summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/kadmin/v5client/ChangeLog8
-rw-r--r--src/kadmin/v5client/kadmin5.M31
-rw-r--r--src/kadmin/v5client/kadmin5.c80
-rw-r--r--src/kadmin/v5client/kadmin5.h4
-rw-r--r--src/kadmin/v5client/network.c10
5 files changed, 126 insertions, 7 deletions
diff --git a/src/kadmin/v5client/ChangeLog b/src/kadmin/v5client/ChangeLog
index 4188e06b8a..792bd8193a 100644
--- a/src/kadmin/v5client/ChangeLog
+++ b/src/kadmin/v5client/ChangeLog
@@ -1,4 +1,12 @@
+Mon Jun 5 14:11:58 EDT 1995 Paul Park (pjpark@mit.edu)
+ * kadmin5.c - Add support for specifiable credentials caches and
+ ticket lifetimes.
+ * network.c - Use new krb5_adm_connect() calling sequence.
+ * kadmin5.h - Update prototypes and externals.
+ * kadmin5.M - Update description to add -c -l -d and -s flags.
+
+
Thu Jun 1 14:31:49 EDT 1995 Paul Park (pjpark@mit.edu)
* kadmin5.c: Change the default admin instance name to "kadmin"
* kadmin5.c(kadmin_list): Compare principals to each of the supplied
diff --git a/src/kadmin/v5client/kadmin5.M b/src/kadmin/v5client/kadmin5.M
index 63a5cf79c4..527cc2722b 100644
--- a/src/kadmin/v5client/kadmin5.M
+++ b/src/kadmin/v5client/kadmin5.M
@@ -32,6 +32,16 @@ kadmin5 \- administer a Kerberos principal database over the network.
.B \-p
.I principal
] [
+.B \-c
+.I ccache
+] [
+.B \-l
+.I [hours:]minutes
+] [
+.B \-d
+] [
+.B \-s
+] [
.B \-m
]
[ command ... ]
@@ -46,6 +56,17 @@ specifies the default realm.
specifies a principal name to use instead of the default
.I user
.B /kadmin@realm.
+.IP \-c
+.B ccache
+specifies a credentials cache to use instead of the default.
+.IP \-l
+.B [hours:]minutes
+specifies the lifetime for an administrative ticket, if one needs to be
+acquired.
+.IP \-d
+specifies that the credentials cache is to be deleted after use.
+.IP \-s
+specifies that the credentials cache is to be saved for further use.
.IP \-m
specifies that multiple operations will be permitted for only one entry of the
administrative principal's password.
@@ -78,6 +99,16 @@ access control list. The default administrative principal is
One command may be specified on the command line, or if no command is provided,
an interactive command loop is entered for the administrator to enter commands.
.PP
+If a credentials cache is specified with
+.I \-c
+.B ccache,
+then the default is not to delete the credentials cache. Otherwise, the
+default is to delete it. The use of the
+.I \-d
+and
+.I \-s
+flags override this default behavior.
+.PP
.SH AVAILABLE COMMANDS
The following is a list of commands and their aliases that the system
diff --git a/src/kadmin/v5client/kadmin5.c b/src/kadmin/v5client/kadmin5.c
index 5aa9fd0396..47e5b89425 100644
--- a/src/kadmin/v5client/kadmin5.c
+++ b/src/kadmin/v5client/kadmin5.c
@@ -42,11 +42,15 @@
*/
int exit_status = 0;
krb5_context kcontext;
+krb5_ccache ccache2use = (krb5_ccache) NULL;
char *programname = (char *) NULL;
char *requestname = (char *) NULL;
krb5_boolean multiple = 0;
char *principal_name = (char *) NULL;
char *password_prompt = (char *) NULL;
+char *ccname2use = (char *) NULL;
+krb5_timestamp ticket_life = 0;
+krb5_boolean delete_ccache = 0;
extern krb5_kt_ops krb5_ktf_writable_ops;
@@ -145,9 +149,12 @@ static const char *cd_usage_fmt = "usage is %s directory";
static const char *pwd_mess_fmt = "Current directory is %s\n";
static const char *pwd_err_fmt = "cannot get current directory: %s";
static const char *pwd_usage_fmt = "usage is %s";
-static const char *kadmin_usage_fmt = "usage is %s [-r realm] [-p principal] [-m] [command ...]";
+static const char *kadmin_badtime_fmt = "%s is a bad time value";
+static const char *kadmin_usage_fmt = "usage is %s [-c ccache] [-r realm] [-p principal] [-l lifetime] [-dms] [command ...]";
+static const char *kadmin_sd_err_fmt = "-d and -s are mutually exclusive";
static const char *kadmin_defrealm_msg = ": cannot get default realm";
static const char *kadmin_srealm_fmt = ": cannot set realm to \"%s\"";
+static const char *kadmin_ccache_fmt = ": cannot find credential cache %s";
static const char *kadmin_nopname_msg = ": cannot find a principal name";
