From 538354d4749ffc0e7cc7e9552338b8f75ed01438 Mon Sep 17 00:00:00 2001 From: Chaskiel Grundman Date: Thu, 11 Apr 2013 00:12:36 -0400 Subject: [PATCH] Asetkey now handles afsconf_rxkad_krb5 keys too afsconf_rxkad_krb5 keys can hold any kerberos enctype, not just des. Allow asetkey to copy them into KeyFileExt and print them, too. Change-Id: I11a7dc7770da58c8381accd7fa2164cdfcea43ae --- src/aklog/asetkey.c | 68 ++++++++++++++++++++++++++++++++------------- 1 file changed, 48 insertions(+), 20 deletions(-) diff --git a/src/aklog/asetkey.c b/src/aklog/asetkey.c index e73fe57b3..7fe95df17 100644 --- a/src/aklog/asetkey.c +++ b/src/aklog/asetkey.c @@ -32,6 +32,8 @@ static int stringToType(const char *string) { if (strcmp(string, "rxkad") == 0) return afsconf_rxkad; + if (strcmp(string, "rxkad_krb5") == 0) + return afsconf_rxkad_krb5; return atoi(string); } @@ -103,7 +105,7 @@ keyFromCommandLine(afsconf_keyType type, int kvno, int subType, #endif static struct afsconf_typedKey * -keyFromKeytab(int kvno, const char *keytab, const char *princ) +keyFromKeytab(int kvno, afsconf_keyType type, int subtype, const char *keytab, const char *princ) { int retval; krb5_principal principal; @@ -120,26 +122,38 @@ keyFromKeytab(int kvno, const char *keytab, const char *princ) exit(1); } - retval = krb5_kt_read_service_key(context, (char *)keytab, principal, - kvno, ENCTYPE_DES_CBC_CRC, &key); - if (retval == KRB5_KT_NOTFOUND) - retval = krb5_kt_read_service_key(context, (char *)keytab, - principal, kvno, - ENCTYPE_DES_CBC_MD5, &key); - if (retval == KRB5_KT_NOTFOUND) - retval = krb5_kt_read_service_key(context, (char *)keytab, - principal, kvno, - ENCTYPE_DES_CBC_MD4, &key); - + if (type == afsconf_rxkad) { + retval = krb5_kt_read_service_key(context, (char *)keytab, principal, + kvno, ENCTYPE_DES_CBC_CRC, &key); + if (retval == KRB5_KT_NOTFOUND) + retval = krb5_kt_read_service_key(context, (char *)keytab, + principal, kvno, + ENCTYPE_DES_CBC_MD5, &key); + if (retval == KRB5_KT_NOTFOUND) + retval = krb5_kt_read_service_key(context, (char *)keytab, + principal, kvno, + ENCTYPE_DES_CBC_MD4, &key); + } else if (type == afsconf_rxkad_krb5) { + retval = krb5_kt_read_service_key(context, (char *)keytab, principal, + kvno, subtype, &key); + } else { + retval=AFSCONF_BADKEY; + } if (retval == KRB5_KT_NOTFOUND) { char * princname = NULL; krb5_unparse_name(context, principal, &princname); - afs_com_err("asetkey", retval, - "for keytab entry with Principal %s, kvno %u, " - "DES-CBC-CRC/MD5/MD4", - princname ? princname : princ, kvno); + if (type == afsconf_rxkad) { + afs_com_err("asetkey", retval, + "for keytab entry with Principal %s, kvno %u, " + "DES-CBC-CRC/MD5/MD4", + princname ? princname : princ, kvno); + } else { + afs_com_err("asetkey", retval, + "for keytab entry with Principal %s, kvno %u", + princname ? princname : princ, kvno); + } exit(1); } @@ -148,7 +162,7 @@ keyFromKeytab(int kvno, const char *keytab, const char *princ) exit(1); } - if (deref_key_length(key) != 8) { + if (type == afsconf_rxkad && deref_key_length(key) != 8) { fprintf(stderr, "Key length should be 8, but is really %u!\n", (unsigned int)deref_key_length(key)); exit(1); @@ -156,7 +170,7 @@ keyFromKeytab(int kvno, const char *keytab, const char *princ) rx_opaque_populate(&buffer, deref_key_contents(key), deref_key_length(key)); - typedKey = afsconf_typedKey_new(afsconf_rxkad, kvno, 0, &buffer); + typedKey = afsconf_typedKey_new(type, kvno, subtype, &buffer); rx_opaque_freeContents(&buffer); krb5_free_principal(context, principal); krb5_free_keyblock(context, key); @@ -176,7 +190,7 @@ addKey(struct afsconf_dir *dir, int argc, char **argv) { argv[3], 8); break; case 5: - typedKey = keyFromKeytab(atoi(argv[2]), argv[3], argv[4]); + typedKey = keyFromKeytab(atoi(argv[2]), afsconf_rxkad, 0, argv[3], argv[4]); break; case 6: type = stringToType(argv[2]); @@ -188,12 +202,17 @@ addKey(struct afsconf_dir *dir, int argc, char **argv) { exit(1); } break; + case 7: + typedKey = keyFromKeytab(atoi(argv[3]), atoi(argv[2]), atoi(argv[4]), argv[5], argv[6]); + break; default: fprintf(stderr, "%s add: usage is '%s add " "\n", argv[0], argv[0]); fprintf(stderr, "\tOR\n\t%s add \n", argv[0]); fprintf(stderr, "\tOR\n\t%s add \n", argv[0]); + fprintf(stderr, "\tOR\n\t%s add \n", + argv[0]); fprintf(stderr, "\t\tEx: %s add 0 \"80b6a7cd7a9dadb6\"\n", argv[0]); exit(1); } @@ -251,8 +270,15 @@ listKey(struct afsconf_dir *dir, int argc, char **argv) printKey(keyMaterial); } break; + case afsconf_rxkad_krb5: + if (kvno != -1) { + printf("rxkad_krb5\tkvno %4d enctype %d; key is: ", + kvno, minorType); + printKey(keyMaterial); + } + break; default: - printf("unknown(%d)\tkvno %4d subtype %d key is: ", type, + printf("unknown(%d)\tkvno %4d subtype %d; key is: ", type, kvno, minorType); printKey(keyMaterial); break; @@ -274,6 +300,8 @@ main(int argc, char *argv[]) fprintf(stderr, "\tOR\n\t%s add \n", argv[0]); fprintf(stderr, "\tOR\n\t%s add \n", argv[0]); + fprintf(stderr, "\tOR\n\t%s add \n", + argv[0]); fprintf(stderr, "\t\tEx: %s add 0 \"80b6a7cd7a9dadb6\"\n", argv[0]); fprintf(stderr, "\t%s delete \n", argv[0]); fprintf(stderr, "\t%s list\n", argv[0]); -- 2.39.5