xref: /freebsd/crypto/heimdal/kadmin/kadmin.c (revision 4137ff4cc173ea2e05227027e1c9e0ea42bcc0dc) 
1b528cefcSMark Murray /*
25e9cd1aeSAssar Westerlund  * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
3b528cefcSMark Murray  * (Royal Institute of Technology, Stockholm, Sweden).
4b528cefcSMark Murray  * All rights reserved.
5b528cefcSMark Murray  *
6b528cefcSMark Murray  * Redistribution and use in source and binary forms, with or without
7b528cefcSMark Murray  * modification, are permitted provided that the following conditions
8b528cefcSMark Murray  * are met:
9b528cefcSMark Murray  *
10b528cefcSMark Murray  * 1. Redistributions of source code must retain the above copyright
11b528cefcSMark Murray  *    notice, this list of conditions and the following disclaimer.
12b528cefcSMark Murray  *
13b528cefcSMark Murray  * 2. Redistributions in binary form must reproduce the above copyright
14b528cefcSMark Murray  *    notice, this list of conditions and the following disclaimer in the
15b528cefcSMark Murray  *    documentation and/or other materials provided with the distribution.
16b528cefcSMark Murray  *
17b528cefcSMark Murray  * 3. Neither the name of the Institute nor the names of its contributors
18b528cefcSMark Murray  *    may be used to endorse or promote products derived from this software
19b528cefcSMark Murray  *    without specific prior written permission.
20b528cefcSMark Murray  *
21b528cefcSMark Murray  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22b528cefcSMark Murray  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23b528cefcSMark Murray  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24b528cefcSMark Murray  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25b528cefcSMark Murray  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26b528cefcSMark Murray  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27b528cefcSMark Murray  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28b528cefcSMark Murray  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29b528cefcSMark Murray  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30b528cefcSMark Murray  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31b528cefcSMark Murray  * SUCH DAMAGE.
32b528cefcSMark Murray  */
33b528cefcSMark Murray 
34b528cefcSMark Murray #include "kadmin_locl.h"
35b528cefcSMark Murray #include <sl.h>
36b528cefcSMark Murray 
374137ff4cSJacques Vidrine RCSID("$Id: kadmin.c,v 1.41 2001/08/10 08:06:13 joda Exp $");
38b528cefcSMark Murray 
39b528cefcSMark Murray static char *config_file;
40b528cefcSMark Murray static char *keyfile;
41b528cefcSMark Murray static int local_flag;
42b528cefcSMark Murray static int help_flag;
43b528cefcSMark Murray static int version_flag;
44b528cefcSMark Murray static char *realm;
45b528cefcSMark Murray static char *admin_server;
46b528cefcSMark Murray static int server_port = 0;
47b528cefcSMark Murray static char *client_name;
48adb0ddaeSAssar Westerlund static char *keytab;
49b528cefcSMark Murray 
50b528cefcSMark Murray static struct getargs args[] = {
51b528cefcSMark Murray     {	"principal", 	'p',	arg_string,	&client_name,
52b528cefcSMark Murray 	"principal to authenticate as" },
53adb0ddaeSAssar Westerlund     {   "keytab",	'K',	arg_string,	&keytab,
54adb0ddaeSAssar Westerlund    	"keytab for authentication pricipal" },
55b528cefcSMark Murray     {
56b528cefcSMark Murray 	"config-file",	'c',	arg_string,	&config_file,
57b528cefcSMark Murray 	"location of config file",	"file"
58b528cefcSMark Murray     },
59b528cefcSMark Murray     {
