEK_CUR)-(sizeof(skvno) + sizeof(skey)), SEEK_SET);
132 safe_write(filename, fd, &kvno, sizeof(kvno));
133 safe_write(filename, fd, key, sizeof(des_cblock));
137 safe_write(filename, fd, name, strlen(name) + 1);
138 safe_write(filename, fd, inst, strlen(inst) + 1);
139 safe_write(filename, fd, realm, strlen(realm) + 1);
140 safe_write(filename, fd, &kvno, sizeof(kvno));
141 safe_write(filename, fd, key, sizeof(des_cblock));
145 * node list of services
151 char realm[REALM_SZ];
152 struct srv_ent *next;
156 key_to_key(const char *user,
162 memcpy(key, arg, sizeof(des_cblock));
167 get_srvtab_ent(int unique_filename, int fd, char *filename,
168 char *name, char *inst, char *realm)
172 char old_tktfile[MaxPathLen], new_tktfile[MaxPathLen];
173 char garbage_name[ANAME_SZ];
174 char garbage_inst[ANAME_SZ];
180 strlcpy(chname, krb_get_phost(inst), sizeof(chname));
181 if(strcmp(inst, chname))
183 "Warning: Are you sure `%s' should not be `%s'?\n",
186 memset(&values, 0, sizeof(values));
187 strlcpy(values.name, name, sizeof(values.name));
188 strlcpy(values.instance, inst, sizeof(values.instance));
189 des_random_key(newkey);
190 values.key_low = (newkey[0] << 24) | (newkey[1] << 16)
191 | (newkey[2] << 8) | (newkey[3] << 0);
192 values.key_high = (newkey[4] << 24) | (newkey[5] << 16)
193 | (newkey[6] << 8) | (newkey[7] << 0);
195 SET_FIELD(KADM_NAME,values.fields);
196 SET_FIELD(KADM_INST,values.fields);
197 SET_FIELD(KADM_DESKEY,values.fields);
199 ret = kadm_mod(&values, &values);
200 if(ret == KADM_NOENTRY)
201 ret = kadm_add(&values);
202 if (ret != KSUCCESS) {
203 warnx ("Couldn't get srvtab entry for %s.%s: %s",
204 name, inst, error_message(ret));
208 values.key_low = values.key_high = 0;
210 /* get the key version number */
212 int old = krb_use_admin_server(1);
214 strlcpy(old_tktfile, tkt_string(), sizeof(old_tktfile));
215 snprintf(new_tktfile, sizeof(new_tktfile), "%s_ksrvutil-get.%u",
216 TKT_ROOT, (unsigned)getpid());
217 krb_set_tkt_string(new_tktfile);
219 ret = krb_get_in_tkt(name, inst, realm, name, inst,
220 1, key_to_key, NULL, &newkey);
221 krb_use_admin_server(old);
223 warnx ("getting tickets for %s: %s",
224 krb_unparse_name_long(name, inst, realm),
225 krb_get_err_text(ret));
230 if (ret == KSUCCESS &&
231 (ret = tf_init(tkt_string(), R_TKT_FIL)) == KSUCCESS &&
232 (ret = tf_get_pname(garbage_name)) == KSUCCESS &&
233 (ret = tf_get_pinst(garbage_inst)) == KSUCCESS &&
234 (ret = tf_get_cred(&c)) == KSUCCESS)
237 warnx ("Could not find the cred in the ticket file: %s",
238 krb_get_err_text(ret));
243 krb_set_tkt_string(old_tktfile);
246 if(ret != KSUCCESS) {
247 memset(&newkey, 0, sizeof(newkey));
248 warnx ("Could not get a ticket for %s: %s\n",
249 krb_unparse_name_long(name, inst, realm),
250 krb_get_err_text(ret));
254 /* Write the new key & c:o to the srvtab file */
258 asprintf(&fn, "%s-%s", filename,
259 krb_unparse_name_long(name, inst, realm));
261 warnx("Out of memory");
264 fd = open(fn, O_RDWR | O_CREAT | O_TRUNC, 0600); /* XXX flags, mode? */
