xref: /minix/crypto/external/bsd/heimdal/dist/admin/get.c (revision ebfedea0) 
1 /*	$NetBSD: get.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $	*/
2 
3 /*
4  * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
5  * (Royal Institute of Technology, Stockholm, Sweden).
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * 3. Neither the name of the Institute nor the names of its contributors
20  *    may be used to endorse or promote products derived from this software
21  *    without specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33  * SUCH DAMAGE.
34  */
35 
36 #include "ktutil_locl.h"
37 
38 __RCSID("$NetBSD: get.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $");
39 
40 static void*
41 open_kadmin_connection(char *principal,
42 		       const char *realm,
43 		       char *admin_server,
44 		       int server_port)
45 {
46     static kadm5_config_params conf;
47     krb5_error_code ret;
48     void *kadm_handle;
49     memset(&conf, 0, sizeof(conf));
50 
51     if(realm) {
52 	conf.realm = strdup(realm);
53 	if (conf.realm == NULL) {
54 	    krb5_set_error_message(context, 0, "malloc: out of memory");
55 	    return NULL;
56 	}
57 	conf.mask |= KADM5_CONFIG_REALM;
58     }
59 
60     if (admin_server) {
61 	conf.admin_server = admin_server;
62 	conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
63     }
64 
65     if (server_port) {
66 	conf.kadmind_port = htons(server_port);
67 	conf.mask |= KADM5_CONFIG_KADMIND_PORT;
68     }
69 
70     /* should get realm from each principal, instead of doing
71        everything with the same (local) realm */
72 
73     ret = kadm5_init_with_password_ctx(context,
74 				       principal,
75 				       NULL,
76 				       KADM5_ADMIN_SERVICE,
77 				       &conf, 0, 0,
78 				       &kadm_handle);
79     free(conf.realm);
80     if(ret) {
81 	krb5_warn(context, ret, "kadm5_init_with_password");
82 	return NULL;
83     }
84     return kadm_handle;
85 }
86 
87 int
88 kt_get(struct get_options *opt, int argc, char **argv)
89 {
90     krb5_error_code ret = 0;
91     krb5_keytab keytab;
92     void *kadm_handle = NULL;
93     krb5_enctype *etypes = NULL;
94     size_t netypes = 0;
95     int i, j;
96     unsigned int failed = 0;
97 
98     if((keytab = ktutil_open_keytab()) == NULL)
99 	return 1;
100 
101     if(opt->realm_string)
102 	krb5_set_default_realm(context, opt->realm_string);
103 
104     if (opt->enctypes_strings.num_strings != 0) {
105 
106 	etypes = malloc (opt->enctypes_strings.num_strings * sizeof(*etypes));
107 	if (etypes == NULL) {
108 	    krb5_warnx(context, "malloc failed");
109 	    goto out;
110 	}
111 	netypes = opt->enctypes_strings.num_strings;
112 	for(i = 0; i < netypes; i++) {
113 	    ret = krb5_string_to_enctype(context,
114 					 opt->enctypes_strings.strings[i],
115 					 &etypes[i]);
116 	    if(ret) {
117 		krb5_warnx(context, "unrecognized enctype: %s",
118 			   opt->enctypes_strings.strings[i]);
119 		goto out;
120 	    }
121 	}
122     }
123 
124 
125     for(i = 0; i < argc; i++){
126 	krb5_principal princ_ent;
127 	kadm5_principal_ent_rec princ;
128 	int mask = 0;
129 	krb5_keyblock *keys;
130 	int n_keys;
131 	int created = 0;
132 	krb5_keytab_entry entry;
133 
134 	ret = krb5_parse_name(context, argv[i], &princ_ent);
135 	if (ret) {
