14960Swillf /*
25867Smp153739 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
34960Swillf * Use is subject to license terms.
44960Swillf */
54960Swillf
64960Swillf /*
74960Swillf * kadmin/ldap_util/kdb5_ldap_util.c
84960Swillf *
94960Swillf * (C) Copyright 1990,1991, 1996 by the Massachusetts Institute of Technology.
104960Swillf * All Rights Reserved.
114960Swillf *
124960Swillf * Export of this software from the United States of America may
134960Swillf * require a specific license from the United States Government.
144960Swillf * It is the responsibility of any person or organization contemplating
154960Swillf * export to obtain such a license before exporting.
164960Swillf *
174960Swillf * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
184960Swillf * distribute this software and its documentation for any purpose and
194960Swillf * without fee is hereby granted, provided that the above copyright
204960Swillf * notice appear in all copies and that both that copyright notice and
214960Swillf * this permission notice appear in supporting documentation, and that
224960Swillf * the name of M.I.T. not be used in advertising or publicity pertaining
234960Swillf * to distribution of the software without specific, written prior
244960Swillf * permission. Furthermore if you modify this software you must label
254960Swillf * your software as modified software and not distribute it in such a
264960Swillf * fashion that it might be confused with the original M.I.T. software.
274960Swillf * M.I.T. makes no representations about the suitability of
284960Swillf * this software for any purpose. It is provided "as is" without express
294960Swillf * or implied warranty.
304960Swillf *
314960Swillf *
324960Swillf * Edit a KDC database.
334960Swillf */
344960Swillf
354960Swillf /*
364960Swillf * Copyright (C) 1998 by the FundsXpress, INC.
374960Swillf *
384960Swillf * All rights reserved.
394960Swillf *
404960Swillf * Export of this software from the United States of America may require
414960Swillf * a specific license from the United States Government. It is the
424960Swillf * responsibility of any person or organization contemplating export to
434960Swillf * obtain such a license before exporting.
444960Swillf *
454960Swillf * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
464960Swillf * distribute this software and its documentation for any purpose and
474960Swillf * without fee is hereby granted, provided that the above copyright
484960Swillf * notice appear in all copies and that both that copyright notice and
494960Swillf * this permission notice appear in supporting documentation, and that
504960Swillf * the name of FundsXpress. not be used in advertising or publicity pertaining
514960Swillf * to distribution of the software without specific, written prior
524960Swillf * permission. FundsXpress makes no representations about the suitability of
534960Swillf * this software for any purpose. It is provided "as is" without express
544960Swillf * or implied warranty.
554960Swillf *
564960Swillf * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
574960Swillf * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
584960Swillf * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
594960Swillf */
604960Swillf
614960Swillf /* Copyright (c) 2004-2005, Novell, Inc.
624960Swillf * All rights reserved.
634960Swillf *
644960Swillf * Redistribution and use in source and binary forms, with or without
654960Swillf * modification, are permitted provided that the following conditions are met:
664960Swillf *
674960Swillf * * Redistributions of source code must retain the above copyright notice,
684960Swillf * this list of conditions and the following disclaimer.
694960Swillf * * Redistributions in binary form must reproduce the above copyright
704960Swillf * notice, this list of conditions and the following disclaimer in the
714960Swillf * documentation and/or other materials provided with the distribution.
724960Swillf * * The copyright holder's name is not used to endorse or promote products
734960Swillf * derived from this software without specific prior written permission.
744960Swillf *
754960Swillf * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
764960Swillf * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
774960Swillf * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
784960Swillf * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
794960Swillf * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
804960Swillf * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
814960Swillf * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
824960Swillf * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
834960Swillf * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
844960Swillf * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
854960Swillf * POSSIBILITY OF SUCH DAMAGE.
