summaryrefslogtreecommitdiffstats
path: root/third_party/heimdal/kadmin/kadmin.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--third_party/heimdal/kadmin/kadmin.c309
1 files changed, 309 insertions, 0 deletions
diff --git a/third_party/heimdal/kadmin/kadmin.c b/third_party/heimdal/kadmin/kadmin.c
new file mode 100644
index 0000000..d2f5aba
--- /dev/null
+++ b/third_party/heimdal/kadmin/kadmin.c
@@ -0,0 +1,309 @@
+/*
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadmin_locl.h"
+#include "kadmin-commands.h"
+#include <sl.h>
+
+static char *config_file;
+static char *keyfile;
+int local_flag;
+static int ad_flag;
+static int help_flag;
+static int version_flag;
+static char *hdb;
+static char *realm;
+static char *admin_server;
+static int server_port = 0;
+static char *client_name;
+static char *keytab;
+static char *check_library = NULL;
+static char *check_function = NULL;
+static getarg_strings policy_libraries = { 0, NULL };
+
+static struct getargs args[] = {
+ { "principal", 'p', arg_string, &client_name,
+ "principal to authenticate as", NULL },
+ { "keytab", 'K', arg_string, &keytab,
+ "keytab for authentication principal", NULL },
+ {
+ "config-file", 'c', arg_string, &config_file,
+ "location of config file", "file"
+ },
+ {
+ "key-file", 'k', arg_string, &keyfile,
+ "location of master key file", "file"
+ },
+ {
+ "hdb", 'H', arg_string, &hdb,
+ "HDB to use", "hdb"
+ },
+ {
+ "realm", 'r', arg_string, &realm,
+ "realm to use", "realm"
+ },
+ {
+ "admin-server", 'a', arg_string, &admin_server,
+ "server to contact", "host"
+ },
+ {
+ "server-port", 's', arg_integer, &server_port,
+ "port to use", "port number"
+ },
+ { "ad", 0, arg_flag, &ad_flag, "active directory admin mode",
+ NULL },
+#ifdef HAVE_DLOPEN
+ { "check-library", 0, arg_string, &check_library,
+ "library to load password check function from", "library" },
+ { "check-function", 0, arg_string, &check_function,
+ "password check function to load", "function" },
+ { "policy-libraries", 0, arg_strings, &policy_libraries,
+ "password check function to load", "function" },
+#endif
+ { "local", 'l', arg_flag, &local_flag, "local admin mode", NULL },
+ { "help", 'h', arg_flag, &help_flag, NULL, NULL },
+ { "version", 'v', arg_flag, &version_flag, NULL, NULL }
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+
+krb5_context context;
+void *kadm_handle;
+
+int
+help(void *opt, int argc, char **argv)
+{
+ sl_slc_help(commands, argc, argv);
+ return 0;
+}
+
+static int exit_seen = 0;
+
+int
+exit_kadmin (void *opt, int argc, char **argv)
+{
+ exit_seen = 1;
+ return 0;
+}
+
+int
+lock(void *opt, int argc, char **argv)
+{
+ return kadm5_lock(kadm_handle);
+}
+
+int
+unlock(void *opt, int argc, char **argv)
+{
+ return kadm5_unlock(kadm_handle);
+}
+
+static void
+usage(int ret)
+{
+ arg_printusage (args, num_args, NULL, "[command]");
+ exit (ret);
+}
+
+int
+get_privs(void *opt, int argc, char **argv)
+{
+ uint32_t privs;
+ char str[128];
+ kadm5_ret_t ret;
+
+ ret = kadm5_get_privs(kadm_handle, &privs);
+ if(ret)
+ krb5_warn(context, ret, "kadm5_get_privs");
+ else{
+ ret =_kadm5_privs_to_string(privs, str, sizeof(str));
+ if (ret == 0)
+ printf("%s\n", str);
+ else
+ printf("privs: 0x%x\n", (unsigned int)privs);
+ }
+ return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_error_code ret;
