/* Validate allowed_keysalts. */ static kadm5_ret_t validate_allowed_keysalts(const char *allowed_keysalts) { kadm5_ret_t ret; krb5_key_salt_tuple *ks_tuple = NULL; krb5_int32 n_ks_tuple = 0; if (strchr(allowed_keysalts, '\t') != NULL) return KADM5_BAD_KEYSALTS; ret = krb5_string_to_keysalts(allowed_keysalts, ",", NULL, 0, &ks_tuple, &n_ks_tuple); free(ks_tuple); if (ret == EINVAL) return KADM5_BAD_KEYSALTS; return ret; }
void kadmin_keytab_add(int argc, char **argv) { krb5_keytab keytab = 0; char *keytab_str = NULL, **princs; int code, num, i; krb5_error_code retval; int n_ks_tuple = 0; krb5_boolean keepold = FALSE; krb5_key_salt_tuple *ks_tuple = NULL; argc--; argv++; quiet = 0; #ifdef KADMIN_LOCAL norandkey = 0; #endif while (argc) { if (strncmp(*argv, "-k", 2) == 0) { argc--; argv++; if (!argc || keytab_str) { add_usage(); return; } keytab_str = *argv; } else if (strcmp(*argv, "-q") == 0) { quiet++; #ifdef KADMIN_LOCAL } else if (strcmp(*argv, "-norandkey") == 0) { norandkey++; #endif } else if (strcmp(*argv, "-e") == 0) { argc--; if (argc < 1) { add_usage(); return; } retval = krb5_string_to_keysalts(*++argv, ", \t", ":.-", 0, &ks_tuple, &n_ks_tuple); if (retval) { com_err("ktadd", retval, "while parsing keysalts %s", *argv); return; } } else break; argc--; argv++; } if (argc == 0) { add_usage(); return; } #ifdef KADMIN_LOCAL if (norandkey && ks_tuple) { fprintf(stderr, "cannot specify keysaltlist when not changing key\n"); return; } #endif if (process_keytab(context, &keytab_str, &keytab)) return; while (*argv) { if (strcmp(*argv, "-glob") == 0) { if (*++argv == NULL) { add_usage(); break; } code = kadm5_get_principals(handle, *argv, &princs, &num); if (code) { com_err(whoami, code, "while expanding expression \"%s\".", *argv); argv++; continue; } for (i = 0; i < num; i++) add_principal(handle, keytab_str, keytab, keepold, n_ks_tuple, ks_tuple, princs[i]); kadm5_free_name_list(handle, princs, num); } else { add_principal(handle, keytab_str, keytab, keepold, n_ks_tuple, ks_tuple, *argv); argv++; } } code = krb5_kt_close(context, keytab); if (code != 0) com_err(whoami, code, "while closing keytab"); free(keytab_str); }