60b528cefcSMark Murray 	"key-file",	'k',	arg_string, &keyfile,
61b528cefcSMark Murray 	"location of master key file", "file"
62b528cefcSMark Murray     },
63b528cefcSMark Murray     {
64b528cefcSMark Murray 	"realm",	'r',	arg_string,   &realm,
65b528cefcSMark Murray 	"realm to use", "realm"
66b528cefcSMark Murray     },
67b528cefcSMark Murray     {
68b528cefcSMark Murray 	"admin-server",	'a',	arg_string,   &admin_server,
69b528cefcSMark Murray 	"server to contact", "host"
70b528cefcSMark Murray     },
71b528cefcSMark Murray     {
72b528cefcSMark Murray 	"server-port",	's',	arg_integer,   &server_port,
7313e3f4d6SMark Murray 	"port to use", "port number"
74b528cefcSMark Murray     },
75b528cefcSMark Murray     {	"local", 'l', arg_flag, &local_flag, "local admin mode" },
76b528cefcSMark Murray     {	"help",		'h',	arg_flag,   &help_flag },
77b528cefcSMark Murray     {	"version",	'v',	arg_flag,   &version_flag }
78b528cefcSMark Murray };
79b528cefcSMark Murray 
80b528cefcSMark Murray static int num_args = sizeof(args) / sizeof(args[0]);
81b528cefcSMark Murray 
82b528cefcSMark Murray static SL_cmd commands[] = {
83b528cefcSMark Murray     /* commands that are only available with `-l' */
84b528cefcSMark Murray     {
85b528cefcSMark Murray 	"dump",		dump,		"dump [file]",
86b528cefcSMark Murray 	"Dumps the database in a human readable format to the\n"
87b528cefcSMark Murray 	"specified file, or the standard out."
88b528cefcSMark Murray     },
89b528cefcSMark Murray     {
90b528cefcSMark Murray 	"load",		load,		"load file",
91b528cefcSMark Murray 	"Loads a previously dumped file."
92b528cefcSMark Murray     },
93b528cefcSMark Murray     {
94b528cefcSMark Murray 	"merge",	merge,		"merge file" ,
95b528cefcSMark Murray 	"Merges the contents of a dump file into the database."
96b528cefcSMark Murray     },
97b528cefcSMark Murray     {
98b528cefcSMark Murray 	"init",		init,		"init realm...",
99b528cefcSMark Murray 	"Initializes the default principals for a realm.\n"
100b528cefcSMark Murray 	"Creates the database if necessary."
101b528cefcSMark Murray     },
102b528cefcSMark Murray     /* common commands */
103b528cefcSMark Murray     {
104b528cefcSMark Murray 	"add",	add_new_key, 	"add principal" ,
105b528cefcSMark Murray 	"Adds a principal to the database."
106b528cefcSMark Murray     },
107b528cefcSMark Murray     { "add_new_key"},
108b528cefcSMark Murray     { "ank"},
109b528cefcSMark Murray     {
110b528cefcSMark Murray 	"passwd",	cpw_entry, 	"passwd expression..." ,
111b528cefcSMark Murray 	"Changes the password of one or more principals\n"
112b528cefcSMark Murray 	"matching the expressions."
113b528cefcSMark Murray     },
114b528cefcSMark Murray     { "change_password"},
115b528cefcSMark Murray     { "cpw"},
116b528cefcSMark Murray     {
117b528cefcSMark Murray 	"delete",	del_entry, 	"delete expression...",
118b528cefcSMark Murray 	"Deletes all principals matching the expressions."
119b528cefcSMark Murray     },
120b528cefcSMark Murray     { "del_entry" },
1214137ff4cSJacques Vidrine     { "del" },
122b528cefcSMark Murray     {
123b528cefcSMark Murray 	"del_enctype",	del_enctype,	"del_enctype principal enctype...",
124b528cefcSMark Murray 	"Delete all the mentioned enctypes for principal."
125b528cefcSMark Murray     },
126b528cefcSMark Murray     {
127b528cefcSMark Murray 	"ext_keytab",	ext_keytab, 	"ext_keytab expression...",
128b528cefcSMark Murray 	"Extracts the keys of all principals matching the expressions,\n"
129b528cefcSMark Murray 	"and stores them in a keytab."
