int help_flag = 0;
int optind = 0;
int i, j;
+ struct getarg_strings etype_strs = {0, NULL};
+ krb5_enctype *etypes = NULL;
+ size_t netypes = 0;
struct getargs args[] = {
{ "principal", 'p', arg_string, NULL,
"admin principal", "principal"
},
+ { "enctypes", 'e', arg_strings, NULL,
+ "encryption types to use", "enctypes" },
{ "realm", 'r', arg_string, NULL,
"realm to use", "realm"
},
};
args[0].value = &principal;
- args[1].value = &realm;
- args[2].value = &admin_server;
- args[3].value = &server_port;
- args[4].value = &help_flag;
+ args[1].value = &etype_strs;
+ args[2].value = &realm;
+ args[3].value = &admin_server;
+ args[4].value = &server_port;
+ args[5].value = &help_flag;
memset(&conf, 0, sizeof(conf));
return 0;
}
+ if (etype_strs.num_strings) {
+ int i;
+
+ etypes = malloc (etype_strs.num_strings * sizeof(*etypes));
+ if (etypes == NULL) {
+ krb5_warnx(context, "malloc failed");
+ goto out;
+ }
+ netypes = etype_strs.num_strings;
+ for(i = 0; i < netypes; i++) {
+ ret = krb5_string_to_enctype(context,
+ etype_strs.strings[i],
+ &etypes[i]);
+ if(ret) {
+ krb5_warnx(context, "unrecognized enctype: %s",
+ etype_strs.strings[i]);
+ goto out;
+ }
+ }
+ }
+
if(realm) {
krb5_set_default_realm(context, realm); /* XXX should be fixed
some other way */
continue;
}
for(j = 0; j < n_keys; j++) {
- entry.principal = princ_ent;
- entry.vno = princ.kvno;
- entry.keyblock = keys[j];
- entry.timestamp = time (NULL);
- ret = krb5_kt_add_entry(context, keytab, &entry);
+ int do_add = TRUE;
+
+ if (netypes) {
+ int i;
+
+ do_add = FALSE;
+ for (i = 0; i < netypes; ++i)
+ if (keys[j].keytype == etypes[i]) {
+ do_add = TRUE;
+ break;
+ }
+ }
+ if (do_add) {
+ entry.principal = princ_ent;
+ entry.vno = princ.kvno;
+ entry.keyblock = keys[j];
+ entry.timestamp = time (NULL);
+ ret = krb5_kt_add_entry(context, keytab, &entry);
+ if (ret)
+ krb5_warn(context, ret, "krb5_kt_add_entry");
+ }
krb5_free_keyblock_contents(context, &keys[j]);
}
kadm5_free_principal_ent(kadm_handle, &princ);
krb5_free_principal(context, princ_ent);
}
+ out:
+ free_getarg_strings(&etype_strs);
+ free(etypes);
kadm5_destroy(kadm_handle);
return 0;
}