Simple kadmin utility.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3738 ec53bebd-3082-4978-b11e-865c3cabbd6b

kadmin/.cvsignore

@@ -0,0 +1 @@
+Makefile.in

kadmin/Makefile.am

@@ -0,0 +1,11 @@
+# $Id$
+
+AUTOMAKE_OPTIONS = no-dependencies foreign
+
+INCLUDES = -I$(top_builddir)/include $(INCLUDE_readline)
+
+sbin_PROGRAMS = kadmin
+
+kadmin_SOURCES = kadmin.c ank.c cpw.c del.c ext.c get.c
+
+LDADD = $(top_builddir)/lib/kadm5/libkadm5srv.a $(top_builddir)/lib/hdb/libhdb.a $(top_builddir)/lib/krb5/libkrb5.a $(top_builddir)/lib/des/libdes.a $(top_builddir)/lib/asn1/libasn1.a $(top_builddir)/lib/sl/libsl.a $(LIB_readline) $(top_builddir)/lib/roken/libroken.a

kadmin/ank.c

@@ -0,0 +1,114 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H<>gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      H<>gskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "kadmin_locl.h"
+
+RCSID("$Id$");
+
+static struct getargs args[] = {
+    { "random-key",	'r',	arg_flag,	NULL, "set random key" },
+    { "password",	'p',	arg_string,	NULL, "princial's password" },
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(void)
+{
+    arg_printusage (args, num_args, "principal");
+}
+
+
+int
+add_new_key(int argc, char **argv)
+{
+    kadm5_principal_ent_rec princ;
+    char pwbuf[1024];
+    char *password = NULL;
+    int rkey = 0;
+    int optind = 0;
+    int mask = 0;
+    krb5_error_code ret;
+    krb5_principal princ_ent;
+
+    args[0].value = &rkey;
+    args[1].value = &password;
+    
+    if(getarg(args, num_args, argc, argv, &optind))
+	goto usage;
+    if(optind == argc)
+	goto usage;
+    memset(&princ, 0, sizeof(princ));
+    if(rkey){
+	princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
+	mask |= KADM5_ATTRIBUTES;
+	password = "hemlig";
+    }
+    krb5_parse_name(context, argv[optind], &princ_ent);
+    princ.principal = princ_ent;
+    mask |= KADM5_PRINCIPAL;
+    if(password == NULL){
+	if(des_read_pw_string(pwbuf, sizeof(pwbuf), "Password: ", 1))
+	    goto out;
+	password = pwbuf;
+    }
+    
+    ret = kadm5_create_principal(kadm_handle, &princ, mask, password);
+    if(ret)
+	krb5_warn(context, ret, "kadm5_create_principal");
+    if(rkey){
+	krb5_keyblock *new_keys;
+	int n_keys;
+	ret = kadm5_randkey_principal(kadm_handle, princ_ent, 
+				      &new_keys, &n_keys);
+	if(ret)
+	    krb5_warn(context, ret, "kadm5_randkey_principal");
+	kadm5_get_principal(kadm_handle, princ_ent, &princ, 
+			    KADM5_PRINCIPAL | KADM5_ATTRIBUTES);
+	princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
+	kadm5_modify_principal(kadm_handle, &princ, KADM5_ATTRIBUTES);
+	kadm5_free_principal_ent(kadm_handle, &princ);
+    }
+out:
+    if(password)
+	memset(password, 0, strlen(password));
+    return 0;
+usage:
+    usage();
+    goto out;
+}

