10Sstevel@tonic-gate /* 2*2881Smp153739 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 30Sstevel@tonic-gate * Use is subject to license terms. 40Sstevel@tonic-gate */ 50Sstevel@tonic-gate 60Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 70Sstevel@tonic-gate 80Sstevel@tonic-gate /* 90Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 100Sstevel@tonic-gate * 110Sstevel@tonic-gate * Openvision retains the copyright to derivative works of 120Sstevel@tonic-gate * this source code. Do *NOT* create a derivative of this 130Sstevel@tonic-gate * source code before consulting with your legal department. 140Sstevel@tonic-gate * Do *NOT* integrate *ANY* of this source code into another 150Sstevel@tonic-gate * product before consulting with your legal department. 160Sstevel@tonic-gate * 170Sstevel@tonic-gate * For further information, read the top-level Openvision 180Sstevel@tonic-gate * copyright which is contained in the top-level MIT Kerberos 190Sstevel@tonic-gate * copyright. 200Sstevel@tonic-gate * 210Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 220Sstevel@tonic-gate * 230Sstevel@tonic-gate */ 240Sstevel@tonic-gate 250Sstevel@tonic-gate 260Sstevel@tonic-gate /* 270Sstevel@tonic-gate * kadmin/ktutil/ktutil.c 280Sstevel@tonic-gate * 290Sstevel@tonic-gate * Copyright 1995, 1996 by the Massachusetts Institute of Technology. 300Sstevel@tonic-gate * All Rights Reserved. 310Sstevel@tonic-gate * 320Sstevel@tonic-gate * Export of this software from the United States of America may 330Sstevel@tonic-gate * require a specific license from the United States Government. 340Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating 350Sstevel@tonic-gate * export to obtain such a license before exporting. 36*2881Smp153739 * 370Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 380Sstevel@tonic-gate * distribute this software and its documentation for any purpose and 390Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright 400Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and 410Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that 420Sstevel@tonic-gate * the name of M.I.T. not be used in advertising or publicity pertaining 430Sstevel@tonic-gate * to distribution of the software without specific, written prior 440Sstevel@tonic-gate * permission. Furthermore if you modify this software you must label 450Sstevel@tonic-gate * your software as modified software and not distribute it in such a 460Sstevel@tonic-gate * fashion that it might be confused with the original M.I.T. software. 470Sstevel@tonic-gate * M.I.T. makes no representations about the suitability of 480Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express 490Sstevel@tonic-gate * or implied warranty. 50*2881Smp153739 * 510Sstevel@tonic-gate * SS user interface for ktutil. 520Sstevel@tonic-gate */ 530Sstevel@tonic-gate 540Sstevel@tonic-gate #include "k5-int.h" 550Sstevel@tonic-gate #include "ktutil.h" 560Sstevel@tonic-gate #include <com_err.h> 570Sstevel@tonic-gate #include <ss/ss.h> 580Sstevel@tonic-gate #include <stdio.h> 590Sstevel@tonic-gate #ifdef HAVE_STDLIB_H 600Sstevel@tonic-gate #include <stdlib.h> 610Sstevel@tonic-gate #endif 620Sstevel@tonic-gate #include <libintl.h> 630Sstevel@tonic-gate #include <locale.h> 640Sstevel@tonic-gate 650Sstevel@tonic-gate extern ss_request_table ktutil_cmds; 660Sstevel@tonic-gate krb5_context kcontext; 670Sstevel@tonic-gate krb5_kt_list ktlist = NULL; 680Sstevel@tonic-gate 69*2881Smp153739 int main(argc, argv) 70*2881Smp153739 int argc; 71*2881Smp153739 char *argv[]; 720Sstevel@tonic-gate { 73*2881Smp153739 krb5_error_code retval; 74*2881Smp153739 int sci_idx; 750Sstevel@tonic-gate 760Sstevel@tonic-gate (void) setlocale(LC_ALL, ""); 