269 srvtab_put_key (fd, fn, name, inst, realm, kvno, newkey);
271 fprintf (stderr, "Created %s\n", fn);
274 srvtab_put_key (fd, filename, name, inst, realm, kvno, newkey);
275 fprintf (stderr, "Added %s\n",
276 krb_unparse_name_long (name, inst, realm));
278 memset(&newkey, 0, sizeof(newkey));
282 ksrvutil_kadm(int unique_filename, int fd, char *filename, struct srv_ent *p)
287 ret = kadm_init_link(PWSERV_NAME, KADM_SINST, u_realm);
288 if (ret != KADM_SUCCESS) {
289 warnx("Couldn't initialize kadmin link: %s", error_message(ret));
293 ret = krb_get_cred (PWSERV_NAME, KADM_SINST, u_realm, &c);
294 if (ret != KSUCCESS) {
298 * create ticket file and get admin tickets
300 snprintf(tktstring, sizeof(tktstring), "%s_ksrvutil_%d",
301 TKT_ROOT, (int)getpid());
302 krb_set_tkt_string(tktstring);
305 ret = get_admin_password(u_name, u_inst, u_realm);
307 warnx("Couldn't get admin password.");
312 get_srvtab_ent(unique_filename, fd, filename, p->name, p->inst, p->realm);
319 parseinput (char *result, size_t sz, char *val, char *def)
324 if (val[0] == '\0') {
325 strlcpy (result, def, sz);
328 lim = result + sz - 1;
330 while(*val && result < lim) {
348 ksrvutil_get(int unique_filename, int fd, char *filename, int argc, char **argv)
350 char sname[ANAME_SZ]; /* name of service */
351 char sinst[INST_SZ]; /* instance of service */
352 char srealm[REALM_SZ]; /* realm of service */
353 char databuf[BUFSIZ];
354 char local_hostname[100];
356 struct srv_ent *head=NULL;
359 gethostname(local_hostname, sizeof(local_hostname));
360 strlcpy(local_hostname,
361 krb_get_phost(local_hostname),
362 sizeof(local_hostname));
365 for(i=0; i < argc; ++i) {
366 struct srv_ent *p=malloc(sizeof(*p));
369 warnx ("out of memory in malloc");
373 strlcpy (p->realm, u_realm, sizeof(p->realm));
374 if (kname_parse (p->name, p->inst, p->realm, argv[i]) !=
376 warnx ("parse error on '%s'\n", argv[i]);
380 if (p->name[0] == '\0')
381 strlcpy(p->name, "rcmd", sizeof(p->name));
382 if (p->inst[0] == '\0')
383 strlcpy(p->inst, local_hostname, sizeof(p->inst));
384 if (p->realm[0] == '\0')
385 strlcpy(p->realm, u_realm, sizeof(p->realm));
391 safe_read_stdin("Name [rcmd]: ", databuf, sizeof(databuf));
392 parseinput (sname, sizeof(sname), databuf, "rcmd");
394 snprintf(prompt, sizeof(prompt), "Instance [%s]: ", local_hostname);
395 safe_read_stdin(prompt, databuf, sizeof(databuf));
396 parseinput (sinst, sizeof(sinst), databuf, local_hostname);
398 snprintf(prompt, sizeof(prompt), "Realm [%s]: ", u_realm);
399 safe_read_stdin(prompt, databuf, sizeof(databuf));
400 parseinput (srealm, sizeof(srealm), databuf, u_realm);
402 if(yn("Is this correct?")){
403 struct srv_ent *p=(struct srv_ent*)malloc(sizeof(struct srv_ent));
405 warnx ("out of memory in malloc");
410 strlcpy(p->name, sname, sizeof(p->name));
411 strlcpy(p->inst, sinst, sizeof(p->inst));
412 strlcpy(p->realm, srealm, sizeof(p->realm));
414 }while(ny("Add more keys?"));
417 ksrvutil_kadm(unique_filename, fd, filename, head);
420 struct srv_ent *p=head, *q;
projects / dragonfly.git / blob