convert to slc; warn if resetting disallow-all-tix

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14259 ec53bebd-3082-4978-b11e-865c3cabbd6b

admin/get.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
+ * Copyright (c) 1997-2004 Kungliga Tekniska H<>gskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -78,89 +78,45 @@ open_kadmin_connection(char *principal,
 }
 
 int
-kt_get(int argc, char **argv)
+kt_get(struct get_options *opt, int argc, char **argv)
 {
     krb5_error_code ret = 0;
     krb5_keytab keytab;
     void *kadm_handle = NULL;
-    char *principal = NULL;
-    char *realm = NULL;
-    char *admin_server = NULL;
-    int server_port = 0;
-    int help_flag = 0;
-    int optind = 0;
-    struct getarg_strings etype_strs = {0, NULL};
     krb5_enctype *etypes = NULL;
     size_t netypes = 0;
-    
-    struct getargs args[] = {
-	{ "principal",	'p',	arg_string,   NULL, 
-	  "admin principal", "principal" 
-	},
-	{ "enctypes",	'e',	arg_strings,	NULL,
-	  "encryption types to use", "enctypes" },
-	{ "realm",	'r',	arg_string,   NULL, 
-	  "realm to use", "realm" 
-	},
-	{ "admin-server",	'a',	arg_string, NULL,
-	  "server to contact", "host" 
-	},
-	{ "server-port",	's',	arg_integer, NULL,
-	  "port to contact", "port number" 
-	},
-	{ "help",		'h',	arg_flag,    NULL }
-    };
     int i = 0, j;
-
+    unsigned int failed = 0;
-    args[i++].value = &principal;
-    args[i++].value = &etype_strs;
-    args[i++].value = &realm;
-    args[i++].value = &admin_server;
-    args[i++].value = &server_port;
-    args[i++].value = &help_flag;
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)
-       || help_flag) {
-	arg_printusage(args, sizeof(args) / sizeof(args[0]), 
-		       "ktutil get", "principal...");
-	return 1;
-    }
-    if(optind == argc) {
-	krb5_warnx(context, "no principals specified");
-	arg_printusage(args, sizeof(args) / sizeof(args[0]), 
-		       "ktutil get", "principal...");
-	return 1;
-    }
     
     if((keytab = ktutil_open_keytab()) == NULL)
 	return 1;
 
-    if(realm)
+    if(opt->realm_string)
-	krb5_set_default_realm(context, realm);
+	krb5_set_default_realm(context, opt->realm_string);
 
-    if (etype_strs.num_strings) {
+    if (opt->enctypes_strings.num_strings != 0) {
 	int i;
 
-	etypes = malloc (etype_strs.num_strings * sizeof(*etypes));
+	etypes = malloc (opt->enctypes_strings.num_strings * sizeof(*etypes));
 	if (etypes == NULL) {
 	    krb5_warnx(context, "malloc failed");
 	    goto out;
 	}
-	netypes = etype_strs.num_strings;
+	netypes = opt->enctypes_strings.num_strings;
 	for(i = 0; i < netypes; i++) {
 	    ret = krb5_string_to_enctype(context, 
-					 etype_strs.strings[i], 
+					 opt->enctypes_strings.strings[i], 
 					 &etypes[i]);
 	    if(ret) {
 		krb5_warnx(context, "unrecognized enctype: %s",
-			   etype_strs.strings[i]);
+			   opt->enctypes_strings.strings[i]);
 		goto out;
 	    }
 	}
     }
 
     
-    for(i = optind; i < argc; i++){
+    for(i = 0; i < argc; i++){
 	krb5_principal princ_ent;
 	kadm5_principal_ent_rec princ;
 	int mask = 0;
@@ -172,6 +128,7 @@ kt_get(int argc, char **argv)
 	ret = krb5_parse_name(context, argv[i], &princ_ent);
 	if (ret) {
 	    krb5_warn(context, ret, "can't parse principal %s", argv[i]);
+	    failed++;
 	    continue;
 	}
 	memset(&princ, 0, sizeof(princ));
@@ -184,31 +141,32 @@ kt_get(int argc, char **argv)
 
 	if(kadm_handle == NULL) {
 	    const char *r;
-	    if(realm != NULL)
+	    if(opt->realm_string != NULL)
-		r = realm;
+		r = opt->realm_string;
 	    else
 		r = krb5_principal_get_realm(context, princ_ent);
-	    kadm_handle = open_kadmin_connection(principal, 
+	    kadm_handle = open_kadmin_connection(opt->principal_string, 
 						 r, 
-						 admin_server, 
+						 opt->admin_server_string, 
-						 server_port);
+						 opt->server_port_integer);
-	    if(kadm_handle == NULL) {
+	    if(kadm_handle == NULL)
 		break;
-	    }
 	}
 	
 	ret = kadm5_create_principal(kadm_handle, &princ, mask, "x");
 	if(ret == 0)
-	    created++;
+	    created = 1;
 	else if(ret != KADM5_DUP) {
 	    krb5_warn(context, ret, "kadm5_create_principal(%s)", argv[i]);
 	    krb5_free_principal(context, princ_ent);
+	    failed++;
 	    continue;
 	}
 	ret = kadm5_randkey_principal(kadm_handle, princ_ent, &keys, &n_keys);
 	if (ret) {
 	    krb5_warn(context, ret, "kadm5_randkey_principal(%s)", argv[i]);
 	    krb5_free_principal(context, princ_ent);
+	    failed++;
 	    continue;
 	}
 	
@@ -219,8 +177,11 @@ kt_get(int argc, char **argv)
 	    for (j = 0; j < n_keys; j++)
 		krb5_free_keyblock_contents(context, &keys[j]);
 	    krb5_free_principal(context, princ_ent);
+	    failed++;
 	    continue;
 	}
+	if(!created && (princ.attributes & KRB5_KDB_DISALLOW_ALL_TIX))
+	    krb5_warnx(context, "%s: disallow-all-tix flag set - clearing", argv[i]);
 	princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
 	mask = KADM5_ATTRIBUTES;
 	if(created) {
@@ -233,6 +194,7 @@ kt_get(int argc, char **argv)
 	    for (j = 0; j < n_keys; j++)
 		krb5_free_keyblock_contents(context, &keys[j]);
 	    krb5_free_principal(context, princ_ent);
+	    failed++;
 	    continue;
 	}
 	for(j = 0; j < n_keys; j++) {
@@ -264,10 +226,9 @@ kt_get(int argc, char **argv)
 	krb5_free_principal(context, princ_ent);
     }
  out:
-    free_getarg_strings(&etype_strs);
     free(etypes);
     if (kadm_handle)
 	kadm5_destroy(kadm_handle);
     krb5_kt_close(context, keytab);
-    return ret != 0;
+    return ret != 0 || failed > 0;
 }