/** Deletes an entry from the key table. */ void deleteEntry() { PrincipalName pname = null; try { pname = new PrincipalName(principal); if (pname.getRealm() == null) { pname.setRealm(Config.getInstance().getDefaultRealm()); } String answer; BufferedReader cis = new BufferedReader(new InputStreamReader(System.in)); System.out.print( "Are you sure you want to " + " delete service key for " + pname.toString() + " in " + table.tabName() + "?(Y/N) :"); System.out.flush(); answer = cis.readLine(); if (answer.equalsIgnoreCase("Y") || answer.equalsIgnoreCase("Yes")) ; else { // no error, the user did not want to delete the entry System.exit(0); } } catch (KrbException e) { System.err.println("Error occured while deleting the entry. " + "Deletion failed."); e.printStackTrace(); System.exit(-1); } catch (IOException e) { System.err.println("Error occured while deleting the entry. " + " Deletion failed."); e.printStackTrace(); System.exit(-1); } // admin.deleteEntry(pname); table.deleteEntry(pname); try { table.save(); } catch (IOException e) { System.err.println("Error occurs while saving the keytab." + "Deletion fails."); e.printStackTrace(); System.exit(-1); } System.out.println("Done!"); }
/** * Adds a service key to key table. If the specified key table does not exist, the program will * automatically generate a new key table. */ void addEntry() { PrincipalName pname = null; try { pname = new PrincipalName(principal); if (pname.getRealm() == null) { pname.setRealm(Config.getInstance().getDefaultRealm()); } } catch (KrbException e) { System.err.println("Failed to add " + principal + " to keytab."); e.printStackTrace(); System.exit(-1); } if (password == null) { try { BufferedReader cis = new BufferedReader(new InputStreamReader(System.in)); System.out.print("Password for " + pname.toString() + ":"); System.out.flush(); password = new StringBuffer().append(cis.readLine()); } catch (IOException e) { System.err.println("Failed to read the password."); e.printStackTrace(); System.exit(-1); } } try { // admin.addEntry(pname, password); table.addEntry(pname, password); // admin.save(); table.save(); System.out.println("Done!"); System.out.println("Service key for " + principal + " is saved in " + table.tabName()); } catch (KrbCryptoException e) { System.err.println("Failed to add " + principal + " to keytab."); e.printStackTrace(); System.exit(-1); } catch (IOException e) { System.err.println("Failed to save new entry."); e.printStackTrace(); System.exit(-1); } }
/** * Encrypts the data using DES in CBC mode. * * @param data the buffer for plain text. * @param key the key to encrypt the data. * @param ivec initialization vector. * @return buffer for encrypted data. * @modified by Yanni Zhang, Feb 24 00. */ public byte[] encrypt(byte[] data, byte[] key, byte[] ivec, int usage) throws KrbCryptoException { /* * To meet export control requirements, double check that the * key being used is no longer than 64 bits. * * Note that from a protocol point of view, an * algorithm that is not DES will be rejected before this * point. Also, a DES key that is not 64 bits will be * rejected by a good implementations of JCE. */ if (key.length > 8) throw new KrbCryptoException("Invalid DES Key!"); int new_size = data.length + confounderSize() + checksumSize(); byte[] new_data; byte pad; /*Data padding: using Kerberos 5 GSS-API mechanism (1.2.2.3), Jun 1996. *Before encryption, plaintext data is padded to the next higest multiple of blocksize. *by appending between 1 and 8 bytes, the value of each such byte being the total number *of pad bytes. For example, if new_size = 10, blockSize is 8, we should pad 2 bytes, *and the value of each byte is 2. *If plaintext data is a multiple of blocksize, we pad a 8 bytes of 8. */ if (new_size % blockSize() == 0) { new_data = new byte[new_size + blockSize()]; pad = (byte) 8; } else { new_data = new byte[new_size + blockSize() - new_size % blockSize()]; pad = (byte) (blockSize() - new_size % blockSize()); } for (int i = new_size; i < new_data.length; i++) { new_data[i] = pad; } byte[] conf = Confounder.bytes(confounderSize()); System.arraycopy(conf, 0, new_data, 0, confounderSize()); System.arraycopy(data, 0, new_data, startOfData(), data.length); byte[] cksum = calculateChecksum(new_data, new_data.length); System.arraycopy(cksum, 0, new_data, startOfChecksum(), checksumSize()); byte[] cipher = new byte[new_data.length]; Des.cbc_encrypt(new_data, cipher, key, ivec, true); return cipher; }
