* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
- *
+ *
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
- *
+ *
* kadmin.c: base functions for a kadmin command line interface using
* the OVSecure library
*/
{"allow_renewable", 15, KRB5_KDB_DISALLOW_RENEWABLE, 1},
{"allow_proxiable", 15, KRB5_KDB_DISALLOW_PROXIABLE, 1},
{"allow_dup_skey", 14, KRB5_KDB_DISALLOW_DUP_SKEY, 1},
-{"allow_tix", 9, KRB5_KDB_DISALLOW_ALL_TIX, 1},
+{"allow_tix", 9, KRB5_KDB_DISALLOW_ALL_TIX, 1},
{"requires_preauth", 16, KRB5_KDB_REQUIRES_PRE_AUTH, 0},
{"requires_hwauth", 15, KRB5_KDB_REQUIRES_HW_AUTH, 0},
-{"needchange", 10, KRB5_KDB_REQUIRES_PWCHANGE, 0},
-{"allow_svr", 9, KRB5_KDB_DISALLOW_SVR, 1},
+{"needchange", 10, KRB5_KDB_REQUIRES_PWCHANGE, 0},
+{"allow_svr", 9, KRB5_KDB_DISALLOW_SVR, 1},
{"password_changing_service", 25, KRB5_KDB_PWCHANGE_SERVICE, 0 },
{"support_desmd5", 14, KRB5_KDB_SUPPORT_DESMD5, 0 }
};
{
struct tm *tm;
static char out[40];
-
+
time_t lcltim = when;
tm = localtime(&lcltim);
strftime(out, sizeof(out), "%a %b %d %H:%M:%S %Z %Y", tm);
/* this is a wrapper to go around krb5_parse_principal so we can set
the default realm up properly */
-static krb5_error_code
+static krb5_error_code
kadmin_parse_name(name, principal)
char *name;
krb5_principal *principal;
{
char *cp, *fullname;
krb5_error_code retval;
-
+
/* assumes def_realm is initialized! */
fullname = (char *)malloc(strlen(name) + 1 + strlen(def_realm) + 1);
if (fullname == NULL)
char *svcname;
memset((char *) ¶ms, 0, sizeof(params));
-
+
#if defined(USE_LOGIN_LIBRARY)
/* Turn off all password prompting from the KLL */
retval = __KLSetPromptMechanism (klPromptMechanism_None);
if (retval) {
- com_err(whoami, retval, "while calling __KLSetPromptMechanism()");
- exit(1);
- }
+ com_err(whoami, retval, "while calling __KLSetPromptMechanism()");
+ exit(1);
+ }
#endif
-
+
if (strcmp (whoami, "kadmin.local") == 0)
set_com_err_hook(extended_com_err_fn);
retval = kadm5_init_krb5_context(&context);
if (retval) {
- com_err(whoami, retval, "while initializing krb5 library");
- exit(1);
+ com_err(whoami, retval, "while initializing krb5 library");
+ exit(1);
}
while ((optchar = getopt(argc, argv, "x:r:p:kq:w:d:s:mc:t:e:ON")) != EOF) {
switch (optchar) {
case 'x':
- db_args_size++;
- {
- char **temp = realloc(db_args, sizeof(char*) * (db_args_size+1));
- if (temp == NULL) {
- fprintf(stderr,"%s: Cannot initialize. Not enough memory\n",
- argv[0]);
- exit(1);
- }
-
- db_args = temp;
- }
- db_args[db_args_size-1] = optarg;
- db_args[db_args_size] = NULL;
- break;
-
+ db_args_size++;
+ {
+ char **temp = realloc(db_args, sizeof(char*) * (db_args_size+1));
+ if (temp == NULL) {
+ fprintf(stderr,"%s: Cannot initialize. Not enough memory\n",
+ argv[0]);
+ exit(1);
+ }
+
+ db_args = temp;
+ }
+ db_args[db_args_size-1] = optarg;
+ db_args[db_args_size] = NULL;
+ break;
+
case 'r':
def_realm = optarg;
break;
case 'p':
princstr = optarg;
break;
- case 'c':
+ case 'c':
ccache_name = optarg;
break;
- case 'k':
+ case 'k':
use_keytab++;
break;
- case 't':
+ case 't':
keytab_name = optarg;
break;
- case 'w':
+ case 'w':
password = optarg;
break;
case 'q':
query = optarg;
break;
- case 'd':
+ case 'd':
/* now db_name is not a seperate argument. It has to be passed as part of the db_args */
- if( !db_name ) {
+ if (!db_name) {
db_name = malloc(strlen(optarg) + sizeof("dbname="));
} else {
db_name = realloc(db_name, strlen(optarg) + sizeof("dbname="));
}
- strcpy( db_name, "dbname=");
- strcat( db_name, optarg );
+ strcpy(db_name, "dbname=");
+ strcat(db_name, optarg);
db_args_size++;
{
db_args[db_args_size-1] = db_name;
