summaryrefslogtreecommitdiffstats
path: root/ipa-client
diff options
context:
space:
mode:
Diffstat (limited to 'ipa-client')
-rw-r--r--ipa-client/Makefile.am1
-rw-r--r--ipa-client/config.c35
-rw-r--r--ipa-client/ipa-getkeytab.c180
-rw-r--r--ipa-client/ipa-join.c165
-rw-r--r--ipa-client/ipa-rmkeytab.c82
5 files changed, 318 insertions, 145 deletions
diff --git a/ipa-client/Makefile.am b/ipa-client/Makefile.am
index 3f3c13b1a..2fc45be25 100644
--- a/ipa-client/Makefile.am
+++ b/ipa-client/Makefile.am
@@ -12,6 +12,7 @@ INCLUDES = \
-DLIBDIR=\""$(libdir)"\" \
-DLIBEXECDIR=\""$(libexecdir)"\" \
-DDATADIR=\""$(datadir)"\" \
+ -DLOCALEDIR=\""$(localedir)"\" \
$(KRB5_CFLAGS) \
$(OPENLDAP_CFLAGS) \
$(MOZLDAP_CFLAGS) \
diff --git a/ipa-client/config.c b/ipa-client/config.c
index c32946ed6..69bd9cb33 100644
--- a/ipa-client/config.c
+++ b/ipa-client/config.c
@@ -37,6 +37,11 @@
#include <stdlib.h>
#include <ctype.h>
+#include <errno.h>
+#include "config.h"
+#include <libintl.h>
+#define _(STRING) gettext(STRING)
+
char *
read_config_file(const char *filename)
{
@@ -47,14 +52,14 @@ read_config_file(const char *filename)
fd = open(filename, O_RDONLY);
if (fd == -1) {
- fprintf(stderr, "cannot open configuration file %s\n", filename);
+ fprintf(stderr, _("cannot open configuration file %s\n"), filename);
return NULL;
}
/* stat() the file so we know the size and can pre-allocate the right
* amount of memory. */
if (fstat(fd, &st) == -1) {
- fprintf(stderr, "cannot stat() configuration file %s\n", filename);
+ fprintf(stderr, _("cannot stat() configuration file %s\n"), filename);
return NULL;
}
left = st.st_size;
@@ -67,7 +72,7 @@ read_config_file(const char *filename)
if (res == 0)
break;
if (res < 0) {
- fprintf(stderr, "read error\n");
+ fprintf(stderr, _("read error\n"));
close(fd);
free(dest);
return NULL;
@@ -159,3 +164,27 @@ get_config_entry(char * in_data, const char *section, const char *key)
free(data);
return NULL;
}
+
+int init_gettext(void)
+{
+ char *c;
+
+ c = setlocale(LC_ALL, "");
+ if (!c) {
+ return EIO;
+ }
+
+ errno = 0;
+ c = bindtextdomain(PACKAGE, LOCALEDIR);
+ if (c == NULL) {
+ return errno;
+ }
+
+ errno = 0;
+ c = textdomain(PACKAGE);
+ if (c == NULL) {
+ return errno;
+ }
+
+ return 0;
+}
diff --git a/ipa-client/ipa-getkeytab.c b/ipa-client/ipa-getkeytab.c
index b8701c554..a54c57c7e 100644
--- a/ipa-client/ipa-getkeytab.c
+++ b/ipa-client/ipa-getkeytab.c
@@ -40,6 +40,10 @@
#include <sasl/sasl.h>
#include <popt.h>
+#include "config.h"
+#include <libintl.h>
+#define _(STRING) gettext(STRING)
+
/* Salt types */
#define NO_SALT -1
#define KRB5_KDB_SALTTYPE_NORMAL 0
@@ -131,7 +135,7 @@ static int prep_ksdata(krb5_context krbctx, const char *str,
krberr = krb5_get_permitted_enctypes(krbctx, &ktypes);
if (krberr) {
- fprintf(stderr, "No system preferred enctypes ?!\n");
+ fprintf(stderr, _("No system preferred enctypes ?!\n"));
return 0;
}
@@ -139,7 +143,7 @@ static int prep_ksdata(krb5_context krbctx, const char *str,
ksdata = calloc(n + 1, sizeof(struct krb_key_salt));
if (NULL == ksdata) {
- fprintf(stderr, "Out of memory!?\n");
+ fprintf(stderr, _("Out of memory!?\n"));
return 0;
}
@@ -157,7 +161,7 @@ static int prep_ksdata(krb5_context krbctx, const char *str,
t = tmp = strdup(str);
if (!tmp) {
- fprintf(stderr, "Out of memory\n");
+ fprintf(stderr, _("Out of memory\n"));
return 0;
}
@@ -172,7 +176,7 @@ static int prep_ksdata(krb5_context krbctx, const char *str,
/* at the end we will have at most n entries + 1 terminating */
ksdata = calloc(n + 1, sizeof(struct krb_key_salt));
if (!ksdata) {
- fprintf(stderr, "Out of memory\n");
+ fprintf(stderr, _("Out of memory\n"));
return 0;
}
@@ -187,7 +191,7 @@ static int prep_ksdata(krb5_context krbctx, const char *str,
krberr = krb5_string_to_enctype(t, &ksdata[j].enctype);
if (krberr != 0) {
fprintf(stderr,
- "Warning unrecognized encryption type: [%s]\n", t);
+ _("Warning unrecognized encryption type: [%s]\n"), t);
t = p+1;
continue;
}
@@ -201,7 +205,8 @@ static int prep_ksdata(krb5_context krbctx, const char *str,
krberr = krb5_string_to_salttype(q, &ksdata[j].salttype);
if (krberr != 0) {
- fprintf(stderr, "Warning unrecognized salt type: [%s]\n", q);
+ fprintf(stderr,
+ _("Warning unrecognized salt type: [%s]\n"), q);
continue;
}
@@ -227,7 +232,7 @@ static int prep_ksdata(krb5_context krbctx, const char *str,
&similar);
if (krberr) {
free_keys_contents(krbctx, keys);
- fprintf(stderr, "Enctype comparison failed!\n");
+ fprintf(stderr, _("Enctype comparison failed!\n"));
return 0;
}
if (similar &&
@@ -289,7 +294,7 @@ static int create_keys(krb5_context krbctx,
ksdata[i].enctype,
&ksdata[i].key);
if (krberr) {
- fprintf(stderr, "Failed to create random key!\n");
+ fprintf(stderr, _("Failed to create random key!\n"));
return 0;
}
/* set the salt to NO_SALT as the key was random */
@@ -302,14 +307,14 @@ static int create_keys(krb5_context krbctx,