/** * The main program that can be invoked at command line. <br> * Usage: ktab <options> <br> * available options to Ktab: * * <ul> * <li><b>-l</b> list the keytab name and entries * <li><b>-a</b> <<i>principal name</i>> (<<i>password</i>>) add an entry to the * keytab. The entry is added only to the keytab. No changes are made to the Kerberos * database. * <li><b>-d</b> <<i>principal name</i>> delete an entry from the keytab The entry is * deleted only from the keytab. No changes are made to the Kerberos database. * <li><b>-k</b> <<i>keytab name</i> > specify keytab name and path with prefix FILE: * <li><b>-help</b> display instructions. */ public static void main(String[] args) { Ktab ktab = new Ktab(); if ((args.length == 1) && (args[0].equalsIgnoreCase("-help"))) { ktab.printHelp(); System.exit(0); } else if ((args == null) || (args.length == 0)) { ktab.action = 'l'; } else { ktab.processArgs(args); } try { if (ktab.name == null) { // ktab.admin = new KeyTabAdmin(); // use the default keytab. ktab.table = KeyTab.getInstance(); if (ktab.table == null) { if (ktab.action == 'a') { ktab.table = KeyTab.create(); } else { System.out.println("No default key table exists."); System.exit(-1); } } } else { if ((ktab.action != 'a') && !(new File(ktab.name)).exists()) { System.out.println("Key table " + ktab.name + " does not exist."); System.exit(-1); } else { ktab.table = KeyTab.getInstance(ktab.name); } if (ktab.table == null) { ktab.table = KeyTab.create(ktab.name); } } } catch (RealmException e) { System.err.println("Error loading key table."); System.exit(-1); } catch (IOException e) { System.err.println("Error loading key table."); System.exit(-1); } switch (ktab.action) { case 'l': ktab.listKt(); break; case 'a': ktab.addEntry(); break; case 'd': ktab.deleteEntry(); break; default: ktab.printHelp(); System.exit(-1); } }
/** Parses the command line arguments. */ void processArgs(String[] args) { Character arg = null; for (int i = 0; i < args.length; i++) { if ((args[i].length() == 2) && (args[i].startsWith("-"))) { arg = new Character(args[i].charAt(1)); } else { printHelp(); System.exit(-1); } switch (arg.charValue()) { case 'l': case 'L': action = 'l'; // list keytab location, name and entries break; case 'a': case 'A': action = 'a'; // add a new entry to keytab. i++; if ((i < args.length) && (!args[i].startsWith("-"))) { principal = args[i]; } else { System.out.println("Please specify the principal name" + " after -a option."); printHelp(); System.exit(-1); } if ((i + 1 < args.length) && (!args[i + 1].startsWith("-"))) { password = new StringBuffer().append(args[i + 1]); i++; } else { password = null; // prompt user for password later. } break; case 'd': case 'D': action = 'd'; // delete an entry. i++; if ((i < args.length) && (!args[i].startsWith("-"))) { principal = args[i]; } else { System.out.println( "Please specify the principal" + "name of the entry you want to " + " delete after -d option."); printHelp(); System.exit(-1); } break; case 'k': case 'K': i++; if ((i < args.length) && (!args[i].startsWith("-"))) { if (args[i].length() >= 5 && args[i].substring(0, 5).equalsIgnoreCase("FILE:")) { name = args[i].substring(5); } else name = args[i]; } else { System.out.println( "Please specify the keytab " + "file name and location " + "after -k option"); printHelp(); System.exit(-1); } break; default: printHelp(); System.exit(-1); } } }