864960Swillf */
874960Swillf
884960Swillf #include <stdio.h>
894960Swillf #include <time.h>
904960Swillf
914960Swillf #include <k5-int.h>
924960Swillf #include <kadm5/admin.h>
934960Swillf #include <adm_proto.h>
944960Swillf #include <libintl.h>
954960Swillf #include <locale.h>
964960Swillf #include "kdb5_ldap_util.h"
974960Swillf
984960Swillf typedef void (*cmd_func)(int, char **);
994960Swillf int cmd_index(char *name);
1004960Swillf
1014960Swillf char *mkey_password = 0;
1024960Swillf int exit_status = 0;
1034960Swillf krb5_context util_context;
1044960Swillf kadm5_config_params global_params;
1054960Swillf krb5_boolean db_inited = FALSE;
1064960Swillf
1074960Swillf char *progname;
1084960Swillf krb5_boolean manual_mkey = FALSE;
1094960Swillf
1104960Swillf /*
1114960Swillf * This function prints the usage of kdb5_ldap_util, which is
1124960Swillf * the LDAP configuration utility.
1134960Swillf */
usage()1144960Swillf void usage()
1154960Swillf {
1164960Swillf fprintf(stderr, "%s: "
1174960Swillf "kdb5_ldap_util [-D user_dn [-w passwd]] [-H ldapuri]\n"
1184960Swillf "\tcmd [cmd_options]\n"
1194960Swillf
1204960Swillf /* Create realm */
1214960Swillf "create [-subtrees subtree_dn_list] [-sscope search_scope] [-containerref container_reference_dn]\n"
1224960Swillf #ifdef HAVE_EDIRECTORY
1234960Swillf "\t\t[-kdcdn kdc_service_list] [-admindn admin_service_list]\n"
1244960Swillf "\t\t[-pwddn passwd_service_list]\n"
1254960Swillf #endif
1264960Swillf "\t\t[-m|-P password|-sf stashfilename] [-k mkeytype] [-s]\n"
1274960Swillf "\t\t[-maxtktlife max_ticket_life] [-maxrenewlife max_renewable_ticket_life]\n"
1284960Swillf "\t\t[ticket_flags] [-r realm]\n"
1294960Swillf
1304960Swillf /* modify realm */
1314960Swillf "modify [-subtrees subtree_dn_list] [-sscope search_scope] [-containerref container_reference_dn]\n"
1324960Swillf #ifdef HAVE_EDIRECTORY
1334960Swillf "\t\t[-kdcdn kdc_service_list |\n"
1344960Swillf "\t\t[-clearkdcdn kdc_service_list] [-addkdcdn kdc_service_list]]\n"
1354960Swillf "\t\t[-admindn admin_service_list | [-clearadmindn admin_service_list]\n"
1364960Swillf "\t\t[-addadmindn admin_service_list]] [-pwddn passwd_service_list |\n"
1374960Swillf "\t\t[-clearpwddn passwd_service_list] [-addpwddn passwd_service_list]]\n"
1384960Swillf #endif
1394960Swillf "\t\t[-maxtktlife max_ticket_life] [-maxrenewlife max_renewable_ticket_life]\n"
1404960Swillf "\t\t[ticket_flags] [-r realm]\n"
1414960Swillf /* View realm */
1424960Swillf "view [-r realm]\n"
1434960Swillf
1444960Swillf /* Destroy realm */
1454960Swillf "destroy [-f] [-r realm]\n"
1464960Swillf
1474960Swillf /* List realms */
1484960Swillf "list\n"
1494960Swillf
1504960Swillf #ifdef HAVE_EDIRECTORY
1514960Swillf /* Create Service */
1524960Swillf "create_service {-kdc|-admin|-pwd} [-servicehost service_host_list]\n"
1534960Swillf "\t\t[-realm realm_list] \n"
1544960Swillf "\t\t[-randpw|-fileonly] [-f filename] service_dn\n"
1554960Swillf
1564960Swillf /* Modify service */
1574960Swillf "modify_service [-servicehost service_host_list |\n"
1584960Swillf "\t\t[-clearservicehost service_host_list]\n"
1594960Swillf "\t\t[-addservicehost service_host_list]]\n"
1604960Swillf "\t\t[-realm realm_list | [-clearrealm realm_list]\n"
1614960Swillf "\t\t[-addrealm realm_list]] service_dn\n"
1624960Swillf
1634960Swillf /* View Service */
1644960Swillf "view_service service_dn\n"
1654960Swillf
1664960Swillf /* Destroy Service */
1674960Swillf "destroy_service [-force] [-f stashfilename] service_dn\n"
1684960Swillf
1694960Swillf /* List services */
