2 * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "kadmin_locl.h"
35 #include "kadmin-commands.h"
38 RCSID("$Id: kadmin.c 22253 2007-12-09 06:00:00Z lha $");
40 static char *config_file;
45 static int version_flag;
47 static char *admin_server;
48 static int server_port = 0;
49 static char *client_name;
51 static char *check_library = NULL;
52 static char *check_function = NULL;
53 static getarg_strings policy_libraries = { 0, NULL };
55 static struct getargs args[] = {
56 { "principal", 'p', arg_string, &client_name,
57 "principal to authenticate as" },
58 { "keytab", 'K', arg_string, &keytab,
59 "keytab for authentication principal" },
61 "config-file", 'c', arg_string, &config_file,
62 "location of config file", "file"
65 "key-file", 'k', arg_string, &keyfile,
66 "location of master key file", "file"
69 "realm", 'r', arg_string, &realm,
70 "realm to use", "realm"
73 "admin-server", 'a', arg_string, &admin_server,
74 "server to contact", "host"
77 "server-port", 's', arg_integer, &server_port,
78 "port to use", "port number"
80 { "ad", 0, arg_flag, &ad_flag, "active directory admin mode" },
82 { "check-library", 0, arg_string, &check_library,
83 "library to load password check function from", "library" },
84 { "check-function", 0, arg_string, &check_function,
85 "password check function to load", "function" },
86 { "policy-libraries", 0, arg_strings, &policy_libraries,
87 "password check function to load", "function" },
89 { "local", 'l', arg_flag, &local_flag, "local admin mode" },
90 { "help", 'h', arg_flag, &help_flag },
91 { "version", 'v', arg_flag, &version_flag }
94 static int num_args = sizeof(args) / sizeof(args[0]);
101 help(void *opt, int argc, char **argv)
103 sl_slc_help(commands, argc, argv);
107 static int exit_seen = 0;
110 exit_kadmin (void *opt, int argc, char **argv)
119 arg_printusage (args, num_args, NULL, "[command]");
124 get_privs(void *opt, int argc, char **argv)
130 ret = kadm5_get_privs(kadm_handle, &privs);
132 krb5_warn(context, ret, "kadm5_get_privs");
134 ret =_kadm5_privs_to_string(privs, str, sizeof(str));
141 main(int argc, char **argv)
145 kadm5_config_params conf;
149 setprogname(argv[0]);
151 ret = krb5_init_context(&context);
153 errx (1, "krb5_init_context failed: %d", ret);
155 if(getarg(args, num_args, argc, argv, &optidx))
169 if (config_file == NULL) {
170 asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
171 if (config_file == NULL)
172 errx(1, "out of memory");
175 ret = krb5_prepend_config_files_default(config_file, &files);
177 krb5_err(context, 1, ret, "getting configuration files");
179 ret = krb5_set_config_files(context, files);
180 krb5_free_config_files(files);
182 krb5_err(context, 1, ret, "reading configuration files");
184 memset(&conf, 0, sizeof(conf));
186 krb5_set_default_realm(context, realm); /* XXX should be fixed
189 conf.mask |= KADM5_CONFIG_REALM;
193 conf.admin_server = admin_server;
194 conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
198 conf.kadmind_port = htons(server_port);
199 conf.mask |= KADM5_CONFIG_KADMIND_PORT;
203 conf.stash_file = keyfile;
204 conf.mask |= KADM5_CONFIG_STASH_FILE;
210 kadm5_setup_passwd_quality_check (context,
211 check_library, check_function);
213 for (i = 0; i < policy_libraries.num_strings; i++) {
214 ret = kadm5_add_passwd_quality_verifier(context,
215 policy_libraries.strings[i]);
217 krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
219 ret = kadm5_add_passwd_quality_verifier(context, NULL);
221 krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
223 ret = kadm5_s_init_with_password_ctx(context,
229 } else if (ad_flag) {
230 if (client_name == NULL)
231 krb5_errx(context, 1, "keytab mode require principal name");
232 ret = kadm5_ad_init_with_password_ctx(context,
239 if (client_name == NULL)
240 krb5_errx(context, 1, "keytab mode require principal name");
241 ret = kadm5_c_init_with_skey_ctx(context,
248 ret = kadm5_c_init_with_password_ctx(context,
256 krb5_err(context, 1, ret, "kadm5_init_with_password");
258 signal(SIGINT, SIG_IGN); /* ignore signals for now, the sl command
259 parser will handle SIGINT its own way;
260 we should really take care of this in
261 each function, f.i `get' might be
262 interruptable, but not `create' */
264 ret = sl_command (commands, argc, argv);
266 krb5_warnx (context, "unrecognized command: %s", argv[0]);
273 ret = sl_command_loop(commands, "kadmin> ", NULL);
281 kadm5_destroy(kadm_handle);
282 krb5_free_context(context);