diff options
Diffstat (limited to 'eBones/ksrvutil')
| -rw-r--r-- | eBones/ksrvutil/HOW-TO | 291 | ||||
| -rw-r--r-- | eBones/ksrvutil/Makefile | 9 | ||||
| -rw-r--r-- | eBones/ksrvutil/ksrvutil.8 | 93 | ||||
| -rw-r--r-- | eBones/ksrvutil/ksrvutil.c | 582 |
4 files changed, 0 insertions, 975 deletions
diff --git a/eBones/ksrvutil/HOW-TO b/eBones/ksrvutil/HOW-TO deleted file mode 100644 index 53f719c111aa..000000000000 --- a/eBones/ksrvutil/HOW-TO +++ /dev/null @@ -1,291 +0,0 @@ -To re-create this export-controlled program from eBones: - -1) Copy ksrvutil.c from the kadmin directory. -2) perl -spi.bak -e 's/\$(Header[^\$]*)\$/$1/g' *.[ch] -3) Apply this patch: - -*** ksrvutil.c.orig Fri Jan 20 17:19:45 1995 ---- ksrvutil.c Fri Jan 20 17:27:38 1995 -*************** -*** 1,10 **** - /* -- * $Source: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/ksrvutil.c,v $ -- * $Author: jtkohl $ -- * - * Copyright 1989 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file -! * <mit-copyright.h>. - * - * list and update contents of srvtab files ---- 1,7 ---- - /* - * Copyright 1989 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file -! * Copyright.MIT. - * - * list and update contents of srvtab files -*************** -*** 12,20 **** - - #ifndef lint - static char rcsid_ksrvutil_c[] = -! "BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/ksrvutil.c,v 4.1 89/09/26 09:33:49 jtkohl Exp "; - #endif lint - -- #include <mit-copyright.h> - /* - * ksrvutil ---- 9,20 ---- - - #ifndef lint -+ #if 0 - static char rcsid_ksrvutil_c[] = -! "BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/ksrvutil.c,v 4.1 89/09/26 09:33:49 jtkohl Exp "; -! #endif -! static const char rcsid[] = -! "$Id$"; - #endif lint - - /* - * ksrvutil -*************** -*** 37,40 **** ---- 37,41 ---- - #include <errno.h> - #include <kadm.h> -+ #include <err.h> - - #ifdef NOENCRYPTION -*************** -*** 54,58 **** - - extern int errno; -- extern char *sys_errlist[]; - - extern void krb_set_tkt_string(); ---- 55,58 ---- -*************** -*** 79,85 **** - if ((keyfile_fd = open(keyfile, O_RDONLY, 0)) < 0) { - if (errno != ENOENT) { -! (void)fprintf(stderr, "%s: Unable to read %s: %s\n", progname, -! keyfile, sys_errlist[errno]); -! exit(1); - } - else { ---- 79,83 ---- - if ((keyfile_fd = open(keyfile, O_RDONLY, 0)) < 0) { - if (errno != ENOENT) { -! err(1, "unable to read %s", keyfile); - } - else { -*************** -*** 88,100 **** - open(keyfile, - O_WRONLY | O_TRUNC | O_CREAT, SRVTAB_MODE)) < 0) { -! (void) fprintf(stderr, "%s: Unable to create %s: %s\n", -! progname, keyfile, sys_errlist[errno]); -! exit(1); - } - else - if (close(keyfile_fd) < 0) { -! (void) fprintf(stderr, "%s: Failure closing %s: %s\n", -! progname, keyfile, sys_errlist[errno]); -! exit(1); - } - } ---- 86,94 ---- - open(keyfile, - O_WRONLY | O_TRUNC | O_CREAT, SRVTAB_MODE)) < 0) { -! err(1, "unable to create %s", keyfile); - } - else - if (close(keyfile_fd) < 0) { -! err(1, "failure closing %s", keyfile); - } - } -*************** -*** 107,135 **** - open(backup_keyfile, O_WRONLY | O_TRUNC | O_CREAT, - keyfile_mode)) < 0) { -! (void) fprintf(stderr, "%s: Unable to write %s: %s\n", progname, -! backup_keyfile, sys_errlist[errno]); -! exit(1); - } - do { - if ((rcount = read(keyfile_fd, (char *)buf, sizeof(buf))) < 0) { -! (void) fprintf(stderr, "%s: Error reading %s: %s\n", progname, -! keyfile, sys_errlist[errno]); -! exit(1); - } - if (rcount && (write(backup_keyfile_fd, buf, rcount) != rcount)) { -! (void) fprintf(stderr, "%s: Error writing %s: %s\n", progname, -! backup_keyfile, sys_errlist[errno]); -! exit(1); - } - } while (rcount); - if (close(backup_keyfile_fd) < 0) { -! (void) fprintf(stderr, "%s: Error closing %s: %s\n", progname, -! backup_keyfile, sys_errlist[errno]); -! exit(1); - } - if (close(keyfile_fd) < 0) { -! (void) fprintf(stderr, "%s: Error closing %s: %s\n", progname, -! keyfile, sys_errlist[errno]); -! exit(1); - } - } ---- 101,119 ---- - open(backup_keyfile, O_WRONLY | O_TRUNC | O_CREAT, - keyfile_mode)) < 0) { -! err(1, "unable to write %s", backup_keyfile); - } - do { - if ((rcount = read(keyfile_fd, (char *)buf, sizeof(buf))) < 0) { -! err(1, "error reading %s", keyfile); - } - if (rcount && (write(backup_keyfile_fd, buf, rcount) != rcount)) { -! err(1, "error writing %s", backup_keyfile); - } - } while (rcount); - if (close(backup_keyfile_fd) < 0) { -! err(1, "error closing %s", backup_keyfile); - } - if (close(keyfile_fd) < 0) { -! err(1, "error closing %s", keyfile); - } - } -*************** -*** 145,151 **** - (void) bzero(buf, size); - if (read(0, buf, size - 1) < 0) { -! (void) fprintf(stderr, "Failure reading from stdin: %s\n", -! sys_errlist[errno]); -! leave((char *)NULL, 1); - } - fflush(stdin); ---- 129,134 ---- - (void) bzero(buf, size); - if (read(0, buf, size - 1) < 0) { -! warn("failure reading from stdin"); -! leave((char *)NULL, 1); - } - fflush(stdin); -*************** -*** 163,170 **** - { - if (write(fd, buf, len) != len) { -! (void) fprintf(stderr, "%s: Failure writing to %s: %s\n", progname, -! filename, sys_errlist[errno]); -! (void) close(fd); -! leave("In progress srvtab in this file.", 1); - } - } ---- 146,152 ---- - { - if (write(fd, buf, len) != len) { -! warn("failure writing %s", filename); -! close(fd); -! leave("In progress srvtab in this file.", 1); - } - } -*************** -*** 343,349 **** - if (change || list) { - if ((backup_keyfile_fd = open(backup_keyfile, O_RDONLY, 0)) < 0) { -! (void) fprintf(stderr, "%s: Unable to read %s: %s\n", argv[0], -! backup_keyfile, sys_errlist[errno]); -! exit(1); - } - } ---- 325,329 ---- - if (change || list) { - if ((backup_keyfile_fd = open(backup_keyfile, O_RDONLY, 0)) < 0) { -! err(1, "unable to read %s", backup_keyfile); - } - } -*************** -*** 353,359 **** - open(work_keyfile, O_WRONLY | O_CREAT | O_TRUNC, - SRVTAB_MODE)) < 0) { -! (void) fprintf(stderr, "%s: Unable to write %s: %s\n", argv[0], -! work_keyfile, sys_errlist[errno]); -! exit(1); - } - } ---- 333,337 ---- - open(work_keyfile, O_WRONLY | O_CREAT | O_TRUNC, - SRVTAB_MODE)) < 0) { -! err(1, "unable to write %s", work_keyfile); - } - } -*************** -*** 361,367 **** - if ((work_keyfile_fd = - open(work_keyfile, O_APPEND | O_WRONLY, SRVTAB_MODE)) < 0) { -! (void) fprintf(stderr, "%s: Unable to open %s for append: %s\n", -! argv[0], work_keyfile, sys_errlist[errno]); -! exit(1); - } - } ---- 339,343 ---- - if ((work_keyfile_fd = - open(work_keyfile, O_APPEND | O_WRONLY, SRVTAB_MODE)) < 0) { -! err(1, "unable to append to %s", work_keyfile); - } - } -*************** -*** 456,463 **** - } - else { -! (void)fprintf(stderr, -! "%s: Unable to revert keyfile: %s\n", -! argv[0], sys_errlist[errno]); -! leave("", 1); - } - } ---- 432,437 ---- - } - else { -! warn("unable to revert keyfile"); -! leave("", 1); - } - } -*************** -*** 499,518 **** - if (change || list) - if (close(backup_keyfile_fd) < 0) { -! (void) fprintf(stderr, "%s: Failure closing %s: %s\n", -! argv[0], backup_keyfile, sys_errlist[errno]); -! (void) fprintf(stderr, "continuing...\n"); - } - - if (change || add) { - if (close(work_keyfile_fd) < 0) { -! (void) fprintf(stderr, "%s: Failure closing %s: %s\n", -! argv[0], work_keyfile, sys_errlist[errno]); -! exit(1); - } - if (rename(work_keyfile, keyfile) < 0) { -! (void) fprintf(stderr, "%s: Failure renaming %s to %s: %s\n", -! argv[0], work_keyfile, keyfile, -! sys_errlist[errno]); -! exit(1); - } - (void) chmod(backup_keyfile, keyfile_mode); ---- 473,485 ---- - if (change || list) - if (close(backup_keyfile_fd) < 0) { -! warn("failure closing %s, continuing", backup_keyfile); - } - - if (change || add) { - if (close(work_keyfile_fd) < 0) { -! err(1, "failure closing %s", work_keyfile); - } - if (rename(work_keyfile, keyfile) < 0) { -! err(1, "failure renaming %s to %s", work_keyfile, keyfile); - } - (void) chmod(backup_keyfile, keyfile_mode); diff --git a/eBones/ksrvutil/Makefile b/eBones/ksrvutil/Makefile deleted file mode 100644 index a95d9aec78b4..000000000000 --- a/eBones/ksrvutil/Makefile +++ /dev/null @@ -1,9 +0,0 @@ -# $Id: Makefile,v 1.1 1995/07/18 16:40:09 mark Exp $ - -PROG= ksrvutil -SRCS= ksrvutil.c -CFLAGS+= -I${.CURDIR}/../include -I${.CURDIR}/../libkadm -Wall -LDADD+= -L${KADMOBJDIR} -lkadm -L${KRBOBJDIR} -lkrb -ldes -lcom_err -MAN8= ksrvutil.8 - -.include <bsd.prog.mk> diff --git a/eBones/ksrvutil/ksrvutil.8 b/eBones/ksrvutil/ksrvutil.8 deleted file mode 100644 index a7fed8290071..000000000000 --- a/eBones/ksrvutil/ksrvutil.8 +++ /dev/null @@ -1,93 +0,0 @@ -.\" from: /mit/kerberos/src/man/RCS/ksrvutil.8,v 4.0 89/07/27 18:35:33 jtkohl Exp $ -.\" $Id: ksrvutil.8,v 1.2 1994/07/19 19:27:53 g89r4222 Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <Copyright.MIT>. -.\" -.TH KSRVUTIL 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -ksrvutil \- host kerberos keyfile (srvtab) manipulation utility -.SH SYNOPSIS -ksrvutil -.B operation -[ -.B \-k -] [ -.B \-i -] [ -.B \-f filename -] -.SH DESCRIPTION -.I ksrvutil -allows a system manager to list or change keys currently in his -keyfile or to add new keys to the keyfile. -.PP - -Operation must be one of the following: -.TP 10n -.I list -lists the keys in a keyfile showing version number and principal -name. If the \-k option is given, keys will also be shown. -.TP 10n -.I change -changes all the keys in the keyfile by using the regular admin -protocol. If the \-i flag is