asn1: Revert heim_object_t support
[heimdal.git] / kadmin / kadmin.c
blobd2f5abadd157d9623b3c2f78f33b55ba1069fdc7
1 /*
2 * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
34 #include "kadmin_locl.h"
35 #include "kadmin-commands.h"
36 #include <sl.h>
38 static char *config_file;
39 static char *keyfile;
40 int local_flag;
41 static int ad_flag;
42 static int help_flag;
43 static int version_flag;
44 static char *hdb;
45 static char *realm;
46 static char *admin_server;
47 static int server_port = 0;
48 static char *client_name;
49 static char *keytab;
50 static char *check_library = NULL;
51 static char *check_function = NULL;
52 static getarg_strings policy_libraries = { 0, NULL };
54 static struct getargs args[] = {
55 { "principal", 'p', arg_string, &client_name,
56 "principal to authenticate as", NULL },
57 { "keytab", 'K', arg_string, &keytab,
58 "keytab for authentication principal", NULL },
60 "config-file", 'c', arg_string, &config_file,
61 "location of config file", "file"
64 "key-file", 'k', arg_string, &keyfile,
65 "location of master key file", "file"
68 "hdb", 'H', arg_string, &hdb,
69 "HDB to use", "hdb"
72 "realm", 'r', arg_string, &realm,
73 "realm to use", "realm"
76 "admin-server", 'a', arg_string, &admin_server,
77 "server to contact", "host"
80 "server-port", 's', arg_integer, &server_port,
81 "port to use", "port number"
83 { "ad", 0, arg_flag, &ad_flag, "active directory admin mode",
84 NULL },
85 #ifdef HAVE_DLOPEN
86 { "check-library", 0, arg_string, &check_library,
87 "library to load password check function from", "library" },
88 { "check-function", 0, arg_string, &check_function,
89 "password check function to load", "function" },
90 { "policy-libraries", 0, arg_strings, &policy_libraries,
91 "password check function to load", "function" },
92 #endif
93 { "local", 'l', arg_flag, &local_flag, "local admin mode", NULL },
94 { "help", 'h', arg_flag, &help_flag, NULL, NULL },
95 { "version", 'v', arg_flag, &version_flag, NULL, NULL }
98 static int num_args = sizeof(args) / sizeof(args[0]);
101 krb5_context context;
102 void *kadm_handle;
105 help(void *opt, int argc, char **argv)
107 sl_slc_help(commands, argc, argv);
108 return 0;
111 static int exit_seen = 0;
114 exit_kadmin (void *opt, int argc, char **argv)
116 exit_seen = 1;
117 return 0;
121 lock(void *opt, int argc, char **argv)
123 return kadm5_lock(kadm_handle);
127 unlock(void *opt, int argc, char **argv)
129 return kadm5_unlock(kadm_handle);
132 static void
133 usage(int ret)
135 arg_printusage (args, num_args, NULL, "[command]");
136 exit (ret);
140 get_privs(void *opt, int argc, char **argv)
142 uint32_t privs;
143 char str[128];
144 kadm5_ret_t ret;
146 ret = kadm5_get_privs(kadm_handle, &privs);
147 if(ret)
148 krb5_warn(context, ret, "kadm5_get_privs");
149 else{
150 ret =_kadm5_privs_to_string(privs, str, sizeof(str));
151 if (ret == 0)
152 printf("%s\n", str);
153 else
154 printf("privs: 0x%x\n", (unsigned int)privs);
156 return 0;
160 main(int argc, char **argv)
162 krb5_error_code ret;
163 char **files;
164 kadm5_config_params conf;
165 int optidx = 0;
166 int exit_status = 0;
167 int aret;
169 setprogname(argv[0]);
171 ret = krb5_init_context(&context);
172 if (ret)
173 errx (1, "krb5_init_context failed: %d", ret);
