aboutsummaryrefslogtreecommitdiff
path: root/admin
diff options
context:
space:
mode:
Diffstat (limited to 'admin')
-rw-r--r--admin/Makefile.am1
-rw-r--r--admin/Makefile.in1197
-rw-r--r--admin/NTMakefile1
-rw-r--r--admin/add.c180
-rw-r--r--admin/change.c78
-rw-r--r--admin/copy.c19
-rw-r--r--admin/get.c160
-rw-r--r--admin/ktutil-commands.in87
-rw-r--r--admin/ktutil.1127
-rw-r--r--admin/ktutil.cat170
-rw-r--r--admin/list.c138
11 files changed, 686 insertions, 1372 deletions
diff --git a/admin/Makefile.am b/admin/Makefile.am
index a4a7bb4c0f91..1821d4b2e4bb 100644
--- a/admin/Makefile.am
+++ b/admin/Makefile.am
@@ -37,6 +37,7 @@ LDADD = \
$(LIB_hcrypto) \
$(top_builddir)/lib/asn1/libasn1.la \
$(top_builddir)/lib/sl/libsl.la \
+ $(LIB_heimbase) \
$(LIB_readline) \
$(LIB_roken)
diff --git a/admin/Makefile.in b/admin/Makefile.in
deleted file mode 100644
index 38c938a40830..000000000000
--- a/admin/Makefile.in
+++ /dev/null
@@ -1,1197 +0,0 @@
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id$
-
-# $Id$
-
-# $Id$
-
-VPATH = @srcdir@
-am__is_gnu_make = { \
- if test -z '$(MAKELEVEL)'; then \
- false; \
- elif test -n '$(MAKE_HOST)'; then \
- true; \
- elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
- true; \
- else \
- false; \
- fi; \
-}
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-bin_PROGRAMS = ktutil$(EXEEXT)
-subdir = admin
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
- $(top_srcdir)/cf/auth-modules.m4 \
- $(top_srcdir)/cf/broken-glob.m4 \
- $(top_srcdir)/cf/broken-realloc.m4 \
- $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
- $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
- $(top_srcdir)/cf/capabilities.m4 \
- $(top_srcdir)/cf/check-compile-et.m4 \
- $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
- $(top_srcdir)/cf/check-man.m4 \
- $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
- $(top_srcdir)/cf/check-type-extra.m4 \
- $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/crypto.m4 \
- $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
- $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \
- $(top_srcdir)/cf/find-func-no-libs.m4 \
- $(top_srcdir)/cf/find-func-no-libs2.m4 \
- $(top_srcdir)/cf/find-func.m4 \
- $(top_srcdir)/cf/find-if-not-broken.m4 \
- $(top_srcdir)/cf/framework-security.m4 \
- $(top_srcdir)/cf/have-struct-field.m4 \
- $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
- $(top_srcdir)/cf/krb-bigendian.m4 \
- $(top_srcdir)/cf/krb-func-getlogin.m4 \
- $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
- $(top_srcdir)/cf/krb-prog-perl.m4 \
- $(top_srcdir)/cf/krb-readline.m4 \
- $(top_srcdir)/cf/krb-struct-spwd.m4 \
- $(top_srcdir)/cf/krb-struct-winsize.m4 \
- $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \
- $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \
- $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \
- $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \
- $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \
- $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \
- $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
- $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
- $(top_srcdir)/cf/roken-frag.m4 \
- $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
- $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
- $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
- $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
- $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"
-PROGRAMS = $(bin_PROGRAMS)
-dist_ktutil_OBJECTS = add.$(OBJEXT) change.$(OBJEXT) copy.$(OBJEXT) \
- destroy.$(OBJEXT) get.$(OBJEXT) ktutil.$(OBJEXT) \
- list.$(OBJEXT) purge.$(OBJEXT) remove.$(OBJEXT) \
- rename.$(OBJEXT)
-nodist_ktutil_OBJECTS = ktutil-commands.$(OBJEXT)
-ktutil_OBJECTS = $(dist_ktutil_OBJECTS) $(nodist_ktutil_OBJECTS)
-ktutil_LDADD = $(LDADD)
-am__DEPENDENCIES_1 =
-ktutil_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5clnt.la \
- $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \
- $(top_builddir)/lib/asn1/libasn1.la \
- $(top_builddir)/lib/sl/libsl.la $(am__DEPENDENCIES_1) \
- $(am__DEPENDENCIES_1)
-AM_V_lt = $(am__v_lt_@AM_V@)
-am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 =
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__maybe_remake_depfiles = depfiles
-am__depfiles_remade = ./$(DEPDIR)/add.Po ./$(DEPDIR)/change.Po \
- ./$(DEPDIR)/copy.Po ./$(DEPDIR)/destroy.Po ./$(DEPDIR)/get.Po \
- ./$(DEPDIR)/ktutil-commands.Po ./$(DEPDIR)/ktutil.Po \
- ./$(DEPDIR)/list.Po ./$(DEPDIR)/purge.Po ./$(DEPDIR)/remove.Po \
- ./$(DEPDIR)/rename.Po
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
- $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
- $(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_@AM_V@)
-am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
-am__v_CC_0 = @echo " CC " $@;
-am__v_CC_1 =
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_@AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo " CCLD " $@;
-am__v_CCLD_1 =
-SOURCES = $(dist_ktutil_SOURCES) $(nodist_ktutil_SOURCES)
-DIST_SOURCES = $(dist_ktutil_SOURCES)
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-man1dir = $(mandir)/man1
-MANS = $(man_MANS)
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-am__DIST_COMMON = $(srcdir)/Makefile.in \
- $(top_srcdir)/Makefile.am.common \
- $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/depcomp \
- ChangeLog
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AS = @AS@
-ASN1_COMPILE = @ASN1_COMPILE@
-ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CAPNG_CFLAGS = @CAPNG_CFLAGS@
-CAPNG_LIBS = @CAPNG_LIBS@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-CLANG_FORMAT = @CLANG_FORMAT@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CSCOPE = @CSCOPE@
-CTAGS = @CTAGS@
-CYGPATH_W = @CYGPATH_W@
-DB1LIB = @DB1LIB@
-DB3LIB = @DB3LIB@
-DBHEADER = @DBHEADER@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-ENABLE_AFS_STRING_TO_KEY = @ENABLE_AFS_STRING_TO_KEY@
-ETAGS = @ETAGS@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-FILECMD = @FILECMD@
-GCD_MIG = @GCD_MIG@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_libedit = @INCLUDE_libedit@
-INCLUDE_libintl = @INCLUDE_libintl@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_openssl_crypto = @INCLUDE_openssl_crypto@
-INCLUDE_readline = @INCLUDE_readline@
-INCLUDE_sqlite3 = @INCLUDE_sqlite3@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_bswap64 = @LIB_bswap64@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dispatch_async_f = @LIB_dispatch_async_f@
-LIB_dladdr = @LIB_dladdr@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_dns_search = @LIB_dns_search@
-LIB_door_create = @LIB_door_create@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_libedit = @LIB_libedit@
