diff options
Diffstat (limited to 'crypto/heimdal/kadmin/kadmin.c')
-rw-r--r-- | crypto/heimdal/kadmin/kadmin.c | 224 |
1 files changed, 93 insertions, 131 deletions
diff --git a/crypto/heimdal/kadmin/kadmin.c b/crypto/heimdal/kadmin/kadmin.c index 9438587..da9b894 100644 --- a/crypto/heimdal/kadmin/kadmin.c +++ b/crypto/heimdal/kadmin/kadmin.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,13 +32,15 @@ */ #include "kadmin_locl.h" +#include "kadmin-commands.h" #include <sl.h> -RCSID("$Id: kadmin.c,v 1.42 2003/03/31 10:20:19 lha Exp $"); +RCSID("$Id: kadmin.c 22253 2007-12-09 06:00:00Z lha $"); static char *config_file; static char *keyfile; -static int local_flag; +int local_flag; +static int ad_flag; static int help_flag; static int version_flag; static char *realm; @@ -46,6 +48,9 @@ static char *admin_server; static int server_port = 0; static char *client_name; static char *keytab; +static char *check_library = NULL; +static char *check_function = NULL; +static getarg_strings policy_libraries = { 0, NULL }; static struct getargs args[] = { { "principal", 'p', arg_string, &client_name, @@ -72,6 +77,15 @@ static struct getargs args[] = { "server-port", 's', arg_integer, &server_port, "port to use", "port number" }, + { "ad", 0, arg_flag, &ad_flag, "active directory admin mode" }, +#ifdef HAVE_DLOPEN + { "check-library", 0, arg_string, &check_library, + "library to load password check function from", "library" }, + { "check-function", 0, arg_string, &check_function, + "password check function to load", "function" }, + { "policy-libraries", 0, arg_strings, &policy_libraries, + "password check function to load", "function" }, +#endif { "local", 'l', arg_flag, &local_flag, "local admin mode" }, { "help", 'h', arg_flag, &help_flag }, { "version", 'v', arg_flag, &version_flag } @@ -79,100 +93,24 @@ static struct getargs args[] = { static int num_args = sizeof(args) / sizeof(args[0]); -static SL_cmd commands[] = { - /* commands that are only available with `-l' */ - { - "dump", dump, "dump [file]", - "Dumps the database in a human readable format to the\n" - "specified file, or the standard out." - }, - { - "load", load, "load file", - "Loads a previously dumped file." - }, - { - "merge", merge, "merge file" , - "Merges the contents of a dump file into the database." - }, - { - "init", init, "init realm...", - "Initializes the default principals for a realm.\n" - "Creates the database if necessary." - }, - /* common commands */ - { - "add", add_new_key, "add principal" , - "Adds a principal to the database." - }, - { "add_new_key"}, - { "ank"}, - { - "passwd", cpw_entry, "passwd expression..." , - "Changes the password of one or more principals\n" - "matching the expressions." - }, - { "change_password"}, - { "cpw"}, - { - "delete", del_entry, "delete expression...", - "Deletes all principals matching the expressions." - }, - { "del_entry" }, - { "del" }, - { - "del_enctype", del_enctype, "del_enctype principal enctype...", - "Delete all the mentioned enctypes for principal." - }, - { - "ext_keytab", ext_keytab, "ext_keytab expression...", - "Extracts the keys of all principals matching the expressions,\n" - "and stores them in a keytab." - }, - { - "get", get_entry, "get expression...", - "Shows information about principals matching the expressions." - }, - { "get_entry" }, - { - "rename", rename_entry, "rename source target", - "Renames `source' to `target'." - }, - { - "modify", mod_entry, "modify principal", - "Modifies some attributes of the specified principal." - }, - { - "privileges", get_privs, "privileges", - "Shows which kinds of operations you are allowed to perform." - }, - { "privs" }, - { - "list", list_princs, "list expression...", - "Lists principals in a terse format. The same as `get -t'." - }, - { "help", help, "help"}, - { "?"