130b528cefcSMark Murray     },
131b528cefcSMark Murray     {
132b528cefcSMark Murray 	"get",		get_entry, 	"get expression...",
133b528cefcSMark Murray 	"Shows information about principals matching the expressions."
134b528cefcSMark Murray     },
135b528cefcSMark Murray     { "get_entry" },
136b528cefcSMark Murray     {
137b528cefcSMark Murray 	"rename",	rename_entry, 	"rename source target",
138b528cefcSMark Murray 	"Renames `source' to `target'."
139b528cefcSMark Murray     },
140b528cefcSMark Murray     {
141b528cefcSMark Murray 	"modify",	mod_entry, 	"modify principal",
142b528cefcSMark Murray 	"Modifies some attributes of the specified principal."
143b528cefcSMark Murray     },
144b528cefcSMark Murray     {
145b528cefcSMark Murray 	"privileges",	get_privs,	"privileges",
146b528cefcSMark Murray 	"Shows which kinds of operations you are allowed to perform."
147b528cefcSMark Murray     },
1485e9cd1aeSAssar Westerlund     { "privs" },
149b528cefcSMark Murray     {
150b528cefcSMark Murray 	"list",		list_princs,	"list expression...",
151b528cefcSMark Murray 	"Lists principals in a terse format. The same as `get -t'."
152b528cefcSMark Murray     },
153b528cefcSMark Murray     { "help",		help, "help"},
154b528cefcSMark Murray     { "?"},
155b528cefcSMark Murray     { "exit",		exit_kadmin, "exit"},
1565e9cd1aeSAssar Westerlund     { "quit" },
157b528cefcSMark Murray     { NULL}
158b528cefcSMark Murray };
159b528cefcSMark Murray 
160b528cefcSMark Murray krb5_context context;
161b528cefcSMark Murray void *kadm_handle;
162b528cefcSMark Murray 
1635e9cd1aeSAssar Westerlund static SL_cmd *actual_cmds;
1645e9cd1aeSAssar Westerlund 
165b528cefcSMark Murray int
166b528cefcSMark Murray help(int argc, char **argv)
167b528cefcSMark Murray {
1685e9cd1aeSAssar Westerlund     sl_help(actual_cmds, argc, argv);
169b528cefcSMark Murray     return 0;
170b528cefcSMark Murray }
171b528cefcSMark Murray 
172b528cefcSMark Murray int
173b528cefcSMark Murray exit_kadmin (int argc, char **argv)
174b528cefcSMark Murray {
175b528cefcSMark Murray     return 1;
176b528cefcSMark Murray }
177b528cefcSMark Murray 
178b528cefcSMark Murray static void
179b528cefcSMark Murray usage(int ret)
180b528cefcSMark Murray {
181b528cefcSMark Murray     arg_printusage (args, num_args, NULL, "[command]");
182b528cefcSMark Murray     exit (ret);
183b528cefcSMark Murray }
184b528cefcSMark Murray 
185b528cefcSMark Murray int
186b528cefcSMark Murray get_privs(int argc, char **argv)
187b528cefcSMark Murray {
188b528cefcSMark Murray     u_int32_t privs;
189b528cefcSMark Murray     char str[128];
190b528cefcSMark Murray     kadm5_ret_t ret;
191b528cefcSMark Murray 
1925e9cd1aeSAssar Westerlund     int help_flag = 0;
1935e9cd1aeSAssar Westerlund     struct getargs args[] = {
1945e9cd1aeSAssar Westerlund 	{ "help",	'h',	arg_flag,	NULL }
1955e9cd1aeSAssar Westerlund     };
1965e9cd1aeSAssar Westerlund     int num_args = sizeof(args) / sizeof(args[0]);
1975e9cd1aeSAssar Westerlund     int optind = 0;
1985e9cd1aeSAssar Westerlund 
1995e9cd1aeSAssar Westerlund     args[0].value = &help_flag;
2005e9cd1aeSAssar Westerlund 
