int
main(int argc, char *argv[])
{
struct afsconf_dir *tdir;
long code;
const char *confdir;
if (argc == 1) {
fprintf(stderr, "%s: usage is '%s <opcode> options, e.g.\n",
argv[0], argv[0]);
fprintf(stderr, "\t%s add <kvno> <keyfile> <princ>\n", argv[0]);
fprintf(stderr, "\tOR\n\t%s add <kvno> <key>\n", argv[0]);
fprintf(stderr, "\t\tEx: %s add 0 \"80b6a7cd7a9dadb6\"\n", argv[0]);
fprintf(stderr, "\t%s delete <kvno>\n", argv[0]);
fprintf(stderr, "\t%s list\n", argv[0]);
exit(1);
}
confdir = AFSDIR_SERVER_ETC_DIRPATH;
tdir = afsconf_Open(confdir);
if (!tdir) {
fprintf(stderr, "%s: can't initialize conf dir '%s'\n", argv[0],
confdir);
exit(1);
}
if (strcmp(argv[1], "add")==0) {
krb5_context context;
krb5_principal principal;
krb5_keyblock *key;
krb5_error_code retval;
int kvno, keymode = 0;
if (argc != 5) {
if (argc == 4)
keymode = 1;
else {
fprintf(stderr, "%s add: usage is '%s add <kvno> <keyfile> "
"<princ>\n", argv[0], argv[0]);
fprintf(stderr, "\tOR\n\t%s add <kvno> <key>\n", argv[0]);
fprintf(stderr, "\t\tEx: %s add 0 \"80b6a7cd7a9dadb6\"\n", argv[0]);
exit(1);
}
}
kvno = atoi(argv[2]);
if (keymode) {
char tkey[8];
int i;
char *cp;
if (strlen(argv[3]) != 16) {
printf("key %s is not in right format\n", argv[3]);
printf(" <key> should be an 8byte hex representation \n");
printf(" Ex: setkey add 0 \"80b6a7cd7a9dadb6\"\n");
exit(1);
}
memset(tkey, 0, sizeof(tkey));
for (i = 7, cp = argv[3] + 15; i >= 0; i--, cp -= 2)
tkey[i] = char2hex(*cp) + char2hex(*(cp - 1)) * 16;
code = afsconf_AddKey(tdir, kvno, tkey, 1);
} else {
krb5_init_context(&context);
retval = krb5_parse_name(context, argv[4], &principal);
if (retval != 0) {
afs_com_err(argv[0], retval, "while parsing AFS principal");
exit(1);
}
retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
ENCTYPE_DES_CBC_CRC, &key);
if (retval == KRB5_KT_NOTFOUND)
retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
ENCTYPE_DES_CBC_MD5, &key);
if (retval == KRB5_KT_NOTFOUND)
retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
ENCTYPE_DES_CBC_MD4, &key);
if (retval == KRB5_KT_NOTFOUND) {
char * princname = NULL;
krb5_unparse_name(context, principal, &princname);
afs_com_err(argv[0], retval,
"for keytab entry with Principal %s, kvno %u, DES-CBC-CRC/MD5/MD4",
princname ? princname : argv[4],
kvno);
exit(1);
} else if (retval != 0) {
afs_com_err(argv[0], retval, "while extracting AFS service key");
exit(1);
}
#ifdef USING_HEIMDAL
#define deref_key_length(key) \
key->keyvalue.length
#define deref_key_contents(key) \
key->keyvalue.data
#else
#define deref_key_length(key) \
key->length
#define deref_key_contents(key) \
key->contents
#endif
if (deref_key_length(key) != 8) {
fprintf(stderr, "Key length should be 8, but is really %u!\n",
(unsigned int)deref_key_length(key));
exit(1);
}
code = afsconf_AddKey(tdir, kvno, (char *) deref_key_contents(key), 1);
}
if (code) {
fprintf(stderr, "%s: failed to set key, code %ld.\n", argv[0], code);
exit(1);
}
if (keymode == 0) {
