Ejemplo n.º 1
0
  /** Deletes an entry from the key table. */
  void deleteEntry() {
    PrincipalName pname = null;
    try {
      pname = new PrincipalName(principal);
      if (pname.getRealm() == null) {
        pname.setRealm(Config.getInstance().getDefaultRealm());
      }
      String answer;
      BufferedReader cis = new BufferedReader(new InputStreamReader(System.in));
      System.out.print(
          "Are you sure you want to "
              + " delete service key for "
              + pname.toString()
              + " in "
              + table.tabName()
              + "?(Y/N) :");

      System.out.flush();
      answer = cis.readLine();
      if (answer.equalsIgnoreCase("Y") || answer.equalsIgnoreCase("Yes")) ;
      else {
        // no error, the user did not want to delete the entry
        System.exit(0);
      }

    } catch (KrbException e) {
      System.err.println("Error occured while deleting the entry. " + "Deletion failed.");
      e.printStackTrace();
      System.exit(-1);
    } catch (IOException e) {
      System.err.println("Error occured while deleting the entry. " + " Deletion failed.");
      e.printStackTrace();
      System.exit(-1);
    }
    // admin.deleteEntry(pname);
    table.deleteEntry(pname);

    try {
      table.save();
    } catch (IOException e) {
      System.err.println("Error occurs while saving the keytab." + "Deletion fails.");
      e.printStackTrace();
      System.exit(-1);
    }
    System.out.println("Done!");
  }
Ejemplo n.º 2
0
  /**
   * Adds a service key to key table. If the specified key table does not exist, the program will
   * automatically generate a new key table.
   */
  void addEntry() {
    PrincipalName pname = null;
    try {
      pname = new PrincipalName(principal);
      if (pname.getRealm() == null) {
        pname.setRealm(Config.getInstance().getDefaultRealm());
      }
    } catch (KrbException e) {
      System.err.println("Failed to add " + principal + " to keytab.");
      e.printStackTrace();
      System.exit(-1);
    }
    if (password == null) {
      try {
        BufferedReader cis = new BufferedReader(new InputStreamReader(System.in));
        System.out.print("Password for " + pname.toString() + ":");
        System.out.flush();
        password = new StringBuffer().append(cis.readLine());
      } catch (IOException e) {
        System.err.println("Failed to read the password.");
        e.printStackTrace();
        System.exit(-1);
      }
    }
    try {
      // admin.addEntry(pname, password);
      table.addEntry(pname, password);
      // admin.save();
      table.save();
      System.out.println("Done!");
      System.out.println("Service key for " + principal + " is saved in " + table.tabName());

    } catch (KrbCryptoException e) {
      System.err.println("Failed to add " + principal + " to keytab.");
      e.printStackTrace();
      System.exit(-1);
    } catch (IOException e) {
      System.err.println("Failed to save new entry.");
      e.printStackTrace();
      System.exit(-1);
    }
  }
Ejemplo n.º 3
0
  /**
   * Encrypts the data using DES in CBC mode.
   *
   * @param data the buffer for plain text.
   * @param key the key to encrypt the data.
   * @param ivec initialization vector.
   * @return buffer for encrypted data.
   * @modified by Yanni Zhang, Feb 24 00.
   */
  public byte[] encrypt(byte[] data, byte[] key, byte[] ivec, int usage) throws KrbCryptoException {

    /*
     * To meet export control requirements, double check that the
     * key being used is no longer than 64 bits.
     *
     * Note that from a protocol point of view, an
     * algorithm that is not DES will be rejected before this
     * point. Also, a  DES key that is not 64 bits will be
     * rejected by a good implementations of JCE.
     */
    if (key.length > 8) throw new KrbCryptoException("Invalid DES Key!");

