summaryrefslogtreecommitdiffstats
path: root/src/kadmin.new/client/kadmin.c
diff options
context:
space:
mode:
authorTom Yu <tlyu@mit.edu>1994-11-21 05:48:44 +0000
committerTom Yu <tlyu@mit.edu>1994-11-21 05:48:44 +0000
commita62f7be90d912ce2e2775153bf1e541b359ef06f (patch)
tree0cf7ad14f2a45c6b1f4e3444c99e57fa1b3a3116 /src/kadmin.new/client/kadmin.c
parent5d422fad5b7c2e6d8fd1b549b83c6164996b8b1c (diff)
complete command suite now in with most functionality
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4706 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kadmin.new/client/kadmin.c')
-rw-r--r--src/kadmin.new/client/kadmin.c416
1 files changed, 360 insertions, 56 deletions
diff --git a/src/kadmin.new/client/kadmin.c b/src/kadmin.new/client/kadmin.c
index b4782083a..f2f30b09f 100644
--- a/src/kadmin.new/client/kadmin.c
+++ b/src/kadmin.new/client/kadmin.c
@@ -70,7 +70,7 @@ static char *prflags[] = {
"REQUIRES_HW_AUTH", /* 0x00000100 */
"REQUIRES_PWCHANGE", /* 0x00000200 */
"UNKNOWN_0x00000400", /* 0x00000400 */
- "UNKNOWN_0x00000800, /* 0x00000800 */
+ "UNKNOWN_0x00000800", /* 0x00000800 */
"DISALLOW_SVR", /* 0x00001000 */
"PWCHANGE_SERVICE" /* 0x00002000 */
};
@@ -78,6 +78,7 @@ static char *prflags[] = {
char *getenv();
struct passwd *getpwuid();
int exit_status = 0;
+char *def_realm = NULL;
void usage()
{
@@ -86,23 +87,53 @@ void usage()
exit(1);
}
+/* this is a wrapper to go around krb5_parse_principal so we can set
+ the default realm up properly */
+krb5_error_code kadmin_parse_name(name, principal)
+ char *name;
+ krb5_principal *principal;
+{
+ char *cp, *fullname;
+ krb5_error_code retval;
+
+ /* assumes def_realm is initialized! */
+ fullname = (char *)malloc(strlen(name) + 1 + strlen(def_realm) + 1);
+ if (fullname == NULL)
+ return ENOMEM;
+ strcpy(fullname, name);
+ cp = strchr(fullname, '@');
+ while (cp) {
+ if (cp - fullname && *(cp - 1) != '\\')
+ break;
+ else
+ cp = strchr(cp, '@');
+ }
+ if (cp == NULL) {
+ strcat(fullname, "@");
+ strcat(fullname, def_realm);
+ }
+ retval = krb5_parse_name(fullname, principal);
+ free(fullname);
+ return retval;
+}
+
char *kadmin_startup(argc, argv)
int argc;
char *argv[];
{
extern char *optarg;
- char *realmname = NULL, *princstr = NULL, *keytab = NULL, *query = NULL;
- char *luser;
+ char *princstr = NULL, *keytab = NULL, *query = NULL;
+ char *luser, *canon, *cp;
int optchar, freeprinc = 0;
struct passwd *pw;
ovsec_kadm_ret_t retval;
krb5_ccache cc;
krb5_principal princ;
-
+
while ((optchar = getopt(argc, argv, "r:p:k:q:")) != EOF) {
switch (optchar) {
case 'r':
- realmname = optarg;
+ def_realm = optarg;
break;
case 'p':
princstr = optarg;
@@ -118,51 +149,85 @@ char *kadmin_startup(argc, argv)
usage();
}
}
+ if (def_realm == NULL && krb5_get_default_realm(&def_realm)) {
+ if (freeprinc)
+ free(princstr);
+ fprintf(stderr, "kadmin: unable to get default realm\n");
+ exit(1);
+ }
if (princstr == NULL) {
if (!krb5_cc_default(&cc) && !krb5_cc_get_principal(cc, &princ)) {
- princstr =
- (char *)malloc(krb5_princ_component(princ, 0)->length +
