Print this page
6817447 libgss and various mechs are hiding both the real minor_status and the error token
6405422 Solaris acceptors fail in AD-KDC environments when using non-"host" services (e.g. "cifs")
6824434 Unable to accept context establishment initiated by Windows 2000 clients
6787343 kclient's site lookups fail in certain network environments
6692646 kclient should output errors to stderr
6525327 kinit failed when arcfour-hmac-md5-exp was used for the principal's key
6745582 SUNWkdcu missing package dependencies after kclientv2 integration
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/krb5/kadmin/kclient/ksetpw.c
+++ new/usr/src/cmd/krb5/kadmin/kclient/ksetpw.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
|
↓ open down ↓ |
12 lines elided |
↑ open up ↑ |
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 - * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 + * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
24 24 * Use is subject to license terms.
25 25 */
26 26
27 -#pragma ident "%Z%%M% %I% %E% SMI"
28 -
29 27 #include <stdio.h>
30 28 #include <stdlib.h>
31 29 #include <strings.h>
32 30 #include <locale.h>
33 31 #include <netdb.h>
34 32 #include "k5-int.h"
35 33
36 34 #define QUOTE(x) #x
37 35 #define VAL2STR(x) QUOTE(x)
38 36
39 37 static char *whoami = NULL;
40 38
41 39 static void kt_add_entry(krb5_context ctx, krb5_keytab kt,
42 - const krb5_principal princ, krb5_enctype enctype, krb5_kvno kvno,
43 - const char *pw);
40 + const krb5_principal princ, const krb5_principal sprinc,
41 + krb5_enctype enctype, krb5_kvno kvno, const char *pw);
44 42
45 43 static krb5_error_code kt_remove_entries(krb5_context ctx, krb5_keytab kt,
46 44 const krb5_principal princ);
47 45
48 46 static void usage();
49 47
50 48 int
51 49 main(int argc, char **argv)
52 50 {
53 51 krb5_context ctx = NULL;
54 52 krb5_error_code code = 0;
55 53 krb5_enctype *enctypes;
56 54 int enctype_count = 0;
57 55 krb5_ccache cc = NULL;
58 56 krb5_keytab kt = NULL;
59 57 krb5_kvno kvno = 1;
60 - krb5_principal victim;
58 + krb5_principal victim, salt;
61 59 char c, *vprincstr, *ktname, *token, *lasts, *newpw;
62 60 int result_code, i, len, nflag = 0;
63 61 krb5_data result_code_string, result_string;
64 62
65 63 (void) setlocale(LC_ALL, "");
66 64
67 65 #if !defined(TEXT_DOMAIN)
68 66 #define TEXT_DOMAIN "SYS_TEST"
69 67 #endif /* TEXT_DOMAIN */
70 68
71 69 (void) textdomain(TEXT_DOMAIN);
72 70
73 71 /* Misc init stuff */
74 72 (void) memset(&result_code_string, 0, sizeof (result_code_string));
|
↓ open down ↓ |
4 lines elided |
↑ open up ↑ |
75 73 (void) memset(&result_string, 0, sizeof (result_string));
76 74
77 75 whoami = argv[0];
78 76
79 77 code = krb5_init_context(&ctx);
80 78 if (code != 0) {
81 79 com_err(whoami, code, gettext("krb5_init_context() failed"));
82 80 exit(1);
83 81 }
84 82
85 - while ((c = getopt(argc, argv, "v:c:k:e:n")) != -1) {
83 + while ((c = getopt(argc, argv, "v:c:k:e:ns:")) != -1) {
86 84 switch (c) {
87 85 case 'n':
88 86 nflag++;
89 87 break;
90 88 case 'k':
91 89 if (kt != NULL)
92 90 usage();
93 91 len = snprintf(NULL, 0, "WRFILE:%s", optarg) + 1;
94 92 if ((ktname = malloc(len)) == NULL) {
95 93 (void) fprintf(stderr,
96 94 gettext("Couldn't allocate memory\n"));
97 95 exit(1);
98 96 }
99 97 (void) snprintf(ktname, len, "WRFILE:%s", optarg);
100 98 if ((code = krb5_kt_resolve(ctx, ktname, &kt)) != 0) {
101 99 com_err(whoami, code,
102 100 gettext("Couldn't open/create "
103 101 "keytab %s"), optarg);
104 102 exit(1);
105 103 }
