1#!/bin/sh 2# trival implemention for now 3 4echo "kadmin.local $@" | logger 5 6cmd="" 7realm="" 8 9while true ; do 10 case $1 in 11 -r) realm="-r $2"; shift 2;; 12 -l) shift ;; 13 -q) cmd="$2" ; shift 2;; 14 --version) echo "kadmin.local: heimdal MIT emulation glue"; exit 0;; 15 -*) echo "$0: Bad option $1"; echo $usage; exit 1;; 16 *) break;; 17 esac 18done 19 20set -- $cmd 21 22case $1 in 23 add_principal) 24 shift 25 mod='' 26 while true ; do 27 case $1 in 28 +requires_preauth) 29 mod="+requires-pre-auth${mod:+,}${mod}" 30 shift 31 ;; 32 -allow_svr) 33 mod="+disallow-svr${mod:+,}${mod}" 34 shift 35 ;; 36 *) break;; 37 esac 38 done 39 if test $# -lt 1; then 40 echo "add: no principal" | logger 41 exit 1 42 fi 43 principal="$1" 44 # XXX we dont need the certhash user for Heimdal 45 # will pick up the entry from the record name 46 echo "principal: X${principal}X $(echo -n $principal | wc -c)" | logger 47 if test $(echo -n $principal | wc -c) = 40; then 48 echo "Refusing to create a BTMM hash user for Heimdal" | logger 49 exit 0 50 fi 51 mod="${mod:+--attributes=}${mod}" 52 cmd="/usr/sbin/kadmin -l $realm add --use-defaults --verbose $mod $principal" 53 echo "kadmin.local: $cmd" | logger 54 eval $cmd 55 res=$? 56 echo "kadmin.local: $res" | logger 57 exit $res 58 ;; 59 modify_principal|modprinc) 60 shift 61 mod='' 62 expire='' 63 while true ; do 64 case $1 in 65 +requires_preauth) 66 mod="+requires-pre-auth${mod:+,}${mod}" 67 shift 68 ;; 69 +allow_tix) 70 mod="-disallow-all-tix${mod:+,}${mod}" 71 shift 72 ;; 73 -allow_tix) 74 mod="+disallow-all-tix${mod:+,}${mod}" 75 shift 76 ;; 77 -certhash) 78 # just ignore certhash request for now 79 exit 0 80 shift 2 81 ;; 82 -allow_svr) 83 mod="+disallow-svr${mod:+,}${mod}" 84 shift 85 ;; 86 -expire) 87 #echo format on %m/%d/%Y %H:%M:%S GMT/never 88 #Kerberos should pick up policy from policy data 89 shift 2 90 ;; 91 -pwexpire) 92 #echo format on %m/%d/%Y %H:%M:%S GMT/never 93 #Kerberos should pick up policy from policy data 94 shift 2 95 ;; 96 +needschange) 97 mod="+requires-pw-change${mod:+,}${mod}" 98 shift 99 ;; 100 -needschange) 101 mod="-requires-pw-change${mod:+,}${mod}" 102 shift 103 ;; 104 -policy) 105 # policy%dmin 106 shift 2 107 ;; 108 *) break;; 109 esac 110 done 111 if test $# -lt 1; then 112 echo "mod: no principal" | logger 113 exit 1 114 fi 115 principal="$1" 116 if test "X$mod" == "X"; then 117 echo "kadmin.local: no mod changed" | logger 118 exit 0 119 fi 120 mod="${mod:+--attributes=}${mod}" 121 cmd="/usr/sbin/kadmin -l $realm add --use-defaults $mod $principal" 122 echo "kadmin.local: $cmd" | logger 123 eval $cmd 124 res=$? 125 echo "kadmin.local: $res" | logger 126 exit $res 127 ;; 128 delete_principal) 129 # dont delete anything, delete the OD node instead 130 131 shift 132 mod='' 133 while true ; do 134 case $1 in 135 -force) shift ;; 136 *) break;; 137 esac 138 done 139 if test $# -lt 1; then 140 echo "delete: no principal" | logger 141 exit 1 142 fi 143 principal="$1" 144 #if test $(echo -n "$principal" | wc -c) = 40; then 145 # echo "Refusing to delete a BTMM hash user for Heimdal" | logger 146 # exit 0 147 #fi 148 #cmd="/usr/sbin/kadmin -l $realm delete $principal" 149 #echo "kadmin.local: $cmd" | logger 150 #eval $cmd 151 #res=$? 152 #echo "kadmin.local: $res" | logger 153 #exit $res 154 155 exit 0 156 ;; 157 get_principal) 158 shift 159 arg='' 160 while true ; do 161 case $1 in 162 -terse) 163 arg="--terse" 164 shift 165 ;; 166 *) break;; 167 esac 168 done 169 if test $# -lt 1; then 170 echo "get: no principal" | logger 171 exit 1 172 fi 173 cmd="/usr/sbin/kadmin -l $realm get $arg $principal" 174 echo "kadmin.local: $cmd" | logger 175 eval $cmd 176 res=$? 177 echo "kadmin.local: $res" | logger 178 exit $res 179 ;; 180 change_password) 181 shift 182 if test $# -lt 1; then 183 echo "change_password: no principal" | logger 184 exit 1 185 fi 186 principal="$1" 187 cmd="/usr/sbin/kadmin -l $realm cpw $principal" 188 echo "kadmin.local: $cmd" | logger 189 eval $cmd 190 res=$? 191 echo "kadmin.local: $res" | logger 192 exit $res 193 ;; 194 delete_policy) 195 ;; 196 add_policy) 197 ;; 198 199 *) 200 echo "kadmin.local: unsupported command $@" 201 echo "kadmin.local: unsupported command: $@" | logger 202 exit 1 203 ;; 204esac 205 206exit 0 207 208lkdc=LKDC:SHA1.D0ED2D7ACBDDF64B63A50BC871D427A18F39646B 209certhash=ABCEF0 210 211kadmin.local -r $lkdc -q modify_principal +allow_tix user 212kadmin.local -r $lkdc -q delete_principal -force $certhash 213kadmin.local -r $lkdc -q delete_principal -force $certhash@$lkdc 214kadmin.local -r $lkdc -q add_principal +requires_preauth -allow_svr $certhash 215kadmin.local -r $lkdc -q modprinc +requires_preauth -certhash $certhash $certhash 216kadmin.local -r $lkdc -q delete_principal -force foo 217