"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "msktkrb5.cpp" between
msktutil-1.1.tar.bz2 and msktutil-1.2.1.tar.gz

About: msktutil is a program for interoperability with Active Directory.

[ To the main msktutil source changes report ]

msktkrb5.cpp  (msktutil-1.1.tar.bz2):msktkrb5.cpp  (msktutil-1.2.1)
skipping to change at line 124 skipping to change at line 124
std::string lower_accountname = flags->sAMAccountName_nodollar; std::string lower_accountname = flags->sAMAccountName_nodollar;
for(std::string::iterator it = lower_accountname.begin(); for(std::string::iterator it = lower_accountname.begin();
it != lower_accountname.end(); ++it) { it != lower_accountname.end(); ++it) {
*it = std::tolower(*it); *it = std::tolower(*it);
} }
salt = sform("%shost%s.%s", salt = sform("%shost%s.%s",
flags->realm_name.c_str(), flags->realm_name.c_str(),
lower_accountname.c_str(), lower_accountname.c_str(),
flags->lower_realm_name.c_str()); flags->lower_realm_name.c_str());
} }
VERBOSE("Using salt of %s", salt.c_str()); VERBOSE("Using salt: %s", salt.c_str());
return(salt); return(salt);
} }
int flush_keytab(msktutil_flags *flags) int flush_keytab(msktutil_flags *flags)
{ {
VERBOSE("Flushing the keytab"); VERBOSE("Flushing the keytab");
KRB5Keytab keytab(flags->keytab_writename); KRB5Keytab keytab(flags->keytab_writename);
std::vector<KRB5KeytabEntry> keytab_entries; std::vector<KRB5KeytabEntry> keytab_entries;
skipping to change at line 153 skipping to change at line 153
size_t first_chr = principal_name.find('/') + 1; size_t first_chr = principal_name.find('/') + 1;
size_t last_chr = principal_name.rfind('@'); size_t last_chr = principal_name.rfind('@');
std::string host = principal_name.substr(first_chr, std::string host = principal_name.substr(first_chr,
last_chr - first_chr); last_chr - first_chr);
if (host != flags->hostname) { if (host != flags->hostname) {
continue; continue;
} }
VERBOSE("Deleting %s kvno=%d, enctype=%d", principal_name.c_str(), it->k vno(), it->enctype()); VERBOSE("Deleting %s (kvno=%d, enctype=%d) from keytab", principal_name. c_str(), it->kvno(), it->enctype());
keytab.removeEntry(principal, it->kvno(), it->enctype()); keytab.removeEntry(principal, it->kvno(), it->enctype());
} }
return ldap_flush_principals(flags); return ldap_flush_principals(flags);
} }
void cleanup_keytab(msktutil_flags *flags) void cleanup_keytab(msktutil_flags *flags)
{ {
VERBOSE("Cleaning the keytab"); VERBOSE("Cleaning the keytab");
KRB5Keytab keytab(flags->keytab_writename); KRB5Keytab keytab(flags->keytab_writename);
skipping to change at line 178 skipping to change at line 178
for (KRB5Keytab::cursor cursor(keytab); cursor.next(); ) { for (KRB5Keytab::cursor cursor(keytab); cursor.next(); ) {
keytab_entries.push_back(cursor); keytab_entries.push_back(cursor);
} }
/* cleanup all entries that match --remove-enctype */ /* cleanup all entries that match --remove-enctype */
for (std::vector<KRB5KeytabEntry>::iterator it = keytab_entries.begin(); it != keytab_entries.end(); it++) { for (std::vector<KRB5KeytabEntry>::iterator it = keytab_entries.begin(); it != keytab_entries.end(); it++) {
if (it->enctype() != flags->cleanup_enctype) { if (it->enctype() != flags->cleanup_enctype) {
continue; continue;
} }
KRB5Principal principal(it->principal()); KRB5Principal principal(it->principal());