static const char *kadmin_unparse_msg = ": cannot flatten principal name";
static const char *kadmin_nocomp_msg = ": no components in principal name";
@@ -1267,11 +1274,36 @@ kadmin_startup(argc, argv)
extern char *optarg;
extern int optind;
char *action = (char *) NULL;
+ krb5_boolean saveit = 0;
+ krb5_boolean delit = 0;
programname = strrchr(argv[0], (int) '/');
programname = (programname) ? programname+1 : argv[0];
- while ((option = getopt(argc, argv, "r:p:mt:")) != EOF) {
+ while ((option = getopt(argc, argv, "c:dsl:r:p:m")) != EOF) {
switch (option) {
+ case 'c':
+ ccname2use = optarg;
+ break;
+ case 'd':
+ delit = 1;
+ break;
+ case 's':
+ saveit = 1;
+ break;
+ case 'l':
+ {
+ int hours, minutes;
+
+ if (sscanf(optarg, "%d:%d", &hours, &minutes) == 2)
+ ticket_life = (hours * 3600) + (minutes * 60);
+ else if (sscanf(optarg, "%d", &minutes) == 1)
+ ticket_life = minutes * 60;
+ else {
+ com_err(argv[0], 0, kadmin_badtime_fmt, optarg);
+ exit(1);
+ }
+ }
+ break;
case 'r':
realm_name = optarg;
break;
@@ -1287,6 +1319,14 @@ kadmin_startup(argc, argv)
}
}
+ if (delit && saveit) {
+ com_err(argv[0], 0, kadmin_sd_err_fmt);
+ exit(1);
+ }
+
+ delete_ccache = (delit || saveit) ? (delit & !saveit) :
+ ((ccname2use) ? 0 : 1);
+
/* Now we do some real work */
krb5_init_context(&kcontext);
krb5_init_ets(kcontext);
@@ -1307,6 +1347,14 @@ kadmin_startup(argc, argv)
}
}
+ /* Verify ccache name if supplied. */
+ if (ccname2use) {
+ if (kret = krb5_cc_resolve(kcontext, ccname2use, &ccache2use)) {
+ com_err(argv[0], kret, kadmin_ccache_fmt, ccname2use);
+ exit(4);
+ }
+ }
+
/* If no principal name, formulate a reasonable response */
if (!principal_name) {
krb5_principal me;
@@ -1320,9 +1368,31 @@ kadmin_startup(argc, argv)
ccache = (krb5_ccache) NULL;
user = (char *) NULL;
- /* First try our default credentials cache */
- if (!(kret = krb5_cc_default(kcontext, &ccache)) &&
- !(kret = krb5_cc_get_principal(kcontext, ccache, &me))) {
+ /* First try supplied credentials cache */
+ if (ccache2use &&
+ !(kret = krb5_cc_get_principal(kcontext, ccache2use, &me))) {
+
+ /* Use our first component, if it exists. */
+ if (krb5_princ_size(kcontext, me) > 0) {
+ krb5_data *dp;
+
+ dp = krb5_princ_component(kcontext, me, 0);
+ if (user = (char *) malloc((size_t) dp->length + 1)) {
+ strncpy(user, dp->data, (size_t) dp->length);
+ user[dp->length] = '\0';
+ }
+ else {
+ kret = ENOMEM;
+ }
+ }
+ else {
+ com_err(argv[0], 0, kadmin_nocomp_msg);
+ exit(1);
+ }
+ }
+ /* Then try our default credentials cache */
+ else if (!(kret = krb5_cc_default(kcontext, &ccache)) &&
+ !(kret = krb5_cc_get_principal(kcontext, ccache, &me))) {
/* Use our first component, if it exists. */
if (krb5_princ_size(kcontext, me) > 0) {
diff --git a/src/kadmin/v5client/kadmin5.h b/src/kadmin/v5client/kadmin5.h
index 85d6a6239c..b1b52c2ee3 100644
--- a/src/kadmin/v5client/kadmin5.h
+++ b/src/kadmin/v5client/kadmin5.h
@@ -38,6 +38,10 @@ extern char *requestname;
extern krb5_boolean multiple;
extern char *principal_name;
extern char *password_prompt;
+extern char *ccname2use;
+extern krb5_ccache ccache2use;
+extern krb5_timestamp ticket_life;
+extern krb5_boolean delete_ccache;
/*
* Function prototypes.
diff --git a/src/kadmin/v5client/network.c b/src/kadmin/v5client/network.c
index 2c8b5b844f..b5c1d3ea26 100644
--- a/src/kadmin/v5client/network.c
+++ b/src/kadmin/v5client/network.c
@@ -155,13 +155,16 @@ net_connect()
if (!multiple || !server_active) {
char opassword[KRB5_ADM_MAX_PASSWORD_LEN];
+ server_ccache = (ccache2use) ? ccache2use : (krb5_ccache) NULL;
if (!(kret = server_stat = krb5_adm_connect(kcontext,
principal_name,
password_prompt,
opassword,
&server_socket,
&server_auth_context,
- &server_ccache))) {
+ &server_ccache,
+ ccname2use,
+ ticket_life))) {
server_active = 1;
memset(opassword, 0, KRB5_ADM_MAX_PASSWORD_LEN);
}
@@ -223,7 +226,10 @@ net_disconnect(force)
krb5_adm_disconnect(kcontext,
&server_socket,
server_auth_context,
- server_ccache);
+ (delete_ccache) ? server_ccache :
+ (krb5_ccache) NULL);
+ if (!delete_ccache)
+ krb5_cc_close(kcontext, server_ccache);
/* Clean up our state. */
server_socket = -1;