770Sstevel@tonic-gate 780Sstevel@tonic-gate #if !defined(TEXT_DOMAIN) /* Should be defined by cc -D */ 790Sstevel@tonic-gate #define TEXT_DOMAIN "SYS_TEST" /* Use this only if it weren't */ 800Sstevel@tonic-gate #endif 810Sstevel@tonic-gate 820Sstevel@tonic-gate (void) textdomain(TEXT_DOMAIN); 830Sstevel@tonic-gate 84*2881Smp153739 retval = krb5_init_context(&kcontext); 85*2881Smp153739 if (retval) { 860Sstevel@tonic-gate com_err(argv[0], retval, gettext("while initializing krb5")); 87*2881Smp153739 exit(1); 88*2881Smp153739 } 890Sstevel@tonic-gate retval = ktutil_initialize_cmds_table (&ktutil_cmds); 900Sstevel@tonic-gate if (retval) { 910Sstevel@tonic-gate com_err(argv[0], retval, 920Sstevel@tonic-gate gettext("while localizing command description messages")); 930Sstevel@tonic-gate exit(1); 940Sstevel@tonic-gate } 95*2881Smp153739 sci_idx = ss_create_invocation("ktutil", "5.0", (char *) NULL, 96*2881Smp153739 &ktutil_cmds, &retval); 97*2881Smp153739 if (retval) { 98*2881Smp153739 ss_perror(sci_idx, retval, gettext("creating invocation")); 99*2881Smp153739 exit(1); 100*2881Smp153739 } 101*2881Smp153739 retval = ss_listen(sci_idx); 102*2881Smp153739 ktutil_free_kt_list(kcontext, ktlist); 103*2881Smp153739 exit(0); 1040Sstevel@tonic-gate } 1050Sstevel@tonic-gate 106*2881Smp153739 void ktutil_clear_list(argc, argv) 107*2881Smp153739 int argc; 108*2881Smp153739 char *argv[]; 1090Sstevel@tonic-gate { 110*2881Smp153739 krb5_error_code retval; 1110Sstevel@tonic-gate 112*2881Smp153739 if (argc != 1) { 1130Sstevel@tonic-gate fprintf(stderr, gettext("%s: invalid arguments\n"), argv[0]); 114*2881Smp153739 return; 115*2881Smp153739 } 116*2881Smp153739 retval = ktutil_free_kt_list(kcontext, ktlist); 117*2881Smp153739 if (retval) 1180Sstevel@tonic-gate com_err(argv[0], retval, gettext("while freeing ktlist")); 119*2881Smp153739 ktlist = NULL; 1200Sstevel@tonic-gate } 1210Sstevel@tonic-gate 122*2881Smp153739 void ktutil_read_v5(argc, argv) 123*2881Smp153739 int argc; 124*2881Smp153739 char *argv[]; 1250Sstevel@tonic-gate { 126*2881Smp153739 krb5_error_code retval; 1270Sstevel@tonic-gate 128*2881Smp153739 if (argc != 2) { 1290Sstevel@tonic-gate fprintf(stderr, 1300Sstevel@tonic-gate gettext("%s: must specify keytab to read\n"), argv[0]); 131*2881Smp153739 return; 132*2881Smp153739 } 133*2881Smp153739 retval = ktutil_read_keytab(kcontext, argv[1], &ktlist); 134*2881Smp153739 if (retval) 1350Sstevel@tonic-gate com_err(argv[0], retval, 1360Sstevel@tonic-gate gettext("while reading keytab \"%s\""), argv[1]); 1370Sstevel@tonic-gate } 1380Sstevel@tonic-gate 139*2881Smp153739 void ktutil_read_v4(argc, argv) 140*2881Smp153739 int argc; 141*2881Smp153739 char *argv[]; 1420Sstevel@tonic-gate { 1430Sstevel@tonic-gate #ifdef KRB5_KRB4_COMPAT 144*2881Smp153739 krb5_error_code retval; 1450Sstevel@tonic-gate 146*2881Smp153739 if (argc != 2) { 1470Sstevel@tonic-gate fprintf(stderr, 1480Sstevel@tonic-gate gettext("%s: must specify the srvtab to read\n"), argv[0]); 149*2881Smp153739 return; 150*2881Smp153739 } 151*2881Smp153739 retval = ktutil_read_srvtab(kcontext, argv[1], &ktlist); 152*2881Smp153739 if (retval) 1530Sstevel@tonic-gate com_err(argv[0], retval, 1540Sstevel@tonic-gate gettext("while reading srvtab \"%s\""), argv[1]); 1550Sstevel@tonic-gate #else 1560Sstevel@tonic-gate fprintf(stderr, gettext("%s: krb4 support not configured\n"), argv[0]); 1570Sstevel@tonic-gate #endif 1580Sstevel@tonic-gate } 1590Sstevel@tonic-gate 160*2881Smp153739 void ktutil_write_v5(argc, argv) 161*2881Smp153739 int argc; 162*2881Smp153739 char *argv[]; 1630Sstevel@tonic-gate { 164*2881Smp153739 krb5_error_code retval; 1650Sstevel@tonic-gate 166*2881Smp153739 if (argc != 2) { 1670Sstevel@tonic-gate fprintf(stderr, 