db_args[db_args_size] = NULL;
break;
- case 's':
+ case 's':
params.admin_server = optarg;
params.mask |= KADM5_CONFIG_ADMIN_SERVER;
break;
- case 'm':
+ case 'm':
params.mkey_from_kbd = 1;
params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
break;
- case 'e':
+ case 'e':
retval = krb5_string_to_keysalts(optarg,
", \t",
":.-",
¶ms.keysalts,
¶ms.num_keysalts);
if (retval) {
- com_err(whoami, retval, "while parsing keysalts %s", optarg);
- exit(1);
+ com_err(whoami, retval, "while parsing keysalts %s", optarg);
+ exit(1);
}
params.mask |= KADM5_CONFIG_ENCTYPES;
break;
}
if ((ccache_name && use_keytab) ||
(keytab_name && !use_keytab))
- usage();
+ usage();
if (def_realm == NULL && krb5_get_default_realm(context, &def_realm)) {
if (freeprinc)
* argument or the default.
*/
if (ccache_name == NULL) {
- if ((retval = krb5_cc_default(context, &cc))) {
- com_err(whoami, retval,
- "while opening default credentials cache");
- exit(1);
- }
+ if ((retval = krb5_cc_default(context, &cc))) {
+ com_err(whoami, retval,
+ "while opening default credentials cache");
+ exit(1);
+ }
} else {
- if ((retval = krb5_cc_resolve(context, ccache_name, &cc))) {
- com_err(whoami, retval,
- "while opening credentials cache %s", ccache_name);
- exit(1);
- }
+ if ((retval = krb5_cc_resolve(context, ccache_name, &cc))) {
+ com_err(whoami, retval,
+ "while opening credentials cache %s", ccache_name);
+ exit(1);
+ }
}
/*
* Gee, 100+ lines to figure out the client principal name. This
* should be compressed...
*/
-
+
if (princstr == NULL) {
if (ccache_name != NULL &&
!krb5_cc_get_principal(context, cc, &princ)) {
- if ((retval = krb5_unparse_name(context, princ, &princstr))) {
- com_err(whoami, retval,
- "while canonicalizing principal name");
- krb5_free_principal(context, princ);
- exit(1);
- }
- krb5_free_principal(context, princ);
- freeprinc++;
+ if ((retval = krb5_unparse_name(context, princ, &princstr))) {
+ com_err(whoami, retval,
+ "while canonicalizing principal name");
+ krb5_free_principal(context, princ);
+ exit(1);
+ }
+ krb5_free_principal(context, princ);
+ freeprinc++;
} else if (use_keytab != 0) {
- if ((retval = krb5_sname_to_principal(context, NULL,
- "host",
- KRB5_NT_SRV_HST,
- &princ))) {
- com_err(whoami, retval,
- "creating host service principal");
- exit(1);
- }
- if ((retval = krb5_unparse_name(context, princ, &princstr))) {
- com_err(whoami, retval,
- "while canonicalizing principal name");
- krb5_free_principal(context, princ);
- exit(1);
- }
- krb5_free_principal(context, princ);
- freeprinc++;
+ if ((retval = krb5_sname_to_principal(context, NULL,
+ "host",
+ KRB5_NT_SRV_HST,
+ &princ))) {
+ com_err(whoami, retval,
+ "creating host service principal");
+ exit(1);
+ }
+ if ((retval = krb5_unparse_name(context, princ, &princstr))) {
+ com_err(whoami, retval,
+ "while canonicalizing principal name");
+ krb5_free_principal(context, princ);
+ exit(1);
+ }
+ krb5_free_principal(context, princ);
+ freeprinc++;
} else if (!krb5_cc_get_principal(context, cc, &princ)) {
char *realm = NULL;
if (krb5_unparse_name(context, princ, &canon)) {
freeprinc++;
} else if ((luser = getenv("USER"))) {
princstr = (char *) malloc(strlen(luser) + 7 /* "/admin@" */
- + strlen(def_realm) + 1);
+ + strlen(def_realm) + 1);
if (princstr == NULL) {
fprintf(stderr, "%s: out of memory\n", whoami);
exit(1);
freeprinc++;
} else if ((pw = getpwuid(getuid()))) {
princstr = (char *) malloc(strlen(pw->pw_name) + 7 /* "/admin@" */
- + strlen(def_realm) + 1);
+ + strlen(def_realm) + 1);
if (princstr == NULL) {
fprintf(stderr, "%s: out of memory\n", whoami);
exit(1);
* use it. Otherwise, use/prompt for the password.
