diff options
Diffstat (limited to 'crypto/heimdal/kadmin')
-rw-r--r-- | crypto/heimdal/kadmin/ChangeLog | 43 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/Makefile.in | 16 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/add-random-users.c | 4 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/cpw.c | 6 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/del.c | 6 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/del_enctype.c | 6 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/ext.c | 7 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/get.c | 6 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/kadm_conn.c | 9 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/kadmin.8 | 41 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/kadmin.c | 18 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/kadmin.cat8 | 123 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/kadmind.8 | 15 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/kadmind.c | 17 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/kadmind.cat8 | 93 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/load.c | 4 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/random_password.c | 19 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/rename.c | 6 | ||||
-rw-r--r-- | crypto/heimdal/kadmin/util.c | 18 |
19 files changed, 376 insertions, 81 deletions
diff --git a/crypto/heimdal/kadmin/ChangeLog b/crypto/heimdal/kadmin/ChangeLog index f28577c3c926..ccc615edcaae 100644 --- a/crypto/heimdal/kadmin/ChangeLog +++ b/crypto/heimdal/kadmin/ChangeLog @@ -1,3 +1,46 @@ +2001-05-17 Assar Westerlund <assar@sics.se> + + * kadm_conn.c (start_server): fix krb5_eai_to_heim_errno call + +2001-05-15 Assar Westerlund <assar@sics.se> + + * kadmin.c (main): some error cleaning required + +2001-05-14 Assar Westerlund <assar@sics.se> + + * kadmind.c: new krb5_config_parse_file + * kadmin.c: new krb5_config_parse_file + * kadm_conn.c: update to new krb5_sockaddr2address + +2001-05-07 Assar Westerlund <assar@sics.se> + + * kadmin_locl.h (foreach_principal): update prototype + * get.c (getit): new foreach_principal + * ext.c (ext_keytab): new foreach_principal + * del.c (del_entry): new foreach_principal + * cpw.c (cpw_entry): new foreach_principal + * util.c (foreach_principal): add `funcname' and try printing the + error string + +2001-05-04 Johan Danielsson <joda@pdc.kth.se> + + * rename.c: fix argument number test + +2001-04-19 Johan Danielsson <joda@pdc.kth.se> + + * del_enctype.c: fix argument count check after getarg change; + spotted by mark@MCS.VUW.AC.NZ + +2001-02-15 Assar Westerlund <assar@sics.se> + + * kadmind.c (main): use a `struct sockaddr_storage' to be able to + store all types of addresses + +2001-02-07 Assar Westerlund <assar@sics.se> + + * kadmin.c: add --keytab / _K, from Leif Johansson + <leifj@it.su.se> + 2001-01-29 Assar Westerlund <assar@sics.se> * kadm_conn.c (spawn_child): close the newly created socket in the diff --git a/crypto/heimdal/kadmin/Makefile.in b/crypto/heimdal/kadmin/Makefile.in index 1e84e56e673f..dd2ec1371e7d 100644 --- a/crypto/heimdal/kadmin/Makefile.in +++ b/crypto/heimdal/kadmin/Makefile.in @@ -1,6 +1,7 @@ -# Makefile.in generated automatically by automake 1.4a from Makefile.am +# Makefile.in generated automatically by automake 1.4b from Makefile.am -# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc. +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -119,7 +120,7 @@ install_sh = @install_sh@ # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ -# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $ +# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ AUTOMAKE_OPTIONS = foreign no-dependencies @@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la +@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la + CHECK_LOCAL = $(PROGRAMS) sbin_PROGRAMS = kadmin @@ -331,7 +334,7 @@ OBJECTS = $(am_add_random_users_OBJECTS) $(am_kadmin_OBJECTS) $(am_kadmind_OBJEC all: all-redirect .SUFFIXES: -.