kadmin.c revision 72445
155682Smarkm/* 272445Sassar * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan 355682Smarkm * (Royal Institute of Technology, Stockholm, Sweden). 455682Smarkm * All rights reserved. 555682Smarkm * 655682Smarkm * Redistribution and use in source and binary forms, with or without 755682Smarkm * modification, are permitted provided that the following conditions 855682Smarkm * are met: 955682Smarkm * 1055682Smarkm * 1. Redistributions of source code must retain the above copyright 1155682Smarkm * notice, this list of conditions and the following disclaimer. 1255682Smarkm * 1355682Smarkm * 2. Redistributions in binary form must reproduce the above copyright 1455682Smarkm * notice, this list of conditions and the following disclaimer in the 1555682Smarkm * documentation and/or other materials provided with the distribution. 1655682Smarkm * 1755682Smarkm * 3. Neither the name of the Institute nor the names of its contributors 1855682Smarkm * may be used to endorse or promote products derived from this software 1955682Smarkm * without specific prior written permission. 2055682Smarkm * 2155682Smarkm * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 2255682Smarkm * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2355682Smarkm * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2455682Smarkm * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 2555682Smarkm * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2655682Smarkm * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2755682Smarkm * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2855682Smarkm * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2955682Smarkm * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 3055682Smarkm * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3155682Smarkm * SUCH DAMAGE. 3255682Smarkm */ 3355682Smarkm 3455682Smarkm#include "kadmin_locl.h" 3555682Smarkm#include <sl.h> 3655682Smarkm 3772445SassarRCSID("$Id: kadmin.c,v 1.34 2001/01/26 22:20:52 joda Exp $"); 3855682Smarkm 3955682Smarkmstatic char *config_file; 4055682Smarkmstatic char *keyfile; 4155682Smarkmstatic int local_flag; 4255682Smarkmstatic int help_flag; 4355682Smarkmstatic int version_flag; 4455682Smarkmstatic char *realm; 4555682Smarkmstatic char *admin_server; 4655682Smarkmstatic int server_port = 0; 4755682Smarkmstatic char *client_name; 4855682Smarkm 4955682Smarkmstatic struct getargs args[] = { 5055682Smarkm { "principal", 'p', arg_string, &client_name, 5155682Smarkm "principal to authenticate as" }, 5255682Smarkm { 5355682Smarkm "config-file", 'c', arg_string, &config_file, 5455682Smarkm "location of config file", "file" 5555682Smarkm }, 5655682Smarkm { 5755682Smarkm "key-file", 'k', arg_string, &keyfile, 5855682Smarkm "location of master key file", "file" 5955682Smarkm }, 6055682Smarkm { 6155682Smarkm "realm", 'r', arg_string, &realm, 6255682Smarkm "realm to use", "realm" 6355682Smarkm }, 6455682Smarkm { 6555682Smarkm "admin-server", 'a', arg_string, &admin_server, 6655682Smarkm "server to contact", "host" 6755682Smarkm }, 6855682Smarkm { 6955682Smarkm "server-port", 's', arg_integer, &server_port, 7057416Smarkm "port to use", "port number" 7155682Smarkm }, 7255682Smarkm { "local", 'l', arg_flag, &local_flag, "local admin mode" }, 7355682Smarkm { "help", 'h', arg_flag, &help_flag }, 7455682Smarkm { "version", 'v', arg_flag, &version_flag } 7555682Smarkm}; 7655682Smarkm 7755682Smarkmstatic int num_args = sizeof(args) / sizeof(args[0]); 7855682Smarkm 7955682Smarkmstatic SL_cmd commands[] = { 8055682Smarkm /* commands that are only available with `-l' */ 8155682Smarkm { 8255682Smarkm "dump", dump, "dump [file]", 8355682Smarkm "Dumps the database in a human readable format to the\n" 8455682Smarkm "specified file, or the standard out." 8555682Smarkm }, 8655682Smarkm { 8755682Smarkm "load", load, "load file", 8855682Smarkm "Loads a previously dumped file." 8955682Smarkm }, 9055682Smarkm { 9155682Smarkm "merge", merge, "merge file" , 9255682Smarkm "Merges the contents of a dump file into the database." 9355682Smarkm }, 9455682Smarkm { 9555682Smarkm "init", init, "init realm...", 9655682Smarkm "Initializes the default principals for a realm.\n" 9755682Smarkm "Creates the database if necessary." 9855682Smarkm }, 9955682Smarkm /* common commands */ 10055682Smarkm { 10155682Smarkm "add", add_new_key, "add principal" , 10255682Smarkm "Adds a principal to the database." 10355682Smarkm }, 10455682Smarkm { "add_new_key"}, 10555682Smarkm { "ank"}, 10655682Smarkm { 10755682Smarkm "passwd", cpw_entry, "passwd expression..." , 10855682Smarkm "Changes the password of one or more principals\n" 10955682Smarkm "matching the expressions." 11055682Smarkm }, 11155682Smarkm { "change_password"}, 11255682Smarkm { "cpw"}, 11355682Smarkm { 11455682Smarkm "delete", del_entry, "delete expression...", 11555682Smarkm "Deletes all principals matching the expressions." 11655682Smarkm }, 11755682Smarkm { "del_entry" }, 11855682Smarkm { 11955682Smarkm "del_enctype", del_enctype, "del_enctype principal enctype...", 12055682Smarkm "Delete all the mentioned enctypes for principal." 12155682Smarkm }, 12255682Smarkm { 12355682Smarkm "ext_keytab", ext_keytab, "ext_keytab expression...", 12455682Smarkm "Extracts the keys of all principals matching the expressions,\n" 12555682Smarkm "and stores them in a keytab." 12655682Smarkm }, 12755682Smarkm { 12855682Smarkm "get", get_entry, "get expression...", 12955682Smarkm "Shows information about principals matching the expressions." 13055682Smarkm }, 13155682Smarkm { "get_entry" }, 13255682Smarkm { 13355682Smarkm "rename", rename_entry, "rename source target", 13455682Smarkm "Renames `source' to `target'." 13555682Smarkm }, 13655682Smarkm { 13755682Smarkm "modify", mod_entry, "modify principal", 13855682Smarkm "Modifies some attributes of the specified principal." 13955682Smarkm }, 14055682Smarkm { 14155682Smarkm "privileges", get_privs, "privileges", 14255682Smarkm "Shows which kinds of operations you are allowed to perform." 14355682Smarkm }, 14472445Sassar { "privs" }, 14555682Smarkm { 14655682Smarkm "list", list_princs, "list expression...", 14755682Smarkm "Lists principals in a terse format. The same as `get -t'." 14855682Smarkm }, 14955682Smarkm { "help", help, "help"}, 15055682Smarkm { "?"}, 15155682Smarkm { "exit", exit_kadmin, "exit"}, 15272445Sassar { "quit" }, 15355682Smarkm { NULL} 15455682Smarkm}; 15555682Smarkm 15655682Smarkmkrb5_context context; 15755682Smarkmvoid *kadm_handle; 15855682Smarkm 15972445Sassarstatic SL_cmd *actual_cmds; 16072445Sassar 16155682Smarkmint 16255682Smarkmhelp(int argc, char **argv) 16355682Smarkm{ 16472445Sassar sl_help(actual_cmds, argc, argv); 16555682Smarkm return 0; 16655682Smarkm} 16755682Smarkm 16855682Smarkmint 16955682Smarkmexit_kadmin (int argc, char **argv) 17055682Smarkm{ 17155682Smarkm return 1; 17255682Smarkm} 17355682Smarkm 17455682Smarkmstatic void 17555682Smarkmusage(int ret) 17655682Smarkm{ 17755682Smarkm arg_printusage (args, num_args, NULL, "[command]"); 17855682Smarkm exit (ret); 17955682Smarkm} 18055682Smarkm 18155682Smarkmint 18255682Smarkmget_privs(int argc, char **argv) 18355682Smarkm{ 18455682Smarkm u_int32_t privs; 18555682Smarkm char str[128]; 18655682Smarkm kadm5_ret_t ret; 18755682Smarkm 18872445Sassar int help_flag = 0; 18972445Sassar struct getargs args[] = { 19072445Sassar { "help", 'h', arg_flag, NULL } 19172445Sassar }; 19272445Sassar int num_args = sizeof(args) / sizeof(args[0]); 19372445Sassar int optind = 0; 19472445Sassar 19572445Sassar args[0].value = &help_flag; 19672445Sassar 19772445Sassar if(getarg(args, num_args, argc, argv, &optind)) { 19872445Sassar arg_printusage (args, num_args, "privileges", NULL); 19972445Sassar return 0; 20072445Sassar } 20172445Sassar if(help_flag) { 20272445Sassar arg_printusage (args, num_args, "privileges", NULL); 20372445Sassar return 0; 20472445Sassar } 20572445Sassar 20655682Smarkm ret = kadm5_get_privs(kadm_handle, &privs); 20755682Smarkm if(ret) 20855682Smarkm krb5_warn(context, ret, "kadm5_get_privs"); 20955682Smarkm else{ 21055682Smarkm ret =_kadm5_privs_to_string(privs, str, sizeof(str)); 21155682Smarkm printf("%s\n", str); 21255682Smarkm } 21355682Smarkm return 0; 21455682Smarkm} 21555682Smarkm 21655682Smarkmint 21755682Smarkmmain(int argc, char **argv) 21855682Smarkm{ 21955682Smarkm krb5_error_code ret; 22055682Smarkm krb5_config_section *cf = NULL; 22155682Smarkm kadm5_config_params conf; 22255682Smarkm int optind = 0; 22355682Smarkm int e; 22455682Smarkm 22555682Smarkm set_progname(argv[0]); 22655682Smarkm 22772445Sassar ret = krb5_init_context(&context); 22872445Sassar if (ret) 22972445Sassar errx (1, "krb5_init_context failed: %d", ret); 23055682Smarkm 23155682Smarkm while((e = getarg(args, num_args, argc, argv, &optind))) 23272445Sassar errx(1, "error at argument `%s'", argv[optind]); 23355682Smarkm 23455682Smarkm if (help_flag) 23555682Smarkm usage (0); 23655682Smarkm 23755682Smarkm if (version_flag) { 23855682Smarkm print_version(NULL); 23955682Smarkm exit(0); 24055682Smarkm } 24155682Smarkm 24255682Smarkm argc -= optind; 24355682Smarkm argv += optind; 24455682Smarkm 24555682Smarkm if (config_file == NULL) 24655682Smarkm config_file = HDB_DB_DIR "/kdc.conf"; 24755682Smarkm 24855682Smarkm if(krb5_config_parse_file(config_file, &cf) == 0) { 24955682Smarkm const char *p = krb5_config_get_string (context, cf, 25055682Smarkm "kdc", "key-file", NULL); 25155682Smarkm if (p) 25255682Smarkm keyfile = strdup(p); 25355682Smarkm } 25455682Smarkm 25555682Smarkm memset(&conf, 0, sizeof(conf)); 25655682Smarkm if(realm) { 25755682Smarkm krb5_set_default_realm(context, realm); /* XXX should be fixed 25855682Smarkm some other way */ 25955682Smarkm conf.realm = realm; 26055682Smarkm conf.mask |= KADM5_CONFIG_REALM; 26155682Smarkm } 26255682Smarkm 26355682Smarkm if (admin_server) { 26455682Smarkm conf.admin_server = admin_server; 26555682Smarkm conf.mask |= KADM5_CONFIG_ADMIN_SERVER; 26655682Smarkm } 26755682Smarkm 26855682Smarkm if (server_port) { 26955682Smarkm conf.kadmind_port = htons(server_port); 27055682Smarkm conf.mask |= KADM5_CONFIG_KADMIND_PORT; 27155682Smarkm } 27255682Smarkm 27355682Smarkm if(local_flag){ 27455682Smarkm ret = kadm5_s_init_with_password_ctx(context, 27555682Smarkm KADM5_ADMIN_SERVICE, 27655682Smarkm NULL, 27755682Smarkm KADM5_ADMIN_SERVICE, 27855682Smarkm &conf, 0, 0, 27955682Smarkm &kadm_handle); 28072445Sassar actual_cmds = commands; 28155682Smarkm } else { 28255682Smarkm ret = kadm5_c_init_with_password_ctx(context, 28355682Smarkm client_name, 28455682Smarkm NULL, 28555682Smarkm KADM5_ADMIN_SERVICE, 28655682Smarkm &conf, 0, 0, 28755682Smarkm &kadm_handle); 28872445Sassar actual_cmds = commands + 4; /* XXX */ 28955682Smarkm } 29055682Smarkm 29155682Smarkm if(ret) 29255682Smarkm krb5_err(context, 1, ret, "kadm5_init_with_password"); 29372445Sassar 29472445Sassar signal(SIGINT, SIG_IGN); /* ignore signals for now, the sl command 29572445Sassar parser will handle SIGINT its own way; 29672445Sassar we should really take care of this in 29772445Sassar each function, f.i `get' might be 29872445Sassar interruptable, but not `create' */ 29955682Smarkm if (argc != 0) { 30072445Sassar ret = sl_command (actual_cmds, argc, argv); 30155682Smarkm if(ret == -1) 30255682Smarkm krb5_warnx (context, "unrecognized command: %s", argv[0]); 30355682Smarkm } else 30472445Sassar ret = sl_loop (actual_cmds, "kadmin> ") != 0; 30555682Smarkm 30655682Smarkm kadm5_destroy(kadm_handle); 30755682Smarkm krb5_config_file_free (context, cf); 30855682Smarkm krb5_free_context(context); 30955682Smarkm return ret; 31055682Smarkm} 311