-LIB_libintl = @LIB_libintl@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_openssl_crypto = @LIB_openssl_crypto@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_sqlite3 = @LIB_sqlite3@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LIPO = @LIPO@
-LMDBLIB = @LMDBLIB@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-NDBMLIB = @NDBMLIB@
-NM = @NM@
-NMEDIT = @NMEDIT@
-NO_AFS = @NO_AFS@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PTHREAD_CFLAGS = @PTHREAD_CFLAGS@
-PTHREAD_LDADD = @PTHREAD_LDADD@
-PTHREAD_LIBADD = @PTHREAD_LIBADD@
-PYTHON = @PYTHON@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_VERSION = @PYTHON_VERSION@
-RANLIB = @RANLIB@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-SLC = @SLC@
-SLC_DEP = @SLC_DEP@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-WFLAGS = @WFLAGS@
-WFLAGS_LITE = @WFLAGS_LITE@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-db_type = @db_type@
-db_type_preference = @db_type_preference@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-runstatedir = @runstatedir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-subdirs = @subdirs@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .pc.in .pc .x .z .hx .1 .3 .5 .7 .8 .cat1 .cat3 \
- .cat5 .cat7 .cat8
-DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include
-AM_CPPFLAGS = $(INCLUDES_roken) $(INCLUDE_readline)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-libexec_heimdaldir = $(libexecdir)/heimdal
-NROFF_MAN = groff -mandoc -Tascii
-@NO_AFS_FALSE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@NO_AFS_TRUE@LIB_kafs =
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-LIB_heimbase = $(top_builddir)/lib/base/libheimbase.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-#silent-rules
-heim_verbose = $(heim_verbose_$(V))
-heim_verbose_ = $(heim_verbose_$(AM_DEFAULT_VERBOSITY))
-heim_verbose_0 = @echo " GEN "$@;
-man_MANS = ktutil.1
-dist_ktutil_SOURCES = \
- add.c \
- change.c \
- copy.c \
- destroy.c \
- get.c \
- ktutil.c \
- ktutil_locl.h \
- list.c \
- purge.c \
- remove.c \
- rename.c
-
-nodist_ktutil_SOURCES = \
- ktutil-commands.c
-
-CLEANFILES = ktutil-commands.h ktutil-commands.c
-LDADD = \
- $(top_builddir)/lib/kadm5/libkadm5clnt.la \
- $(top_builddir)/lib/krb5/libkrb5.la \
- $(LIB_hcrypto) \
- $(top_builddir)/lib/asn1/libasn1.la \
- $(top_builddir)/lib/sl/libsl.la \
- $(LIB_readline) \
- $(LIB_roken)
-
-EXTRA_DIST = NTMakefile ktutil-version.rc $(man_MANS) ktutil-commands.in
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .pc.in .pc .x .z .hx .1 .3 .5 .7 .8 .cat1 .cat3 .cat5 .cat7 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign admin/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --foreign admin/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
- esac;
-$(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__empty):
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-install-binPROGRAMS: $(bin_PROGRAMS)
- @$(NORMAL_INSTALL)
- @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
- if test -n "$$list"; then \
- echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \
- fi; \
- for p in $$list; do echo "$$p $$p"; done | \
- sed 's/$(EXEEXT)$$//' | \
- while read p p1; do if test -f $$p \
- || test -f $$p1 \
- ; then echo "$$p"; echo "$$p"; else :; fi; \
- done | \
- sed -e 'p;s,.*/,,;n;h' \
- -e 's|.*|.|' \
- -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
- sed 'N;N;N;s,\n, ,g' | \
- $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
- { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
- if ($$2 == $$4) files[d] = files[d] " " $$1; \
- else { print "f", $$3 "/" $$4, $$1; } } \
- END { for (d in files) print "f", d, files[d] }' | \
- while read type dir files; do \
- if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
- test -z "$$files" || { \
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \
- } \
- ; done
-
-uninstall-binPROGRAMS:
- @$(NORMAL_UNINSTALL)
- @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
- files=`for p in $$list; do echo "$$p"; done | \
- sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
- -e 's/$$/$(EXEEXT)/' \
- `; \
- test -n "$$list" || exit 0; \
- echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
- cd "$(DESTDIR)$(bindir)" && rm -f $$files
-
-clean-binPROGRAMS:
- @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \
- echo " rm -f" $$list; \
- rm -f $$list || exit $$?; \
- test -n "$(EXEEXT)" || exit 0; \
- list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f" $$list; \
- rm -f $$list
-
-ktutil$(EXEEXT): $(ktutil_OBJECTS) $(ktutil_DEPENDENCIES) $(EXTRA_ktutil_DEPENDENCIES)
- @rm -f ktutil$(EXEEXT)
- $(AM_V_CCLD)$(LINK) $(ktutil_OBJECTS) $(ktutil_LDADD) $(LIBS)
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT)
-
-distclean-compile:
- -rm -f *.tab.c
-
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/add.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/change.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/copy.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/destroy.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/get.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ktutil-commands.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ktutil.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/list.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/purge.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/remove.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rename.Po@am__quote@ # am--include-marker
-
-$(am__depfiles_remade):
- @$(MKDIR_P) $(@D)
- @echo '# dummy' >$@-t && $(am__mv) $@-t $@
-
-am--depfiles: $(am__depfiles_remade)
-
-.c.o:
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-install-man1: $(man_MANS)
- @$(NORMAL_INSTALL)
- @list1=''; \
- list2='$(man_MANS)'; \
- test -n "$(man1dir)" \
- && test -n "`echo $$list1$$list2`" \
- || exit 0; \
- echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \
- { for i in $$list1; do echo "$$i"; done; \
- if test -n "$$list2"; then \
- for i in $$list2; do echo "$$i"; done \
- | sed -n '/\.1[a-z]*$$/p'; \
- fi; \
- } | while read p; do \
- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
- echo "$$d$$p"; echo "$$p"; \
- done | \
- sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
- sed 'N;N;s,\n, ,g' | { \
- list=; while read file base inst; do \
- if test "$$base" = "$$inst"; then list="$$list $$file"; else \
- echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
- $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \
- fi; \
- done; \
- for i in $$list; do echo "$$i"; done | $(am__base_list) | \
- while read files; do \
- test -z "$$files" || { \
- echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \
- $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \
- done; }
-
-uninstall-man1:
- @$(NORMAL_UNINSTALL)
- @list=''; test -n "$(man1dir)" || exit 0; \
- files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
- sed -n '/\.1[a-z]*$$/p'; \
- } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
- dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir)
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-am
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-distdir: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) distdir-am
-
-distdir-am: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
- $(MAKE) $(AM_MAKEFLAGS) \
- top_distdir="$(top_distdir)" distdir="$(distdir)" \
- dist-hook
-check-am: all-am
- $(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-installdirs:
- for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
- -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
- -rm -f ./$(DEPDIR)/add.Po
- -rm -f ./$(DEPDIR)/change.Po
- -rm -f ./$(DEPDIR)/copy.Po
- -rm -f ./$(DEPDIR)/destroy.Po
- -rm -f ./$(DEPDIR)/get.Po
- -rm -f ./$(DEPDIR)/ktutil-commands.Po
- -rm -f ./$(DEPDIR)/ktutil.Po
- -rm -f ./$(DEPDIR)/list.Po
- -rm -f ./$(DEPDIR)/purge.Po
- -rm -f ./$(DEPDIR)/remove.Po
- -rm -f ./$(DEPDIR)/rename.Po
- -rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
- distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
- @$(NORMAL_INSTALL)
- $(MAKE) $(AM_MAKEFLAGS) install-data-hook
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am: install-binPROGRAMS install-exec-local
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man: install-man1
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -f ./$(DEPDIR)/add.Po
- -rm -f ./$(DEPDIR)/change.Po
- -rm -f ./$(DEPDIR)/copy.Po
- -rm -f ./$(DEPDIR)/destroy.Po
- -rm -f ./$(DEPDIR)/get.Po
- -rm -f ./$(DEPDIR)/ktutil-commands.Po
- -rm -f ./$(DEPDIR)/ktutil.Po
- -rm -f ./$(DEPDIR)/list.Po
- -rm -f ./$(DEPDIR)/purge.Po
- -rm -f ./$(DEPDIR)/remove.Po
- -rm -f ./$(DEPDIR)/rename.Po
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-binPROGRAMS uninstall-man
- @$(NORMAL_INSTALL)
- $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-uninstall-man: uninstall-man1
-
-.MAKE: check-am install-am install-data-am install-strip uninstall-am
-
-.PHONY: CTAGS GTAGS TAGS all all-am all-local am--depfiles check \
- check-am check-local clean clean-binPROGRAMS clean-generic \
- clean-libtool cscopelist-am ctags ctags-am dist-hook distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-binPROGRAMS install-data \
- install-data-am install-data-hook install-dvi install-dvi-am \
- install-exec install-exec-am install-exec-local install-html \
- install-html-am install-info install-info-am install-man \
- install-man1 install-pdf install-pdf-am install-ps \
- install-ps-am install-strip installcheck installcheck-am \
- installdirs maintainer-clean maintainer-clean-generic \
- mostlyclean mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
- uninstall-am uninstall-binPROGRAMS uninstall-hook \
- uninstall-man uninstall-man1
-
-.PRECIOUS: Makefile
-
-
-install-suid-programs:
- @foo='$(bin_SUIDS)'; \
- for file in $$foo; do \
- x=$(DESTDIR)$(bindir)/$$file; \
- if chown 0:0 $$x && chmod u+s $$x; then :; else \
- echo "*"; \
- echo "* Failed to install $$x setuid root"; \
- echo "*"; \
- fi; \
- done
-
-install-exec-local: install-suid-programs
-
-codesign-all:
- @if [ X"$$CODE_SIGN_IDENTITY" != X ] ; then \
- foo='$(bin_PROGRAMS) $(sbin_PROGRAMS) $(libexec_PROGRAMS)' ; \
- for file in $$foo ; do \
- echo "CODESIGN $$file" ; \
- codesign -f -s "$$CODE_SIGN_IDENTITY" $$file || exit 1 ; \
- done ; \
- fi
-
-all-local: codesign-all
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS) $(noinst_HEADERS)
- @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(noinst_HEADERS)'; \
- for f in $$foo; do \
- f=`basename $$f`; \
- if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
- else file="$$f"; fi; \
- if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
- : ; else \
- echo " $(CP) $$file $(buildinclude)/$$f"; \
- $(CP) $$file $(buildinclude)/$$f || true; \
- fi ; \
- done ; \
- foo='$(nobase_include_HEADERS)'; \
- for f in $$foo; do \
- if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
- else file="$$f"; fi; \
- $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
- if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
- : ; else \
- echo " $(CP) $$file $(buildinclude)/$$f"; \
- $(CP) $$file $(buildinclude)/$$f; \
- fi ; \
- done
-
-all-local: install-build-headers
-
-check-local::
- @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
- foo=''; elif test '$(CHECK_LOCAL)'; then \
- foo='$(CHECK_LOCAL)'; else \
- foo='$(PROGRAMS)'; fi; \
- if test "$$foo"; then \
- failed=0; all=0; \
- for i in $$foo; do \
- all=`expr $$all + 1`; \
- if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
- echo "PASS: $$i"; \
- else \
- echo "FAIL: $$i"; \
- failed=`expr $$failed + 1`; \
- fi; \
- done; \
- if test "$$failed" -eq 0; then \
- banner="All $$all tests passed"; \
- else \
- banner="$$failed of $$all tests failed"; \
- fi; \
- dashes=`echo "$$banner" | sed s/./=/g`; \
- echo "$$dashes"; \
- echo "$$banner"; \
- echo "$$dashes"; \
- test "$$failed" -eq 0 || exit 1; \
- fi
-
-# It's useful for debugging to format generated sources. The default for all
-# clang-format styles is to sort includes, but in many cases in-tree we really
-# don't want to do that.
-.x.c:
- @if [ -z "$(CLANG_FORMAT)" ]; then \
- cmp -s $< $@ 2> /dev/null || cp $< $@; \
- else \
- cp $< $@.tmp.c; \
- $(CLANG_FORMAT) -style='{BasedOnStyle: Chromium, SortIncludes: false}' -i $@.tmp.c; \
- cmp -s $@.tmp.c $@ 2> /dev/null || mv $@.tmp.c $@; \
- fi
-
-.hx.h:
- @cmp -s $< $@ 2> /dev/null || cp $< $@;
-#NROFF_MAN = nroff -man
-.1.cat1:
- $(NROFF_MAN) $< > $@
-.3.cat3:
- $(NROFF_MAN) $< > $@
-.5.cat5:
- $(NROFF_MAN) $< > $@
-.7.cat7:
- $(NROFF_MAN) $< > $@
-.8.cat8:
- $(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
- @foo='$(man1_MANS)'; \
- bar='$(man_MANS)'; \
- for i in $$bar; do \
- case $$i in \
- *.1) foo="$$foo $$i";; \
- esac; done ;\
- for i in $$foo; do \
- x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
- echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
- $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
- done
-
-dist-cat3-mans:
- @foo='$(man3_MANS)'; \
- bar='$(man_MANS)'; \
- for i in $$bar; do \
- case $$i in \
- *.3) foo="$$foo $$i";; \
- esac; done ;\
- for i in $$foo; do \
- x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
- echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
- $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
- done
-
-dist-cat5-mans:
- @foo='$(man5_MANS)'; \
- bar='$(man_MANS)'; \
