1 /* $NetBSD: kadmin.c,v 1.1.1.2 2014/04/24 12:45:27 pettai Exp $ */
2
3 /*
4 * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
5 * (Royal Institute of Technology, Stockholm, Sweden).
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 #include "kadmin_locl.h"
37 #include "kadmin-commands.h"
38 #include <krb5/sl.h>
39
40 static char *config_file;
41 static char *keyfile;
42 int local_flag;
43 static int ad_flag;
44 static int help_flag;
45 static int version_flag;
46 static char *realm;
47 static char *admin_server;
48 static int server_port = 0;
49 static char *client_name;
50 static char *keytab;
51 static char *check_library = NULL;
52 static char *check_function = NULL;
53 static getarg_strings policy_libraries = { 0, NULL };
54
55 static struct getargs args[] = {
56 { "principal", 'p', arg_string, &client_name,
57 "principal to authenticate as", NULL },
58 { "keytab", 'K', arg_string, &keytab,
59 "keytab for authentication principal", NULL },
60 {
61 "config-file", 'c', arg_string, &config_file,
62 "location of config file", "file"
63 },
64 {
65 "key-file", 'k', arg_string, &keyfile,
66 "location of master key file", "file"
67 },
68 {
69 "realm", 'r', arg_string, &realm,
70 "realm to use", "realm"
71 },
72 {
73 "admin-server", 'a', arg_string, &admin_server,
74 "server to contact", "host"
75 },
76 {
77 "server-port", 's', arg_integer, &server_port,
78 "port to use", "port number"
79 },
80 { "ad", 0, arg_flag, &ad_flag, "active directory admin mode",
81 NULL },
82 #ifdef HAVE_DLOPEN
83 { "check-library", 0, arg_string, &check_library,
84 "library to load password check function from", "library" },
85 { "check-function", 0, arg_string, &check_function,
86 "password check function to load", "function" },
87 { "policy-libraries", 0, arg_strings, &policy_libraries,
88 "password check function to load", "function" },
89 #endif
90 { "local", 'l', arg_flag, &local_flag, "local admin mode", NULL },
91 { "help", 'h', arg_flag, &help_flag, NULL, NULL },
92 { "version", 'v', arg_flag, &version_flag, NULL, NULL }
93 };
94
95 static int num_args = sizeof(args) / sizeof(args[0]);
96
97
98 krb5_context context;
99 void *kadm_handle;
100
101 int
help(void * opt,int argc,char ** argv)102 help(void *opt, int argc, char **argv)
103 {
104 sl_slc_help(commands, argc, argv);
105 return 0;
106 }
107
108 static int exit_seen = 0;
109
110 int
exit_kadmin(void * opt,int argc,char ** argv)111 exit_kadmin (void *opt, int argc, char **argv)
112 {
113 exit_seen = 1;
114 return 0;
115 }
116
117 static void
usage(int ret)118 usage(int ret)
119 {
120 arg_printusage (args, num_args, NULL, "[command]");
121 exit (ret);
122 }
123
124 int
get_privs(void * opt,int argc,char ** argv)125 get_privs(void *opt, int argc, char **argv)
126 {
127 uint32_t privs;
128 char str[128];
129 kadm5_ret_t ret;
130
131 ret = kadm5_get_privs(kadm_handle, &privs);
132 if(ret)
133 krb5_warn(context, ret, "kadm5_get_privs");
134 else{
135 ret =_kadm5_privs_to_string(privs, str, sizeof(str));
136 if (ret == 0)
137 printf("%s\n", str);
138 else
139 printf("privs: 0x%x\n", (unsigned int)privs);
140 }
141 return 0;
142 }
143
144 int
main(int argc,char ** argv)145 main(int argc, char **argv)
146 {
147 krb5_error_code ret;
148 char **files;
149 kadm5_config_params conf;
150 int optidx = 0;
151 int exit_status = 0;
152
153 setprogname(argv[0]);
154
155 ret = krb5_init_context(&context);
156 if (ret)