*/
if (ccache_name) {
- printf("Authenticating as principal %s with existing credentials.\n",
- princstr);
- retval = kadm5_init_with_creds(princstr, cc,
- svcname,
- ¶ms,
- KADM5_STRUCT_VERSION,
- KADM5_API_VERSION_2,
- db_args,
- &handle);
- } else if (use_keytab) {
- if (keytab_name)
- printf("Authenticating as principal %s with keytab %s.\n",
- princstr, keytab_name);
- else
- printf("Authenticating as principal %s with default keytab.\n",
- princstr);
- retval = kadm5_init_with_skey(princstr, keytab_name,
- svcname,
+ printf("Authenticating as principal %s with existing credentials.\n",
+ princstr);
+ retval = kadm5_init_with_creds(princstr, cc,
+ svcname,
¶ms,
KADM5_STRUCT_VERSION,
KADM5_API_VERSION_2,
db_args,
&handle);
+ } else if (use_keytab) {
+ if (keytab_name)
+ printf("Authenticating as principal %s with keytab %s.\n",
+ princstr, keytab_name);
+ else
+ printf("Authenticating as principal %s with default keytab.\n",
+ princstr);
+ retval = kadm5_init_with_skey(princstr, keytab_name,
+ svcname,
+ ¶ms,
+ KADM5_STRUCT_VERSION,
+ KADM5_API_VERSION_2,
+ db_args,
+ &handle);
} else {
- printf("Authenticating as principal %s with password.\n",
- princstr);
- retval = kadm5_init_with_password(princstr, password,
- svcname,
- ¶ms,
- KADM5_STRUCT_VERSION,
- KADM5_API_VERSION_2,
- db_args,
- &handle);
+ printf("Authenticating as principal %s with password.\n",
+ princstr);
+ retval = kadm5_init_with_password(princstr, password,
+ svcname,
+ ¶ms,
+ KADM5_STRUCT_VERSION,
+ KADM5_API_VERSION_2,
+ db_args,
+ &handle);
}
if (retval) {
com_err(whoami, retval, "while initializing %s interface", whoami);
if (retval == KADM5_BAD_CLIENT_PARAMS ||
retval == KADM5_BAD_SERVER_PARAMS)
- usage();
+ usage();
exit(1);
}
if (freeprinc)
free(princstr);
- if( db_name )
+ if (db_name)
free(db_name), db_name=NULL;
- if( db_args )
+ if (db_args)
free(db_args), db_args=NULL;
if ((retval = krb5_cc_close(context, cc))) {
- com_err(whoami, retval, "while closing ccache %s",
- ccache_name);
- exit(1);
+ com_err(whoami, retval, "while closing ccache %s",
+ ccache_name);
+ exit(1);
}
/* register the WRFILE keytab type and set it as the default */
{
#define DEFAULT_KEYTAB "WRFILE:/etc/krb5.keytab"
- /* XXX krb5_defkeyname is an internal library global and
- should go away */
- extern char *krb5_defkeyname;
- krb5_defkeyname = DEFAULT_KEYTAB;
+ /* XXX krb5_defkeyname is an internal library global and
+ should go away */
+ extern char *krb5_defkeyname;
+ krb5_defkeyname = DEFAULT_KEYTAB;
}
-
+
return query;
}
locked = 0;
}
- kadm5_destroy(handle);
- if (ccache_name != NULL) {
- fprintf(stderr,
- "\n\a\a\aAdministration credentials NOT DESTROYED.\n");
- }
+ kadm5_destroy(handle);
+ if (ccache_name != NULL) {
+ fprintf(stderr,
+ "\n\a\a\aAdministration credentials NOT DESTROYED.\n");
+ }
- /* insert more random cleanup here */
- krb5_klog_close(context);
- krb5_free_context(context);
- return 0;
+ /* insert more random cleanup here */
+ krb5_klog_close(context);
+ krb5_free_context(context);
+ return 0;
}
void kadmin_lock(argc, argv)
krb5_principal princ;
char *canon;
char reply[5];
-
+
if (! (argc == 2 ||
(argc == 3 && !strcmp("-force", argv[1])))) {
fprintf(stderr, "usage: delete_principal [-force] principal\n");
char **db_args = NULL;
int db_args_size = 0;
-
+
if (argc < 2) {
- goto usage;
+ goto usage;
}
