xref: /freebsd/crypto/heimdal/kadmin/kadmin.c (revision 5e9cd1ae3e10592ed70e7575551cba1bbab04d84) 
1b528cefcSMark Murray /*
25e9cd1aeSAssar Westerlund  * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
3b528cefcSMark Murray  * (Royal Institute of Technology, Stockholm, Sweden).
4b528cefcSMark Murray  * All rights reserved.
5b528cefcSMark Murray  *
6b528cefcSMark Murray  * Redistribution and use in source and binary forms, with or without
7b528cefcSMark Murray  * modification, are permitted provided that the following conditions
8b528cefcSMark Murray  * are met:
9b528cefcSMark Murray  *
10b528cefcSMark Murray  * 1. Redistributions of source code must retain the above copyright
11b528cefcSMark Murray  *    notice, this list of conditions and the following disclaimer.
12b528cefcSMark Murray  *
13b528cefcSMark Murray  * 2. Redistributions in binary form must reproduce the above copyright
14b528cefcSMark Murray  *    notice, this list of conditions and the following disclaimer in the
15b528cefcSMark Murray  *    documentation and/or other materials provided with the distribution.
16b528cefcSMark Murray  *
17b528cefcSMark Murray  * 3. Neither the name of the Institute nor the names of its contributors
18b528cefcSMark Murray  *    may be used to endorse or promote products derived from this software
19b528cefcSMark Murray  *    without specific prior written permission.
20b528cefcSMark Murray  *
21b528cefcSMark Murray  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22b528cefcSMark Murray  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23b528cefcSMark Murray  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24b528cefcSMark Murray  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25b528cefcSMark Murray  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26b528cefcSMark Murray  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27b528cefcSMark Murray  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28b528cefcSMark Murray  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29b528cefcSMark Murray  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30b528cefcSMark Murray  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31b528cefcSMark Murray  * SUCH DAMAGE.
32b528cefcSMark Murray  */
33b528cefcSMark Murray 
34b528cefcSMark Murray #include "kadmin_locl.h"
35b528cefcSMark Murray #include <sl.h>
36b528cefcSMark Murray 
375e9cd1aeSAssar Westerlund RCSID("$Id: kadmin.c,v 1.34 2001/01/26 22:20:52 joda Exp $");
38b528cefcSMark Murray 
39b528cefcSMark Murray static char *config_file;
40b528cefcSMark Murray static char *keyfile;
41b528cefcSMark Murray static int local_flag;
42b528cefcSMark Murray static int help_flag;
43b528cefcSMark Murray static int version_flag;
44b528cefcSMark Murray static char *realm;
45b528cefcSMark Murray static char *admin_server;
46b528cefcSMark Murray static int server_port = 0;
47b528cefcSMark Murray static char *client_name;
48b528cefcSMark Murray 
49b528cefcSMark Murray static struct getargs args[] = {
50b528cefcSMark Murray     {	"principal", 	'p',	arg_string,	&client_name,
51b528cefcSMark Murray 	"principal to authenticate as" },
52b528cefcSMark Murray     {
53b528cefcSMark Murray 	"config-file",	'c',	arg_string,	&config_file,
54b528cefcSMark Murray 	"location of config file",	"file"
55b528cefcSMark Murray     },
56b528cefcSMark Murray     {
57b528cefcSMark Murray 	"key-file",	'k',	arg_string, &keyfile,
58b528cefcSMark Murray 	"location of master key file", "file"
59b528cefcSMark Murray     },
60b528cefcSMark Murray     {
61b528cefcSMark Murray 	"realm",	'r',	arg_string,   &realm,
62b528cefcSMark Murray 	"realm to use", "realm"
63b528cefcSMark Murray     },
64b528cefcSMark Murray     {
65b528cefcSMark Murray 	"admin-server",	'a',	arg_string,   &admin_server,
66b528cefcSMark Murray 	"server to contact", "host"
67b528cefcSMark Murray     },
68b528cefcSMark Murray     {
69b528cefcSMark Murray 	"server-port",	's',	arg_integer,   &server_port,
7013e3f4d6SMark Murray 	"port to use", "port number"
71b528cefcSMark Murray     },
72b528cefcSMark Murray     {	"local", 'l', arg_flag, &local_flag, "local admin mode" },
73b528cefcSMark Murray     {	"help",		'h',	arg_flag,   &help_flag },
74b528cefcSMark Murray     {	"version",	'v',	arg_flag,   &version_flag }
75b528cefcSMark Murray };
76b528cefcSMark Murray 
77b528cefcSMark Murray static int num_args = sizeof(args) / sizeof(args[0]);
78b528cefcSMark Murray 
79b528cefcSMark Murray static SL_cmd commands[] = {
80b528cefcSMark Murray     /* commands that are only available with `-l' */
81b528cefcSMark Murray     {
82b528cefcSMark Murray 	"dump",		dump,		"dump [file]",
83b528cefcSMark Murray 	"Dumps the database in a human readable format to the\n"
84b528cefcSMark Murray 	"specified file, or the standard out."
