#include <roken.h>
+#define KERBEROS_APPLE_DEPRECATED(x)
#include <krb5.h>
#ifndef HAVE_KERBEROSV_HEIM_ERR_H
return afsconf_rxkad;
if (strcmp(string, "rxkad_krb5") == 0)
return afsconf_rxkad_krb5;
+ if (strcmp(string, "rxgk") == 0)
+ return afsconf_rxgk;
return atoi(string);
}
#ifdef USING_HEIMDAL
#define deref_key_length(key) \
- key->keyvalue.length
+ (key)->keyvalue.length
#define deref_key_contents(key) \
- key->keyvalue.data
+ (key)->keyvalue.data
#else
#define deref_key_length(key) \
- key->length
+ (key)->length
#define deref_key_contents(key) \
- key->contents
+ (key)->contents
#endif
static struct afsconf_typedKey *
retval = krb5_kt_read_service_key(context, (char *)keytab,
principal, kvno,
ENCTYPE_DES_CBC_MD4, &key);
- } else if (type == afsconf_rxkad_krb5) {
+ } else if (type == afsconf_rxkad_krb5 || type == afsconf_rxgk) {
retval = krb5_kt_read_service_key(context, (char *)keytab, principal,
kvno, subtype, &key);
} else {
kvno = atoi(argv[3]);
if (type == afsconf_rxkad) {
typedKey = keyFromCommandLine(afsconf_rxkad, kvno, 0, argv[5], 8);
- } else if (type == afsconf_rxkad_krb5){
- fprintf(stderr, "Raw keys for afsconf_rxkad_krb5 are unsupported");
- exit(1);
+ } else if (type == afsconf_rxgk || type == afsconf_rxkad_krb5) {
+ typedKey = keyFromCommandLine(type, kvno, atoi(argv[4]), argv[5], strlen(argv[5])/2);
} else {
fprintf(stderr, "Unknown key type %s\n", argv[2]);
exit(1);
case 7:
type = stringToType(argv[2]);
kvno = atoi(argv[3]);
- if (type == afsconf_rxkad || type == afsconf_rxkad_krb5) {
+ if (type == afsconf_rxkad || type == afsconf_rxkad_krb5 || type == afsconf_rxgk) {
typedKey = keyFromKeytab(kvno, type, atoi(argv[4]), argv[5],
argv[6]);
} else {
}
}
+static struct afsconf_typedKey *
+random_key(char **argv, int type, int kvno, int subtype)
+{
+ struct afsconf_typedKey *typedKey;
+ krb5_context ctx;
+ krb5_keyblock keyblock;
+ struct rx_opaque key;
+ int code;
+
+ code = krb5_init_context(&ctx);
+ if (code) {
+ afs_com_err(argv[0], code, "while initializing krb5 ctx");
+ exit(1);
+ }
+
+ memset(&keyblock, 0, sizeof(keyblock));
+ code = krb5_c_make_random_key(ctx, subtype, &keyblock);
+ if (code) {
+ afs_com_err(argv[0], code, "while generating random key");
+ exit(1);
+ }
+
+ memset(&key, 0, sizeof(key));
+ key.len = deref_key_length(&keyblock);
+ key.val = deref_key_contents(&keyblock);
+
+ typedKey = afsconf_typedKey_new(type, kvno, subtype, &key);
+
+ krb5_free_keyblock_contents(ctx, &keyblock);
+ krb5_free_context(ctx);
+
+ return typedKey;
+}
+
+static void
+addRandomKey(struct afsconf_dir *dir, int argc, char **argv)
+{
+ struct afsconf_typedKey *typedKey;
+ int type;
+ int kvno;
+ int code;
+ int subtype;
+
+ /* Just pick a reasonable enctype */
+ const int RAND_ENCTYPE = ENCTYPE_AES128_CTS_HMAC_SHA1_96;
+
+ subtype = RAND_ENCTYPE;
+
+ switch (argc) {
+ case 5:
+ subtype = atoi(argv[4]);
+ /* fall through */
+ case 4:
+ type = stringToType(argv[2]);
+ kvno = atoi(argv[3]);
+