2015e9cd1aeSAssar Westerlund     if(getarg(args, num_args, argc, argv, &optind)) {
2025e9cd1aeSAssar Westerlund 	arg_printusage (args, num_args, "privileges", NULL);
2035e9cd1aeSAssar Westerlund 	return 0;
2045e9cd1aeSAssar Westerlund     }
2055e9cd1aeSAssar Westerlund     if(help_flag) {
2065e9cd1aeSAssar Westerlund 	arg_printusage (args, num_args, "privileges", NULL);
2075e9cd1aeSAssar Westerlund 	return 0;
2085e9cd1aeSAssar Westerlund     }
2095e9cd1aeSAssar Westerlund 
210b528cefcSMark Murray     ret = kadm5_get_privs(kadm_handle, &privs);
211b528cefcSMark Murray     if(ret)
212b528cefcSMark Murray 	krb5_warn(context, ret, "kadm5_get_privs");
213b528cefcSMark Murray     else{
214b528cefcSMark Murray 	ret =_kadm5_privs_to_string(privs, str, sizeof(str));
215b528cefcSMark Murray 	printf("%s\n", str);
216b528cefcSMark Murray     }
217b528cefcSMark Murray     return 0;
218b528cefcSMark Murray }
219b528cefcSMark Murray 
220b528cefcSMark Murray int
221b528cefcSMark Murray main(int argc, char **argv)
222b528cefcSMark Murray {
223b528cefcSMark Murray     krb5_error_code ret;
224b528cefcSMark Murray     krb5_config_section *cf = NULL;
225b528cefcSMark Murray     kadm5_config_params conf;
226b528cefcSMark Murray     int optind = 0;
227b528cefcSMark Murray 
228adb0ddaeSAssar Westerlund     setprogname(argv[0]);
229b528cefcSMark Murray 
2305e9cd1aeSAssar Westerlund     ret = krb5_init_context(&context);
2315e9cd1aeSAssar Westerlund     if (ret)
2325e9cd1aeSAssar Westerlund 	errx (1, "krb5_init_context failed: %d", ret);
233b528cefcSMark Murray 
2344137ff4cSJacques Vidrine     if(getarg(args, num_args, argc, argv, &optind))
2354137ff4cSJacques Vidrine 	usage(1);
236b528cefcSMark Murray 
237b528cefcSMark Murray     if (help_flag)
238b528cefcSMark Murray 	usage (0);
239b528cefcSMark Murray 
240b528cefcSMark Murray     if (version_flag) {
241b528cefcSMark Murray 	print_version(NULL);
242b528cefcSMark Murray 	exit(0);
243b528cefcSMark Murray     }
244b528cefcSMark Murray 
245b528cefcSMark Murray     argc -= optind;
246b528cefcSMark Murray     argv += optind;
247b528cefcSMark Murray 
248b528cefcSMark Murray     if (config_file == NULL)
249b528cefcSMark Murray 	config_file = HDB_DB_DIR "/kdc.conf";
250b528cefcSMark Murray 
251adb0ddaeSAssar Westerlund     if(krb5_config_parse_file(context, config_file, &cf) == 0) {
252b528cefcSMark Murray 	const char *p = krb5_config_get_string (context, cf,
253b528cefcSMark Murray 						"kdc", "key-file", NULL);
254b528cefcSMark Murray 	if (p)
255b528cefcSMark Murray 	    keyfile = strdup(p);
256b528cefcSMark Murray     }
257adb0ddaeSAssar Westerlund     krb5_clear_error_string (context);
258b528cefcSMark Murray 
259b528cefcSMark Murray     memset(&conf, 0, sizeof(conf));
260b528cefcSMark Murray     if(realm) {
261b528cefcSMark Murray 	krb5_set_default_realm(context, realm); /* XXX should be fixed
262b528cefcSMark Murray 						   some other way */
263b528cefcSMark Murray 	conf.realm = realm;
264b528cefcSMark Murray 	conf.mask |= KADM5_CONFIG_REALM;
265b528cefcSMark Murray     }
266b528cefcSMark Murray 
267b528cefcSMark Murray     if (admin_server) {