85b528cefcSMark Murray     },
86b528cefcSMark Murray     {
87b528cefcSMark Murray 	"load",		load,		"load file",
88b528cefcSMark Murray 	"Loads a previously dumped file."
89b528cefcSMark Murray     },
90b528cefcSMark Murray     {
91b528cefcSMark Murray 	"merge",	merge,		"merge file" ,
92b528cefcSMark Murray 	"Merges the contents of a dump file into the database."
93b528cefcSMark Murray     },
94b528cefcSMark Murray     {
95b528cefcSMark Murray 	"init",		init,		"init realm...",
96b528cefcSMark Murray 	"Initializes the default principals for a realm.\n"
97b528cefcSMark Murray 	"Creates the database if necessary."
98b528cefcSMark Murray     },
99b528cefcSMark Murray     /* common commands */
100b528cefcSMark Murray     {
101b528cefcSMark Murray 	"add",	add_new_key, 	"add principal" ,
102b528cefcSMark Murray 	"Adds a principal to the database."
103b528cefcSMark Murray     },
104b528cefcSMark Murray     { "add_new_key"},
105b528cefcSMark Murray     { "ank"},
106b528cefcSMark Murray     {
107b528cefcSMark Murray 	"passwd",	cpw_entry, 	"passwd expression..." ,
108b528cefcSMark Murray 	"Changes the password of one or more principals\n"
109b528cefcSMark Murray 	"matching the expressions."
110b528cefcSMark Murray     },
111b528cefcSMark Murray     { "change_password"},
112b528cefcSMark Murray     { "cpw"},
113b528cefcSMark Murray     {
114b528cefcSMark Murray 	"delete",	del_entry, 	"delete expression...",
115b528cefcSMark Murray 	"Deletes all principals matching the expressions."
116b528cefcSMark Murray     },
117b528cefcSMark Murray     { "del_entry" },
118b528cefcSMark Murray     {
119b528cefcSMark Murray 	"del_enctype",	del_enctype,	"del_enctype principal enctype...",
120b528cefcSMark Murray 	"Delete all the mentioned enctypes for principal."
121b528cefcSMark Murray     },
122b528cefcSMark Murray     {
123b528cefcSMark Murray 	"ext_keytab",	ext_keytab, 	"ext_keytab expression...",
124b528cefcSMark Murray 	"Extracts the keys of all principals matching the expressions,\n"
125b528cefcSMark Murray 	"and stores them in a keytab."
126b528cefcSMark Murray     },
127b528cefcSMark Murray     {
128b528cefcSMark Murray 	"get",		get_entry, 	"get expression...",
129b528cefcSMark Murray 	"Shows information about principals matching the expressions."
130b528cefcSMark Murray     },
131b528cefcSMark Murray     { "get_entry" },
132b528cefcSMark Murray     {
133b528cefcSMark Murray 	"rename",	rename_entry, 	"rename source target",
134b528cefcSMark Murray 	"Renames `source' to `target'."
135b528cefcSMark Murray     },
136b528cefcSMark Murray     {
137b528cefcSMark Murray 	"modify",	mod_entry, 	"modify principal",
138b528cefcSMark Murray 	"Modifies some attributes of the specified principal."
139b528cefcSMark Murray     },
140b528cefcSMark Murray     {
141b528cefcSMark Murray 	"privileges",	get_privs,	"privileges",
142b528cefcSMark Murray 	"Shows which kinds of operations you are allowed to perform."
143b528cefcSMark Murray     },
1445e9cd1aeSAssar Westerlund     { "privs" },
145b528cefcSMark Murray     {
146b528cefcSMark Murray 	"list",		list_princs,	"list expression...",
147b528cefcSMark Murray 	"Lists principals in a terse format. The same as `get -t'."
