xref: /freebsd/crypto/heimdal/kadmin/kadmin.c (revision b0d29bc47dba79f6f38e67eabadfb4b32ffd9390)
1 /*
2  * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "kadmin_locl.h"
35 #include "kadmin-commands.h"
36 #include <sl.h>
37 
38 static char *config_file;
39 static char *keyfile;
40 int local_flag;
41 static int ad_flag;
42 static int help_flag;
43 static int version_flag;
44 static char *realm;
45 static char *admin_server;
46 static int server_port = 0;
47 static char *client_name;
48 static char *keytab;
49 static char *check_library  = NULL;
50 static char *check_function = NULL;
51 static getarg_strings policy_libraries = { 0, NULL };
52 
53 static struct getargs args[] = {
54     {	"principal", 	'p',	arg_string,	&client_name,
55 	"principal to authenticate as", NULL },
56     {   "keytab",	'K',	arg_string,	&keytab,
57    	"keytab for authentication principal", NULL },
58     {
59 	"config-file",	'c',	arg_string,	&config_file,
60 	"location of config file",	"file"
61     },
62     {
63 	"key-file",	'k',	arg_string, &keyfile,
64 	"location of master key file", "file"
65     },
66     {
67 	"realm",	'r',	arg_string,   &realm,
68 	"realm to use", "realm"
69     },
70     {
71 	"admin-server",	'a',	arg_string,   &admin_server,
72 	"server to contact", "host"
73     },
74     {
75 	"server-port",	's',	arg_integer,   &server_port,
76 	"port to use", "port number"
77     },
78     {	"ad", 		0, arg_flag, &ad_flag, "active directory admin mode",
79 	NULL },
80 #ifdef HAVE_DLOPEN
81     { "check-library", 0, arg_string, &check_library,
82       "library to load password check function from", "library" },
83     { "check-function", 0, arg_string, &check_function,
84       "password check function to load", "function" },
85     { "policy-libraries", 0, arg_strings, &policy_libraries,
86       "password check function to load", "function" },
87 #endif
88     {	"local", 'l', arg_flag, &local_flag, "local admin mode", NULL },
89     {	"help",		'h',	arg_flag,   &help_flag, NULL, NULL },
90     {	"version",	'v',	arg_flag,   &version_flag, NULL, NULL }
91 };
92 
93 static int num_args = sizeof(args) / sizeof(args[0]);
94 
95 
96 krb5_context context;
97 void *kadm_handle;
98 
99 int
100 help(void *opt, int argc, char **argv)
101 {
102     sl_slc_help(commands, argc, argv);
103     return 0;
104 }
105 
106 static int exit_seen = 0;
107 
108 int
109 exit_kadmin (void *opt, int argc, char **argv)
110 {
111     exit_seen = 1;
112     return 0;
113 }
114 
115 static void
116 usage(int ret)
117 {
118     arg_printusage (args, num_args, NULL, "[command]");
119     exit (ret);
120 }
121 
122 int
123 get_privs(void *opt, int argc, char **argv)
124 {
125     uint32_t privs;
126     char str[128];
127     kadm5_ret_t ret;
128 
129     ret = kadm5_get_privs(kadm_handle, &privs);
130     if(ret)
131 	krb5_warn(context, ret, "kadm5_get_privs");
132     else{
133 	ret =_kadm5_privs_to_string(privs, str, sizeof(str));
134 	if (ret == 0)
135 	    printf("%s\n", str);
136 	else
137 	    printf("privs: 0x%x\n", (unsigned int)privs);
138     }
139     return 0;
140 }
141 
142 int
143 main(int argc, char **argv)
144 {
145     krb5_error_code ret;
146     char **files;
147     kadm5_config_params conf;
148     int optidx = 0;
149     int exit_status = 0;
150 
151     setprogname(argv[0]);
152 
153     ret = krb5_init_context(&context);
154     if (ret)
155 	errx (1, "krb5_init_context failed: %d", ret);
156 
157     if(getarg(args, num_args, argc, argv, &optidx))
158 	usage(1);
159 
160     if (help_flag)
161 	usage (0);
162 
163     if (version_flag) {
164 	print_version(NULL);
165 	exit(0);
166     }
167 
168     argc -= optidx;
169     argv += optidx;
170 
171     if (config_file == NULL) {
