add_enctype.c revision 1.1
1/* $NetBSD: add_enctype.c,v 1.1 2011/04/13 18:14:34 elric Exp $ */ 2 3/* 4 * Copyright (c) 1999-2006 Kungliga Tekniska H��gskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36#include "kadmin_locl.h" 37#include "kadmin-commands.h" 38 39/* 40 * del_enctype principal enctypes... 41 */ 42 43int 44add_enctype(struct add_enctype_options*opt, int argc, char **argv) 45{ 46 kadm5_principal_ent_rec princ; 47 krb5_principal princ_ent = NULL; 48 krb5_error_code ret; 49 const char *princ_name; 50 int i, j; 51 krb5_key_data *new_key_data; 52 int n_etypes; 53 krb5_enctype *etypes; 54 55 if (!opt->random_key_flag) { 56 krb5_warnx (context, "only random key is supported now"); 57 return 0; 58 } 59 60 memset (&princ, 0, sizeof(princ)); 61 princ_name = argv[0]; 62 n_etypes = argc - 1; 63 etypes = malloc (n_etypes * sizeof(*etypes)); 64 if (etypes == NULL) { 65 krb5_warnx (context, "out of memory"); 66 return 0; 67 } 68 argv++; 69 for (i = 0; i < n_etypes; ++i) { 70 ret = krb5_string_to_enctype (context, argv[i], &etypes[i]); 71 if (ret) { 72 krb5_warnx (context, "bad enctype \"%s\"", argv[i]); 73 goto out2; 74 } 75 } 76 77 ret = krb5_parse_name(context, princ_name, &princ_ent); 78 if (ret) { 79 krb5_warn (context, ret, "krb5_parse_name %s", princ_name); 80 goto out2; 81 } 82 83 ret = kadm5_get_principal(kadm_handle, princ_ent, &princ, 84 KADM5_PRINCIPAL | KADM5_KEY_DATA); 85 if (ret) { 86 krb5_free_principal (context, princ_ent); 87 krb5_warnx (context, "no such principal: %s", princ_name); 88 goto out2; 89 } 90 91 new_key_data = malloc((princ.n_key_data + n_etypes) 92 * sizeof(*new_key_data)); 93 if (new_key_data == NULL) { 94 krb5_warnx (context, "out of memory"); 95 goto out; 96 } 97 98 for (i = 0; i < princ.n_key_data; ++i) { 99 krb5_key_data *key = &princ.key_data[i]; 100 101 for (j = 0; j < n_etypes; ++j) { 102 if (etypes[j] == key->key_data_type[0]) { 103 krb5_warnx(context, "enctype %d already exists", 104 (int)etypes[j]); 105 free(new_key_data); 106 goto out; 107 } 108 } 109 new_key_data[i] = *key; 110 } 111 112 for (i = 0; i < n_etypes; ++i) { 113 int n = princ.n_key_data + i; 114 krb5_keyblock keyblock; 115 116 memset(&new_key_data[n], 0, sizeof(new_key_data[n])); 117 new_key_data[n].key_data_ver = 2; 118 new_key_data[n].key_data_kvno = 0; 119 120 ret = krb5_generate_random_keyblock (context, etypes[i], &keyblock); 121 if (ret) { 122 krb5_warnx(context, "genernate enctype %d failed", (int)etypes[i]); 123 while (--i >= 0) 124 free(new_key_data[--n].key_data_contents[0]); 125 goto out; 126 } 127 128 /* key */ 129 new_key_data[n].key_data_type[0] = etypes[i]; 130 new_key_data[n].key_data_contents[0] = malloc(keyblock.keyvalue.length); 131 if (new_key_data[n].key_data_contents[0] == NULL) { 132 ret = ENOMEM; 133 krb5_warn(context, ret, "out of memory"); 134 while (--i >= 0) 135 free(new_key_data[--n].key_data_contents[0]); 136 goto out; 137 } 138 new_key_data[n].key_data_length[0] = keyblock.keyvalue.length; 139 memcpy(new_key_data[n].key_data_contents[0], 140 keyblock.keyvalue.data, 141 keyblock.keyvalue.length); 142 krb5_free_keyblock_contents(context, &keyblock); 143 144 /* salt */ 145 new_key_data[n].key_data_type[1] = KRB5_PW_SALT; 146 new_key_data[n].key_data_length[1] = 0; 147 new_key_data[n].key_data_contents[1] = NULL; 148 149 } 150 151 free (princ.key_data); 152 princ.n_key_data += n_etypes; 153 princ.key_data = new_key_data; 154 new_key_data = NULL; 155 156 ret = kadm5_modify_principal (kadm_handle, &princ, KADM5_KEY_DATA); 157 if (ret) 158 krb5_warn(context, ret, "kadm5_modify_principal"); 159out: 160 krb5_free_principal (context, princ_ent); 161 kadm5_free_principal_ent(kadm_handle, &princ); 162out2: 163 free (etypes); 164 return ret != 0; 165} 166