1704960Swillf "list_service [-basedn base_dn]\n"
1714960Swillf
1724960Swillf /* Set Service password */
1734960Swillf "setsrvpw [-randpw|-fileonly] [-f filename] service_dn\n"
1744960Swillf
1754960Swillf #else
1764960Swillf
1774960Swillf /* Stash the service password */
1784960Swillf "stashsrvpw [-f filename] service_dn\n"
1794960Swillf
1804960Swillf #endif
1814960Swillf
1824960Swillf /* Create policy */
1834960Swillf "create_policy [-r realm] [-maxtktlife max_ticket_life]\n"
1844960Swillf "\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
1854960Swillf
1864960Swillf /* Modify policy */
1874960Swillf "modify_policy [-r realm] [-maxtktlife max_ticket_life]\n"
1884960Swillf "\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
1894960Swillf
1904960Swillf /* View policy */
1914960Swillf "view_policy [-r realm] policy\n"
1924960Swillf
1934960Swillf /* Destroy policy */
1944960Swillf "destroy_policy [-r realm] [-force] policy\n"
1954960Swillf
1964960Swillf /* List policies */
1974960Swillf "list_policy [-r realm]\n",
1984960Swillf gettext("Usage"));
1994960Swillf }
2004960Swillf
db_usage(int type)2014960Swillf void db_usage (int type) {
2024960Swillf /*
2034960Swillf * This should print usage of 'type' command. For now, we will print usage
2044960Swillf * of all commands.
2054960Swillf */
2064960Swillf usage ();
2074960Swillf }
2084960Swillf
2094960Swillf /* The help messages for all sub-commands should be in the
2104960Swillf * same order as listed in this table.
2114960Swillf */
2124960Swillf static struct _cmd_table {
2134960Swillf char *name;
2144960Swillf cmd_func func;
2154960Swillf int opendb;
2164960Swillf } cmd_table[] = {
2174960Swillf {"create", kdb5_ldap_create, 1},
2184960Swillf {"modify", kdb5_ldap_modify, 1},
2194960Swillf {"view", kdb5_ldap_view, 1},
2204960Swillf {"destroy", kdb5_ldap_destroy, 1},
2214960Swillf {"list", kdb5_ldap_list, 1},
2224960Swillf #ifdef HAVE_EDIRECTORY
2234960Swillf {"create_service", kdb5_ldap_create_service, 1},
2244960Swillf {"modify_service", kdb5_ldap_modify_service, 1},
2254960Swillf {"view_service", kdb5_ldap_view_service, 1},
2264960Swillf {"destroy_service", kdb5_ldap_destroy_service, 1},
2274960Swillf {"list_service",kdb5_ldap_list_services,1},
2284960Swillf {"setsrvpw", kdb5_ldap_set_service_password, 0},
2294960Swillf #else
2304960Swillf {"stashsrvpw", kdb5_ldap_stash_service_password, 0},
2314960Swillf #endif
2324960Swillf {"create_policy", kdb5_ldap_create_policy, 1},
2334960Swillf {"modify_policy", kdb5_ldap_modify_policy, 1},
2344960Swillf {"view_policy", kdb5_ldap_view_policy, 1},
2354960Swillf {"destroy_policy", kdb5_ldap_destroy_policy, 1},
2364960Swillf {"list_policy", kdb5_ldap_list_policies, 1},
2374960Swillf {NULL, NULL, 0},
2384960Swillf };
2394960Swillf
2404960Swillf
2414960Swillf /*
2424960Swillf * The function cmd_lookup returns the structure matching the
2434960Swillf * command name and returns NULL if nothing matches.
2444960Swillf */
cmd_lookup(name)2454960Swillf static struct _cmd_table *cmd_lookup(name)
2464960Swillf char *name;
2474960Swillf {
2484960Swillf int i;
2494960Swillf
2504960Swillf for (i = 0; cmd_table[i].name != NULL; i++)
2514960Swillf if (strcmp(cmd_table[i].name, name) == 0)
2524960Swillf return &cmd_table[i];
2534960Swillf
2544960Swillf return NULL;
2554960Swillf }
2564960Swillf
2574960Swillf
2584960Swillf /*
2594960Swillf * The function cmd_index provides the offset of the command
2604960Swillf * in the command table, which can be used to get the corresponding
2614960Swillf * help from the help message table.