- for i in $$bar; do \
- case $$i in \
- *.5) foo="$$foo $$i";; \
- esac; done ;\
- for i in $$foo; do \
- x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
- echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
- $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
- done
-
-dist-cat7-mans:
- @foo='$(man7_MANS)'; \
- bar='$(man_MANS)'; \
- for i in $$bar; do \
- case $$i in \
- *.7) foo="$$foo $$i";; \
- esac; done ;\
- for i in $$foo; do \
- x=`echo $$i | sed 's/\.[^.]*$$/.cat7/'`; \
- echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
- $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
- done
-
-dist-cat8-mans:
- @foo='$(man8_MANS)'; \
- bar='$(man_MANS)'; \
- for i in $$bar; do \
- case $$i in \
- *.8) foo="$$foo $$i";; \
- esac; done ;\
- for i in $$foo; do \
- x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
- echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
- $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
- done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat7-mans dist-cat8-mans
-
-install-cat-mans:
- $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man7_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
- $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man7_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
- $(COMPILE_ET) $<
-.et.c:
- $(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
- tobjdir=`cd $(top_builddir) && pwd` ; \
- tsrcdir=`cd $(top_srcdir) && pwd` ; \
- env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
- list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
- if test "$$subdir" != .; then \
- (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
- fi ; \
- done
-
-$(ktutil_OBJECTS): ktutil-commands.h
-
-ktutil-commands.c ktutil-commands.h: ktutil-commands.in
- $(SLC) $(srcdir)/ktutil-commands.in
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/admin/NTMakefile b/admin/NTMakefile
index 06f90c9fdbf8..f78a201a801c 100644
--- a/admin/NTMakefile
+++ b/admin/NTMakefile
@@ -49,6 +49,7 @@ KTUTIL_OBJS= \
$(OBJ)\rename.obj
KTUTIL_LIBS= \
+ $(LIBHEIMBASE) \
$(LIBHEIMDAL) \
$(LIBKADM5SRV) \
$(LIBSL) \
diff --git a/admin/add.c b/admin/add.c
index 13580b9bb570..3fba39138818 100644
--- a/admin/add.c
+++ b/admin/add.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2022 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -32,6 +32,8 @@
*/
#include "ktutil_locl.h"
+#include <heimbase.h>
+#include <base64.h>
RCSID("$Id$");
@@ -153,6 +155,180 @@ kt_add(struct add_options *opt, int argc, char **argv)
krb5_warn(context, ret, "add");
out:
krb5_kt_free_entry(context, &entry);
- krb5_kt_close(context, keytab);
+ if (ret == 0) {
+ ret = krb5_kt_close(context, keytab);
+ if (ret)
+ krb5_warn(context, ret, "Could not write the keytab");
+ } else {
+ krb5_kt_close(context, keytab);
+ }
+ return ret != 0;
+}
+
+/* We might be reading from a pipe, so we can't use rk_undumpdata() */
+static char *
+read_file(FILE *f)
+{
+ size_t alloced;
+ size_t len = 0;
+ size_t bytes;
+ char *res, *end, *p;
+
+ if ((res = malloc(1024)) == NULL)
+ err(1, "Out of memory");
+ alloced = 1024;
+
+ end = res + alloced;
+ p = res;
+ do {
+ if (p == end) {
+ char *tmp;
+
+ if ((tmp = realloc(res, alloced + (alloced > 1))) == NULL)
+ err(1, "Out of memory");
+ alloced += alloced > 1;
+ p = tmp + (p - res);
+ res = tmp;
+ end = res + alloced;
+ }
+ bytes = fread(p, 1, end - p, f);
+ len += bytes;
+ p += bytes;
+ } while (bytes && !feof(f) && !ferror(f));
+
+ if (ferror(f))
+ errx(1, "Could not read all input");
+ if (p == end) {
+ char *tmp;
+
+ if ((tmp = strndup(res, len)) == NULL)
+ err(1, "Out of memory");
+ free(res);
+ res = tmp;
+ }
+ if (strlen(res) != len)
+ err(1, "Embedded NULs in input!");
+ return res;
+}
+
+static void
+json2keytab_entry(heim_dict_t d, krb5_keytab kt, size_t idx)
+{
+ krb5_keytab_entry e;
+ krb5_error_code ret;
+ heim_object_t v;
+ uint64_t u;
+ int64_t i;
+ char *buf = NULL;
+
+ memset(&e, 0, sizeof(e));
+
+ v = heim_dict_get_value(d, HSTR("timestamp"));
+ if (heim_get_tid(v) != HEIM_TID_NUMBER)
+ goto bad;
+ u = heim_number_get_long(v);
+ e.timestamp = u;
+ if (u != (uint64_t)e.timestamp)
+ goto bad;
+
+ v = heim_dict_get_value(d, HSTR("kvno"));
+ if (heim_get_tid(v) != HEIM_TID_NUMBER)
+ goto bad;
+ i = heim_number_get_long(v);
+ e.vno = i;
+ if (i != (int64_t)e.vno)
+ goto bad;
+
+ v = heim_dict_get_value(d, HSTR("enctype_number"));
+ if (heim_get_tid(v) != HEIM_TID_NUMBER)
+ goto bad;
+ i = heim_number_get_long(v);
+ e.keyblock.keytype = i;
+ if (i != (int64_t)e.keyblock.keytype)
+ goto bad;
+
+ v = heim_dict_get_value(d, HSTR("key"));
+ if (heim_get_tid(v) != HEIM_TID_STRING)
+ goto bad;
+ {
+ const char *s = heim_string_get_utf8(v);
+ int declen;
+
+ if ((buf = malloc(strlen(s))) == NULL)
+ err(1, "Out of memory");
+ declen = rk_base64_decode(s, buf);
+ if (declen < 0)
+ goto bad;
+ e.keyblock.keyvalue.data = buf;
+ e.keyblock.keyvalue.length = declen;
+ }
+
+ v = heim_dict_get_value(d, HSTR("principal"));
+ if (heim_get_tid(v) != HEIM_TID_STRING)
+ goto bad;
+ ret = krb5_parse_name(context, heim_string_get_utf8(v), &e.principal);
+ if (ret == 0)
+ ret = krb5_kt_add_entry(context, kt, &e);
+
+ /* For now, ignore aliases; besides, they're never set anywhere in-tree */
+
+ if (ret)
+ krb5_warn(context, ret,
+ "Could not parse or write keytab entry %lu",
+ (unsigned long)idx);
+bad:
+ krb5_free_principal(context, e.principal);
+ free(buf);
+}
+
+int
+kt_import(void *opt, int argc, char **argv)
+{
+ krb5_error_code ret;
+ krb5_keytab kt;
+ heim_object_t o;
+ heim_error_t json_err = NULL;
+ heim_json_flags_t flags = HEIM_JSON_F_STRICT;
+ FILE *f = argc == 0 ? stdin : fopen(argv[0], "r");
+ size_t alen, i;
+ char *json;
+
+ if (f == NULL)
+ err(1, "Could not open file %s", argv[0]);
+
+ json = read_file(f);
+ fclose(f);
+ o = heim_json_create(json, 10, flags, &json_err);
+ free(json);
+ if (o == NULL) {
+ if (json_err != NULL) {
+ o = heim_error_copy_string(json_err);
+ if (o)
+ errx(1, "Could not parse JSON: %s", heim_string_get_utf8(o));
+ }
+ errx(1, "Could not parse JSON");
+ }
+
+ if (heim_get_tid(o) != HEIM_TID_ARRAY)
+ errx(1, "JSON text must be an array");
+
+ alen = heim_array_get_length(o);
+ if (alen == 0)
+ errx(1, "Empty JSON array; not overwriting keytab");
+
+ if ((kt = ktutil_open_keytab()) == NULL)
+ err(1, "Could not open keytab");
+
+ for (i = 0; i < alen; i++) {
+ heim_object_t e = heim_array_get_value(o, i);
+
+ if (heim_get_tid(e) != HEIM_TID_DICT)
+ warnx("Element %ld of JSON text array is not an object", (long)i);
+ else
+ json2keytab_entry(heim_array_get_value(o, i), kt, i);
+ }
+ ret = krb5_kt_close(context, kt);
+ if (ret)
+ krb5_warn(context, ret, "Could not write the keytab");
return ret != 0;