kadmin/cpw.c

@@ -0,0 +1,116 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H<>gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      H<>gskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "kadmin_locl.h"
+
+RCSID("$Id$");
+
+static struct getargs args[] = {
+    { "random-key",	'r',	arg_flag,	NULL, "set random key" },
+    { "password",	'p',	arg_string,	NULL, "princial's password" },
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(void)
+{
+    arg_printusage(args, num_args, "principal...");
+}
+
+int
+cpw_entry(int argc, char **argv)
+{
+    krb5_error_code ret;
+    krb5_principal princ;
+    int i;
+    int optind = 0;
+    char *password = NULL, pwbuf[128], prompt[128], *pr;
+    int rnd = 0;
+
+    args[0].value = &rnd;
+    args[1].value = &password;
+    if(getarg(args, num_args, argc, argv, &optind)){
+	usage();
+	return 0;
+    }
+    argc -= optind;
+    argv += optind;
+
+    if(password == NULL)
+	password = pwbuf;
+    
+    for(i = 0; i < argc; i++){
+	ret = krb5_parse_name(context, argv[i], &princ);
+	if(ret){
+	    krb5_warn(context, ret, "krb5_parse_name(%s)", argv[i]);
+	    continue;
+	}
+	if(rnd == 0){
+	    if(password == pwbuf){
+		krb5_unparse_name(context, princ, &pr);
+		snprintf(prompt, sizeof(prompt), "%s's Password: ", pr);
+		free(pr);
+		ret = des_read_pw_string(pwbuf, sizeof(pwbuf), prompt, 1);
+		if(ret){
+		    printf("Verify failure\n");
+		}
+	    }
+	    if(ret == 0){
+		ret = kadm5_chpass_principal(kadm_handle, princ, password);
+		if(ret)
+		    krb5_warn(context, ret, "%s", argv[i]);
+	    }
+	    memset(pwbuf, 0, sizeof(pwbuf));
+	}else{
+	    krb5_keyblock *keys;
+	    int num_keys;
+	    ret = kadm5_randkey_principal(kadm_handle, princ, &keys, &num_keys);
+	    if(ret)
+		krb5_warn(context, ret, "%s", argv[i]);
+	    else{
+		for(i = 0; i < num_keys; i++)
+		    krb5_free_keyblock(context, &keys[i]);
+		free(keys);
+	    }
+	}
+	krb5_free_principal(context, princ);
+    }
+    return 0;
+}
+

kadmin/del.c

@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H<>gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      H<>gskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "kadmin_locl.h"
+
+RCSID("$Id$");
+
+int
+del_entry(int argc, char **argv)
+{
+    krb5_error_code ret;
+    krb5_principal princ;
+    int i;
+
+    for(i = 1; i < argc; i++){
+	ret = krb5_parse_name(context, argv[i], &princ);
+	if(ret){
+	    krb5_warn(context, ret, "krb5_parse_name(%s)", argv[i]);
+	    continue;
+	}
+	ret = kadm5_delete_principal(kadm_handle, princ);
+	if(ret)
+	    krb5_warn(context, ret, "%s", argv[i]);
+	krb5_free_principal(context, princ);
+    }
+    return 0;
+}
+

kadmin/ext.c

@@ -0,0 +1,112 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H<>gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      H<>gskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "kadmin_locl.h"
+
+RCSID("$Id$");
+
+static struct getargs args[] = {
+    { "keytab",		'k',	arg_string,	NULL, "keytab to use" },
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(void)
+{
+    arg_printusage(args, num_args, "principal...");
+}
+
+int
+ext_keytab(int argc, char **argv)
+{
+    krb5_error_code ret;
+    kadm5_principal_ent_rec princ;
+    krb5_principal princ_ent;
+    int i;
+    int optind = 0;
+    char *keytab = NULL;
+    krb5_keytab kt;
+
+    args[0].value = &keytab;
+    if(getarg(args, num_args, argc, argv, &optind)){
+	usage();
+	return 0;
+    }
+    argc -= optind;
+    argv += optind;
+
+    if(keytab)
+	ret = krb5_kt_resolve(context, keytab, &kt);
+    else
+	ret = krb5_kt_default(context, &kt);
+    if(ret){
+	krb5_warn(context, ret, "krb5_kt_resolve");
+	return 0;
+    }
+
+    for(i = 0; i < argc; i++){
+	ret = krb5_parse_name(context, argv[i], &princ_ent);
+	if(ret){
+	    krb5_warn(context, ret, "krb5_parse_name(%s)", argv[i]);
+	    continue;
+	}
+	ret = kadm5_get_principal(kadm_handle, princ_ent, &princ, 
+				  KADM5_PRINCIPAL|KADM5_KVNO|KADM5_KEY_DATA);
+	if(ret){
+	    krb5_warn(context, ret, "%s", argv[i]);
+	}else{
+	    for(i = 0; i < princ.n_key_data; i++){
+		krb5_keytab_entry key;
+		krb5_key_data *k = &princ.key_data[i];
+		key.principal = princ.principal;
+		key.vno = k->key_data_kvno;
+		key.keyblock.keytype = k->key_data_type[0];
+		key.keyblock.keyvalue.length = k->key_data_length[0];
+		key.keyblock.keyvalue.data = k->key_data_contents[0];
+		ret = krb5_kt_add_entry(context, kt, &key);
+		if(ret)
+		    krb5_warn(context, ret, "krb5_kt_add_entry");
+	    }
+	    kadm5_free_principal_ent(kadm_handle, &princ);
+	}
+	krb5_free_principal(context, princ_ent);
+    }
+    return 0;
+}
+