157 errx (1, "krb5_init_context failed: %d", ret);
158
159 if(getarg(args, num_args, argc, argv, &optidx))
160 usage(1);
161
162 if (help_flag)
163 usage (0);
164
165 if (version_flag) {
166 print_version(NULL);
167 exit(0);
168 }
169
170 argc -= optidx;
171 argv += optidx;
172
173 if (config_file == NULL) {
174 asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
175 if (config_file == NULL)
176 errx(1, "out of memory");
177 }
178
179 ret = krb5_prepend_config_files_default(config_file, &files);
180 if (ret)
181 krb5_err(context, 1, ret, "getting configuration files");
182
183 ret = krb5_set_config_files(context, files);
184 krb5_free_config_files(files);
185 if(ret)
186 krb5_err(context, 1, ret, "reading configuration files");
187
188 memset(&conf, 0, sizeof(conf));
189 if(realm) {
190 krb5_set_default_realm(context, realm); /* XXX should be fixed
191 some other way */
192 conf.realm = realm;
193 conf.mask |= KADM5_CONFIG_REALM;
194 }
195
196 if (admin_server) {
197 conf.admin_server = admin_server;
198 conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
199 }
200
201 if (server_port) {
202 conf.kadmind_port = htons(server_port);
203 conf.mask |= KADM5_CONFIG_KADMIND_PORT;
204 }
205
206 if (keyfile) {
207 conf.stash_file = keyfile;
208 conf.mask |= KADM5_CONFIG_STASH_FILE;
209 }
210
211 if(local_flag) {
212 int i;
213
214 kadm5_setup_passwd_quality_check (context,
215 check_library, check_function);
216
217 for (i = 0; i < policy_libraries.num_strings; i++) {
218 ret = kadm5_add_passwd_quality_verifier(context,
219 policy_libraries.strings[i]);
220 if (ret)
221 krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
222 }
223 ret = kadm5_add_passwd_quality_verifier(context, NULL);
224 if (ret)
225 krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
226
227 ret = kadm5_s_init_with_password_ctx(context,
228 KADM5_ADMIN_SERVICE,
229 NULL,
230 KADM5_ADMIN_SERVICE,
231 &conf, 0, 0,
232 &kadm_handle);
233 } else if (ad_flag) {
234 if (client_name == NULL)
235 krb5_errx(context, 1, "keytab mode require principal name");
236 ret = kadm5_ad_init_with_password_ctx(context,
237 client_name,
238 NULL,
239 KADM5_ADMIN_SERVICE,
240 &conf, 0, 0,
241 &kadm_handle);
242 } else if (keytab) {
243 if (client_name == NULL)
244 krb5_errx(context, 1, "keytab mode require principal name");
245 ret = kadm5_c_init_with_skey_ctx(context,
246 client_name,
247 keytab,
248 KADM5_ADMIN_SERVICE,
249 &conf, 0, 0,
250 &kadm_handle);
251 } else
252 ret = kadm5_c_init_with_password_ctx(context,
253 client_name,
254 NULL,
255 KADM5_ADMIN_SERVICE,
256 &conf, 0, 0,
257 &kadm_handle);
258
259 if(ret)
260 krb5_err(context, 1, ret, "kadm5_init_with_password");
261
262 signal(SIGINT, SIG_IGN); /* ignore signals for now, the sl command
263 parser will handle SIGINT its own way;
264 we should really take care of this in
265 each function, f.i `get' might be
266 interruptable, but not `create' */
267 if (argc != 0) {
268 ret = sl_command (commands, argc, argv);
269 if(ret == -1)
270 krb5_warnx (context, "unrecognized command: %s", argv[0]);
271 else if (ret == -2)
272 ret = 0;
273 if(ret != 0)
274 exit_status = 1;
275 } else {
276 while(!exit_seen) {
277 ret = sl_command_loop(commands, "kadmin> ", NULL);
278 if (ret == -2)
279 exit_seen = 1;
280 else if (ret != 0)
281 exit_status = 1;
282 }
283 }
284
285 kadm5_destroy(kadm_handle);
286 krb5_free_context(context);
287 return exit_status;
288 }
289