xref: /titanic_51/usr/src/cmd/krb5/kadmin/cli/k5srvutil.sh (revision 56a424cca6b3f91f31bdab72a4626c48c779fe8b) 
1*56a424ccSmp153739#!/bin/sh
2*56a424ccSmp153739#
3*56a424ccSmp153739#
4*56a424ccSmp153739# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
5*56a424ccSmp153739# Use is subject to license terms.
6*56a424ccSmp153739#
7*56a424ccSmp153739#
8*56a424ccSmp153739#
9*56a424ccSmp153739#
10*56a424ccSmp153739#pragma ident	"%Z%%M%	%I%	%E% SMI"
11*56a424ccSmp153739
12*56a424ccSmp153739TEXTDOMAIN=SUNW_OST_OSCMD
13*56a424ccSmp153739export TEXTDOMAIN
14*56a424ccSmp153739
15*56a424ccSmp153739# list_princs keytab
16*56a424ccSmp153739# returns a list of principals in the keytab
17*56a424ccSmp153739# sorted and uniquified
18*56a424ccSmp153739list_princs() {
19*56a424ccSmp153739    klist -k $keytab | tail +4 | awk '{print $2}' | sort | uniq
20*56a424ccSmp153739}
21*56a424ccSmp153739
22*56a424ccSmp153739set_command() {
23*56a424ccSmp153739    if [ x$command != x ] ; then
24*56a424ccSmp153739	cmd_error `gettext  "Only one command can be specified"`
25*56a424ccSmp153739	usage
26*56a424ccSmp153739	exit 1
27*56a424ccSmp153739    fi
28*56a424ccSmp153739    command=$1
29*56a424ccSmp153739}
30*56a424ccSmp153739
31*56a424ccSmp153739#interactive_prompt prompt princ
32*56a424ccSmp153739# If in interactive mode  return true if the principal  should be acted on
33*56a424ccSmp153739# otherwise return true all the time
34*56a424ccSmp153739#
35*56a424ccSmp153739# SUNW14resync: If in interactive mode the default is now to return false
36*56a424ccSmp153739#               i.e. if in interactive mode unless the user types "Yes" or
37*56a424ccSmp153739#               "yes" false will be returned.
38*56a424ccSmp153739#
39*56a424ccSmp153739interactive_prompt() {
40*56a424ccSmp153739    if [ $interactive = 0 ] ; then
41*56a424ccSmp153739	return 0
42*56a424ccSmp153739    fi
43*56a424ccSmp153739    PROMPT=`gettext  "%s for %s? [yes no] "`
44*56a424ccSmp153739    Y1=`gettext  "yes"`
45*56a424ccSmp153739    Y2=`gettext  "Yes"`
46*56a424ccSmp153739    printf "$PROMPT" "$1" "$2"
47*56a424ccSmp153739    read ans
48*56a424ccSmp153739    case $ans in
49*56a424ccSmp153739    ${Y1}|${Y2})
50*56a424ccSmp153739	return 0
51*56a424ccSmp153739	;;
52*56a424ccSmp153739    esac
53*56a424ccSmp153739    return 1
54*56a424ccSmp153739    }
55*56a424ccSmp153739
56*56a424ccSmp153739cmd_error() {
57*56a424ccSmp153739    echo $@ 2>&1
58*56a424ccSmp153739    }
59*56a424ccSmp153739
60*56a424ccSmp153739usage() {
61*56a424ccSmp153739    USAGE=`gettext "Usage: $0 [-i] [-f file] list|change|delete|delold"`
62*56a424ccSmp153739    echo $USAGE
63*56a424ccSmp153739}
64*56a424ccSmp153739
65*56a424ccSmp153739
66*56a424ccSmp153739
67*56a424ccSmp153739change_key() {
68*56a424ccSmp153739    princs=`list_princs `
69*56a424ccSmp153739    for princ in $princs; do
70*56a424ccSmp153739	ACTION=`gettext  "Change key"`