}, - { "exit", exit_kadmin, "exit"}, - { "quit" }, - { NULL} -}; krb5_context context; void *kadm_handle; -static SL_cmd *actual_cmds; - int -help(int argc, char **argv) +help(void *opt, int argc, char **argv) { - sl_help(actual_cmds, argc, argv); + sl_slc_help(commands, argc, argv); return 0; } +static int exit_seen = 0; + int -exit_kadmin (int argc, char **argv) +exit_kadmin (void *opt, int argc, char **argv) { - return 1; + exit_seen = 1; + return 0; } static void @@ -183,30 +121,12 @@ usage(int ret) } int -get_privs(int argc, char **argv) +get_privs(void *opt, int argc, char **argv) { - u_int32_t privs; + uint32_t privs; char str[128]; kadm5_ret_t ret; - int help_flag = 0; - struct getargs args[] = { - { "help", 'h', arg_flag, NULL } - }; - int num_args = sizeof(args) / sizeof(args[0]); - int optind = 0; - - args[0].value = &help_flag; - - if(getarg(args, num_args, argc, argv, &optind)) { - arg_printusage (args, num_args, "privileges", NULL); - return 0; - } - if(help_flag) { - arg_printusage (args, num_args, "privileges", NULL); - return 0; - } - ret = kadm5_get_privs(kadm_handle, &privs); if(ret) krb5_warn(context, ret, "kadm5_get_privs"); @@ -221,9 +141,10 @@ int main(int argc, char **argv) { krb5_error_code ret; - krb5_config_section *cf = NULL; + char **files; kadm5_config_params conf; - int optind = 0; + int optidx = 0; + int exit_status = 0; setprogname(argv[0]); @@ -231,7 +152,7 @@ main(int argc, char **argv) if (ret) errx (1, "krb5_init_context failed: %d", ret); - if(getarg(args, num_args, argc, argv, &optind)) + if(getarg(args, num_args, argc, argv, &optidx)) usage(1); if (help_flag) @@ -242,20 +163,24 @@ main(int argc, char **argv) exit(0); } - argc -= optind; - argv += optind; - - if (config_file == NULL) - config_file = HDB_DB_DIR "/kdc.conf"; + argc -= optidx; + argv += optidx; - if(krb5_config_parse_file(context, config_file, &cf) == 0) { - const char *p = krb5_config_get_string (context, cf, - "kdc", "key-file", NULL); - if (p) - keyfile = strdup(p); + if (config_file == NULL) { + asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context)); + if (config_file == NULL) + errx(1, "out of memory"); } - krb5_clear_error_string (context); + ret = krb5_prepend_config_files_default(config_file, &files); + if (ret) + krb5_err(context, 1, ret, "getting configuration files"); + + ret = krb5_set_config_files(context, files); + krb5_free_config_files(files); + if(ret) + krb5_err(context, 1, ret, "reading configuration files"); + memset(&conf, 0, sizeof(conf)); if(realm) { krb5_set_default_realm(context, realm); /* XXX should be fixed @@ -274,31 +199,58 @@ main(int argc, char **argv) conf.mask |= KADM5_CONFIG_KADMIND_PORT; } - if(local_flag){ + if (keyfile) { + conf.stash_file = keyfile; + conf.mask |= KADM5_CONFIG_STASH_FILE; + } + + if(local_flag) { + int i; + + kadm5_setup_passwd_quality_check (context, + check_library, check_function); + + for (i = 0; i < policy_libraries.num_strings; i++) { + ret = kadm5_add_passwd_quality_verifier(context, + policy_libraries.strings[i]); + if (ret) + krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); + } + ret = kadm5_add_passwd_quality_verifier(context, NULL); + if (ret) + krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); + ret = kadm5_s_init_with_password_ctx(context, KADM5_ADMIN_SERVICE, NULL, KADM5_ADMIN_SERVICE, &conf, 0, 0, &kadm_handle); - actual_cmds = commands; + } else if (ad_flag) { + if (client_name == NULL) + krb5_errx(context, 1, "keytab mode require principal name"); + ret = kadm5_ad_init_with_password_ctx(context, + client_name, + NULL, + KADM5_ADMIN_SERVICE, + &conf, 0, 0, + &kadm_handle); } else if (keytab) { + if (client_name == NULL) + krb5_errx(context, 1, "keytab mode require principal name"); ret = kadm5_c_init_with_skey_ctx(context, client_name, keytab, KADM5_ADMIN_SERVICE, &conf, 0, 0, &kadm_handle); - actual_cmds = commands + 4; /* XXX */ - } else { + } else ret = kadm5_c_init_with_password_ctx(context, client_name, NULL, KADM5_ADMIN_SERVICE, &conf, 0, 0, &kadm_handle); - actual_cmds = commands + 4; /* XXX */ - } if(ret) krb5_err(context, 1, ret, "kadm5_init_with_password"); @@ -309,14 +261,24 @@ main(int argc, char **argv) each function, f.i `get' might be interruptable, but not `create' */ if (argc != 0) { - ret = sl_command (actual_cmds, argc, argv); + ret = sl_command (commands, argc, argv); if(ret == -1) krb5_warnx (context, "unrecognized command: %s", argv[0]); - } else - ret = sl_loop (actual_cmds, "kadmin> ") != 0; + else if (ret == -2) + ret = 0; + if(ret != 0) + exit_status = 1; + } else { + while(!exit_seen) { + ret = sl_command_loop(commands, "kadmin> ", NULL); + if (ret == -2) + exit_seen = 1; + else if (ret != 0) + exit_status = 1; + } + } kadm5_destroy(kadm_handle); - krb5_config_file_free (context, cf); krb5_free_context(context); - return ret; + return exit_status; } |