136 	    krb5_warn(context, ret, "can't parse principal %s", argv[i]);
137 	    failed++;
138 	    continue;
139 	}
140 	memset(&princ, 0, sizeof(princ));
141 	princ.principal = princ_ent;
142 	mask |= KADM5_PRINCIPAL;
143 	princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
144 	mask |= KADM5_ATTRIBUTES;
145 	princ.princ_expire_time = 0;
146 	mask |= KADM5_PRINC_EXPIRE_TIME;
147 
148 	if(kadm_handle == NULL) {
149 	    const char *r;
150 	    if(opt->realm_string != NULL)
151 		r = opt->realm_string;
152 	    else
153 		r = krb5_principal_get_realm(context, princ_ent);
154 	    kadm_handle = open_kadmin_connection(opt->principal_string,
155 						 r,
156 						 opt->admin_server_string,
157 						 opt->server_port_integer);
158 	    if(kadm_handle == NULL)
159 		break;
160 	}
161 
162 	ret = kadm5_create_principal(kadm_handle, &princ, mask, "x");
163 	if(ret == 0)
164 	    created = 1;
165 	else if(ret != KADM5_DUP) {
166 	    krb5_warn(context, ret, "kadm5_create_principal(%s)", argv[i]);
167 	    krb5_free_principal(context, princ_ent);
168 	    failed++;
169 	    continue;
170 	}
171 	ret = kadm5_randkey_principal(kadm_handle, princ_ent, &keys, &n_keys);
172 	if (ret) {
173 	    krb5_warn(context, ret, "kadm5_randkey_principal(%s)", argv[i]);
174 	    krb5_free_principal(context, princ_ent);
175 	    failed++;
176 	    continue;
177 	}
178 
179 	ret = kadm5_get_principal(kadm_handle, princ_ent, &princ,
180 			      KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES);
181 	if (ret) {
182 	    krb5_warn(context, ret, "kadm5_get_principal(%s)", argv[i]);
183 	    for (j = 0; j < n_keys; j++)
184 		krb5_free_keyblock_contents(context, &keys[j]);
185 	    krb5_free_principal(context, princ_ent);
186 	    failed++;
187 	    continue;
188 	}
189 	if(!created && (princ.attributes & KRB5_KDB_DISALLOW_ALL_TIX))
190 	    krb5_warnx(context, "%s: disallow-all-tix flag set - clearing", argv[i]);
191 	princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
192 	mask = KADM5_ATTRIBUTES;
193 	if(created) {
194 	    princ.kvno = 1;
195 	    mask |= KADM5_KVNO;
196 	}
197 	ret = kadm5_modify_principal(kadm_handle, &princ, mask);
198 	if (ret) {
199 	    krb5_warn(context, ret, "kadm5_modify_principal(%s)", argv[i]);
200 	    for (j = 0; j < n_keys; j++)
201 		krb5_free_keyblock_contents(context, &keys[j]);
202 	    krb5_free_principal(context, princ_ent);
203 	    failed++;
204 	    continue;
205 	}
206 	for(j = 0; j < n_keys; j++) {
207 	    int do_add = TRUE;
208 
209 	    if (netypes) {
210 		int k;
211 
212 		do_add = FALSE;
213 		for (k = 0; k < netypes; ++k)
214 		    if (keys[j].keytype == etypes[k]) {
215 			do_add = TRUE;
216 			break;
217 		    }
218 	    }
219 	    if (do_add) {
220 		entry.principal = princ_ent;
221 		entry.vno = princ.kvno;
222 		entry.keyblock = keys[j];
223 		entry.timestamp = time (NULL);
224 		ret = krb5_kt_add_entry(context, keytab, &entry);
225 		if (ret)
226 		    krb5_warn(context, ret, "krb5_kt_add_entry");
227 	    }
228 	    krb5_free_keyblock_contents(context, &keys[j]);
229 	}
230 
231 	kadm5_free_principal_ent(kadm_handle, &princ);
232 	krb5_free_principal(context, princ_ent);
233     }
234  out:
235     free(etypes);
236     if (kadm_handle)
237 	kadm5_destroy(kadm_handle);
238     krb5_kt_close(context, keytab);
239     return ret != 0 || failed > 0;
240 }
241