xref: /netbsd-src/crypto/external/bsd/heimdal/dist/kadmin/kadmin.c (revision d3273b5b76f5afaafe308cead5511dbb8df8c5e9) 
1 /*	$NetBSD: kadmin.c,v 1.2 2017/01/28 21:31:44 christos Exp $	*/
2 
3 /*
4  * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
5  * (Royal Institute of Technology, Stockholm, Sweden).
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * 3. Neither the name of the Institute nor the names of its contributors
20  *    may be used to endorse or promote products derived from this software
21  *    without specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33  * SUCH DAMAGE.
34  */
35 
36 #include "kadmin_locl.h"
37 #include "kadmin-commands.h"
38 #include <krb5/sl.h>
39 
40 static char *config_file;
41 static char *keyfile;
42 int local_flag;
43 static int ad_flag;
44 static int help_flag;
45 static int version_flag;
46 static char *realm;
47 static char *admin_server;
48 static int server_port = 0;
49 static char *client_name;
50 static char *keytab;
51 static char *check_library  = NULL;
52 static char *check_function = NULL;
53 static getarg_strings policy_libraries = { 0, NULL };
54 
55 static struct getargs args[] = {
56     {	"principal", 	'p',	arg_string,	&client_name,
57 	"principal to authenticate as", NULL },
58     {   "keytab",	'K',	arg_string,	&keytab,
59    	"keytab for authentication principal", NULL },
60     {
61 	"config-file",	'c',	arg_string,	&config_file,
62 	"location of config file",	"file"
63     },
64     {
65 	"key-file",	'k',	arg_string, &keyfile,
66 	"location of master key file", "file"
67     },
68     {
69 	"realm",	'r',	arg_string,   &realm,
70 	"realm to use", "realm"
71     },
72     {
73 	"admin-server",	'a',	arg_string,   &admin_server,
74 	"server to contact", "host"
75     },
76     {
77 	"server-port",	's',	arg_integer,   &server_port,
78 	"port to use", "port number"
79     },
80     {	"ad", 		0, arg_flag, &ad_flag, "active directory admin mode",
81 	NULL },
82 #ifdef HAVE_DLOPEN
83     { "check-library", 0, arg_string, &check_library,
84       "library to load password check function from", "library" },
85     { "check-function", 0, arg_string, &check_function,
86       "password check function to load", "function" },
87     { "policy-libraries", 0, arg_strings, &policy_libraries,
88       "password check function to load", "function" },
89 #endif
90     {	"local", 'l', arg_flag, &local_flag, "local admin mode", NULL },
91     {	"help",		'h',	arg_flag,   &help_flag, NULL, NULL },
92     {	"version",	'v',	arg_flag,   &version_flag, NULL, NULL }
93 };
94 
95 static int num_args = sizeof(args) / sizeof(args[0]);
96 
97 
98 krb5_context context;
99 void *kadm_handle;
100 
101 int
help(void * opt,int argc,char ** argv)102 help(void *opt, int argc, char **argv)
103 {
104     sl_slc_help(commands, argc, argv);
105     return 0;
106 }
107 
108 static int exit_seen = 0;
109 
110 int
exit_kadmin(void * opt,int argc,char ** argv)111 exit_kadmin (void *opt, int argc, char **argv)
112 {
113     exit_seen = 1;
114     return 0;
115 }
116 
117 int
lock(void * opt,int argc,char ** argv)118 lock(void *opt, int argc, char **argv)
119 {
120     return kadm5_lock(kadm_handle);
121 }
122 
123 int
unlock(void * opt,int argc,char ** argv)124 unlock(void *opt, int argc, char **argv)
125 {
126     return kadm5_unlock(kadm_handle);
127 }
128 
129 static void
usage(int ret)130 usage(int ret)
131 {
132     arg_printusage (args, num_args, NULL, "[command]");
133     exit (ret);
134 }
135 
136 int
get_privs(void * opt,int argc,char ** argv)137 get_privs(void *opt, int argc, char **argv)
138 {
139     uint32_t privs;
140     char str[128];
141     kadm5_ret_t ret;
142 
143     ret = kadm5_get_privs(kadm_handle, &privs);
144     if(ret)
145 	krb5_warn(context, ret, "kadm5_get_privs");
146     else{
147 	ret =_kadm5_privs_to_string(privs, str, sizeof(str));
148 	if (ret == 0)
149 	    printf("%s\n", str);
150 	else
151 	    printf("privs: 0x%x\n", (unsigned int)privs);
152     }
153     return 0;
154 }
155 
156 int
main(int argc,char ** argv)157 main(int argc, char **argv)
158 {
159     krb5_error_code ret;
160     char **files;
161     kadm5_config_params conf;
162     int optidx = 0;