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x +.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common cd $(top_srcdir) && $(AUTOMAKE) --foreign kadmin/Makefile @@ -509,6 +512,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) +GTAGS: + here=`CDPATH=: && cd $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $$here + mostlyclean-tags: clean-tags: diff --git a/crypto/heimdal/kadmin/add-random-users.c b/crypto/heimdal/kadmin/add-random-users.c index 24cde703cc01..f0b7f4cd41fd 100644 --- a/crypto/heimdal/kadmin/add-random-users.c +++ b/crypto/heimdal/kadmin/add-random-users.c @@ -33,7 +33,7 @@ #include "kadmin_locl.h" -RCSID("$Id: add-random-users.c,v 1.2 2000/12/31 07:43:39 assar Exp $"); +RCSID("$Id: add-random-users.c,v 1.3 2001/02/20 01:44:49 assar Exp $"); #define WORDS_FILENAME "/usr/share/dict/words" @@ -146,7 +146,7 @@ main(int argc, char **argv) { int optind = 0; - set_progname(argv[0]); + setprogname(argv[0]); if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) usage(1); if (help_flag) diff --git a/crypto/heimdal/kadmin/cpw.c b/crypto/heimdal/kadmin/cpw.c index 3abc1d14808d..06200d6d3623 100644 --- a/crypto/heimdal/kadmin/cpw.c +++ b/crypto/heimdal/kadmin/cpw.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kadmin_locl.h" -RCSID("$Id: cpw.c,v 1.11 2000/04/12 10:45:54 assar Exp $"); +RCSID("$Id: cpw.c,v 1.12 2001/05/07 05:30:23 assar Exp $"); struct cpw_entry_data { int random_key; @@ -202,7 +202,7 @@ cpw_entry(int argc, char **argv) argv += optind; for(i = 0; i < argc; i++) - ret = foreach_principal(argv[i], do_cpw_entry, &data); + ret = foreach_principal(argv[i], do_cpw_entry, "cpw", &data); if (data.key_data) { int16_t dummy; diff --git a/crypto/heimdal/kadmin/del.c b/crypto/heimdal/kadmin/del.c index 9d7e91b96bda..1697656de2db 100644 --- a/crypto/heimdal/kadmin/del.c +++ b/crypto/heimdal/kadmin/del.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kadmin_locl.h" -RCSID("$Id: del.c,v 1.5 2000/09/10 19:17:00 joda Exp $"); +RCSID("$Id: del.c,v 1.6 2001/05/07 05:30:50 assar Exp $"); static int do_del_entry(krb5_principal principal, void *data) @@ -75,6 +75,6 @@ del_entry(int argc, char **argv) } for(i = 1; i < argc; i++) - ret = foreach_principal(argv[i], do_del_entry, NULL); + ret = foreach_principal(argv[i], do_del_entry, "del", NULL); return 0; } diff --git a/crypto/heimdal/kadmin/del_enctype.c b/crypto/heimdal/kadmin/del_enctype.c index 1333a4dbf95b..985cc84f37a5 100644 --- a/crypto/heimdal/kadmin/del_enctype.c +++ b/crypto/heimdal/kadmin/del_enctype.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2000 Kungliga Tekniska Högskolan + * Copyright (c) 1999-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kadmin_locl.h" -RCSID("$Id: del_enctype.c,v 1.6 2000/09/10 19:17:23 joda Exp $"); +RCSID("$Id: del_enctype.c,v 1.7 2001/04/19 07:26:52 joda Exp $"); /* * del_enctype principal enctypes... @@ -73,7 +73,7 @@ del_enctype(int argc, char **argv) usage (); return 0; } - if(argc - optind < 3 || help_flag) { + if(argc - optind < 2 || help_flag) { usage (); return 0; } diff --git a/crypto/heimdal/kadmin/ext.c b/crypto/heimdal/kadmin/ext.c index 9d2be170e99e..6b3f3af64647 100644 --- a/crypto/heimdal/kadmin/ext.c +++ b/crypto/heimdal/kadmin/ext.