VERBOSE("Deleting %s kvno=%d, enctype=%d", principal.name().c_str(), it- >kvno(), it->enctype()); VERBOSE("Deleting %s with kvno=%d, enctype=%d from keytab", principal.na me().c_str(), it->kvno(), it->enctype());
keytab.removeEntry(principal, it->kvno(), it->enctype()); keytab.removeEntry(principal, it->kvno(), it->enctype());
} }
/* stop further processing unless --remove-old was given */ /* stop further processing unless --remove-old was given */
if (flags->cleanup_days == -1) { if (flags->cleanup_days == -1) {
return; return;
} }
/* Sort vector by timestamp in descending order */ /* Sort vector by timestamp in descending order */
std::sort(keytab_entries.rbegin(), keytab_entries.rend()); std::sort(keytab_entries.rbegin(), keytab_entries.rend());
skipping to change at line 210 skipping to change at line 210
* principal, but then there's no way to get rid of truely obsolete * principal, but then there's no way to get rid of truely obsolete
* principals. */ * principals. */
krb5_kvno keep_kvno = it->kvno(); krb5_kvno keep_kvno = it->kvno();
time_t min_keep_timestamp = time(0) - flags->cleanup_days * 60 * 60 * 24; time_t min_keep_timestamp = time(0) - flags->cleanup_days * 60 * 60 * 24;
for (; it != keytab_entries.end(); it++) { for (; it != keytab_entries.end(); it++) {
if (it->timestamp() > min_keep_timestamp || it->kvno() == keep_kvno) { if (it->timestamp() > min_keep_timestamp || it->kvno() == keep_kvno) {
continue; continue;
} }
KRB5Principal principal(it->principal()); KRB5Principal principal(it->principal());
VERBOSE("Deleting %s kvno=%d, enctype=%d", principal.name().c_str(), it- >kvno(), it->enctype()); VERBOSE("Deleting %s (kvno=%d, enctype=%d) from keytab", principal.name( ).c_str(), it->kvno(), it->enctype());
keytab.removeEntry(principal, it->kvno(), it->enctype()); keytab.removeEntry(principal, it->kvno(), it->enctype());
} }
} }
void remove_keytab_entries(msktutil_flags *flags, void remove_keytab_entries(msktutil_flags *flags,
std::vector<std::string> remove_principals) std::vector<std::string> remove_principals)
{ {
KRB5Keytab keytab(flags->keytab_writename); KRB5Keytab keytab(flags->keytab_writename);
VERBOSE("Trying to remove entries for %s from keytab", flags->sAMAccountName .c_str()); VERBOSE("Trying to remove entries for %s from keytab", flags->sAMAccountName .c_str());
skipping to change at line 235 skipping to change at line 235
for (KRB5Keytab::cursor cursor(keytab); cursor.next(); ) { for (KRB5Keytab::cursor cursor(keytab); cursor.next(); ) {
keytab_entries.push_back(cursor); keytab_entries.push_back(cursor);
} }
for (std::vector<KRB5KeytabEntry>::iterator it = keytab_entries.begin(); it != keytab_entries.end(); it++) { for (std::vector<KRB5KeytabEntry>::iterator it = keytab_entries.begin(); it != keytab_entries.end(); it++) {
KRB5Principal principal(it->principal()); KRB5Principal principal(it->principal());
std::string principal_name(principal.name()); std::string principal_name(principal.name());
for (size_t i = 0; i < remove_principals.size(); ++i) { for (size_t i = 0; i < remove_principals.size(); ++i) {
std::string remove_principal = remove_principals[i] + "@" + flags->r ealm_name; std::string remove_principal = remove_principals[i] + "@" + flags->r ealm_name;
if (principal_name.compare(remove_principal) == 0) { if (principal_name.compare(remove_principal) == 0) {