}
diff --git a/admin/change.c b/admin/change.c
index 1ddbded6bf77..b9d0e830d388 100644
--- a/admin/change.c
+++ b/admin/change.c
@@ -36,17 +36,23 @@
RCSID("$Id$");
static krb5_error_code
-change_entry (krb5_keytab keytab,
- krb5_principal principal, krb5_kvno kvno,
- const char *realm, const char *admin_server, int server_port)
+change_entry(krb5_keytab keytab,
+ krb5_principal principal,
+ krb5_kvno kvno,
+ int keep,
+ size_t nkstuple,
+ krb5_key_salt_tuple *kstuple,
+ const char *realm,
+ const char *admin_server,
+ int server_port)
{
krb5_error_code ret;
kadm5_config_params conf;
void *kadm_handle;
char *client_name;
krb5_keyblock *keys;
+ size_t i;
int num_keys;
- int i;
ret = krb5_unparse_name (context, principal, &client_name);
if (ret) {
@@ -96,14 +102,15 @@ change_entry (krb5_keytab keytab,
free (client_name);
return ret;
}
- ret = kadm5_randkey_principal (kadm_handle, principal, &keys, &num_keys);
- kadm5_destroy (kadm_handle);
+ ret = kadm5_randkey_principal_3(kadm_handle, principal, keep, nkstuple,
+ kstuple, &keys, &num_keys);
+ kadm5_destroy(kadm_handle);
if (ret) {
- krb5_warn(context, ret, "kadm5_randkey_principal: %s:", client_name);
+ krb5_warn(context, ret, "kadm5_randkey_principal_3: %s:", client_name);
free (client_name);
return ret;
}
- free (client_name);
+ free(client_name);
for (i = 0; i < num_keys; ++i) {
krb5_keytab_entry new_entry;
@@ -131,18 +138,55 @@ struct change_set {
};
int
-kt_change (struct change_options *opt, int argc, char **argv)
+kt_change(struct change_options *opt, int argc, char **argv)
{
krb5_error_code ret;
krb5_keytab keytab;
krb5_kt_cursor cursor;
krb5_keytab_entry entry;
- int i, j, max;
+ krb5_key_salt_tuple *kstuple = NULL;
+ const char *enctype;
+ size_t i, j, max, nkstuple;
+ int keep = 1;
struct change_set *changeset;
int errors = 0;
- if((keytab = ktutil_open_keytab()) == NULL)
+ i = 0;
+
+ if (opt->keepold_flag) {
+ keep = 1;
+ i++;
+ }
+ if (opt->keepallold_flag) {
+ keep = 2;
+ i++;
+ }
+ if (opt->pruneall_flag) {
+ keep = 0;
+ i++;
+ }
+ if (i > 1) {
+ fprintf(stderr, "use only one of --keepold, --keepallold, or --pruneall\n");
+ return EINVAL;
+ }
+
+ enctype = opt->enctype_string;
+ if (enctype == NULL || enctype[0] == '\0')
+ enctype = krb5_config_get_string(context, NULL, "libdefaults",
+ "supported_enctypes", NULL);
+ if (enctype == NULL || enctype[0] == '\0')
+ enctype = "aes128-cts-hmac-sha1-96";
+ ret = krb5_string_to_keysalts2(context, enctype, &nkstuple, &kstuple);
+ if (ret) {
+ fprintf(stderr, "enctype(s) unknown\n");
+ return ret;
+ }
+
+ /* XXX Parameterize keytab name */
+ if ((keytab = ktutil_open_keytab()) == NULL) {
+ free(kstuple);
return 1;
+ }
j = 0;
max = 0;
@@ -231,11 +275,12 @@ kt_change (struct change_options *opt, int argc, char **argv)
free(client_name);
}
}
- ret = change_entry (keytab,
- changeset[i].principal, changeset[i].kvno,
- opt->realm_string,
- opt->admin_server_string,
- opt->server_port_integer);
+ ret = change_entry(keytab,
+ changeset[i].principal, changeset[i].kvno,
+ keep, nkstuple, kstuple,
+ opt->realm_string,
+ opt->admin_server_string,
+ opt->server_port_integer);
if (ret != 0)
errors = 1;
}
@@ -246,6 +291,7 @@ kt_change (struct change_options *opt, int argc, char **argv)
free (changeset);
out:
+ free(kstuple);
krb5_kt_close(context, keytab);
return errors;
}
diff --git a/admin/copy.c b/admin/copy.c
index 7b50de1c3cb2..8acd6e48ed08 100644
--- a/admin/copy.c
+++ b/admin/copy.c
@@ -47,7 +47,7 @@ compare_keyblock(const krb5_keyblock *a, const krb5_keyblock *b)
}
int
-kt_copy (void *opt, int argc, char **argv)
+kt_copy (struct copy_options *opt, int argc, char **argv)
{
krb5_error_code ret;
krb5_keytab src_keytab, dst_keytab;
@@ -106,11 +106,18 @@ kt_copy (void *opt, int argc, char **argv)
"already exists for %s, keytype %s, kvno %d",
name_str, etype_str, entry.vno);
}
- krb5_kt_free_entry(context, &dummy);
- krb5_kt_free_entry (context, &entry);
- free(name_str);
- free(etype_str);
- continue;
+ if (!opt->copy_duplicates_flag) {
+ krb5_kt_free_entry(context, &dummy);
+ krb5_kt_free_entry (context, &entry);
+ free(name_str);
+ free(etype_str);
+ continue;
+ }
+ /*
+ * Because we can end up trying all keys that match the enctype,
+ * copying entries with duplicate principal, vno, and enctype, but
+ * different keys, can be useful.
+ */
} else if(ret != KRB5_KT_NOTFOUND) {
krb5_warn (context, ret, "%s: fetching %s/%s/%u",
to, name_str, etype_str, entry.vno);
diff --git a/admin/get.c b/admin/get.c
index df294324bccf..1c0a6333a5ab 100644
--- a/admin/get.c
+++ b/admin/get.c
@@ -82,51 +82,91 @@ open_kadmin_connection(char *principal,
return kadm_handle;
}
+static int
+parse_enctypes(struct get_options *opt,
+ size_t *nks,
+ krb5_key_salt_tuple **ks)
+{
+ const char *str;
+ char *s = NULL;
+ char *tmp;
+ size_t i;
+ int ret;
+
+ *nks = 0;
+ *ks = NULL;
+ if (opt->enctypes_strings.num_strings == 0) {
+ str = krb5_config_get_string(context, NULL, "libdefaults",
+ "supported_enctypes", NULL);
+ if (str == NULL)
+ str = "aes128-cts-hmac-sha1-96";
+ return krb5_string_to_keysalts2(context, str, nks, ks);
+ }
+
+ for (i = 0; i < opt->enctypes_strings.num_strings; i++) {
+ if (asprintf(&tmp, "%s%s%s", i ? s : "", i ? "," : "",
+ opt->enctypes_strings.strings[i]) == -1) {
+ free(s);
+ return krb5_enomem(context);
+ }
+ free(s);
+ s = tmp;
+ }
+ ret = krb5_string_to_keysalts2(context, s, nks, ks);
+ free(s);
+ return ret;
+}
+
int
kt_get(struct get_options *opt, int argc, char **argv)
{
krb5_error_code ret = 0;
krb5_keytab keytab;
void *kadm_handle = NULL;
- krb5_enctype *etypes = NULL;
- size_t netypes = 0;
+ krb5_key_salt_tuple *ks = NULL;
+ size_t nks;
size_t i;
- int a, j;
+ int a, j, keep;
unsigned int failed = 0;
- if((keytab = ktutil_open_keytab()) == NULL)
- return 1;
-
- if(opt->realm_string)
- krb5_set_default_realm(context, opt->realm_string);
+ i = 0;
+ keep = 1;
+ if (opt->keepallold_flag) {
+ keep = 2;
+ i++;
+ }
+ if (opt->keepold_flag) {
+ keep = 1;
+ i++;
+ }
+ if (opt->pruneall_flag) {
+ keep = 0;
+ i++;
+ }
+ if (i > 1) {
+ fprintf(stderr, "use only one of --keepold, --keepallold, or --pruneall\n");
+ return EINVAL;
+ }
- if (opt->enctypes_strings.num_strings != 0) {
+ if ((ret = parse_enctypes(opt, &nks, &ks))) {
+ fprintf(stderr, "invalid enctype(s)\n");
+ return ret;
+ }
- etypes = malloc (opt->enctypes_strings.num_strings * sizeof(*etypes));
- if (etypes == NULL) {
- krb5_warnx(context, "malloc failed");
- goto out;
- }
- netypes = opt->enctypes_strings.num_strings;
- for(i = 0; i < netypes; i++) {
- ret = krb5_string_to_enctype(context,
- opt->enctypes_strings.strings[i],
- &etypes[i]);
- if(ret) {
- krb5_warnx(context, "unrecognized enctype: %s",
- opt->enctypes_strings.strings[i]);
- goto out;