2624960Swillf */
cmd_index(name)2634960Swillf int cmd_index(name)
2644960Swillf char *name;
2654960Swillf {
2664960Swillf int i;
2674960Swillf
2684960Swillf if (name == NULL)
2694960Swillf return -1;
2704960Swillf
2714960Swillf for (i = 0; cmd_table[i].name != NULL; i++)
2724960Swillf if (strcmp(cmd_table[i].name, name) == 0)
2734960Swillf return i;
2744960Swillf
2754960Swillf return -1;
2764960Swillf }
2774960Swillf
extended_com_err_fn(const char * myprog,errcode_t code,const char * fmt,va_list args)2784960Swillf static void extended_com_err_fn (const char *myprog, errcode_t code,
2794960Swillf const char *fmt, va_list args)
2804960Swillf {
2814960Swillf const char *emsg;
2824960Swillf /* Solaris Kerberos: code should be like that in kdb5_util.c */
2834960Swillf if (code) {
2844960Swillf emsg = krb5_get_error_message (util_context, code);
2854960Swillf fprintf (stderr, "%s: %s ", myprog, emsg);
2864960Swillf krb5_free_error_message (util_context, emsg);
2874960Swillf } else {
2884960Swillf fprintf (stderr, "%s: ", myprog);
2894960Swillf }
2904960Swillf vfprintf (stderr, fmt, args);
2914960Swillf fprintf (stderr, "\n");
2924960Swillf }
2934960Swillf
main(argc,argv)2944960Swillf int main(argc, argv)
2954960Swillf int argc;
2964960Swillf char *argv[];
2974960Swillf {
2984960Swillf struct _cmd_table *cmd = NULL;
2994960Swillf char *koptarg = NULL, **cmd_argv = NULL;
3004960Swillf int cmd_argc = 0;
3014960Swillf krb5_error_code retval;
3024960Swillf int usage_print = 0;
3034960Swillf int gp_is_static = 1;
3044960Swillf krb5_error_code db_retval = 1;
3054960Swillf char *bind_dn = NULL;
3064960Swillf char *passwd = NULL;
3074960Swillf char *ldap_server = NULL;
3084960Swillf unsigned int ldapmask = 0;
3094960Swillf unsigned int passwd_len = 0;
3104960Swillf char *prompt = NULL;
3114960Swillf kdb5_dal_handle *dal_handle = NULL;
3124960Swillf krb5_ldap_context *ldap_context=NULL;
3134960Swillf char *value = NULL, *conf_section = NULL;
3144960Swillf krb5_boolean realm_name_required = TRUE;
3154960Swillf krb5_boolean print_help_message = FALSE;
3164960Swillf
3175867Smp153739 /*
3185867Smp153739 * Solaris Kerberos:
3195867Smp153739 * Ensure that "progname" is set before calling com_err.