106 104 break;
107 105 case 'c':
108 106 if (cc != NULL)
109 107 usage();
110 108 if ((code = krb5_cc_resolve(ctx, optarg, &cc)) != 0) {
111 109 com_err(whoami, code,
112 110 gettext("Couldn't open ccache %s"), optarg);
113 111 exit(1);
114 112 }
115 113 break;
116 114 case 'e':
117 115 len = strlen(optarg);
118 116 token = strtok_r(optarg, ",\t,", &lasts);
119 117
120 118 if (token == NULL)
121 119 usage();
122 120
123 121 do {
124 122 if (enctype_count++ == 0) {
125 123 enctypes = malloc(sizeof (*enctypes));
126 124 } else {
127 125 enctypes = realloc(enctypes,
128 126 sizeof (*enctypes) * enctype_count);
129 127 }
130 128 if (enctypes == NULL) {
131 129 (void) fprintf(stderr, gettext
132 130 ("Couldn't allocate memory"));
133 131 exit(1);
134 132 }
135 133 code = krb5_string_to_enctype(token,
136 134 &enctypes[enctype_count - 1]);
137 135
138 136 if (code != 0) {
139 137 com_err(whoami, code, gettext("Unknown "
|
↓ open down ↓ |
44 lines elided |
↑ open up ↑ |
140 138 "or unsupported enctype %s"),
141 139 optarg);
142 140 exit(1);
143 141 }
144 142 } while ((token = strtok_r(NULL, ",\t ", &lasts)) !=
145 143 NULL);
146 144 break;
147 145 case 'v':
148 146 kvno = (krb5_kvno) atoi(optarg);
149 147 break;
148 + case 's':
149 + vprincstr = optarg;
150 + code = krb5_parse_name(ctx, vprincstr, &salt);
151 + if (code != 0) {
152 + com_err(whoami, code,
153 + gettext("krb5_parse_name(%s) failed"),
154 + vprincstr);
155 + exit(1);
156 + }
157 + break;
150 158 default:
151 159 usage();
152 160 break;
153 161 }
154 162 }
155 163
156 164 if (nflag && enctype_count == 0)
157 165 usage();
158 166
159 167 if (nflag == 0 && cc == NULL &&
160 168 (code = krb5_cc_default(ctx, &cc)) != 0) {
161 169 com_err(whoami, code, gettext("Could not find a ccache"));
162 170 exit(1);
163 171 }
164 172
165 173 if (enctype_count > 0 && kt == NULL &&
166 174 (code = krb5_kt_default(ctx, &kt)) != 0) {
167 175 com_err(whoami, code, gettext("No keytab specified"));
168 176 exit(1);
169 177 }
170 178
171 179 if (argc != (optind + 1))
172 180 usage();
173 181
174 182 vprincstr = argv[optind];
175 183 code = krb5_parse_name(ctx, vprincstr, &victim);
176 184 if (code != 0) {
177 185 com_err(whoami, code, gettext("krb5_parse_name(%s) failed"),
178 186 vprincstr);
179 187 exit(1);
180 188 }
181 189
182 190 if (!isatty(fileno(stdin))) {
183 191 char buf[PASS_MAX + 1];
184 192
185 193 if (scanf("%" VAL2STR(PASS_MAX) "s", &buf) != 1) {
186 194 (void) fprintf(stderr,
187 195 gettext("Couldn't read new password\n"));
188 196 exit(1);
189 197 }
190 198
191 199 newpw = strdup(buf);
192 200 if (newpw == NULL) {
193 201 (void) fprintf(stderr,
194 202 gettext("Couldn't allocate memory\n"));
195 203 exit(1);
196 204 }
197 205 } else {
198 206 newpw = getpassphrase(gettext("Enter new password: "));
199 207 if (newpw == NULL) {
200 208 (void) fprintf(stderr,
201 209 gettext("Couldn't read new password\n"));
202 210 exit(1);
203 211 }
204 212
205 213 newpw = strdup(newpw);
206 214 if (newpw == NULL) {
207 215 (void) fprintf(stderr,
208 216 gettext("Couldn't allocate memory\n"));
209 217 exit(1);
210 218 }
211 219 }
212 220
213 221 if (nflag == 0) {
214 222 code = krb5_set_password_using_ccache(ctx, cc, newpw, victim,
215 223 &result_code, &result_code_string, &result_string);
216 224 if (code != 0) {
217 225 com_err(whoami, code,
218 226 gettext("krb5_set_password() failed"));
219 227 exit(1);
220 228 }
221 229 krb5_cc_close(ctx, cc);
222 230
223 231 (void) printf("Result: %.*s (%d) %.*s\n",
224 232 result_code == 0 ?