- }
- }
+ if((keytab = ktutil_open_keytab()) == NULL) {
+ free(ks);
+ return 1;
}
+ if(opt->realm_string)
+ krb5_set_default_realm(context, opt->realm_string);
for(a = 0; a < argc; a++){
krb5_principal princ_ent;
kadm5_principal_ent_rec princ;
int mask = 0;
krb5_keyblock *keys;
- int n_keys;
+ int n_keys = 0;
int created = 0;
krb5_keytab_entry entry;
@@ -158,22 +198,27 @@ kt_get(struct get_options *opt, int argc, char **argv)
break;
}
- ret = kadm5_create_principal(kadm_handle, &princ, mask, "x");
- if(ret == 0)
- created = 1;
- else if(ret != KADM5_DUP) {
- krb5_warn(context, ret, "kadm5_create_principal(%s)", argv[a]);
- krb5_free_principal(context, princ_ent);
- failed++;
- continue;
- }
- ret = kadm5_randkey_principal(kadm_handle, princ_ent, &keys, &n_keys);
- if (ret) {
- krb5_warn(context, ret, "kadm5_randkey_principal(%s)", argv[a]);
- krb5_free_principal(context, princ_ent);
- failed++;
- continue;
- }
+ if (opt->create_flag) {
+ ret = kadm5_create_principal(kadm_handle, &princ, mask, "thisIs_aUseless.password123");
+ if(ret == 0)
+ created = 1;
+ else if(ret != KADM5_DUP) {
+ krb5_warn(context, ret, "kadm5_create_principal(%s)", argv[a]);
+ krb5_free_principal(context, princ_ent);
+ failed++;
+ continue;
+ }
+ }
+ if (opt->change_keys_flag) {
+ ret = kadm5_randkey_principal_3(kadm_handle, princ_ent, keep, nks, ks,
+ &keys, &n_keys);
+ if (ret) {
+ krb5_warn(context, ret, "kadm5_randkey_principal(%s)", argv[a]);
+ krb5_free_principal(context, princ_ent);
+ failed++;
+ continue;
+ }
+ }
ret = kadm5_get_principal(kadm_handle, princ_ent, &princ,
KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES);
@@ -203,37 +248,22 @@ kt_get(struct get_options *opt, int argc, char **argv)
continue;
}
for(j = 0; j < n_keys; j++) {
- int do_add = TRUE;
-
- if (netypes) {
- size_t k;
-
- do_add = FALSE;
- for (k = 0; k < netypes; ++k)
- if (keys[j].keytype == etypes[k]) {
- do_add = TRUE;
- break;
- }
- }
- if (do_add) {
- entry.principal = princ_ent;
- entry.vno = princ.kvno;
- entry.keyblock = keys[j];
- entry.timestamp = time (NULL);
- ret = krb5_kt_add_entry(context, keytab, &entry);
- if (ret)
- krb5_warn(context, ret, "krb5_kt_add_entry");
- }
+ entry.principal = princ_ent;
+ entry.vno = princ.kvno;
+ entry.keyblock = keys[j];
+ entry.timestamp = time (NULL);
+ ret = krb5_kt_add_entry(context, keytab, &entry);
+ if (ret)
+ krb5_warn(context, ret, "krb5_kt_add_entry");
krb5_free_keyblock_contents(context, &keys[j]);
}
kadm5_free_principal_ent(kadm_handle, &princ);
krb5_free_principal(context, princ_ent);
}
- out:
- free(etypes);
if (kadm_handle)
kadm5_destroy(kadm_handle);
krb5_kt_close(context, keytab);
+ free(ks);
return ret != 0 || failed > 0;
}
diff --git a/admin/ktutil-commands.in b/admin/ktutil-commands.in
index 8bae7ab00250..a85eb5c5715b 100644
--- a/admin/ktutil-commands.in
+++ b/admin/ktutil-commands.in
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2004 Kungliga Tekniska Högskolan
+ * Copyright (c) 2004-2022 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -54,7 +54,7 @@ command = {
short = "e"
type = "string"
argument = "enctype"
- help = "encryption type"
+ help = "encryption type(s)"
}
option = {
long = "password"
@@ -76,6 +76,21 @@ command = {
help = "generate random key"
}
option = {
+ long = "keepold"
+ type = "flag"
+ help = "keep old keys/password needed to decrypt extant tickets (default)"
+ }
+ option = {
+ long = "keepallold"
+ type = "flag"
+ help = "keep all old keys/password"
+ }
+ option = {
+ long = "pruneall"
+ type = "flag"
+ help = "delete all old keys"
+ }
+ option = {
long = "hex"
short = "H"
type = "flag"
@@ -95,6 +110,28 @@ command = {
help = "realm to use"
}
option = {
+ long = "enctype"
+ short = "e"
+ type = "string"
+ argument = "enctype"
+ help = "encryption type(s)"
+ }
+ option = {
+ long = "keepold"
+ type = "flag"
+ help = "keep old keys/password needed to decrypt extant tickets (default)"
+ }
+ option = {
+ long = "keepallold"
+ type = "flag"
+ help = "keep all old keys/password"
+ }
+ option = {
+ long = "pruneall"
+ type = "flag"
+ help = "delete all old keys"
+ }
+ option = {
long = "admin-server"
short = "a"
type = "string"
@@ -114,11 +151,17 @@ command = {
}
command = {
name = "copy"
+ name = "merge"
function = "kt_copy"
+ option = {
+ long = "copy-duplicates"
+ type = "flag"
+ help = "copy entries for the same principal and kvno, but different keys"
+ }
argument = "source destination"
min_args = "2"
max_args = "2"
- help = "Copies one keytab to another."
+ help = "Merges one keytab into another."
}
command = {
name = "get"
@@ -130,6 +173,16 @@ command = {
argument = "principal"
}
option = {
+ long = "create"
+ type = "-flag"
+ help = "do not create the principal"
+ }
+ option = {
+ long = "change-keys"
+ type = "-flag"
+ help = "do not change the principal's keys"
+ }
+ option = {
long = "enctypes"
short = "e"
type = "strings"
@@ -137,6 +190,21 @@ command = {
argument = "enctype"
}
option = {
+ long = "keepold"
+ type = "flag"
+ help = "keep old keys/password needed to decrypt extant tickets (default)"
+ }
+ option = {
+ long = "keepallold"
+ type = "flag"
+ help = "keep all old keys/password"
+ }
+ option = {
+ long = "pruneall"
+ type = "flag"
+ help = "delete all old keys"
+ }
+ option = {
long = "realm"
short = "r"
type = "string"
@@ -163,6 +231,14 @@ command = {
help = "Change keys for specified principals, and add them to the keytab."
}
command = {
+ name = "import"
+ function = "kt_import"
+ help = "Imports a keytab from JSON output of ktutil list --json --keys."
+ min_args = "0"
+ max_args = "1"
+ argument = "JSON-FILE"
+}
+command = {
name = "list"
option = {
long = "keys"
@@ -174,6 +250,11 @@ command = {
type = "flag"
help = "show timestamps"
}
+ option = {
+ long = "json"
+ type = "flag"
+ help = "output JSON representation"
+ }
max_args = "0"
function = "kt_list"
help = "Show contents of keytab."
diff --git a/admin/ktutil.1 b/admin/ktutil.1
index a90541991103..fb8bc382b39c 100644
--- a/admin/ktutil.1
+++ b/admin/ktutil.1
@@ -60,8 +60,9 @@ Verbose output.
.Ar command
can be one of the following:
.Bl -tag -width srvconvert
-.It add Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \
+.It Nm add Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \
Oo Fl V Ar kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e Ar enctype Oc \
+Oo Fl Fl keepold | Fl Fl keepallold | Fl Fl pruneall Oc \
Oo Fl Fl enctype= Ns Ar enctype Oc Oo Fl w Ar password Oc \
Oo Fl Fl password= Ns Ar password Oc Oo Fl r Oc Oo Fl Fl random Oc \
Oo Fl s Oc Oo Fl Fl no-salt Oc Oo Fl H Oc Op Fl Fl hex
@@ -71,7 +72,9 @@ principal to add; if what you really want is to add a new principal to
the keytab, you should consider the
.Ar get
command, which talks to the kadmin server.
