1/* 2 * Copyright (c) 1997 - 2006 Kungliga Tekniska H��gskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34#include "kadmin_locl.h" 35#include "kadmin-commands.h" 36 37struct ext_keytab_data { 38 krb5_keytab keytab; 39}; 40 41static int 42do_ext_keytab(krb5_principal principal, void *data) 43{ 44 krb5_error_code ret; 45 kadm5_principal_ent_rec princ; 46 struct ext_keytab_data *e = data; 47 krb5_keytab_entry *keys = NULL; 48 krb5_keyblock *k = NULL; 49 int i, n_k; 50 51 ret = kadm5_get_principal(kadm_handle, principal, &princ, 52 KADM5_PRINCIPAL|KADM5_KVNO|KADM5_KEY_DATA); 53 if(ret) 54 return ret; 55 56 if (princ.n_key_data) { 57 keys = malloc(sizeof(*keys) * princ.n_key_data); 58 if (keys == NULL) { 59 kadm5_free_principal_ent(kadm_handle, &princ); 60 krb5_clear_error_message(context); 61 return ENOMEM; 62 } 63 for (i = 0; i < princ.n_key_data; i++) { 64 krb5_key_data *kd = &princ.key_data[i]; 65 66 keys[i].principal = princ.principal; 67 keys[i].vno = kd->key_data_kvno; 68 keys[i].keyblock.keytype = kd->key_data_type[0]; 69 keys[i].keyblock.keyvalue.length = kd->key_data_length[0]; 70 keys[i].keyblock.keyvalue.data = kd->key_data_contents[0]; 71 keys[i].timestamp = time(NULL); 72 } 73 74 n_k = princ.n_key_data; 75 } else { 76 ret = kadm5_randkey_principal(kadm_handle, principal, &k, &n_k); 77 if (ret) { 78 kadm5_free_principal_ent(kadm_handle, &princ); 79 return ret; 80 } 81 keys = malloc(sizeof(*keys) * n_k); 82 if (keys == NULL) { 83 kadm5_free_principal_ent(kadm_handle, &princ); 84 krb5_clear_error_message(context); 85 return ENOMEM; 86 } 87 for (i = 0; i < n_k; i++) { 88 keys[i].principal = principal; 89 keys[i].vno = princ.kvno + 1; /* XXX get entry again */ 90 keys[i].keyblock = k[i]; 91 keys[i].timestamp = time(NULL); 92 } 93 } 94 95 for(i = 0; i < n_k; i++) { 96 ret = krb5_kt_add_entry(context, e->keytab, &keys[i]); 97 if(ret) 98 krb5_warn(context, ret, "krb5_kt_add_entry(%d)", i); 99 } 100 101 if (k) { 102 memset(k, 0, n_k * sizeof(*k)); 103 free(k); 104 } 105 if (keys) 106 free(keys); 107 kadm5_free_principal_ent(kadm_handle, &princ); 108 return 0; 109} 110 111int 112ext_keytab(struct ext_keytab_options *opt, int argc, char **argv) 113{ 114 krb5_error_code ret; 115 int i; 116 struct ext_keytab_data data; 117 118 if (opt->keytab_string == NULL) 119 ret = krb5_kt_default(context, &data.keytab); 120 else 121 ret = krb5_kt_resolve(context, opt->keytab_string, &data.keytab); 122 123 if(ret){ 124 krb5_warn(context, ret, "krb5_kt_resolve"); 125 return 1; 126 } 127 128 for(i = 0; i < argc; i++) { 129 ret = foreach_principal(argv[i], do_ext_keytab, "ext", &data); 130 if (ret) 131 break; 132 } 133 134 krb5_kt_close(context, data.keytab); 135 136 return ret != 0; 137} 138