kadmin/get.c

@@ -0,0 +1,147 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H<>gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      H<>gskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "kadmin_locl.h"
+#include <parse_units.h>
+
+RCSID("$Id$");
+
+struct units kdb_attrs[] = {
+    { "new-princ", KRB5_KDB_NEW_PRINC },
+    { "support-desmd5", KRB5_KDB_SUPPORT_DESMD5 },
+    { "pwchange-service", KRB5_KDB_PWCHANGE_SERVICE },
+    { "disallow-svr", KRB5_KDB_DISALLOW_SVR },
+    { "requires-pw-change", KRB5_KDB_REQUIRES_PWCHANGE },
+    { "requires-hw-auth", KRB5_KDB_REQUIRES_HW_AUTH },
+    { "requires-pre-auth", KRB5_KDB_REQUIRES_PRE_AUTH },
+    { "disallow-all-tix", KRB5_KDB_DISALLOW_ALL_TIX },
+    { "disallow-dup-skey", KRB5_KDB_DISALLOW_DUP_SKEY },
+    { "disallow-postdated", KRB5_KDB_DISALLOW_POSTDATED },
+    { "disallow-forwardable", KRB5_KDB_DISALLOW_FORWARDABLE },
+    { "disallow-tgt-based", KRB5_KDB_DISALLOW_TGT_BASED },
+    { "disallow-renewable", KRB5_KDB_DISALLOW_RENEWABLE },
+    { "disallow-proxiable", KRB5_KDB_DISALLOW_PROXIABLE },
+    { NULL }
+};
+
+static void
+timeval2str(time_t t, char *str, size_t len)
+{
+    if(t)
+	strftime(str, len, "%Y-%m-%d %H:%M:%S UTC", gmtime(&t));
+    else
+	snprintf(str, len, "never");
+}
+
+static void
+deltat2str(unsigned t, char *str, size_t len)
+{
+    if(t)
+	unparse_time(t, str, len);
+    else
+	snprintf(str, len, "unlimited");
+}
+
+static void
+print_entry(kadm5_principal_ent_t princ)
+{
+    char *str, buf[1024];
+    
+    krb5_unparse_name(context, princ->principal, &str);
+    printf("%20s: %s\n", "Principal", str);
+    free(str);
+    timeval2str(princ->princ_expire_time, buf, sizeof(buf));
+    printf("%24s: %s\n", "Principal expires", buf);
+	    
+    timeval2str(princ->pw_expiration, buf, sizeof(buf));
+    printf("%24s: %s\n", "Password expires", buf);
+	    
+    timeval2str(princ->last_pwd_change, buf, sizeof(buf));
+    printf("%24s: %s\n", "Last password change", buf);
+	
+    deltat2str(princ->max_life, buf, sizeof(buf));
+    printf("%24s: %s\n", "Max ticket life", buf);
+
+    deltat2str(princ->max_renewable_life, buf, sizeof(buf));
+    printf("%24s: %s\n", "Max renewable life", buf);
+    printf("%24s: %d\n", "Kvno", princ->kvno);
+    printf("%24s: %d\n", "Mkvno", princ->mkvno);
+    printf("%24s: %s\n", "Policy", princ->policy ? princ->policy : "none");
+    timeval2str(princ->last_success, buf, sizeof(buf));
+    printf("%24s: %s\n", "Last successful login", buf);
+    timeval2str(princ->last_failed, buf, sizeof(buf));
+    printf("%24s: %s\n", "Last failed login", buf);
+    printf("%24s: %d\n", "Failed login count", princ->fail_auth_count);
+    timeval2str(princ->mod_date, buf, sizeof(buf));
+    printf("%24s: %s\n", "Last modified", buf);
+    krb5_unparse_name(context, princ->mod_name, &str);
+    printf("%24s: %s\n", "Modifier", str);
+    free(str);
+    unparse_flags (princ->attributes, kdb_attrs, buf, sizeof(buf));
+    printf("%24s: %s\n", "Attributes", buf);
+    printf("\n");
+}
+
+int
+get_entry(int argc, char **argv)
+{
+    kadm5_principal_ent_rec princ;
+    krb5_error_code ret;
+    krb5_principal princ_ent;
+    int i;
+
+    for(i = 1; i < argc; i++){
+	memset(&princ, 0, sizeof(princ));
+	ret = krb5_parse_name(context, argv[i], &princ_ent);
+	if(ret){
+	    krb5_warn(context, ret, "krb5_parse_name(%s)", argv[i]);
+	    continue;
+	}
+	ret = kadm5_get_principal(kadm_handle, princ_ent, 
+				  &princ, KADM5_PRINCIPAL_NORMAL_MASK);
+	krb5_free_principal(context, princ_ent);
+	if(ret)
+	    krb5_warn(context, ret, "%s", argv[i]);
+	else {
+	    print_entry(&princ);
+	    kadm5_free_principal_ent(kadm_handle, &princ);
+	}
+    }
+    return 0;
+}
+