case KRB5_KDB_SALTTYPE_ONLYREALM:
krberr = krb5_copy_data(krbctx, realm, &salt);
if (krberr) {
- fprintf(stderr, "Failed to create key!\n");
+ fprintf(stderr, _("Failed to create key!\n"));
return 0;
}
ksdata[i].salt.length = salt->length;
ksdata[i].salt.data = malloc(salt->length);
if (!ksdata[i].salt.data) {
- fprintf(stderr, "Out of memory!\n");
+ fprintf(stderr, _("Out of memory!\n"));
return 0;
}
memcpy(ksdata[i].salt.data, salt->data, salt->length);
@@ -319,7 +324,7 @@ static int create_keys(krb5_context krbctx,
case KRB5_KDB_SALTTYPE_NOREALM:
krberr = krb5_principal2salt_norealm(krbctx, princ, &ksdata[i].salt);
if (krberr) {
- fprintf(stderr, "Failed to create key!\n");
+ fprintf(stderr, _("Failed to create key!\n"));
return 0;
}
break;
@@ -327,7 +332,7 @@ static int create_keys(krb5_context krbctx,
case KRB5_KDB_SALTTYPE_NORMAL:
krberr = krb5_principal2salt(krbctx, princ, &ksdata[i].salt);
if (krberr) {
- fprintf(stderr, "Failed to create key!\n");
+ fprintf(stderr, _("Failed to create key!\n"));
return 0;
}
break;
@@ -342,7 +347,7 @@ static int create_keys(krb5_context krbctx,
*/
ksdata[i].salt.data = (char *)malloc(realm->length + 1);
if (NULL == ksdata[i].salt.data) {
- fprintf(stderr, "Out of memory!\n");
+ fprintf(stderr, _("Out of memory!\n"));
return 0;
}
memcpy((char *)ksdata[i].salt.data,
@@ -353,7 +358,7 @@ static int create_keys(krb5_context krbctx,
break;
default:
- fprintf(stderr, "Bad or unsupported salt type (%d)!\n",
+ fprintf(stderr, _("Bad or unsupported salt type (%d)!\n"),
ksdata[i].salttype);
return 0;
}
@@ -364,7 +369,7 @@ static int create_keys(krb5_context krbctx,
&ksdata[i].salt,
&ksdata[i].key);
if (krberr) {
- fprintf(stderr, "Failed to create key!\n");
+ fprintf(stderr, _("Failed to create key!\n"));
return 0;
}
@@ -473,7 +478,7 @@ int filter_keys(krb5_context krbctx, struct keys_container *keys,
}
if (n == 0) {
- fprintf(stderr, "No keys accepted by KDC\n");
+ fprintf(stderr, _("No keys accepted by KDC\n"));
return 0;
}
@@ -488,7 +493,7 @@ static int ipa_ldap_init(LDAP ** ld, const char * scheme, const char * servernam
url = (char *)malloc (url_len);
if (!url){
- fprintf(stderr, "Out of memory \n");
+ fprintf(stderr, _("Out of memory \n"));
return LDAP_NO_MEMORY;
}
sprintf(url,"%s://%s:%d",scheme,servername,port);
@@ -526,14 +531,14 @@ static int ldap_set_keytab(krb5_context krbctx,
/* cant' return more than nkeys, sometimes less */
encs = calloc(keys->nkeys + 1, sizeof(ber_int_t));
if (!encs) {
- fprintf(stderr, "Out of Memory!\n");
+ fprintf(stderr, _("Out of Memory!\n"));
return 0;
}
/* build password change control */
control = create_key_control(keys, principal_name);
if (!control) {
- fprintf(stderr, "Failed to create control!\n");
+ fprintf(stderr, _("Failed to create control!\n"));
goto error_out;
}
@@ -557,21 +562,21 @@ static int ldap_set_keytab(krb5_context krbctx,
}
if(ld == NULL) {
- fprintf(stderr, "Unable to initialize ldap library!\n");
+ fprintf(stderr, _("Unable to initialize ldap library!\n"));
goto error_out;
}
version = LDAP_VERSION3;
ret = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
if (ret != LDAP_SUCCESS) {
- fprintf(stderr, "Unable to set ldap options!\n");
+ fprintf(stderr, _("Unable to set ldap options!\n"));
goto error_out;
}
if (binddn) {
ret = ldap_bind_s(ld, binddn, bindpw, LDAP_AUTH_SIMPLE);
if (ret != LDAP_SUCCESS) {
- fprintf(stderr, "Simple bind failed\n");
+ fprintf(stderr, _("Simple bind failed\n"));
goto error_out;
}
} else {
@@ -581,7 +586,7 @@ static int ldap_set_keytab(krb5_context krbctx,
LDAP_SASL_QUIET,
ldap_sasl_interact, princ);
if (ret != LDAP_SUCCESS) {
- fprintf(stderr, "SASL Bind failed!\n");
+ fprintf(stderr, _("SASL Bind failed!\n"));
goto error_out;
}
}
@@ -597,7 +602,8 @@ static int ldap_set_keytab(krb5_context krbctx,
control, NULL, NULL,
&msgid);
if (ret != LDAP_SUCCESS) {
- fprintf(stderr, "Operation failed! %s\n", ldap_err2string(ret));
+ fprintf(stderr, _("Operation failed! %s\n"),
+ ldap_err2string(ret));
goto error_out;
}
@@ -609,24 +615,27 @@ static int ldap_set_keytab(krb5_context krbctx,
ret = ldap_result(ld, msgid, 1, &tv, &res);
if (ret == -1) {
- fprintf(stderr, "Operation failed! %s\n", ldap_err2string(ret));
+ fprintf(stderr, _("Operation failed! %s\n"),
+ ldap_err2string(ret));
goto error_out;
}
ret = ldap_parse_extended_result(ld, res, &retoid, &retdata, 0);
if(ret != LDAP_SUCCESS) {
- fprintf(stderr, "Operation failed! %s\n", ldap_err2string(ret));
+ fprintf(stderr, _("Operation failed! %s\n"),
+ ldap_err2string(ret));
goto error_out;
}
ret = ldap_parse_result(ld, res, &rc, NULL, &err, NULL, &srvctrl, 0);
if(ret != LDAP_SUCCESS || rc != LDAP_SUCCESS) {
- fprintf(stderr, "Operation failed! %s\n", err?err:ldap_err2string(ret));
+ fprintf(stderr, _("Operation failed! %s\n"),
+ err ? err : ldap_err2string(ret));
goto error_out;
}
if (!srvctrl) {
- fprintf(stderr, "Missing reply control!\n");
+ fprintf(stderr, _("Missing reply control!\n"));
