PageRenderTime 36ms CodeModel.GetById 14ms app.highlight 18ms RepoModel.GetById 1ms app.codeStats 0ms

/crypto/heimdal/kadmin/kadmin.c

https://bitbucket.org/freebsd/freebsd-head/
C | 286 lines | 216 code | 33 blank | 37 comment | 45 complexity | 2ed3332364cae5a0e1d14f92ff1697c9 MD5 | raw file
  1/*
  2 * Copyright (c) 1997 - 2004 Kungliga Tekniska Hรถgskolan
  3 * (Royal Institute of Technology, Stockholm, Sweden).
  4 * All rights reserved.
  5 *
  6 * Redistribution and use in source and binary forms, with or without
  7 * modification, are permitted provided that the following conditions
  8 * are met:
  9 *
 10 * 1. Redistributions of source code must retain the above copyright
 11 *    notice, this list of conditions and the following disclaimer.
 12 *
 13 * 2. Redistributions in binary form must reproduce the above copyright
 14 *    notice, this list of conditions and the following disclaimer in the
 15 *    documentation and/or other materials provided with the distribution.
 16 *
 17 * 3. Neither the name of the Institute nor the names of its contributors
 18 *    may be used to endorse or promote products derived from this software
 19 *    without specific prior written permission.
 20 *
 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 31 * SUCH DAMAGE.
 32 */
 33
 34#include "kadmin_locl.h"
 35#include "kadmin-commands.h"
 36#include <sl.h>
 37
 38static char *config_file;
 39static char *keyfile;
 40int local_flag;
 41static int ad_flag;
 42static int help_flag;
 43static int version_flag;
 44static char *realm;
 45static char *admin_server;
 46static int server_port = 0;
 47static char *client_name;
 48static char *keytab;
 49static char *check_library  = NULL;
 50static char *check_function = NULL;
 51static getarg_strings policy_libraries = { 0, NULL };
 52
 53static struct getargs args[] = {
 54    {	"principal", 	'p',	arg_string,	&client_name,
 55	"principal to authenticate as", NULL },
 56    {   "keytab",	'K',	arg_string,	&keytab,
 57   	"keytab for authentication principal", NULL },
 58    {
 59	"config-file",	'c',	arg_string,	&config_file,
 60	"location of config file",	"file"
 61    },
 62    {
 63	"key-file",	'k',	arg_string, &keyfile,
 64	"location of master key file", "file"
 65    },
 66    {
 67	"realm",	'r',	arg_string,   &realm,
 68	"realm to use", "realm"
 69    },
 70    {
 71	"admin-server",	'a',	arg_string,   &admin_server,
 72	"server to contact", "host"
 73    },
 74    {
 75	"server-port",	's',	arg_integer,   &server_port,
 76	"port to use", "port number"
 77    },
 78    {	"ad", 		0, arg_flag, &ad_flag, "active directory admin mode",
 79	NULL },
 80#ifdef HAVE_DLOPEN
 81    { "check-library", 0, arg_string, &check_library,
 82      "library to load password check function from", "library" },
 83    { "check-function", 0, arg_string, &check_function,
 84      "password check function to load", "function" },
 85    { "policy-libraries", 0, arg_strings, &policy_libraries,
 86      "password check function to load", "function" },
 87#endif
 88    {	"local", 'l', arg_flag, &local_flag, "local admin mode", NULL },
 89    {	"help",		'h',	arg_flag,   &help_flag, NULL, NULL },
 90    {	"version",	'v',	arg_flag,   &version_flag, NULL, NULL }
 91};
 92
 93static int num_args = sizeof(args) / sizeof(args[0]);
 94
 95
 96krb5_context context;
 97void *kadm_handle;
 98
 99int
100help(void *opt, int argc, char **argv)
101{
102    sl_slc_help(commands, argc, argv);
103    return 0;
104}
105
106static int exit_seen = 0;
107
108int
109exit_kadmin (void *opt, int argc, char **argv)
110{
111    exit_seen = 1;
112    return 0;
113}
114
115static void
116usage(int ret)
117{
118    arg_printusage (args, num_args, NULL, "[command]");
119    exit (ret);
120}
121
122int
123get_privs(void *opt, int argc, char **argv)
124{
125    uint32_t privs;
126    char str[128];
127    kadm5_ret_t ret;
128
129    ret = kadm5_get_privs(kadm_handle, &privs);
130    if(ret)
131	krb5_warn(context, ret, "kadm5_get_privs");
132    else{
133	ret =_kadm5_privs_to_string(privs, str, sizeof(str));
134	if (ret == 0)
135	    printf("%s\n", str);
136	else
137	    printf("privs: 0x%x\n", (unsigned int)privs);
138    }
139    return 0;
140}
141
142int