- 7 /* "/admin@" */ +
- krb5_princ_realm(princ)->length + 1);
+ char *realm = NULL;
+ if (krb5_unparse_name(princ, &canon)) {
+ fprintf(stderr,
+ "kadmin: unable to canonicalize principal\n");
+ krb5_free_principal(princ);
+ exit(1);
+ }
+ /* strip out realm of principal if it's there */
+ realm = strchr(canon, '@');
+ while (realm) {
+ if (realm - canon && *(realm - 1) != '\\')
+ break;
+ else
+ realm = strchr(realm, '@');
+ }
+ if (realm)
+ *realm++ = '\0';
+ cp = strchr(canon, '/');
+ while (cp) {
+ if (cp - canon && *(cp - 1) != '\\')
+ break;
+ else
+ cp = strchr(cp, '/');
+ }
+ if (cp != NULL)
+ *cp = '\0';
+ princstr = (char*)malloc(strlen(canon) + 6 /* "/admin" */ +
+ (realm ? 1 + strlen(realm) : 0) + 1);
if (princstr == NULL) {
fprintf(stderr, "kadmin: out of memory\n");
exit(1);
}
- /* XXX assuming no nulls in principal */
- strncpy(princstr, krb5_princ_component(princ, 0)->data,
- krb5_princ_component(princ, 0)->length);
- princstr[krb5_princ_component(princ, 0)->length] = '\0';
- strcat(princstr, "/admin@");
- strncat(princstr, krb5_princ_realm(princ)->data,
- krb5_princ_realm(princ)->length);
+ strcpy(princstr, canon);
+ strcat(princstr, "/admin");
+ if (realm) {
+ strcat(princstr, "@");
+ strcat(princstr, realm);
+ }
+ free(canon);
krb5_free_principal(princ);
freeprinc++;
} else if (luser = getenv("USER")) {
- princstr = malloc(strlen(luser) + 6 /* "/admin" */ + 1);
+ princstr = malloc(strlen(luser) + 7 /* "/admin@" */
+ + strlen(def_realm) + 1);
if (princstr == NULL) {
fprintf(stderr, "kadmin: out of memory\n");
exit(1);
}
strcpy(princstr, luser);
strcat(princstr, "/admin");
+ strcat(princstr, "@");
+ strcat(princstr, def_realm);
freeprinc++;
} else if (pw = getpwuid(getuid())) {
- princstr = malloc(strlen(pw->pw_name) + 6 /* "/admin" */ + 1);
+ princstr = malloc(strlen(pw->pw_name) + 7 /* "/admin@" */
+ + strlen(def_realm) + 1);
if (princstr == NULL) {
fprintf(stderr, "kadmin: out of memory\n");
exit(1);
}
strcpy(princstr, pw->pw_name);
- strcat(princstr, "/admin");
+ strcat(princstr, "/admin@");
+ strcat(princstr, def_realm);
freeprinc++;
} else {
fprintf(stderr, "kadmin: unable to figure out a principal name\n");
exit(1);
}
}
-
retval = ovsec_kadm_init(princstr, NULL, OVSEC_KADM_ADMIN_SERVICE,
- realmname);
+ def_realm);
if (freeprinc)
free(princstr);
if (retval) { /* assume kadm_init does init_ets() */
@@ -186,7 +251,7 @@ void kadmin_delprinc(argc, argv)
krb5_principal princ;
char *canon;
char reply[5];
-
+
if (argc < 2 || argc > 3) {
fprintf(stderr, "delete_principal: wrong number of arguments\n");
return;
@@ -196,7 +261,7 @@ void kadmin_delprinc(argc, argv)
fprintf(stderr, "delete_principal: bad arguments\n");
return;
}
- retval = krb5_parse_name(argv[argc - 1], &princ);
+ retval = kadmin_parse_name(argv[argc - 1], &princ);
if (retval) {
com_err("delete_principal", retval, "while parsing principal name");
return;
@@ -239,7 +304,7 @@ void kadmin_renprinc(argc, argv)
char *oldcanon, *newcanon;
char reply[5];
ovsec_kadm_ret_t retval;
-
+
if (argc < 3 || argc > 4) {