175 if(getarg(args, num_args, argc, argv, &optidx))
176 usage(1);
178 if (help_flag)
179 usage (0);
181 if (version_flag) {
182 print_version(NULL);
183 exit(0);
186 argc -= optidx;
187 argv += optidx;
189 if (config_file == NULL) {
190 aret = asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
191 if (aret == -1)
192 errx(1, "out of memory");
195 ret = krb5_prepend_config_files_default(config_file, &files);
196 if (ret)
197 krb5_err(context, 1, ret, "getting configuration files");
199 ret = krb5_set_config_files(context, files);
200 krb5_free_config_files(files);
201 if(ret)
202 krb5_err(context, 1, ret, "reading configuration files");
204 memset(&conf, 0, sizeof(conf));
205 if(realm) {
206 krb5_set_default_realm(context, realm); /* XXX should be fixed
207 some other way */
208 conf.realm = realm;
209 conf.mask |= KADM5_CONFIG_REALM;
212 if (hdb) {
213 conf.dbname = hdb;
214 conf.mask |= KADM5_CONFIG_DBNAME;
217 if (admin_server) {
218 conf.admin_server = admin_server;
219 conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
222 if (server_port) {
223 conf.kadmind_port = htons(server_port);
224 conf.mask |= KADM5_CONFIG_KADMIND_PORT;
227 if (keyfile) {
228 conf.stash_file = keyfile;
229 conf.mask |= KADM5_CONFIG_STASH_FILE;
232 if(local_flag) {
233 int i;
235 kadm5_setup_passwd_quality_check (context,
236 check_library, check_function);
238 for (i = 0; i < policy_libraries.num_strings; i++) {
239 ret = kadm5_add_passwd_quality_verifier(context,
240 policy_libraries.strings[i]);
241 if (ret)
242 krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
244 ret = kadm5_add_passwd_quality_verifier(context, NULL);
245 if (ret)
246 krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
248 ret = kadm5_s_init_with_password_ctx(context,
249 KADM5_ADMIN_SERVICE,
250 NULL,
251 KADM5_ADMIN_SERVICE,
252 &conf, 0, 0,
253 &kadm_handle);
254 } else if (ad_flag) {
255 if (client_name == NULL)
256 krb5_errx(context, 1, "keytab mode require principal name");
257 ret = kadm5_ad_init_with_password_ctx(context,
258 client_name,
259 NULL,
260 KADM5_ADMIN_SERVICE,
261 &conf, 0, 0,
262 &kadm_handle);
263 } else if (keytab) {
264 if (client_name == NULL)
265 krb5_errx(context, 1, "keytab mode require principal name");
266 ret = kadm5_c_init_with_skey_ctx(context,
267 client_name,
268 keytab,
269 KADM5_ADMIN_SERVICE,
270 &conf, 0, 0,
271 &kadm_handle);
272 } else
273 ret = kadm5_c_init_with_password_ctx(context,
274 client_name,
275 NULL,
276 KADM5_ADMIN_SERVICE,
277 &conf, 0, 0,
278 &kadm_handle);
280 if(ret)
281 krb5_err(context, 1, ret, "kadm5_init_with_password");
283 signal(SIGINT, SIG_IGN); /* ignore signals for now, the sl command
284 parser will handle SIGINT its own way;
285 we should really take care of this in
286 each function, f.i `get' might be
287 interruptable, but not `create' */
288 if (argc != 0) {
289 ret = sl_command (commands, argc, argv);
290 if(ret == -1)
291 sl_did_you_mean(commands, argv[0]);
292 else if (ret == -2)
293 ret = 0;
294 if(ret != 0)
295 exit_status = 1;
296 } else {
297 while(!exit_seen) {
298 ret = sl_command_loop(commands, "kadmin> ", NULL);
299 if (ret == -2)
300 exit_seen = 1;
301 else if (ret != 0)
302 exit_status = 1;
306 kadm5_destroy(kadm_handle);
307 krb5_free_context(context);
308 return exit_status;