given, -.I ksrvutil -will prompt for yes or no before changing each key. If the \-k -option is used, the old and new keys will be displayed. -.TP 10n -.I add -allows the user to add a key. -.I add -prompts for name, instance, realm, and key version number, asks -for confirmation, and then asks for a password. -.I ksrvutil -then converts the password to a key and appends the keyfile with -the new information. If the \-k option is used, the key is -displayed. - -.PP -In all cases, the default file used is KEY_FILE as defined in -krb.h unless this is overridden by the \-f option. - -.PP -A good use for -.I ksrvutil -would be for adding keys to a keyfile. A system manager could -ask a kerberos administrator to create a new service key with -.IR kadmin (8) -and could supply an initial password. Then, he could use -.I ksrvutil -to add the key to the keyfile and then to change the key so that -it will be random and unknown to either the system manager or -the kerberos administrator. - -.I ksrvutil -always makes a backup copy of the keyfile before making any -changes. - -.SH DIAGNOSTICS -If -.I ksrvutil -should exit on an error condition at any time during a change or -add, a copy of the -original keyfile can be found in -.IR filename .old -where -.I filename -is the name of the keyfile, and a copy of the file with all new -keys changed or added so far can be found in -.IR filename .work. -The original keyfile is left unmodified until the program exits -at which point it is removed and replaced it with the workfile. -Appending the workfile to the backup copy and replacing the -keyfile with the result should always give a usable keyfile, -although the resulting keyfile will have some out of date keys -in it. - -.SH SEE ALSO -kadmin(8), ksrvtgt(1) - -.SH AUTHOR -Emanuel Jay Berkenbilt, MIT Project Athena diff --git a/eBones/ksrvutil/ksrvutil.c b/eBones/ksrvutil/ksrvutil.c deleted file mode 100644 index 1062ea5cc938..000000000000 --- a/eBones/ksrvutil/ksrvutil.c +++ /dev/null @@ -1,582 +0,0 @@ -/* - * Copyright 1989 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * Copyright.MIT. - * - * list and update contents of srvtab files - */ - -#if 0 -#ifndef lint -static char rcsid_ksrvutil_c[] = -"BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/ksrvutil.c,v 4.1 89/09/26 09:33:49 jtkohl Exp "; -static const char rcsid[] = - "$Id: ksrvutil.c,v 1.1 1995/07/18 16:40:11 mark Exp $"; -#endif lint -#endif - -/* - * ksrvutil - * list and update the contents of srvtab files - */ - -#ifndef FALSE -#define FALSE 0 -#endif - -#ifndef TRUE -#define TRUE 1 -#endif - -#include <unistd.h> -#include <string.h> -#include <sys/types.h> -#include <sys/file.h> -#include <sys/param.h> -#include <stdio.h> -#include <sys/stat.h> -#include <errno.h> -#include <kadm.h> -#include <err.h> -#include <com_err.h> - -#ifdef NOENCRYPTION -#define read_long_pw_string placebo_read_pw_string -#else /* NOENCRYPTION */ -#define read_long_pw_string des_read_pw_string -#endif /* NOENCRYPTION */ -int read_long_pw_string(); - -#define SRVTAB_MODE 0600 /* rw------- */ -#define PAD " " -#define VNO_HEADER "Version" -#define VNO_FORMAT "%4d " -#define KEY_HEADER " Key " /* 17 characters long */ -#define PRINC_HEADER " Principal\n" -#define PRINC_FORMAT "%s" - -void usage(void); -void leave(char *str, int x); -void get_key_from_password(des_cblock key); -void print_name(char *name, char *inst, char *realm); -void print_key(des_cblock key); -unsigned short get_mode(char *filename); -int get_svc_new_key(des_cblock new_key, char *sname, char *sinst, - char *srealm, char *keyfile); - -void -copy_keyfile(progname, keyfile, backup_keyfile) - char *progname; - char *keyfile; - char *backup_keyfile; -{ - int keyfile_fd; - int backup_keyfile_fd; - int keyfile_mode; - char buf[BUFSIZ]; /* for copying keyfiles */ - int rcount; /* for copying keyfiles */ - int try_again; - - bzero((char *)buf, sizeof(buf)); - - do { - try_again = FALSE; - if ((keyfile_fd = open(keyfile, O_RDONLY, 0)) < 0) { - if (errno != ENOENT) { - err(1, "unable to read %s", keyfile); - } - else { - try_again = TRUE; - if ((keyfile_fd = - open(keyfile, - O_WRONLY | O_TRUNC | O_CREAT, SRVTAB_MODE)) < 0) { - err(1, "unable to create %s", keyfile); - } - else - if (close(keyfile_fd) < 0) { - err(1, "failure closing %s", keyfile); - } - } - } - } while(try_again); - - keyfile_mode = get_mode(keyfile); - - if ((backup_keyfile_fd = - open(backup_keyfile, O_WRONLY | O_TRUNC | O_CREAT, - keyfile_mode)) < 0) { - err(1, "unable to write %s", backup_keyfile); - } - do { - if ((rcount = read(keyfile_fd, (char *)buf, sizeof(buf))) < 0) { - err(1, "error reading %s", keyfile); - } - if (rcount && (write(backup_keyfile_fd, buf, rcount) != rcount)) { - err(1, "error writing %s", backup_keyfile); - } - } while (rcount); - if (close(backup_keyfile_fd) < 0) { - err(1, "error closing %s", backup_keyfile); - } - if (close(keyfile_fd) < 0) { - err(1, "error closing %s", keyfile); - } -} - -void -safe_read_stdin(prompt, buf, size) - char *prompt; - char *buf; - int size; -{ - printf(prompt); - fflush(stdout); - bzero(buf, size); - if (read(0, buf, size - 1) < 0) { - warn("failure reading from stdin"); - leave((char *)NULL, 1); - } - fflush(stdin); - buf[strlen(buf)-1] = 0; -} - - -void -safe_write(progname, filename, fd, buf, len) - char *progname; - char *filename; - int fd; - char *buf; - int len; -{ - if (write(fd, buf, len) != len) { - warn("failure writing %s", filename); - close(fd); - leave("In progress srvtab in this file.", 1); - } -} - -int -yn(string) - char *string; -{ - char ynbuf[5]; - - printf("%s (y,n) [y] ", string); - for (;;) { - safe_read_stdin("", ynbuf, sizeof(ynbuf)); - - if ((ynbuf[0] == 'n') || (ynbuf[0] == 'N')) - return(0); - else if ((ynbuf[0] == 'y') || (ynbuf[0] == 'Y') || (ynbuf[0] == 0)) - return(1); - else { - printf("Please enter 'y' or 'n': "); - fflush(stdout); - } - } -} - -void -append_srvtab(progname, filename, fd, sname, sinst, - srealm, key_vno, key) - char *progname; - char *filename; - int fd; - char *sname; - char *sinst; - char *srealm; - unsigned char key_vno; - des_cblock key; -{ - /* Add one to append null */ - safe_write(progname, filename, fd, sname, strlen(sname) + 1); - safe_write(progname, filename, fd, sinst, strlen(sinst) + 