1/* 2 * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33/* $Id$ */ 34 35command = { 36 name = "stash" 37 name = "kstash" 38 option = { 39 long = "enctype" 40 short = "e" 41 type = "string" 42 help = "encryption type" 43 default = "des3-cbc-sha1" 44 } 45 option = { 46 long = "key-file" 47 short = "k" 48 type = "string" 49 argument = "file" 50 help = "master key file" 51 } 52 option = { 53 long = "convert-file" 54 type = "flag" 55 help = "just convert keyfile to new format" 56 } 57 option = { 58 long = "random-password" 59 type = "flag" 60 help = "use a random password (and print the password to stdout)" 61 } 62 option = { 63 long = "print-password" 64 type = "-flag" 65 help = "dont print the random password to stdout" 66 } 67 option = { 68 long = "master-key-fd" 69 type = "integer" 70 argument = "fd" 71 help = "filedescriptor to read passphrase from" 72 default = "-1" 73 } 74 help = "Writes the Kerberos master key to a file used by the KDC. \nLocal (-l) mode only." 75} 76command = { 77 name = "dump" 78 option = { 79 long = "decrypt" 80 short = "d" 81 type = "flag" 82 help = "decrypt keys" 83 } 84 option = { 85 long = "format" 86 type = "string" 87 help = "dump format, default heimdal" 88 } 89 option = { 90 long = "mit-dump-file" 91 type = "string" 92 help = "mit dump file" 93 } 94 argument = "[dump-file]" 95 min_args = "0" 96 max_args = "1" 97 help = "Dumps the database or a dump file in a human readable format to the specified file, \nor the standard out. Local (-l) mode only." 98} 99command = { 100 name = "od-dump" 101 option = { 102 long = "decrypt" 103 short = "d" 104 type = "flag" 105 help = "decrypt keys" 106 } 107 argument = "[dump-file]" 108 min_args = "0" 109 max_args = "1" 110 help = "Command to be removed." 111} 112command = { 113 name = "init" 114 option = { 115 long = "realm-max-ticket-life" 116 type = "string" 117 help = "realm max ticket lifetime" 118 } 119 option = { 120 long = "realm-max-renewable-life" 121 type = "string" 122 help = "realm max renewable lifetime" 123 } 124 option = { 125 long = "bare" 126 type = "flag" 127 help = "only create krbtgt for realm" 128 } 129 argument = "realm..." 130 min_args = "1" 131 help = "Initializes the default principals for a realm. Creates the database\nif necessary. Local (-l) mode only." 132} 133command = { 134 name = "load" 135 option = { 136 long = "fix-salts" 137 type = "flag" 138 help = "Fixup salts for principals from a different realm name." 139 } 140 argument = "file" 141 min_args = "1" 142 max_args = "2" 143 help = "Loads a previously dumped file. Local (-l) mode only." 144} 145command = { 146 name = "merge" 147 option = { 148 long = "fix-salts" 149 type = "flag" 150 help = "Fixup salts for principals from a different realm name." 151 } 152 argument = "file" 153 min_args = "1" 154 max_args = "2" 155 help = "Merges the contents of a dump file into the database. Local (-l) mode only." 156} 157command = { 158 name = "add" 159 name = "ank" 160 name = "add_new_key" 161 function = "add_new_key" 162 option = { 163 long = "random-key" 164 short = "r" 165 type = "flag" 166 help = "set random key" 167 } 168 option = { 169 long = "random-password" 170 type = "flag" 171 help = "set random password" 172 } 173 option = { 174 long = "password" 175 short = "p" 176 type = "string" 177 help = "principal's password" 178 } 179 option = { 180 long = "key" 181 type = "string" 182 help = "DES-key in hex" 183 } 184 option = { 185 long = "max-ticket-life" 186 type = "string" 187 argument ="lifetime" 188 help = "max ticket lifetime" 189 } 190 option = { 191 long = "max-renewable-life" 192 type = "string" 193 argument = "lifetime" 194 help = "max renewable life" 195 } 196 option = { 197 long = "attributes" 