kadmin/kadmin.c

@@ -0,0 +1,147 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H<>gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      H<>gskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "kadmin_locl.h"
+#include <sl.h>
+
+RCSID("$Id$");
+
+static char *config_file;
+static char *keyfile;
+static int help_flag;
+static int version_flag;
+
+static struct getargs args[] = {
+    { 
+	"config-file",	'c',	arg_string,	&config_file, 
+	"location of config file",	"file" 
+    },
+    {
+	"key-file",	'k',	arg_string, &keyfile, 
+	"location of master key file", "file"
+    },
+    {	"help",		'h',	arg_flag,   &help_flag },
+    {	"version",	'v',	arg_flag,   &version_flag }
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+static SL_cmd commands[] = {
+    { "add_new_key",	add_new_key, "add_new_key principal"},
+    { "ank"},
+    { "cpw",		cpw_entry, "cpw_entry principal..."},
+    { "change_password"},
+    { "passwd"},
+    { "del_entry",	del_entry, "del_entry principal..."},
+    { "delete" },
+    { "ext_keytab",	ext_keytab, "ext_keytab principal..."},
+    { "get_entry",	get_entry, "get_entry principal"},
+    { "help",		help, "help"},
+    { "?"},
+    { "exit",		exit_kadmin, "exit"},
+    { NULL}
+};
+
+krb5_context context;
+void *kadm_handle;
+
+int
+help(int argc, char **argv)
+{
+    sl_help(commands, argc, argv);
+    return 0;
+}
+
+int
+exit_kadmin (int argc, char **argv)
+{
+    return 1;
+}
+
+static void
+usage(int ret)
+{
+    arg_printusage (args, num_args, "");
+    exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_error_code ret;
+    krb5_config_section *cf;
+    int optind = 0;
+    int e;
+
+    set_progname(argv[0]);
+
+    krb5_init_context(&context);
+
+    while((e = getarg(args, num_args, argc, argv, &optind)))
+	warnx("error at argument `%s'", argv[optind]);
+
+    if (help_flag)
+	usage (0);
+
+    if (version_flag)
+	krb5_errx(context, 0, "%s", heimdal_version);
+
+    argc -= optind;
+    argv += optind;
+
+    if (config_file == NULL)
+	config_file = HDB_DB_DIR "/kdc.conf";
+
+    if(krb5_config_parse_file(config_file, &cf) == 0) {
+	const char *p = krb5_config_get_string (cf, "kdc", "key-file", NULL);
+	if (p)
+	    keyfile = strdup(p);
+    }
+
+    ret = kadm5_init_with_password_ctx(context, 
+				       "client", 
+				       "password", 
+				       "service",
+				       NULL, 0, 0, 
+				       &kadm_handle);
+
+    if (argc != 0)
+	exit(sl_command(commands, argc, argv));
+
+    return sl_loop(commands, "kadmin> ") != 0;
+}

kadmin/kadmin_locl.h

@@ -0,0 +1,101 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H<>gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      H<>gskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* 
+ * $Id$
+ */
+
+#ifndef __ADMIN_LOCL_H__
+#define __ADMIN_LOCL_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#include <err.h>
+#include <roken.h>
+#include <krb5.h>
+#include <kadm5/admin.h>
+#include <hdb_err.h>
+#include <parse_time.h>
+#include <getarg.h>
+
+#include "hdb.h"
+
+extern krb5_context context;
+extern void * kadm_handle;
+
+#define DECL(X) int X(int, char **)
+
+DECL(add_new_key);
+DECL(cpw_entry);
+DECL(del_entry);
+DECL(ext_keytab);
+DECL(get_entry);
+DECL(help);
+DECL(exit_kadmin);
+
+#define ALLOC(X) ((X) = malloc(sizeof(*(X))))
+
+#endif /* __ADMIN_LOCL_H__ */