kadmin/kadmin.c

   1 /*
   2  * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #include "kadmin_locl.h"
  35 #include "kadmin-commands.h"
  36 #include <sl.h>
  37
  38 static char *config_file;
  39 static char *keyfile;
  40 int local_flag;
  41 static int ad_flag;
  42 static int help_flag;
  43 static int version_flag;
  44 static char *hdb;
  45 static char *realm;
  46 static char *admin_server;
  47 static int server_port = 0;
  48 static char *client_name;
  49 static char *keytab;
  50 static char *check_library  = NULL;
  51 static char *check_function = NULL;
  52 static getarg_strings policy_libraries = { 0, NULL };
  53
  54 static struct getargs args[] = {
  55     {   "principal",    'p',    arg_string,     &client_name,
  56         "principal to authenticate as", NULL },
  57     {   "keytab",       'K',    arg_string,     &keytab,
  58         "keytab for authentication principal", NULL },
  59     {
  60         "config-file",  'c',    arg_string,     &config_file,
  61         "location of config file",      "file"
  62     },
  63     {
  64         "key-file",     'k',    arg_string, &keyfile,
  65         "location of master key file", "file"
  66     },
  67     {
  68         "hdb",  'H',    arg_string,   &hdb,
  69         "HDB to use", "hdb"
  70     },
  71     {
  72         "realm",        'r',    arg_string,   &realm,
  73         "realm to use", "realm"
  74     },
  75     {
  76         "admin-server", 'a',    arg_string,   &admin_server,
  77         "server to contact", "host"
  78     },
  79     {
  80         "server-port",  's',    arg_integer,   &server_port,
  81         "port to use", "port number"
  82     },
  83     {   "ad",           0, arg_flag, &ad_flag, "active directory admin mode",
  84         NULL },
  85 #ifdef HAVE_DLOPEN
  86     { "check-library", 0, arg_string, &check_library,
  87       "library to load password check function from", "library" },
  88     { "check-function", 0, arg_string, &check_function,
  89       "password check function to load", "function" },
  90     { "policy-libraries", 0, arg_strings, &policy_libraries,
  91       "password check function to load", "function" },
  92 #endif
  93     {   "local", 'l', arg_flag, &local_flag, "local admin mode", NULL },
  94     {   "help",         'h',    arg_flag,   &help_flag, NULL, NULL },
  95     {   "version",      'v',    arg_flag,   &version_flag, NULL, NULL }
  96 };
  97
  98 static int num_args = sizeof(args) / sizeof(args[0]);
  99
 100
 101 krb5_context context;
 102 void *kadm_handle;
 103
 104 int
 105 help(void *opt, int argc, char **argv)
 106 {
 107     sl_slc_help(commands, argc, argv);
 108     return 0;
 109 }
 110
 111 static int exit_seen = 0;
 112
 113 int
 114 exit_kadmin (void *opt, int argc, char **argv)
 115 {
 116     exit_seen = 1;
 117     return 0;
 118 }
 119
 120 int
 121 lock(void *opt, int argc, char **argv)
 122 {
 123     return kadm5_lock(kadm_handle);
 124 }
 125
 126 int
 127 unlock(void *opt, int argc, char **argv)
 128 {
 129     return kadm5_unlock(kadm_handle);
 130 }
 131
 132 static void
 133 usage(int ret)
 134 {
 135     arg_printusage (args, num_args, NULL, "[command]");
 136     exit (ret);
 137 }
 138
 139 int
 140 get_privs(void *opt, int argc, char **argv)
 141 {
 142     uint32_t privs;
 143     char str[128];
 144     kadm5_ret_t ret;
 145
 146     ret = kadm5_get_privs(kadm_handle, &privs);
 147     if(ret)
 148         krb5_warn(context, ret, "kadm5_get_privs");
 149     else{
 150         ret =_kadm5_privs_to_string(privs, str, sizeof(str));
 151         if (ret == 0)
 152             printf("%s\n", str);
 153         else
 154             printf("privs: 0x%x\n", (unsigned int)privs);
 155     }
 156     return 0;
 157 }
 158
 159 int
 160 main(int argc, char **argv)
 161 {
 162     krb5_error_code ret;
 163     char **files;
 164     kadm5_config_params conf;
 165     int optidx = 0;
 166     int exit_status = 0;
 167     int aret;
 168
 169     setprogname(argv[0]);
 170
 171     ret = krb5_init_context(&context);
 172     if (ret)
 173         errx (1, "krb5_init_context failed: %d", ret);
 174
 175     if(getarg(args, num_args, argc, argv, &optidx))
 176         usage(1);
 177
 178     if (help_flag)
 179         usage (0);
 180
 181     if (version_flag) {
 182         print_version(NULL);
 183         exit(0);
 184     }
 185
 186     argc -= optidx;
 187     argv += optidx;
 188
 189     if (config_file == NULL) {
 190         aret = asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
 191         if (aret == -1)
 192             errx(1, "out of memory");
 193     }
 194
 195     ret = krb5_prepend_config_files_default(config_file, &files);
 196     if (ret)
