2 * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "kadmin_locl.h"
35 #include "kadmin-commands.h"
38 static char *config_file
;
43 static int version_flag
;
45 static char *admin_server
;
46 static int server_port
= 0;
47 static char *client_name
;
49 static char *check_library
= NULL
;
50 static char *check_function
= NULL
;
51 static getarg_strings policy_libraries
= { 0, NULL
};
53 static struct getargs args
[] = {
54 { "principal", 'p', arg_string
, &client_name
,
55 "principal to authenticate as", NULL
},
56 { "keytab", 'K', arg_string
, &keytab
,
57 "keytab for authentication principal", NULL
},
59 "config-file", 'c', arg_string
, &config_file
,
60 "location of config file", "file"
63 "key-file", 'k', arg_string
, &keyfile
,
64 "location of master key file", "file"
67 "realm", 'r', arg_string
, &realm
,
68 "realm to use", "realm"
71 "admin-server", 'a', arg_string
, &admin_server
,
72 "server to contact", "host"
75 "server-port", 's', arg_integer
, &server_port
,
76 "port to use", "port number"
78 { "ad", 0, arg_flag
, &ad_flag
, "active directory admin mode",
81 { "check-library", 0, arg_string
, &check_library
,
82 "library to load password check function from", "library" },
83 { "check-function", 0, arg_string
, &check_function
,
84 "password check function to load", "function" },
85 { "policy-libraries", 0, arg_strings
, &policy_libraries
,
86 "password check function to load", "function" },
88 { "local", 'l', arg_flag
, &local_flag
, "local admin mode", NULL
},
89 { "help", 'h', arg_flag
, &help_flag
, NULL
, NULL
},
90 { "version", 'v', arg_flag
, &version_flag
, NULL
, NULL
}
93 static int num_args
= sizeof(args
) / sizeof(args
[0]);
100 help(void *opt
, int argc
, char **argv
)
102 sl_slc_help(commands
, argc
, argv
);
106 static int exit_seen
= 0;
109 exit_kadmin (void *opt
, int argc
, char **argv
)
116 lock(void *opt
, int argc
, char **argv
)
118 return kadm5_lock(kadm_handle
);
122 unlock(void *opt
, int argc
, char **argv
)
124 return kadm5_unlock(kadm_handle
);
130 arg_printusage (args
, num_args
, NULL
, "[command]");
135 get_privs(void *opt
, int argc
, char **argv
)
141 ret
= kadm5_get_privs(kadm_handle
, &privs
);
143 krb5_warn(context
, ret
, "kadm5_get_privs");
145 ret
=_kadm5_privs_to_string(privs
, str
, sizeof(str
));
149 printf("privs: 0x%x\n", (unsigned int)privs
);
155 main(int argc
, char **argv
)
159 kadm5_config_params conf
;
163 setprogname(argv
[0]);
165 ret
= krb5_init_context(&context
);
167 errx (1, "krb5_init_context failed: %d", ret
);
169 if(getarg(args
, num_args
, argc
, argv
, &optidx
))
183 if (config_file
== NULL
) {
184 asprintf(&config_file
, "%s/kdc.conf", hdb_db_dir(context
));
185 if (config_file
== NULL
)
186 errx(1, "out of memory");
189 ret
= krb5_prepend_config_files_default(config_file
, &files
);
191 krb5_err(context
, 1, ret
, "getting configuration files");
193 ret
= krb5_set_config_files(context
, files
);
194 krb5_free_config_files(files
);
196 krb5_err(context
, 1, ret
, "reading configuration files");
198 memset(&conf
, 0, sizeof(conf
));
200 krb5_set_default_realm(context
, realm
); /* XXX should be fixed
203 conf
.mask
|= KADM5_CONFIG_REALM
;
207 conf
.admin_server
= admin_server
;
208 conf
.mask
|= KADM5_CONFIG_ADMIN_SERVER
;
212 conf
.kadmind_port
= htons(server_port
);
213 conf
.mask
|= KADM5_CONFIG_KADMIND_PORT
;
217 conf
.stash_file
= keyfile
;
218 conf
.mask
|= KADM5_CONFIG_STASH_FILE
;
224 kadm5_setup_passwd_quality_check (context
,
225 check_library
, check_function
);
227 for (i
= 0; i
< policy_libraries
.num_strings
; i
++) {
228 ret
= kadm5_add_passwd_quality_verifier(context
,
229 policy_libraries
.strings
[i
]);
231 krb5_err(context
, 1, ret
, "kadm5_add_passwd_quality_verifier");
233 ret
= kadm5_add_passwd_quality_verifier(context
, NULL
);
235 krb5_err(context
, 1, ret
, "kadm5_add_passwd_quality_verifier");
237 ret
= kadm5_s_init_with_password_ctx(context
,
243 } else if (ad_flag
) {
244 if (client_name
== NULL
)
245 krb5_errx(context
, 1, "keytab mode require principal name");
246 ret
= kadm5_ad_init_with_password_ctx(context
,
253 if (client_name
== NULL
)
254 krb5_errx(context
, 1, "keytab mode require principal name");
255 ret
= kadm5_c_init_with_skey_ctx(context
,
262 ret
= kadm5_c_init_with_password_ctx(context
,
270 krb5_err(context
, 1, ret
, "kadm5_init_with_password");
272 signal(SIGINT
, SIG_IGN
); /* ignore signals for now, the sl command
273 parser will handle SIGINT its own way;
274 we should really take care of this in
275 each function, f.i `get' might be
276 interruptable, but not `create' */
278 ret
= sl_command (commands
, argc
, argv
);
280 krb5_warnx (context
, "unrecognized command: %s", argv
[0]);
287 ret
= sl_command_loop(commands
, "kadmin> ", NULL
);
295 kadm5_destroy(kadm_handle
);
296 krb5_free_context(context
);