[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cisco enctypes trouble
Jakob Schlyter <jakob@cdg.chalmers.se> writes:
> kinit gets des3-cbc-sha1. telnet gets des-cbc-crc. cisco
> happy. sysadmin happy.
Hey, sounds great. Now we just need to work on that world peace
thing. :-)
> > If you do, I might implement a better command in `kadmin'. :-)
>
> That would be nice.
A patch to add the kadmin command `del_entry' is attached. That will
of course also be included in the upcoming 0.2e.
/assar
Index: ChangeLog
===================================================================
RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/heimdal/lib/kadm5/ChangeLog,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -w -r1.31 -r1.32
--- ChangeLog 1999/11/20 20:51:46 1.31
+++ ChangeLog 1999/11/25 22:35:01 1.32
@@ -1,3 +1,10 @@
+1999-11-25 Assar Westerlund <assar@sics.se>
+
+ * modify_s.c (kadm5_s_modify_principal): support key_data
+ (kadm5_s_modify_principal_with_key): remove
+
+ * admin.h (kadm5_s_modify_principal_with_key): remove
+
1999-11-20 Assar Westerlund <assar@sics.se>
* context_s.c (find_db_spec): ugly cast work-around.
Index: admin.h
===================================================================
RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/heimdal/lib/kadm5/admin.h,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -w -r1.13 -r1.14
--- admin.h 1999/11/09 18:08:43 1.13
+++ admin.h 1999/11/25 22:33:21 1.14
@@ -35,7 +35,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
-/* $Id: admin.h,v 1.13 1999/11/09 18:08:43 joda Exp $ */
+/* $Id: admin.h,v 1.14 1999/11/25 22:33:21 assar Exp $ */
#ifndef __KADM5_ADMIN_H__
#define __KADM5_ADMIN_H__
@@ -618,12 +618,6 @@
kadm5_ret_t
kadm5_s_modify_principal __P((
- void *server_handle,
- kadm5_principal_ent_t princ,
- u_int32_t mask));
-
-kadm5_ret_t
-kadm5_s_modify_principal_with_key __P((
void *server_handle,
kadm5_principal_ent_t princ,
u_int32_t mask));
Index: modify_s.c
===================================================================
RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/heimdal/lib/kadm5/modify_s.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -w -r1.7 -r1.8
--- modify_s.c 1999/05/04 18:42:43 1.7
+++ modify_s.c 1999/11/25 22:34:42 1.8
@@ -38,7 +38,7 @@
#include "kadm5_locl.h"
-RCSID("$Id: modify_s.c,v 1.7 1999/05/04 18:42:43 assar Exp $");
+RCSID("$Id: modify_s.c,v 1.8 1999/11/25 22:34:42 assar Exp $");
static kadm5_ret_t
modify_principal(void *server_handle,
@@ -88,18 +88,6 @@
kadm5_s_modify_principal(void *server_handle,
kadm5_principal_ent_t princ,
u_int32_t mask)
-{
- return modify_principal(server_handle, princ, mask,
- KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME
- | KADM5_MOD_NAME | KADM5_MKVNO
- | KADM5_AUX_ATTRIBUTES | KADM5_LAST_SUCCESS
- | KADM5_LAST_FAILED | KADM5_KEY_DATA);
-}
-
-kadm5_ret_t
-kadm5_s_modify_principal_with_key(void *server_handle,
- kadm5_principal_ent_t princ,
- u_int32_t mask)
{
return modify_principal(server_handle, princ, mask,
KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME
Index: ChangeLog
===================================================================
RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/heimdal/kadmin/ChangeLog,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -w -r1.29 -r1.30
--- ChangeLog 1999/11/09 18:17:35 1.29
+++ ChangeLog 1999/11/25 22:32:58 1.30
@@ -1,3 +1,15 @@
+1999-11-25 Assar Westerlund <assar@sics.se>
+
+ * version4.c (kadm_ser_mod): use kadm5_s_modify_principal (no
+ _with_key)
+
+ * kadmin.c: add `del_enctype'
+
+ * del_enctype.c (del_enctype): new function for deleting enctypes
+ from a principal
+
+ * Makefile.am (kadmin_SOURCES): add del_enctype.c
+
1999-11-09 Johan Danielsson <joda@pdc.kth.se>
* server.c: cope with old clients
Index: Makefile.am
===================================================================
RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/heimdal/kadmin/Makefile.am,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -w -r1.23 -r1.24
--- Makefile.am 1999/10/17 11:39:42 1.23
+++ Makefile.am 1999/11/25 22:31:42 1.24
@@ -1,4 +1,4 @@
-# $Id: Makefile.am,v 1.23 1999/10/17 11:39:42 assar Exp $
+# $Id: Makefile.am,v 1.24 1999/11/25 22:31:42 assar Exp $
include $(top_srcdir)/Makefile.am.common
@@ -9,8 +9,20 @@
libexec_PROGRAMS = kadmind
kadmin_SOURCES = \
- ank.c cpw.c del.c dump.c ext.c get.c init.c kadmin.c \
- load.c mod.c rename.c util.c random_password.c \
+ ank.c \
+ cpw.c \
+ del.c \
+ del_enctype.c \
+ dump.c \
+ ext.c \
+ get.c \
+ init.c \
+ kadmin.c \
+ load.c \
+ mod.c \
+ rename.c \
+ util.c \
+ random_password.c \
kadmin_locl.h
if KRB4
Index: del_enctype.c
===================================================================
RCS file: del_enctype.c
diff -N del_enctype.c
--- /dev/null Thu Nov 25 23:30:15 1999
+++ /tmp/cvsEAAa15756 Thu Nov 25 23:37:05 1999
@@ -0,0 +1,137 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadmin_locl.h"
+
+RCSID("$Id: del_enctype.c,v 1.1 1999/11/25 22:31:25 assar Exp $");
+
+static struct getargs args[] = {
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(void)
+{
+ arg_printusage (args, num_args, "del_enctype", "principal enctypes...");
+}
+
+/*
+ * del_enctype principal enctypes...
+ */
+
+int
+del_enctype(int argc, char **argv)
+{
+ kadm5_principal_ent_rec princ;
+ krb5_principal princ_ent = NULL;
+ krb5_error_code ret;
+ const char *princ_name;
+ int i, j, k;
+ krb5_key_data *new_key_data;
+ int n_etypes;
+ krb5_enctype *etypes;
+
+ if (argc < 3) {
+ usage ();
+ return 0;
+ }
+
+ memset (&princ, 0, sizeof(princ));
+ princ_name = argv[1];
+ n_etypes = argc - 2;
+ etypes = malloc (n_etypes * sizeof(*etypes));
+ if (etypes == NULL) {
+ krb5_warnx (context, "out of memory");
+ return 0;
+ }
+ for (i = 0; i < n_etypes; ++i) {
+ ret = krb5_string_to_enctype (context, argv[i + 2], &etypes[i]);
+ if (ret) {
+ krb5_warnx (context, "bad enctype `%s'", argv[i + 2]);
+ goto out2;
+ }
+ }
+
+ ret = krb5_parse_name(context, princ_name, &princ_ent);
+ if (ret) {
+ krb5_warn (context, ret, "krb5_parse_name %s", princ_name);
+ goto out2;
+ }
+
+ ret = kadm5_get_principal(kadm_handle, princ_ent, &princ,
+ KADM5_PRINCIPAL | KADM5_KEY_DATA);
+ if (ret) {
+ krb5_free_principal (context, princ_ent);
+ krb5_warnx (context, "no such principal: %s", princ_name);
