kadmin.c revision 57416
155682Smarkm/* 257416Smarkm * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan 355682Smarkm * (Royal Institute of Technology, Stockholm, Sweden). 455682Smarkm * All rights reserved. 555682Smarkm * 655682Smarkm * Redistribution and use in source and binary forms, with or without 755682Smarkm * modification, are permitted provided that the following conditions 855682Smarkm * are met: 955682Smarkm * 1055682Smarkm * 1. Redistributions of source code must retain the above copyright 1155682Smarkm * notice, this list of conditions and the following disclaimer. 1255682Smarkm * 1355682Smarkm * 2. Redistributions in binary form must reproduce the above copyright 1455682Smarkm * notice, this list of conditions and the following disclaimer in the 1555682Smarkm * documentation and/or other materials provided with the distribution. 1655682Smarkm * 1755682Smarkm * 3. Neither the name of the Institute nor the names of its contributors 1855682Smarkm * may be used to endorse or promote products derived from this software 1955682Smarkm * without specific prior written permission. 2055682Smarkm * 2155682Smarkm * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 2255682Smarkm * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2355682Smarkm * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2455682Smarkm * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 2555682Smarkm * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2655682Smarkm * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2755682Smarkm * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2855682Smarkm * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2955682Smarkm * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 3055682Smarkm * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3155682Smarkm * SUCH DAMAGE. 3255682Smarkm */ 3355682Smarkm 3455682Smarkm#include "kadmin_locl.h" 3555682Smarkm#include <sl.h> 3655682Smarkm 3757416SmarkmRCSID("$Id: kadmin.c,v 1.27 2000/01/31 23:51:52 assar Exp $"); 3855682Smarkm 3955682Smarkmstatic char *config_file; 4055682Smarkmstatic char *keyfile; 4155682Smarkmstatic int local_flag; 4255682Smarkmstatic int help_flag; 4355682Smarkmstatic int version_flag; 4455682Smarkmstatic char *realm; 4555682Smarkmstatic char *admin_server; 4655682Smarkmstatic int server_port = 0; 4755682Smarkmstatic char *client_name; 4855682Smarkm 4955682Smarkmstatic struct getargs args[] = { 5055682Smarkm { "principal", 'p', arg_string, &client_name, 5155682Smarkm "principal to authenticate as" }, 5255682Smarkm { 5355682Smarkm "config-file", 'c', arg_string, &config_file, 5455682Smarkm "location of config file", "file" 5555682Smarkm }, 5655682Smarkm { 5755682Smarkm "key-file", 'k', arg_string, &keyfile, 5855682Smarkm "location of master key file", "file" 5955682Smarkm }, 6055682Smarkm { 6155682Smarkm "realm", 'r', arg_string, &realm, 6255682Smarkm "realm to use", "realm" 6355682Smarkm }, 6455682Smarkm { 6555682Smarkm "admin-server", 'a', arg_string, &admin_server, 6655682Smarkm "server to contact", "host" 6755682Smarkm }, 6855682Smarkm { 6955682Smarkm "server-port", 's', arg_integer, &server_port, 7057416Smarkm "port to use", "port number" 7155682Smarkm }, 7255682Smarkm { "local", 'l', arg_flag, &local_flag, "local admin mode" }, 7355682Smarkm { "help", 'h', arg_flag, &help_flag }, 7455682Smarkm { "version", 'v', arg_flag, &version_flag } 7555682Smarkm}; 7655682Smarkm 7755682Smarkmstatic int num_args = sizeof(args) / sizeof(args[0]); 