3205867Smp153739 */
3215867Smp153739 progname = (strrchr(argv[0], '/') ? strrchr(argv[0], '/')+1 : argv[0]);
3225867Smp153739
3234960Swillf retval = krb5_init_context(&util_context);
3244960Swillf set_com_err_hook(extended_com_err_fn);
3254960Swillf if (retval) {
3264960Swillf com_err (progname, retval, gettext("while initializing Kerberos code"));
3274960Swillf exit_status++;
3284960Swillf goto cleanup;
3294960Swillf }
3304960Swillf
3314960Swillf cmd_argv = (char **) malloc(sizeof(char *)*argc);
3324960Swillf if (cmd_argv == NULL) {
3334960Swillf com_err(progname, ENOMEM, gettext("while creating sub-command arguments"));
3344960Swillf exit_status++;
3354960Swillf goto cleanup;
3364960Swillf }
3374960Swillf memset(cmd_argv, 0, sizeof(char *)*argc);
3384960Swillf cmd_argc = 1;
3394960Swillf
3404960Swillf memset(&global_params, 0, sizeof(kadm5_config_params));
3414960Swillf
3424960Swillf argv++; argc--;
3434960Swillf while (*argv) {
3444960Swillf if (strcmp(*argv, "--help") == 0) {
3454960Swillf print_help_message = TRUE;
3464960Swillf }
3474960Swillf if (strcmp(*argv, "-P") == 0 && ARG_VAL) {
3484960Swillf mkey_password = koptarg;
3494960Swillf manual_mkey = TRUE;
3504960Swillf } else if (strcmp(*argv, "-r") == 0 && ARG_VAL) {
3514960Swillf global_params.realm = koptarg;
3524960Swillf global_params.mask |= KADM5_CONFIG_REALM;
3534960Swillf /* not sure this is really necessary */
3544960Swillf if ((retval = krb5_set_default_realm(util_context,
3554960Swillf global_params.realm))) {
3564960Swillf com_err(progname, retval, gettext("while setting default realm name"));
3574960Swillf exit_status++;
3584960Swillf goto cleanup;
3594960Swillf }
3604960Swillf } else if (strcmp(*argv, "-k") == 0 && ARG_VAL) {
361*8092SMark.Phalan@Sun.COM if (krb5_string_to_enctype(koptarg, &global_params.enctype)) {
362*8092SMark.Phalan@Sun.COM /* Solaris Kerberos */
363*8092SMark.Phalan@Sun.COM com_err(progname, 0, gettext("%s is an invalid enctype"), koptarg);
364*8092SMark.Phalan@Sun.COM }
3654960Swillf else
3664960Swillf global_params.mask |= KADM5_CONFIG_ENCTYPE;
3674960Swillf } else if (strcmp(*argv, "-M") == 0 && ARG_VAL) {
3684960Swillf global_params.mkey_name = koptarg;
3694960Swillf global_params.mask |= KADM5_CONFIG_MKEY_NAME;
3704960Swillf } else if (strcmp(*argv, "-sf") == 0 && ARG_VAL) {
3714960Swillf global_params.stash_file = koptarg;
3724960Swillf global_params.mask |= KADM5_CONFIG_STASH_FILE;
3734960Swillf } else if (strcmp(*argv, "-m") == 0) {
3744960Swillf manual_mkey = TRUE;
3754960Swillf global_params.mkey_from_kbd = 1;
3764960Swillf global_params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
3774960Swillf } else if (strcmp(*argv, "-D") == 0 && ARG_VAL) {
3784960Swillf bind_dn = koptarg;
3794960Swillf if (bind_dn == NULL) {
3804960Swillf com_err(progname, ENOMEM, gettext("while reading ldap parameters"));
3814960Swillf exit_status++;
3824960Swillf goto cleanup;
3834960Swillf }
3844960Swillf ldapmask |= CMD_LDAP_D;
3854960Swillf } else if (strcmp(*argv, "-w") == 0 && ARG_VAL) {
3864960Swillf passwd = strdup(koptarg);
3874960Swillf if (passwd == NULL) {
3884960Swillf com_err(progname, ENOMEM, gettext("while reading ldap parameters"));
3894960Swillf exit_status++;
3904960Swillf goto cleanup;
3914960Swillf }
3924960Swillf ldapmask |= CMD_LDAP_W;
3934960Swillf } else if (strcmp(*argv, "-H") == 0 && ARG_VAL) {
3944960Swillf ldap_server = koptarg;
3954960Swillf if (ldap_server == NULL) {
3964960Swillf com_err(progname, ENOMEM, gettext("while reading ldap parameters"));
3974960Swillf exit_status++;
3984960Swillf goto cleanup;
3994960Swillf }
4004960Swillf ldapmask |= CMD_LDAP_H;
4014960Swillf } else if (cmd_lookup(*argv) != NULL) {
4024960Swillf if (cmd_argv[0] == NULL)
4034960Swillf cmd_argv[0] = *argv;
4044960Swillf else {
4054960Swillf free(cmd_argv);
4064960Swillf cmd_argv = NULL;
4074960Swillf usage();
4084960Swillf goto cleanup;
4094960Swillf }
4104960Swillf } else {
4114960Swillf cmd_argv[cmd_argc++] = *argv;
4124960Swillf }
4134960Swillf argv++; argc--;
4144960Swillf }
4154960Swillf
4164960Swillf if (cmd_argv[0] == NULL) {
4174960Swillf free(cmd_argv);
4184960Swillf cmd_argv = NULL;
4194960Swillf usage();
4204960Swillf goto cleanup;
4214960Swillf }
4224960Swillf
4234960Swillf /* if we need to print the help message (because of --help option)
4244960Swillf * we will print the help corresponding to the sub-command.
