Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 122 insertions, 0 deletions

diff --git a/source4/scripting/bin/ktpass.sh b/source4/scripting/bin/ktpass.sh
new file mode 100755
index 0000000..a165816
--- /dev/null
+++ b/source4/scripting/bin/ktpass.sh
@@ -0,0 +1,122 @@
+#!/bin/sh
+# vim: expandtab
+#
+# Copyright (C) Matthieu Patou <mat@matws.net>  2010
+#
+#
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+name="ktpass.sh"
+TEMP=$(getopt -o h --long princ:,pass:,out:,host:,ptype:,enc:,path-to-ldbsearch: \
+	-n "$name" -- "$@")
+eval set -- "$TEMP"
+
+usage()
+{
+	echo -ne "$name --out <keytabfile> --princ <principal> --pass <password>|*\n"
+	echo -ne "      [--host hostname] [--enc <encryption>]\n"
+	echo -ne "      [--ptype <type>] [--path-to-ldbsearch <path>]\n"
+	echo -ne "\nEncoding should be one of:\n"
+	echo -ne " * des-cbc-crc\n"
+	echo -ne " * des-cbc-md5\n"
+	echo -ne " * rc4-hmac (default)\n"
+	echo -ne " * aes128-cts\n"
+	echo -ne " * aes256-cts\n"
+	exit 0
+}
+while true; do
+	case "$1" in
+	--out)
+		outfile=$2
+		shift 2
+		;;
+	--princ)
+		princ=$2
+		shift 2
+		;;
+	--pass)
+		pass=$2
+		shift 2
+		;;
+	--host)
+		host=$2
+		shift 2
+		;;
+	--ptype) shift 2 ;;
+	--enc)
+		enc=$2
+		shift 2
+		;;
+	--path-to-ldbsearch)
+		path="$2/"
+		shift 2
+		;;
+	-h) usage ;;
+	--)
+		shift
+		break
+		;;
+	*)
+		echo "Internal error!"
+		exit 1
+		;;
+	esac
+done
+#RC4-HMAC-NT|AES256-SHA1|AES128-SHA
+if [ -z "$enc" ]; then
+	enc="rc4-hmac"
+fi
+if [ -z "$path" ]; then
+	path=$(dirname $0)/../bin/
+	if [ ! -f ${path}ldbsearch ]; then
+		path=$(dirname $0)/../../bin/
+	fi
+fi
+if [ -z "$outfile" -o -z "$princ" -o -z "$pass" ]; then
+	echo "At least one mandatory parameter (--out, --princ, --pass) was not specified"
+	usage
+fi
+if [ -z $host ]; then
+	host=$(hostname)
+fi
+
+kvno=$(${path}ldbsearch -H ldap://$host "(|(samaccountname=$princ)(serviceprincipalname=$princ)(userprincipalname=$princ))" msds-keyversionnumber -k 1 -N 2>/dev/null | grep -i msds-keyversionnumber)
+if [ x"$kvno" = x"" ]; then
+	echo -ne "Unable to find kvno for principal $princ\n"
+	echo -ne " check that you are authentified with kerberos\n"
+	exit 1
+else
+	kvno=$(echo $kvno | sed 's/^.*: //')
+fi
+
+if [ "$pass" = "*" ]; then
+	echo -n "Enter password for $princ: "
+	stty -echo
+	read pass
+	stty echo
+	echo ""
+fi
+
+ktutil >/dev/null <<EOF
+add_entry -password -p $princ -k $kvno -e $enc
+$pass
+wkt $outfile
+EOF
+
+if [ $? -eq 0 ]; then
+	echo "Keytab file $outfile created with success"
+else
+	echo "Error while creating the keytab file $outfile"
+fi