search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
No empty .Rs/.Re
[netbsd-mini2440.git] / crypto / dist / heimdal / lib / kadm5 / iprop-log.c
blob21daa0d34aefc1f865607b96ddb282ba0cd576ab
1 /*
2 * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "iprop.h"
35 #include <sl.h>
36 #include <parse_time.h>
37 #include "iprop-commands.h"
38
39 __RCSID("$Heimdal: iprop-log.c 22211 2007-12-07 19:27:27Z lha $"
40 "$NetBSD$");
41
42 static krb5_context context;
43
44 static kadm5_server_context *
45 get_kadmin_context(const char *config_file, char *realm)
46 {
47 kadm5_config_params conf;
48 krb5_error_code ret;
49 void *kadm_handle;
50 char **files;
51
52 if (config_file == NULL) {
53 char *file;
54 asprintf(&file, "%s/kdc.conf", hdb_db_dir(context));
55 if (file == NULL)
56 errx(1, "out of memory");
57 config_file = file;
58 }
59
60 ret = krb5_prepend_config_files_default(config_file, &files);
61 if (ret)
62 krb5_err(context, 1, ret, "getting configuration files");
63
64 ret = krb5_set_config_files(context, files);
65 krb5_free_config_files(files);
66 if (ret)
67 krb5_err(context, 1, ret, "reading configuration files");
68
69 memset(&conf, 0, sizeof(conf));
70 if(realm) {
71 conf.mask |= KADM5_CONFIG_REALM;
72 conf.realm = realm;
73 }
74
75 ret = kadm5_init_with_password_ctx (context,
76 KADM5_ADMIN_SERVICE,
77 NULL,
78 KADM5_ADMIN_SERVICE,
79 &conf, 0, 0,
80 &kadm_handle);
81 if (ret)
82 krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
83
84 return (kadm5_server_context *)kadm_handle;
85 }
86
87 /*
88 * dump log
89 */
90
91 static const char *op_names[] = {
92 "get",
93 "delete",
94 "create",
95 "rename",
96 "chpass",
97 "modify",
98 "randkey",
99 "get_privs",
100 "get_princs",
101 "chpass_with_key",
102 "nop"
103 };
104
105 static void
106 print_entry(kadm5_server_context *server_context,
107 uint32_t ver,
108 time_t timestamp,
109 enum kadm_ops op,
110 uint32_t len,
111 krb5_storage *sp,
112 void *ctx)
113 {
114 char t[256];
115 int32_t mask;
116 hdb_entry ent;
117 krb5_principal source;
118 char *name1, *name2;
119 krb5_data data;
120 krb5_context scontext = server_context->context;
121
122 off_t end = krb5_storage_seek(sp, 0, SEEK_CUR) + len;
123
124 krb5_error_code ret;
125
126 strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", localtime(&timestamp));
127
128 if(op < kadm_get || op > kadm_nop) {
129 printf("unknown op: %d\n", op);
130 krb5_storage_seek(sp, end, SEEK_SET);
131 return;
132 }
133
134 printf ("%s: ver = %u, timestamp = %s, len = %u\n",
135 op_names[op], ver, t, len);
136 switch(op) {
137 case kadm_delete:
138 krb5_ret_principal(sp, &source);
139 krb5_unparse_name(scontext, source, &name1);
140 printf(" %s\n", name1);
141 free(name1);
142 krb5_free_principal(scontext, source);
143 break;
144 case kadm_rename:
145 ret = krb5_data_alloc(&data, len);
146 if (ret)
147 krb5_err (scontext, 1, ret, "kadm_rename: data alloc: %d", len);
148 krb5_ret_principal(sp, &source);
149 krb5_storage_read(sp, data.data, data.length);
150 hdb_value2entry(scontext, &data, &ent);
151 krb5_unparse_name(scontext, source, &name1);
152 krb5_unparse_name(scontext, ent.principal, &name2);
153 printf(" %s -> %s\n", name1, name2);
154 free(name1);
155 free(name2);
156 krb5_free_principal(scontext, source);
157 free_hdb_entry(&ent);
158 break;
159 case kadm_create:
160 ret = krb5_data_alloc(&data, len);
161 if (ret)
162 krb5_err (scontext, 1, ret, "kadm_create: data alloc: %d", len);
163 krb5_storage_read(sp, data.data, data.length);
164 ret = hdb_value2entry(scontext, &data, &ent);
165 if(ret)
166 abort();
167 mask = ~0;
168 goto foo;
169 case kadm_modify:
170 ret = krb5_data_alloc(&data, len);
171 if (ret)
172 krb5_err (scontext, 1, ret, "kadm_modify: data alloc: %d", len);
173 krb5_ret_int32(sp, &mask);
174 krb5_storage_read(sp, data.data, data.length);