4254960Swillf */
4264960Swillf if (print_help_message) {
4274960Swillf char *cmd_name = cmd_argv[0];
4284960Swillf free(cmd_argv);
4294960Swillf cmd_argv = NULL;
4304960Swillf usage();
4314960Swillf goto cleanup;
4324960Swillf }
4334960Swillf
4344960Swillf /* We need to check for the presence of default realm name only in
4354960Swillf * the case of realm related operations like create, destroy etc.
4364960Swillf */
4374960Swillf if ((strcmp(cmd_argv[0], "list") == 0) ||
4384960Swillf (strcmp(cmd_argv[0], "stashsrvpw") == 0)) {
4394960Swillf realm_name_required = FALSE;
4404960Swillf }
4414960Swillf
4424960Swillf if (!util_context->default_realm) {
4434960Swillf char *temp = NULL;
4444960Swillf retval = krb5_get_default_realm(util_context, &temp);
4454960Swillf if (retval) {
4464960Swillf if (realm_name_required) {
4474960Swillf com_err (progname, retval, gettext("while getting default realm"));
4484960Swillf exit_status++;
4494960Swillf goto cleanup;
4504960Swillf }
4514960Swillf } else
4524960Swillf util_context->default_realm = temp;
4534960Swillf }
4544960Swillf /* If we have the realm name, we can safely say that
4554960Swillf * realm_name is required so that we don't neglect any information.
4564960Swillf */
4574960Swillf else
4584960Swillf realm_name_required = TRUE;
4594960Swillf
4604960Swillf retval = profile_get_string(util_context->profile, KDB_REALM_SECTION,
4614960Swillf util_context->default_realm, KDB_MODULE_POINTER,
4624960Swillf NULL,
4634960Swillf &value);
4644960Swillf
4654960Swillf if (!(value)) {
4664960Swillf retval = profile_get_string(util_context->profile, KDB_MODULE_DEF_SECTION,
4674960Swillf KDB_MODULE_POINTER, NULL,
4684960Swillf NULL,
4694960Swillf &value);
4704960Swillf if (!(value)) {
4714960Swillf if (util_context->default_realm)
4724960Swillf conf_section = strdup(util_context->default_realm);
4734960Swillf } else {
4744960Swillf conf_section = strdup(value);
4754960Swillf free(value);
4764960Swillf }
4774960Swillf } else {
4784960Swillf conf_section = strdup(value);
4794960Swillf free(value);
4804960Swillf }
4814960Swillf
4824960Swillf if (realm_name_required) {
4837934SMark.Phalan@Sun.COM retval = kadm5_get_config_params(util_context, 1,
4844960Swillf &global_params, &global_params);
4854960Swillf if (retval) {
486*8092SMark.Phalan@Sun.COM /* Solaris Kerberos */
487*8092SMark.Phalan@Sun.COM com_err(progname, retval, gettext("while retreiving configuration parameters"));
4884960Swillf exit_status++;
4894960Swillf goto cleanup;
4904960Swillf }
4914960Swillf gp_is_static = 0;
4924960Swillf }
4934960Swillf
4944960Swillf if ((retval = krb5_ldap_lib_init()) != 0) {
495*8092SMark.Phalan@Sun.COM /* Solaris Kerberos */
496*8092SMark.Phalan@Sun.COM com_err(progname, retval, gettext("while initializing error handling"));
4974960Swillf exit_status++;
4984960Swillf goto cleanup;
4994960Swillf }
5004960Swillf
5014960Swillf /* Initialize the ldap context */
5024960Swillf ldap_context = calloc(sizeof(krb5_ldap_context), 1);
5034960Swillf if (ldap_context == NULL) {
504*8092SMark.Phalan@Sun.COM /* Solaris Kerberos */
505*8092SMark.Phalan@Sun.COM com_err(progname, ENOMEM, gettext("while initializing ldap handle"));
5064960Swillf exit_status++;