163     int exit_status = 0;
164     int aret;
165 
166     setprogname(argv[0]);
167 
168     ret = krb5_init_context(&context);
169     if (ret)
170 	errx (1, "krb5_init_context failed: %d", ret);
171 
172     if(getarg(args, num_args, argc, argv, &optidx))
173 	usage(1);
174 
175     if (help_flag)
176 	usage (0);
177 
178     if (version_flag) {
179 	print_version(NULL);
180 	exit(0);
181     }
182 
183     argc -= optidx;
184     argv += optidx;
185 
186     if (config_file == NULL) {
187 	aret = asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
188 	if (aret == -1)
189 	    errx(1, "out of memory");
190     }
191 
192     ret = krb5_prepend_config_files_default(config_file, &files);
193     if (ret)
194 	krb5_err(context, 1, ret, "getting configuration files");
195 
196     ret = krb5_set_config_files(context, files);
197     krb5_free_config_files(files);
198     if(ret)
199 	krb5_err(context, 1, ret, "reading configuration files");
200 
201     memset(&conf, 0, sizeof(conf));
202     if(realm) {
203 	krb5_set_default_realm(context, realm); /* XXX should be fixed
204 						   some other way */
205 	conf.realm = realm;
206 	conf.mask |= KADM5_CONFIG_REALM;
207     }
208 
209     if (admin_server) {
210 	conf.admin_server = admin_server;
211 	conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
212     }
213 
214     if (server_port) {
215 	conf.kadmind_port = htons(server_port);
216 	conf.mask |= KADM5_CONFIG_KADMIND_PORT;
217     }
218 
219     if (keyfile) {
220 	conf.stash_file = keyfile;
221 	conf.mask |= KADM5_CONFIG_STASH_FILE;
222     }
223 
224     if(local_flag) {
225 	int i;
226 
227 	kadm5_setup_passwd_quality_check (context,
228 					  check_library, check_function);
229 
230 	for (i = 0; i < policy_libraries.num_strings; i++) {
231 	    ret = kadm5_add_passwd_quality_verifier(context,
232 						    policy_libraries.strings[i]);
233 	    if (ret)
234 		krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
235 	}
236 	ret = kadm5_add_passwd_quality_verifier(context, NULL);
237 	if (ret)
238 	    krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
239 
240 	ret = kadm5_s_init_with_password_ctx(context,
241 					     KADM5_ADMIN_SERVICE,
242 					     NULL,
243 					     KADM5_ADMIN_SERVICE,
244 					     &conf, 0, 0,
245 					     &kadm_handle);
246     } else if (ad_flag) {
247 	if (client_name == NULL)
248 	    krb5_errx(context, 1, "keytab mode require principal name");
249 	ret = kadm5_ad_init_with_password_ctx(context,
250 					      client_name,
251 					      NULL,
252 					      KADM5_ADMIN_SERVICE,
253 					      &conf, 0, 0,
254 					      &kadm_handle);
255     } else if (keytab) {
256 	if (client_name == NULL)
257 	    krb5_errx(context, 1, "keytab mode require principal name");
258         ret = kadm5_c_init_with_skey_ctx(context,
259 					 client_name,
260 					 keytab,
261 					 KADM5_ADMIN_SERVICE,
262                                          &conf, 0, 0,
263                                          &kadm_handle);
264     } else
265 	ret = kadm5_c_init_with_password_ctx(context,
266 					     client_name,
267 					     NULL,
268 					     KADM5_ADMIN_SERVICE,
269 					     &conf, 0, 0,
270 					     &kadm_handle);
271 
272     if(ret)
273 	krb5_err(context, 1, ret, "kadm5_init_with_password");
274 
275     signal(SIGINT, SIG_IGN); /* ignore signals for now, the sl command
276                                 parser will handle SIGINT its own way;
277                                 we should really take care of this in
278                                 each function, f.i `get' might be
279                                 interruptable, but not `create' */
280     if (argc != 0) {
281 	ret = sl_command (commands, argc, argv);
282 	if(ret == -1)
283 	    sl_did_you_mean(commands, argv[0]);
284 	else if (ret == -2)
285 	    ret = 0;
286 	if(ret != 0)
287 	    exit_status = 1;
288     } else {
289 	while(!exit_seen) {
290 	    ret = sl_command_loop(commands, "kadmin> ", NULL);
291 	    if (ret == -2)
292 		exit_seen = 1;
293 	    else if (ret != 0)
294 		exit_status = 1;
295 	}
296     }
297 
298     kadm5_destroy(kadm_handle);
299     krb5_free_context(context);
300     return exit_status;
301 }
302