148b528cefcSMark Murray     },
149b528cefcSMark Murray     { "help",		help, "help"},
150b528cefcSMark Murray     { "?"},
151b528cefcSMark Murray     { "exit",		exit_kadmin, "exit"},
1525e9cd1aeSAssar Westerlund     { "quit" },
153b528cefcSMark Murray     { NULL}
154b528cefcSMark Murray };
155b528cefcSMark Murray 
156b528cefcSMark Murray krb5_context context;
157b528cefcSMark Murray void *kadm_handle;
158b528cefcSMark Murray 
1595e9cd1aeSAssar Westerlund static SL_cmd *actual_cmds;
1605e9cd1aeSAssar Westerlund 
161b528cefcSMark Murray int
162b528cefcSMark Murray help(int argc, char **argv)
163b528cefcSMark Murray {
1645e9cd1aeSAssar Westerlund     sl_help(actual_cmds, argc, argv);
165b528cefcSMark Murray     return 0;
166b528cefcSMark Murray }
167b528cefcSMark Murray 
168b528cefcSMark Murray int
169b528cefcSMark Murray exit_kadmin (int argc, char **argv)
170b528cefcSMark Murray {
171b528cefcSMark Murray     return 1;
172b528cefcSMark Murray }
173b528cefcSMark Murray 
174b528cefcSMark Murray static void
175b528cefcSMark Murray usage(int ret)
176b528cefcSMark Murray {
177b528cefcSMark Murray     arg_printusage (args, num_args, NULL, "[command]");
178b528cefcSMark Murray     exit (ret);
179b528cefcSMark Murray }
180b528cefcSMark Murray 
181b528cefcSMark Murray int
182b528cefcSMark Murray get_privs(int argc, char **argv)
183b528cefcSMark Murray {
184b528cefcSMark Murray     u_int32_t privs;
185b528cefcSMark Murray     char str[128];
186b528cefcSMark Murray     kadm5_ret_t ret;
187b528cefcSMark Murray 
1885e9cd1aeSAssar Westerlund     int help_flag = 0;
1895e9cd1aeSAssar Westerlund     struct getargs args[] = {
1905e9cd1aeSAssar Westerlund 	{ "help",	'h',	arg_flag,	NULL }
1915e9cd1aeSAssar Westerlund     };
1925e9cd1aeSAssar Westerlund     int num_args = sizeof(args) / sizeof(args[0]);
1935e9cd1aeSAssar Westerlund     int optind = 0;
1945e9cd1aeSAssar Westerlund 
1955e9cd1aeSAssar Westerlund     args[0].value = &help_flag;
1965e9cd1aeSAssar Westerlund 
1975e9cd1aeSAssar Westerlund     if(getarg(args, num_args, argc, argv, &optind)) {
1985e9cd1aeSAssar Westerlund 	arg_printusage (args, num_args, "privileges", NULL);
1995e9cd1aeSAssar Westerlund 	return 0;
2005e9cd1aeSAssar Westerlund     }
2015e9cd1aeSAssar Westerlund     if(help_flag) {
2025e9cd1aeSAssar Westerlund 	arg_printusage (args, num_args, "privileges", NULL);
2035e9cd1aeSAssar Westerlund 	return 0;
2045e9cd1aeSAssar Westerlund     }
2055e9cd1aeSAssar Westerlund 
206b528cefcSMark Murray     ret = kadm5_get_privs(kadm_handle, &privs);
207b528cefcSMark Murray     if(ret)
208b528cefcSMark Murray 	krb5_warn(context, ret, "kadm5_get_privs");
209b528cefcSMark Murray     else{
210b528cefcSMark Murray 	ret =_kadm5_privs_to_string(privs, str, sizeof(str));
211b528cefcSMark Murray 	printf("%s\n", str);
212b528cefcSMark Murray     }
213b528cefcSMark Murray     return 0;
214b528cefcSMark Murray }
215b528cefcSMark Murray 
216b528cefcSMark Murray int
217b528cefcSMark Murray main(int argc, char **argv)
218b528cefcSMark Murray {
219b528cefcSMark Murray     krb5_error_code ret;
220b528cefcSMark Murray     krb5_config_section *cf = NULL;
221b528cefcSMark Murray     kadm5_config_params conf;
222b528cefcSMark Murray     int optind = 0;
223b528cefcSMark Murray     int e;
224b528cefcSMark Murray 
225b528cefcSMark Murray     set_progname(argv[0]);
226b528cefcSMark Murray 
2275e9cd1aeSAssar Westerlund     ret = krb5_init_context(&context);
2285e9cd1aeSAssar Westerlund     if (ret)
2295e9cd1aeSAssar Westerlund 	errx (1, "krb5_init_context failed: %d", ret);
230b528cefcSMark Murray 
231b528cefcSMark Murray     while((e = getarg(args, num_args, argc, argv, &optind)))
2325e9cd1aeSAssar Westerlund 	errx(1, "error at argument `%s'", argv[optind]);
233b528cefcSMark Murray 
234b528cefcSMark Murray     if (help_flag)
235b528cefcSMark Murray 	usage (0);