fprintf(stderr, "rename_principal: wrong number of arguments\n");
return;
@@ -249,12 +314,12 @@ void kadmin_renprinc(argc, argv)
fprintf(stderr, "rename_principal: bad arguments\n");
return;
}
- retval = krb5_parse_name(argv[argc - 2], &oldprinc);
+ retval = kadmin_parse_name(argv[argc - 2], &oldprinc);
if (retval) {
com_err("rename_principal", retval, "while parsing old principal");
return;
}
- retval = krb5_parse_name(argv[argc - 1], &newprinc);
+ retval = kadmin_parse_name(argv[argc - 1], &newprinc);
if (retval) {
krb5_free_principal(oldprinc);
com_err("rename_principal", retval, "while parsing new principal");
@@ -279,7 +344,7 @@ void kadmin_renprinc(argc, argv)
}
if (argc == 3) {
printf("Are you sure you want to rename the principal \"%s\" to \"%s\"? (yes/no): ",
- oldcanon, newacnon);
+ oldcanon, newcanon);
fgets(reply, sizeof (reply), stdin);
if (strcmp("yes\n", reply)) {
fprintf(stderr,
@@ -303,8 +368,8 @@ void kadmin_renprinc(argc, argv)
free(oldcanon);
return;
}
- fprintf("Principal \"%s\" renamed to \"%s\".\nMake sure that you have removed \"%s\" from all ACLs before reusing.\n",
- oldcanon, newcanon, newcanon);
+ printf("Principal \"%s\" renamed to \"%s\".\nMake sure that you have removed \"%s\" from all ACLs before reusing.\n",
+ oldcanon, newcanon, newcanon);
return;
}
@@ -317,12 +382,12 @@ void kadmin_cpw(argc, argv)
static char prompt1[1024], prompt2[1024];
char *canon;
krb5_principal princ;
-
+
if (argc < 2 || argc > 4) {
fprintf(stderr, "change_password: too many arguments\n");
return;
}
- retval = krb5_parse_name(argv[argc - 1], &princ);
+ retval = kadmin_parse_name(argv[argc - 1], &princ);
if (retval) {
com_err("change_password", retval, "while parsing principal name");
return;
@@ -362,7 +427,7 @@ void kadmin_cpw(argc, argv)
return;
} else if (argc == 2) {
int i = sizeof (newpw) - 1;
-
+
sprintf(prompt1, "Enter password for principal \"%.900s\": ",
argv[1]);
sprintf(prompt2,
@@ -386,7 +451,7 @@ void kadmin_cpw(argc, argv)
free(canon);
return;
}
- printf("Password for \"%s\" changed.", canon);
+ printf("Password for \"%s\" changed.\n", canon);
free(canon);
return;
}
@@ -410,7 +475,7 @@ int kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, caller)
*mask = 0;
*pass = NULL;
ftime(&now);
- for (i = 1; i < argc - 2; i++) {
+ for (i = 1; i < argc - 1; i++) {
if (strlen(argv[i]) == 7 &&
!strcmp("-expire", argv[i])) {
if (++i > argc - 2)
@@ -436,7 +501,7 @@ int kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, caller)
if (++i > argc - 2)
return -1;
else {
- oprinc->max_life = get_date(argv[i], now);
+ oprinc->max_life = get_date(argv[i], now) - now.time;
*mask |= OVSEC_KADM_MAX_LIFE;
continue;
}
@@ -472,7 +537,7 @@ int kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, caller)
if (++i > argc - 2)
return -1;
else {
- pass = argv[i];
+ *pass = argv[i];
continue;
}
}
@@ -495,17 +560,17 @@ int kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, caller)
}
}
}
+ return -1;
}
if (i != argc - 1) {
- fprintf("%s: parser lost count!\n", caller);
+ fprintf(stderr, "%s: parser lost count!\n", caller);