225 233 strlen("success") : result_code_string.length,
226 234 result_code == 0 ? "success" : result_code_string.data,
227 235 result_code,
228 236 result_string.length, result_string.data);
229 237
|
↓ open down ↓ |
70 lines elided |
↑ open up ↑ |
230 238 if (result_code != 0) {
231 239 (void) fprintf(stderr, gettext("Exiting...\n"));
232 240 exit(result_code);
233 241 }
234 242 }
235 243
236 244 if (enctype_count && (code = kt_remove_entries(ctx, kt, victim)))
237 245 goto error;
238 246
239 247 for (i = 0; i < enctype_count; i++)
240 - kt_add_entry(ctx, kt, victim, enctypes[i], kvno, newpw);
248 + kt_add_entry(ctx, kt, victim, salt, enctypes[i], kvno, newpw);
241 249
242 250 error:
243 251 if (kt != NULL)
244 252 krb5_kt_close(ctx, kt);
245 253
246 254 return (code ? 1 : 0);
247 255 }
248 256
249 257 static
250 258 krb5_error_code
251 259 kt_remove_entries(krb5_context ctx, krb5_keytab kt, const krb5_principal princ)
252 260 {
253 261 krb5_error_code code;
254 262 krb5_kt_cursor cursor;
255 263 krb5_keytab_entry entry;
256 264
257 265 /*
258 266 * This is not a fatal error, we expect this to fail in the majority
259 267 * of cases (when clients are first initialized).
260 268 */
261 269 code = krb5_kt_get_entry(ctx, kt, princ, 0, 0, &entry);
262 270 if (code != 0) {
263 271 com_err(whoami, code,
264 272 gettext("Could not retrieve entry in keytab"));
265 273 return (0);
266 274 }
267 275
268 276 krb5_kt_free_entry(ctx, &entry);
269 277
270 278 code = krb5_kt_start_seq_get(ctx, kt, &cursor);
271 279 if (code != 0) {
272 280 com_err(whoami, code, gettext("While starting keytab scan"));
273 281 return (code);
274 282 }
275 283
276 284 while ((code = krb5_kt_next_entry(ctx, kt, &entry, &cursor)) == 0) {
277 285 if (krb5_principal_compare(ctx, princ, entry.principal)) {
278 286
279 287 code = krb5_kt_end_seq_get(ctx, kt, &cursor);
280 288 if (code != 0) {
281 289 com_err(whoami, code,
282 290 gettext("While temporarily "
283 291 "ending keytab scan"));
284 292 return (code);
285 293 }
286 294
287 295 code = krb5_kt_remove_entry(ctx, kt, &entry);
288 296 if (code != 0) {
289 297 com_err(whoami, code,
290 298 gettext("While deleting entry "
291 299 "from keytab"));
292 300 return (code);
293 301 }
294 302
295 303 code = krb5_kt_start_seq_get(ctx, kt, &cursor);
296 304 if (code != 0) {
297 305 com_err(whoami, code,
298 306 gettext("While restarting keytab scan"));
299 307 return (code);
300 308 }
301 309 }
302 310
303 311 krb5_kt_free_entry(ctx, &entry);
304 312 }
305 313
306 314 if (code && code != KRB5_KT_END) {
307 315 com_err(whoami, code, gettext("While scanning keytab"));
308 316 return (code);
309 317 }
310 318