+ goto out2;
+ }
+
+ new_key_data = malloc(princ.n_key_data * sizeof(*new_key_data));
+ if (new_key_data == NULL) {
+ krb5_warnx (context, "out of memory");
+ goto out;
+ }
+
+ for (i = 0, j = 0; i < princ.n_key_data; ++i) {
+ krb5_key_data *key = &princ.key_data[i];
+ int docopy = 1;
+
+ for (k = 0; k < n_etypes; ++k)
+ if (etypes[k] == key->key_data_type[0]) {
+ docopy = 0;
+ break;
+ }
+ if (docopy)
+ new_key_data[j++] = *key;
+ }
+
+ free (princ.key_data);
+ princ.n_key_data = j;
+ princ.key_data = new_key_data;
+
+ ret = kadm5_modify_principal (kadm_handle, &princ, KADM5_KEY_DATA);
+ if (ret)
+ krb5_warn(context, ret, "kadm5_modify_principal");
+out:
+ krb5_free_principal (context, princ_ent);
+ kadm5_free_principal_ent(kadm_handle, &princ);
+out2:
+ free (etypes);
+ return 0;
+}
Index: kadmin.c
===================================================================
RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/heimdal/kadmin/kadmin.c,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -w -r1.24 -r1.25
--- kadmin.c 1999/05/04 18:41:13 1.24
+++ kadmin.c 1999/11/25 22:32:17 1.25
@@ -39,7 +39,7 @@
#include "kadmin_locl.h"
#include <sl.h>
-RCSID("$Id: kadmin.c,v 1.24 1999/05/04 18:41:13 assar Exp $");
+RCSID("$Id: kadmin.c,v 1.25 1999/11/25 22:32:17 assar Exp $");
static char *config_file;
static char *keyfile;
@@ -120,6 +120,10 @@
"Deletes all principals matching the expressions."
},
{ "del_entry" },
+ {
+ "del_enctype", del_enctype, "del_enctype principal enctype...",
+ "Delete all the mentioned enctypes for principal."
+ },
{
"ext_keytab", ext_keytab, "ext_keytab expression...",
"Extracts the keys of all principals matching the expressions,\n"
Index: kadmin_locl.h
===================================================================
RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/heimdal/kadmin/kadmin_locl.h,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -w -r1.22 -r1.23
--- kadmin_locl.h 1999/11/13 04:13:36 1.22
+++ kadmin_locl.h 1999/11/25 22:32:26 1.23
@@ -37,7 +37,7 @@
*/
/*
- * $Id: kadmin_locl.h,v 1.22 1999/11/13 04:13:36 assar Exp $
+ * $Id: kadmin_locl.h,v 1.23 1999/11/25 22:32:26 assar Exp $
*/
#ifndef __ADMIN_LOCL_H__
@@ -96,6 +96,7 @@
DECL(add_new_key);
DECL(cpw_entry);
DECL(del_entry);
+DECL(del_enctype);
DECL(exit_kadmin);
DECL(ext_keytab);
DECL(get_entry);
Index: version4.c
===================================================================
RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/heimdal/kadmin/version4.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -w -r1.15 -r1.16
--- version4.c 1999/09/16 21:39:08 1.15
+++ version4.c 1999/11/25 22:32:47 1.16
@@ -41,7 +41,7 @@
#include <krb_err.h>
#include <kadm_err.h>
-RCSID("$Id: version4.c,v 1.15 1999/09/16 21:39:08 assar Exp $");
+RCSID("$Id: version4.c,v 1.16 1999/11/25 22:32:47 assar Exp $");
#define KADM_NO_OPCODE -1
#define KADM_NO_ENCRYPT -2
@@ -651,7 +651,7 @@
if (ret)
goto fail;
- ret = kadm5_s_modify_principal_with_key(kadm_handle, &ent, mask);
+ ret = kadm5_s_modify_principal(kadm_handle, &ent, mask);
if(ret) {
kadm5_free_principal_ent(kadm_handle, &ent);
krb5_warn(context, ret, "kadm5_s_modify_principal");