oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
Files
92e5a4b7e56f52bd803081b7dc3d7f23b19b7a91
heimdal/kadmin/kadmin.c
Nicolas Williams 5859bc3bdf kadmin: add --hdb / -H argument 
Makes it possible to

 $ kadmin -l -H /tmp/hdb init FOO.EXAMPLE

rather than being able to only init /var/heimdal/heimdal.
2019-10-03 13:09:18 -05:00

310 lines
8.2 KiB
C
Raw Blame History

/*
* Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kadmin_locl.h"
#include "kadmin-commands.h"
#include <sl.h>
static char *config_file;
static char *keyfile;
int local_flag;
static int ad_flag;
static int help_flag;
static int version_flag;
static char *hdb;
static char *realm;
static char *admin_server;
static int server_port = 0;
static char *client_name;
static char *keytab;
static char *check_library = NULL;
static char *check_function = NULL;
static getarg_strings policy_libraries = { 0, NULL };
static struct getargs args[] = {
{ "principal", 'p', arg_string, &client_name,
"principal to authenticate as", NULL },
{ "keytab", 'K', arg_string, &keytab,
"keytab for authentication principal", NULL },
{
"config-file", 'c', arg_string, &config_file,
"location of config file", "file"
},
{
"key-file", 'k', arg_string, &keyfile,
"location of master key file", "file"
},
{
"hdb", 'H', arg_string, &hdb,
"HDB to use", "hdb"
},
{
"realm", 'r', arg_string, &realm,
"realm to use", "realm"
},
{
"admin-server", 'a', arg_string, &admin_server,
"server to contact", "host"
},
{
"server-port", 's', arg_integer, &server_port,
"port to use", "port number"
},
{ "ad", 0, arg_flag, &ad_flag, "active directory admin mode",
NULL },
#ifdef HAVE_DLOPEN
{ "check-library", 0, arg_string, &check_library,
"library to load password check function from", "library" },
{ "check-function", 0, arg_string, &check_function,
"password check function to load", "function" },
{ "policy-libraries", 0, arg_strings, &policy_libraries,
"password check function to load", "function" },
#endif
{ "local", 'l', arg_flag, &local_flag, "local admin mode", NULL },
{ "help", 'h', arg_flag, &help_flag, NULL, NULL },
{ "version", 'v', arg_flag, &version_flag, NULL, NULL }
};
static int num_args = sizeof(args) / sizeof(args[0]);
krb5_context context;
void *kadm_handle;
int
help(void *opt, int argc, char **argv)
{
sl_slc_help(commands, argc, argv);
return 0;
}
static int exit_seen = 0;
int
exit_kadmin (void *opt, int argc, char **argv)
{
exit_seen = 1;
return 0;
}
int
lock(void *opt, int argc, char **argv)
{
return kadm5_lock(kadm_handle);
}
int
unlock(void *opt, int argc, char **argv)
{
return kadm5_unlock(kadm_handle);
}
static void
usage(int ret)
{
arg_printusage (args, num_args, NULL, "[command]");
exit (ret);
}
int
get_privs(void *opt, int argc, char **argv)
{
uint32_t privs;
char str[128];
kadm5_ret_t ret;
ret = kadm5_get_privs(kadm_handle, &privs);
if(ret)
krb5_warn(context, ret, "kadm5_get_privs");
else{
ret =_kadm5_privs_to_string(privs, str, sizeof(str));
if (ret == 0)
printf("%s\n", str);
else
printf("privs: 0x%x\n", (unsigned int)privs);
}
return 0;
}
int
main(int argc, char **argv)
{
krb5_error_code ret;
char **files;
kadm5_config_params conf;
int optidx = 0;
int exit_status = 0;
int aret;
setprogname(argv[0]);
ret = krb5_init_context(&context);
if (ret)
errx (1, "krb5_init_context failed: %d", ret);
if(getarg(args, num_args, argc, argv, &optidx))
usage(1);
if (help_flag)
usage (0);
if (version_flag) {
print_version(NULL);
exit(0);
}
argc -= optidx;
argv += optidx;
if (config_file == NULL) {
aret = asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
if (aret == -1)
errx(1, "out of memory");
}
ret = krb5_prepend_config_files_default(config_file, &files);
if (ret)
krb5_err(context, 1, ret, "getting configuration files");
ret = krb5_set_config_files(context, files);
krb5_free_config_files(files);
if(ret)
krb5_err(context, 1, ret, "reading configuration files");
memset(&conf, 0, sizeof(conf));
if(realm) {
krb5_set_default_realm(context, realm); /* XXX should be fixed
some other way */
conf.realm = realm;
conf.mask |= KADM5_CONFIG_REALM;
}
if (hdb) {
conf.dbname = hdb;
conf.mask |= KADM5_CONFIG_DBNAME;
}
if (admin_server) {
conf.admin_server = admin_server;
conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
}
if (server_port) {
conf.kadmind_port = htons(server_port);
conf.mask |= KADM5_CONFIG_KADMIND_PORT;
}
if (keyfile) {
conf.stash_file = keyfile;
conf.mask |= KADM5_CONFIG_STASH_FILE;
}
if(local_flag) {
int i;
kadm5_setup_passwd_quality_check (context,
check_library, check_function);
for (i = 0; i < policy_libraries.num_strings; i++) {
ret = kadm5_add_passwd_quality_verifier(context,
policy_libraries.strings[i]);
if (ret)
krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
}
ret = kadm5_add_passwd_quality_verifier(context, NULL);
if (ret)
krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
ret = kadm5_s_init_with_password_ctx(context,
KADM5_ADMIN_SERVICE,
NULL,
KADM5_ADMIN_SERVICE,
&conf, 0, 0,
&kadm_handle);
} else if (ad_flag) {
if (client_name == NULL)
krb5_errx(context, 1, "keytab mode require principal name");
ret = kadm5_ad_init_with_password_ctx(context,
client_name,
NULL,
KADM5_ADMIN_SERVICE,
&conf, 0, 0,
&kadm_handle);
} else if (keytab) {
if (client_name == NULL)
krb5_errx(context, 1, "keytab mode require principal name");
ret = kadm5_c_init_with_skey_ctx(context,
client_name,
keytab,
KADM5_ADMIN_SERVICE,
&conf, 0, 0,
&kadm_handle);
} else
ret = kadm5_c_init_with_password_ctx(context,
client_name,
NULL,
KADM5_ADMIN_SERVICE,
&conf, 0, 0,
&kadm_handle);
if(ret)
krb5_err(context, 1, ret, "kadm5_init_with_password");
signal(SIGINT, SIG_IGN); /* ignore signals for now, the sl command
parser will handle SIGINT its own way;
we should really take care of this in
each function, f.i `get' might be
interruptable, but not `create' */
if (argc != 0) {
ret = sl_command (commands, argc, argv);
if(ret == -1)
sl_did_you_mean(commands, argv[0]);
else if (ret == -2)
ret = 0;
if(ret != 0)
exit_status = 1;
} else {
while(!exit_seen) {
ret = sl_command_loop(commands, "kadmin> ", NULL);
if (ret == -2)
exit_seen = 1;
else if (ret != 0)
exit_status = 1;
}
}
kadm5_destroy(kadm_handle);
krb5_free_context(context);
return exit_status;
}
Reference in New Issue View Git Blame Copy Permalink