1 /* $NetBSD: kadmin.c,v 1.2 2017/01/28 21:31:44 christos Exp $ */ 2 3 /* 4 * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include "kadmin_locl.h" 37 #include "kadmin-commands.h" 38 #include <krb5/sl.h> 39 40 static char *config_file; 41 static char *keyfile; 42 int local_flag; 43 static int ad_flag; 44 static int help_flag; 45 static int version_flag; 46 static char *realm; 47 static char *admin_server; 48 static int server_port = 0; 49 static char *client_name; 50 static char *keytab; 51 static char *check_library = NULL; 52 static char *check_function = NULL; 53 static getarg_strings policy_libraries = { 0, NULL }; 54 55 static struct getargs args[] = { 56 { "principal", 'p', arg_string, &client_name, 57 "principal to authenticate as", NULL }, 58 { "keytab", 'K', arg_string, &keytab, 59 "keytab for authentication principal", NULL }, 60 { 61 "config-file", 'c', arg_string, &config_file, 62 "location of config file", "file" 63 }, 64 { 65 "key-file", 'k', arg_string, &keyfile, 66 "location of master key file", "file" 67 }, 68 { 69 "realm", 'r', arg_string, &realm, 70 "realm to use", "realm" 71 }, 72 { 73 "admin-server", 'a', arg_string, &admin_server, 74 "server to contact", "host" 75 }, 76 { 77 "server-port", 's', arg_integer, &server_port, 78 "port to use", "port number" 79 }, 80 { "ad", 0, arg_flag, &ad_flag, "active directory admin mode", 81 NULL }, 82 #ifdef HAVE_DLOPEN 83 { "check-library", 0, arg_string, &check_library, 84 "library to load password check function from", "library" }, 85 { "check-function", 0, arg_string, &check_function, 86 "password check function to load", "function" }, 87 { "policy-libraries", 0, arg_strings, &policy_libraries, 88 "password check function to load", "function" }, 89 #endif 90 { "local", 'l', arg_flag, &local_flag, "local admin mode", NULL }, 91 { "help", 'h', arg_flag, &help_flag, NULL, NULL }, 92 { "version", 'v', arg_flag, &version_flag, NULL, NULL } 93 }; 94 95 static int num_args = sizeof(args) / sizeof(args[0]); 96 97 98 krb5_context context; 99 void *kadm_handle; 100 101 int 102 help(void *opt, int argc, char **argv) 103 { 104 sl_slc_help(commands, argc, argv); 105 return 0; 106 } 107 108 static int exit_seen = 0; 109 110 int 111 exit_kadmin (void *opt, int argc, char **argv) 112 { 113 exit_seen = 1; 114 return 0; 115 } 116 117 int 118 lock(void *opt, int argc, char **argv) 119 { 120 return kadm5_lock(kadm_handle); 121 } 122 123 int 124 unlock(void *opt, int argc, char **argv) 125 { 126 return kadm5_unlock(kadm_handle); 127 } 128 129 static void 130 usage(int ret) 131 { 132 arg_printusage (args, num_args, NULL, "[command]"); 133 exit (ret); 134 } 135 136 int 137 get_privs(void *opt, int argc, char **argv) 138 { 139 uint32_t privs; 140 char str[128]; 141 kadm5_ret_t ret; 142 143 ret = kadm5_get_privs(kadm_handle, &privs); 144 if(ret) 145 krb5_warn(context, ret, "kadm5_get_privs"); 146 else{ 147 ret =_kadm5_privs_to_string(privs, str, sizeof(str)); 148 if (ret == 0) 149 printf("%s\n", str); 150 else 151 printf("privs: 0x%x\n", (unsigned int)privs); 152 } 153 return 0; 154 } 155 156 int 157 main(int argc, char **argv) 158 { 159 krb5_error_code ret; 160 char **files; 161 kadm5_config_params conf; 162 int optidx = 0; 163 int exit_status = 0; 164 int aret; 165 166 setprogname(argv[0]); 167 168 ret = krb5_init_context(&context); 169 if (ret) 170 errx (1, "krb5_init_context