311 319 if ((code = krb5_kt_end_seq_get(ctx, kt, &cursor))) {
|
↓ open down ↓ |
61 lines elided |
↑ open up ↑ |
312 320 com_err(whoami, code, gettext("While ending keytab scan"));
313 321 return (code);
314 322 }
315 323
316 324 return (0);
317 325 }
318 326
319 327 static
320 328 void
321 329 kt_add_entry(krb5_context ctx, krb5_keytab kt, const krb5_principal princ,
322 - krb5_enctype enctype, krb5_kvno kvno, const char *pw)
330 + const krb5_principal sprinc, krb5_enctype enctype, krb5_kvno kvno,
331 + const char *pw)
323 332 {
324 333 krb5_keytab_entry *entry;
325 334 krb5_data password, salt;
326 335 krb5_keyblock key;
327 336 krb5_error_code code;
328 337 char buf[100];
329 338
330 339 if ((code = krb5_enctype_to_string(enctype, buf, sizeof (buf)))) {
331 340 com_err(whoami, code, gettext("Enctype %d has no name!"),
332 341 enctype);
333 342 return;
334 343 }
|
↓ open down ↓ |
2 lines elided |
↑ open up ↑ |
335 344 if ((entry = (krb5_keytab_entry *) malloc(sizeof (*entry))) == NULL) {
336 345 (void) fprintf(stderr, gettext("Couldn't allocate memory"));
337 346 return;
338 347 }
339 348
340 349 (void) memset((char *)entry, 0, sizeof (*entry));
341 350
342 351 password.length = strlen(pw);
343 352 password.data = (char *)pw;
344 353
345 - if ((code = krb5_principal2salt(ctx, princ, &salt)) != 0) {
354 + if ((code = krb5_principal2salt(ctx, sprinc, &salt)) != 0) {
346 355 com_err(whoami, code,
347 356 gettext("Could not compute salt for %s"), enctype);
348 357 return;
349 358 }
350 359
351 360 code = krb5_c_string_to_key(ctx, enctype, &password, &salt, &key);
352 361
353 362 if (code != 0) {
354 363 com_err(whoami, code, gettext("Could not compute salt for %s"),
355 364 enctype);
356 365 krb5_xfree(salt.data);
357 366 return;
358 367 }
359 368
360 369 (void) memcpy(&entry->key, &key, sizeof (krb5_keyblock));
361 370 entry->vno = kvno;
362 371 entry->principal = princ;
363 372
364 373 if ((code = krb5_kt_add_entry(ctx, kt, entry)) != 0) {
365 374 com_err(whoami, code,
366 375 gettext("Could not add entry to keytab"));
367 376 }
368 377 }
369 378
370 379 static
371 380 void
372 381 usage()
373 382 {
374 383 (void) fprintf(stderr, gettext("Usage: %s [-c ccache] [-k keytab] "
375 384 "[-e enctype_list] [-n] princ\n"), whoami);
376 385 (void) fprintf(stderr,
377 386 gettext("\t-n\tDon't set the principal's password\n"));
378 387 (void) fprintf(stderr, gettext("\tenctype_list is a comma or whitespace"
379 388 " separated list\n"));
380 389 (void) fprintf(stderr, gettext("\tIf -n is used then -k and -e must be "
381 390 "used\n"));
382 391
383 392 exit(1);
384 393 }
|
↓ open down ↓ |
29 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX