2 * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 #include <parse_time.h>
37 #include "iprop-commands.h"
41 static krb5_context context
;
43 static kadm5_server_context
*
44 get_kadmin_context(const char *config_file
, char *realm
)
46 kadm5_config_params conf
;
53 if (config_file
== NULL
) {
54 aret
= asprintf(&file
, "%s/kdc.conf", hdb_db_dir(context
));
55 if (aret
== -1 || file
== NULL
)
56 errx(1, "out of memory");
60 ret
= krb5_prepend_config_files_default(config_file
, &files
);
63 krb5_err(context
, 1, ret
, "getting configuration files");
65 ret
= krb5_set_config_files(context
, files
);
66 krb5_free_config_files(files
);
68 krb5_err(context
, 1, ret
, "reading configuration files");
70 memset(&conf
, 0, sizeof(conf
));
72 conf
.mask
|= KADM5_CONFIG_REALM
;
76 ret
= kadm5_init_with_password_ctx (context
,
83 krb5_err (context
, 1, ret
, "kadm5_init_with_password_ctx");
85 return (kadm5_server_context
*)kadm_handle
;
92 static const char *op_names
[] = {
107 print_entry(kadm5_server_context
*server_context
,
116 const char *entry_kind
= ctx
;
121 krb5_principal source
;
124 krb5_context scontext
= server_context
->context
;
127 krb5_data_zero(&data
);
129 strftime(t
, sizeof(t
), "%Y-%m-%d %H:%M:%S", localtime(×tamp
));
131 if((int)op
< (int)kadm_get
|| (int)op
> (int)kadm_nop
) {
132 printf("unknown op: %d\n", op
);
136 printf ("%s%s: ver = %u, timestamp = %s, len = %u\n",
137 entry_kind
, op_names
[op
], ver
, t
, len
);
140 krb5_ret_principal(sp
, &source
);
141 krb5_unparse_name(scontext
, source
, &name1
);
142 printf(" %s\n", name1
);
144 krb5_free_principal(scontext
, source
);
147 ret
= krb5_data_alloc(&data
, len
);
149 krb5_err (scontext
, 1, ret
, "kadm_rename: data alloc: %d", len
);
150 krb5_ret_principal(sp
, &source
);
151 krb5_storage_read(sp
, data
.data
, data
.length
);
152 hdb_value2entry(scontext
, &data
, &ent
);
153 krb5_unparse_name(scontext
, source
, &name1
);
154 krb5_unparse_name(scontext
, ent
.principal
, &name2
);
155 printf(" %s -> %s\n", name1
, name2
);
158 krb5_free_principal(scontext
, source
);
159 free_hdb_entry(&ent
);
162 ret
= krb5_data_alloc(&data
, len
);
164 krb5_err (scontext
, 1, ret
, "kadm_create: data alloc: %d", len
);
165 krb5_storage_read(sp
, data
.data
, data
.length
);
166 ret
= hdb_value2entry(scontext
, &data
, &ent
);
172 ret
= krb5_data_alloc(&data
, len
);
174 krb5_err (scontext
, 1, ret
, "kadm_modify: data alloc: %d", len
);
175 krb5_ret_int32(sp
, &mask
);
176 krb5_storage_read(sp
, data
.data
, data
.length
);
177 ret
= hdb_value2entry(scontext
, &data
, &ent
);
181 if(ent
.principal
/* mask & KADM5_PRINCIPAL */) {
182 krb5_unparse_name(scontext
, ent
.principal
, &name1
);
183 printf(" principal = %s\n", name1
);
186 if(mask
& KADM5_PRINC_EXPIRE_TIME
) {
187 if(ent
.valid_end
== NULL
) {
188 strlcpy(t
, "never", sizeof(t
));
190 strftime(t
, sizeof(t
), "%Y-%m-%d %H:%M:%S",
191 localtime(ent
.valid_end
));
193 printf(" expires = %s\n", t
);
195 if(mask
& KADM5_PW_EXPIRATION
) {
196 if(ent
.pw_end
== NULL
) {
197 strlcpy(t
, "never", sizeof(t
));
199 strftime(t
, sizeof(t
), "%Y-%m-%d %H:%M:%S",
200 localtime(ent
.pw_end
));
202 printf(" password exp = %s\n", t
);
204 if(mask
& KADM5_LAST_PWD_CHANGE
) {
206 if(mask
& KADM5_ATTRIBUTES
) {
207 unparse_flags(HDBFlags2int(ent
.flags
),
208 asn1_HDBFlags_units(), t
, sizeof(t
));
209 printf(" attributes = %s\n", t
);
211 if(mask
& KADM5_MAX_LIFE
) {
212 if(ent
.max_life
== NULL
)
213 strlcpy(t
, "for ever", sizeof(t
));
215 unparse_time(*ent
.max_life
, t
, sizeof(t
));
216 printf(" max life = %s\n", t
);
218 if(mask
& KADM5_MAX_RLIFE
) {
219 if(ent
.max_renew
== NULL
)
220 strlcpy(t
, "for ever", sizeof(t
));
222 unparse_time(*ent
.max_renew
, t
, sizeof(t
));
223 printf(" max rlife = %s\n", t
);
225 if(mask
& KADM5_MOD_TIME
) {
226 printf(" mod time\n");
228 if(mask
& KADM5_MOD_NAME
) {
229 printf(" mod name\n");
231 if(mask
& KADM5_KVNO
) {
232 printf(" kvno = %d\n", ent
.kvno
);
234 if(mask
& KADM5_MKVNO
) {
237 if(mask
& KADM5_AUX_ATTRIBUTES
) {
238 printf(" aux attributes\n");
240 if(mask
& KADM5_POLICY
) {
243 if(mask
& KADM5_POLICY_CLR
) {
244 printf(" mod time\n");
246 if(mask
& KADM5_LAST_SUCCESS
) {
247 printf(" last success\n");
249 if(mask
& KADM5_LAST_FAILED
) {
250 printf(" last failed\n");
252 if(mask
& KADM5_FAIL_AUTH_COUNT
) {
253 printf(" fail auth count\n");
255 if(mask
& KADM5_KEY_DATA
) {
256 printf(" key data\n");
258 if(mask
& KADM5_TL_DATA
) {
259 printf(" tl data\n");
261 free_hdb_entry(&ent
);
266 krb5_ret_uint64(sp
, &off
);
267 printf("uberblock offset %llu ", (unsigned long long)off
);
271 if (len
== 16 || len
== 8) {
272 krb5_ret_int32(sp
, &nop_time
);
273 krb5_ret_uint32(sp
, &nop_ver
);
275 timestamp
= nop_time
;
276 strftime(t
, sizeof(t
), "%Y-%m-%d %H:%M:%S", localtime(×tamp
));
277 printf("timestamp %s version %u", t
, nop_ver
);
284 krb5_data_free(&data
);
290 iprop_dump(struct dump_options
*opt
, int argc
, char **argv
)
292 kadm5_server_context
*server_context
;
294 enum kadm_iter_opts iter_opts_1st
= 0;
295 enum kadm_iter_opts iter_opts_2nd
= 0;
299 server_context
= get_kadmin_context(opt
->config_file_string
,
303 free(server_context
->log_context
.log_file
);
304 server_context
->log_context
.log_file
= strdup(argv
[0]);
305 if (server_context
->log_context
.log_file
== NULL
)
306 krb5_err(context
, 1, errno
, "strdup");
309 if (opt
->reverse_flag
) {
310 iter_opts_1st
= kadm_backward
| kadm_unconfirmed
;
311 iter_opts_2nd
= kadm_backward
| kadm_confirmed
;
312 desc_1st
= "unconfirmed ";
314 iter_opts_1st
= kadm_forward
| kadm_confirmed
;
315 iter_opts_2nd
= kadm_forward
| kadm_unconfirmed
;
316 desc_2nd
= "unconfirmed";
319 if (opt
->no_lock_flag
) {
320 ret
= kadm5_log_init_sharedlock(server_context
, LOCK_NB
);
321 if (ret
== EAGAIN
|| ret
== EWOULDBLOCK
) {
322 warnx("Not locking the iprop log");
323 ret
= kadm5_log_init_nolock(server_context
);
325 krb5_err(context
, 1, ret
, "kadm5_log_init_nolock");
328 warnx("If this command appears to block, try the --no-lock option");
329 ret
= kadm5_log_init_sharedlock(server_context
, 0);
331 krb5_err(context
, 1, ret
, "kadm5_log_init_sharedlock");
334 ret
= kadm5_log_foreach(server_context
, iter_opts_1st
,
335 NULL
, print_entry
, desc_1st
);
337 krb5_warn(context
, ret
, "kadm5_log_foreach");
339 ret
= kadm5_log_foreach(server_context
, iter_opts_2nd
,
340 NULL
, print_entry
, desc_2nd
);
342 krb5_warn(context
, ret
, "kadm5_log_foreach");
344 ret
= kadm5_log_end (server_context
);
346 krb5_warn(context
, ret
, "kadm5_log_end");
348 kadm5_destroy(server_context
);
353 iprop_truncate(struct truncate_options
*opt
, int argc
, char **argv
)
355 kadm5_server_context
*server_context
;
358 server_context
= get_kadmin_context(opt
->config_file_string
,
362 free(server_context
->log_context
.log_file
);
363 server_context
->log_context
.log_file
= strdup(argv
[0]);
364 if (server_context
->log_context
.log_file
== NULL
)
365 krb5_err(context
, 1, errno
, "strdup");
368 if (opt
->keep_entries_integer
< 0 &&
369 opt
->max_bytes_integer
< 0) {
370 opt
->keep_entries_integer
= 100;
371 opt
->max_bytes_integer
= 0;
373 if (opt
->keep_entries_integer
< 0)
374 opt
->keep_entries_integer
= 0;
375 if (opt
->max_bytes_integer
< 0)
376 opt
->max_bytes_integer
= 0;
378 if (opt
->reset_flag
) {
379 /* First recover unconfirmed records */
380 ret
= kadm5_log_init(server_context
);
382 ret
= kadm5_log_reinit(server_context
, 0);
384 ret
= kadm5_log_init(server_context
);
386 krb5_err(context
, 1, ret
, "kadm5_log_init");
387 ret
= kadm5_log_truncate(server_context
, opt
->keep_entries_integer
,
388 opt
->max_bytes_integer
);
391 krb5_err(context
, 1, ret
, "kadm5_log_truncate");
393 kadm5_log_signal_master(server_context
);
395 kadm5_destroy(server_context
);
400 last_version(struct last_version_options
*opt
, int argc
, char **argv
)
402 kadm5_server_context
*server_context
;
403 char *alt_argv
[2] = { NULL
, NULL
};
408 server_context
= get_kadmin_context(opt
->config_file_string
,
412 alt_argv
[0] = strdup(server_context
->log_context
.log_file
);
413 if (alt_argv
[0] == NULL
)
414 krb5_err(context
, 1, errno
, "strdup");
419 for (i
= 0; i
< argc
; i
++) {
420 free(server_context
->log_context
.log_file
);
421 server_context
->log_context
.log_file
= strdup(argv
[i
]);
422 if (server_context
->log_context
.log_file
== NULL
)
423 krb5_err(context
, 1, errno
, "strdup");
425 if (opt
->no_lock_flag
) {
426 ret
= kadm5_log_init_sharedlock(server_context
, LOCK_NB
);
427 if (ret
== EAGAIN
|| ret
== EWOULDBLOCK
) {
428 warnx("Not locking the iprop log");
429 ret
= kadm5_log_init_nolock(server_context
);
431 krb5_err(context
, 1, ret
, "kadm5_log_init_nolock");
434 warnx("If this command appears to block, try the "
436 ret
= kadm5_log_init_sharedlock(server_context
, 0);
438 krb5_err(context
, 1, ret
, "kadm5_log_init_sharedlock");
441 ret
= kadm5_log_get_version (server_context
, &version
);
443 krb5_err (context
, 1, ret
, "kadm5_log_get_version");
445 ret
= kadm5_log_end (server_context
);
447 krb5_warn(context
, ret
, "kadm5_log_end");
449 printf("version: %lu\n", (unsigned long)version
);
452 kadm5_destroy(server_context