71*56a424ccSmp153739	if interactive_prompt "$ACTION" $princ; then
72*56a424ccSmp153739	    kadmin -k -t $keytab -p $princ -q "ktadd -k $keytab $princ"
73*56a424ccSmp153739	fi
74*56a424ccSmp153739    done
75*56a424ccSmp153739    }
76*56a424ccSmp153739
77*56a424ccSmp153739delete_old_keys() {
78*56a424ccSmp153739    princs=`list_princs `
79*56a424ccSmp153739    for princ in $princs; do
80*56a424ccSmp153739	ACTION=`gettext  "Delete old keys"`
81*56a424ccSmp153739	if interactive_prompt "$ACTION" $princ; then
82*56a424ccSmp153739	    kadmin -k -t $keytab -p $princ -q "ktrem -k $keytab $princ old"
83*56a424ccSmp153739	fi
84*56a424ccSmp153739    done
85*56a424ccSmp153739    }
86*56a424ccSmp153739
87*56a424ccSmp153739delete_keys() {
88*56a424ccSmp153739    interactive=1
89*56a424ccSmp153739    princs=`list_princs `
90*56a424ccSmp153739    for princ in $princs; do
91*56a424ccSmp153739	ACTION=`gettext  "Delete all keys"`
92*56a424ccSmp153739	if interactive_prompt "$ACTION" $princ; then
93*56a424ccSmp153739	    kadmin -p $princ -k -t $keytab -q "ktrem -k $keytab $princ all"
94*56a424ccSmp153739	fi
95*56a424ccSmp153739    done
96*56a424ccSmp153739    }
97*56a424ccSmp153739
98*56a424ccSmp153739
99*56a424ccSmp153739keytab=/etc/krb5/krb5.keytab
100*56a424ccSmp153739interactive=0
101*56a424ccSmp153739
102*56a424ccSmp153739CHANGE=`gettext  "change"`
103*56a424ccSmp153739DELOLD=`gettext  "delold"`
104*56a424ccSmp153739DELETE=`gettext  "delete"`
105*56a424ccSmp153739LIST=`gettext  "list"`
106*56a424ccSmp153739
107*56a424ccSmp153739while [ $# -gt 0 ] ; do
108*56a424ccSmp153739    opt=$1
109*56a424ccSmp153739    shift
110*56a424ccSmp153739        case $opt in
111*56a424ccSmp153739	"-f")
112*56a424ccSmp153739	keytab=$1
113*56a424ccSmp153739	shift
114*56a424ccSmp153739	;;
115*56a424ccSmp153739	"-i")
116*56a424ccSmp153739	interactive=1
117*56a424ccSmp153739	;;
118*56a424ccSmp153739	${CHANGE}|${DELOLD}|${DELETE}|${LIST})
119*56a424ccSmp153739	set_command $opt
120*56a424ccSmp153739	;;
121*56a424ccSmp153739	*)
122*56a424ccSmp153739	ILLEGAL=`gettext  "Illegal option: "`
123*56a424ccSmp153739	cmd_error $ILLEGAL $opt
124*56a424ccSmp153739	usage
125*56a424ccSmp153739	exit 1
126*56a424ccSmp153739	;;
127*56a424ccSmp153739	esac
128*56a424ccSmp153739done
129*56a424ccSmp153739
130*56a424ccSmp153739
131*56a424ccSmp153739case $command in
132*56a424ccSmp153739    $CHANGE)
133*56a424ccSmp153739    change_key
134*56a424ccSmp153739    ;;
135*56a424ccSmp153739    $DELOLD)
136*56a424ccSmp153739    delete_old_keys
137*56a424ccSmp153739    ;;
138*56a424ccSmp153739    $DELETE)
139*56a424ccSmp153739    delete_keys
140*56a424ccSmp153739    ;;
141*56a424ccSmp153739    $LIST)
142*56a424ccSmp153739    klist -k $keytab
143*56a424ccSmp153739    ;;
144*56a424ccSmp153739    *)
145*56a424ccSmp153739        usage
146*56a424ccSmp153739	;;
147*56a424ccSmp153739    esac
148