 197         krb5_err(context, 1, ret, "getting configuration files");
 198
 199     ret = krb5_set_config_files(context, files);
 200     krb5_free_config_files(files);
 201     if(ret)
 202         krb5_err(context, 1, ret, "reading configuration files");
 203
 204     memset(&conf, 0, sizeof(conf));
 205     if(realm) {
 206         krb5_set_default_realm(context, realm); /* XXX should be fixed
 207                                                    some other way */
 208         conf.realm = realm;
 209         conf.mask |= KADM5_CONFIG_REALM;
 210     }
 211
 212     if (hdb) {
 213         conf.dbname = hdb;
 214         conf.mask |= KADM5_CONFIG_DBNAME;
 215     }
 216
 217     if (admin_server) {
 218         conf.admin_server = admin_server;
 219         conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
 220     }
 221
 222     if (server_port) {
 223         conf.kadmind_port = htons(server_port);
 224         conf.mask |= KADM5_CONFIG_KADMIND_PORT;
 225     }
 226
 227     if (keyfile) {
 228         conf.stash_file = keyfile;
 229         conf.mask |= KADM5_CONFIG_STASH_FILE;
 230     }
 231
 232     if(local_flag) {
 233         int i;
 234
 235         kadm5_setup_passwd_quality_check (context,
 236                                           check_library, check_function);
 237
 238         for (i = 0; i < policy_libraries.num_strings; i++) {
 239             ret = kadm5_add_passwd_quality_verifier(context,
 240                                                     policy_libraries.strings[i]);
 241             if (ret)
 242                 krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
 243         }
 244         ret = kadm5_add_passwd_quality_verifier(context, NULL);
 245         if (ret)
 246             krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
 247
 248         ret = kadm5_s_init_with_password_ctx(context,
 249                                              KADM5_ADMIN_SERVICE,
 250                                              NULL,
 251                                              KADM5_ADMIN_SERVICE,
 252                                              &conf, 0, 0,
 253                                              &kadm_handle);
 254     } else if (ad_flag) {
 255         if (client_name == NULL)
 256             krb5_errx(context, 1, "keytab mode require principal name");
 257         ret = kadm5_ad_init_with_password_ctx(context,
 258                                               client_name,
 259                                               NULL,
 260                                               KADM5_ADMIN_SERVICE,
 261                                               &conf, 0, 0,
 262                                               &kadm_handle);
 263     } else if (keytab) {
 264         if (client_name == NULL)
 265             krb5_errx(context, 1, "keytab mode require principal name");
 266         ret = kadm5_c_init_with_skey_ctx(context,
 267                                          client_name,
 268                                          keytab,
 269                                          KADM5_ADMIN_SERVICE,
 270                                          &conf, 0, 0,
 271                                          &kadm_handle);
 272     } else
 273         ret = kadm5_c_init_with_password_ctx(context,
 274                                              client_name,
 275                                              NULL,
 276                                              KADM5_ADMIN_SERVICE,
 277                                              &conf, 0, 0,
 278                                              &kadm_handle);
 279
 280     if(ret)
 281         krb5_err(context, 1, ret, "kadm5_init_with_password");
 282
 283     signal(SIGINT, SIG_IGN); /* ignore signals for now, the sl command
 284                                 parser will handle SIGINT its own way;
 285                                 we should really take care of this in
 286                                 each function, f.i `get' might be
 287                                 interruptable, but not `create' */
 288     if (argc != 0) {
 289         ret = sl_command (commands, argc, argv);
 290         if(ret == -1)
 291             sl_did_you_mean(commands, argv[0]);
 292         else if (ret == -2)
 293             ret = 0;
 294         if(ret != 0)
 295             exit_status = 1;
 296     } else {
 297         while(!exit_seen) {
 298             ret = sl_command_loop(commands, "kadmin> ", NULL);
 299             if (ret == -2)
 300                 exit_seen = 1;
 301             else if (ret != 0)
 302                 exit_status = 1;
 303         }
 304     }
 305
 306     kadm5_destroy(kadm_handle);
 307     krb5_free_context(context);
 308     return exit_status;
 309 }