goto error_out;
}
@@ -636,14 +645,14 @@ static int ldap_set_keytab(krb5_context krbctx,
}
}
if (!pprc) {
- fprintf(stderr, "Missing reply control!\n");
+ fprintf(stderr, _("Missing reply control!\n"));
goto error_out;
}
sctrl = ber_init(&pprc->ldctl_value);
if (!sctrl) {
- fprintf(stderr, "ber_init() failed, Invalid control ?!\n");
+ fprintf(stderr, _("ber_init() failed, Invalid control ?!\n"));
goto error_out;
}
@@ -662,7 +671,7 @@ static int ldap_set_keytab(krb5_context krbctx,
rtag = ber_scanf(sctrl, "{i{", &kvno);
if (rtag == LBER_ERROR) {
- fprintf(stderr, "ber_scanf() failed, Invalid control ?!\n");
+ fprintf(stderr, _("ber_scanf() failed, Invalid control ?!\n"));
goto error_out;
}
@@ -703,13 +712,13 @@ static char *ask_password(krb5_context krbctx)
k5d_pw0.length = sizeof(pw0);
k5d_pw0.data = pw0;
- ap_prompts[0].prompt = "New Principal Password";
+ ap_prompts[0].prompt = _("New Principal Password");
ap_prompts[0].hidden = 1;
ap_prompts[0].reply = &k5d_pw0;
k5d_pw1.length = sizeof(pw1);
k5d_pw1.data = pw1;
- ap_prompts[1].prompt = "Verify Principal Password";
+ ap_prompts[1].prompt = _("Verify Principal Password");
ap_prompts[1].hidden = 1;
ap_prompts[1].reply = &k5d_pw1;
@@ -718,7 +727,7 @@ static char *ask_password(krb5_context krbctx)
2, ap_prompts);
if (strcmp(pw0, pw1)) {
- fprintf(stderr, "Passwords do not match!");
+ fprintf(stderr, _("Passwords do not match!"));
return NULL;
}
@@ -730,6 +739,30 @@ static char *ask_password(krb5_context krbctx)
return password;
}
+int init_gettext(void)
+{
+ char *c;
+
+ c = setlocale(LC_ALL, "");
+ if (!c) {
+ return EIO;
+ }
+
+ errno = 0;
+ c = bindtextdomain(PACKAGE, LOCALEDIR);
+ if (c == NULL) {
+ return errno;
+ }
+
+ errno = 0;
+ c = textdomain(PACKAGE);
+ if (c == NULL) {
+ return errno;
+ }
+
+ return 0;
+}
+
int main(int argc, char *argv[])
{
static const char *server = NULL;
@@ -742,17 +775,31 @@ int main(int argc, char *argv[])
int askpass = 0;
int permitted_enctypes = 0;
struct poptOption options[] = {
- { "quiet", 'q', POPT_ARG_NONE, &quiet, 0, "Print as little as possible", "Output only on errors"},
- { "server", 's', POPT_ARG_STRING, &server, 0, "Contact this specific KDC Server", "Server Name" },
- { "principal", 'p', POPT_ARG_STRING, &principal, 0, "The principal to get a keytab for (ex: ftp/ftp.example.com@EXAMPLE.COM)", "Kerberos Service Principal Name" },
- { "keytab", 'k', POPT_ARG_STRING, &keytab, 0, "File were to store the keytab information", "Keytab File Name" },
- { "enctypes", 'e', POPT_ARG_STRING, &enctypes_string, 0, "Encryption types to request", "Comma separated encryption types list" },
- { "permitted-enctypes", 0, POPT_ARG_NONE, &permitted_enctypes, 0, "Show the list of permitted encryption types and exit", "Permitted Encryption Types"},
- { "password", 'P', POPT_ARG_NONE, &askpass, 0, "Asks for a non-random password to use for the principal" },
- { "binddn", 'D', POPT_ARG_STRING, &binddn, 0, "LDAP DN", "DN to bind as if not using kerberos" },
- { "bindpw", 'w', POPT_ARG_STRING, &bindpw, 0, "LDAP password", "password to use if not using kerberos" },
- POPT_AUTOHELP
- POPT_TABLEEND
+ { "quiet", 'q', POPT_ARG_NONE, &quiet, 0,
+ _("Print as little as possible"), _("Output only on errors")},
+ { "server", 's', POPT_ARG_STRING, &server, 0,
+ _("Contact this specific KDC Server"),
+ _("Server Name") },
+ { "principal", 'p', POPT_ARG_STRING, &principal, 0,
+ _("The principal to get a keytab for (ex: ftp/ftp.example.com@EXAMPLE.COM)"),
+ _("Kerberos Service Principal Name") },
+ { "keytab", 'k', POPT_ARG_STRING, &keytab, 0,
+ _("File were to store the keytab information"),
+ _("Keytab File Name") },
+ { "enctypes", 'e', POPT_ARG_STRING, &enctypes_string, 0,
+ _("Encryption types to request"),
+ _("Comma separated encryption types list") },
+ { "permitted-enctypes", 0, POPT_ARG_NONE, &permitted_enctypes, 0,
+ _("Show the list of permitted encryption types and exit"),
+ _("Permitted Encryption Types") },
+ { "password", 'P', POPT_ARG_NONE, &askpass, 0,
+ _("Asks for a non-random password to use for the principal") },
+ { "binddn", 'D', POPT_ARG_STRING, &binddn, 0,
+ _("LDAP DN"), _("DN to bind as if not using kerberos") },
+ { "bindpw", 'w', POPT_ARG_STRING, &bindpw, 0,
+ _("LDAP password"), _("password to use if not using kerberos") },
+ POPT_AUTOHELP
+ POPT_TABLEEND
};
poptContext pc;
char *ktname;
@@ -768,9 +815,14 @@ int main(int argc, char *argv[])
int kvno;
int i, ret;
+ ret = init_gettext();
+ if (ret) {
+ exit(1);
+ }
+
krberr = krb5_init_context(&krbctx);
if (krberr) {
- fprintf(stderr, "Kerberos context initialization failed\n");
+ fprintf(stderr, _("Kerberos context initialization failed\n"));
exit(1);
}
@@ -783,14 +835,15 @@ int main(int argc, char *argv[])
krberr = krb5_get_permitted_enctypes(krbctx, &ktypes);
if (krberr) {
- fprintf(stderr, "No system preferred enctypes ?!\n");
