xref: /onnv-gate/usr/src/cmd/krb5/kadmin/cli/k5srvutil.sh (revision 2881:ea6360e7e1c5) 
1*2881Smp153739#!/bin/sh
2*2881Smp153739#
3*2881Smp153739#
4*2881Smp153739# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
5*2881Smp153739# Use is subject to license terms.
6*2881Smp153739#
7*2881Smp153739#
8*2881Smp153739#
9*2881Smp153739#
10*2881Smp153739#pragma ident	"%Z%%M%	%I%	%E% SMI"
11*2881Smp153739
12*2881Smp153739TEXTDOMAIN=SUNW_OST_OSCMD
13*2881Smp153739export TEXTDOMAIN
14*2881Smp153739
15*2881Smp153739# list_princs keytab
16*2881Smp153739# returns a list of principals in the keytab
17*2881Smp153739# sorted and uniquified
18*2881Smp153739list_princs() {
19*2881Smp153739    klist -k $keytab | tail +4 | awk '{print $2}' | sort | uniq
20*2881Smp153739}
21*2881Smp153739
22*2881Smp153739set_command() {
23*2881Smp153739    if [ x$command != x ] ; then
24*2881Smp153739	cmd_error `gettext  "Only one command can be specified"`
25*2881Smp153739	usage
26*2881Smp153739	exit 1
27*2881Smp153739    fi
28*2881Smp153739    command=$1
29*2881Smp153739}
30*2881Smp153739
31*2881Smp153739#interactive_prompt prompt princ
32*2881Smp153739# If in interactive mode  return true if the principal  should be acted on
33*2881Smp153739# otherwise return true all the time
34*2881Smp153739#
35*2881Smp153739# SUNW14resync: If in interactive mode the default is now to return false
36*2881Smp153739#               i.e. if in interactive mode unless the user types "Yes" or
37*2881Smp153739#               "yes" false will be returned.
38*2881Smp153739#
39*2881Smp153739interactive_prompt() {
40*2881Smp153739    if [ $interactive = 0 ] ; then
41*2881Smp153739	return 0
42*2881Smp153739    fi
43*2881Smp153739    PROMPT=`gettext  "%s for %s? [yes no] "`
44*2881Smp153739    Y1=`gettext  "yes"`
45*2881Smp153739    Y2=`gettext  "Yes"`
46*2881Smp153739    printf "$PROMPT" "$1" "$2"
47*2881Smp153739    read ans
48*2881Smp153739    case $ans in
49*2881Smp153739    ${Y1}|${Y2})
50*2881Smp153739	return 0
51*2881Smp153739	;;
52*2881Smp153739    esac
53*2881Smp153739    return 1
54*2881Smp153739    }
55*2881Smp153739
56*2881Smp153739cmd_error() {
57*2881Smp153739    echo $@ 2>&1
58*2881Smp153739    }
59*2881Smp153739
60*2881Smp153739usage() {
61*2881Smp153739    USAGE=`gettext "Usage: $0 [-i] [-f file] list|change|delete|delold"`
62*2881Smp153739    echo $USAGE
63*2881Smp153739}
64*2881Smp153739
65*2881Smp153739
66*2881Smp153739
67*2881Smp153739change_key() {
68*2881Smp153739    princs=`list_princs `
69*2881Smp153739    for princ in $princs; do
70*2881Smp153739	ACTION=`gettext  "Change key"`
71*2881Smp153739	if interactive_prompt "$ACTION" $princ; then
72*2881Smp153739	    kadmin -k -t $keytab -p $princ -q "ktadd -k $keytab $princ"
73*2881Smp153739	fi
74*2881Smp153739    done
75*2881Smp153739    }
76*2881Smp153739
77*2881Smp153739delete_old_keys() {
78*2881Smp153739    princs=`list_princs `
79*2881Smp153739    for princ in $princs; do
80*2881Smp153739	ACTION=`gettext  "Delete old keys"`
81*2881Smp153739	if interactive_prompt "$ACTION" $princ; then
82*2881Smp153739	    kadmin -k -t $keytab -p $princ -q "ktrem -k $keytab $princ old"
83*2881Smp153739	fi
84*2881Smp153739    done
85*2881Smp153739    }
86*2881Smp153739
87*2881Smp153739delete_keys() {
88*2881Smp153739    interactive=1
89*2881Smp153739    princs=`list_princs `
90*2881Smp153739    for princ in $princs; do
91*2881Smp153739	ACTION=`gettext  "Delete all keys"`
92*2881Smp153739	if interactive_prompt "$ACTION" $princ; then
93*2881Smp153739	    kadmin -p $princ -k -t $keytab -q "ktrem -k $keytab $princ all"
94*2881Smp153739	fi
95*2881Smp153739    done
96*2881Smp153739    }
97*2881Smp153739
98*2881Smp153739
99*2881Smp153739keytab=/etc/krb5/krb5.keytab
100*2881Smp153739interactive=0
101*2881Smp153739
102*2881Smp153739CHANGE=`gettext  "change"`
103*2881Smp153739DELOLD=`gettext  "delold"`
104*2881Smp153739DELETE=`gettext  "delete"`
105*2881Smp153739LIST=`gettext  "list"`
106*2881Smp153739
107*2881Smp153739while [ $# -gt 0 ] ; do
108*2881Smp153739    opt=$1
109*2881Smp153739    shift
110*2881Smp153739        case $opt in
111*2881Smp153739	"-f")
112*2881Smp153739	keytab=$1
113*2881Smp153739	shift
114*2881Smp153739	;;
115*2881Smp153739	"-i")
116*2881Smp153739	interactive=1
117*2881Smp153739	;;
118*2881Smp153739	${CHANGE}|${DELOLD}|${DELETE}|${LIST})
119*2881Smp153739	set_command $opt
120*2881Smp153739	;;
121*2881Smp153739	*)
122*2881Smp153739	ILLEGAL=`gettext  "Illegal option: "`
123*2881Smp153739	cmd_error $ILLEGAL $opt
124*2881Smp153739	usage
125*2881Smp153739	exit 1
126*2881Smp153739	;;
127*2881Smp153739	esac
128*2881Smp153739done
129*2881Smp153739
130*2881Smp153739
131*2881Smp153739case $command in
132*2881Smp153739    $CHANGE)
133*2881Smp153739    change_key
134*2881Smp153739    ;;
135*2881Smp153739    $DELOLD)
136*2881Smp153739    delete_old_keys
137*2881Smp153739    ;;
138*2881Smp153739    $DELETE)
139*2881Smp153739    delete_keys
140*2881Smp153739    ;;
141*2881Smp153739    $LIST)
142*2881Smp153739    klist -k $keytab
143*2881Smp153739    ;;
144*2881Smp153739    *)
145*2881Smp153739        usage
146*2881Smp153739	;;
147*2881Smp153739    esac
148