1/*
2 * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#include "kadmin_locl.h"
35#include "kadmin-commands.h"
36#include <sl.h>
37
38static char *config_file;
39static char *keyfile;
40int local_flag;
41static int ad_flag;
42static int mit_flag = 1;
43static int help_flag;
44static int version_flag;
45static char *realm;
46static char *admin_server;
47static int server_port = 0;
48static char *client_name;
49static char *keytab;
50static char *check_library  = NULL;
51static char *check_function = NULL;
52static getarg_strings policy_libraries = { 0, NULL };
53
54static struct getargs args[] = {
55    {	"principal", 	'p',	arg_string,	&client_name,
56	"principal to authenticate as", NULL },
57    {   "keytab",	'K',	arg_string,	&keytab,
58   	"keytab for authentication principal", NULL },
59    {
60	"config-file",	'c',	arg_string,	&config_file,
61	"location of config file",	"file"
62    },
63    {
64	"key-file",	'k',	arg_string, &keyfile,
65	"location of master key file", "file"
66    },
67    {
68	"realm",	'r',	arg_string,   &realm,
69	"realm to use", "realm"
70    },
71    {
72	"admin-server",	'a',	arg_string,   &admin_server,
73	"server to contact", "host"
74    },
75    {
76	"server-port",	's',	arg_integer,   &server_port,
77	"port to use", "port number"
78    },
79    {	"ad", 		0, arg_flag, &ad_flag, "active directory admin mode" },
80    {	"mit", 		0, arg_negative_flag, &mit_flag, "mit admin mode" },
81#ifdef HAVE_DLOPEN
82    { "check-library", 0, arg_string, &check_library,
83      "library to load password check function from", "library" },
84    { "check-function", 0, arg_string, &check_function,
85      "password check function to load", "function" },
86    { "policy-libraries", 0, arg_strings, &policy_libraries,
87      "password check function to load", "function" },
88#endif
89    {	"local", 'l', arg_flag, &local_flag, "local admin mode", NULL },
90    {	"help",		'h',	arg_flag,   &help_flag, NULL, NULL },
91    {	"version",	'v',	arg_flag,   &version_flag, NULL, NULL }
92};
93
94static int num_args = sizeof(args) / sizeof(args[0]);
95
96
97krb5_context context;
98void *kadm_handle;
99
100int
101help(void *opt, int argc, char **argv)
102{
103    sl_slc_help(commands, argc, argv);
104    return 0;
105}
106
107static int exit_seen = 0;
108
109int
110exit_kadmin (void *opt, int argc, char **argv)
111{
112    exit_seen = 1;
113    return 0;
114}
115
116int
117lock(void *opt, int argc, char **argv)
118{
119    return kadm5_lock(kadm_handle);
120}
121
122int
123unlock(void *opt, int argc, char **argv)
124{
125    return kadm5_unlock(kadm_handle);
126}
127
128static void
129usage(int ret)
130{
131    arg_printusage (args, num_args, NULL, "[command]");
132    exit (ret);
133}
134
135int
136get_privs(void *opt, int argc, char **argv)
137{
138    uint32_t privs;
139    char str[128];
140    kadm5_ret_t ret;
141
142    ret = kadm5_get_privs(kadm_handle, &privs);
143    if(ret)
144	krb5_warn(context, ret, "kadm5_get_privs");
145    else{
146	ret =_kadm5_privs_to_string(privs, str, sizeof(str));
147	if (ret == 0)
148	    printf("%s\n", str);
149	else
150	    printf("privs: 0x%x\n", (unsigned int)privs);
151    }
152    return 0;
153}
154
155int
156main(int argc, char **argv)
157{
158    krb5_error_code ret;
159    char **files;
160    kadm5_config_params conf;
161    int optidx = 0;
162    int exit_status = 0;
163
164    setprogname(argv[0]);
165
166    ret = krb5_init_context(&context);
167    if (ret)
168	errx (1, "krb5_init_context failed: %d", ret);
169
170    if(getarg(args, num_args, argc, argv, &optidx))
171	usage(1);
172
173    if (help_flag)
174	usage (0);
175
176    if (version_flag) {
177	print_version(NULL);
178	exit(0);
179    }
180
181    argc -= optidx;
182    argv += optidx;
183
184    if (config_file == NULL) {