+ fprintf(stderr, _("No system preferred enctypes ?!\n"));
exit(1);
}
- fprintf(stdout, "Supported encryption types:\n");
+ fprintf(stdout, _("Supported encryption types:\n"));
for (i = 0; ktypes[i]; i++) {
krberr = krb5_enctype_to_string(ktypes[i], enc, 79);
if (krberr) {
- fprintf(stderr, "Warning: failed to convert type (#%d)\n", i);
+ fprintf(stderr, _("Warning: "
+ "failed to convert type (#%d)\n"), i);
continue;
}
fprintf(stdout, "%s\n", enc);
@@ -807,7 +860,8 @@ int main(int argc, char *argv[])
}
if (NULL!=binddn && NULL==bindpw) {
- fprintf(stderr, "Bind password required when using a bind DN.\n");
+ fprintf(stderr,
+ _("Bind password required when using a bind DN.\n"));
if (!quiet)
poptPrintUsage(pc, stderr, 0);
exit(10);
@@ -820,7 +874,8 @@ int main(int argc, char *argv[])
}
} else if (enctypes_string && strchr(enctypes_string, ':')) {
if (!quiet) {
- fprintf(stderr, "Warning: salt types are not honored with randomized passwords (see opt. -P)\n");
+ fprintf(stderr, _("Warning: salt types are not honored"
+ " with randomized passwords (see opt. -P)\n"));
}
}
@@ -831,36 +886,38 @@ int main(int argc, char *argv[])
krberr = krb5_parse_name(krbctx, principal, &sprinc);
if (krberr) {
- fprintf(stderr, "Invalid Service Principal Name\n");
+ fprintf(stderr, _("Invalid Service Principal Name\n"));
exit(4);
}
if (NULL == bindpw) {
krberr = krb5_cc_default(krbctx, &ccache);
if (krberr) {
- fprintf(stderr, "Kerberos Credential Cache not found\n"
- "Do you have a Kerberos Ticket?\n");
+ fprintf(stderr,
+ _("Kerberos Credential Cache not found. "
+ "Do you have a Kerberos Ticket?\n"));
exit(5);
}
krberr = krb5_cc_get_principal(krbctx, ccache, &uprinc);
if (krberr) {
- fprintf(stderr, "Kerberos User Principal not found\n"
- "Do you have a valid Credential Cache?\n");
+ fprintf(stderr,
+ _("Kerberos User Principal not found. "
+ "Do you have a valid Credential Cache?\n"));
exit(6);
}
}
krberr = krb5_kt_resolve(krbctx, ktname, &kt);
if (krberr) {
- fprintf(stderr, "Failed to open Keytab\n");
+ fprintf(stderr, _("Failed to open Keytab\n"));
exit(7);
}
/* create key material */
ret = create_keys(krbctx, sprinc, password, enctypes_string, &keys);
if (!ret) {
- fprintf(stderr, "Failed to create key material\n");
+ fprintf(stderr, _("Failed to create key material\n"));
exit(8);
}
@@ -878,7 +935,8 @@ int main(int argc, char *argv[])
krberr = krb5_kt_add_entry(krbctx, kt, &kt_entry);
if (krberr) {
- fprintf(stderr, "Failed to add key to the keytab\n");
+ fprintf(stderr,
+ _("Failed to add key to the keytab\n"));
exit (11);
}
}
@@ -887,13 +945,13 @@ int main(int argc, char *argv[])
krberr = krb5_kt_close(krbctx, kt);
if (krberr) {
- fprintf(stderr, "Failed to close the keytab\n");
+ fprintf(stderr, _("Failed to close the keytab\n"));
exit (12);
}
if (!quiet) {
fprintf(stderr,
- "Keytab successfully retrieved and stored in: %s\n",
+ _("Keytab successfully retrieved and stored in: %s\n"),
keytab);
}
exit(0);
diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c
index c8bf421a2..e67f29b81 100644
--- a/ipa-client/ipa-join.c
+++ b/ipa-client/ipa-join.c
@@ -38,6 +38,9 @@
#include "xmlrpc-c/base.h"
#include "xmlrpc-c/client.h"
+#include <libintl.h>
+#define _(STRING) gettext(STRING)
+
#define NAME "ipa-join"
#define VERSION "1.0"
@@ -60,7 +63,8 @@ handle_fault(xmlrpc_env * const envP) {
if (envP->fault_occurred) {
switch(envP->fault_code) {
case 2100: /* unable to add new host entry or write objectClass */
- fprintf(stderr, "No permission to join this host to the IPA domain.\n");
+ fprintf(stderr,
+ _("No permission to join this host to the IPA domain.\n"));
break;
default:
fprintf(stderr, "%s\n", envP->fault_string);
@@ -96,7 +100,9 @@ static int check_perms(const char *keytab)
if (ret == -1) {
switch(errno) {
case EACCES:
- fprintf(stderr, "No write permissions on keytab file '%s'\n", keytab);
+ fprintf(stderr,
+ _("No write permissions on keytab file '%s'\n"),
+ keytab);
break;
case ENOENT:
/* file doesn't exist, lets touch it and see if writable */
@@ -106,10 +112,14 @@ static int check_perms(const char *keytab)
unlink(keytab);
return 0;
}
- fprintf(stderr, "No write permissions on keytab file '%s'\n", keytab);
+ fprintf(stderr,
+ _("No write permissions on keytab file '%s'\n"),
+ keytab);
break;
default:
- fprintf(stderr, "access() on %s failed: errno = %d\n", keytab, errno);
+ fprintf(stderr,
+ _("access() on %s failed: errno = %d\n"),
+ keytab, errno);
break;
}
return 1;
@@ -187,13 +197,13 @@ connect_ldap(const char *hostname, const char *binddn, const char *bindpw) {
ld = (LDAP *)ldap_init(hostname, 636);
if (ldap_set_option(ld, LDAP_OPT_X_TLS, &ssl) != LDAP_OPT_SUCCESS) {
- fprintf(stderr, "Unable to enable SSL in LDAP\n");
+ fprintf(stderr, _("Unable to enable SSL in LDAP\n"));
goto fail;
}
ret = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
if (ret != LDAP_SUCCESS) {
- fprintf(stderr, "Unable to set LDAP version\n");