198 type = "string" 199 argument = "attributes" 200 help = "principal attributes" 201 } 202 option = { 203 long = "expiration-time" 204 type = "string" 205 argument = "time" 206 help = "principal expiration time" 207 } 208 option = { 209 long = "pw-expiration-time" 210 type = "string" 211 argument = "time" 212 help = "password expiration time" 213 } 214 option = { 215 long = "hist-kvno-diff-clnt" 216 type = "integer" 217 argument = "kvno diff" 218 help = "historic keys allowed for client" 219 default = "-1" 220 } 221 option = { 222 long = "hist-kvno-diff-svc" 223 type = "integer" 224 argument = "kvno diff" 225 help = "historic keys allowed for service" 226 default = "-1" 227 } 228 option = { 229 long = "use-defaults" 230 type = "flag" 231 help = "use default values" 232 } 233 option = { 234 long = "verbose" 235 type = "flag" 236 help = "verbose output" 237 } 238 option = { 239 long = "policy" 240 type = "string" 241 argument = "policy" 242 help = "policy name" 243 } 244 argument = "principal..." 245 min_args = "1" 246 help = "Adds a principal to the database." 247} 248command = { 249 name = "passwd" 250 name = "cpw" 251 name = "change_password" 252 function = "cpw_entry" 253 option = { 254 long = "random-key" 255 short = "r" 256 type = "flag" 257 help = "set random key" 258 } 259 option = { 260 long = "random-password" 261 type = "flag" 262 help = "set random password" 263 } 264 option = { 265 long = "password" 266 short = "p" 267 type = "string" 268 help = "princial's password" 269 } 270 option = { 271 long = "key" 272 type = "string" 273 help = "DES key in hex" 274 } 275 option = { 276 long = "keepold" 277 type = "flag" 278 help = "keep old keys/password" 279 } 280 argument = "principal..." 281 min_args = "1" 282 help = "Changes the password of one or more principals matching the expressions." 283} 284command = { 285 name = "delete" 286 name = "del" 287 name = "del_entry" 288 function = "del_entry" 289 argument = "principal..." 290 min_args = "1" 291 help = "Deletes all principals matching the expressions." 292} 293command = { 294 name = "del_enctype" 295 argument = "principal enctype..." 296 min_args = "2" 297 help = "Delete all the mentioned enctypes for principal." 298} 299command = { 300 name = "add_enctype" 301 option = { 302 long = "random-key" 303 short = "r" 304 type = "flag" 305 help = "set random key" 306 } 307 argument = "principal enctype..." 308 min_args = "2" 309 help = "Add new enctypes for principal." 310} 311command = { 312 name = "ext_keytab" 313 option = { 314 long = "keytab" 315 short = "k" 316 type = "string" 317 help = "keytab to use" 318 } 319 argument = "principal..." 320 min_args = "1" 321 help = "Extracts the keys of all principals matching the expressions, and stores them in a keytab." 322} 323command = { 324 name = "get" 325 name = "get_entry" 326 function = "get_entry" 327 /* XXX sync options with "list" */ 328 option = { 329 long = "long" 330 short = "l" 331 type = "flag" 332 help = "long format" 333 default = "-1" 334 } 335 option = { 336 long = "short" 337 short = "s" 338 type = "flag" 339 help = "short format" 340 } 341 option = { 342 long = "terse" 343 short = "t" 344 type = "flag" 345 help = "terse format" 346 } 347 option = { 348 long = "column-info" 349 short = "o" 350 type = "string" 351 help = "columns to print for short output" 352 } 353 argument = "principal..." 354 min_args = "1" 355 help = "Shows information about principals matching the expressions." 356} 357command = { 358 name = "rename" 359 function = "rename_entry" 360 argument = "from to" 361 min_args = "2" 362 max_args = "2" 363 help = "Renames a principal." 