4 * asetkey - Manipulates an AFS KeyFile
6 * Updated for Kerberos 5
10 #include <afs/param.h>
17 #ifndef HAVE_KERBEROSV_HEIM_ERR_H
18 #include <afs/com_err.h>
20 #include <afs/cellconfig.h>
22 #include <afs/dirpath.h>
24 #ifdef HAVE_KRB5_CREDS_KEYBLOCK
27 #ifdef HAVE_KRB5_CREDS_SESSION
28 #define USING_HEIMDAL 1
34 if (c >= '0' && c <= '9')
36 if ((c >= 'a') && (c <= 'f'))
37 return (c - 'a' + 10);
39 if ((c >= 'A') && (c <= 'F'))
40 return (c - 'A' + 10);
46 main(int argc, char *argv[])
48 struct afsconf_dir *tdir;
53 fprintf(stderr, "%s: usage is '%s <opcode> options, e.g.\n",
55 fprintf(stderr, "\t%s add <kvno> <keyfile> <princ>\n", argv[0]);
56 fprintf(stderr, "\tOR\n\t%s add <kvno> <key>\n", argv[0]);
57 fprintf(stderr, "\t\tEx: %s add 0 \"80b6a7cd7a9dadb6\"\n", argv[0]);
58 fprintf(stderr, "\t%s delete <kvno>\n", argv[0]);
59 fprintf(stderr, "\t%s list\n", argv[0]);
63 confdir = AFSDIR_SERVER_ETC_DIRPATH;
65 tdir = afsconf_Open(confdir);
67 fprintf(stderr, "%s: can't initialize conf dir '%s'\n", argv[0],
71 if (strcmp(argv[1], "add")==0) {
73 krb5_principal principal;
75 krb5_error_code retval;
76 int kvno, keymode = 0;
82 fprintf(stderr, "%s add: usage is '%s add <kvno> <keyfile> "
83 "<princ>\n", argv[0], argv[0]);
84 fprintf(stderr, "\tOR\n\t%s add <kvno> <key>\n", argv[0]);
85 fprintf(stderr, "\t\tEx: %s add 0 \"80b6a7cd7a9dadb6\"\n", argv[0]);
95 if (strlen(argv[3]) != 16) {
96 printf("key %s is not in right format\n", argv[3]);
97 printf(" <key> should be an 8byte hex representation \n");
98 printf(" Ex: setkey add 0 \"80b6a7cd7a9dadb6\"\n");
101 memset(tkey, 0, sizeof(tkey));
102 for (i = 7, cp = argv[3] + 15; i >= 0; i--, cp -= 2)
103 tkey[i] = char2hex(*cp) + char2hex(*(cp - 1)) * 16;
104 code = afsconf_AddKey(tdir, kvno, tkey, 1);
106 krb5_init_context(&context);
108 retval = krb5_parse_name(context, argv[4], &principal);
110 afs_com_err(argv[0], retval, "while parsing AFS principal");
113 retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
114 ENCTYPE_DES_CBC_CRC, &key);
115 if (retval == KRB5_KT_NOTFOUND)
116 retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
117 ENCTYPE_DES_CBC_MD5, &key);
118 if (retval == KRB5_KT_NOTFOUND)
119 retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
120 ENCTYPE_DES_CBC_MD4, &key);
121 if (retval == KRB5_KT_NOTFOUND) {
122 char * princname = NULL;
124 krb5_unparse_name(context, principal, &princname);
126 afs_com_err(argv[0], retval,
127 "for keytab entry with Principal %s, kvno %u, DES-CBC-CRC/MD5/MD4",
128 princname ? princname : argv[4],
131 } else if (retval != 0) {
132 afs_com_err(argv[0], retval, "while extracting AFS service key");
137 #define deref_key_length(key) \
140 #define deref_key_contents(key) \
143 #define deref_key_length(key) \
146 #define deref_key_contents(key) \
149 if (deref_key_length(key) != 8) {
150 fprintf(stderr, "Key length should be 8, but is really %u!\n",
151 (unsigned int)deref_key_length(key));
154 code = afsconf_AddKey(tdir, kvno, (char *) deref_key_contents(key), 1);
158 fprintf(stderr, "%s: failed to set key, code %ld.\n", argv[0], code);
162 krb5_free_principal(context, principal);
163 krb5_free_keyblock(context, key);
166 else if (strcmp(argv[1], "delete")==0) {
169 fprintf(stderr, "%s delete: usage is '%s delete <kvno>\n",
173 kvno = atoi(argv[2]);
174 code = afsconf_DeleteKey(tdir, kvno);
176 fprintf(stderr, "%s: failed to delete key %ld, (code %ld)\n",
177 argv[0], kvno, code);
181 else if (strcmp(argv[1], "list") == 0) {
182 struct afsconf_keys tkeys;
185 code = afsconf_GetKeys(tdir, &tkeys);
187 fprintf(stderr, "%s: failed to get keys, code %ld\n", argv[0], code);
190 for(i=0;i<tkeys.nkeys;i++) {
191 if (tkeys.key[i].kvno != -1) {
192 printf("kvno %4d: key is: ", tkeys.key[i].kvno);
193 for (j = 0; j < 8; j++)
194 printf("%02x", (unsigned char) tkeys.key[i].key[j]);
198 printf("All done.\n");
201 fprintf(stderr, "%s: unknown operation '%s', type '%s' for "
202 "assistance\n", argv[0], argv[1], argv[0]);