+ char **files;
+ kadm5_config_params conf;
+ int optidx = 0;
+ int exit_status = 0;
+ int aret;
+
+ setprogname(argv[0]);
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ if(getarg(args, num_args, argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if (version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ if (config_file == NULL) {
+ aret = asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
+ if (aret == -1)
+ errx(1, "out of memory");
+ }
+
+ ret = krb5_prepend_config_files_default(config_file, &files);
+ if (ret)
+ krb5_err(context, 1, ret, "getting configuration files");
+
+ ret = krb5_set_config_files(context, files);
+ krb5_free_config_files(files);
+ if(ret)
+ krb5_err(context, 1, ret, "reading configuration files");
+
+ memset(&conf, 0, sizeof(conf));
+ if(realm) {
+ krb5_set_default_realm(context, realm); /* XXX should be fixed
+ some other way */
+ conf.realm = realm;
+ conf.mask |= KADM5_CONFIG_REALM;
+ }
+
+ if (hdb) {
+ conf.dbname = hdb;
+ conf.mask |= KADM5_CONFIG_DBNAME;
+ }
+
+ if (admin_server) {
+ conf.admin_server = admin_server;
+ conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
+ }
+
+ if (server_port) {
+ conf.kadmind_port = htons(server_port);
+ conf.mask |= KADM5_CONFIG_KADMIND_PORT;
+ }
+
+ if (keyfile) {
+ conf.stash_file = keyfile;
+ conf.mask |= KADM5_CONFIG_STASH_FILE;
+ }
+
+ if(local_flag) {
+ int i;
+
+ kadm5_setup_passwd_quality_check (context,
+ check_library, check_function);
+
+ for (i = 0; i < policy_libraries.num_strings; i++) {
+ ret = kadm5_add_passwd_quality_verifier(context,
+ policy_libraries.strings[i]);
+ if (ret)
+ krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
+ }
+ ret = kadm5_add_passwd_quality_verifier(context, NULL);
+ if (ret)
+ krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
+
+ ret = kadm5_s_init_with_password_ctx(context,
+ KADM5_ADMIN_SERVICE,
+ NULL,
+ KADM5_ADMIN_SERVICE,
+ &conf, 0, 0,
+ &kadm_handle);
+ } else if (ad_flag) {
+ if (client_name == NULL)
+ krb5_errx(context, 1, "keytab mode require principal name");
+ ret = kadm5_ad_init_with_password_ctx(context,
+ client_name,
+ NULL,
+ KADM5_ADMIN_SERVICE,
+ &conf, 0, 0,
+ &kadm_handle);
+ } else if (keytab) {
+ if (client_name == NULL)
+ krb5_errx(context, 1, "keytab mode require principal name");
+ ret = kadm5_c_init_with_skey_ctx(context,
+ client_name,
+ keytab,
+ KADM5_ADMIN_SERVICE,
+ &conf, 0, 0,
+ &kadm_handle);
+ } else
+ ret = kadm5_c_init_with_password_ctx(context,
+ client_name,
+ NULL,
+ KADM5_ADMIN_SERVICE,
+ &conf, 0, 0,
+ &kadm_handle);
+
+ if(ret)
+ krb5_err(context, 1, ret, "kadm5_init_with_password");
+
+ signal(SIGINT, SIG_IGN); /* ignore signals for now, the sl command
+ parser will handle SIGINT its own way;
+ we should really take care of this in
+ each function, f.i `get' might be
+ interruptable, but not `create' */
+ if (argc != 0) {
+ ret = sl_command (commands, argc, argv);
+ if(ret == -1)
+ sl_did_you_mean(commands, argv[0]);
+ else if (ret == -2)
+ ret = 0;
+ if(ret != 0)
+ exit_status = 1;
+ } else {
+ while(!exit_seen) {
+ ret = sl_command_loop(commands, "kadmin> ", NULL);
+ if (ret == -2)
+ exit_seen = 1;
+ else if (ret != 0)
+ exit_status = 1;
+ }
+ }
+
+ kadm5_destroy(kadm_handle);
+ krb5_free_context(context);
+ return exit_status;
+}