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kadmin_locl.h" -RCSID("$Id: ext.c,v 1.5 2000/01/02 03:58:02 assar Exp $"); +RCSID("$Id: ext.c,v 1.6 2001/05/07 05:31:12 assar Exp $"); struct ext_keytab_data { krb5_keytab keytab; @@ -107,10 +107,9 @@ ext_keytab(int argc, char **argv) argv += optind; for(i = 0; i < argc; i++) - foreach_principal(argv[i], do_ext_keytab, &data); + foreach_principal(argv[i], do_ext_keytab, "ext", &data); krb5_kt_close(context, data.keytab); return 0; } - diff --git a/crypto/heimdal/kadmin/get.c b/crypto/heimdal/kadmin/get.c index 7ecea7c19bac..30eea9dfcfc6 100644 --- a/crypto/heimdal/kadmin/get.c +++ b/crypto/heimdal/kadmin/get.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,7 +34,7 @@ #include "kadmin_locl.h" #include <parse_units.h> -RCSID("$Id: get.c,v 1.12 2000/12/15 14:24:24 joda Exp $"); +RCSID("$Id: get.c,v 1.13 2001/05/07 05:31:43 assar Exp $"); struct get_entry_data { void (*header)(void); @@ -270,7 +270,7 @@ getit(const char *name, int terse_flag, int argc, char **argv) argv += optind; for(i = 0; i < argc; i++) - ret = foreach_principal(argv[i], do_get_entry, &data); + ret = foreach_principal(argv[i], do_get_entry, "get", &data); return 0; usage: arg_printusage (args, num_args, name, "principal..."); diff --git a/crypto/heimdal/kadmin/kadm_conn.c b/crypto/heimdal/kadmin/kadm_conn.c index 28bf1779d2ed..391482217a89 100644 --- a/crypto/heimdal/kadmin/kadm_conn.c +++ b/crypto/heimdal/kadmin/kadm_conn.c @@ -36,7 +36,7 @@ #include <sys/wait.h> #endif -RCSID("$Id: kadm_conn.c,v 1.11 2001/01/29 08:43:01 assar Exp $"); +RCSID("$Id: kadm_conn.c,v 1.13 2001/05/16 22:06:44 assar Exp $"); struct kadm_port { char *port; @@ -137,14 +137,14 @@ spawn_child(krb5_context context, int *socks, int num_socks, int this_sock) krb5_warn(context, errno, "accept"); return 1; } - e = krb5_sockaddr2address(sa, &addr); + e = krb5_sockaddr2address(context, sa, &addr); if(e) krb5_warn(context, e, "krb5_sockaddr2address"); else { e = krb5_print_address (&addr, buf, sizeof(buf), &buf_len); if(e) - krb5_warn(context, e, "krb5_sockaddr2address"); + krb5_warn(context, e, "krb5_print_address"); else krb5_warnx(context, "connection from %s", buf); krb5_free_address(context, &addr); @@ -243,7 +243,8 @@ start_server(krb5_context context) } if(e) { - krb5_warn(context, krb5_eai_to_heim_errno(e), "%s", portstr); + krb5_warn(context, krb5_eai_to_heim_errno(e, errno), + "%s", portstr); continue; } i = 0; diff --git a/crypto/heimdal/kadmin/kadmin.8 b/crypto/heimdal/kadmin/kadmin.8 index fb23cfe9a735..67072afa18c2 100644 --- a/crypto/heimdal/kadmin/kadmin.8 +++ b/crypto/heimdal/kadmin/kadmin.8 @@ -1,4 +1,4 @@ -.\" $Id: kadmin.8,v 1.2 2000/09/19 12:29:48 assar Exp $ +.\" $Id: kadmin.8,v 1.5 2001/06/08 21:27:57 joda Exp $ .\" .Dd September 10, 2000 .Dt KADMIN 8 @@ -9,23 +9,33 @@ .Sh SYNOPSIS .Nm .Oo Fl p Ar string \*(Ba Xo -.Fl -principal= Ns Ar string Oc +.Fl -principal= Ns Ar string +.Xc +.Oc +.Oo Fl K Ar string \*(Ba Xo +.Fl -keytab= Ns Ar string .Xc +.Oc .Oo Fl c Ar file \*(Ba Xo -.Fl -config-file= Ns Ar file Oc +.Fl -config-file= Ns Ar file .Xc +.Oc .Oo Fl k Ar file \*(Ba Xo -.Fl -key-file= Ns Ar file Oc +.Fl -key-file= Ns Ar file .Xc +.Oc .Oo Fl r Ar realm \*(Ba Xo -.Fl -realm= Ns Ar realm Oc +.Fl -realm= Ns Ar realm .Xc +.Oc .Oo Fl a Ar host \*(Ba Xo -.Fl -admin-server= Ns Ar host Oc +.Fl -admin-server= Ns Ar host .Xc +.Oc .Oo Fl s Ar port number \*(Ba Xo -.Fl -server-port= Ns Ar port number Oc +.Fl -server-port= Ns Ar port number .Xc +.Oc .Op Fl l | Fl -local .Op Fl h | Fl -help .Op Fl v | Fl -version @@ -47,6 +57,11 @@ Supported options: .Xc principal to authenticate as .It Xo +.Fl K Ar string Ns , +.Fl -keytab= Ns Ar string +.Xc +keytab for authentication pricipal +.It Xo .Fl c Ar file Ns , .Fl -config-file= Ns Ar file .Xc @@ -90,8 +105,9 @@ will prompt for commands to process. Commands include: .Op Fl r | Fl -random-key .Op Fl -random-password .Oo Fl p Ar string \*(Ba Xo -.Fl -password= Ns Ar string Oc +.Fl -password= Ns Ar string .Xc +.Oc .Op Fl -key= Ns Ar string .Op Fl -max-ticket-life= Ns Ar lifetime .Op Fl -max-renewable-life= Ns Ar lifetime @@ -108,8 +124,9 @@ creates a new principal .Op Fl r | Fl -random-key .Op Fl -random-password .Oo Fl p Ar string \*(Ba Xo -.Fl -password= Ns Ar string Oc +.Fl -password= Ns Ar string .Xc +.Oc .Op Fl -key= Ns Ar string .Ar principal... .Pp @@ -134,8 +151,9 @@ belonging to the principal is known to not handle certain enctypes .Pp .Nm ext_keytab .Oo Fl k Ar string \*(Ba Xo -.Fl -keytab= Ns Ar string Oc +.Fl -keytab= Ns Ar string .Xc +.Oc .Ar principal... .Pp .Bd -ragged -offset indent @@ -163,8 +181,9 @@ renames a principal .Pp .Nm modify .Oo Fl a Ar attributes \*(Ba Xo -.Fl -attributes= Ns Ar attributes Oc +.Fl -attributes= Ns Ar attributes .Xc +.Oc .Op Fl -max-ticket-life= Ns Ar lifetime .Op Fl -max-renewable-life= Ns Ar lifetime .Op Fl -expiration-time= Ns Ar time diff --git a/crypto/heimdal/kadmin/kadmin.c b/crypto/heimdal/kadmin/kadmin.c index 5a21ffb31d6a..058187cb1f93 100644 --- a/crypto/heimdal/kadmin/kadmin.c +++ b/crypto/heimdal/kadmin/kadmin.c @@ -34,7 +34,7 @@ #include "kadmin_locl.h" #include <sl.h> -RCSID("$Id: kadmin.c,v 1.34 2001/01/26 22:20:52 joda Exp $"); +RCSID("$Id: kadmin.c,v 1.38 2001/05/15 06:34:35 assar Exp $"); static char *config_file; static char *keyfile; @@ -45,10 +45,13 @@ static char *realm; static char *admin_server; static int server_port = 0; static char *client_name; +static char *keytab; static struct getargs args[] = { { "principal", 'p', arg_string, &client_name, "principal to authenticate as" }, + { "keytab", 'K', arg_string, &keytab, + "keytab for authentication pricipal" }, { "config-file", 'c', arg_string, &config_file, "location of config file", "file" @@ -222,7 +225,7 @@ main(int argc, char **argv) int optind = 0; int e; - set_progname(argv[0]); + setprogname(argv[0]); ret = krb5_init_context(&context); if (ret) @@ -245,12 +248,13 @@ main(int argc, char **argv) if (config_file == NULL) config_file = HDB_DB_DIR "/kdc.conf"; - if(krb5_config_parse_file(config_file, &cf) == 0) { + if(krb5_config_parse_file(context, config_file, &cf) == 0) { const char *p = krb5_config_get_string (context, cf, "kdc", "key-file", NULL); if (p) keyfile = strdup(p); } + krb5_clear_error_string (context); memset(&conf, 0, sizeof(conf)); if(realm) { @@ -278,6 +282,14 @@ main(int argc, char **argv) &conf, 0, 0, &kadm_handle); actual_cmds = commands; + } else if (keytab) { + ret = kadm5_c_init_with_skey_ctx(context, + client_name, + keytab, + KADM5_ADMIN_SERVICE, + &conf, 0, 0, + &kadm_handle); + actual_cmds = commands + 4; /* XXX */ } else { ret = kadm5_c_init_with_password_ctx(context, client_name, diff --git a/crypto/heimdal/kadmin/kadmin.cat8 b/crypto/heimdal/kadmin/kadmin.cat8 new file mode 100644 index 000000000000..31885a7ba67b --- /dev/null +++ b/crypto/heimdal/kadmin/kadmin.cat8 @@ -0,0 +1,123 @@ + +KADMIN(8) UNIX System Manager's Manual KADMIN(8) + +NNAAMMEE + kkaaddmmiinn - Kerberos administration utility + +SSYYNNOOPPSSIISS + kkaaddmmiinn [--pp _s_t_r_i_n_g | ----pprriinncciippaall==_s_t_r_i_n_g] [--KK _s_t_r_i_n_g | ----kkeeyyttaabb==_s_t_r_i_n_g] [--cc + _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e] [--rr _r_e_a_l_m | + ----rreeaallmm==_r_e_a_l_m] [--aa _h_o_s_t | ----aaddmmiinn--sseerrvveerr==_h_o_s_t] [--ss _p_o_r_t _n_u_m_b_e_r | + ----sseerrvveerr--ppoorrtt==_p_o_r_t _n_u_m_b_e_r] [--ll | ----llooccaall] [--hh | ----hheellpp] [--vv | ----vveerrssiioonn] + [_c_o_m_m_a_n_d] + +DDEESSCCRRIIPPTTIIOONN + The kkaaddmmiinn program is used to make modification to the Kerberos database, + either remotely via the kadmind(8) daemon, or locally (with the --ll op- + tion). + + Supported options: + + --pp _s_t_r_i_n_g, ----pprriinncciippaall==_s_t_r_i_n_g + principal to authenticate as + + --KK _s_t_r_i_n_g, ----kkeeyyttaabb==_s_t_r_i_n_g + keytab for authentication pricipal + + --cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e + location of config file + + --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e + location of master key file + + --rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m + realm to use + + --aa _h_o_s_t, ----aaddmmiinn--sseerrvveerr==_h_o_s_t + server to contact + + --ss _p_o_r_t _n_u_m_b_e_r, ----sseerrvveerr--ppoorrtt==_p_o_r_t _n_u_m_b_e_r + port to use + + --ll, ----llooccaall + local admin mode + + If no _c_o_m_m_a_n_d is given on the command line, kkaaddmmiinn will prompt for com- + mands to process. Commands include: + + aadddd [--rr | ----rraannddoomm--kkeeyy] [----rraannddoomm--ppaasssswwoorrdd] [--pp _s_t_r_i_n_g | + ----ppaasssswwoorrdd==_s_t_r_i_n_g] [----kkeeyy==_s_t_r_i_n_g] [----mmaaxx--ttiicckkeett--lliiffee==_l_i_f_e_t_i_m_e] + [----mmaaxx--rreenneewwaabbllee--lliiffee==_l_i_f_e_t_i_m_e] [----aattttrriibbuutteess==_a_t_t_r_i_b_u_t_e_s] + [----eexxppiirraattiioonn--ttiimmee==_t_i_m_e] [----ppww--eexxppiirraattiioonn--ttiimmee==_t_i_m_e] _p_r_i_n_c_i_p_a_l_._._. + + creates a new principal + + ppaasssswwdd [--rr | ----rraannddoomm--kkeeyy] [----rraannddoomm--ppaasssswwoorrdd] [--pp _s_t_r_i_n_g | + ----ppaasssswwoorrdd==_s_t_r_i_n_g] [----kkeeyy==_s_t_r_i_n_g] _p_r_i_n_c_i_p_a_l_._._. + + changes the password of an existing principal + + ddeelleettee _p_r_i_n_c_i_p_a_l_._._. + + removes a principal + + ddeell__eennccttyyppee _p_r_i_n_c_i_p_a_l _e_n_c_t_y_p_e_s_._._. + + + removes some enctypes from a principal, this can be useful + the service belonging to the principal is known to not handle + certain enctypes + + eexxtt__kkeeyyttaabb [--kk _s_t_r_i_n_g | ----kkeeyyttaabb==_s_t_r_i_n_g] _p_r_i_n_c_i_p_a_l_._._. + + creates a keytab with the keys of the specified principals + + ggeett [--ll | ----lloonngg] [--ss | ----sshhoorrtt] [--tt | ----tteerrssee] _e_x_p_r_e_s_s_i_o_n_._._. + + lists the principals that match the expressions (which are + shell glob like), long format gives more information, and + terse just prints the names + + rreennaammee _f_r_o_m _t_o + + renames a principal + + mmooddiiffyy [--aa _a_t_t_r_i_b_u_t_e_s | ----aattttrriibbuutteess==_a_t_t_r_i_b_u_t_e_s] + [----mmaaxx--ttiicckkeett--lliiffee==_l_i_f_e_t_i_m_e] [----mmaaxx--rreenneewwaabbllee--lliiffee==_l_i_f_e_t_i_m_e] + [----eexxppiirraattiioonn--ttiimmee==_t_i_m_e] [----ppww--eexxppiirraattiioonn--ttiimmee==_t_i_m_e] + [----kkvvnnoo==_n_u_m_b_e_r] _p_r_i_n_c_i_p_a_l + + modifies certain attributes of a principal + + pprriivviilleeggeess + + lists the operations you are allowd to perform + + When running in local mode, the following commands can also be used. + + dduummpp [--dd | ----ddeeccrryypptt] [_d_u_m_p_-_f_i_l_e] + + writes the database in ``human readable'' form to the speci- + fied file, or standard out + + iinniitt [----rreeaallmm--mmaaxx--ttiicckkeett--lliiffee==_s_t_r_i_n_g] + [----rreeaallmm--mmaaxx--rreenneewwaabbllee--lliiffee==_s_t_r_i_n_g] _r_e_a_l_m + + initialises the Kerberos database with entries for a new + realm, it's possible to have more than one realm served by + one server + + llooaadd _f_i_l_e + + reads a previously dumped database, and re-creates that + database from scratch + + mmeerrggee _f_i_l_e + + similar to lliisstt but just modifies the database with the en- + tries in the dump file + +SSEEEE AALLSSOO + kadmind(8), kdc(8) + + HEIMDAL September 10, 2000 2 diff --git a/crypto/heimdal/kadmin/kadmind.8 b/crypto/heimdal/kadmin/kadmind.8 index 9b7668331384..928d12ffe046 100644 --- a/crypto/heimdal/kadmin/kadmind.8 +++ b/crypto/heimdal/kadmin/kadmind.8 @@ -7,19 +7,23 @@ .Sh SYNOPSIS .Nm .Oo Fl c Ar file \*(Ba Xo -.Fl -config-file= Ns Ar file Oc +.Fl -config-file= Ns Ar file .Xc +.Oc .Oo Fl k Ar file \*(Ba Xo -.Fl -key-file= Ns Ar file Oc +.Fl -key-file= Ns Ar file .Xc +.Oc .Op Fl -keytab= Ns Ar keytab .Oo Fl r Ar realm \*(Ba Xo -.Fl -realm= Ns Ar realm Oc +.Fl -realm= Ns Ar realm .Xc +.Oc .Op Fl d | Fl -debug .Oo Fl p Ar port \*(Ba Xo -.Fl -ports= Ns Ar port Oc +.Fl -ports= Ns Ar port .Xc +.Oc .Sh DESCRIPTION .Nm listens for requests for changes to the Kerberos database and performs @@ -40,7 +44,8 @@ but the .Xr kpasswdd 8 daemon is responsible for the Kerberos 5 password changing protocol (used by -.Xr kpasswd 1 ). +.Xr kpasswd 1 ) +. .Pp This daemon should only be run on ther master server, and not on any slaves. diff --git a/crypto/heimdal/kadmin/kadmind.c b/crypto/heimdal/kadmin/kadmind.c index 7c1696bf841a..c8fe8ec9ac52 100644 --- a/crypto/heimdal/kadmin/kadmind.c +++ b/crypto/heimdal/kadmin/kadmind.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kadmin_locl.h" -RCSID("$Id: kadmind.c,v 1.24 2000/12/31 07:45:23 assar Exp $"); +RCSID("$Id: kadmind.c,v 1.27 2001/05/14 06:16:41 assar Exp $"); static char *check_library = NULL; static char *check_function = NULL; @@ -98,7 +98,7 @@ main(int argc, char **argv) krb5_log_facility *logf; krb5_keytab keytab; - set_progname(argv[0]); + setprogname(argv[0]); ret = krb5_init_context(&context); if (ret) @@ -128,7 +128,7 @@ main(int argc, char **argv) if (config_file == NULL) config_file = HDB_DB_DIR "/kdc.conf"; - if(krb5_config_parse_file(config_file, &cf) == 0) { + if(krb5_config_parse_file(context, config_file, &cf) == 0) { const char *p = krb5_config_get_string (context, cf, "kdc", "key-file", NULL); if (p) @@ -143,11 +143,12 @@ main(int argc, char **argv) { int fd = 0; - struct sockaddr sa; - socklen_t sa_size; + struct sockaddr_storage __ss; + struct sockaddr *sa = (struct sockaddr *)&__ss; + socklen_t sa_size = sizeof(__ss); krb5_auth_context ac = NULL; int debug_port; - sa_size = sizeof(sa); + if(debug_flag) { if(port_str == NULL) debug_port = krb5_getportbyname (context, "kerberos-adm", @@ -155,7 +156,7 @@ main(int argc, char **argv) else debug_port = htons(atoi(port_str)); mini_inetd(debug_port); - } else if(roken_getsockname(STDIN_FILENO, &sa, &sa_size) < 0 && + } else if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 && errno == ENOTSOCK) { parse_ports(context, port_str ? port_str : "+"); pidfile(NULL); diff --git a/crypto/heimdal/kadmin/kadmind.cat8 b/crypto/heimdal/kadmin/kadmind.cat8 new file mode 100644 index 000000000000..c03ae18ea4e5 --- /dev/null +++ b/crypto/heimdal/kadmin/kadmind.cat8 @@ -0,0 +1,93 @@ + +KADMIND(8) UNIX System Manager's Manual KADMIND(8) + +NNAAMMEE + kkaaddmmiinndd - server for administrative access to kerberos database + +SSYYNNOOPPSSIISS + kkaaddmmiinndd [--cc _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e] + [----kkeeyyttaabb==_k_e_y_t_a_b] [--rr _r_e_a_l_m | ----rreeaallmm==_r_e_a_l_m] [--dd | ----ddeebbuugg] [--pp _p_o_r_t | + ----ppoorrttss==_p_o_r_t] + +DDEESSCCRRIIPPTTIIOONN + kkaaddmmiinndd listens for requests for changes to the Kerberos database and + performs these, subject to permissions. When starting, if stdin is a + socket it assumes that it has been started by inetd(8), otherwise it be- + haves as a daemon, forking processes for each new connection. The ----ddeebbuugg + option causes kkaaddmmiinndd to accept exactly one connection, which is useful + for debugging. + + If built with krb4 support, it implements both the Heimdal Kerberos 5 ad- + ministrative protocol and the Kerberos 4 protocol. Password changes via + the Kerberos 4 protocol are also performed by kkaaddmmiinndd, but the kpass- + wdd(8) daemon is responsible for the Kerberos 5 password changing proto- + col (used by kpasswd(1)) + + This daemon should only be run on ther master server, and not on any + slaves. + + Principals are always allowed to change their own password and list their + own principals. Apart from that, doing any operation requires permission + explicitly added in the ACL file _/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l. The format of + this file is: + + _p_r_i_n_c_i_p_a_l _r_i_g_h_t_s [_p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n] + + Where rights is any combination of: + + ++oo change-password | cpw + + ++oo list + + ++oo delete + + ++oo modify + + ++oo add + + ++oo get + + ++oo all + + And the optional _p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n restricts the rights to principals + that match the glob-style pattern. + + Supported options: + + --cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e + location of config file + + --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e + location of master key file + + ----kkeeyyttaabb==_k_e_y_t_a_b + + + what keytab to use + + --rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m + realm to use + + --dd, ----ddeebbuugg + enable debugging + + --pp _p_o_r_t, ----ppoorrttss==_p_o_r_t + ports to listen to. By default, if run as a daemon, it listen to + ports 749, and 751 (if built with Kerberos 4 support), but you + can add any number of ports with this option. The port string is + a whitespace separated list of port specifications, with the spe- + cial string ``+'' representing the default set of ports. + +FFIILLEESS + _/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l + +EEXXAAMMPPLLEESS + This will cause kadmind to listen to port 4711 in addition to any com- + piled in defaults: + + # kadmind --ports="+ 4711" & + +SSEEEE AALLSSOO + kdc(8), kadmin(1), kpasswdd(8), kpasswd(1) + + HEIMDAL June 7, 2000 2 diff --git a/crypto/heimdal/kadmin/load.c b/crypto/heimdal/kadmin/load.c index c53a7ad65df1..f1175541d735 100644 --- a/crypto/heimdal/kadmin/load.c +++ b/crypto/heimdal/kadmin/load.