for (argv++, argc--; argc > 1; argc--, argv++) {
if (!strcmp("-x", *argv)) {
argc--;
- if( argc < 1 ) {
- fprintf( stderr, "change_password: missing db argument\n");
+ if (argc < 1) {
+ fprintf(stderr, "change_password: missing db argument\n");
goto usage;
}
db_args_size++;
{
- char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */
- if( temp == NULL )
- {
+ char **temp = realloc(db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */
+ if (temp == NULL) {
fprintf(stderr,"change_password: Not enough memory\n");
- free( db_args ), db_args = NULL;
+ free(db_args), db_args = NULL;
exit(1);
}
com_err("change_password", retval, "while parsing principal name");
if (ks_tuple != NULL)
free(ks_tuple);
- if( db_args ) free(db_args);
+ if (db_args) free(db_args);
return;
}
retval = krb5_unparse_name(context, princ, &canon);
krb5_free_principal(context, princ);
if (ks_tuple != NULL)
free(ks_tuple);
- if( db_args ) free(db_args);
+ if (db_args) free(db_args);
return;
}
if (pwarg != NULL) {
com_err("change_password", retval,
"while changing password for \"%s\".", canon);
free(canon);
- if( db_args ) free(db_args);
+ if (db_args) free(db_args);
return;
}
printf("Password for \"%s\" changed.\n", canon);
free(canon);
- if( db_args ) free(db_args);
+ if (db_args) free(db_args);
return;
} else if (randkey) {
if (keepold || ks_tuple != NULL) {
com_err("change_password", retval,
"while randomizing key for \"%s\".", canon);
free(canon);
- if( db_args ) free(db_args);
+ if (db_args) free(db_args);
return;
}
printf("Key for \"%s\" randomized.\n", canon);
free(canon);
- if( db_args ) free(db_args);
+ if (db_args) free(db_args);
return;
} else if (argc == 1) {
unsigned int i = sizeof (newpw) - 1;
-
+
sprintf(prompt1, "Enter password for principal \"%.900s\"",
*argv);
sprintf(prompt2,
if (ks_tuple != NULL)
free(ks_tuple);
krb5_free_principal(context, princ);
- if( db_args ) free(db_args);
+ if (db_args) free(db_args);
return;
}
if (keepold || ks_tuple != NULL) {
com_err("change_password", retval,
"while changing password for \"%s\".", canon);
free(canon);
- if( db_args ) free(db_args);
+ if (db_args) free(db_args);
return;
}
printf("Password for \"%s\" changed.\n", canon);
free(canon);
- if( db_args ) free(db_args);
+ if (db_args) free(db_args);
return;
- } else {
+ } else {
free(canon);
krb5_free_principal(context, princ);
- usage:
- if( db_args ) free(db_args);
+ usage:
+ if (db_args) free(db_args);
if (ks_tuple != NULL)
free(ks_tuple);
fprintf(stderr,
"[-e keysaltlist] [-pw password] "
"principal\n");
return;
- }
+ }
}
static void
-kadmin_free_tl_data( kadm5_principal_ent_t princ )
+kadmin_free_tl_data(kadm5_principal_ent_t princ)
{
krb5_tl_data *tl_data = princ->tl_data;
int n_tl_data = princ->n_tl_data;
princ->n_tl_data = 0;
princ->tl_data = NULL;
- for( i = 0; tl_data && (i < n_tl_data); i++ )
- {
+ for (i = 0; tl_data && (i < n_tl_data); i++) {
krb5_tl_data *next = tl_data->tl_data_next;
- if( tl_data->tl_data_contents )
- free( tl_data->tl_data_contents );
- free( tl_data );
+ if (tl_data->tl_data_contents)
+ free(tl_data->tl_data_contents);
+ free(tl_data);
tl_data = next;
}
}
#define KRB5_TL_DB_ARGS 0x7fff
-static int
+static int
kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey,
ks_tuple, n_ks_tuple, caller)
int argc;
time_t now;
krb5_error_code retval;
krb5_tl_data *tl_data, *tail = NULL;
-
+
*mask = 0;
*pass = NULL;
