4 * asetkey - Manipulates an AFS KeyFile
6 * Updated for Kerberos 5
9 * Copyright (c) 2007 Secure Endpoints Inc.
11 * All rights reserved.
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
17 * * Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer.
19 * * Neither the name of the Secure Endpoints Inc. nor the names of its
20 * contributors may be used to endorse or promote products derived
21 * from this software without specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
27 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
28 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
29 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 #include <afsconfig.h>
37 #include <afs/param.h>
43 #include <sys/types.h>
47 #include <afs/cellconfig.h>
50 #include <afs/dirpath.h>
51 #endif /* !PRE_AFS35 */
52 #include <afs/com_err.h>
53 #include <krbcompat_delayload.h>
56 validate_krb5_availability(void)
59 #define KRB5LIB "krb5_32.dll"
61 #define KRB5LIB "krb5_64.dll"
63 HINSTANCE h = LoadLibrary(KRB5LIB);
67 fprintf(stderr, "Kerberos for Windows library %s is not available.\n", KRB5LIB);
73 main(int argc, char **argv)
75 struct afsconf_dir *tdir;
79 validate_krb5_availability();
82 printf("asetkey: usage is 'setkey <opcode> options, e.g.\n");
83 printf(" asetkey add <kvno> <keyfile> <princ>\n");
84 printf(" asetkey delete <kvno>\n");
85 printf(" asetkey list\n");
90 confdir = AFSCONF_SERVERNAME;
92 confdir = AFSDIR_SERVER_ETC_DIRPATH;
93 #endif /* PRE_AFS35 */
95 tdir = afsconf_Open(confdir);
97 printf("asetkey: can't initialize conf dir '%s'\n", confdir);
101 if (strcmp(argv[1], "add")==0) {
102 krb5_context context;
103 krb5_principal principal;
105 krb5_error_code retval;
109 printf("asetkey add: usage is 'asetkey add <kvno> <keyfile> <princ>\n");
113 krb5_init_context(&context);
114 if (krb5_enctype_valid(context, ETYPE_DES_CBC_CRC))
115 krb5_enctype_enable(context, ETYPE_DES_CBC_CRC);
117 kvno = atoi(argv[2]);
118 retval = krb5_parse_name(context, argv[4], &principal);
120 afs_com_err(argv[0], retval, "while parsing AFS principal");
123 retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
124 ENCTYPE_DES_CBC_CRC, &key);
125 if (retval == KRB5_KT_NOTFOUND)
126 retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
127 ENCTYPE_DES_CBC_MD5, &key);
128 if (retval == KRB5_KT_NOTFOUND)
129 retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
130 ENCTYPE_DES_CBC_MD4, &key);
131 if (retval == KRB5_KT_NOTFOUND) {
132 char * princname = NULL;
134 krb5_unparse_name(context, principal, &princname);
136 afs_com_err(argv[0], retval,
137 "for keytab entry with Principal %s, kvno %u, DES-CBC-CRC/MD5/MD4",
138 princname ? princname : argv[4],
141 } else if (retval != 0) {
142 afs_com_err(argv[0], retval, "while extracting AFS service key");
146 if (key->keyvalue.length != 8) {
147 printf("Key length should be 8, but is really %d!\n",
148 key->keyvalue.length);
152 code = afsconf_AddKey(tdir, kvno, key->keyvalue.data, 1);
154 printf("asetkey: failed to set key, code %d.\n", code);
157 krb5_free_principal(context, principal);
158 krb5_free_keyblock(context, key);
160 else if (strcmp(argv[1], "delete")==0) {
163 printf("asetkey delete: usage is 'asetkey delete <kvno>\n");
166 kvno = atoi(argv[2]);
167 code = afsconf_DeleteKey(tdir, kvno);
169 printf("asetkey: failed to delete key %d, (code %d)\n", kvno, code);
173 else if (strcmp(argv[1], "list") == 0) {
174 struct afsconf_keys tkeys;
177 code = afsconf_GetKeys(tdir, &tkeys);
179 printf("asetkey: failed to get keys, code %d\n", code);
182 for(i=0;i<tkeys.nkeys;i++) {
183 if (tkeys.key[i].kvno != -1) {
184 printf("kvno %4d: key is: ", tkeys.key[i].kvno);
185 for (j = 0; j < 8; j++)
186 printf("%02x", (unsigned char) tkeys.key[i].key[j]);
190 printf("All done.\n");
193 printf("asetkey: unknown operation '%s', type 'asetkey' for assistance\n", argv[1]);