1 /* 2 * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #include "kadmin_locl.h" 35 #include "kadmin-commands.h" 36 #include <sl.h> 37 38 static char *config_file; 39 static char *keyfile; 40 int local_flag; 41 static int ad_flag; 42 static int help_flag; 43 static int version_flag; 44 static char *realm; 45 static char *admin_server; 46 static int server_port = 0; 47 static char *client_name; 48 static char *keytab; 49 static char *check_library = NULL; 50 static char *check_function = NULL; 51 static getarg_strings policy_libraries = { 0, NULL }; 52 53 static struct getargs args[] = { 54 { "principal", 'p', arg_string, &client_name, 55 "principal to authenticate as", NULL }, 56 { "keytab", 'K', arg_string, &keytab, 57 "keytab for authentication principal", NULL }, 58 { 59 "config-file", 'c', arg_string, &config_file, 60 "location of config file", "file" 61 }, 62 { 63 "key-file", 'k', arg_string, &keyfile, 64 "location of master key file", "file" 65 }, 66 { 67 "realm", 'r', arg_string, &realm, 68 "realm to use", "realm" 69 }, 70 { 71 "admin-server", 'a', arg_string, &admin_server, 72 "server to contact", "host" 73 }, 74 { 75 "server-port", 's', arg_integer, &server_port, 76 "port to use", "port number" 77 }, 78 { "ad", 0, arg_flag, &ad_flag, "active directory admin mode", 79 NULL }, 80 #ifdef HAVE_DLOPEN 81 { "check-library", 0, arg_string, &check_library, 82 "library to load password check function from", "library" }, 83 { "check-function", 0, arg_string, &check_function, 84 "password check function to load", "function" }, 85 { "policy-libraries", 0, arg_strings, &policy_libraries, 86 "password check function to load", "function" }, 87 #endif 88 { "local", 'l', arg_flag, &local_flag, "local admin mode", NULL }, 89 { "help", 'h', arg_flag, &help_flag, NULL, NULL }, 90 { "version", 'v', arg_flag, &version_flag, NULL, NULL } 91 }; 92 93 static int num_args = sizeof(args) / sizeof(args[0]); 94 95 96 krb5_context context; 97 void *kadm_handle; 98 99 int 100 help(void *opt, int argc, char **argv) 101 { 102 sl_slc_help(commands, argc, argv); 103 return 0; 104 } 105 106 static int exit_seen = 0; 107 108 int 109 exit_kadmin (void *opt, int argc, char **argv) 110 { 111 exit_seen = 1; 112 return 0; 113 } 114 115 static void 116 usage(int ret) 117 { 118 arg_printusage (args, num_args, NULL, "[command]"); 119 exit (ret); 120 } 121 122 int 123 get_privs(void *opt, int argc, char **argv) 124 { 125 uint32_t privs; 126 char str[128]; 127 kadm5_ret_t ret; 128 129 ret = kadm5_get_privs(kadm_handle, &privs); 130 if(ret) 131 krb5_warn(context, ret, "kadm5_get_privs"); 132 else{ 133 ret =_kadm5_privs_to_string(privs, str, sizeof(str)); 134 if (ret == 0) 135 printf("%s\n", str); 136 else 137 printf("privs: 0x%x\n", (unsigned int)privs); 138 } 139 return 0; 140 } 141 142 int 143 main(int argc, char **argv) 144 { 145 krb5_error_code ret; 146 char **files; 147 kadm5_config_params conf; 148 int optidx = 0; 149 int exit_status = 0; 150 151 setprogname(argv[0]); 152 153 ret = krb5_init_context(&context); 154 if (ret) 155 errx (1, "krb5_init_context failed: %d", ret); 156 157 if(getarg(args, num_args, argc, argv, &optidx)) 158 usage(1); 159 160 if (help_flag) 161 usage (0); 162 163 if (version_flag) { 