Lines Matching +full:unlock +full:- +full:keys
1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
34 #include "k5-int.h"
103 error(_("Usage: %s [-r realm] [-p principal] [-q query] " in usage()
106 "\tclnt args: [-s admin_server[:port]] " in usage()
107 "[[-c ccache]|[-k [-t keytab]]]|[-n] [-O | -N]\n" in usage()
108 "\tlocal args: [-x db_args]* [-d dbname] " in usage()
109 "[-e \"enc:salt ...\"] [-m] [-w password] " in usage()
110 "where,\n\t[-x db_args]* - any number of database specific " in usage()
124 duration *= -1; in strdur()
135 snprintf(out, sizeof(out), "%s%d %s %02d:%02d:%02d", neg ? "-" : "", in strdur()
156 * and return (time_t)-1. */
163 if (date == (time_t)-1) in parse_date()
171 * error message and return (time_t)-1.
183 if (date == (time_t)-1) in parse_interval()
193 return (time_t)-1; in parse_interval()
196 return date - now; in parse_interval()
211 if (cp - name && *(cp - 1) != '\\') in kadmin_parse_name()
264 * keys when the old API is used. */ in randkey_princ()
325 db_args[db_args_size - 1] = optarg; in kadmin_startup()
364 db_args[db_args_size - 1] = db_name; in kadmin_startup()
403 error(_("%s: -q is exclusive with command-line query"), whoami); in kadmin_startup()
424 * Set cc to an open credentials cache, either specified by the -c in kadmin_startup()
496 if (realm > canon && *(realm - 1) != '\\') in kadmin_startup()
504 if (cp > canon && *(cp - 1) != '\\') in kadmin_startup()
526 if (asprintf(&princstr, "%s/admin@%s", pw->pw_name, in kadmin_startup()
659 com_err("unlock", retval, ""); in kadmin_unlock()
674 (argc == 3 && !strcmp("-force", argv[1])))) { in kadmin_delprinc()
675 error(_("usage: delete_principal [-force] principal\n")); in kadmin_delprinc()
678 retval = kadmin_parse_name(argv[argc - 1], &princ); in kadmin_delprinc()
721 if (!(argc == 3 || (argc == 4 && !strcmp("-force", argv[1])))) { in kadmin_renameprinc()
722 error(_("usage: rename_principal [-force] old_principal " in kadmin_renameprinc()
726 retval = kadmin_parse_name(argv[argc - 2], &oprinc); in kadmin_renameprinc()
732 retval = kadmin_parse_name(argv[argc - 1], &nprinc); in kadmin_renameprinc()
831 error(_("usage: change_password [-randkey] [-keepold] " in cpw_usage()
832 "[-e keysaltlist] [-pw password] principal\n")); in cpw_usage()
853 for (argv++, argc--; argc > 0 && **argv == '-'; argc--, argv++) { in kadmin_cpw()
854 if (!strcmp("-x", *argv)) { in kadmin_cpw()
855 argc--; in kadmin_cpw()
866 db_args[db_args_size - 1] = *++argv; in kadmin_cpw()
868 } else if (!strcmp("-pw", *argv)) { in kadmin_cpw()
869 argc--; in kadmin_cpw()
875 } else if (!strcmp("-randkey", *argv)) { in kadmin_cpw()
877 } else if (!strcmp("-keepold", *argv)) { in kadmin_cpw()
879 } else if (!strcmp("-e", *argv)) { in kadmin_cpw()
880 argc--; in kadmin_cpw()
940 unsigned int i = sizeof (newpw) - 1; in kadmin_cpw()
945 _("Re-enter password for principal \"%s\""), canon); in kadmin_cpw()
986 next = tl_data->tl_data_next; in kadmin_free_tl_data()
987 free(tl_data->tl_data_contents); in kadmin_free_tl_data()
1009 tl_data->tl_data_type = tl_type; in add_tl_data()
1010 tl_data->tl_data_length = len; in add_tl_data()
1011 tl_data->tl_data_contents = copy; in add_tl_data()
1012 tl_data->tl_data_next = NULL; in add_tl_data()
1014 for (; *tl_datap != NULL; tl_datap = &(*tl_datap)->tl_data_next); in add_tl_data()
1027 princ->fail_auth_count = 0; in unlock_princ()
1030 /* Record the timestamp of this unlock operation so that replica KDCs will in unlock_princ()
1038 add_tl_data(&princ->n_tl_data, &princ->tl_data, in unlock_princ()
