kadmin.c revision 178825
1/* 2 * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34#include "kadmin_locl.h" 35#include "kadmin-commands.h" 36#include <sl.h> 37 38RCSID("$Id: kadmin.c 22253 2007-12-09 06:00:00Z lha $"); 39 40static char *config_file; 41static char *keyfile; 42int local_flag; 43static int ad_flag; 44static int help_flag; 45static int version_flag; 46static char *realm; 47static char *admin_server; 48static int server_port = 0; 49static char *client_name; 50static char *keytab; 51static char *check_library = NULL; 52static char *check_function = NULL; 53static getarg_strings policy_libraries = { 0, NULL }; 54 55static struct getargs args[] = { 56 { "principal", 'p', arg_string, &client_name, 57 "principal to authenticate as" }, 58 { "keytab", 'K', arg_string, &keytab, 59 "keytab for authentication principal" }, 60 { 61 "config-file", 'c', arg_string, &config_file, 62 "location of config file", "file" 63 }, 64 { 65 "key-file", 'k', arg_string, &keyfile, 66 "location of master key file", "file" 67 }, 68 { 69 "realm", 'r', arg_string, &realm, 70 "realm to use", "realm" 71 }, 72 { 73 "admin-server", 'a', arg_string, &admin_server, 74 "server to contact", "host" 75 }, 76 { 77 "server-port", 's', arg_integer, &server_port, 78 "port to use", "port number" 79 }, 80 { "ad", 0, arg_flag, &ad_flag, "active directory admin mode" }, 81#ifdef HAVE_DLOPEN 82 { "check-library", 0, arg_string, &check_library, 83 "library to load password check function from", "library" }, 84 { "check-function", 0, arg_string, &check_function, 85 "password check function to load", "function" }, 86 { "policy-libraries", 0, arg_strings, &policy_libraries, 87 "password check function to load", "function" }, 88#endif 89 { "local", 'l', arg_flag, &local_flag, "local admin mode" }, 90 { "help", 'h', arg_flag, &help_flag }, 91 { "version", 'v', arg_flag, &version_flag } 92}; 93 94static int num_args = sizeof(args) / sizeof(args[0]); 95 96 97krb5_context context; 98void *kadm_handle; 99 100int 101help(void *opt, int argc, char **argv) 102{ 103 sl_slc_help(commands, argc, argv); 104 return 0; 105} 106 107static int exit_seen = 0; 108 109int 110exit_kadmin (void *opt, int argc, char **argv) 111{ 112 exit_seen = 1; 113 return 0; 114} 115 116static void 117usage(int ret) 118{ 119 arg_printusage (args, num_args, NULL, "[command]"); 120 exit (ret); 121} 122 123int 124get_privs(void *opt, int argc, char **argv) 125{ 126 uint32_t privs; 127 char str[128]; 128 kadm5_ret_t ret; 129 130 ret = kadm5_get_privs(kadm_handle, &privs); 131 if(ret) 132 krb5_warn(context, ret, "kadm5_get_privs"); 133 else{ 134 ret =_kadm5_privs_to_string(privs, str, sizeof(str)); 135 printf("%s\n", str); 136 } 137 return 0; 138} 139 140int 141main(int argc, char **argv) 142{ 143 krb5_error_code ret; 144 char **files; 145 kadm5_config_params conf; 146 int optidx = 0; 147 int exit_status = 0; 148 149 setprogname(argv[0]); 150 151 ret = krb5_init_context(&context); 152 if (ret) 153 errx (1, "krb5_init_context failed: %d", ret); 154 155 if(getarg(args, num_args, argc, argv, &optidx)) 156 usage(1); 157 158 if (help_flag) 159 usage (0); 160 161 if (version_flag) { 162 print_version(NULL); 163 exit(0); 164 } 165 166 argc -= optidx; 167 argv += optidx; 168 169 if (config_file == NULL) { 170 asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context)); 171 if (config_file == NULL) 172 errx(1, "out of memory"); 173 } 174 175 ret = krb5_prepend_config_files_default(config_file, &files); 176 if (ret) 177 krb5_err(context, 1, ret, "getting configuration files"); 178 179 ret = krb5_set_config_files(context, files); 180 krb5_free_config_files(files); 181 if(ret) 182 krb5_err(context, 1, ret, "reading configuration files"); 183 184 memset(&conf, 0, sizeof(conf)); 185 if(realm) { 186 krb5_set_default_realm(context, realm); /* XXX should be fixed 187 some other way */ 188 conf.realm = realm; 189 conf.mask |= KADM5_CONFIG_REALM; 190 } 191 192 if (admin_server) { 193 conf.admin_server = admin_server; 194 conf.mask |= KADM5_CONFIG_ADMIN_SERVER; 195 } 196 197 if (server_port) { 198 conf.kadmind_port = htons(server_port); 199 conf.mask |= KADM5_CONFIG_KADMIND_PORT; 200 } 201 202 if (keyfile) { 203 conf.stash_file = keyfile; 204 conf.mask |= KADM5_CONFIG_STASH_FILE; 205 } 206 207 if(local_flag) { 208 int i; 209 210 kadm5_setup_passwd_quality_check (context, 211 check_library, check_function); 212 213 for (i = 0; i < policy_libraries.num_strings; i++) { 214 ret = kadm5_add_passwd_quality_verifier(context, 215 policy_libraries.strings[i]); 216 if (ret) 217 krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); 218 } 219 ret = kadm5_add_passwd_quality_verifier(context, NULL); 220 if (ret) 221 krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); 222 223 ret = kadm5_s_init_with_password_ctx(context, 224 KADM5_ADMIN_SERVICE, 225 NULL, 226 KADM5_ADMIN_SERVICE, 227 &conf, 0, 0, 228 &kadm_handle); 229 } else if (ad_flag) { 230 if (client_name == NULL) 231 krb5_errx(context, 1, "keytab mode require principal name"); 232 ret = kadm5_ad_init_with_password_ctx(context, 233 client_name, 234 NULL, 235 KADM5_ADMIN_SERVICE, 236 &conf, 0, 0, 237 &kadm_handle); 238 } else if (keytab) { 239 if (client_name == NULL) 240 krb5_errx(context, 1, "keytab mode require principal name"); 241 ret = kadm5_c_init_with_skey_ctx(context, 242 client_name, 243 keytab, 244 KADM5_ADMIN_SERVICE, 245 &conf, 0, 0, 246 &kadm_handle); 247 } else 248 ret = kadm5_c_init_with_password_ctx(context, 249 client_name, 250 NULL, 251 KADM5_ADMIN_SERVICE, 252 &conf, 0, 0, 253 &kadm_handle); 254 255 if(ret) 256 krb5_err(context, 1, ret, "kadm5_init_with_password"); 257 258 signal(SIGINT, SIG_IGN); /* ignore signals for now, the sl command 259 parser will handle SIGINT its own way; 260 we should really take care of this in 261 each function, f.i `get' might be 262 interruptable, but not `create' */ 263 if (argc != 0) { 264 ret = sl_command (commands, argc, argv); 265 if(ret == -1) 266 krb5_warnx (context, "unrecognized command: %s", argv[0]); 267 else if (ret == -2) 268 ret = 0; 269 if(ret != 0) 270 exit_status = 1; 271 } else { 272 while(!exit_seen) { 273 ret = sl_command_loop(commands, "kadmin> ", NULL); 274 if (ret == -2) 275 exit_seen = 1; 276 else if (ret != 0) 277 exit_status = 1; 278 } 279 } 280 281 kadm5_destroy(kadm_handle); 282 krb5_free_context(context); 283 return exit_status; 284} 285