From a9f1581a4cc5e0f7ade1fe3c58456a7aef2f38ce Mon Sep 17 00:00:00 2001 From: Johan Danielsson Date: Sat, 1 Nov 1997 02:53:06 +0000 Subject: [PATCH] Simple kadmin utility. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3738 ec53bebd-3082-4978-b11e-865c3cabbd6b --- kadmin/.cvsignore | 1 + kadmin/Makefile.am | 11 ++++ kadmin/ank.c | 114 +++++++++++++++++++++++++++++++++ kadmin/cpw.c | 116 ++++++++++++++++++++++++++++++++++ kadmin/del.c | 63 +++++++++++++++++++ kadmin/ext.c | 112 +++++++++++++++++++++++++++++++++ kadmin/get.c | 147 +++++++++++++++++++++++++++++++++++++++++++ kadmin/kadmin.c | 147 +++++++++++++++++++++++++++++++++++++++++++ kadmin/kadmin_locl.h | 101 +++++++++++++++++++++++++++++ 9 files changed, 812 insertions(+) create mode 100644 kadmin/.cvsignore create mode 100644 kadmin/Makefile.am create mode 100644 kadmin/ank.c create mode 100644 kadmin/cpw.c create mode 100644 kadmin/del.c create mode 100644 kadmin/ext.c create mode 100644 kadmin/get.c create mode 100644 kadmin/kadmin.c create mode 100644 kadmin/kadmin_locl.h diff --git a/kadmin/.cvsignore b/kadmin/.cvsignore new file mode 100644 index 000000000..70845e08e --- /dev/null +++ b/kadmin/.cvsignore @@ -0,0 +1 @@ +Makefile.in diff --git a/kadmin/Makefile.am b/kadmin/Makefile.am new file mode 100644 index 000000000..7fb5ec268 --- /dev/null +++ b/kadmin/Makefile.am @@ -0,0 +1,11 @@ +# $Id$ + +AUTOMAKE_OPTIONS = no-dependencies foreign + +INCLUDES = -I$(top_builddir)/include $(INCLUDE_readline) + +sbin_PROGRAMS = kadmin + +kadmin_SOURCES = kadmin.c ank.c cpw.c del.c ext.c get.c + +LDADD = $(top_builddir)/lib/kadm5/libkadm5srv.a $(top_builddir)/lib/hdb/libhdb.a $(top_builddir)/lib/krb5/libkrb5.a $(top_builddir)/lib/des/libdes.a $(top_builddir)/lib/asn1/libasn1.a $(top_builddir)/lib/sl/libsl.a $(LIB_readline) $(top_builddir)/lib/roken/libroken.a diff --git a/kadmin/ank.c b/kadmin/ank.c new file mode 100644 index 000000000..8e378c940 --- /dev/null +++ b/kadmin/ank.c @@ -0,0 +1,114 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadmin_locl.h" + +RCSID("$Id$"); + +static struct getargs args[] = { + { "random-key", 'r', arg_flag, NULL, "set random key" }, + { "password", 'p', arg_string, NULL, "princial's password" }, +}; + +static int num_args = sizeof(args) / sizeof(args[0]); + +static void +usage(void) +{ + arg_printusage (args, num_args, "principal"); +} + + +int +add_new_key(int argc, char **argv) +{ + kadm5_principal_ent_rec princ; + char pwbuf[1024]; + char *password = NULL; + int rkey = 0; + int optind = 0; + int mask = 0; + krb5_error_code ret; + krb5_principal princ_ent; + + args[0].value = &rkey; + args[1].value = &password; + + if(getarg(args, num_args, argc, argv, &optind)) + goto usage; + if(optind == argc) + goto usage; + memset(&princ, 0, sizeof(princ)); + if(rkey){ + princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX; + mask |= KADM5_ATTRIBUTES; + password = "hemlig"; + } + krb5_parse_name(context, argv[optind], &princ_ent); + princ.principal = princ_ent; + mask |= KADM5_PRINCIPAL; + if(password == NULL){ + if(des_read_pw_string(pwbuf, sizeof(pwbuf), "Password: ", 1)) + goto out; + password = pwbuf; + } + + ret = kadm5_create_principal(kadm_handle, &princ, mask, password); + if(ret) + krb5_warn(context, ret, "kadm5_create_principal"); + if(rkey){ + krb5_keyblock *new_keys; + int n_keys; + ret = kadm5_randkey_principal(kadm_handle, princ_ent, + &new_keys, &n_keys); + if(ret) + krb5_warn(context, ret, "kadm5_randkey_principal"); + kadm5_get_principal(kadm_handle, princ_ent, &princ, + KADM5_PRINCIPAL | KADM5_ATTRIBUTES); + princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX); + kadm5_modify_principal(kadm_handle, &princ, KADM5_ATTRIBUTES); + kadm5_free_principal_ent(kadm_handle, &princ); + } +out: + if(password) + memset(password, 0, strlen(password)); + return 0; +usage: + usage(); + goto out; +} diff --git a/kadmin/cpw.c b/kadmin/cpw.c new file mode 100644 index 000000000..3c1be576f --- /dev/null +++ b/kadmin/cpw.c @@ -0,0 +1,116 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadmin_locl.h" + +RCSID("$Id$"); + +static struct getargs args[] = { + { "random-key", 'r', arg_flag, NULL, "set random key" }, + { "password", 'p', arg_string, NULL, "princial's password" }, +}; + +static int num_args = sizeof(args) / sizeof(args[0]); + +static void +usage(void) +{ + arg_printusage(args, num_args, "principal..."); +} + +int +cpw_entry(int argc, char **argv) +{ + krb5_error_code ret; + krb5_principal princ; + int i; + int optind = 0; + char *password = NULL, pwbuf[128], prompt[128], *pr; + int rnd = 0; + + args[0].value = &rnd; + args[1].value = &password; + if(getarg(args, num_args, argc, argv, &optind)){ + usage(); + return 0; + } + argc -= optind; + argv += optind; + + if(password == NULL) + password = pwbuf; + + for(i = 0; i < argc; i++){ + ret = krb5_parse_name(context, argv[i], &princ); + if(ret){ + krb5_warn(context, ret, "krb5_parse_name(%s)", argv[i]); + continue; + } + if(rnd == 0){ + if(password == pwbuf){ + krb5_unparse_name(context, princ, &pr); + snprintf(prompt, sizeof(prompt), "%s's Password: ", pr); + free(pr); + ret = des_read_pw_string(pwbuf, sizeof(pwbuf), prompt, 1); + if(ret){ + printf("Verify failure\n"); + } + } + if(ret == 0){ + ret = kadm5_chpass_principal(kadm_handle, princ, password); + if(ret) + krb5_warn(context, ret, "%s", argv[i]); + } + memset(pwbuf, 0, sizeof(pwbuf)); + }else{ + krb5_keyblock *keys; + int num_keys; + ret = kadm5_randkey_principal(kadm_handle, princ, &keys, &num_keys); + if(ret) + krb5_warn(context, ret, "%s", argv[i]); + else{ + for(i = 0; i < num_keys; i++) + krb5_free_keyblock(context, &keys[i]); + free(keys); + } + } + krb5_free_principal(context, princ); + } + return 0; +} + diff --git a/kadmin/del.c b/kadmin/del.c new file mode 100644 index 000000000..77c0a242f --- /dev/null +++ b/kadmin/del.c @@ -0,0 +1,63 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadmin_locl.h" + +RCSID("$Id$"); + +int +del_entry(int argc, char **argv) +{ + krb5_error_code ret; + krb5_principal princ; + int i; + + for(i = 1; i < argc; i++){ + ret = krb5_parse_name(context, argv[i], &princ); + if(ret){ + krb5_warn(context, ret, "krb5_parse_name(%s)", argv[i]); + continue; + } + ret = kadm5_delete_principal(kadm_handle, princ); + if(ret) + krb5_warn(context, ret, "%s", argv[i]); + krb5_free_principal(context, princ); + } + return 0; +} + diff --git a/kadmin/ext.c b/kadmin/ext.c new file mode 100644 index 000000000..420d5d142 --- /dev/null +++ b/kadmin/ext.c @@ -0,0 +1,112 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadmin_locl.h" + +RCSID("$Id$"); + +static struct getargs args[] = { + { "keytab", 'k', arg_string, NULL, "keytab to use" }, +}; + +static int num_args = sizeof(args) / sizeof(args[0]); + +static void +usage(void) +{ + arg_printusage(args, num_args, "principal..."); +} + +int +ext_keytab(int argc, char **argv) +{ + krb5_error_code ret; + kadm5_principal_ent_rec princ; + krb5_principal princ_ent; + int i; + int optind = 0; + char *keytab = NULL; + krb5_keytab kt; + + args[0].value = &keytab; + if(getarg(args, num_args, argc, argv, &optind)){ + usage(); + return 0; + } + argc -= optind; + argv += optind; + + if(keytab) + ret = krb5_kt_resolve(context, keytab, &kt); + else + ret = krb5_kt_default(context, &kt); + if(ret){ + krb5_warn(context, ret, "krb5_kt_resolve"); + return 0; + } + + for(i = 0; i < argc; i++){ + ret = krb5_parse_name(context, argv[i], &princ_ent); + if(ret){ + krb5_warn(context, ret, "krb5_parse_name(%s)", argv[i]); + continue; + } + ret = kadm5_get_principal(kadm_handle, princ_ent, &princ, + KADM5_PRINCIPAL|KADM5_KVNO|KADM5_KEY_DATA); + if(ret){ + krb5_warn(context, ret, "%s", argv[i]); + }else{ + for(i = 0; i < princ.n_key_data; i++){ + krb5_keytab_entry key; + krb5_key_data *k = &princ.key_data[i]; + key.principal = princ.principal; + key.vno = k->key_data_kvno; + key.keyblock.keytype = k->key_data_type[0]; + key.keyblock.keyvalue.length = k->key_data_length[0]; + key.keyblock.keyvalue.data = k->key_data_contents[0]; + ret = krb5_kt_add_entry(context, kt, &key); + if(ret) + krb5_warn(context, ret, "krb5_kt_add_entry"); + } + kadm5_free_principal_ent(kadm_handle, &princ); + } + krb5_free_principal(context, princ_ent); + } + return 0; +} + diff --git a/kadmin/get.c b/kadmin/get.c new file mode 100644 index 000000000..85b5d7895 --- /dev/null +++ b/kadmin/get.c @@ -0,0 +1,147 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadmin_locl.h" +#include + +RCSID("$Id$"); + +struct units kdb_attrs[] = { + { "new-princ", KRB5_KDB_NEW_PRINC }, + { "support-desmd5", KRB5_KDB_SUPPORT_DESMD5 }, + { "pwchange-service", KRB5_KDB_PWCHANGE_SERVICE }, + { "disallow-svr", KRB5_KDB_DISALLOW_SVR }, + { "requires-pw-change", KRB5_KDB_REQUIRES_PWCHANGE }, + { "requires-hw-auth", KRB5_KDB_REQUIRES_HW_AUTH }, + { "requires-pre-auth", KRB5_KDB_REQUIRES_PRE_AUTH }, + { "disallow-all-tix", KRB5_KDB_DISALLOW_ALL_TIX }, + { "disallow-dup-skey", KRB5_KDB_DISALLOW_DUP_SKEY }, + { "disallow-postdated", KRB5_KDB_DISALLOW_POSTDATED }, + { "disallow-forwardable", KRB5_KDB_DISALLOW_FORWARDABLE }, + { "disallow-tgt-based", KRB5_KDB_DISALLOW_TGT_BASED }, + { "disallow-renewable", KRB5_KDB_DISALLOW_RENEWABLE }, + { "disallow-proxiable", KRB5_KDB_DISALLOW_PROXIABLE }, + { NULL } +}; + +static void +timeval2str(time_t t, char *str, size_t len) +{ + if(t) + strftime(str, len, "%Y-%m-%d %H:%M:%S UTC", gmtime(&t)); + else + snprintf(str, len, "never"); +} + +static void +deltat2str(unsigned t, char *str, size_t len) +{ + if(t) + unparse_time(t, str, len); + else + snprintf(str, len, "unlimited"); +} + +static void +print_entry(kadm5_principal_ent_t princ) +{ + char *str, buf[1024]; + + krb5_unparse_name(context, princ->principal, &str); + printf("%20s: %s\n", "Principal", str); + free(str); + timeval2str(princ->princ_expire_time, buf, sizeof(buf)); + printf("%24s: %s\n", "Principal expires", buf); + + timeval2str(princ->pw_expiration, buf, sizeof(buf)); + printf("%24s: %s\n", "Password expires", buf); + + timeval2str(princ->last_pwd_change, buf, sizeof(buf)); + printf("%24s: %s\n", "Last password change", buf); + + deltat2str(princ->max_life, buf, sizeof(buf)); + printf("%24s: %s\n", "Max ticket life", buf); + + deltat2str(princ->max_renewable_life, buf, sizeof(buf)); + printf("%24s: %s\n", "Max renewable life", buf); + printf("%24s: %d\n", "Kvno", princ->kvno); + printf("%24s: %d\n", "Mkvno", princ->mkvno); + printf("%24s: %s\n", "Policy", princ->policy ? princ->policy : "none"); + timeval2str(princ->last_success, buf, sizeof(buf)); + printf("%24s: %s\n", "Last successful login", buf); + timeval2str(princ->last_failed, buf, sizeof(buf)); + printf("%24s: %s\n", "Last failed login", buf); + printf("%24s: %d\n", "Failed login count", princ->fail_auth_count); + timeval2str(princ->mod_date, buf, sizeof(buf)); + printf("%24s: %s\n", "Last modified", buf); + krb5_unparse_name(context, princ->mod_name, &str); + printf("%24s: %s\n", "Modifier", str); + free(str); + unparse_flags (princ->attributes, kdb_attrs, buf, sizeof(buf)); + printf("%24s: %s\n", "Attributes", buf); + printf("\n"); +} + +int +get_entry(int argc, char **argv) +{ + kadm5_principal_ent_rec princ; + krb5_error_code ret; + krb5_principal princ_ent; + int i; + + for(i = 1; i < argc; i++){ + memset(&princ, 0, sizeof(princ)); + ret = krb5_parse_name(context, argv[i], &princ_ent); + if(ret){ + krb5_warn(context, ret, "krb5_parse_name(%s)", argv[i]); + continue; + } + ret = kadm5_get_principal(kadm_handle, princ_ent, + &princ, KADM5_PRINCIPAL_NORMAL_MASK); + krb5_free_principal(context, princ_ent); + if(ret) + krb5_warn(context, ret, "%s", argv[i]); + else { + print_entry(&princ); + kadm5_free_principal_ent(kadm_handle, &princ); + } + } + return 0; +} + diff --git a/kadmin/kadmin.c b/kadmin/kadmin.c new file mode 100644 index 000000000..6d6dd8f3b --- /dev/null +++ b/kadmin/kadmin.c @@ -0,0 +1,147 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadmin_locl.h" +#include + +RCSID("$Id$"); + +static char *config_file; +static char *keyfile; +static int help_flag; +static int version_flag; + +static struct getargs args[] = { + { + "config-file", 'c', arg_string, &config_file, + "location of config file", "file" + }, + { + "key-file", 'k', arg_string, &keyfile, + "location of master key file", "file" + }, + { "help", 'h', arg_flag, &help_flag }, + { "version", 'v', arg_flag, &version_flag } +}; + +static int num_args = sizeof(args) / sizeof(args[0]); + +static SL_cmd commands[] = { + { "add_new_key", add_new_key, "add_new_key principal"}, + { "ank"}, + { "cpw", cpw_entry, "cpw_entry principal..."}, + { "change_password"}, + { "passwd"}, + { "del_entry", del_entry, "del_entry principal..."}, + { "delete" }, + { "ext_keytab", ext_keytab, "ext_keytab principal..."}, + { "get_entry", get_entry, "get_entry principal"}, + { "help", help, "help"}, + { "?"}, + { "exit", exit_kadmin, "exit"}, + { NULL} +}; + +krb5_context context; +void *kadm_handle; + +int +help(int argc, char **argv) +{ + sl_help(commands, argc, argv); + return 0; +} + +int +exit_kadmin (int argc, char **argv) +{ + return 1; +} + +static void +usage(int ret) +{ + arg_printusage (args, num_args, ""); + exit (ret); +} + +int +main(int argc, char **argv) +{ + krb5_error_code ret; + krb5_config_section *cf; + int optind = 0; + int e; + + set_progname(argv[0]); + + krb5_init_context(&context); + + while((e = getarg(args, num_args, argc, argv, &optind))) + warnx("error at argument `%s'", argv[optind]); + + if (help_flag) + usage (0); + + if (version_flag) + krb5_errx(context, 0, "%s", heimdal_version); + + argc -= optind; + argv += optind; + + if (config_file == NULL) + config_file = HDB_DB_DIR "/kdc.conf"; + + if(krb5_config_parse_file(config_file, &cf) == 0) { + const char *p = krb5_config_get_string (cf, "kdc", "key-file", NULL); + if (p) + keyfile = strdup(p); + } + + ret = kadm5_init_with_password_ctx(context, + "client", + "password", + "service", + NULL, 0, 0, + &kadm_handle); + + if (argc != 0) + exit(sl_command(commands, argc, argv)); + + return sl_loop(commands, "kadmin> ") != 0; +} diff --git a/kadmin/kadmin_locl.h b/kadmin/kadmin_locl.h new file mode 100644 index 000000000..6dd492e9a --- /dev/null +++ b/kadmin/kadmin_locl.h @@ -0,0 +1,101 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id$ + */ + +#ifndef __ADMIN_LOCL_H__ +#define __ADMIN_LOCL_H__ + +#ifdef HAVE_CONFIG_H +#include +#endif +#include +#include +#include +#include +#include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_FCNTL_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_NETINET_IN6_H +#include +#endif +#ifdef HAVE_NETINET6_IN6_H +#include +#endif + +#ifdef HAVE_NETDB_H +#include +#endif +#include +#include +#include +#include +#include +#include +#include + +#include "hdb.h" + +extern krb5_context context; +extern void * kadm_handle; + +#define DECL(X) int X(int, char **) + +DECL(add_new_key); +DECL(cpw_entry); +DECL(del_entry); +DECL(ext_keytab); +DECL(get_entry); +DECL(help); +DECL(exit_kadmin); + +#define ALLOC(X) ((X) = malloc(sizeof(*(X)))) + +#endif /* __ADMIN_LOCL_H__ */