failed: %d", ret); 171 172 if(getarg(args, num_args, argc, argv, &optidx)) 173 usage(1); 174 175 if (help_flag) 176 usage (0); 177 178 if (version_flag) { 179 print_version(NULL); 180 exit(0); 181 } 182 183 argc -= optidx; 184 argv += optidx; 185 186 if (config_file == NULL) { 187 aret = asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context)); 188 if (aret == -1) 189 errx(1, "out of memory"); 190 } 191 192 ret = krb5_prepend_config_files_default(config_file, &files); 193 if (ret) 194 krb5_err(context, 1, ret, "getting configuration files"); 195 196 ret = krb5_set_config_files(context, files); 197 krb5_free_config_files(files); 198 if(ret) 199 krb5_err(context, 1, ret, "reading configuration files"); 200 201 memset(&conf, 0, sizeof(conf)); 202 if(realm) { 203 krb5_set_default_realm(context, realm); /* XXX should be fixed 204 some other way */ 205 conf.realm = realm; 206 conf.mask |= KADM5_CONFIG_REALM; 207 } 208 209 if (admin_server) { 210 conf.admin_server = admin_server; 211 conf.mask |= KADM5_CONFIG_ADMIN_SERVER; 212 } 213 214 if (server_port) { 215 conf.kadmind_port = htons(server_port); 216 conf.mask |= KADM5_CONFIG_KADMIND_PORT; 217 } 218 219 if (keyfile) { 220 conf.stash_file = keyfile; 221 conf.mask |= KADM5_CONFIG_STASH_FILE; 222 } 223 224 if(local_flag) { 225 int i; 226 227 kadm5_setup_passwd_quality_check (context, 228 check_library, check_function); 229 230 for (i = 0; i < policy_libraries.num_strings; i++) { 231 ret = kadm5_add_passwd_quality_verifier(context, 232 policy_libraries.strings[i]); 233 if (ret) 234 krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); 235 } 236 ret = kadm5_add_passwd_quality_verifier(context, NULL); 237 if (ret) 238 krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); 239 240 ret = kadm5_s_init_with_password_ctx(context, 241 KADM5_ADMIN_SERVICE, 242 NULL, 243 KADM5_ADMIN_SERVICE, 244 &conf, 0, 0, 245 &kadm_handle); 246 } else if (ad_flag) { 247 if (client_name == NULL) 248 krb5_errx(context, 1, "keytab mode require principal name"); 249 ret = kadm5_ad_init_with_password_ctx(context, 250 client_name, 251 NULL, 252 KADM5_ADMIN_SERVICE, 253 &conf, 0, 0, 254 &kadm_handle); 255 } else if (keytab) { 256 if (client_name == NULL) 257 krb5_errx(context, 1, "keytab mode require principal name"); 258 ret = kadm5_c_init_with_skey_ctx(context, 259 client_name, 260 keytab, 261 KADM5_ADMIN_SERVICE, 262 &conf, 0, 0, 263 &kadm_handle); 264 } else 265 ret = kadm5_c_init_with_password_ctx(context, 266 client_name, 267 NULL, 268 KADM5_ADMIN_SERVICE, 269 &conf, 0, 0, 270 &kadm_handle); 271 272 if(ret) 273 krb5_err(context, 1, ret, "kadm5_init_with_password"); 274 275 signal(SIGINT, SIG_IGN); /* ignore signals for now, the sl command 276 parser will handle SIGINT its own way; 277 we should really take care of this in 278 each function, f.i `get' might be 279 interruptable, but not `create' */ 280 if (argc != 0) { 281 ret = sl_command (commands, argc, argv); 282 if(ret == -1) 283 sl_did_you_mean(commands, argv[0]); 284 else if (ret == -2) 285 ret = 0; 286 if(ret != 0) 287 exit_status = 1; 288 } else { 289 while(!exit_seen) { 290 ret = sl_command_loop(commands, "kadmin> ", NULL); 291 if (ret == -2) 292 exit_seen = 1; 293 else if (ret != 0) 294 exit_status = 1; 295 } 296 } 297 298 kadm5_destroy(kadm_handle); 299 krb5_free_context(context); 300 return exit_status; 301 } 302