Add support for specifiable ccache and lifetime for admin principal

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5946 dc483132-0cff-0310-8789-dd5450dbe970
author: Paul Park <pjpark@mit.edu> 1995-06-05 18:26:36 +0000
committer: Paul Park <pjpark@mit.edu> 1995-06-05 18:26:36 +0000
commit: 7c5b0c7ac67d9df2b230f8888f542c1db30fb647 (patch)
tree: fb1c918d886f6d14ce54f003f2bf726ae288ad9d /src
parent: 89d551b9283a5830709eda919affc3432d1d180e (diff)
download: krb5-7c5b0c7ac67d9df2b230f8888f542c1db30fb647.tar.gz
krb5-7c5b0c7ac67d9df2b230f8888f542c1db30fb647.tar.xz
krb5-7c5b0c7ac67d9df2b230f8888f542c1db30fb647.zip
5 files changed, 126 insertions, 7 deletions
diff --git a/src/kadmin/v5client/ChangeLog b/src/kadmin/v5client/ChangeLog
index 4188e06b8a..792bd8193a 100644
--- a/src/kadmin/v5client/ChangeLog
+++ b/src/kadmin/v5client/ChangeLog
@@ -1,4 +1,12 @@
 
+Mon Jun 5 14:11:58 EDT 1995	Paul Park	(pjpark@mit.edu)
+	* kadmin5.c - Add support for specifiable credentials caches and
+		ticket lifetimes.
+	* network.c - Use new krb5_adm_connect() calling sequence.
+	* kadmin5.h - Update prototypes and externals.
+	* kadmin5.M - Update description to add -c -l -d and -s flags.
+
+
 Thu Jun 1 14:31:49 EDT 1995	Paul Park	(pjpark@mit.edu)
 	* kadmin5.c: Change the default admin instance name to "kadmin"
 	* kadmin5.c(kadmin_list): Compare principals to each of the supplied
diff --git a/src/kadmin/v5client/kadmin5.M b/src/kadmin/v5client/kadmin5.M
index 63a5cf79c4..527cc2722b 100644
--- a/src/kadmin/v5client/kadmin5.M
+++ b/src/kadmin/v5client/kadmin5.M
@@ -32,6 +32,16 @@ kadmin5 \- administer a Kerberos principal database over the network.
 .B \-p
 .I principal
 ] [
+.B \-c
+.I ccache
+] [
+.B \-l
+.I [hours:]minutes
+] [
+.B \-d
+] [
+.B \-s
+] [
 .B \-m
 ]
 [ command ... ]
@@ -46,6 +56,17 @@ specifies the default realm.
 specifies a principal name to use instead of the default 
 .I user
 .B /kadmin@realm.
+.IP \-c
+.B ccache
+specifies a credentials cache to use instead of the default.
+.IP \-l
+.B [hours:]minutes
+specifies the lifetime for an administrative ticket, if one needs to be
+acquired.
+.IP \-d
+specifies that the credentials cache is to be deleted after use.
+.IP \-s
+specifies that the credentials cache is to be saved for further use.
 .IP \-m
 specifies that multiple operations will be permitted for only one entry of the
 administrative principal's password.
@@ -78,6 +99,16 @@ access control list.  The default administrative principal is
 One command may be specified on the command line, or if no command is provided,
 an interactive command loop is entered for the administrator to enter commands.
 .PP
+If a credentials cache is specified with
+.I \-c
+.B ccache,
+then the default is not to delete the credentials cache.  Otherwise, the
+default is to delete it.  The use of the
+.I \-d
+and
+.I \-s
+flags override this default behavior.
+.PP
 .SH AVAILABLE COMMANDS
 
 The following is a list of commands and their aliases that the system
diff --git a/src/kadmin/v5client/kadmin5.c b/src/kadmin/v5client/kadmin5.c
index 5aa9fd0396..47e5b89425 100644
--- a/src/kadmin/v5client/kadmin5.c
+++ b/src/kadmin/v5client/kadmin5.c
@@ -42,11 +42,15 @@
  */
 int		exit_status = 0;
 krb5_context	kcontext;
+krb5_ccache	ccache2use = (krb5_ccache) NULL;
 char		*programname = (char *) NULL;
 char		*requestname = (char *) NULL;
 krb5_boolean	multiple = 0;
 char 		*principal_name = (char *) NULL;
 char		*password_prompt = (char *) NULL;
+char		*ccname2use = (char *) NULL;
+krb5_timestamp	ticket_life = 0;
+krb5_boolean	delete_ccache = 0;
 
 extern krb5_kt_ops krb5_ktf_writable_ops;
 