+ fprintf(stderr, _("Unable to set LDAP version\n"));
goto fail;
}
@@ -203,7 +213,7 @@ connect_ldap(const char *hostname, const char *binddn, const char *bindpw) {
ldap_get_option(ld, LDAP_OPT_RESULT_CODE, &err);
if (debug)
- fprintf(stderr, "Bind failed: %s\n", ldap_err2string(err));
+ fprintf(stderr, _("Bind failed: %s\n"), ldap_err2string(err));
goto fail;
}
@@ -236,7 +246,7 @@ get_root_dn(const char *ipaserver, char **ldap_base)
NULL, NULL, NULL, 0, &res);
if (ret != LDAP_SUCCESS) {
- fprintf(stderr, "Search for %s on rootdse failed with error %d",
+ fprintf(stderr, _("Search for %s on rootdse failed with error %d"),
root_attrs[0], ret);
rval = 14;
goto done;
@@ -246,7 +256,7 @@ get_root_dn(const char *ipaserver, char **ldap_base)
entry = ldap_first_entry(ld, res);
ncvals = ldap_get_values_len(ld, entry, root_attrs[0]);
if (!ncvals) {
- fprintf(stderr, "No values for %s", root_attrs[0]);
+ fprintf(stderr, _("No values for %s"), root_attrs[0]);
rval = 14;
goto done;
}
@@ -288,7 +298,9 @@ get_subject(const char *ipaserver, char *ldap_base, const char **subject)
NULL, NULL, NULL, 0, &res);
if (ret != LDAP_SUCCESS) {
- fprintf(stderr, "Search for ipaCertificateSubjectBase failed with error %d", ret);
+ fprintf(stderr,
+ _("Search for ipaCertificateSubjectBase failed with error %d"),
+ ret);
rval = 14;
goto done;
}
@@ -296,7 +308,7 @@ get_subject(const char *ipaserver, char *ldap_base, const char **subject)
entry = ldap_first_entry(ld, res);
ncvals = ldap_get_values_len(ld, entry, attrs[0]);
if (!ncvals) {
- fprintf(stderr, "No values for %s", attrs[0]);
+ fprintf(stderr, _("No values for %s"), attrs[0]);
rval = 14;
goto done;
}
@@ -353,21 +365,25 @@ join_ldap(const char *ipaserver, char *hostname, const char ** binddn, const cha
if (get_root_dn(ipaserver, &ldap_base) != 0) {
if (!quiet)
- fprintf(stderr, "Unable to determine root DN of %s\n", ipaserver);
+ fprintf(stderr, _("Unable to determine root DN of %s\n"),
+ ipaserver);
rval = 14;
goto done;
}
if (get_subject(ipaserver, ldap_base, subject) != 0) {
if (!quiet)
- fprintf(stderr, "Unable to determine certificate subject of %s\n", ipaserver);
+ fprintf(stderr,
+ _("Unable to determine certificate subject of %s\n"),
+ ipaserver);
/* Not a critical failure */
}
ld = connect_ldap(ipaserver, NULL, NULL);
if (!ld) {
if (!quiet)
- fprintf(stderr, "Unable to make an LDAP connection to %s\n", ipaserver);
+ fprintf(stderr, _("Unable to make an LDAP connection to %s\n"),
+ ipaserver);
rval = 14;
goto done;
}
@@ -375,26 +391,28 @@ join_ldap(const char *ipaserver, char *hostname, const char ** binddn, const cha
asprintf(&filter, "(fqdn=%s)", hostname);
asprintf(&search_base, "cn=computers,cn=accounts,%s", ldap_base);
if (debug) {
- fprintf(stderr, "Searching with %s in %s\n", filter, search_base);
+ fprintf(stderr, _("Searching with %s in %s\n"), filter, search_base);
}
if ((ret = ldap_search_ext_s(ld, ldap_base, LDAP_SCOPE_SUB,
filter, attrs, 0, NULL, NULL, LDAP_NO_LIMIT,
LDAP_NO_LIMIT, &result)) != LDAP_SUCCESS) {
if (!quiet)
- fprintf(stderr, "ldap_search_ext_s: %s\n", ldap_err2string(ret));
+ fprintf(stderr, _("ldap_search_ext_s: %s\n"),
+ ldap_err2string(ret));
rval = 14;
goto ldap_done;
}
e = ldap_first_entry(ld, result);
if (!e) {
if (!quiet)
- fprintf(stderr, "Unable to find host '%s'\n", hostname);
+ fprintf(stderr, _("Unable to find host '%s'\n"), hostname);
rval = 14;
goto ldap_done;
}
if ((*binddn = ldap_get_dn(ld, e)) == NULL) {
if (!quiet)
- fprintf(stderr, "Unable to get binddn for host '%s'\n", hostname);
+ fprintf(stderr,
+ _("Unable to get binddn for host '%s'\n"), hostname);
rval = 14;
goto ldap_done;
}
@@ -406,7 +424,8 @@ join_ldap(const char *ipaserver, char *hostname, const char ** binddn, const cha
*/
has_principal = 1;
if (debug)
- fprintf(stderr, "Host already has principal, trying bind anyway\n");
+ fprintf(stderr,
+ _("Host already has principal, trying bind anyway\n"));
}
ldap_value_free_len(ncvals);
@@ -420,11 +439,11 @@ join_ldap(const char *ipaserver, char *hostname, const char ** binddn, const cha
if (!ld) {
if (has_principal) {
if (!quiet)
- fprintf(stderr, "Host is already joined.\n");
+ fprintf(stderr, _("Host is already joined.\n"));
rval = 13;
} else {
if (!quiet)
- fprintf(stderr, "Incorrect password.\n");
+ fprintf(stderr, _("Incorrect password.\n"));
rval = 15;
}
goto done;
@@ -435,7 +454,7 @@ join_ldap(const char *ipaserver, char *hostname, const char ** binddn, const cha
if ((rc = ldap_extended_operation_s(ld, JOIN_OID, &valrequest, NULL, NULL, &oidresult, &valresult)) != LDAP_SUCCESS) {
if (!quiet)
- fprintf(stderr, "principal not found in host entry\n");
+ fprintf(stderr, _("principal not found in host entry\n"));
if (debug) ldap_perror(ld, "ldap_extended_operation_s");
rval = 18;
goto ldap_done;
@@ -542,7 +561,7 @@ join_krb5(const char *ipaserver, char *hostname, const char **hostdn, const char
xmlrpc_DECREF(singleprincP);
} else {
if (!quiet)