-.It change Oo Fl r Ar realm Oc Oo Fl Fl realm= Ns Ar realm Oc \
+.It Nm change Oo Fl r Ar realm Oc Oo Fl Fl realm= Ns Ar realm Oc \
+Oo Fl Fl keepold | Fl Fl keepallold | Fl Fl pruneall Oc \
+Oo Fl Fl enctype= Ns Ar enctype Oc \
Oo Fl Fl a Ar host Oc Oo Fl Fl admin-server= Ns Ar host Oc \
Oo Fl Fl s Ar port Oc Op Fl Fl server-port= Ns Ar port
Update one or several keys to new versions. By default, use the admin
@@ -79,29 +82,68 @@ server for the realm of a keytab entry. Otherwise it will use the
values specified by the options.
.Pp
If no principals are given, all the ones in the keytab are updated.
-.It copy Ar keytab-src Ar keytab-dest
+.It Nm copy Oo Fl Fl copy-duplicates Oc Ar keytab-src Ar keytab-dest
Copies all the entries from
.Ar keytab-src
to
.Ar keytab-dest .
-.It get Oo Fl p Ar admin principal Oc \
+Because entries already in
+.Ar keytab-dest
+are kept, this command functions to merge keytabs.
+Entries for the same principal, key version number, and
+encryption type in the
+.Ar keytab-src
+that are also in the
+.Ar keytab-dest
+will not be copied to the
+.Ar keytab-dest
+unless the
+.Fl Fl copy-duplicates
+option is given.
+.It Nm get Oo Fl p Ar admin principal Oc \
Oo Fl Fl principal= Ns Ar admin principal Oc Oo Fl e Ar enctype Oc \
+Oo Fl Fl no-create Oc \
+Oo Fl Fl no-change-keys Oc \
+Oo Fl Fl keepold | Fl Fl keepallold | Fl Fl pruneall Oc \
Oo Fl Fl enctypes= Ns Ar enctype Oc Oo Fl r Ar realm Oc \
Oo Fl Fl realm= Ns Ar realm Oc Oo Fl a Ar admin server Oc \
Oo Fl Fl admin-server= Ns Ar admin server Oc Oo Fl s Ar server port Oc \
Oo Fl Fl server-port= Ns Ar server port Oc Ar principal ...
+.Pp
For each
.Ar principal ,
-generate a new key for it (creating it if it doesn't already exist),
-and put that key in the keytab.
+get a the principal's keys from the KDC via the kadmin protocol,
+creating the principal if it doesn't exist (unless
+.Fl Fl no-create
+is given), and changing its keys to new random keys (unless
+.Fl Fl no-change-keys
+is given).
.Pp
If no
.Ar realm
is specified, the realm to operate on is taken from the first
principal.
-.It list Oo Fl Fl keys Oc Op Fl Fl timestamp
+.It Nm import Oo JSON-FILE Oc
+Read an array of keytab entries in a JSON file and copy them to
+the keytab.
+Use the
+.Nm list
+command with its
+.Fl Fl json
+option
+and
+.Fl Fl keys
+option to export a keytab.
+.It Nm list Oo Fl Fl keys Oc Op Fl Fl timestamp Oo Op Fl Fl json Oc
List the keys stored in the keytab.
-.It remove Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \
+Use the
+.Fl Fl json
+and
+.Fl Fl keys
+options to export a keytab as JSON for importing with the
+.Nm import
+command.
+.It Nm remove Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \
Oo Fl V kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e enctype Oc \
Oo Fl Fl enctype= Ns Ar enctype Oc
Removes the specified key or keys. Not specifying a
@@ -109,16 +151,79 @@ Removes the specified key or keys. Not specifying a
removes keys with any version number. Not specifying an
.Ar enctype
removes keys of any type.
-.It rename Ar from-principal Ar to-principal
-Renames all entries in the keytab that match the
+.It Nm merge Oo Fl Fl copy-duplicates Oc Ar keytab-src Ar keytab-dest
+An alias for the
+.Nm copy
+command.
+.It Nm rename Ar from-principal Ar to-principal
+Renames all entries for the
+.Ar from-principal
+in the keytab
.Ar from-principal
to
.Ar to-principal .
-.It purge Op Fl Fl age= Ns Ar age
+.It Nm purge Op Fl Fl age= Ns Ar age
Removes all old versions of a key for which there is a newer version
that is at least
.Ar age
(default one week) old.
+Note that this does not update the KDC database.
+The
+.Xr kadmin 1
+command has a
+.Nm prune
+command that can do this on the KDC side.
.El
+.Sh ENVIRONMENT
+.Bl -tag -width Ds
+.It Ev KRB5_KTNAME
+Specifies the default keytab.
+.It Ev KRB5_CONFIG
+The file name of
+.Pa krb5.conf ,
+the default being
+.Pa /etc/krb5.conf .
+.El
+.Sh KEYTAB NAMING
+The syntax for the value of the
+.Ql KRB5_KTNAME
+environment variable and
+.Oo Fl k Ar keytab \*(Ba Xo
+.Fl Fl keytab= Ns Ar keytab
+.Xc
+.Oc
+options is
+.Ql TYPE:name
+where the TYPE is one of
+.Ql FILE ,
+.Ql HDBGET ,
+.Ql HDB ,
+or
+.Ql ANY ,
+and the name syntax is specific to the keytab type.
+.Pp
+For the FILE keytab type the name is the path to a file whose
+format is the well-known keytab file format used by MIT Kerberos,
+Heimdal, Java, and others.
+.Pp
+For the HDB and HDBGET keytab types the name syntax is
+.Ql [<path>][:mkey=<path>]
+where the first path is the path to the HDB and the second path
+is the path to the master key file.
+Note that to use the HDB and HDBGET keytab types in a program
+linked with Heimdal libraries one first load the
+.Ql libhdb
+library and then register their keytab methods using
+.Xr krb5_kt_register 3 .
+Note also that
+.Nm ktutil
+does not load and register the HDB and HDBGET keytab types at
+this time.
+.Pp
+The ANY keytab type name syntax is a sequence of other keytab
+names (including their TYPE: prefix) separated by commas.
+Note that there is no escape sequence for commas in keytab names.
.Sh SEE ALSO
.Xr kadmin 1
+.Xr kinit 1
+.Xr krb5_kt_register 3
diff --git a/admin/ktutil.cat1 b/admin/ktutil.cat1
deleted file mode 100644
index e3cba56269a1..000000000000
--- a/admin/ktutil.cat1
+++ /dev/null
@@ -1,70 +0,0 @@
-KTUTIL(1) BSD General Commands Manual KTUTIL(1)
-
-NAME
- ktutil -- manage Kerberos keytabs
-
-SYNOPSIS
- ktutil [-k keytab | --keytab=keytab] [-v | --verbose] [--version]
- [-h | --help] command [args]
-
-DESCRIPTION
- ktutil is a program for managing keytabs. Supported options:
-
- -v, --verbose
- Verbose output.
-
- command can be one of the following:
-
- add [-p principal] [--principal=principal] [-V kvno] [--kvno=kvno] [-e
- enctype] [--enctype=enctype] [-w password]
- [--password=password] [-r] [--random] [-s] [--no-salt] [-H]
- [--hex]
- Adds a key to the keytab. Options that are not specified will
- be prompted for. This requires that you know the password or
- the hex key of the principal to add; if what you really want
- is to add a new principal to the keytab, you should consider
- the get command, which talks to the kadmin server.