*n_ks_tuple = 0;
if (++i > argc - 2)
return -1;
- tl_data = malloc( sizeof(krb5_tl_data) );
- if( tl_data == NULL )
- {
+ tl_data = malloc(sizeof(krb5_tl_data));
+ if (tl_data == NULL) {
fprintf(stderr, "Not enough memory\n");
return ENOMEM;
}
- memset( tl_data, 0, sizeof(krb5_tl_data));
+ memset(tl_data, 0, sizeof(krb5_tl_data));
tl_data->tl_data_type = KRB5_TL_DB_ARGS;
tl_data->tl_data_length = strlen(argv[i])+1;
tl_data->tl_data_contents = strdup(argv[i]);
- if( tail )
- {
+ if (tail) {
tail->tl_data_next = tl_data;
- }
- else
- {
+ } else {
oprinc->tl_data = tl_data;
}
tail = tl_data;
oprinc->n_tl_data++;
-
- if( tl_data->tl_data_contents == NULL )
- {
+
+ if (tl_data->tl_data_contents == NULL) {
fprintf(stderr, "Not enough memory\n");
return ENOMEM;
}
return -1;
else {
date = get_date(argv[i]);
- if (date == (time_t)-1) {
- fprintf(stderr, "Invalid date specification \"%s\".\n",
- argv[i]);
- return -1;
- }
+ if (date == (time_t)-1) {
+ fprintf(stderr, "Invalid date specification \"%s\".\n",
+ argv[i]);
+ return -1;
+ }
oprinc->princ_expire_time = date;
*mask |= KADM5_PRINC_EXPIRE_TIME;
continue;
return -1;
else {
date = get_date(argv[i]);
- if (date == (time_t)-1) {
- fprintf(stderr, "Invalid date specification \"%s\".\n",
- argv[i]);
- return -1;
- }
+ if (date == (time_t)-1) {
+ fprintf(stderr, "Invalid date specification \"%s\".\n",
+ argv[i]);
+ return -1;
+ }
oprinc->pw_expiration = date;
*mask |= KADM5_PW_EXPIRATION;
continue;
return -1;
else {
date = get_date(argv[i]);
- if (date == (time_t)-1) {
- fprintf(stderr, "Invalid date specification \"%s\".\n",
- argv[i]);
- return -1;
- }
+ if (date == (time_t)-1) {
+ fprintf(stderr, "Invalid date specification \"%s\".\n",
+ argv[i]);
+ return -1;
+ }
oprinc->max_life = date - now;
*mask |= KADM5_MAX_LIFE;
continue;
return -1;
else {
date = get_date(argv[i]);
- if (date == (time_t)-1) {
- fprintf(stderr, "Invalid date specification \"%s\".\n",
- argv[i]);
- return -1;
- }
+ if (date == (time_t)-1) {
+ fprintf(stderr, "Invalid date specification \"%s\".\n",
+ argv[i]);
+ return -1;
+ }
oprinc->max_renewable_life = date - now;
*mask |= KADM5_MAX_RLIFE;
continue;
return 0;
}
-static void
+static void
kadmin_addprinc_usage(func)
- char *func;
+ char *func;
{
- fprintf(stderr, "usage: %s [options] principal\n", func);
- fprintf(stderr, "\toptions are:\n");
- fprintf(stderr, "\t\t[-x db_princ_args]* [-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-randkey] [-pw password]\n\t\t[-maxrenewlife maxrenewlife]\n\t\t[-e keysaltlist]\n\t\t[{+|-}attribute]\n");
- fprintf(stderr, "\tattributes are:\n");
- fprintf(stderr, "%s%s%s",
- "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n",
- "\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n",
- "\t\trequires_hwauth needchange allow_svr password_changing_service\n"
- "\nwhere,\n\t[-x db_princ_args]* - any number of database specific arguments.\n"
- "\t\t\tLook at each database documentation for supported arguments\n");
+ fprintf(stderr, "usage: %s [options] principal\n", func);
+ fprintf(stderr, "\toptions are:\n");
+ fprintf(stderr, "\t\t[-x db_princ_args]* [-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-randkey] [-pw password]\n\t\t[-maxrenewlife maxrenewlife]\n\t\t[-e keysaltlist]\n\t\t[{+|-}attribute]\n");
+ fprintf(stderr, "\tattributes are:\n");
+ fprintf(stderr, "%s%s%s",