- fprintf(stderr, "principal not found in XML-RPC response\n");
+ fprintf(stderr, _("principal not found in XML-RPC response\n"));
rval = 12;
goto cleanup;
}
@@ -557,7 +576,7 @@ join_krb5(const char *ipaserver, char *hostname, const char **hostdn, const char
xmlrpc_read_string(&env, singleprincP, &krblastpwdchange);
xmlrpc_DECREF(krblastpwdchangeP);
if (!quiet)
- fprintf(stderr, "Host is already joined.\n");
+ fprintf(stderr, _("Host is already joined.\n"));
rval = 13;
goto cleanup;
}
@@ -624,7 +643,8 @@ unenroll_host(const char *server, const char *hostname, const char *ktname, int
char * conf_data = read_config_file(IPA_CONFIG);
if ((ipaserver = getIPAserver(conf_data)) == NULL) {
if (!quiet)
- fprintf(stderr, "Unable to determine IPA server from %s\n", IPA_CONFIG);
+ fprintf(stderr, _("Unable to determine IPA server from %s\n"),
+ IPA_CONFIG);
exit(1);
}
free(conf_data);
@@ -639,7 +659,8 @@ unenroll_host(const char *server, const char *hostname, const char *ktname, int
if (NULL == strstr(host, ".")) {
if (!quiet)
- fprintf(stderr, "The hostname must be fully-qualified: %s\n", host);
+ fprintf(stderr, _("The hostname must be fully-qualified: %s\n"),
+ host);
rval = 16;
goto cleanup;
}
@@ -647,14 +668,15 @@ unenroll_host(const char *server, const char *hostname, const char *ktname, int
krberr = krb5_init_context(&krbctx);
if (krberr) {
if (!quiet)
- fprintf(stderr, "Unable to join host: Kerberos context initialization failed\n");
+ fprintf(stderr, _("Unable to join host: "
+ "Kerberos context initialization failed\n"));
rval = 1;
goto cleanup;
}
krberr = krb5_kt_resolve(krbctx, ktname, &keytab);
if (krberr != 0) {
if (!quiet)
- fprintf(stderr, "Error resolving keytab: %s.\n",
+ fprintf(stderr, _("Error resolving keytab: %s.\n"),
error_message(krberr));
rval = 7;
goto cleanup;
@@ -664,8 +686,8 @@ unenroll_host(const char *server, const char *hostname, const char *ktname, int
krberr = krb5_parse_name(krbctx, principal, &princ);
if (krberr != 0) {
if (!quiet)
- fprintf(stderr, "Error parsing \"%s\": %s.\n", principal,
- error_message(krberr));
+ fprintf(stderr, _("Error parsing \"%s\": %s.\n"),
+ principal, error_message(krberr));
return krberr;
}
strcpy(tgs, KRB5_TGS_NAME);
@@ -682,7 +704,7 @@ unenroll_host(const char *server, const char *hostname, const char *ktname, int
0, tgs, &gicopts);
if (krberr != 0) {
if (!quiet)
- fprintf(stderr, "Error obtaining initial credentials: %s.\n",
+ fprintf(stderr, _("Error obtaining initial credentials: %s.\n"),
error_message(krberr));
return krberr;
}
@@ -692,14 +714,16 @@ unenroll_host(const char *server, const char *hostname, const char *ktname, int
krberr = krb5_cc_initialize(krbctx, ccache, creds.client);
} else {
if (!quiet)
- fprintf(stderr, "Unable to generate Kerberos Credential Cache\n");
+ fprintf(stderr,
+ _("Unable to generate Kerberos Credential Cache\n"));
rval = 19;
goto cleanup;
}
krberr = krb5_cc_store_cred(krbctx, ccache, &creds);
if (krberr != 0) {
if (!quiet)
- fprintf(stderr, "Error storing creds in credential cache: %s.\n",
+ fprintf(stderr,
+ _("Error storing creds in credential cache: %s.\n"),
error_message(krberr));
return krberr;
}
@@ -742,15 +766,15 @@ unenroll_host(const char *server, const char *hostname, const char *ktname, int
xmlrpc_read_bool(&env, princP, &result);
if (result == 1) {
if (!quiet)
- fprintf(stderr, "Unenrollment successful.\n");
+ fprintf(stderr, _("Unenrollment successful.\n"));
} else {
if (!quiet)
- fprintf(stderr, "Unenrollment failed.\n");
+ fprintf(stderr, _("Unenrollment failed.\n"));
}
xmlrpc_DECREF(princP);
} else {
- fprintf(stderr, "result not found in XML-RPC response\n");
+ fprintf(stderr, _("result not found in XML-RPC response\n"));
rval = 20;
goto cleanup;
}
@@ -796,7 +820,8 @@ join(const char *server, const char *hostname, const char *bindpw, const char *k
} else {
char * conf_data = read_config_file(IPA_CONFIG);
if ((ipaserver = getIPAserver(conf_data)) == NULL) {
- fprintf(stderr, "Unable to determine IPA server from %s\n", IPA_CONFIG);
+ fprintf(stderr, _("Unable to determine IPA server from %s\n"),
+ IPA_CONFIG);
exit(1);
}
free(conf_data);
@@ -810,7 +835,7 @@ join(const char *server, const char *hostname, const char *bindpw, const char *k
}
if (NULL == strstr(host, ".")) {
- fprintf(stderr, "The hostname must be fully-qualified: %s\n", host);
+ fprintf(stderr, _("The hostname must be fully-qualified: %s\n"), host);
rval = 16;
goto cleanup;
}
@@ -820,20 +845,23 @@ join(const char *server, const char *hostname, const char *bindpw, const char *k
else {
krberr = krb5_init_context(&krbctx);
if (krberr) {
- fprintf(stderr, "Unable to join host: Kerberos context initialization failed\n");
+ fprintf(stderr, _("Unable to join host: "
+ "Kerberos context initialization failed\n"));
rval = 1;
goto cleanup;
}
krberr = krb5_cc_default(krbctx, &ccache);
if (krberr) {
- fprintf(stderr, "Unable to join host: Kerberos Credential Cache not found\n");