-
- change [-r realm] [--realm=realm] [--a host] [--admin-server=host] [--s
- port] [--server-port=port]
- Update one or several keys to new versions. By default, use
- the admin server for the realm of a keytab entry. Otherwise
- it will use the values specified by the options.
-
- If no principals are given, all the ones in the keytab are
- updated.
-
- copy keytab-src keytab-dest
- Copies all the entries from keytab-src to keytab-dest.
-
- get [-p admin principal] [--principal=admin principal] [-e enctype]
- [--enctypes=enctype] [-r realm] [--realm=realm] [-a admin
- server] [--admin-server=admin server] [-s server port]
- [--server-port=server port] principal ...
- For each principal, generate a new key for it (creating it if
- it doesn't already exist), and put that key in the keytab.
-
- If no realm is specified, the realm to operate on is taken
- from the first principal.
-
- list [--keys] [--timestamp]
- List the keys stored in the keytab.
-
- remove [-p principal] [--principal=principal] [-V -kvno] [--kvno=kvno]
- [-e -enctype] [--enctype=enctype]
- Removes the specified key or keys. Not specifying a kvno re-
- moves keys with any version number. Not specifying an enctype
- removes keys of any type.
-
- rename from-principal to-principal
- Renames all entries in the keytab that match the
- from-principal to to-principal.
-
- purge [--age=age]
- Removes all old versions of a key for which there is a newer
- version that is at least age (default one week) old.
-
-SEE ALSO
- kadmin(1)
-
-HEIMDAL April 14, 2005 HEIMDAL
diff --git a/admin/list.c b/admin/list.c
index 31be54611157..22ccdcac8cb2 100644
--- a/admin/list.c
+++ b/admin/list.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2022 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -32,6 +32,7 @@
*/
#include "ktutil_locl.h"
+#include <heimbase.h>
#include <rtbl.h>
RCSID("$Id$");
@@ -131,7 +132,8 @@ do_list(struct list_options *opt, const char *keytab_str)
struct rk_strpool *p = NULL;
for (i = 0; i< entry.aliases->len; i++) {
- krb5_unparse_name_fixed(context, entry.principal, buf, sizeof(buf));
+ krb5_unparse_name_fixed(context, &entry.aliases->val[i],
+ buf, sizeof(buf));
p = rk_strpoolprintf(p, "%s%s", buf,
i + 1 < entry.aliases->len ? ", " : "");
@@ -152,6 +154,136 @@ out:
return ret;
}
+static int
+do_list1_json(struct list_options *opt,
+ const char *keytab_str,
+ heim_array_t a)
+{
+ krb5_error_code ret;
+ krb5_keytab keytab;
+ krb5_keytab_entry entry;
+ krb5_kt_cursor cursor;
+
+ ret = krb5_kt_resolve(context, keytab_str, &keytab);
+ if (ret) {
+ krb5_warn(context, ret, "resolving keytab %s", keytab_str);
+ return ret;
+ }
+
+ ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+ if(ret) {
+ krb5_warn(context, ret, "krb5_kt_start_seq_get %s", keytab_str);
+ krb5_kt_close(context, keytab);
+ return ret;
+ }
+
+ //if (opt->timestamp_flag)
+ //if (opt->keys_flag)
+
+ while (krb5_kt_next_entry(context, keytab, &entry, &cursor) == 0) {
+ heim_dict_t d = heim_dict_create(5);
+ heim_object_t o;
+ char *s;
+
+ heim_array_append_value(a, d);
+ heim_dict_set_value(d, HSTR("keytab"),
+ o = heim_string_create(keytab_str)); heim_release(o);
+ heim_dict_set_value(d, HSTR("kvno"), o = heim_number_create(entry.vno));
+ heim_release(o);
+ heim_dict_set_value(d, HSTR("enctype_number"),
+ o = heim_number_create(entry.keyblock.keytype));
+ heim_release(o);
+ heim_dict_set_value(d, HSTR("flags"),
+ o = heim_number_create(entry.flags));
+ heim_release(o);
+ ret = krb5_enctype_to_string(context, entry.keyblock.keytype, &s);
+ if (ret == 0) {
+ heim_dict_set_value(d, HSTR("enctype"), o = heim_string_create(s));
+ heim_release(o);
+ free(s);
+ }
+ heim_dict_set_value(d, HSTR("timestamp"),
+ o = heim_number_create(entry.timestamp));
+ heim_release(o);
+
+ ret = krb5_unparse_name(context, entry.principal, &s);
+ if (ret)
+ krb5_err(context, 1, ret, "Could not format principal");
+ heim_dict_set_value(d, HSTR("principal"), o = heim_string_create(s));
+ heim_release(o);
+ free(s);
+
+ if (opt->keys_flag) {
+ o = heim_data_create(entry.keyblock.keyvalue.data,
+ entry.keyblock.keyvalue.length);
+ heim_dict_set_value(d, HSTR("key"), o);
+ heim_release(o);
+ }
+ if (entry.aliases) {
+ heim_array_t aliases = heim_array_create();
+ unsigned int i;
+
+ for (i = 0; i< entry.aliases->len; i++) {
+ ret = krb5_unparse_name(context, &entry.aliases->val[i], &s);
+ if (ret)
+ krb5_err(context, 1, ret, "Could not format principal");
+ heim_array_append_value(aliases, o = heim_string_create(s));
+ heim_release(o);
+ free(s);
+ }
+ heim_dict_set_value(d, HSTR("aliases"), aliases);
+ heim_release(aliases);
+ }
+
+ krb5_kt_free_entry(context, &entry);
+ heim_release(d);
+ }
+
+ ret = krb5_kt_end_seq_get(context, keytab, &cursor);
+ krb5_kt_close(context, keytab);
+ return ret;
+}
+
+static int
+do_list_json(struct list_options *opt, const char *keytab_str)
+{
+ krb5_error_code ret = 0;
+ heim_json_flags_t flags =
+ (HEIM_JSON_F_STRICT | HEIM_JSON_F_INDENT2 | HEIM_JSON_F_NO_DATA_DICT) &
+ ~HEIM_JSON_F_NO_DATA;
+ heim_array_t a = heim_array_create();
+ heim_string_t s;
+
+ /*
+ * Special-case the ANY: keytab type. What do we get from this? We get to
+ * include the actual keytab name for each entry in its JSON
+ * representation. Otherwise there would be no point because the ANY:
+ * keytab type iterates all the keytabs it joins.
+ *
+ * Why strncasecmp() though? Because do_list() uses it, though it arguably
+ * never should have.
+ */
+ if (strncasecmp(keytab_str, "ANY:", 4) == 0) {
+ char buf[1024];
+
+ keytab_str += 4;
+ ret = 0;
+ while (strsep_copy((const char**)&keytab_str, ",",
+ buf, sizeof(buf)) != -1) {
+ if (do_list1_json(opt, buf, a))
+ ret = 1;
+ }
+ } else {
+ ret = do_list1_json(opt, keytab_str, a);
+ }
+
+ s = heim_json_copy_serialize(a, flags, NULL);
+ printf("%s", heim_string_get_utf8(s));
+ heim_release(a);
+ heim_release(s);
+ return ret;
+}
+
int
kt_list(struct list_options *opt, int argc, char **argv)
{
@@ -168,5 +300,7 @@ kt_list(struct list_options *opt, int argc, char **argv)
}
keytab_string = kt;
}
+ if (opt->json_flag)
+ return do_list_json(opt, keytab_string) != 0;
return do_list(opt, keytab_string) != 0;
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-09 04:41:53 +0000