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,7 +34,7 @@ #include "kadmin_locl.h" #include <kadm5/private.h> -RCSID("$Id: load.c,v 1.40 2001/01/04 15:59:26 assar Exp $"); +RCSID("$Id: load.c,v 1.41 2001/02/20 01:44:49 assar Exp $"); struct entry { char *principal; diff --git a/crypto/heimdal/kadmin/random_password.c b/crypto/heimdal/kadmin/random_password.c index aabe08c2776b..92fb2fcddb97 100644 --- a/crypto/heimdal/kadmin/random_password.c +++ b/crypto/heimdal/kadmin/random_password.c @@ -33,7 +33,7 @@ #include "kadmin_locl.h" -RCSID("$Id: random_password.c,v 1.3 1999/12/02 17:04:58 joda Exp $"); +RCSID("$Id: random_password.c,v 1.4 2001/02/15 04:20:53 assar Exp $"); /* This file defines some a function that generates a random password, that can be used when creating a large amount of principals (such @@ -57,9 +57,9 @@ random_password(char *pw, size_t len) { #ifdef OTP_STYLE { - des_cblock newkey; + OtpKey newkey; - des_new_random_key(&newkey); + krb5_generate_random_block(&newkey, sizeof(newkey)); otp_print_stddict (newkey, pw, len); strlwr(pw); } @@ -80,11 +80,11 @@ random_password(char *pw, size_t len) #ifndef OTP_STYLE /* return a random value in range 0-127 */ static int -RND(des_cblock *key, int *left) +RND(unsigned char *key, int keylen, int *left) { if(*left == 0){ - des_new_random_key(key); - *left = 8; + krb5_generate_random_block(key, keylen); + *left = keylen; } (*left)--; return ((unsigned char*)key)[*left]; @@ -120,7 +120,7 @@ generate_password(char **pw, int num_classes, ...) } *classes; va_list ap; int len, i; - des_cblock rbuf; /* random buffer */ + unsigned char rbuf[8]; /* random buffer */ int rleft = 0; classes = malloc(num_classes * sizeof(*classes)); @@ -138,11 +138,12 @@ generate_password(char **pw, int num_classes, ...) return; for(i = 0; i < len; i++) { int j; - int x = RND(&rbuf, &rleft) % (len - i); + int x = RND(rbuf, sizeof(rbuf), &rleft) % (len - i); int t = 0; for(j = 0; j < num_classes; j++) { if(x < t + classes[j].freq) { - (*pw)[i] = classes[j].str[RND(&rbuf, &rleft) % classes[j].len]; + (*pw)[i] = classes[j].str[RND(rbuf, sizeof(rbuf), &rleft) + % classes[j].len]; classes[j].freq--; break; } diff --git a/crypto/heimdal/kadmin/rename.c b/crypto/heimdal/kadmin/rename.c index 0ba2a585c0f1..ac5f4d699d64 100644 --- a/crypto/heimdal/kadmin/rename.c +++ b/crypto/heimdal/kadmin/rename.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kadmin_locl.h" -RCSID("$Id: rename.c,v 1.3 2000/09/10 19:19:20 joda Exp $"); +RCSID("$Id: rename.c,v 1.4 2001/05/04 13:07:03 joda Exp $"); static struct getargs args[] = { { "help", 'h', arg_flag, NULL } @@ -62,7 +62,7 @@ rename_entry(int argc, char **argv) usage (); return 0; } - if(argc - optind < 3 || help_flag) { + if(argc - optind != 2 || help_flag) { usage (); return 0; } diff --git a/crypto/heimdal/kadmin/util.c b/crypto/heimdal/kadmin/util.c index 8d7abc3e00c1..4a5e1c054316 100644 --- a/crypto/heimdal/kadmin/util.c +++ b/crypto/heimdal/kadmin/util.c @@ -34,7 +34,7 @@ #include "kadmin_locl.h" #include <parse_units.h> -RCSID("$Id: util.c,v 1.30 2001/01/11 23:07:29 assar Exp $"); +RCSID("$Id: util.c,v 1.32 2001/05/14 06:17:20 assar Exp $"); /* * util.c - functions for parsing, unparsing, and editing different @@ -461,6 +461,7 @@ is_expression(const char *string) int foreach_principal(const char *exp, int (*func)(krb5_principal, void*), + const char *funcname, void *data) { char **princs; @@ -498,19 +499,8 @@ foreach_principal(const char *exp, continue; } ret = (*func)(princ_ent, data); - if(ret) { - char *tmp; - krb5_error_code ret2; - - ret2 = krb5_unparse_name(context, princ_ent, &tmp); - if(ret2) { - krb5_warn(context, ret2, "krb5_unparse_name"); - krb5_warn(context, ret, "<unknown principal>"); - } else { - krb5_warn(context, ret, "%s", tmp); - free(tmp); - } - } + if(ret) + krb5_warn(context, ret, "%s %s", funcname, princs[i]); krb5_free_principal(context, princ_ent); } kadm5_free_name_list(kadm_handle, princs, &num_princs); |