+ "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n",
+ "\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n",
+ "\t\trequires_hwauth needchange allow_svr password_changing_service\n"
+ "\nwhere,\n\t[-x db_princ_args]* - any number of database specific arguments.\n"
+ "\t\t\tLook at each database documentation for supported arguments\n");
}
-static void
+static void
kadmin_modprinc_usage(func)
- char *func;
+ char *func;
{
- fprintf(stderr, "usage: %s [options] principal\n", func);
- fprintf(stderr, "\toptions are:\n");
- fprintf(stderr, "\t\t[-x db_princ_args]* [-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-clearpolicy]\n\t\t[-maxrenewlife maxrenewlife] [{+|-}attribute]\n");
- fprintf(stderr, "\tattributes are:\n");
- fprintf(stderr, "%s%s%s",
- "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n",
- "\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n",
- "\t\trequires_hwauth needchange allow_svr password_changing_service\n"
- "\nwhere,\n\t[-x db_princ_args]* - any number of database specific arguments.\n"
- "\t\t\tLook at each database documentation for supported arguments\n"
- );
+ fprintf(stderr, "usage: %s [options] principal\n", func);
+ fprintf(stderr, "\toptions are:\n");
+ fprintf(stderr, "\t\t[-x db_princ_args]* [-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-clearpolicy]\n\t\t[-maxrenewlife maxrenewlife] [{+|-}attribute]\n");
+ fprintf(stderr, "\tattributes are:\n");
+ fprintf(stderr, "%s%s%s",
+ "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n",
+ "\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n",
+ "\t\trequires_hwauth needchange allow_svr password_changing_service\n"
+ "\nwhere,\n\t[-x db_princ_args]* - any number of database specific arguments.\n"
+ "\t\t\tLook at each database documentation for supported arguments\n"
+ );
}
void kadmin_addprinc(argc, argv)
static char prompt1[1024], prompt2[1024];
if (dummybuf[0] == 0) {
- for (i = 0; i < 256; i++)
- dummybuf[i] = (i+1) % 256;
+ for (i = 0; i < 256; i++)
+ dummybuf[i] = (i+1) % 256;
}
-
+
/* Zero all fields in request structure */
memset(&princ, 0, sizeof(princ));
&princ, &mask, &pass, &randkey,
&ks_tuple, &n_ks_tuple,
"add_principal")) {
- kadmin_addprinc_usage("add_principal");
- kadmin_free_tl_data( &princ ); /* need to free ks_tuple also??? */
- return;
+ kadmin_addprinc_usage("add_principal");
+ kadmin_free_tl_data(&princ); /* need to free ks_tuple also??? */
+ return;
}
retval = krb5_unparse_name(context, princ.principal, &canon);
krb5_free_principal(context, princ.principal);
if (ks_tuple != NULL)
free(ks_tuple);
- kadmin_free_tl_data( &princ );
+ kadmin_free_tl_data(&princ);
return;
}
*/
if ((! (mask & KADM5_POLICY)) &&
(! (mask & KADM5_POLICY_CLR))) {
- if (! kadm5_get_policy(handle, "default", &defpol)) {
- fprintf(stderr,
- "NOTICE: no policy specified for %s; assigning \"default\"\n",
- canon);
- princ.policy = "default";
- mask |= KADM5_POLICY;
- (void) kadm5_free_policy_ent(handle, &defpol);
- } else
- fprintf(stderr,
- "WARNING: no policy specified for %s; defaulting to no policy\n",
- canon);
+ if (! kadm5_get_policy(handle, "default", &defpol)) {
+ fprintf(stderr,
+ "NOTICE: no policy specified for %s; assigning \"default\"\n",
+ canon);
+ princ.policy = "default";
+ mask |= KADM5_POLICY;
+ (void) kadm5_free_policy_ent(handle, &defpol);
+ } else
+ fprintf(stderr,