return -1;
}
- retval = krb5_parse_name(argv[i], &oprinc->principal);
+ retval = kadmin_parse_name(argv[i], &oprinc->principal);
if (retval) {
com_err(caller, retval, "while parsing principal");
return -1;
}
- *mask |= OVSEC_KADM_PRINCIPAL;
return 0;
}
@@ -517,21 +582,44 @@ void kadmin_addprinc(argc, argv)
u_int32 mask;
char *pass, *canon;
krb5_error_code retval;
-
+ static char newpw[1024];
+ static char prompt1[1024], prompt2[1024];
+
+ princ.attributes = 0;
if (kadmin_parse_princ_args(argc, argv,
- &princ, &mask, pass, "add_principal")) {
+ &princ, &mask, &pass, "add_principal")) {
fprintf(stderr, "add_principal: bad arguments\n");
return;
}
- retval = krb5_unparse_name(princ->principal, &canon);
+ retval = krb5_unparse_name(princ.principal, &canon);
if (retval) {
com_err("add_principal",
retval, "while canonicalizing principal");
- krb5_free_principal(princ->principal);
+ krb5_free_principal(princ.principal);
return;
}
+ if (pass == NULL) {
+ int i = sizeof (newpw) - 1;
+
+ sprintf(prompt1, "Enter password for principal \"%.900s\": ",
+ argv[1]);
+ sprintf(prompt2,
+ "Re-enter password for principal \"%.900s\": ",
+ argv[1]);
+ retval = krb5_read_password(prompt1, prompt2,
+ newpw, &i);
+ if (retval) {
+ com_err("add_principal", retval,
+ "while reading password for \"%s\".", canon);
+ free(canon);
+ krb5_free_principal(princ.principal);
+ return;
+ }
+ pass = newpw;
+ }
+ mask |= OVSEC_KADM_PRINCIPAL;
retval = ovsec_kadm_create_principal(&princ, mask, pass);
- krb5_free_principal(princ->principal);
+ krb5_free_principal(princ.principal);
if (retval) {
com_err("add_principal", retval, "while creating \"%s\".",
canon);
@@ -550,17 +638,18 @@ void kadmin_modprinc(argc, argv)
u_int32 mask;
krb5_error_code retval;
char *pass, *canon;
-
+
+ princ.attributes = 0;
if (kadmin_parse_princ_args(argc, argv,
- &princ, &mask, pass, "modify_principal")) {
+ &princ, &mask, &pass, "modify_principal")) {
fprintf(stderr, "modify_principal: bad arguments\n");
return;
}
- retval = krb5_unparse_name(princ->principal, &canon);
+ retval = krb5_unparse_name(princ.principal, &canon);
if (retval) {
com_err("modify_principal", retval,
"while canonicalizing principal");
- krb5_free_principal(princ->principal);
+ krb5_free_principal(princ.principal);
return;
}
retval = ovsec_kadm_modify_principal(&princ, mask);
@@ -580,17 +669,17 @@ void kadmin_getprinc(argc, argv)
krb5_error_code retval;
char *canon, *modcanon;
int i;
-
+
if (argc < 2 || argc > 3) {
fprintf(stderr, "get_principal: wrong number of arguments\n");
return;
}
if (argc == 3 &&
- (strlen(argv[1]) == 6 ? !strcmp("-terse", argv[1]) : 1)) {
+ (strlen(argv[1]) == 6 ? strcmp("-terse", argv[1]) : 1)) {
fprintf(stderr, "get_principal: bad arguments\n");
return;
}
- retval = krb5_parse_name(argv[argc - 1], &princ);
+ retval = kadmin_parse_name(argv[argc - 1], &princ);
if (retval) {
com_err("get_principal", retval, "while parsing principal");
return;
@@ -606,15 +695,13 @@ void kadmin_getprinc(argc, argv)
if (retval) {
com_err("get_principal", retval, "while retrieving \"%s\".", canon);