143main(int argc, char **argv)
144{
145    krb5_error_code ret;
146    char **files;
147    kadm5_config_params conf;
148    int optidx = 0;
149    int exit_status = 0;
150
151    setprogname(argv[0]);
152
153    ret = krb5_init_context(&context);
154    if (ret)
155	errx (1, "krb5_init_context failed: %d", ret);
156
157    if(getarg(args, num_args, argc, argv, &optidx))
158	usage(1);
159
160    if (help_flag)
161	usage (0);
162
163    if (version_flag) {
164	print_version(NULL);
165	exit(0);
166    }
167
168    argc -= optidx;
169    argv += optidx;
170
171    if (config_file == NULL) {
172	asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
173	if (config_file == NULL)
174	    errx(1, "out of memory");
175    }
176
177    ret = krb5_prepend_config_files_default(config_file, &files);
178    if (ret)
179	krb5_err(context, 1, ret, "getting configuration files");
180
181    ret = krb5_set_config_files(context, files);
182    krb5_free_config_files(files);
183    if(ret)
184	krb5_err(context, 1, ret, "reading configuration files");
185
186    memset(&conf, 0, sizeof(conf));
187    if(realm) {
188	krb5_set_default_realm(context, realm); /* XXX should be fixed
189						   some other way */
190	conf.realm = realm;
191	conf.mask |= KADM5_CONFIG_REALM;
192    }
193
194    if (admin_server) {
195	conf.admin_server = admin_server;
196	conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
197    }
198
199    if (server_port) {
200	conf.kadmind_port = htons(server_port);
201	conf.mask |= KADM5_CONFIG_KADMIND_PORT;
202    }
203
204    if (keyfile) {
205	conf.stash_file = keyfile;
206	conf.mask |= KADM5_CONFIG_STASH_FILE;
207    }
208
209    if(local_flag) {
210	int i;
211
212	kadm5_setup_passwd_quality_check (context,
213					  check_library, check_function);
214
215	for (i = 0; i < policy_libraries.num_strings; i++) {
216	    ret = kadm5_add_passwd_quality_verifier(context,
217						    policy_libraries.strings[i]);
218	    if (ret)
219		krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
220	}
221	ret = kadm5_add_passwd_quality_verifier(context, NULL);
222	if (ret)
223	    krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
224
225	ret = kadm5_s_init_with_password_ctx(context,
226					     KADM5_ADMIN_SERVICE,
227					     NULL,
228					     KADM5_ADMIN_SERVICE,
229					     &conf, 0, 0,
230					     &kadm_handle);
231    } else if (ad_flag) {
232	if (client_name == NULL)
233	    krb5_errx(context, 1, "keytab mode require principal name");
234	ret = kadm5_ad_init_with_password_ctx(context,
235					      client_name,
236					      NULL,
237					      KADM5_ADMIN_SERVICE,
238					      &conf, 0, 0,
239					      &kadm_handle);
240    } else if (keytab) {
241	if (client_name == NULL)
242	    krb5_errx(context, 1, "keytab mode require principal name");
243        ret = kadm5_c_init_with_skey_ctx(context,
244					 client_name,
245					 keytab,
246					 KADM5_ADMIN_SERVICE,
247                                         &conf, 0, 0,
248                                         &kadm_handle);
249    } else
250	ret = kadm5_c_init_with_password_ctx(context,
251					     client_name,
252					     NULL,
253					     KADM5_ADMIN_SERVICE,
254					     &conf, 0, 0,
255					     &kadm_handle);
256
257    if(ret)
258	krb5_err(context, 1, ret, "kadm5_init_with_password");
259
260    signal(SIGINT, SIG_IGN); /* ignore signals for now, the sl command
261                                parser will handle SIGINT its own way;
262                                we should really take care of this in
263                                each function, f.i `get' might be
264                                interruptable, but not `create' */
265    if (argc != 0) {
266	ret = sl_command (commands, argc, argv);
267	if(ret == -1)
268	    krb5_warnx (context, "unrecognized command: %s", argv[0]);
269	else if (ret == -2)
270	    ret = 0;
271	if(ret != 0)
272	    exit_status = 1;
273    } else {
274	while(!exit_seen) {
275	    ret = sl_command_loop(commands, "kadmin> ", NULL);
276	    if (ret == -2)
277		exit_seen = 1;
278	    else if (ret != 0)
279		exit_status = 1;
280	}
281    }
282
283    kadm5_destroy(kadm_handle);
284    krb5_free_context(context);
285    return exit_status;
286}