268b528cefcSMark Murray 	conf.admin_server = admin_server;
269b528cefcSMark Murray 	conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
270b528cefcSMark Murray     }
271b528cefcSMark Murray 
272b528cefcSMark Murray     if (server_port) {
273b528cefcSMark Murray 	conf.kadmind_port = htons(server_port);
274b528cefcSMark Murray 	conf.mask |= KADM5_CONFIG_KADMIND_PORT;
275b528cefcSMark Murray     }
276b528cefcSMark Murray 
277b528cefcSMark Murray     if(local_flag){
278b528cefcSMark Murray 	ret = kadm5_s_init_with_password_ctx(context,
279b528cefcSMark Murray 					     KADM5_ADMIN_SERVICE,
280b528cefcSMark Murray 					     NULL,
281b528cefcSMark Murray 					     KADM5_ADMIN_SERVICE,
282b528cefcSMark Murray 					     &conf, 0, 0,
283b528cefcSMark Murray 					     &kadm_handle);
2845e9cd1aeSAssar Westerlund 	actual_cmds = commands;
285adb0ddaeSAssar Westerlund     } else if (keytab) {
286adb0ddaeSAssar Westerlund         ret = kadm5_c_init_with_skey_ctx(context,
287adb0ddaeSAssar Westerlund 					 client_name,
288adb0ddaeSAssar Westerlund 					 keytab,
289adb0ddaeSAssar Westerlund 					 KADM5_ADMIN_SERVICE,
290adb0ddaeSAssar Westerlund                                          &conf, 0, 0,
291adb0ddaeSAssar Westerlund                                          &kadm_handle);
292adb0ddaeSAssar Westerlund         actual_cmds = commands + 4; /* XXX */
293b528cefcSMark Murray     } else {
294b528cefcSMark Murray 	ret = kadm5_c_init_with_password_ctx(context,
295b528cefcSMark Murray 					     client_name,
296b528cefcSMark Murray 					     NULL,
297b528cefcSMark Murray 					     KADM5_ADMIN_SERVICE,
298b528cefcSMark Murray 					     &conf, 0, 0,
299b528cefcSMark Murray 					     &kadm_handle);
3005e9cd1aeSAssar Westerlund 	actual_cmds = commands + 4; /* XXX */
301b528cefcSMark Murray     }
302b528cefcSMark Murray 
303b528cefcSMark Murray     if(ret)
304b528cefcSMark Murray 	krb5_err(context, 1, ret, "kadm5_init_with_password");
3055e9cd1aeSAssar Westerlund 
3065e9cd1aeSAssar Westerlund     signal(SIGINT, SIG_IGN); /* ignore signals for now, the sl command
3075e9cd1aeSAssar Westerlund                                 parser will handle SIGINT its own way;
3085e9cd1aeSAssar Westerlund                                 we should really take care of this in
3095e9cd1aeSAssar Westerlund                                 each function, f.i `get' might be
3105e9cd1aeSAssar Westerlund                                 interruptable, but not `create' */
311b528cefcSMark Murray     if (argc != 0) {
3125e9cd1aeSAssar Westerlund 	ret = sl_command (actual_cmds, argc, argv);
313b528cefcSMark Murray 	if(ret == -1)
314b528cefcSMark Murray 	    krb5_warnx (context, "unrecognized command: %s", argv[0]);
315b528cefcSMark Murray     } else
3165e9cd1aeSAssar Westerlund 	ret = sl_loop (actual_cmds, "kadmin> ") != 0;
317b528cefcSMark Murray 
318b528cefcSMark Murray     kadm5_destroy(kadm_handle);
319b528cefcSMark Murray     krb5_config_file_free (context, cf);
320b528cefcSMark Murray     krb5_free_context(context);
321b528cefcSMark Murray     return ret;
322b528cefcSMark Murray }
323