);
458 signal_master(struct signal_options
*opt
, int argc
, char **argv
)
460 kadm5_server_context
*server_context
;
462 server_context
= get_kadmin_context(opt
->config_file_string
,
465 kadm5_log_signal_master(server_context
);
467 kadm5_destroy(server_context
);
475 int start_version
= -1;
476 int end_version
= -1;
479 apply_entry(kadm5_server_context
*server_context
,
487 struct replay_options
*opt
= ctx
;
490 if((opt
->start_version_integer
!= -1 && ver
< (uint32_t)opt
->start_version_integer
) ||
491 (opt
->end_version_integer
!= -1 && ver
> (uint32_t)opt
->end_version_integer
)) {
492 /* XXX skip this entry */
495 printf ("ver %u... ", ver
);
498 ret
= kadm5_log_replay(server_context
, op
, ver
, len
, sp
);
500 krb5_warn (server_context
->context
, ret
, "kadm5_log_replay");
508 iprop_replay(struct replay_options
*opt
, int argc
, char **argv
)
510 kadm5_server_context
*server_context
;
513 server_context
= get_kadmin_context(opt
->config_file_string
,
517 free(server_context
->log_context
.log_file
);
518 server_context
->log_context
.log_file
= strdup(argv
[0]);
519 if (server_context
->log_context
.log_file
== NULL
)
520 krb5_err(context
, 1, errno
, "strdup");
523 ret
= server_context
->db
->hdb_open(context
,
525 O_RDWR
| O_CREAT
, 0600);
527 krb5_err (context
, 1, ret
, "db->open");
529 ret
= kadm5_log_init (server_context
);
531 krb5_err (context
, 1, ret
, "kadm5_log_init");
533 ret
= kadm5_log_foreach(server_context
,
534 kadm_forward
| kadm_confirmed
| kadm_unconfirmed
,
535 NULL
, apply_entry
, opt
);
537 krb5_warn(context
, ret
, "kadm5_log_foreach");
538 ret
= kadm5_log_end (server_context
);
540 krb5_warn(context
, ret
, "kadm5_log_end");
541 ret
= server_context
->db
->hdb_close (context
, server_context
->db
);
543 krb5_err (context
, 1, ret
, "db->close");
545 kadm5_destroy(server_context
);
549 static int help_flag
;
550 static int version_flag
;
552 static struct getargs args
[] = {
553 { "version", 0, arg_flag
, &version_flag
,
556 { "help", 'h', arg_flag
, &help_flag
,
561 static int num_args
= sizeof(args
) / sizeof(args
[0]);
564 help(void *opt
, int argc
, char **argv
)
567 sl_help(commands
, 1, argv
- 1 /* XXX */);
569 SL_cmd
*c
= sl_match (commands
, argv
[0], 0);
571 fprintf (stderr
, "No such command: %s. "
572 "Try \"help\" for a list of commands\n",
576 static char shelp
[] = "--help";
582 fprintf(stderr
, "\n");
584 if(c
->help
&& *c
->help
)
585 fprintf (stderr
, "%s\n", c
->help
);
586 if((++c
)->name
&& c
->func
== NULL
) {
588 fprintf (stderr
, "Synonyms:");
589 while (c
->name
&& c
->func
== NULL
) {
590 fprintf (stderr
, "%s%s", f
? ", " : " ", (c
++)->name
);
593 fprintf (stderr
, "\n");
603 arg_printusage(args
, num_args
, NULL
, "command");
608 main(int argc
, char **argv
)
613 setprogname(argv
[0]);
615 if(getarg(args
, num_args
, argc
, argv
, &optidx
))
628 ret
= krb5_init_context(&context
);
630 errx(1, "krb5_init_context failed with: %d\n", ret
);
632 ret
= sl_command(commands
, argc
, argv
);
634 warnx ("unrecognized command: %s", argv
[0]);