364} 365command = { 366 name = "modify" 367 function = "mod_entry" 368 option = { 369 long = "max-ticket-life" 370 type = "string" 371 argument ="lifetime" 372 help = "max ticket lifetime" 373 } 374 option = { 375 long = "max-renewable-life" 376 type = "string" 377 argument = "lifetime" 378 help = "max renewable life" 379 } 380 option = { 381 long = "attributes" 382 short = "a" 383 type = "string" 384 argument = "attributes" 385 help = "principal attributes" 386 } 387 option = { 388 long = "expiration-time" 389 type = "string" 390 argument = "time" 391 help = "principal expiration time" 392 } 393 option = { 394 long = "pw-expiration-time" 395 type = "string" 396 argument = "time" 397 help = "password expiration time" 398 } 399 option = { 400 long = "kvno" 401 type = "integer" 402 help = "key version number" 403 default = "-1" 404 } 405 option = { 406 long = "constrained-delegation" 407 type = "strings" 408 argument = "principal" 409 help = "allowed target principals" 410 } 411 option = { 412 long = "alias" 413 type = "strings" 414 argument = "principal" 415 help = "aliases" 416 } 417 option = { 418 long = "pkinit-acl" 419 type = "strings" 420 argument = "subject dn" 421 help = "aliases" 422 } 423 option = { 424 long = "policy" 425 type = "string" 426 argument = "policy" 427 help = "policy name" 428 } 429 option = { 430 long = "hist-kvno-diff-clnt" 431 type = "integer" 432 argument = "kvno diff" 433 help = "historic keys allowed for client" 434 default = "-1" 435 } 436 option = { 437 long = "hist-kvno-diff-svc" 438 type = "integer" 439 argument = "kvno diff" 440 help = "historic keys allowed for service" 441 default = "-1" 442 } 443 argument = "principal" 444 min_args = "1" 445 max_args = "1" 446 help = "Modifies some attributes of the specified principal." 447} 448command = { 449 name = "privileges" 450 name = "privs" 451 function = "get_privs" 452 help = "Shows which operations you are allowed to perform." 453} 454command = { 455 name = "list" 456 function = "list_princs" 457 /* XXX sync options with "get" */ 458 option = { 459 long = "long" 460 short = "l" 461 type = "flag" 462 help = "long format" 463 } 464 option = { 465 long = "short" 466 short = "s" 467 type = "flag" 468 help = "short format" 469 } 470 option = { 471 long = "terse" 472 short = "t" 473 type = "flag" 474 help = "terse format" 475 default = "-1" 476 } 477 option = { 478 long = "column-info" 479 short = "o" 480 type = "string" 481 help = "columns to print for short output" 482 } 483 argument = "principal..." 484 min_args = "1" 485 help = "Lists principals in a terse format. Equivalent to \"get -t\"." 486} 487command = { 488 name = "verify-password-quality" 489 name = "pwq" 490 function = "password_quality" 491 argument = "principal password" 492 min_args = "2" 493 max_args = "2" 494 help = "Try run the password quality function locally (not doing RPC out to server)." 495} 496command = { 497 name = "check" 498 function = "check" 499 option = { 500 long = "ds-local" 501 type = "flag" 502 help = "Only perform local checks." 503 } 504 argument = "[realm]" 505 min_args = "0" 506 max_args = "1" 507 help = "Check the realm (if not given, the default realm) for configuration errors." 508} 509command = { 510 name = "lock" 511 function = "lock" 512 argument = "" 513 min_args = "0" 514 max_args = "0" 515 help = "Lock the database for writing (use with care)." 516} 517command = { 518 name = "unlock" 519 function = "unlock" 520 argument = "" 521 min_args = "0" 522 max_args = "0" 523 help = "Unlock the database." 524} 525command = { 526 name = "help" 527 name = "?" 528 argument = "[command]" 529 min_args = "0" 530 max_args = "1" 531 help = "Help! I need somebody." 532} 533command = { 534 name = "exit" 535 name = "quit" 536 function = "exit_kadmin" 537 help = "Quits." 538} 539