free(canon);
- krb5_free_principal(princ);
return;
}
- retval = krb5_unparse_name(princ->mod_name, &modcanon);
+ retval = krb5_unparse_name(dprinc->mod_name, &modcanon);
if (retval) {
com_err("get_principal", retval, "while unparsing modname");
ovsec_kadm_free_principal_ent(dprinc);
free(canon);
- krb5_free_principal(princ);
return;
}
if (argc == 2) {
@@ -628,7 +715,7 @@ void kadmin_getprinc(argc, argv)
printf("Attributes: ");
for (i = 0; i < sizeof (prflags) / sizeof (char *); i++) {
if (dprinc->attributes & (krb5_flags) 1 << i)
- printf("%s%s", i ? ", " : "", prflags[i]);
+ printf(" %s", prflags[i]);
}
printf("\n");
printf("Key version: %d\n", dprinc->kvno);
@@ -644,5 +731,222 @@ void kadmin_getprinc(argc, argv)
free(modcanon);
ovsec_kadm_free_principal_ent(dprinc);
free(canon);
- krb5_free_principal(princ);
+}
+
+int kadmin_parse_policy_args(argc, argv, policy, mask, caller)
+ int argc;
+ char *argv[];
+ ovsec_kadm_policy_ent_t policy;
+ u_int32 *mask;
+ char *caller;
+{
+ int i;
+ struct timeb now;
+ krb5_error_code retval;
+
+ ftime(&now);
+ *mask = 0;
+ for (i = 1; i < argc - 1; i++) {
+ if (strlen(argv[i]) == 8 &&
+ !strcmp(argv[i], "-maxlife")) {
+ if (++i > argc -2)
+ return -1;
+ else {
+ policy->pw_max_life = get_date(argv[i], now) - now.time;
+ *mask |= OVSEC_KADM_PW_MAX_LIFE;
+ continue;
+ }
+ } else if (strlen(argv[i]) == 8 &&
+ !strcmp(argv[i], "-minlife")) {
+ if (++i > argc - 2)
+ return -1;
+ else {
+ policy->pw_min_life = get_date(argv[i], now) - now.time;
+ *mask |= OVSEC_KADM_PW_MIN_LIFE;
+ continue;
+ }
+ } else if (strlen(argv[i]) == 10 &&
+ !strcmp(argv[i], "-minlength")) {
+ if (++i > argc - 2)
+ return -1;
+ else {
+ policy->pw_min_length = atoi(argv[i]);
+ *mask |= OVSEC_KADM_PW_MIN_LENGTH;
+ continue;
+ }
+ } else if (strlen(argv[i]) == 11 &&
+ !strcmp(argv[i], "-minclasses")) {
+ if (++i > argc - 2)
+ return -1;
+ else {
+ policy->pw_min_classes = atoi(argv[i]);
+ *mask |= OVSEC_KADM_PW_MIN_CLASSES;
+ continue;
+ }
+ } else if (strlen(argv[i]) == 8 &&
+ !strcmp(argv[i], "-history")) {
+ if (++i > argc - 2)
+ return -1;
+ else {
+ policy->pw_history_num = atoi(argv[i]);
+ *mask |= OVSEC_KADM_PW_HISTORY_NUM;
+ continue;
+ }
+ } else
+ return -1;
+ }
+ if (i != argc -1) {
+ fprintf(stderr, "%s: parser lost count!\n", caller);
+ return -1;
+ } else
+ return 0;
+}
+
+void kadmin_addpol(argc, argv)
+ int argc;
+ char *argv[];
+{
+ krb5_error_code retval;
+ u_int32 mask;
+ ovsec_kadm_policy_ent_rec policy;
+
+ if (kadmin_parse_policy_args(argc, argv, &policy, &mask, "add_policy")) {
+ fprintf(stderr, "add_policy: bad arguments\n");
+ return;
+ } else {
+ policy.policy = argv[argc - 1];
+ mask |= OVSEC_KADM_POLICY;
+ retval = ovsec_kadm_create_policy(&policy, mask);
+ if (retval) {
+ com_err("add_policy", retval, "while creating policy \"%s\".",
+ policy.policy);
+ return;
+ }
+ }
+ return;
+}
+
+void kadmin_modpol(argc, argv)
+ int argc;
+ char *argv[];
+{
+ krb5_error_code retval;
+ u_int32 mask;
+ ovsec_kadm_policy_ent_rec policy;
+
+ if (kadmin_parse_policy_args(argc, argv, &policy, &mask,