1); - safe_write(progname, filename, fd, srealm, strlen(srealm) + 1); - safe_write(progname, filename, fd, (char *)&key_vno, 1); - safe_write(progname, filename, fd, (char *)key, sizeof(des_cblock)); - fsync(fd); -} - -unsigned short -get_mode(filename) - char *filename; -{ - struct stat statbuf; - unsigned short mode; - - bzero((char *)&statbuf, sizeof(statbuf)); - - if (stat(filename, &statbuf) < 0) - mode = SRVTAB_MODE; - else - mode = statbuf.st_mode; - - return(mode); -} - -int -main(argc,argv) - int argc; - char *argv[]; -{ - char sname[ANAME_SZ]; /* name of service */ - char sinst[INST_SZ]; /* instance of service */ - char srealm[REALM_SZ]; /* realm of service */ - unsigned char key_vno; /* key version number */ - int status; /* general purpose error status */ - des_cblock new_key; - des_cblock old_key; - char change_tkt[MAXPATHLEN]; /* Ticket to use for key change */ - char keyfile[MAXPATHLEN]; /* Original keyfile */ - char work_keyfile[MAXPATHLEN]; /* Working copy of keyfile */ - char backup_keyfile[MAXPATHLEN]; /* Backup copy of keyfile */ - unsigned short keyfile_mode; /* Protections on keyfile */ - int work_keyfile_fd = -1; /* Initialize so that */ - int backup_keyfile_fd = -1; /* compiler doesn't complain */ - char local_realm[REALM_SZ]; /* local kerberos realm */ - int i; - int interactive = FALSE; - int list = FALSE; - int change = FALSE; - int add = FALSE; - int key = FALSE; /* do we show keys? */ - int arg_entered = FALSE; - int change_this_key = FALSE; - char databuf[BUFSIZ]; - int first_printed = FALSE; /* have we printed the first item? */ - - bzero((char *)sname, sizeof(sname)); - bzero((char *)sinst, sizeof(sinst)); - bzero((char *)srealm, sizeof(srealm)); - - bzero((char *)change_tkt, sizeof(change_tkt)); - bzero((char *)keyfile, sizeof(keyfile)); - bzero((char *)work_keyfile, sizeof(work_keyfile)); - bzero((char *)backup_keyfile, sizeof(backup_keyfile)); - bzero((char *)local_realm, sizeof(local_realm)); - - sprintf(change_tkt, "/tmp/tkt_ksrvutil.%d", getpid()); - krb_set_tkt_string(change_tkt); - - /* This is used only as a default for adding keys */ - if (krb_get_lrealm(local_realm, 1) != KSUCCESS) - strcpy(local_realm, KRB_REALM); - - for (i = 1; i < argc; i++) { - if (strcmp(argv[i], "-i") == 0) - interactive++; - else if (strcmp(argv[i], "-k") == 0) - key++; - else if (strcmp(argv[i], "list") == 0) { - if (arg_entered) - usage(); - else { - arg_entered++; - list++; - } - } - else if (strcmp(argv[i], "change") == 0) { - if (arg_entered) - usage(); - else { - arg_entered++; - change++; - } - } - else if (strcmp(argv[i], "add") == 0) { - if (arg_entered) - usage(); - else { - arg_entered++; - add++; - } - } - else if (strcmp(argv[i], "-f") == 0) { - if (++i == argc) - usage(); - else - strcpy(keyfile, argv[i]); - } - else - usage(); - } - - if (!arg_entered) - usage(); - - if (!keyfile[0]) - strcpy(keyfile, KEYFILE); - - strcpy(work_keyfile, keyfile); - strcpy(backup_keyfile, keyfile); - - if (change || add) { - strcat(work_keyfile, ".work"); - strcat(backup_keyfile, ".old"); - - copy_keyfile(argv[0], keyfile, backup_keyfile); - } - - if (add) - copy_keyfile(argv[0], backup_keyfile, work_keyfile); - - keyfile_mode = get_mode(keyfile); - - if (change || list) { - if ((backup_keyfile_fd = open(backup_keyfile, O_RDONLY, 0)) < 0) { - err(1, "unable to read %s", backup_keyfile); - } - } - - if (change) { - if ((work_keyfile_fd = - open(work_keyfile, O_WRONLY | O_CREAT | O_TRUNC, - SRVTAB_MODE)) < 0) { - err(1, "unable to write %s", work_keyfile); - } - } - else if (add) { - if ((work_keyfile_fd = - open(work_keyfile, O_APPEND | O_WRONLY, SRVTAB_MODE)) < 0) { - err(1, "unable to append to %s", work_keyfile); - } - } - - if (change || list) { - while ((getst(backup_keyfile_fd, sname, SNAME_SZ) > 0) && - (getst(backup_keyfile_fd, sinst, INST_SZ) > 0) && - (getst(backup_keyfile_fd, srealm, REALM_SZ) > 0) && - (read(backup_keyfile_fd, &key_vno, 1) > 0) && - (read(backup_keyfile_fd,(char *)old_key,sizeof(old_key)) > 0)) { - if (list) { - if (!first_printed) { - printf(VNO_HEADER); - printf(PAD); - if (key) { - printf(KEY_HEADER); - printf(PAD); - } - printf(PRINC_HEADER); - first_printed = 1; - } - printf(VNO_FORMAT, key_vno); - printf(PAD); - if (key) { - print_key(old_key); - printf(PAD); - } - print_name(sname, sinst, srealm); - printf("\n"); - } - else if (change) { - printf("\nPrincipal: "); - print_name(sname, sinst, srealm); - printf("; version %d\n", key_vno); - if (interactive) - change_this_key = yn("Change this key?"); - else if (change) - change_this_key = 1; - else - change_this_key = 0; - - if (change_this_key) - printf("Changing to version %d.\n", key_vno + 1); - else if (change) - printf("Not changing this key.\n"); - - if (change_this_key) { - /* - * Pick a new key and determine whether or not - * it is safe to change - */ - if ((status = - get_svc_new_key(new_key, sname, sinst, - srealm, keyfile)) == KADM_SUCCESS) - key_vno++; - else { - bcopy(old_key, new_key, sizeof(new_key)); - com_err(argv[0], status, ": key NOT changed"); - change_this_key = FALSE; - } - } - else - bcopy(old_key, new_key, sizeof(new_key)); - append_srvtab(argv[0], work_keyfile, work_keyfile_fd, - sname, sinst, srealm, key_vno, new_key); - if (key && change_this_key) { - printf("Old key: "); - print_key(old_key); - printf("; new key: "); - print_key(new_key); - printf("\n"); - } - if (change_this_key) { - if ((status = kadm_change_pw(new_key)) == KADM_SUCCESS) { - printf("Key changed.\n"); - dest_tkt(); - } - else { - com_err(argv[0], status, - " attempting to change password."); - dest_tkt(); - /* XXX This knows the format of a keyfile */ - if (lseek(work_keyfile_fd, -9, L_INCR) >= 0) { - key_vno--; - safe_write(argv[0], work_keyfile, - work_keyfile_fd, (char *)&key_vno, 1); - safe_write(argv[0], work_keyfile, work_keyfile_fd, - (char *)old_key, sizeof(des_cblock)); - fsync(work_keyfile_fd); - fprintf(stderr,"Key NOT changed.