1/*
2 * Copyright (c) 1997-2004 Kungliga Tekniska H��gskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#include "ktutil_locl.h"
35
36RCSID("$Id$");
37
38
39static krb5_boolean
40compare_keyblock(const krb5_keyblock *a, const krb5_keyblock *b)
41{
42    if(a->keytype != b->keytype ||
43       a->keyvalue.length != b->keyvalue.length ||
44       memcmp(a->keyvalue.data, b->keyvalue.data, a->keyvalue.length) != 0)
45	return FALSE;
46    return TRUE;
47}
48
49int
50kt_copy (void *opt, int argc, char **argv)
51{
52    krb5_error_code ret;
53    krb5_keytab src_keytab, dst_keytab;
54    krb5_kt_cursor cursor;
55    krb5_keytab_entry entry, dummy;
56    const char *from = argv[0];
57    const char *to = argv[1];
58
59    ret = krb5_kt_resolve (context, from, &src_keytab);
60    if (ret) {
61	krb5_warn (context, ret, "resolving src keytab `%s'", from);
62	return 1;
63    }
64
65    ret = krb5_kt_resolve (context, to, &dst_keytab);
66    if (ret) {
67	krb5_kt_close (context, src_keytab);
68	krb5_warn (context, ret, "resolving dst keytab `%s'", to);
69	return 1;
70    }
71
72    ret = krb5_kt_start_seq_get (context, src_keytab, &cursor);
73    if (ret) {
74	krb5_warn (context, ret, "krb5_kt_start_seq_get %s", keytab_string);
75	goto out;
76    }
77
78    if (verbose_flag)
79	fprintf(stderr, "copying %s to %s\n", from, to);
80
81    while((ret = krb5_kt_next_entry(context, src_keytab,
82				    &entry, &cursor)) == 0) {
83	char *name_str;
84	char *etype_str;
85	ret = krb5_unparse_name (context, entry.principal, &name_str);
86	if(ret) {
87	    krb5_warn(context, ret, "krb5_unparse_name");
88	    name_str = NULL; /* XXX */
89	}
90	ret = krb5_enctype_to_string(context, entry.keyblock.keytype, &etype_str);
91	if(ret) {
92	    krb5_warn(context, ret, "krb5_enctype_to_string");
93	    etype_str = NULL; /* XXX */
94	}
95	ret = krb5_kt_get_entry(context, dst_keytab,
96				entry.principal,
97				entry.vno,
98				entry.keyblock.keytype,
99				&dummy);
100	if(ret == 0) {
101	    /* this entry is already in the new keytab, so no need to
102               copy it; if the keyblocks are not the same, something
103               is weird, so complain about that */
104	    if(!compare_keyblock(&entry.keyblock, &dummy.keyblock)) {
105		krb5_warnx(context, "entry with different keyvalue "
106			   "already exists for %s, keytype %s, kvno %d",
107			   name_str, etype_str, entry.vno);
108	    }
109	    krb5_kt_free_entry(context, &dummy);
110	    krb5_kt_free_entry (context, &entry);
111	    free(name_str);
112	    free(etype_str);
113	    continue;
114	} else if(ret != KRB5_KT_NOTFOUND) {
115	    krb5_warn (context, ret, "%s: fetching %s/%s/%u",
116		       to, name_str, etype_str, entry.vno);
117	    krb5_kt_free_entry (context, &entry);
118	    free(name_str);
119	    free(etype_str);
120	    break;
121	}
122	if (verbose_flag)
123	    fprintf (stderr, "copying %s, keytype %s, kvno %d\n", name_str,
124		     etype_str, entry.vno);
125	ret = krb5_kt_add_entry (context, dst_keytab, &entry);
126	krb5_kt_free_entry (context, &entry);
127	if (ret) {
128	    krb5_warn (context, ret, "%s: adding %s/%s/%u",
129		       to, name_str, etype_str, entry.vno);
130	    free(name_str);
131	    free(etype_str);
132	    break;
133	}
134	free(name_str);
135	free(etype_str);
136    }
137    krb5_kt_end_seq_get (context, src_keytab, &cursor);
138
139  out:
140    krb5_kt_close (context, src_keytab);
141    krb5_kt_close (context, dst_keytab);
142    return ret != 0;
143}
144