    int new_size = data.length + confounderSize() + checksumSize();
    byte[] new_data;
    byte pad;
    /*Data padding: using Kerberos 5 GSS-API mechanism (1.2.2.3), Jun 1996.
     *Before encryption, plaintext data is padded to the next higest multiple of blocksize.
     *by appending between 1 and 8 bytes, the value of each such byte being the total number
     *of pad bytes. For example, if new_size = 10, blockSize is 8, we should pad 2 bytes,
     *and the value of each byte is 2.
     *If plaintext data is a multiple of blocksize, we pad a 8 bytes of 8.
     */
    if (new_size % blockSize() == 0) {
      new_data = new byte[new_size + blockSize()];
      pad = (byte) 8;
    } else {
      new_data = new byte[new_size + blockSize() - new_size % blockSize()];
      pad = (byte) (blockSize() - new_size % blockSize());
    }
    for (int i = new_size; i < new_data.length; i++) {
      new_data[i] = pad;
    }
    byte[] conf = Confounder.bytes(confounderSize());
    System.arraycopy(conf, 0, new_data, 0, confounderSize());
    System.arraycopy(data, 0, new_data, startOfData(), data.length);
    byte[] cksum = calculateChecksum(new_data, new_data.length);
    System.arraycopy(cksum, 0, new_data, startOfChecksum(), checksumSize());
    byte[] cipher = new byte[new_data.length];
    Des.cbc_encrypt(new_data, cipher, key, ivec, true);
    return cipher;
  }
Ejemplo n.º 4
0
 /**
  * The main program that can be invoked at command line. <br>
  * Usage: ktab <options> <br>
  * available options to Ktab:
  *
  * <ul>
  *   <li><b>-l</b> list the keytab name and entries
  *   <li><b>-a</b> &lt;<i>principal name</i>&gt; (&lt;<i>password</i>&gt;) add an entry to the
  *       keytab. The entry is added only to the keytab. No changes are made to the Kerberos
  *       database.
  *   <li><b>-d</b> &lt;<i>principal name</i>&gt; delete an entry from the keytab The entry is
  *       deleted only from the keytab. No changes are made to the Kerberos database.
  *   <li><b>-k</b> &lt;<i>keytab name</i> &gt; specify keytab name and path with prefix FILE:
  *   <li><b>-help</b> display instructions.
  */
 public static void main(String[] args) {
   Ktab ktab = new Ktab();
   if ((args.length == 1) && (args[0].equalsIgnoreCase("-help"))) {
     ktab.printHelp();
     System.exit(0);
   } else if ((args == null) || (args.length == 0)) {
     ktab.action = 'l';
   } else {
     ktab.processArgs(args);
   }
   try {
     if (ktab.name == null) {
       //  ktab.admin = new KeyTabAdmin();    // use the default keytab.
       ktab.table = KeyTab.getInstance();
       if (ktab.table == null) {
         if (ktab.action == 'a') {
           ktab.table = KeyTab.create();
         } else {
           System.out.println("No default key table exists.");
           System.exit(-1);
         }
       }
     } else {
       if ((ktab.action != 'a') && !(new File(ktab.name)).exists()) {
         System.out.println("Key table " + ktab.name + " does not exist.");
         System.exit(-1);
       } else {
         ktab.table = KeyTab.getInstance(ktab.name);
       }
       if (ktab.table == null) {
         ktab.table = KeyTab.create(ktab.name);
       }
     }
   } catch (RealmException e) {
     System.err.println("Error loading key table.");
     System.exit(-1);
   } catch (IOException e) {
     System.err.println("Error loading key table.");
     System.exit(-1);
   }
   switch (ktab.action) {
     case 'l':
       ktab.listKt();
       break;
     case 'a':
       ktab.addEntry();
       break;
     case 'd':
       ktab.deleteEntry();
       break;
     default:
       ktab.printHelp();
       System.exit(-1);
   }
 }
Ejemplo n.º 5
0
 /** Parses the command line arguments. */
 void processArgs(String[] args) {
   Character arg = null;
   for (int i = 0; i < args.length; i++) {
     if ((args[i].length() == 2) && (args[i].startsWith("-"))) {
       arg = new Character(args[i].charAt(1));
     } else {
       printHelp();
       System.exit(-1);
     }
     switch (arg.charValue()) {
       case 'l':
       case 'L':
         action = 'l'; // list keytab location, name and entries
         break;
       case 'a':
       case 'A':
         action = 'a'; // add a new entry to keytab.
         i++;
         if ((i < args.length) && (!args[i].startsWith("-"))) {
           principal = args[i];
         } else {
           System.out.println("Please specify the principal name" + " after -a option.");
           printHelp();
           System.exit(-1);
         }
         if ((i + 1 < args.length) && (!args[i + 1].startsWith("-"))) {
           password = new StringBuffer().append(args[i + 1]);
           i++;
         } else {
           password = null; // prompt user for password later.
         }
         break;
       case 'd':
       case 'D':
         action = 'd'; // delete an entry.
         i++;
         if ((i < args.length) && (!args[i].startsWith("-"))) {
           principal = args[i];
         } else {
           System.out.println(
               "Please specify the principal"
                   + "name of the entry you want to "
                   + " delete after -d option.");
           printHelp();
           System.exit(-1);
         }
         break;
       case 'k':
       case 'K':
         i++;
         if ((i < args.length) && (!args[i].startsWith("-"))) {
           if (args[i].length() >= 5 && args[i].substring(0, 5).equalsIgnoreCase("FILE:")) {
             name = args[i].substring(5);
           } else name = args[i];
         } else {
           System.out.println(
               "Please specify the keytab " + "file name and location " + "after -k option");
           printHelp();
           System.exit(-1);
         }
         break;
       default:
         printHelp();
         System.exit(-1);
     }
   }
 }