164 print_version(NULL); 165 exit(0); 166 } 167 168 argc -= optidx; 169 argv += optidx; 170 171 if (config_file == NULL) { 172 asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context)); 173 if (config_file == NULL) 174 errx(1, "out of memory"); 175 } 176 177 ret = krb5_prepend_config_files_default(config_file, &files); 178 if (ret) 179 krb5_err(context, 1, ret, "getting configuration files"); 180 181 ret = krb5_set_config_files(context, files); 182 krb5_free_config_files(files); 183 if(ret) 184 krb5_err(context, 1, ret, "reading configuration files"); 185 186 memset(&conf, 0, sizeof(conf)); 187 if(realm) { 188 krb5_set_default_realm(context, realm); /* XXX should be fixed 189 some other way */ 190 conf.realm = realm; 191 conf.mask |= KADM5_CONFIG_REALM; 192 } 193 194 if (admin_server) { 195 conf.admin_server = admin_server; 196 conf.mask |= KADM5_CONFIG_ADMIN_SERVER; 197 } 198 199 if (server_port) { 200 conf.kadmind_port = htons(server_port); 201 conf.mask |= KADM5_CONFIG_KADMIND_PORT; 202 } 203 204 if (keyfile) { 205 conf.stash_file = keyfile; 206 conf.mask |= KADM5_CONFIG_STASH_FILE; 207 } 208 209 if(local_flag) { 210 int i; 211 212 kadm5_setup_passwd_quality_check (context, 213 check_library, check_function); 214 215 for (i = 0; i < policy_libraries.num_strings; i++) { 216 ret = kadm5_add_passwd_quality_verifier(context, 217 policy_libraries.strings[i]); 218 if (ret) 219 krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); 220 } 221 ret = kadm5_add_passwd_quality_verifier(context, NULL); 222 if (ret) 223 krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); 224 225 ret = kadm5_s_init_with_password_ctx(context, 226 KADM5_ADMIN_SERVICE, 227 NULL, 228 KADM5_ADMIN_SERVICE, 229 &conf, 0, 0, 230 &kadm_handle); 231 } else if (ad_flag) { 232 if (client_name == NULL) 233 krb5_errx(context, 1, "keytab mode require principal name"); 234 ret = kadm5_ad_init_with_password_ctx(context, 235 client_name, 236 NULL, 237 KADM5_ADMIN_SERVICE, 238 &conf, 0, 0, 239 &kadm_handle); 240 } else if (keytab) { 241 if (client_name == NULL) 242 krb5_errx(context, 1, "keytab mode require principal name"); 243 ret = kadm5_c_init_with_skey_ctx(context, 244 client_name, 245 keytab, 246 KADM5_ADMIN_SERVICE, 247 &conf, 0, 0, 248 &kadm_handle); 249 } else 250 ret = kadm5_c_init_with_password_ctx(context, 251 client_name, 252 NULL, 253 KADM5_ADMIN_SERVICE, 254 &conf, 0, 0, 255 &kadm_handle); 256 257 if(ret) 258 krb5_err(context, 1, ret, "kadm5_init_with_password"); 259 260 signal(SIGINT, SIG_IGN); /* ignore signals for now, the sl command 261 parser will handle SIGINT its own way; 262 we should really take care of this in 263 each function, f.i `get' might be 264 interruptable, but not `create' */ 265 if (argc != 0) { 266 ret = sl_command (commands, argc, argv); 267 if(ret == -1) 268 krb5_warnx (context, "unrecognized command: %s", argv[0]); 269 else if (ret == -2) 270 ret = 0; 271 if(ret != 0) 272 exit_status = 1; 273 } else { 274 while(!exit_seen) { 275 ret = sl_command_loop(commands, "kadmin> ", NULL); 276 if (ret == -2) 277 exit_seen = 1; 278 else if (ret != 0) 279 exit_status = 1; 280 } 281 } 282 283 kadm5_destroy(kadm_handle); 284 krb5_free_context(context); 285 return exit_status; 286 } 287