+ "WARNING: no policy specified for %s; defaulting to no policy\n",
+ canon);
}
mask &= ~KADM5_POLICY_CLR;
-
+
if (randkey) { /* do special stuff if -randkey specified */
princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX; /* set notix */
mask |= KADM5_ATTRIBUTES;
pass = dummybuf;
} else if (pass == NULL) {
unsigned int sz = sizeof (newpw) - 1;
-
+
sprintf(prompt1, "Enter password for principal \"%.900s\"",
canon);
sprintf(prompt2,
"while reading password for \"%s\".", canon);
free(canon);
krb5_free_principal(context, princ.principal);
- kadmin_free_tl_data( &princ );
+ kadmin_free_tl_data(&princ);
return;
}
pass = newpw;
free(canon);
if (ks_tuple != NULL)
free(ks_tuple);
- kadmin_free_tl_data( &princ );
+ kadmin_free_tl_data(&princ);
return;
}
if (randkey) { /* more special stuff for -randkey */
free(canon);
if (ks_tuple != NULL)
free(ks_tuple);
- kadmin_free_tl_data( &princ );
+ kadmin_free_tl_data(&princ);
return;
}
princ.attributes &= ~KRB5_KDB_DISALLOW_ALL_TIX; /* clear notix */
free(canon);
if (ks_tuple != NULL)
free(ks_tuple);
- kadmin_free_tl_data( &princ );
+ kadmin_free_tl_data(&princ);
return;
}
}
if (ks_tuple != NULL)
free(ks_tuple);
free(canon);
- kadmin_free_tl_data( &princ );
+ kadmin_free_tl_data(&princ);
}
krb5_key_salt_tuple *ks_tuple;
if (argc < 2) {
- kadmin_modprinc_usage("modify_principal");
- return;
+ kadmin_modprinc_usage("modify_principal");
+ return;
}
memset(&oldprinc, 0, sizeof(oldprinc));
krb5_error_code retval;
char *canon, *modcanon;
int i;
-
+
if (! (argc == 2 ||
(argc == 3 && !strcmp("-terse", argv[1])))) {
fprintf(stderr, "usage: get_principal [-terse] principal\n");
printf("Principal: %s\n", canon);
printf("Expiration date: %s\n", dprinc.princ_expire_time ?
strdate(dprinc.princ_expire_time) : "[never]");
- printf("Last password change: %s\n", dprinc.last_pwd_change ?
+ printf("Last password change: %s\n", dprinc.last_pwd_change ?
strdate(dprinc.last_pwd_change) : "[never]");
printf("Password expiration date: %s\n",
dprinc.pw_expiration ?
printf("Last modified: %s (%s)\n", strdate(dprinc.mod_date), modcanon);
printf("Last successful authentication: %s\n",
dprinc.last_success ? strdate(dprinc.last_success) :
- "[never]");
+ "[never]");
printf("Last failed authentication: %s\n",
dprinc.last_failed ? strdate(dprinc.last_failed) :
"[never]");
dprinc.fail_auth_count);
printf("Number of keys: %d\n", dprinc.n_key_data);
for (i = 0; i < dprinc.n_key_data; i++) {
- krb5_key_data *key_data = &dprinc.key_data[i];
- char enctype[BUFSIZ], salttype[BUFSIZ];
-
- if (krb5_enctype_to_string(key_data->key_data_type[0],
- enctype, sizeof(enctype)))
- sprintf(enctype, "<Encryption type 0x%x>",
- key_data->key_data_type[0]);
- printf("Key: vno %d, %s, ", key_data->key_data_kvno, enctype);
- if (key_data->key_data_ver > 1) {
- if (krb5_salttype_to_string(key_data->key_data_type[1],
- salttype, sizeof(salttype)))
- sprintf(salttype, "<Salt type 0x%x>",
- key_data->key_data_type[1]);
- printf("%s\n", salttype);
- } else
- printf("no salt\n");
+ krb5_key_data *key_data = &dprinc.key_data[i];
+ char enctype[BUFSIZ], salttype[BUFSIZ];
+
+ if (krb5_enctype_to_string(key_data->key_data_type[0],
+ enctype, sizeof(enctype)))
+ sprintf(enctype, "<Encryption type 0x%x>",
+ key_data->key_data_type[0]);
+ printf("Key: vno %d, %s, ", key_data->key_data_kvno, enctype);