1064 for (i = 1; i < argc - 1; i++) { in kadmin_parse_princ_args()
1065 if (!strcmp("-x",argv[i])) { in kadmin_parse_princ_args()
1066 if (++i > argc - 2) in kadmin_parse_princ_args()
1067 return -1; in kadmin_parse_princ_args()
1069 add_tl_data(&oprinc->n_tl_data, &oprinc->tl_data, in kadmin_parse_princ_args()
1075 if (!strcmp("-expire", argv[i])) { in kadmin_parse_princ_args()
1076 if (++i > argc - 2) in kadmin_parse_princ_args()
1077 return -1; in kadmin_parse_princ_args()
1079 if (date == (time_t)-1) in kadmin_parse_princ_args()
1080 return -1; in kadmin_parse_princ_args()
1081 oprinc->princ_expire_time = date; in kadmin_parse_princ_args()
1085 if (!strcmp("-pwexpire", argv[i])) { in kadmin_parse_princ_args()
1086 if (++i > argc - 2) in kadmin_parse_princ_args()
1087 return -1; in kadmin_parse_princ_args()
1089 if (date == (time_t)-1) in kadmin_parse_princ_args()
1090 return -1; in kadmin_parse_princ_args()
1091 oprinc->pw_expiration = date; in kadmin_parse_princ_args()
1095 if (!strcmp("-maxlife", argv[i])) { in kadmin_parse_princ_args()
1096 if (++i > argc - 2) in kadmin_parse_princ_args()
1097 return -1; in kadmin_parse_princ_args()
1099 if (interval == (time_t)-1) in kadmin_parse_princ_args()
1100 return -1; in kadmin_parse_princ_args()
1101 oprinc->max_life = interval; in kadmin_parse_princ_args()
1105 if (!strcmp("-maxrenewlife", argv[i])) { in kadmin_parse_princ_args()
1106 if (++i > argc - 2) in kadmin_parse_princ_args()
1107 return -1; in kadmin_parse_princ_args()
1109 if (interval == (time_t)-1) in kadmin_parse_princ_args()
1110 return -1; in kadmin_parse_princ_args()
1111 oprinc->max_renewable_life = interval; in kadmin_parse_princ_args()
1115 if (!strcmp("-kvno", argv[i])) { in kadmin_parse_princ_args()
1116 if (++i > argc - 2) in kadmin_parse_princ_args()
1117 return -1; in kadmin_parse_princ_args()
1118 oprinc->kvno = atoi(argv[i]); in kadmin_parse_princ_args()
1122 if (!strcmp("-policy", argv[i])) { in kadmin_parse_princ_args()
1123 if (++i > argc - 2) in kadmin_parse_princ_args()
1124 return -1; in kadmin_parse_princ_args()
1125 oprinc->policy = argv[i]; in kadmin_parse_princ_args()
1129 if (!strcmp("-clearpolicy", argv[i])) { in kadmin_parse_princ_args()
1130 oprinc->policy = NULL; in kadmin_parse_princ_args()
1134 if (!strcmp("-pw", argv[i])) { in kadmin_parse_princ_args()
1135 if (++i > argc - 2) in kadmin_parse_princ_args()
1136 return -1; in kadmin_parse_princ_args()
1140 if (!strcmp("-randkey", argv[i])) { in kadmin_parse_princ_args()
1144 if (!strcmp("-nokey", argv[i])) { in kadmin_parse_princ_args()
1148 if (!strcmp("-unlock", argv[i])) { in kadmin_parse_princ_args()
1152 if (!strcmp("-e", argv[i])) { in kadmin_parse_princ_args()
1153 if (++i > argc - 2) in kadmin_parse_princ_args()
1154 return -1; in kadmin_parse_princ_args()
1160 return -1; in kadmin_parse_princ_args()
1164 retval = krb5_flagspec_to_mask(argv[i], &oprinc->attributes, in kadmin_parse_princ_args()
1165 &oprinc->attributes); in kadmin_parse_princ_args()
1167 return -1; in kadmin_parse_princ_args()
1171 if (i != argc - 1) in kadmin_parse_princ_args()
1172 return -1; in kadmin_parse_princ_args()
1173 retval = kadmin_parse_name(argv[i], &oprinc->principal); in kadmin_parse_princ_args()
1176 return -1; in kadmin_parse_princ_args()
1186 error(_("\t\t[-randkey|-nokey] [-x db_princ_args]* [-expire expdate] " in kadmin_addprinc_usage()
1187 "[-pwexpire pwexpdate] [-maxlife maxtixlife]\n" in kadmin_addprinc_usage()
1188 "\t\t[-kvno kvno] [-policy policy] [-clearpolicy]\n" in kadmin_addprinc_usage()
1189 "\t\t[-pw password] [-maxrenewlife maxrenewlife]\n" in kadmin_addprinc_usage()