@@ -145,9 +149,12 @@ static const char *cd_usage_fmt		= "usage is %s directory";
 static const char *pwd_mess_fmt		= "Current directory is %s\n";
 static const char *pwd_err_fmt		= "cannot get current directory: %s";
 static const char *pwd_usage_fmt	= "usage is %s";
-static const char *kadmin_usage_fmt	= "usage is %s [-r realm] [-p principal] [-m] [command ...]";
+static const char *kadmin_badtime_fmt	= "%s is a bad time value";
+static const char *kadmin_usage_fmt	= "usage is %s [-c ccache] [-r realm] [-p principal] [-l lifetime] [-dms] [command ...]";
+static const char *kadmin_sd_err_fmt	= "-d and -s are mutually exclusive";
 static const char *kadmin_defrealm_msg	= ": cannot get default realm";
 static const char *kadmin_srealm_fmt	= ": cannot set realm to \"%s\"";
+static const char *kadmin_ccache_fmt	= ": cannot find credential cache %s";
 static const char *kadmin_nopname_msg	= ": cannot find a principal name";
 static const char *kadmin_unparse_msg	= ": cannot flatten principal name";
 static const char *kadmin_nocomp_msg	= ": no components in principal name";
@@ -1267,11 +1274,36 @@ kadmin_startup(argc, argv)
     extern char		*optarg;
     extern int		optind;
     char 		*action = (char *) NULL;
+    krb5_boolean	saveit = 0;
+    krb5_boolean	delit = 0;
 
     programname = strrchr(argv[0], (int) '/');
     programname = (programname) ? programname+1 : argv[0];
-    while ((option = getopt(argc, argv, "r:p:mt:")) != EOF) {
+    while ((option = getopt(argc, argv, "c:dsl:r:p:m")) != EOF) {
 	switch (option) {
+	case 'c':
+	    ccname2use = optarg;
+	    break;
+	case 'd':
+	    delit = 1;
+	    break;
+	case 's':
+	    saveit = 1;
+	    break;
+	case 'l':
+	    {
+		int hours, minutes;
+
+		if (sscanf(optarg, "%d:%d", &hours, &minutes) == 2)
+		    ticket_life = (hours * 3600) + (minutes * 60);
+		else if (sscanf(optarg, "%d", &minutes) == 1)
+		    ticket_life = minutes * 60;
+		else {
+		    com_err(argv[0], 0, kadmin_badtime_fmt, optarg);
+		    exit(1);
+		}
+	    }
+	    break;
 	case 'r':
 	    realm_name = optarg;
 	    break;
@@ -1287,6 +1319,14 @@ kadmin_startup(argc, argv)
 	}
     }
 
+    if (delit && saveit) {
+	com_err(argv[0], 0, kadmin_sd_err_fmt);
+	exit(1);
+    }
+
+    delete_ccache = (delit || saveit) ? (delit & !saveit) :
+	((ccname2use) ? 0 : 1);
+
     /* Now we do some real work */
     krb5_init_context(&kcontext);
     krb5_init_ets(kcontext);
@@ -1307,6 +1347,14 @@ kadmin_startup(argc, argv)
 	}
     }
 
+    /* Verify ccache name if supplied. */
+    if (ccname2use) {
+	if (kret = krb5_cc_resolve(kcontext, ccname2use, &ccache2use)) {
+	    com_err(argv[0], kret, kadmin_ccache_fmt, ccname2use);
+	    exit(4);
+	}
+    }
+
     /* If no principal name, formulate a reasonable response */
     if (!principal_name) {
 	krb5_principal	me;
@@ -1320,9 +1368,31 @@ kadmin_startup(argc, argv)
 	ccache = (krb5_ccache) NULL;
 	user = (char *) NULL;
 