175 ret = hdb_value2entry(scontext, &data, &ent);
176 if(ret)
177 abort();
178 foo:
179 if(ent.principal /* mask & KADM5_PRINCIPAL */) {
180 krb5_unparse_name(scontext, ent.principal, &name1);
181 printf(" principal = %s\n", name1);
182 free(name1);
183 }
184 if(mask & KADM5_PRINC_EXPIRE_TIME) {
185 if(ent.valid_end == NULL) {
186 strlcpy(t, "never", sizeof(t));
187 } else {
188 strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S",
189 localtime(ent.valid_end));
190 }
191 printf(" expires = %s\n", t);
192 }
193 if(mask & KADM5_PW_EXPIRATION) {
194 if(ent.pw_end == NULL) {
195 strlcpy(t, "never", sizeof(t));
196 } else {
197 strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S",
198 localtime(ent.pw_end));
199 }
200 printf(" password exp = %s\n", t);
201 }
202 if(mask & KADM5_LAST_PWD_CHANGE) {
203 }
204 if(mask & KADM5_ATTRIBUTES) {
205 unparse_flags(HDBFlags2int(ent.flags),
206 asn1_HDBFlags_units(), t, sizeof(t));
207 printf(" attributes = %s\n", t);
208 }
209 if(mask & KADM5_MAX_LIFE) {
210 if(ent.max_life == NULL)
211 strlcpy(t, "for ever", sizeof(t));
212 else
213 unparse_time(*ent.max_life, t, sizeof(t));
214 printf(" max life = %s\n", t);
215 }
216 if(mask & KADM5_MAX_RLIFE) {
217 if(ent.max_renew == NULL)
218 strlcpy(t, "for ever", sizeof(t));
219 else
220 unparse_time(*ent.max_renew, t, sizeof(t));
221 printf(" max rlife = %s\n", t);
222 }
223 if(mask & KADM5_MOD_TIME) {
224 printf(" mod time\n");
225 }
226 if(mask & KADM5_MOD_NAME) {
227 printf(" mod name\n");
228 }
229 if(mask & KADM5_KVNO) {
230 printf(" kvno = %d\n", ent.kvno);
231 }
232 if(mask & KADM5_MKVNO) {
233 printf(" mkvno\n");
234 }
235 if(mask & KADM5_AUX_ATTRIBUTES) {
236 printf(" aux attributes\n");
237 }
238 if(mask & KADM5_POLICY) {
239 printf(" policy\n");
240 }
241 if(mask & KADM5_POLICY_CLR) {
242 printf(" mod time\n");
243 }
244 if(mask & KADM5_LAST_SUCCESS) {
245 printf(" last success\n");
246 }
247 if(mask & KADM5_LAST_FAILED) {
248 printf(" last failed\n");
249 }
250 if(mask & KADM5_FAIL_AUTH_COUNT) {
251 printf(" fail auth count\n");
252 }
253 if(mask & KADM5_KEY_DATA) {
254 printf(" key data\n");
255 }
256 if(mask & KADM5_TL_DATA) {
257 printf(" tl data\n");
258 }
259 free_hdb_entry(&ent);
260 break;
261 case kadm_nop :
262 break;
263 default:
264 abort();
265 }
266 krb5_storage_seek(sp, end, SEEK_SET);
267 }
268
269 int
270 iprop_dump(struct dump_options *opt, int argc, char **argv)
271 {
272 kadm5_server_context *server_context;
273 krb5_error_code ret;
274
275 server_context = get_kadmin_context(opt->config_file_string,
276 opt->realm_string);
277
278 ret = kadm5_log_init (server_context);
279 if (ret)
280 krb5_err (context, 1, ret, "kadm5_log_init");
281
282 ret = kadm5_log_foreach (server_context, print_entry, NULL);
283 if(ret)
284 krb5_warn(context, ret, "kadm5_log_foreach");
285
286 ret = kadm5_log_end (server_context);
287 if (ret)
288 krb5_warn(context, ret, "kadm5_log_end");
289 return 0;
290 }
291
292 int
293 iprop_truncate(struct truncate_options *opt, int argc, char **argv)
294 {
295 kadm5_server_context *server_context;
296 krb5_error_code ret;
297
298 server_context = get_kadmin_context(opt->config_file_string,
299 opt->realm_string);
300
301 ret = kadm5_log_truncate (server_context);
302 if (ret)
303 krb5_err (context, 1, ret, "kadm5_log_truncate");
304
305 return 0;
306 }
307
308 int
309 last_version(struct last_version_options *opt, int argc, char **argv)
310 {
311 kadm5_server_context *server_context;
312 krb5_error_code ret;
313 uint32_t version;
314
315 server_context = get_kadmin_context(opt->config_file_string,
316 opt->realm_string);
317
318 ret = kadm5_log_init (server_context);
319 if (ret)
320 krb5_err (context, 1, ret, "kadm5_log_init");
321
322 ret = kadm5_log_get_version (server_context, &version);
323 if (ret)
324 krb5_err (context, 1, ret, "kadm5_log_get_version");