\n"); - } - else { - warn("unable to revert keyfile"); - leave("", 1); - } - } - } - } - bzero((char *)old_key, sizeof(des_cblock)); - bzero((char *)new_key, sizeof(des_cblock)); - } - } - else if (add) { - do { - do { - safe_read_stdin("Name: ", databuf, sizeof(databuf)); - strncpy(sname, databuf, sizeof(sname) - 1); - safe_read_stdin("Instance: ", databuf, sizeof(databuf)); - strncpy(sinst, databuf, sizeof(sinst) - 1); - safe_read_stdin("Realm: ", databuf, sizeof(databuf)); - strncpy(srealm, databuf, sizeof(srealm) - 1); - safe_read_stdin("Version number: ", databuf, sizeof(databuf)); - key_vno = atoi(databuf); - if (!srealm[0]) - strcpy(srealm, local_realm); - printf("New principal: "); - print_name(sname, sinst, srealm); - printf("; version %d\n", key_vno); - } while (!yn("Is this correct?")); - get_key_from_password(new_key); - if (key) { - printf("Key: "); - print_key(new_key); - printf("\n"); - } - append_srvtab(argv[0], work_keyfile, work_keyfile_fd, - sname, sinst, srealm, key_vno, new_key); - printf("Key successfully added.\n"); - } while (yn("Would you like to add another key?")); - } - - if (change || list) - if (close(backup_keyfile_fd) < 0) { - warn("failure closing %s, continuing", backup_keyfile); - } - - if (change || add) { - if (close(work_keyfile_fd) < 0) { - err(1, "failure closing %s", work_keyfile); - } - if (rename(work_keyfile, keyfile) < 0) { - err(1, "failure renaming %s to %s", work_keyfile, keyfile); - } - chmod(backup_keyfile, keyfile_mode); - chmod(keyfile, keyfile_mode); - printf("Old keyfile in %s.\n", backup_keyfile); - } - - exit(0); -} - -void -print_key(key) - des_cblock key; -{ - int i; - - for (i = 0; i < 4; i++) - printf("%02x", key[i]); - printf(" "); - for (i = 4; i < 8; i++) - printf("%02x", key[i]); -} - -void -print_name(name, inst, realm) - char *name; - char *inst; - char *realm; -{ - printf("%s%s%s%s%s", name, inst[0] ? "." : "", inst, - realm[0] ? "@" : "", realm); -} - -int -get_svc_new_key(new_key, sname, sinst, srealm, keyfile) - des_cblock new_key; - char *sname; - char *sinst; - char *srealm; - char *keyfile; -{ - int status = KADM_SUCCESS; - - if (((status = krb_get_svc_in_tkt(sname, sinst, srealm, PWSERV_NAME, - KADM_SINST, 1, keyfile)) == KSUCCESS) && - ((status = kadm_init_link("changepw", KRB_MASTER, srealm)) == - KADM_SUCCESS)) { -#ifdef NOENCRYPTION - bzero((char *) new_key, sizeof(des_cblock)); - new_key[0] = (unsigned char) 1; -#else /* NOENCRYPTION */ - des_random_key(new_key); -#endif /* NOENCRYPTION */ - return(KADM_SUCCESS); - } - - return(status); -} - -void -get_key_from_password(key) - des_cblock key; -{ - char password[MAX_KPW_LEN]; /* storage for the password */ - - if (read_long_pw_string(password, sizeof(password)-1, "Password: ", 1)) - leave("Error reading password.", 1); - -#ifdef NOENCRYPTION - bzero((char *) key, sizeof(des_cblock)); - key[0] = (unsigned char) 1; -#else /* NOENCRYPTION */ - des_string_to_key(password, (des_cblock *)key); -#endif /* NOENCRYPTION */ - bzero((char *)password, sizeof(password)); -} - -void -usage() -{ - fprintf(stderr, "Usage: ksrvutil [-f keyfile] [-i] [-k] "); - fprintf(stderr, "{list | change | add}\n"); - fprintf(stderr, " -i causes the program to ask for "); - fprintf(stderr, "confirmation before changing keys.\n"); - fprintf(stderr, " -k causes the key to printed for list or "); - fprintf(stderr, "change.\n"); - exit(1); -} - -void -leave(str,x) -char *str; -int x; -{ - if (str) - fprintf(stderr, "%s\n", str); - dest_tkt(); - exit(x); -} |