-	/* First try our default credentials cache */
-	if (!(kret = krb5_cc_default(kcontext, &ccache)) &&
-	    !(kret = krb5_cc_get_principal(kcontext, ccache, &me))) {
+	/* First try supplied credentials cache */
+	if (ccache2use && 
+	    !(kret = krb5_cc_get_principal(kcontext, ccache2use, &me))) {
+
+	    /* Use our first component, if it exists. */
+	    if (krb5_princ_size(kcontext, me) > 0) {
+		krb5_data	*dp;
+
+		dp = krb5_princ_component(kcontext, me, 0);
+		if (user = (char *) malloc((size_t) dp->length + 1)) {
+		    strncpy(user, dp->data, (size_t) dp->length);
+		    user[dp->length] = '\0';
+		}
+		else {
+		    kret = ENOMEM;
+		}
+	    }
+	    else {
+		com_err(argv[0], 0, kadmin_nocomp_msg);
+		exit(1);
+	    }
+	}
+	/* Then try our default credentials cache */
+	else if (!(kret = krb5_cc_default(kcontext, &ccache)) &&
+		 !(kret = krb5_cc_get_principal(kcontext, ccache, &me))) {
 
 	    /* Use our first component, if it exists. */
 	    if (krb5_princ_size(kcontext, me) > 0) {
diff --git a/src/kadmin/v5client/kadmin5.h b/src/kadmin/v5client/kadmin5.h
index 85d6a6239c..b1b52c2ee3 100644
--- a/src/kadmin/v5client/kadmin5.h
+++ b/src/kadmin/v5client/kadmin5.h
@@ -38,6 +38,10 @@ extern char		*requestname;
 extern krb5_boolean	multiple;
 extern char		*principal_name;
 extern char		*password_prompt;
+extern char		*ccname2use;
+extern krb5_ccache	ccache2use;
+extern krb5_timestamp	ticket_life;
+extern krb5_boolean	delete_ccache;
 
 /*
  * Function prototypes.
diff --git a/src/kadmin/v5client/network.c b/src/kadmin/v5client/network.c
index 2c8b5b844f..b5c1d3ea26 100644
--- a/src/kadmin/v5client/network.c
+++ b/src/kadmin/v5client/network.c
@@ -155,13 +155,16 @@ net_connect()
     if (!multiple || !server_active) {
 	char opassword[KRB5_ADM_MAX_PASSWORD_LEN];
 
+	server_ccache = (ccache2use) ? ccache2use : (krb5_ccache) NULL;
 	if (!(kret = server_stat = krb5_adm_connect(kcontext,
 						    principal_name,
 						    password_prompt,
 						    opassword,
 						    &server_socket,
 						    &server_auth_context,
-						    &server_ccache))) {
+						    &server_ccache,
+						    ccname2use,
+						    ticket_life))) {
 	    server_active = 1;
 	    memset(opassword, 0, KRB5_ADM_MAX_PASSWORD_LEN);
 	}
@@ -223,7 +226,10 @@ net_disconnect(force)
 	    krb5_adm_disconnect(kcontext,
 				&server_socket,
 				server_auth_context,
-				server_ccache);
+				(delete_ccache) ? server_ccache :
+					(krb5_ccache) NULL);
+	    if (!delete_ccache)
+		krb5_cc_close(kcontext, server_ccache);
 
 	    /* Clean up our state. */
 	    server_socket = -1;
author	Paul Park <pjpark@mit.edu>	1995-06-05 18:26:36 +0000
committer	Paul Park <pjpark@mit.edu>	1995-06-05 18:26:36 +0000
commit	7c5b0c7ac67d9df2b230f8888f542c1db30fb647 (patch)
tree	fb1c918d886f6d14ce54f003f2bf726ae288ad9d /src
parent	89d551b9283a5830709eda919affc3432d1d180e (diff)
download	krb5-7c5b0c7ac67d9df2b230f8888f542c1db30fb647.tar.gz krb5-7c5b0c7ac67d9df2b230f8888f542c1db30fb647.tar.xz krb5-7c5b0c7ac67d9df2b230f8888f542c1db30fb647.zip