VERBOSE("Deleting %s kvno=%d, enctype=%d", principal.name().c_st r(), it->kvno(), it->enctype()); VERBOSE("Deleting %s (kvno=%d, enctype=%d) from keytab", princip al.name().c_str(), it->kvno(), it->enctype());
keytab.removeEntry(principal, it->kvno(), it->enctype()); keytab.removeEntry(principal, it->kvno(), it->enctype());
} }
} }
} }
} }
void add_keytab_entries(msktutil_flags *flags) void add_keytab_entries(msktutil_flags *flags)
{ {
KRB5Keytab keytab(flags->keytab_writename); KRB5Keytab keytab(flags->keytab_writename);
skipping to change at line 310 skipping to change at line 310
{ {
VERBOSE("Updating all entries for %s", flags->sAMAccountName.c_str()); VERBOSE("Updating all entries for %s", flags->sAMAccountName.c_str());
add_principal_keytab(flags->sAMAccountName, flags); add_principal_keytab(flags->sAMAccountName, flags);
if (!flags->use_service_account) { if (!flags->use_service_account) {
add_principal_keytab(flags->sAMAccountName_uppercase, flags); add_principal_keytab(flags->sAMAccountName_uppercase, flags);
} }
/* add upn */ /* add upn */
if (!flags->userPrincipalName.empty()) { if (!flags->userPrincipalName.empty()) {
add_principal_keytab(flags->userPrincipalName, flags); add_principal_keytab(flags->userPrincipalName, flags);
} }
/* add host/<short_hostname> */
if (!flags->use_service_account) {
add_principal_keytab("host/" + get_short_hostname(flags), flags);
}
for (size_t i = 0; i < flags->ad_principals.size(); ++i) { for (size_t i = 0; i < flags->ad_principals.size(); ++i) {
if ((flags->userPrincipalName.empty()) || if ((flags->userPrincipalName.empty()) ||
flags->userPrincipalName.compare(flags->ad_principals[i]) != 0) { flags->userPrincipalName.compare(flags->ad_principals[i]) != 0) {
add_principal_keytab(flags->ad_principals[i], flags); add_principal_keytab(flags->ad_principals[i], flags);
} else { } else {
VERBOSE("Entries for SPN %s have already been added. Skipping ...", VERBOSE("Entries for SPN %s have already been added. Skipping ...",
flags->ad_principals[i].c_str() flags->ad_principals[i].c_str()
); );
} }
} }
skipping to change at line 362 skipping to change at line 358
/* Keys for this kvno may still be valid, but any older entries for /* Keys for this kvno may still be valid, but any older entries for
* different keys (different kvno) have definitely been stale for more * different keys (different kvno) have definitely been stale for more
* than min_keep_timestamp, and can therefore be pruned. */ * than min_keep_timestamp, and can therefore be pruned. */
krb5_kvno keep_kvno = it->kvno(); krb5_kvno keep_kvno = it->kvno();
for (; it != keytab_entries.end(); it++) { for (; it != keytab_entries.end(); it++) {
if (it->kvno() == keep_kvno) if (it->kvno() == keep_kvno)
continue; continue;
KRB5Principal principal(it->principal()); KRB5Principal principal(it->principal());
VERBOSE("Deleting %s kvno=%d, enctype=%d", VERBOSE("Deleting %s (kvno=%d, enctype=%d) from keytab",
principal.name().c_str(), it->kvno(), it->enctype()); principal.name().c_str(), it->kvno(), it->enctype());
keytab.removeEntry(principal, it->kvno(), it->enctype()); keytab.removeEntry(principal, it->kvno(), it->enctype());
} }
} }
void add_principal_keytab(const std::string &principal, msktutil_flags *flags) void add_principal_keytab(const std::string &principal, msktutil_flags *flags)
{ {
VERBOSE("Adding principal to keytab: %s", principal.c_str());
KRB5Keytab keytab(flags->keytab_writename);