7855682Smarkm 7955682Smarkmstatic SL_cmd commands[] = { 8055682Smarkm /* commands that are only available with `-l' */ 8155682Smarkm { 8255682Smarkm "dump", dump, "dump [file]", 8355682Smarkm "Dumps the database in a human readable format to the\n" 8455682Smarkm "specified file, or the standard out." 8555682Smarkm }, 8655682Smarkm { 8755682Smarkm "load", load, "load file", 8855682Smarkm "Loads a previously dumped file." 8955682Smarkm }, 9055682Smarkm { 9155682Smarkm "merge", merge, "merge file" , 9255682Smarkm "Merges the contents of a dump file into the database." 9355682Smarkm }, 9455682Smarkm { 9555682Smarkm "init", init, "init realm...", 9655682Smarkm "Initializes the default principals for a realm.\n" 9755682Smarkm "Creates the database if necessary." 9855682Smarkm }, 9955682Smarkm /* common commands */ 10055682Smarkm { 10155682Smarkm "add", add_new_key, "add principal" , 10255682Smarkm "Adds a principal to the database." 10355682Smarkm }, 10455682Smarkm { "add_new_key"}, 10555682Smarkm { "ank"}, 10655682Smarkm { 10755682Smarkm "passwd", cpw_entry, "passwd expression..." , 10855682Smarkm "Changes the password of one or more principals\n" 10955682Smarkm "matching the expressions." 11055682Smarkm }, 11155682Smarkm { "change_password"}, 11255682Smarkm { "cpw"}, 11355682Smarkm { 11455682Smarkm "delete", del_entry, "delete expression...", 11555682Smarkm "Deletes all principals matching the expressions." 11655682Smarkm }, 11755682Smarkm { "del_entry" }, 11855682Smarkm { 11955682Smarkm "del_enctype", del_enctype, "del_enctype principal enctype...", 12055682Smarkm "Delete all the mentioned enctypes for principal." 12155682Smarkm }, 12255682Smarkm { 12355682Smarkm "ext_keytab", ext_keytab, "ext_keytab expression...", 12455682Smarkm "Extracts the keys of all principals matching the expressions,\n" 12555682Smarkm "and stores them in a keytab." 12655682Smarkm }, 12755682Smarkm { 12855682Smarkm "get", get_entry, "get expression...", 12955682Smarkm "Shows information about principals matching the expressions." 13055682Smarkm }, 13155682Smarkm { "get_entry" }, 13255682Smarkm { 13355682Smarkm "rename", rename_entry, "rename source target", 13455682Smarkm "Renames `source' to `target'." 13555682Smarkm }, 13655682Smarkm { 13755682Smarkm "modify", mod_entry, "modify principal", 13855682Smarkm "Modifies some attributes of the specified principal." 13955682Smarkm }, 14055682Smarkm { 14155682Smarkm "privileges", get_privs, "privileges", 14255682Smarkm "Shows which kinds of operations you are allowed to perform." 14355682Smarkm }, 14455682Smarkm { 14555682Smarkm "list", list_princs, "list expression...", 14655682Smarkm "Lists principals in a terse format. The same as `get -t'." 14755682Smarkm }, 14855682Smarkm { "help", help, "help"}, 14955682Smarkm { "?"}, 15055682Smarkm { "exit", exit_kadmin, "exit"}, 15155682Smarkm { NULL} 15255682Smarkm}; 15355682Smarkm 15455682Smarkmkrb5_context context; 15555682Smarkmvoid *kadm_handle; 15655682Smarkm 15755682Smarkmint 15855682Smarkmhelp(int argc, char **argv) 15955682Smarkm{ 16055682Smarkm sl_help(commands, argc, argv); 16155682Smarkm return 0; 16255682Smarkm} 16355682Smarkm 16455682Smarkmint 16555682Smarkmexit_kadmin (int argc, char **argv) 16655682Smarkm{ 16755682Smarkm return 1; 16855682Smarkm} 16955682Smarkm 17055682Smarkmstatic void 17155682Smarkmusage(int ret) 17255682Smarkm{ 17355682Smarkm arg_printusage (args, num_args, NULL, "[command]"); 17455682Smarkm exit (ret); 17555682Smarkm} 17655682Smarkm 17755682Smarkmint 