kadm5_ret_t _kadm5_set_keys(kadm5_server_context *context, hdb_entry *ent, const char *password) { Key *keys; size_t num_keys; kadm5_ret_t ret; ret = hdb_generate_key_set_password(context->context, ent->principal, password, &keys, &num_keys); if (ret) return ret; _kadm5_free_keys (context->context, ent->keys.len, ent->keys.val); ent->keys.val = keys; ent->keys.len = num_keys; hdb_entry_set_pw_change_time(context->context, ent, 0); if (krb5_config_get_bool_default(context->context, NULL, FALSE, "kadmin", "save-password", NULL)) { ret = hdb_entry_set_password(context->context, context->db, ent, password); if (ret) return ret; } return 0; }
int main(int argc, char **argv) { krb5_principal principal; krb5_context context; char *principal_str, *password_str, *str; int ret, o = 0; hdb_keyset keyset; size_t length, len; void *data; setprogname(argv[0]); if(getarg(args, num_args, argc, argv, &o)) krb5_std_usage(1, args, num_args); if(help_flag) krb5_std_usage(0, args, num_args); if(version_flag){ print_version(NULL); exit(0); } ret = krb5_init_context(&context); if (ret) errx (1, "krb5_init_context failed: %d", ret); if (argc != 3) errx(1, "username and password missing"); principal_str = argv[1]; password_str = argv[2]; ret = krb5_parse_name (context, principal_str, &principal); if (ret) krb5_err (context, 1, ret, "krb5_parse_name %s", principal_str); memset(&keyset, 0, sizeof(keyset)); keyset.kvno = kvno_integer; keyset.set_time = malloc(sizeof (*keyset.set_time)); if (keyset.set_time == NULL) errx(1, "couldn't allocate set_time field of keyset"); *keyset.set_time = time(NULL); ret = hdb_generate_key_set_password(context, principal, password_str, 0, NULL, NULL, &keyset.keys.val, &len); if (ret) krb5_err(context, 1, ret, "hdb_generate_key_set_password"); keyset.keys.len = len; if (keyset.keys.len == 0) krb5_errx (context, 1, "hdb_generate_key_set_password length 0"); krb5_free_principal (context, principal); ASN1_MALLOC_ENCODE(hdb_keyset, data, length, &keyset, &len, ret); if (ret) krb5_errx(context, 1, "encode keyset"); if (len != length) krb5_abortx(context, "foo"); krb5_free_context(context); ret = base64_encode(data, length, &str); if (ret < 0) errx(1, "base64_encode"); printf("keyset: %s\n", str); free(data); return 0; }