5074960Swillf goto cleanup;
5084960Swillf }
5094960Swillf
5104960Swillf ldap_context->kcontext = util_context;
5114960Swillf
5124960Swillf /* If LDAP parameters are specified, replace them with the values from config */
5134960Swillf if (ldapmask & CMD_LDAP_D) {
5144960Swillf /* If password is not specified, prompt for it */
5154960Swillf if (passwd == NULL) {
5164960Swillf passwd = (char *)malloc(MAX_PASSWD_LEN);
5174960Swillf if (passwd == NULL) {
518*8092SMark.Phalan@Sun.COM /* Solaris Kerberos */
519*8092SMark.Phalan@Sun.COM com_err(progname, ENOMEM, gettext("while retrieving ldap configuration"));
5204960Swillf exit_status++;
5214960Swillf goto cleanup;
5224960Swillf }
5234960Swillf prompt = (char *)malloc(MAX_PASSWD_PROMPT_LEN);
5244960Swillf if (prompt == NULL) {
5254960Swillf free(passwd);
5264960Swillf passwd = NULL;
527*8092SMark.Phalan@Sun.COM /* Solaris Kerberos */
528*8092SMark.Phalan@Sun.COM com_err(progname, ENOMEM, gettext("while retrieving ldap configuration"));
5294960Swillf exit_status++;
5304960Swillf goto cleanup;
5314960Swillf }
5324960Swillf memset(passwd, 0, sizeof(passwd));
5334960Swillf passwd_len = MAX_PASSWD_LEN - 1;
5344960Swillf snprintf(prompt, MAX_PASSWD_PROMPT_LEN, gettext("Password for \"%s\""), bind_dn);
5354960Swillf
5364960Swillf db_retval = krb5_read_password(util_context, prompt, NULL, passwd, &passwd_len);
5374960Swillf
5384960Swillf if ((db_retval) || (passwd_len == 0)) {
539*8092SMark.Phalan@Sun.COM /* Solaris Kerberos */
540*8092SMark.Phalan@Sun.COM com_err(progname, db_retval, gettext("while retrieving ldap configuration"));
5414960Swillf free(passwd);
5424960Swillf passwd = NULL;
5434960Swillf exit_status++;
5444960Swillf goto cleanup;
5454960Swillf }
5464960Swillf }
5474960Swillf
5484960Swillf ldap_context->bind_pwd = passwd;
5494960Swillf }
5504960Swillf
5514960Swillf /* If ldaphost is specified, release entry filled by configuration & use this */
5524960Swillf if (ldapmask & CMD_LDAP_H) {
5534960Swillf
5544960Swillf ldap_context->server_info_list = (krb5_ldap_server_info **) calloc (2, sizeof (krb5_ldap_server_info *)) ;
5554960Swillf if (ldap_context->server_info_list == NULL) {
556*8092SMark.Phalan@Sun.COM /* Solaris Kerberos */
557*8092SMark.Phalan@Sun.COM com_err(progname, ENOMEM, gettext("while initializing server list"));
5584960Swillf exit_status++;
5594960Swillf goto cleanup;
5604960Swillf }
5614960Swillf
5624960Swillf ldap_context->server_info_list[0] = (krb5_ldap_server_info *) calloc (1, sizeof (krb5_ldap_server_info));
5634960Swillf if (ldap_context->server_info_list[0] == NULL) {
564*8092SMark.Phalan@Sun.COM /* Solaris Kerberos */
565*8092SMark.Phalan@Sun.COM com_err(progname, ENOMEM, gettext("while initializing server list"));
5664960Swillf exit_status++;
5674960Swillf goto cleanup;
5684960Swillf }
5694960Swillf
5704960Swillf ldap_context->server_info_list[0]->server_status = NOTSET;
5714960Swillf
5724960Swillf ldap_context->server_info_list[0]->server_name = strdup(ldap_server);
5734960Swillf if (ldap_context->server_info_list[0]->server_name == NULL) {
574*8092SMark.Phalan@Sun.COM /* Solaris Kerberos */
575*8092SMark.Phalan@Sun.COM com_err(progname, ENOMEM, gettext("while initializing server list"));