172 	asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
173 	if (config_file == NULL)
174 	    errx(1, "out of memory");
175     }
176 
177     ret = krb5_prepend_config_files_default(config_file, &files);
178     if (ret)
179 	krb5_err(context, 1, ret, "getting configuration files");
180 
181     ret = krb5_set_config_files(context, files);
182     krb5_free_config_files(files);
183     if(ret)
184 	krb5_err(context, 1, ret, "reading configuration files");
185 
186     memset(&conf, 0, sizeof(conf));
187     if(realm) {
188 	krb5_set_default_realm(context, realm); /* XXX should be fixed
189 						   some other way */
190 	conf.realm = realm;
191 	conf.mask |= KADM5_CONFIG_REALM;
192     }
193 
194     if (admin_server) {
195 	conf.admin_server = admin_server;
196 	conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
197     }
198 
199     if (server_port) {
200 	conf.kadmind_port = htons(server_port);
201 	conf.mask |= KADM5_CONFIG_KADMIND_PORT;
202     }
203 
204     if (keyfile) {
205 	conf.stash_file = keyfile;
206 	conf.mask |= KADM5_CONFIG_STASH_FILE;
207     }
208 
209     if(local_flag) {
210 	int i;
211 
212 	kadm5_setup_passwd_quality_check (context,
213 					  check_library, check_function);
214 
215 	for (i = 0; i < policy_libraries.num_strings; i++) {
216 	    ret = kadm5_add_passwd_quality_verifier(context,
217 						    policy_libraries.strings[i]);
218 	    if (ret)
219 		krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
220 	}
221 	ret = kadm5_add_passwd_quality_verifier(context, NULL);
222 	if (ret)
223 	    krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
224 
225 	ret = kadm5_s_init_with_password_ctx(context,
226 					     KADM5_ADMIN_SERVICE,
227 					     NULL,
228 					     KADM5_ADMIN_SERVICE,
229 					     &conf, 0, 0,
230 					     &kadm_handle);
231     } else if (ad_flag) {
232 	if (client_name == NULL)
233 	    krb5_errx(context, 1, "keytab mode require principal name");
234 	ret = kadm5_ad_init_with_password_ctx(context,
235 					      client_name,
236 					      NULL,
237 					      KADM5_ADMIN_SERVICE,
238 					      &conf, 0, 0,
239 					      &kadm_handle);
240     } else if (keytab) {
241 	if (client_name == NULL)
242 	    krb5_errx(context, 1, "keytab mode require principal name");
243         ret = kadm5_c_init_with_skey_ctx(context,
244 					 client_name,
245 					 keytab,
246 					 KADM5_ADMIN_SERVICE,
247                                          &conf, 0, 0,
248                                          &kadm_handle);
249     } else
250 	ret = kadm5_c_init_with_password_ctx(context,
251 					     client_name,
252 					     NULL,
253 					     KADM5_ADMIN_SERVICE,
254 					     &conf, 0, 0,
255 					     &kadm_handle);
256 
257     if(ret)
258 	krb5_err(context, 1, ret, "kadm5_init_with_password");
259 
260     signal(SIGINT, SIG_IGN); /* ignore signals for now, the sl command
261                                 parser will handle SIGINT its own way;
262                                 we should really take care of this in
263                                 each function, f.i `get' might be
264                                 interruptable, but not `create' */
265     if (argc != 0) {
266 	ret = sl_command (commands, argc, argv);
267 	if(ret == -1)
268 	    krb5_warnx (context, "unrecognized command: %s", argv[0]);
269 	else if (ret == -2)
270 	    ret = 0;
271 	if(ret != 0)
272 	    exit_status = 1;
273     } else {
274 	while(!exit_seen) {
275 	    ret = sl_command_loop(commands, "kadmin> ", NULL);
276 	    if (ret == -2)
277 		exit_seen = 1;
278 	    else if (ret != 0)
279 		exit_status = 1;
280 	}
281     }
282 
283     kadm5_destroy(kadm_handle);
284     krb5_free_context(context);
285     return exit_status;
286 }
287