325
326 ret = kadm5_log_end (server_context);
327 if (ret)
328 krb5_warn(context, ret, "kadm5_log_end");
329
330 printf("version: %lu\n", (unsigned long)version);
331
332 return 0;
333 }
334
335 /*
336 * Replay log
337 */
338
339 int start_version = -1;
340 int end_version = -1;
341
342 static void
343 apply_entry(kadm5_server_context *server_context,
344 uint32_t ver,
345 time_t timestamp,
346 enum kadm_ops op,
347 uint32_t len,
348 krb5_storage *sp,
349 void *ctx)
350 {
351 struct replay_options *opt = ctx;
352 krb5_error_code ret;
353
354 if((opt->start_version_integer != -1 && ver < opt->start_version_integer) ||
355 (opt->end_version_integer != -1 && ver > opt->end_version_integer)) {
356 /* XXX skip this entry */
357 krb5_storage_seek(sp, len, SEEK_CUR);
358 return;
359 }
360 printf ("ver %u... ", ver);
361 fflush (stdout);
362
363 ret = kadm5_log_replay (server_context,
364 op, ver, len, sp);
365 if (ret)
366 krb5_warn (server_context->context, ret, "kadm5_log_replay");
367
368 printf ("done\n");
369 }
370
371 int
372 iprop_replay(struct replay_options *opt, int argc, char **argv)
373 {
374 kadm5_server_context *server_context;
375 krb5_error_code ret;
376
377 server_context = get_kadmin_context(opt->config_file_string,
378 opt->realm_string);
379
380 ret = server_context->db->hdb_open(context,
381 server_context->db,
382 O_RDWR | O_CREAT, 0600);
383 if (ret)
384 krb5_err (context, 1, ret, "db->open");
385
386 ret = kadm5_log_init (server_context);
387 if (ret)
388 krb5_err (context, 1, ret, "kadm5_log_init");
389
390 ret = kadm5_log_foreach (server_context, apply_entry, opt);
391 if(ret)
392 krb5_warn(context, ret, "kadm5_log_foreach");
393 ret = kadm5_log_end (server_context);
394 if (ret)
395 krb5_warn(context, ret, "kadm5_log_end");
396 ret = server_context->db->hdb_close (context, server_context->db);
397 if (ret)
398 krb5_err (context, 1, ret, "db->close");
399
400 return 0;
401 }
402
403 static int help_flag;
404 static int version_flag;
405
406 static struct getargs args[] = {
407 { "version", 0, arg_flag, &version_flag,
408 NULL, NULL
409 },
410 { "help", 'h', arg_flag, &help_flag,
411 NULL, NULL
412 }
413 };
414
415 static int num_args = sizeof(args) / sizeof(args[0]);
416
417 int
418 help(void *opt, int argc, char **argv)
419 {
420 if(argc == 0) {
421 sl_help(commands, 1, argv - 1 /* XXX */);
422 } else {
423 SL_cmd *c = sl_match (commands, argv[0], 0);
424 if(c == NULL) {
425 fprintf (stderr, "No such command: %s. "
426 "Try \"help\" for a list of commands\n",
427 argv[0]);
428 } else {
429 if(c->func) {
430 char *fake[] = { NULL, "--help", NULL };
431 fake[0] = argv[0];
432 (*c->func)(2, fake);
433 fprintf(stderr, "\n");
434 }
435 if(c->help && *c->help)
436 fprintf (stderr, "%s\n", c->help);
437 if((++c)->name && c->func == NULL) {
438 int f = 0;
439 fprintf (stderr, "Synonyms:");
440 while (c->name && c->func == NULL) {
441 fprintf (stderr, "%s%s", f ? ", " : " ", (c++)->name);
442 f = 1;
443 }
444 fprintf (stderr, "\n");
445 }
446 }
447 }
448 return 0;
449 }
450
451 static void
452 usage(int status)
453 {
454 arg_printusage(args, num_args, NULL, "command");
455 exit(status);
456 }
457
458 int
459 main(int argc, char **argv)
460 {
461 int optidx = 0;
462 krb5_error_code ret;
463
464 setprogname(argv[0]);
465
466 if(getarg(args, num_args, argc, argv, &optidx))
467 usage(1);
468 if(help_flag)
469 usage(0);
470 if(version_flag) {
471 print_version(NULL);
472 exit(0);
473 }
474 argc -= optidx;
475 argv += optidx;
476 if(argc == 0)
477 usage(1);
478
479 ret = krb5_init_context(&context);
480 if (ret)
481 errx(1, "krb5_init_context failed with: %d\n", ret);
482
483 ret = sl_command(commands, argc, argv);
484 if(ret == -1)
485 warnx ("unrecognized command: %s", argv[0]);
486 return ret;
487 }
NetBSD on the FriendlyARM MINI2440