1680Sstevel@tonic-gate gettext("%s: must specify keytab to write\n"), argv[0]); 169*2881Smp153739 return; 170*2881Smp153739 } 171*2881Smp153739 retval = ktutil_write_keytab(kcontext, ktlist, argv[1]); 172*2881Smp153739 if (retval) 1730Sstevel@tonic-gate com_err(argv[0], retval, 1740Sstevel@tonic-gate gettext("while writing keytab \"%s\""), argv[1]); 1750Sstevel@tonic-gate } 1760Sstevel@tonic-gate 177*2881Smp153739 void ktutil_write_v4(argc, argv) 178*2881Smp153739 int argc; 179*2881Smp153739 char *argv[]; 1800Sstevel@tonic-gate { 1810Sstevel@tonic-gate #ifdef KRB5_KRB4_COMPAT 182*2881Smp153739 krb5_error_code retval; 1830Sstevel@tonic-gate 184*2881Smp153739 if (argc != 2) { 1850Sstevel@tonic-gate fprintf(stderr, 1860Sstevel@tonic-gate gettext("%s: must specify srvtab to write\n"), argv[0]); 187*2881Smp153739 return; 188*2881Smp153739 } 189*2881Smp153739 retval = ktutil_write_srvtab(kcontext, ktlist, argv[1]); 190*2881Smp153739 if (retval) 1910Sstevel@tonic-gate com_err(argv[0], retval, 1920Sstevel@tonic-gate gettext("while writing srvtab \"%s\""), argv[1]); 1930Sstevel@tonic-gate #else 1940Sstevel@tonic-gate fprintf(stderr, gettext("%s: krb4 support not configured\n"), argv[0]); 1950Sstevel@tonic-gate #endif 1960Sstevel@tonic-gate } 1970Sstevel@tonic-gate 1980Sstevel@tonic-gate void ktutil_add_entry(argc, argv) 1990Sstevel@tonic-gate int argc; 2000Sstevel@tonic-gate char *argv[]; 2010Sstevel@tonic-gate { 2020Sstevel@tonic-gate krb5_error_code retval; 2030Sstevel@tonic-gate char *princ = NULL; 2040Sstevel@tonic-gate char *enctype = NULL; 2050Sstevel@tonic-gate krb5_kvno kvno = 0; 2060Sstevel@tonic-gate int use_pass = 0, use_key = 0, i; 2070Sstevel@tonic-gate 2080Sstevel@tonic-gate for (i = 1; i < argc; i++) { 2090Sstevel@tonic-gate if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-p", 2)) { 2100Sstevel@tonic-gate princ = argv[++i]; 2110Sstevel@tonic-gate continue; 2120Sstevel@tonic-gate } 2130Sstevel@tonic-gate if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) { 2140Sstevel@tonic-gate kvno = (krb5_kvno) atoi(argv[++i]); 2150Sstevel@tonic-gate continue; 2160Sstevel@tonic-gate } 2170Sstevel@tonic-gate if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) { 2180Sstevel@tonic-gate enctype = argv[++i]; 2190Sstevel@tonic-gate continue; 2200Sstevel@tonic-gate } 2210Sstevel@tonic-gate if ((strlen(argv[i]) == 9) && !strncmp(argv[i], "-password", 9)) { 2220Sstevel@tonic-gate use_pass++; 2230Sstevel@tonic-gate continue; 2240Sstevel@tonic-gate } 2250Sstevel@tonic-gate if ((strlen(argv[i]) == 4) && !strncmp(argv[i], "-key", 4)) { 2260Sstevel@tonic-gate use_key++; 2270Sstevel@tonic-gate continue; 2280Sstevel@tonic-gate } 2290Sstevel@tonic-gate } 2300Sstevel@tonic-gate 2310Sstevel@tonic-gate if (argc != 8 || !(princ && kvno && enctype) || (use_pass+use_key != 1)) { 2320Sstevel@tonic-gate fprintf(stderr, "%s: %s (-key | -password) -p principal " 2330Sstevel@tonic-gate "-k kvno -e enctype\n", gettext("usage"), argv[0]); 2340Sstevel@tonic-gate return; 2350Sstevel@tonic-gate } 2360Sstevel@tonic-gate 2370Sstevel@tonic-gate retval = ktutil_add(kcontext, &ktlist, princ, kvno, enctype, use_pass); 2380Sstevel@tonic-gate if (retval) 2390Sstevel@tonic-gate com_err(argv[0], retval, gettext("while adding new entry")); 2400Sstevel@tonic-gate } 2410Sstevel@tonic-gate 242*2881Smp153739 void ktutil_delete_entry(argc, argv) 243*2881Smp153739 int argc; 244*2881Smp153739 char *argv[]; 2450Sstevel@tonic-gate { 246*2881Smp153739 krb5_error_code retval; 2470Sstevel@tonic-gate 248*2881Smp153739 if (argc != 2) { 249*2881Smp153739 fprintf(stderr, 250*2881Smp153739 gettext("%s: must specify entry to delete\n"), argv[0]); 251*2881Smp153739 return; 252*2881Smp153739 } 253*2881Smp153739 retval = ktutil_delete(kcontext, &ktlist, atoi(argv[1])); 254*2881Smp153739 if (retval) 255*2881Smp153739 com_err(argv[0], retval, 2560Sstevel@tonic-gate gettext("while deleting entry %d"), atoi(argv[1])); 2570Sstevel@tonic-gate } 2580Sstevel@tonic-gate 259*2881Smp153739 void ktutil_list(argc, argv) 260*2881Smp153739 int argc; 261*2881Smp153739 char *argv[]; 2620Sstevel@tonic-gate { 263*2881Smp153739 krb5_error_code retval; 264*2881Smp153739 krb5_kt_list lp; 265*2881Smp153739 int show_time = 0, show_keys = 0, show_enctype = 0; 266*2881Smp153739 int i, j; 267*2881Smp153739 char *pname; 2680Sstevel@tonic-gate 269*2881Smp153739 for (i = 1; i < argc; i++) { 270*2881Smp153739 if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-t", 2)) { 271*2881Smp153739 show_time++; 272*2881Smp153739 continue; 2730Sstevel@tonic-gate } 274*2881Smp153739 if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) { 275*2881Smp153739 show_keys++; 276*2881Smp153739 continue; 277*2881Smp153739 } 278*2881Smp153739 if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) { 279*2881Smp153739 show_enctype++; 280*2881Smp153739 continue; 2810Sstevel@tonic-gate } 2820Sstevel@tonic-gate 283*2881Smp153739 fprintf(stderr, "%s: %s [-t] [-k] [-e]\n", gettext("usage"), argv[0]); 284*2881Smp153739 return; 285*2881Smp153739 } 286*2881Smp153739 if (show_time) { 287*2881Smp153739 printf(gettext("slot KVNO Timestamp Principal\n")); 288*2881Smp153739 printf("---- ---- ----------------- ---------------------------------------------------\n"); 289*2881Smp153739 } else { 290*2881Smp153739 printf(gettext("slot KVNO Principal\n")); 291*2881Smp153739 printf("---- ---- ---------------------------------------------------------------------\n"); 292*2881Smp153739 } 293*2881Smp153739 for (i = 1, lp = ktlist; lp; i++, lp = lp->next) { 294*2881Smp153739 retval = krb5_unparse_name(kcontext, lp->entry->principal, &pname); 295*2881Smp153739 if (retval) { 296*2881Smp153739 com_err(argv[0], retval, 297*2881Smp153739 gettext("while unparsing principal name")); 298*2881Smp153739 return; 299*2881Smp153739 } 300*2881Smp153739 printf("%4d %4d ", i, lp->entry->vno); 301*2881Smp153739 if (show_time) { 302*2881Smp153739 char fmtbuf[18]; 303*2881Smp153739 char fill; 304*2881Smp153739 time_t tstamp; 305*2881Smp153739 306*2881Smp153739 (void) localtime(&tstamp); 307*2881Smp153739 lp->entry->timestamp = tstamp; 308*2881Smp153739 fill = ' '; 309*2881Smp153739 if (!krb5_timestamp_to_sfstring((krb5_timestamp)lp->entry-> 310*2881Smp153739 timestamp, 311*2881Smp153739 fmtbuf, 312*2881Smp153739 sizeof(fmtbuf), 313*2881Smp153739 &fill)) 314*2881Smp153739 printf("%s ", fmtbuf); 315*2881Smp153739 } 316*2881Smp153739 printf("%40s", pname); 317*2881Smp153739 if (show_enctype) { 318*2881Smp153739 static char buf[256]; 319*2881Smp153739 if ((retval = krb5_enctype_to_string( 320*2881Smp153739 lp->entry->key.enctype, buf, 256))) { 321*2881Smp153739 com_err(argv[0], retval, 322*2881Smp153739 gettext("While converting " 323*2881Smp153739 "enctype to string")); 324*2881Smp153739 return; 3250Sstevel@tonic-gate } 326*2881Smp153739 printf(" (%s) ", buf); 3270Sstevel@tonic-gate } 328*2881Smp153739 329*2881Smp153739 if (show_keys) { 330*2881Smp153739 printf(" (0x"); 331*2881Smp153739 for (j = 0; j < lp->entry->key.length; j++) 332*2881Smp153739 printf("%02x", lp->entry->key.contents[j]); 333*2881Smp153739 printf(")"); 334*2881Smp153739 } 335*2881Smp153739 printf("\n"); 336*2881Smp153739 krb5_xfree(pname); 337*2881Smp153739 } 3380Sstevel@tonic-gate } 3390Sstevel@tonic-gate 3400Sstevel@tonic-gate 3410Sstevel@tonic-gate 3420Sstevel@tonic-gate 3430Sstevel@tonic-gate 3440Sstevel@tonic-gate 3450Sstevel@tonic-gate 3460Sstevel@tonic-gate 3470Sstevel@tonic-gate 3480Sstevel@tonic-gate 349