17855682Smarkmget_privs(int argc, char **argv) 17955682Smarkm{ 18055682Smarkm u_int32_t privs; 18155682Smarkm char str[128]; 18255682Smarkm kadm5_ret_t ret; 18355682Smarkm 18455682Smarkm ret = kadm5_get_privs(kadm_handle, &privs); 18555682Smarkm if(ret) 18655682Smarkm krb5_warn(context, ret, "kadm5_get_privs"); 18755682Smarkm else{ 18855682Smarkm ret =_kadm5_privs_to_string(privs, str, sizeof(str)); 18955682Smarkm printf("%s\n", str); 19055682Smarkm } 19155682Smarkm return 0; 19255682Smarkm} 19355682Smarkm 19455682Smarkmint 19555682Smarkmmain(int argc, char **argv) 19655682Smarkm{ 19755682Smarkm krb5_error_code ret; 19855682Smarkm krb5_config_section *cf = NULL; 19955682Smarkm kadm5_config_params conf; 20055682Smarkm int optind = 0; 20155682Smarkm int e; 20255682Smarkm SL_cmd *cmd; 20355682Smarkm 20455682Smarkm set_progname(argv[0]); 20555682Smarkm 20655682Smarkm krb5_init_context(&context); 20755682Smarkm 20855682Smarkm while((e = getarg(args, num_args, argc, argv, &optind))) 20955682Smarkm warnx("error at argument `%s'", argv[optind]); 21055682Smarkm 21155682Smarkm if (help_flag) 21255682Smarkm usage (0); 21355682Smarkm 21455682Smarkm if (version_flag) { 21555682Smarkm print_version(NULL); 21655682Smarkm exit(0); 21755682Smarkm } 21855682Smarkm 21955682Smarkm argc -= optind; 22055682Smarkm argv += optind; 22155682Smarkm 22255682Smarkm if (config_file == NULL) 22355682Smarkm config_file = HDB_DB_DIR "/kdc.conf"; 22455682Smarkm 22555682Smarkm if(krb5_config_parse_file(config_file, &cf) == 0) { 22655682Smarkm const char *p = krb5_config_get_string (context, cf, 22755682Smarkm "kdc", "key-file", NULL); 22855682Smarkm if (p) 22955682Smarkm keyfile = strdup(p); 23055682Smarkm } 23155682Smarkm 23255682Smarkm memset(&conf, 0, sizeof(conf)); 23355682Smarkm if(realm) { 23455682Smarkm krb5_set_default_realm(context, realm); /* XXX should be fixed 23555682Smarkm some other way */ 23655682Smarkm conf.realm = realm; 23755682Smarkm conf.mask |= KADM5_CONFIG_REALM; 23855682Smarkm } 23955682Smarkm 24055682Smarkm if (admin_server) { 24155682Smarkm conf.admin_server = admin_server; 24255682Smarkm conf.mask |= KADM5_CONFIG_ADMIN_SERVER; 24355682Smarkm } 24455682Smarkm 24555682Smarkm if (server_port) { 24655682Smarkm conf.kadmind_port = htons(server_port); 24755682Smarkm conf.mask |= KADM5_CONFIG_KADMIND_PORT; 24855682Smarkm } 24955682Smarkm 25055682Smarkm if(local_flag){ 25155682Smarkm ret = kadm5_s_init_with_password_ctx(context, 25255682Smarkm KADM5_ADMIN_SERVICE, 25355682Smarkm NULL, 25455682Smarkm KADM5_ADMIN_SERVICE, 25555682Smarkm &conf, 0, 0, 25655682Smarkm &kadm_handle); 25755682Smarkm cmd = commands; 25855682Smarkm } else { 25955682Smarkm ret = kadm5_c_init_with_password_ctx(context, 26055682Smarkm client_name, 26155682Smarkm NULL, 26255682Smarkm KADM5_ADMIN_SERVICE, 26355682Smarkm &conf, 0, 0, 26455682Smarkm &kadm_handle); 26555682Smarkm cmd = commands + 4; /* XXX */ 26655682Smarkm } 26755682Smarkm 26855682Smarkm if(ret) 26955682Smarkm krb5_err(context, 1, ret, "kadm5_init_with_password"); 27055682Smarkm if (argc != 0) { 27155682Smarkm ret = sl_command (cmd, argc, argv); 27255682Smarkm if(ret == -1) 27355682Smarkm krb5_warnx (context, "unrecognized command: %s", argv[0]); 27455682Smarkm } else 27555682Smarkm ret = sl_loop (cmd, "kadmin> ") != 0; 27655682Smarkm 27755682Smarkm kadm5_destroy(kadm_handle); 27855682Smarkm krb5_config_file_free (context, cf); 27955682Smarkm krb5_free_context(context); 28055682Smarkm return ret; 28155682Smarkm} 282