236b528cefcSMark Murray 
237b528cefcSMark Murray     if (version_flag) {
238b528cefcSMark Murray 	print_version(NULL);
239b528cefcSMark Murray 	exit(0);
240b528cefcSMark Murray     }
241b528cefcSMark Murray 
242b528cefcSMark Murray     argc -= optind;
243b528cefcSMark Murray     argv += optind;
244b528cefcSMark Murray 
245b528cefcSMark Murray     if (config_file == NULL)
246b528cefcSMark Murray 	config_file = HDB_DB_DIR "/kdc.conf";
247b528cefcSMark Murray 
248b528cefcSMark Murray     if(krb5_config_parse_file(config_file, &cf) == 0) {
249b528cefcSMark Murray 	const char *p = krb5_config_get_string (context, cf,
250b528cefcSMark Murray 						"kdc", "key-file", NULL);
251b528cefcSMark Murray 	if (p)
252b528cefcSMark Murray 	    keyfile = strdup(p);
253b528cefcSMark Murray     }
254b528cefcSMark Murray 
255b528cefcSMark Murray     memset(&conf, 0, sizeof(conf));
256b528cefcSMark Murray     if(realm) {
257b528cefcSMark Murray 	krb5_set_default_realm(context, realm); /* XXX should be fixed
258b528cefcSMark Murray 						   some other way */
259b528cefcSMark Murray 	conf.realm = realm;
260b528cefcSMark Murray 	conf.mask |= KADM5_CONFIG_REALM;
261b528cefcSMark Murray     }
262b528cefcSMark Murray 
263b528cefcSMark Murray     if (admin_server) {
264b528cefcSMark Murray 	conf.admin_server = admin_server;
265b528cefcSMark Murray 	conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
266b528cefcSMark Murray     }
267b528cefcSMark Murray 
268b528cefcSMark Murray     if (server_port) {
269b528cefcSMark Murray 	conf.kadmind_port = htons(server_port);
270b528cefcSMark Murray 	conf.mask |= KADM5_CONFIG_KADMIND_PORT;
271b528cefcSMark Murray     }
272b528cefcSMark Murray 
273b528cefcSMark Murray     if(local_flag){
274b528cefcSMark Murray 	ret = kadm5_s_init_with_password_ctx(context,
275b528cefcSMark Murray 					     KADM5_ADMIN_SERVICE,
276b528cefcSMark Murray 					     NULL,
277b528cefcSMark Murray 					     KADM5_ADMIN_SERVICE,
278b528cefcSMark Murray 					     &conf, 0, 0,
279b528cefcSMark Murray 					     &kadm_handle);
2805e9cd1aeSAssar Westerlund 	actual_cmds = commands;
281b528cefcSMark Murray     } else {
282b528cefcSMark Murray 	ret = kadm5_c_init_with_password_ctx(context,
283b528cefcSMark Murray 					     client_name,
284b528cefcSMark Murray 					     NULL,
285b528cefcSMark Murray 					     KADM5_ADMIN_SERVICE,
286b528cefcSMark Murray 					     &conf, 0, 0,
287b528cefcSMark Murray 					     &kadm_handle);
2885e9cd1aeSAssar Westerlund 	actual_cmds = commands + 4; /* XXX */
289b528cefcSMark Murray     }
290b528cefcSMark Murray 
291b528cefcSMark Murray     if(ret)
292b528cefcSMark Murray 	krb5_err(context, 1, ret, "kadm5_init_with_password");
2935e9cd1aeSAssar Westerlund 
2945e9cd1aeSAssar Westerlund     signal(SIGINT, SIG_IGN); /* ignore signals for now, the sl command
2955e9cd1aeSAssar Westerlund                                 parser will handle SIGINT its own way;
2965e9cd1aeSAssar Westerlund                                 we should really take care of this in
2975e9cd1aeSAssar Westerlund                                 each function, f.i `get' might be
2985e9cd1aeSAssar Westerlund                                 interruptable, but not `create' */
299b528cefcSMark Murray     if (argc != 0) {
3005e9cd1aeSAssar Westerlund 	ret = sl_command (actual_cmds, argc, argv);
301b528cefcSMark Murray 	if(ret == -1)
302b528cefcSMark Murray 	    krb5_warnx (context, "unrecognized command: %s", argv[0]);
303b528cefcSMark Murray     } else
3045e9cd1aeSAssar Westerlund 	ret = sl_loop (actual_cmds, "kadmin> ") != 0;
305b528cefcSMark Murray 
306b528cefcSMark Murray     kadm5_destroy(kadm_handle);
307b528cefcSMark Murray     krb5_config_file_free (context, cf);
308b528cefcSMark Murray     krb5_free_context(context);
309b528cefcSMark Murray     return ret;
310b528cefcSMark Murray }
311