+ fprintf(stderr, _("Unable to join host:"
+ " Kerberos Credential Cache not found\n"));
rval = 5;
goto cleanup;
}
krberr = krb5_cc_get_principal(krbctx, ccache, &uprinc);
if (krberr) {
- fprintf(stderr, "Unable to join host: Kerberos User Principal not found and host password not provided.\n");
+ fprintf(stderr, _("Unable to join host: Kerberos User Principal "
+ "not found and host password not provided.\n"));
rval = 6;
goto cleanup;
}
@@ -846,7 +874,7 @@ join(const char *server, const char *hostname, const char *bindpw, const char *k
childpid = fork();
if (childpid < 0) {
- fprintf(stderr, "fork() failed\n");
+ fprintf(stderr, _("fork() failed\n"));
rval = 1;
goto cleanup;
}
@@ -874,15 +902,16 @@ join(const char *server, const char *hostname, const char *bindpw, const char *k
err = execv(path, argv);
if (err == -1) {
switch(errno) {
- case ENOENT:
- fprintf(stderr, "ipa-getkeytab not found\n");
- break;
- case EACCES:
- fprintf(stderr, "ipa-getkeytab has bad permissions?\n");
- break;
- default:
- fprintf(stderr, "executing ipa-getkeytab failed, errno %d\n", errno);
- break;
+ case ENOENT:
+ fprintf(stderr, _("ipa-getkeytab not found\n"));
+ break;
+ case EACCES:
+ fprintf(stderr, _("ipa-getkeytab has bad permissions?\n"));
+ break;
+ default:
+ fprintf(stderr, _("executing ipa-getkeytab failed, "
+ "errno %d\n"), errno);
+ break;
}
}
} else {
@@ -892,13 +921,13 @@ join(const char *server, const char *hostname, const char *bindpw, const char *k
if WIFEXITED(status) {
rval = WEXITSTATUS(status);
if (rval != 0) {
- fprintf(stderr, "child exited with %d\n", rval);
+ fprintf(stderr, _("child exited with %d\n"), rval);
}
}
cleanup:
if (NULL != subject)
- fprintf(stderr, "Certificate subject base is: %s\n", subject);
+ fprintf(stderr, _("Certificate subject base is: %s\n"), subject);
free((char *)princ);
free((char *)subject);
@@ -930,19 +959,31 @@ main(int argc, char **argv) {
int quiet = 0;
int unenroll = 0;
struct poptOption options[] = {
- { "debug", 'd', POPT_ARG_NONE, &debug, 0, "Print the raw XML-RPC output", "XML-RPC debugging Output"},
- { "quiet", 'q', POPT_ARG_NONE, &quiet, 0, "Print as little as possible", "Output only on errors"},
- { "unenroll", 'u', POPT_ARG_NONE, &unenroll, 0, "Unenroll this host", "Unenroll this host from IPA server" },
- { "hostname", 'h', POPT_ARG_STRING, &hostname, 0, "Use this hostname instead of the node name", "Host Name" },
- { "server", 's', POPT_ARG_STRING, &server, 0, "IPA Server to use", "IPA Server Name" },
- { "keytab", 'k', POPT_ARG_STRING, &keytab, 0, "File were to store the keytab information", "Keytab File Name" },
- { "bindpw", 'w', POPT_ARG_STRING, &bindpw, 0, "LDAP password", "password to use if not using kerberos" },
- POPT_AUTOHELP
- POPT_TABLEEND
+ { "debug", 'd', POPT_ARG_NONE, &debug, 0,
+ _("Print the raw XML-RPC output"), _("XML-RPC debugging Output") },
+ { "quiet", 'q', POPT_ARG_NONE, &quiet, 0,
+ _("Print as little as possible"), _("Output only on errors") },
+ { "unenroll", 'u', POPT_ARG_NONE, &unenroll, 0,
+ _("Unenroll this host"), _("Unenroll this host from IPA server") },
+ { "hostname", 'h', POPT_ARG_STRING, &hostname, 0,
+ _("Use this hostname instead of the node name"), _("Host Name") },
+ { "server", 's', POPT_ARG_STRING, &server, 0,
+ _("IPA Server to use"), _("IPA Server Name") },
+ { "keytab", 'k', POPT_ARG_STRING, &keytab, 0,
+ _("File were to store the keytab information"), _("Keytab File Name") },
+ { "bindpw", 'w', POPT_ARG_STRING, &bindpw, 0,
+ _("LDAP password"), _("password to use if not using kerberos") },
+ POPT_AUTOHELP
+ POPT_TABLEEND
};
poptContext pc;
int ret;
+ ret = init_gettext();
+ if (ret) {
+ exit(2);
+ }
+
pc = poptGetContext("ipa-join", argc, (const char **)argv, options, 0);
ret = poptGetNextOpt(pc);
if (ret != -1) {
diff --git a/ipa-client/ipa-rmkeytab.c b/ipa-client/ipa-rmkeytab.c
index 043379873..c46bb8b6c 100644
--- a/ipa-client/ipa-rmkeytab.c
+++ b/ipa-client/ipa-rmkeytab.c
@@ -25,6 +25,11 @@
#include <popt.h>
#include <errno.h>
+#include "config.h"
+#include <libintl.h>
+#define _(STRING) gettext(STRING)
+
+
int
remove_principal(krb5_context context, krb5_keytab ktid, const char *principal, int debug)
{
@@ -36,9 +41,10 @@ remove_principal(krb5_context context, krb5_keytab ktid, const char *principal,
memset(&entry, 0, sizeof(entry));
krberr = krb5_parse_name(context, principal, &entry.principal);
if (krberr) {
- fprintf(stderr, "Unable to parse principal name\n");
+ fprintf(stderr, _("Unable to parse principal name\n"));
if (debug)
- fprintf(stderr, "krb5_parse_name %d: %s\n", krberr, error_message(krberr));
+ fprintf(stderr, _("krb5_parse_name %d: %s\n"),
+ krberr, error_message(krberr));
rval = 4;
goto done;
}
@@ -47,7 +53,7 @@ remove_principal(krb5_context context, krb5_keytab ktid, const char *principal,
* irrespective of the encryption type. A failure to find one after the
* first means we're done.