+ "modify_policy")) {
+ fprintf(stderr, "modify_policy: bad arguments\n");
+ return;
+ } else {
+ policy.policy = argv[argc - 1];
+ retval = ovsec_kadm_modify_policy(&policy, mask);
+ if (retval) {
+ com_err("modify_policy", retval, "while modifying policy \"%s\".",
+ policy.policy);
+ return;
+ }
+ }
+ return;
+}
+
+void kadmin_delpol(argc, argv)
+ int argc;
+ char *argv[];
+{
+ krb5_error_code retval;
+ char reply[5];
+
+ if (argc < 2 || argc > 3) {
+ fprintf(stderr, "delete_policy: wrong number of arguments\n");
+ return;
+ }
+ if (argc == 3 &&
+ (strlen(argv[1]) == 6 ? strcmp("-force", argv[1]) : 1)) {
+ fprintf(stderr, "delete_policy: bad arguments\n");
+ return;
+ }
+ if (argc == 2) {
+ printf("Are you sure you want to delete the policy \"%s\"? (yes/no): ", argv[1]);
+ fgets(reply, sizeof (reply), stdin);
+ if (strcmp("yes\n", reply)) {
+ fprintf(stderr, "Policy \"%s\" not deleted.\n", argv[1]);
+ return;
+ }
+ }
+ retval = ovsec_kadm_delete_policy(argv[argc - 1]);
+ if (retval) {
+ com_err("delete_policy:", retval, "while deleting policy \"%s\"",
+ argv[argc - 1]);
+ return;
+ }
+ return;
+}
+
+void kadmin_getpol(argc, argv)
+ int argc;
+ char *argv[];
+{
+ krb5_error_code retval;
+ ovsec_kadm_policy_ent_t policy;
+
+ if (argc < 2 || argc > 3) {
+ fprintf(stderr, "get_policy: wrong number of arguments\n");
+ return;
+ }
+ if (argc == 3 &&
+ (strlen(argv[1]) == 6 ? strcmp("-terse", argv[1]) : 1)) {
+ fprintf(stderr, "get_policy: bad arguments\n");
+ return;
+ }
+ retval = ovsec_kadm_get_policy(argv[argc - 1], &policy);
+ if (retval) {
+ com_err("get_policy", retval, "while retrieving policy \"%s\".",
+ argv[argc - 1]);
+ return;
+ }
+ if (argc == 2) {
+ printf("Policy: %s\n", policy->policy);
+ printf("Maximum password life: %d\n", policy->pw_max_life);
+ printf("Minimum password life: %d\n", policy->pw_min_life);
+ printf("Minimum password length: %d\n", policy->pw_min_length);
+ printf("Minimum number of password character classes: %d\n",
+ policy->pw_min_classes);
+ printf("Number of old keys kept: %d\n", policy->pw_history_num);
+ printf("Reference count: %d\n", policy->policy_refcnt);
+ } else {
+ printf("\"%s\"\t%d\t%d\t%d\t%d\t%d\t%d\n",
+ policy->policy, policy->pw_max_life, policy->pw_min_life,
+ policy->pw_min_length, policy->pw_min_classes,
+ policy->pw_history_num, policy->policy_refcnt);
+ }
+ ovsec_kadm_free_policy_ent(policy);
+ return;
+}
+
+kadmin_getprivs(argc, argv)
+ int argc;
+ char *argv[];
+{
+ static char *privs[] = {"GET", "ADD", "MODIFY", "DELETE"};
+ krb5_error_code retval;
+ int i;
+ u_int32 plist;
+
+ if (argc != 1) {
+ fprintf(stderr, "get_privs: bad arguments\n");
+ return;
+ }
+ retval = ovsec_kadm_get_privs(&plist);
+ if (retval) {
+ com_err("get_privs", retval, "while retrieving privileges");
+ return;
+ }
+ printf("current privileges:");
+ for (i = 0; i < sizeof (privs) / sizeof (char *); i++) {
+ if (plist & 1 << i)
+ printf(" %s", privs[i]);
+ }
+ printf("\n");
+ return;
}
generated by cgit (git 2.34.1) at 2026-03-30 12:21:20 +0000