std::string principal_string = ""; std::string principal_string = "";
if (principal.find("@") != std::string::npos) { if (principal.find("@") != std::string::npos) {
principal_string = sform("%s", principal.c_str()); principal_string = sform("%s", principal.c_str());
} else { } else {
principal_string = sform("%s@%s", principal_string = sform("%s@%s",
principal.c_str(), principal.c_str(),
flags->realm_name.c_str()); flags->realm_name.c_str());
} }
VERBOSE("Adding principal to keytab: %s", principal_string.c_str());
VERBOSE("Using supportedEncryptionTypes: %d", flags->ad_supportedEncryptionT
ypes);
/* FIXME: Why do we use a fixed magic number instead of reusing /* FIXME: Why do we use a fixed magic number instead of reusing
* flags->cleanup_days for update as well? */ * flags->cleanup_days for update as well? */
krb5_timestamp min_keep_timestamp = time(NULL) - (7*24*60*60); krb5_timestamp min_keep_timestamp = time(NULL) - (7*24*60*60);
KRB5Principal princ(principal_string); KRB5Principal princ(principal_string);
KRB5Keytab keytab(flags->keytab_writename);
prune_keytab(keytab, princ, min_keep_timestamp); prune_keytab(keytab, princ, min_keep_timestamp);
std::vector<uint32_t> enc_types; std::vector<int32_t> enc_types;
if (flags->ad_supportedEncryptionTypes & MS_KERB_ENCTYPE_DES_CBC_CRC) { if (flags->ad_supportedEncryptionTypes & MS_KERB_ENCTYPE_DES_CBC_CRC) {
enc_types.push_back(ENCTYPE_DES_CBC_CRC); enc_types.push_back(ENCTYPE_DES_CBC_CRC);
} }
if (flags->ad_supportedEncryptionTypes & MS_KERB_ENCTYPE_DES_CBC_MD5) { if (flags->ad_supportedEncryptionTypes & MS_KERB_ENCTYPE_DES_CBC_MD5) {
enc_types.push_back(ENCTYPE_DES_CBC_MD5); enc_types.push_back(ENCTYPE_DES_CBC_MD5);
} }
if (flags->ad_supportedEncryptionTypes & MS_KERB_ENCTYPE_RC4_HMAC_MD5) { if (flags->ad_supportedEncryptionTypes & MS_KERB_ENCTYPE_RC4_HMAC_MD5) {
enc_types.push_back(ENCTYPE_ARCFOUR_HMAC); enc_types.push_back(ENCTYPE_ARCFOUR_HMAC);
} }
#if HAVE_DECL_ENCTYPE_AES128_CTS_HMAC_SHA1_96 #if HAVE_DECL_ENCTYPE_AES128_CTS_HMAC_SHA1_96
skipping to change at line 419 skipping to change at line 415
enc_types.push_back(ENCTYPE_AES256_CTS_HMAC_SHA1_96); enc_types.push_back(ENCTYPE_AES256_CTS_HMAC_SHA1_96);
} }
#endif #endif
std::string salt = get_salt(flags); std::string salt = get_salt(flags);
std::string password = flags->dont_change_password ? std::string password = flags->dont_change_password ?
flags->old_account_password : flags->password; flags->old_account_password : flags->password;
if (password.empty()) { if (password.empty()) {
VERBOSE("No password available, skipping creation " VERBOSE("No password available, skipping creation "
"of password based keytab ntries"); "of password-based keytab entries");
} else { } else {
for(size_t i = 0; i < enc_types.size(); ++i) { for(size_t i = 0; i < enc_types.size(); ++i) {
VERBOSE(" Adding entry of enctype 0x%x", enc_types[i]); VERBOSE(" Adding entry of enctype 0x%x", enc_types[i]);
keytab.addEntry(princ, flags->kvno, keytab.addEntry(princ, flags->kvno,
static_cast<krb5_enctype>(enc_types[i]), static_cast<krb5_enctype>(enc_types[i]),
password, salt); password, salt);
} }
} }
} }
 End of changes. 12 change blocks. 
15 lines changed or deleted 12 lines changed or added
To the C++ Programs (all 8): section of the msktutil source changes report or the top of this page
Mainly generated by pkgdiff using rfcdiff
Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)