+ typedKey = random_key(argv, type, kvno, subtype);
+
+ code = afsconf_AddTypedKey(dir, typedKey, 1);
+ afsconf_typedKey_put(&typedKey);
+ if (code) {
+ afs_com_err(argv[0], code, "while adding random key");
+ exit(1);
+ }
+
+ printf("Added random key with type %d kvno %d subtype %d\n",
+ type, kvno, subtype);
+ break;
+
+ default:
+ fprintf(stderr, "%s add-random: usage is '%s add-random <type> <kvno>\n",
+ argv[0], argv[0]);
+ fprintf(stderr, "\tOR\n\t%s add-random <type> <kvno> <subtype>\n", argv[0]);
+ exit(1);
+ }
+}
+
static void
deleteKey(struct afsconf_dir *dir, int argc, char **argv)
{
+ int type;
+ int subtype;
int kvno;
int code;
- if (argc != 3) {
+ switch (argc) {
+ case 3:
+ kvno = atoi(argv[2]);
+ code = afsconf_DeleteKey(dir, kvno);
+ if (code) {
+ afs_com_err(argv[0], code, "while deleting key %d", kvno);
+ exit(1);
+ }
+ printf("Deleted rxkad key %d\n", kvno);
+ break;
+
+ case 4:
+ type = stringToType(argv[2]);
+ kvno = atoi(argv[3]);
+ code = afsconf_DeleteKeyByType(dir, type, kvno);
+ if (code) {
+ afs_com_err(argv[0], code, "while deleting key (type %d kvno %d)",
+ type, kvno);
+ exit(1);
+ }
+ printf("Deleted key (type %d kvno %d)\n", type, kvno);
+ break;
+
+ case 5:
+ type = stringToType(argv[2]);
+ kvno = atoi(argv[3]);
+ subtype = atoi(argv[4]);
+ code = afsconf_DeleteKeyBySubType(dir, type, kvno, subtype);
+ if (code) {
+ afs_com_err(argv[0], code, "while deleting key (type %d kvno %d subtype %d)\n",
+ type, kvno, subtype);
+ exit(1);
+ }
+ printf("Deleted key (type %d kvno %d subtype %d)\n", type, kvno, subtype);
+ break;
+
+ default:
fprintf(stderr, "%s delete: usage is '%s delete <kvno>\n",
argv[0], argv[0]);
- exit(1);
- }
- kvno = atoi(argv[2]);
- code = afsconf_DeleteKey(dir, kvno);
- if (code) {
- afs_com_err(argv[0], code, "while deleting key %d", kvno);
+ fprintf(stderr, "\tOR\n\t%s delete <type> <kvno>\n", argv[0]);
+ fprintf(stderr, "\tOR\n\t%s delete <type> <kvno> <subtype>\n", argv[0]);
exit(1);
}
}
printKey(keyMaterial);
}
break;
+ case afsconf_rxgk:
+ if (kvno != -1) {
+ printf("rxgk\tkvno %4d enctype %d; key is: ",
+ kvno, minorType);
+ printKey(keyMaterial);
+ }
+ break;
default:
printf("unknown(%d)\tkvno %4d subtype %d; key is: ", type,
kvno, minorType);
fprintf(stderr, "\tOR\n\t%s add <type> <kvno> <subtype> <keyfile> <princ>\n",
argv[0]);
fprintf(stderr, "\t\tEx: %s add 0 \"80b6a7cd7a9dadb6\"\n", argv[0]);
+ fprintf(stderr, "\t%s add-random <type> <kvno>\n", argv[0]);
+ fprintf(stderr, "\t%s add-random <type> <kvno> <subtype>\n", argv[0]);
fprintf(stderr, "\t%s delete <kvno>\n", argv[0]);
+ fprintf(stderr, "\t%s delete <type> <kvno>\n", argv[0]);
+ fprintf(stderr, "\t%s delete <type> <kvno> <subtype>\n", argv[0]);
fprintf(stderr, "\t%s list\n", argv[0]);
exit(1);
}
listKey(tdir, argc, argv);
}
+ else if (strcmp(argv[1], "add-random") == 0) {
+ addRandomKey(tdir, argc, argv);
+ }
else {
fprintf(stderr, "%s: unknown operation '%s', type '%s' for "
"assistance\n", argv[0], argv[1], argv[0]);