1190 "\t\t[-e keysaltlist]\n\t\t[{+|-}attribute]\n")); in kadmin_addprinc_usage()
1199 "\nwhere,\n\t[-x db_princ_args]* - any number of database " in kadmin_addprinc_usage()
1210 error(_("\t\t[-x db_princ_args]* [-expire expdate] " in kadmin_modprinc_usage()
1211 "[-pwexpire pwexpdate] [-maxlife maxtixlife]\n" in kadmin_modprinc_usage()
1212 "\t\t[-kvno kvno] [-policy policy] [-clearpolicy]\n" in kadmin_modprinc_usage()
1213 "\t\t[-maxrenewlife maxrenewlife] [-unlock] [{+|-}attribute]\n")); in kadmin_modprinc_usage()
1222 "\nwhere,\n\t[-x db_princ_args]* - any number of database " in kadmin_modprinc_usage()
1228 /* Create a dummy password for old-style (pre-1.8) randkey creation. */
1234 /* Must try to pass any password policy in place, and be valid UTF-8. */ in prepare_dummy_password()
1236 for (i = strlen(buf); i < sz - 1; i++) in prepare_dummy_password()
1238 buf[sz - 1] = '\0'; in prepare_dummy_password()
1300 unsigned int sz = sizeof(newpw) - 1; in kadmin_addprinc()
1305 _("Re-enter password for principal \"%s\""), canon); in kadmin_addprinc()
1329 error(_("Admin server does not support -nokey while creating " in kadmin_addprinc()
1338 /* Randomize the password and re-enable tickets. */ in kadmin_addprinc()
1384 retval = kadmin_parse_name(argv[argc - 1], &kprinc); in kadmin_modprinc()
1448 if (!(argc == 2 || (argc == 3 && !strcmp("-terse", argv[1])))) { in kadmin_getprinc()
1449 error(_("usage: get_principal [-terse] principal\n")); in kadmin_getprinc()
1455 retval = kadmin_parse_name(argv[argc - 1], &princ); in kadmin_getprinc()
1503 printf(_("Number of keys: %d\n"), dprinc.n_key_data); in kadmin_getprinc()
1509 if (krb5_enctype_to_name(key_data->key_data_type[0], FALSE, in kadmin_getprinc()
1512 key_data->key_data_type[0]); in kadmin_getprinc()
1513 if (!krb5_c_valid_enctype(key_data->key_data_type[0])) in kadmin_getprinc()
1515 else if (krb5int_c_deprecated_enctype(key_data->key_data_type[0])) in kadmin_getprinc()
1517 printf("Key: vno %d, %s%s", key_data->key_data_kvno, deprecated, in kadmin_getprinc()
1519 if (key_data->key_data_ver > 1 && in kadmin_getprinc()
1520 key_data->key_data_type[1] != KRB5_KDB_SALTTYPE_NORMAL) { in kadmin_getprinc()
1521 if (krb5_salttype_to_string(key_data->key_data_type[1], in kadmin_getprinc()
1524 key_data->key_data_type[1]); in kadmin_getprinc()
1605 for (i = 1; i < argc - 1; i++) { in kadmin_parse_policy_args()
1606 if (!strcmp(argv[i], "-maxlife")) { in kadmin_parse_policy_args()
1607 if (++i > argc -2) in kadmin_parse_policy_args()
1608 return -1; in kadmin_parse_policy_args()
1610 if (interval == (time_t)-1) in kadmin_parse_policy_args()
1611 return -1; in kadmin_parse_policy_args()
1612 policy->pw_max_life = interval; in kadmin_parse_policy_args()
1615 } else if (!strcmp(argv[i], "-minlife")) { in kadmin_parse_policy_args()
1616 if (++i > argc - 2) in kadmin_parse_policy_args()
1617 return -1; in kadmin_parse_policy_args()
1619 if (interval == (time_t)-1) in kadmin_parse_policy_args()
1620 return -1; in kadmin_parse_policy_args()
1621 policy->pw_min_life = interval; in kadmin_parse_policy_args()
1624 } else if (!strcmp(argv[i], "-minlength")) { in kadmin_parse_policy_args()
1625 if (++i > argc - 2) in kadmin_parse_policy_args()
1626 return -1; in kadmin_parse_policy_args()
1627 policy->pw_min_length = atoi(argv[i]); in kadmin_parse_policy_args()
1630 } else if (!strcmp(argv[i], "-minclasses")) { in kadmin_parse_policy_args()
1631 if (++i > argc - 2) in kadmin_parse_policy_args()
1632 return -1; in kadmin_parse_policy_args()
1633 policy->pw_min_classes = atoi(argv[i]); in kadmin_parse_policy_args()