185	asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
186	if (config_file == NULL)
187	    errx(1, "out of memory");
188    }
189
190    ret = krb5_prepend_config_files_default(config_file, &files);
191    if (ret)
192	krb5_err(context, 1, ret, "getting configuration files");
193
194    ret = krb5_set_config_files(context, files);
195    krb5_free_config_files(files);
196    if(ret)
197	krb5_err(context, 1, ret, "reading configuration files");
198
199    memset(&conf, 0, sizeof(conf));
200    if(realm) {
201	krb5_set_default_realm(context, realm); /* XXX should be fixed
202						   some other way */
203	conf.realm = realm;
204	conf.mask |= KADM5_CONFIG_REALM;
205    }
206
207    if (admin_server) {
208	conf.admin_server = admin_server;
209	conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
210    }
211
212    if (server_port) {
213	conf.kadmind_port = htons(server_port);
214	conf.mask |= KADM5_CONFIG_KADMIND_PORT;
215    }
216
217    if (keyfile) {
218	conf.stash_file = keyfile;
219	conf.mask |= KADM5_CONFIG_STASH_FILE;
220    }
221
222    if(local_flag) {
223	int i;
224
225	kadm5_setup_passwd_quality_check (context,
226					  check_library, check_function);
227
228	for (i = 0; i < policy_libraries.num_strings; i++) {
229	    ret = kadm5_add_passwd_quality_verifier(context,
230						    policy_libraries.strings[i]);
231	    if (ret)
232		krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
233	}
234	ret = kadm5_add_passwd_quality_verifier(context, NULL);
235	if (ret)
236	    krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
237
238	ret = kadm5_s_init_with_password_ctx(context,
239					     KADM5_ADMIN_SERVICE,
240					     NULL,
241					     KADM5_ADMIN_SERVICE,
242					     &conf, 0, 0,
243					     &kadm_handle);
244    } else if (mit_flag) {
245	ret = kadm5_mit_init_with_password_ctx(context,
246					       client_name,
247					       NULL,
248					       &conf, 0, 0,
249					       &kadm_handle);
250    } else if (ad_flag) {
251	if (client_name == NULL)
252	    krb5_errx(context, 1, "keytab mode require principal name");
253	ret = kadm5_ad_init_with_password_ctx(context,
254					      client_name,
255					      NULL,
256					      KADM5_ADMIN_SERVICE,
257					      &conf, 0, 0,
258					      &kadm_handle);
259    } else if (keytab) {
260	if (client_name == NULL)
261	    krb5_errx(context, 1, "keytab mode require principal name");
262        ret = kadm5_c_init_with_skey_ctx(context,
263					 client_name,
264					 keytab,
265					 KADM5_ADMIN_SERVICE,
266                                         &conf, 0, 0,
267                                         &kadm_handle);
268    } else
269	ret = kadm5_c_init_with_password_ctx(context,
270					     client_name,
271					     NULL,
272					     KADM5_ADMIN_SERVICE,
273					     &conf, 0, 0,
274					     &kadm_handle);
275
276    if(ret)
277	krb5_err(context, 1, ret, "kadm5_init_with_password");
278
279    signal(SIGINT, SIG_IGN); /* ignore signals for now, the sl command
280                                parser will handle SIGINT its own way;
281                                we should really take care of this in
282                                each function, f.i `get' might be
283                                interruptable, but not `create' */
284    if (argc != 0) {
285	ret = sl_command (commands, argc, argv);
286	if(ret == -1)
287	    krb5_warnx (context, "unrecognized command: %s", argv[0]);
288	else if (ret == -2)
289	    ret = 0;
290	if(ret != 0)
291	    exit_status = 1;
292    } else {
293	while(!exit_seen) {
294	    ret = sl_command_loop(commands, "kadmin> ", NULL);
295	    if (ret == -2)
296		exit_seen = 1;
297	    else if (ret != 0)
298		exit_status = 1;
299	}
300    }
301
302    kadm5_destroy(kadm_handle);
303    krb5_free_context(context);
304    return exit_status;
305}
306