5764960Swillf exit_status++;
5774960Swillf goto cleanup;
5784960Swillf }
5794960Swillf }
5804960Swillf if (bind_dn) {
5814960Swillf ldap_context->bind_dn = strdup(bind_dn);
5824960Swillf if (ldap_context->bind_dn == NULL) {
583*8092SMark.Phalan@Sun.COM /* Solaris Kerberos */
584*8092SMark.Phalan@Sun.COM com_err(progname, ENOMEM, gettext("while retrieving ldap configuration"));
5854960Swillf exit_status++;
5864960Swillf goto cleanup;
5874960Swillf }
5884960Swillf } else
5894960Swillf ldap_context->bind_dn = NULL;
5904960Swillf
5914960Swillf ldap_context->service_type = SERVICE_DN_TYPE_CLIENT;
5924960Swillf
5934960Swillf if (realm_name_required) {
5944960Swillf if ((global_params.enctype != ENCTYPE_UNKNOWN) &&
5954960Swillf (!krb5_c_valid_enctype(global_params.enctype))) {
596*8092SMark.Phalan@Sun.COM /* Solaris Kerberos */
597*8092SMark.Phalan@Sun.COM com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,
5984960Swillf gettext("while setting up enctype %d"), global_params.enctype);
5994960Swillf }
6004960Swillf }
6014960Swillf
6024960Swillf cmd = cmd_lookup(cmd_argv[0]);
6034960Swillf
6044960Swillf /* Setup DAL handle to access the database */
6054960Swillf dal_handle = calloc((size_t)1, sizeof(kdb5_dal_handle));
6064960Swillf if (dal_handle == NULL) {
6074960Swillf goto cleanup;
6084960Swillf }
6094960Swillf dal_handle->db_context = ldap_context;
6104960Swillf util_context->db_context = (void *) dal_handle;
6114960Swillf
6124960Swillf db_retval = krb5_ldap_read_server_params(util_context, conf_section, KRB5_KDB_SRV_TYPE_OTHER);
6134960Swillf if (db_retval) {
614*8092SMark.Phalan@Sun.COM /* Solaris Kerberos */
615*8092SMark.Phalan@Sun.COM com_err(progname, db_retval, gettext("while reading ldap configuration"));
6164960Swillf exit_status++;
6174960Swillf goto cleanup;
6184960Swillf }
6194960Swillf
6204960Swillf if (cmd->opendb) {
6214960Swillf db_retval = krb5_ldap_db_init(util_context, ldap_context);
6224960Swillf if (db_retval) {
6234960Swillf com_err(progname, db_retval, gettext("while initializing database"));
6244960Swillf exit_status++;
6254960Swillf goto cleanup;
6264960Swillf }
6274960Swillf db_inited = TRUE;
6284960Swillf }
6294960Swillf (*cmd->func)(cmd_argc, cmd_argv);
6304960Swillf
6314960Swillf goto cleanup;
6324960Swillf
6334960Swillf cleanup:
6344960Swillf if (passwd)
6354960Swillf memset(passwd, 0, sizeof(passwd));
6364960Swillf if (ldap_context && ldap_context->bind_pwd)
6374960Swillf memset(ldap_context->bind_pwd, 0, sizeof(ldap_context->bind_pwd));
6384960Swillf
6394960Swillf if (util_context) {
6404960Swillf if (gp_is_static == 0)
6414960Swillf kadm5_free_config_params(util_context, &global_params);
6424960Swillf krb5_ldap_close(util_context);
6434960Swillf krb5_free_context(util_context);
6444960Swillf }
6454960Swillf
6464960Swillf if (cmd_argv)
6474960Swillf free(cmd_argv);
6484960Swillf if (prompt)
6494960Swillf free(prompt);
6504960Swillf if (conf_section)
6514960Swillf free(conf_section);
6524960Swillf if (dal_handle)
6534960Swillf free(dal_handle);
6544960Swillf
6554960Swillf if (usage_print) {
6564960Swillf usage();
6574960Swillf }
6584960Swillf
6594960Swillf return exit_status;
6604960Swillf }
661