*/
- fprintf(stderr, "Removing principal %s\n", principal);
+ fprintf(stderr, _("Removing principal %s\n"), principal);
while (1) {
memset(&entry2, 0, sizeof(entry2));
krberr = krb5_kt_get_entry(context, ktid,
@@ -60,23 +66,25 @@ remove_principal(krb5_context context, krb5_keytab ktid, const char *principal,
/* not found but we've removed some, we're done */
break;
if (krberr == ENOENT) {
- fprintf(stderr, "Failed to open keytab\n");
+ fprintf(stderr, _("Failed to open keytab\n"));
rval = 3;
goto done;
}
- fprintf(stderr, "principal not found\n");
+ fprintf(stderr, _("principal not found\n"));
if (debug)
- fprintf(stderr, "krb5_kt_get_entry %d: %s\n", krberr, error_message(krberr));
+ fprintf(stderr, _("krb5_kt_get_entry %d: %s\n"),
+ krberr, error_message(krberr));
rval = 5;
break;
}
krberr = krb5_kt_remove_entry(context, ktid, &entry2);
if (krberr) {
- fprintf(stderr, "Unable to remove entry\n");
+ fprintf(stderr, _("Unable to remove entry\n"));
if (debug) {
- fprintf(stdout, "kvno %d\n", entry2.vno);
- fprintf(stderr, "krb5_kt_remove_entry %d: %s\n", krberr, error_message(krberr));
+ fprintf(stdout, _("kvno %d\n"), entry2.vno);
+ fprintf(stderr, _("krb5_kt_remove_entry %d: %s\n"),
+ krberr, error_message(krberr));
}
rval = 6;
break;
@@ -108,9 +116,10 @@ remove_realm(krb5_context context, krb5_keytab ktid, const char *realm, int debu
while (krb5_kt_next_entry(context, ktid, &entry, &kt_cursor) == 0) {
krberr = krb5_unparse_name(context, entry.principal, &entry_princ_s);
if (krberr) {
- fprintf(stderr, "Unable to parse principal\n");
+ fprintf(stderr, _("Unable to parse principal\n"));
if (debug) {
- fprintf(stderr, "krb5_unparse_name %d: %s\n", krberr, error_message(krberr));
+ fprintf(stderr, _("krb5_unparse_name %d: %s\n"),
+ krberr, error_message(krberr));
}
rval = 4;
goto done;
@@ -134,6 +143,30 @@ done:
return rval;
}
+int init_gettext(void)
+{
+ char *c;
+
+ c = setlocale(LC_ALL, "");
+ if (!c) {
+ return EIO;
+ }
+
+ errno = 0;
+ c = bindtextdomain(PACKAGE, LOCALEDIR);
+ if (c == NULL) {
+ return errno;
+ }
+
+ errno = 0;
+ c = textdomain(PACKAGE);
+ if (c == NULL) {
+ return errno;
+ }
+
+ return 0;
+}
+
int
main(int argc, char **argv)
{
@@ -149,19 +182,29 @@ main(int argc, char **argv)
int debug = 0;
int ret, rval;
struct poptOption options[] = {
- { "debug", 'd', POPT_ARG_NONE, &debug, 0, "Print debugging information", "Debugging output" },
- { "principal", 'p', POPT_ARG_STRING, &principal, 0, "The principal to get a keytab for (ex: ftp/ftp.example.com@EXAMPLE.COM)", "Kerberos Service Principal Name" },
- { "keytab", 'k', POPT_ARG_STRING, &keytab, 0, "File were to store the keytab information", "Keytab File Name" },
- { "realm", 'r', POPT_ARG_STRING, &realm, 0, "Remove all principals in this realm", "Realm name" },
+ { "debug", 'd', POPT_ARG_NONE, &debug, 0,
+ _("Print debugging information"), _("Debugging output") },
+ { "principal", 'p', POPT_ARG_STRING, &principal, 0,
+ _("The principal to get a keytab for (ex: ftp/ftp.example.com@EXAMPLE.COM)"),
+ _("Kerberos Service Principal Name") },
+ { "keytab", 'k', POPT_ARG_STRING, &keytab, 0,
+ _("File were to store the keytab information"), _("Keytab File Name") },
+ { "realm", 'r', POPT_ARG_STRING, &realm, 0,
+ _("Remove all principals in this realm"), _("Realm name") },
POPT_AUTOHELP
POPT_TABLEEND
};
+ ret = init_gettext();
+ if (ret) {
+ exit(1);
+ }
+
memset(&ktid, 0, sizeof(ktid));
krberr = krb5_init_context(&context);
if (krberr) {
- fprintf(stderr, "Kerberos context initialization failed\n");
+ fprintf(stderr, _("Kerberos context initialization failed\n"));
exit(1);
}
@@ -195,7 +238,7 @@ main(int argc, char **argv)
krberr = krb5_kt_resolve(context, ktname, &ktid);
if (krberr) {
- fprintf(stderr, "Failed to open keytab '%s'\n", keytab);
+ fprintf(stderr, _("Failed to open keytab '%s'\n"), keytab);
rval = 3;
goto cleanup;
}
@@ -209,9 +252,10 @@ cleanup:
if (rval == 0 || rval > 3) {
krberr = krb5_kt_close(context, ktid);
if (krberr) {
- fprintf(stderr, "Closing keytab failed\n");
+ fprintf(stderr, _("Closing keytab failed\n"));
if (debug)
- fprintf(stderr, "krb5_kt_close %d: %s\n", krberr, error_message(krberr));
+ fprintf(stderr, _("krb5_kt_close %d: %s\n"),
+ krberr, error_message(krberr));
}
}