1636 } else if (!strcmp(argv[i], "-history")) { in kadmin_parse_policy_args()
1637 if (++i > argc - 2) in kadmin_parse_policy_args()
1638 return -1; in kadmin_parse_policy_args()
1639 policy->pw_history_num = atoi(argv[i]); in kadmin_parse_policy_args()
1643 !strcmp(argv[i], "-maxfailure")) { in kadmin_parse_policy_args()
1644 if (++i > argc - 2) in kadmin_parse_policy_args()
1645 return -1; in kadmin_parse_policy_args()
1646 policy->pw_max_fail = atoi(argv[i]); in kadmin_parse_policy_args()
1650 !strcmp(argv[i], "-failurecountinterval")) { in kadmin_parse_policy_args()
1651 if (++i > argc - 2) in kadmin_parse_policy_args()
1652 return -1; in kadmin_parse_policy_args()
1654 if (interval == (time_t)-1) in kadmin_parse_policy_args()
1655 return -1; in kadmin_parse_policy_args()
1656 policy->pw_failcnt_interval = interval; in kadmin_parse_policy_args()
1660 !strcmp(argv[i], "-lockoutduration")) { in kadmin_parse_policy_args()
1661 if (++i > argc - 2) in kadmin_parse_policy_args()
1662 return -1; in kadmin_parse_policy_args()
1664 if (interval == (time_t)-1) in kadmin_parse_policy_args()
1665 return -1; in kadmin_parse_policy_args()
1666 policy->pw_lockout_duration = interval; in kadmin_parse_policy_args()
1669 } else if (!strcmp(argv[i], "-allowedkeysalts")) { in kadmin_parse_policy_args()
1673 if (++i > argc - 2) in kadmin_parse_policy_args()
1674 return -1; in kadmin_parse_policy_args()
1675 if (strcmp(argv[i], "-")) { in kadmin_parse_policy_args()
1681 return -1; in kadmin_parse_policy_args()
1684 policy->allowed_keysalts = argv[i]; in kadmin_parse_policy_args()
1689 return -1; in kadmin_parse_policy_args()
1691 if (i != argc -1) { in kadmin_parse_policy_args()
1693 return -1; in kadmin_parse_policy_args()
1703 error(_("\t\t[-maxlife time] [-minlife time] [-minlength length]\n" in kadmin_addmodpol_usage()
1704 "\t\t[-minclasses number] [-history number]\n" in kadmin_addmodpol_usage()
1705 "\t\t[-maxfailure number] [-failurecountinterval time]\n" in kadmin_addmodpol_usage()
1706 "\t\t[-allowedkeysalts keysalts]\n")); in kadmin_addmodpol_usage()
1707 error(_("\t\t[-lockoutduration time]\n")); in kadmin_addmodpol_usage()
1722 policy.policy = argv[argc - 1]; in kadmin_addpol()
1744 policy.policy = argv[argc - 1]; in kadmin_modpol()
1758 if (!(argc == 2 || (argc == 3 && !strcmp("-force", argv[1])))) { in kadmin_delpol()
1759 error(_("usage: delete_policy [-force] policy\n")); in kadmin_delpol()
1771 retval = kadm5_delete_policy(handle, argv[argc - 1]); in kadmin_delpol()
1774 argv[argc - 1]); in kadmin_delpol()
1784 if (!(argc == 2 || (argc == 3 && !strcmp("-terse", argv[1])))) { in kadmin_getpol()
1785 error(_("usage: get_policy [-terse] policy\n")); in kadmin_getpol()
1788 retval = kadm5_get_policy(handle, argv[argc - 1], &policy); in kadmin_getpol()
1791 argv[argc - 1]); in kadmin_getpol()
1801 printf(_("Number of old keys kept: %ld\n"), policy.pw_history_num); in kadmin_getpol()
1818 (policy.allowed_keysalts == NULL) ? "-" : in kadmin_getpol()
1875 int keepkvno = -1; in kadmin_purgekeys()
1879 if (argc == 4 && strcmp(argv[1], "-keepkvno") == 0) { in kadmin_purgekeys()
1882 } else if (argc == 3 && strcmp(argv[1], "-all") == 0) { in kadmin_purgekeys()
1889 error(_("usage: purgekeys [-all|-keepkvno oldest_kvno_to_keep] " in kadmin_purgekeys()
1909 _("while purging keys for principal \"%s\""), canon); in kadmin_purgekeys()
1914 info(_("All keys for principal \"%s\" removed.\n"), canon); in kadmin_purgekeys()
1916 info(_("Old keys for principal \"%s\" purged.\n"), canon); in kadmin_purgekeys()