krb5_free_principal(context, principal);
krb5_free_keyblock(context, key);
}
}
else if (strcmp(argv[1], "delete")==0) {
long kvno;
if (argc != 3) {
fprintf(stderr, "%s delete: usage is '%s delete <kvno>\n",
argv[0], argv[0]);
exit(1);
}
kvno = atoi(argv[2]);
code = afsconf_DeleteKey(tdir, kvno);
if (code) {
fprintf(stderr, "%s: failed to delete key %ld, (code %ld)\n",
argv[0], kvno, code);
exit(1);
}
}
else if (strcmp(argv[1], "list") == 0) {
struct afsconf_keys tkeys;
int i, j;
code = afsconf_GetKeys(tdir, &tkeys);
if (code) {
fprintf(stderr, "%s: failed to get keys, code %ld\n", argv[0], code);
exit(1);
}
for(i=0;i<tkeys.nkeys;i++) {
if (tkeys.key[i].kvno != -1) {
printf("kvno %4d: key is: ", tkeys.key[i].kvno);
for (j = 0; j < 8; j++)
printf("%02x", (unsigned char) tkeys.key[i].key[j]);
printf("\n");
}
}
printf("All done.\n");
}
else {
fprintf(stderr, "%s: unknown operation '%s', type '%s' for "
"assistance\n", argv[0], argv[1], argv[0]);
exit(1);
}
exit(0);
}
static struct afsconf_typedKey *
keyFromKeytab(int kvno, afsconf_keyType type, int subtype, const char *keytab, const char *princ)
{
int retval;
krb5_principal principal;
krb5_keyblock *key;
krb5_context context;
struct rx_opaque buffer;
struct afsconf_typedKey *typedKey;
krb5_init_context(&context);
retval = krb5_parse_name(context, princ, &principal);
if (retval) {
afs_com_err("asetkey", retval, "while parsing AFS principal");
exit(1);
}
if (type == afsconf_rxkad) {
retval = krb5_kt_read_service_key(context, (char *)keytab, principal,
kvno, ENCTYPE_DES_CBC_CRC, &key);
if (retval == KRB5_KT_NOTFOUND)
retval = krb5_kt_read_service_key(context, (char *)keytab,
principal, kvno,
ENCTYPE_DES_CBC_MD5, &key);
if (retval == KRB5_KT_NOTFOUND)
retval = krb5_kt_read_service_key(context, (char *)keytab,
principal, kvno,
ENCTYPE_DES_CBC_MD4, &key);
} else if (type == afsconf_rxkad_krb5) {
retval = krb5_kt_read_service_key(context, (char *)keytab, principal,
kvno, subtype, &key);
} else {
retval=AFSCONF_BADKEY;
}
if (retval == KRB5_KT_NOTFOUND) {
char * princname = NULL;
krb5_unparse_name(context, principal, &princname);
if (type == afsconf_rxkad) {
afs_com_err("asetkey", retval,
"for keytab entry with Principal %s, kvno %u, "
"DES-CBC-CRC/MD5/MD4",
princname ? princname : princ, kvno);
} else {
afs_com_err("asetkey", retval,
"for keytab entry with Principal %s, kvno %u",
princname ? princname : princ, kvno);
}
exit(1);
}
if (retval != 0) {
afs_com_err("asetkey", retval, "while extracting AFS service key");
exit(1);
}
if (type == afsconf_rxkad && deref_key_length(key) != 8) {
fprintf(stderr, "Key length should be 8, but is really %u!\n",
(unsigned int)deref_key_length(key));
exit(1);
}
rx_opaque_populate(&buffer, deref_key_contents(key), deref_key_length(key));
typedKey = afsconf_typedKey_new(type, kvno, subtype, &buffer);
rx_opaque_freeContents(&buffer);
krb5_free_principal(context, principal);
krb5_free_keyblock(context, key);
return typedKey;
}
