1 /* 2 * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 | #pragma ident "@(#)kdb5_util.c 1.10 04/09/08 SMI" 6 | #pragma ident "@(#)kdb5_util.c 1.9 04/05/04 SMI" 7 8 /* 9 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 10 * 11 * Openvision retains the copyright to derivative works of 12 * this source code. Do *NOT* create a derivative of this 13 * source code before consulting with your legal department. 14 * Do *NOT* integrate *ANY* of this source code into another 15 * product before consulting with your legal department. 16 * 17 * For further information, read the top-level Openvision 18 * copyright which is contained in the top-level MIT Kerberos 19 * copyright. 20 * 21 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 22 * 23 */ 24 25 26 /* 27 * admin/edit/kdb5_edit.c 28 * 29 * (C) Copyright 1990,1991, 1996 by the Massachusetts Institute of Technology. 30 * All Rights Reserved. 31 * 32 * Export of this software from the United States of America may 33 * require a specific license from the United States Government. 34 * It is the responsibility of any person or organization contemplating 35 * export to obtain such a license before exporting. 36 * 37 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 38 * distribute this software and its documentation for any purpose and 39 * without fee is hereby granted, provided that the above copyright 40 * notice appear in all copies and that both that copyright notice and 41 * this permission notice appear in supporting documentation, and that 42 * the name of M.I.T. not be used in advertising or publicity pertaining 43 * to distribution of the software without specific, written prior 44 * permission. Furthermore if you modify this software you must label 45 * your software as modified software and not distribute it in such a 46 * fashion that it might be confused with the original M.I.T. software. 47 * M.I.T. makes no representations about the suitability of 48 * this software for any purpose. It is provided "as is" without express 49 * or implied warranty. 50 * 51 * 52 * Edit a KDC database. 53 */ 54 55 /* 56 * Yes, I know this is a hack, but we need admin.h without including the 57 * rpc.h header. Additionally, our rpc.h header brings in 58 * a des.h header which causes other problems. 59 */ 60 #define _RPC_RPC_H 61 62 #include <stdio.h> 63 #define KDB5_DISPATCH 64 #define KRB5_KDB5_DBM__ 65 #include <k5-int.h> 66 /* #define these to avoid an indirection function; for future implementations, 67 these may be redirected from a dispatch table/routine */ 68 #define krb5_dbm_db_set_name krb5_db_set_name 69 #define krb5_dbm_db_set_nonblocking krb5_db_set_nonblocking 70 #define krb5_dbm_db_init krb5_db_init 71 #define krb5_dbm_db_get_age krb5_db_get_age 72 #define krb5_dbm_db_create krb5_db_create 73 #define krb5_dbm_db_rename krb5_db_rename 74 #define krb5_dbm_db_get_principal krb5_db_get_principal 75 #define krb5_dbm_db_free_principal krb5_db_free_principal 76 #define krb5_dbm_db_put_principal krb5_db_put_principal 77 #define krb5_dbm_db_delete_principal krb5_db_delete_principal 78 #define krb5_dbm_db_lock krb5_db_lock 79 #define krb5_dbm_db_unlock krb5_db_unlock 80 #define krb5_dbm_db_set_lockmode krb5_db_set_lockmode 81 #define krb5_dbm_db_close_database krb5_db_close_database 82 #define krb5_dbm_db_open_database krb5_db_open_database 83 84 #include <kadm5/admin.h> 85 #include <rpc/types.h> 86 #include <rpc/xdr.h> 87 #include <kadm5/adb.h> 88 #include <time.h> 89 #include <libintl.h> 90 #include <locale.h> 91 #include "kdb5_util.h" 92 93 char *Err_no_master_msg = "Master key not entered!\n"; 94 char *Err_no_database = "Database not currently opened!\n"; 95 96 /* 97 * XXX Ick, ick, ick. These global variables shouldn't be global.... 98 */ 99 char *mkey_password = 0; 100 101 /* 102 * I can't figure out any way for this not to be global, given how ss 103 * works. 104 */ 105 106 int exit_status = 0; 107 krb5_context util_context; 108 osa_adb_policy_t policy_db; 109 kadm5_config_params global_params; 110 111 usage() 112 { 113 fprintf(stderr, "%s: " 114 "kdb5_util cmd [-r realm] [-d dbname] [-k mkeytype] [-M mkeyname]\n" 115 "\t [-f] [stashfile] [-P password] [-m ] [cmd options]\n" 116 "\tcreate [-s]\n" 117 "\tdestroy \n" 118 "\tstash \n" 119 "\tdump [-old] [-ov] [-b6] [-verbose] [filename [princs...]]