1#!/bin/sh
2# trival implemention for now
3
4echo "kadmin.local $@" | logger
5
6cmd=""
7realm=""
8
9while true ; do
10    case $1 in
11    -r) realm="-r $2"; shift 2;;
12    -l) shift ;;
13    -q) cmd="$2" ; shift 2;;
14    --version) echo "kadmin.local: heimdal MIT emulation glue"; exit 0;;
15    -*) echo "$0: Bad option $1"; echo $usage; exit 1;;
16    *) break;;
17    esac
18done
19
20set -- $cmd
21
22case $1 in
23    add_principal)
24	shift
25	mod=''
26	while true ; do
27	    case $1 in
28	    +requires_preauth)
29		    mod="+requires-pre-auth${mod:+,}${mod}"
30		    shift
31		    ;;
32	    -allow_svr)
33		    mod="+disallow-svr${mod:+,}${mod}"
34		    shift
35		    ;;
36	    *) break;;
37	    esac
38	done
39	if test $# -lt 1; then
40	    echo "add: no principal" | logger
41	    exit 1
42	fi
43	principal="$1"
44	# XXX we dont need the certhash user for Heimdal
45	# will pick up the entry from the record name
46	echo "principal: X${principal}X $(echo -n $principal | wc -c)" | logger
47	if test $(echo -n $principal | wc -c) = 40; then
48	    echo "Refusing to create a BTMM hash user for Heimdal" | logger
49	    exit 0
50	fi
51	mod="${mod:+--attributes=}${mod}"
52	cmd="/usr/sbin/kadmin -l $realm add --use-defaults --verbose $mod $principal"
53	echo "kadmin.local: $cmd" | logger
54	eval $cmd
55	res=$?
56	echo "kadmin.local: $res" | logger
57	exit $res
58	;;
59    modify_principal|modprinc)
60	shift
61	mod=''
62	expire=''
63	while true ; do
64	    case $1 in
65	    +requires_preauth)
66		    mod="+requires-pre-auth${mod:+,}${mod}"
67		    shift
68		    ;;
69	    +allow_tix)
70		    mod="-disallow-all-tix${mod:+,}${mod}"
71		    shift
72		    ;;
73	    -allow_tix)
74		    mod="+disallow-all-tix${mod:+,}${mod}"
75		    shift
76		    ;;
77	    -certhash)
78		    # just ignore certhash request for now
79		    exit 0
80		    shift 2
81		    ;;
82	    -allow_svr)
83		    mod="+disallow-svr${mod:+,}${mod}"
84		    shift
85		    ;;
86	    -expire)
87		    #echo format on %m/%d/%Y %H:%M:%S GMT/never
88		    #Kerberos should pick up policy from policy data
89		    shift 2
90		    ;;
91	    -pwexpire)
92		    #echo format on %m/%d/%Y %H:%M:%S GMT/never
93		    #Kerberos should pick up policy from policy data
94		    shift 2
95		    ;;
96	    +needschange)
97		    mod="+requires-pw-change${mod:+,}${mod}"
98		    shift
99		    ;;
100	    -needschange)
101		    mod="-requires-pw-change${mod:+,}${mod}"
102		    shift
103		    ;;
104	    -policy)
105		    # policy%dmin
106		    shift 2
107		    ;;
108	    *) break;;
109	    esac
110	done
111	if test $# -lt 1; then
112	    echo "mod: no principal" | logger
113	    exit 1
114	fi
115	principal="$1"
116	if test "X$mod" == "X"; then
117	    echo "kadmin.local: no mod changed" | logger
118	    exit 0
119	fi
120	mod="${mod:+--attributes=}${mod}"
121	cmd="/usr/sbin/kadmin -l $realm add --use-defaults $mod $principal"
122	echo "kadmin.local: $cmd" | logger
123	eval $cmd
124	res=$?
125	echo "kadmin.local: $res" | logger
126	exit $res
127	;;
128    delete_principal)
129	# dont delete anything, delete the OD node instead
130
131	shift
132	mod=''
133	while true ; do
134	    case $1 in
135	    -force) shift ;;
136	    *) break;;
137	    esac
138	done
139	if test $# -lt 1; then
140	    echo "delete: no principal" | logger
141	    exit 1
142	fi
143	principal="$1"
144	#if test $(echo -n "$principal" | wc -c) = 40; then
145	#    echo "Refusing to delete a BTMM hash user for Heimdal" | logger
146	#    exit 0
147	#fi
148	#cmd="/usr/sbin/kadmin -l $realm delete $principal"
149	#echo "kadmin.local: $cmd" | logger
150	#eval $cmd
151	#res=$?
152	#echo "kadmin.local: $res" | logger
153	#exit $res
154
155	exit 0
156	;;
157    get_principal)
158	shift
159	arg=''
160	while true ; do
161	    case $1 in
162	    -terse)
163		    arg="--terse"
164		    shift
165		    ;;
166	    *) break;;
167	    esac
168	done
169	if test $# -lt 1; then
170	    echo "get: no principal" | logger
171	    exit 1
172	fi
173	cmd="/usr/sbin/kadmin -l $realm get $arg $principal"
174	echo "kadmin.local: $cmd" | logger
175	eval $cmd
176	res=$?
177	echo "kadmin.local: $res" | logger
178	exit $res
179	;;
180    change_password)
181	shift
182	if test $# -lt 1; then
183	    echo "change_password: no principal" | logger
184	    exit 1
185	fi
186	principal="$1"
187	cmd="/usr/sbin/kadmin -l $realm cpw $principal"
188	echo "kadmin.local: $cmd" | logger
189	eval $cmd
190	res=$?
191	echo "kadmin.local: $res" | logger
192	exit $res
193	;;
194    delete_policy)
195	;;
196    add_policy)
197	;;
198
199    *)
200	echo "kadmin.local: unsupported command $@"
201	echo "kadmin.local: unsupported command: $@" | logger
202	exit 1
203	;;
204esac
205
206exit 0
207
208lkdc=LKDC:SHA1.D0ED2D7ACBDDF64B63A50BC871D427A18F39646B
209certhash=ABCEF0
210
211kadmin.local -r $lkdc -q modify_principal +allow_tix user
212kadmin.local -r $lkdc -q delete_principal -force $certhash
213kadmin.local -r $lkdc -q delete_principal -force $certhash@$lkdc
214kadmin.local -r $lkdc -q add_principal +requires_preauth -allow_svr $certhash
215kadmin.local -r $lkdc -q modprinc +requires_preauth -certhash $certhash $certhash
216kadmin.local -r $lkdc -q delete_principal -force foo
217