+ if (key_data->key_data_ver > 1) {
+ if (krb5_salttype_to_string(key_data->key_data_type[1],
+ salttype, sizeof(salttype)))
+ sprintf(salttype, "<Salt type 0x%x>",
+ key_data->key_data_type[1]);
+ printf("%s\n", salttype);
+ } else
+ printf("no salt\n");
}
-
+
printf("Attributes:");
for (i = 0; i < sizeof (prflags) / sizeof (char *); i++) {
if (dprinc.attributes & (krb5_flags) 1 << i)
dprinc.last_failed, dprinc.fail_auth_count,
dprinc.n_key_data);
for (i = 0; i < dprinc.n_key_data; i++)
- printf("\t%d\t%d\t%d\t%d",
- dprinc.key_data[i].key_data_ver,
- dprinc.key_data[i].key_data_kvno,
- dprinc.key_data[i].key_data_type[0],
- dprinc.key_data[i].key_data_type[1]);
+ printf("\t%d\t%d\t%d\t%d",
+ dprinc.key_data[i].key_data_ver,
+ dprinc.key_data[i].key_data_kvno,
+ dprinc.key_data[i].key_data_type[0],
+ dprinc.key_data[i].key_data_type[1]);
printf("\n");
- }
+ }
free(modcanon);
kadm5_free_principal_ent(handle, &dprinc);
free(canon);
return;
}
for (i = 0; i < count; i++)
- printf("%s\n", names[i]);
+ printf("%s\n", names[i]);
kadm5_free_name_list(handle, names, count);
}
-static int
+static int
kadmin_parse_policy_args(argc, argv, policy, mask, caller)
int argc;
char *argv[];
return -1;
else {
date = get_date(argv[i]);
- if (date == (time_t)-1) {
- fprintf(stderr, "Invalid date specification \"%s\".\n",
- argv[i]);
- return -1;
- }
+ if (date == (time_t)-1) {
+ fprintf(stderr, "Invalid date specification \"%s\".\n",
+ argv[i]);
+ return -1;
+ }
policy->pw_max_life = date - now;
*mask |= KADM5_PW_MAX_LIFE;
continue;
return -1;
else {
date = get_date(argv[i]);
- if (date == (time_t)-1) {
- fprintf(stderr, "Invalid date specification \"%s\".\n",
- argv[i]);
- return -1;
- }
+ if (date == (time_t)-1) {
+ fprintf(stderr, "Invalid date specification \"%s\".\n",
+ argv[i]);
+ return -1;
+ }
policy->pw_min_life = date - now;
*mask |= KADM5_PW_MIN_LIFE;
continue;
}
} else if (strlen(argv[i]) == 10 &&
- !strcmp(argv[i], "-minlength")) {
+ !strcmp(argv[i], "-minlength")) {
if (++i > argc - 2)
return -1;
else {
return 0;
}
-static void
+static void
kadmin_addmodpol_usage(func)
- char *func;
+ char *func;
{
- fprintf(stderr, "usage; %s [options] policy\n", func);
- fprintf(stderr, "\toptions are:\n");
- fprintf(stderr, "\t\t[-maxlife time] [-minlife time] [-minlength length]\n\t\t[-minclasses number] [-history number]\n");
+ fprintf(stderr, "usage; %s [options] policy\n", func);
+ fprintf(stderr, "\toptions are:\n");
+ fprintf(stderr, "\t\t[-maxlife time] [-minlife time] [-minlength length]\n\t\t[-minclasses number] [-history number]\n");
}
void kadmin_addpol(argc, argv)
memset(&policy, 0, sizeof(policy));
if (kadmin_parse_policy_args(argc, argv, &policy, &mask, "add_policy")) {
- kadmin_addmodpol_usage("add_policy");
- return;
+ kadmin_addmodpol_usage("add_policy");
+ return;
} else {
policy.policy = argv[argc - 1];
mask |= KADM5_POLICY;
{
krb5_error_code retval;
char reply[5];
-
+
if (! (argc == 2 ||
(argc == 3 && !strcmp("-force", argv[1])))) {
fprintf(stderr, "usage: delete_policy [-force] policy\n");
{
krb5_error_code retval;
kadm5_policy_ent_rec policy;
-
+
if (! (argc == 2 ||
(argc == 3 && !strcmp("-terse", argv[1])))) {
fprintf(stderr, "usage: get_policy [-terse] policy\n");
return;
}
for (i = 0; i < count; i++)
- printf("%s\n", names[i]);
+ printf("%s\n", names[i]);
kadm5_free_name_list(handle, names, count);
}