\n" 120 "\tload [-old] [-ov] [-b6] [-verbose] [-update] filename\n" 121 #ifdef SUNWOFF 122 "\tload_v4 [-t] [-n] [-v] [-K] [-s stashfile] inputfile\n" 123 #endif 124 "\tark [-e etype_list] principal\n", 125 gettext("Usage")); 126 exit(1); 127 } ----Unchanged portion omitted---- 178 179 #define ARG_VAL (--argc > 0 ? (optarg = *(++argv)) : (char *)(usage(), NULL)) 180 181 int 182 main(argc, argv) 183 int argc; 184 char *argv[]; 185 { 186 struct _cmd_table *cmd = NULL; 187 char *optarg, **cmd_argv; 188 int cmd_argc; 189 krb5_error_code retval; 190 191 (void) setlocale(LC_ALL, ""); 192 193 #if !defined(TEXT_DOMAIN) /* Should be defined by cc -D */ 194 #define TEXT_DOMAIN "SYS_TEST" /* Use this only if it weren't */ 195 #endif 196 197 (void) textdomain(TEXT_DOMAIN); 198 199 Err_no_master_msg = gettext("Master key not entered!\n"); 200 Err_no_database = gettext("Database not currently opened!\n"); 201 202 retval = krb5_init_context(&util_context); 203 if (retval) { 204 com_err (progname, retval, 205 gettext("while initializing Kerberos code")); 206 exit(1); 207 } 208 progname = (strrchr(argv[0], '/') ? 209 strrchr(argv[0], '/') + 1 : argv[0]); 210 211 cmd_argv = (char **) malloc(sizeof(char *)*argc); 212 if (cmd_argv == NULL) { 213 com_err(progname, ENOMEM, 214 gettext("while creating sub-command arguments")); 215 exit(1); 216 } 217 memset(cmd_argv, 0, sizeof(char *)*argc); 218 cmd_argc = 1; 219 220 argv++; 221 argc--; 222 while (*argv) { 223 if (strcmp(*argv, "-P") == 0 && ARG_VAL) { 224 mkey_password = optarg; 225 manual_mkey = TRUE; 226 } else if (strcmp(*argv, "-d") == 0 && ARG_VAL) { 227 global_params.dbname = optarg; 228 global_params.mask |= KADM5_CONFIG_DBNAME; 229 } else if (strcmp(*argv, "-r") == 0 && ARG_VAL) { 230 global_params.realm = optarg; 231 global_params.mask |= KADM5_CONFIG_REALM; 232 /* not sure this is really necessary */ 233 if ((retval = krb5_set_default_realm(util_context, 234 global_params.realm))) { 235 com_err(progname, retval, 236 gettext("while setting default " 237 "realm name")); 238 exit(1); 239 } 240 } else if (strcmp(*argv, "-k") == 0 && ARG_VAL) { 241 if (krb5_string_to_enctype(optarg, 242 &global_params.enctype)) 243 com_err(argv[0], 0, 244 gettext("%s is an invalid enctype"), 245 optarg); 246 else 247 global_params.mask |= KADM5_CONFIG_ENCTYPE; 248 } else if (strcmp(*argv, "-M") == 0 && ARG_VAL) { 249 global_params.mkey_name = optarg; 250 global_params.mask |= KADM5_CONFIG_MKEY_NAME; 251 } else if (((strcmp(*argv, "-sf") == 0) 252 /* SUNWresync121 - carry the old -f forward too */ 253 || (strcmp(*argv, "-f") == 0)) && ARG_VAL) { 254 global_params.stash_file = optarg; 255 global_params.mask |= KADM5_CONFIG_STASH_FILE; 256 } else if (strcmp(*argv, "-m") == 0) { 257 manual_mkey = TRUE; 258 global_params.mkey_from_kbd = 1; 259 global_params.mask |= KADM5_CONFIG_MKEY_FROM_KBD; 260 } else if (cmd_lookup(*argv) != NULL) { 261 if (cmd_argv[0] == NULL) 262 cmd_argv[0] = *argv; 263 else 264 usage(); 265 } else { 266 cmd_argv[cmd_argc++] = *argv; 267 } 268 argv++; 269 argc--; 270 } 271 272 if (cmd_argv[0] == NULL) 273 usage(); 274 275 if (retval = kadm5_get_config_params(util_context, NULL, NULL, 276 &global_params, &global_params)) { 277 com_err(argv[0], retval, 278 gettext("while retreiving configuration parameters")); 279 exit(1); 280 } 281 /* 282 * Dump creates files which should not be world-readable. It is 283 * easiest to do a single umask call here. 284 */ 285 (void) umask(077); 286 287 (void) memset(&master_key, 0, sizeof (krb5_keyblock)); 288 289 if ((global_params.enctype != ENCTYPE_UNKNOWN) && 290 (!valid_enctype(global_params.enctype))) { 291 com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP, 292 gettext("while setting up enctype %d"), global_params.enctype); 293 } 294 295 cmd = cmd_lookup(cmd_argv[0]); 296 if (cmd->opendb && open_db_and_mkey()) 297 return (exit_status); 298 299 + if (global_params.iprop_enabled == TRUE) 300 + ulog_set_role(util_context, IPROP_MASTER); 301 + else 302 + ulog_set_role(util_context, IPROP_NULL); 303 + 304 (*cmd->func)(cmd_argc, cmd_argv); 305 306 if(close_policy_db) { 307 (void) osa_adb_close_policy(policy_db); 308 } 309 kadm5_free_config_params(util_context, &global_params); 310 krb5_free_context(util_context); 311 return (exit_status); 312 } ----Unchanged portion omitted----