int
ext_keytab(struct ext_keytab_options *opt, int argc, char **argv)
{
krb5_error_code ret;
int i;
struct ext_keytab_data data;
if (opt->keytab_string == NULL)
ret = krb5_kt_default(context, &data.keytab);
else
ret = krb5_kt_resolve(context, opt->keytab_string, &data.keytab);
if(ret){
krb5_warn(context, ret, "krb5_kt_resolve");
return 1;
}
for(i = 0; i < argc; i++) {
ret = foreach_principal(argv[i], do_ext_keytab, "ext", &data);
if (ret)
break;
}
krb5_kt_close(context, data.keytab);
return ret != 0;
}
static int
getit(struct get_options *opt, const char *name, int argc, char **argv)
{
int i;
krb5_error_code ret;
struct get_entry_data data;
if(opt->long_flag == -1 && (opt->short_flag == 1 || opt->terse_flag == 1))
opt->long_flag = 0;
if(opt->short_flag == -1 && (opt->long_flag == 1 || opt->terse_flag == 1))
opt->short_flag = 0;
if(opt->terse_flag == -1 && (opt->long_flag == 1 || opt->short_flag == 1))
opt->terse_flag = 0;
if(opt->long_flag == 0 && opt->short_flag == 0 && opt->terse_flag == 0)
opt->short_flag = 1;
if (opt->terse_flag)
return listit(name, argc, argv);
data.table = NULL;
data.chead = NULL;
data.ctail = &data.chead;
data.mask = 0;
data.extra_mask = 0;
if(opt->short_flag) {
data.table = rtbl_create();
rtbl_set_separator(data.table, " ");
data.format = print_entry_short;
} else
data.format = print_entry_long;
if(opt->column_info_string == NULL) {
if(opt->long_flag)
ret = setup_columns(&data, DEFAULT_COLUMNS_LONG);
else
ret = setup_columns(&data, DEFAULT_COLUMNS_SHORT);
} else
ret = setup_columns(&data, opt->column_info_string);
if(ret != 0) {
if(data.table != NULL)
rtbl_destroy(data.table);
return 0;
}
for(i = 0; i < argc; i++)
ret = foreach_principal(argv[i], do_get_entry, name, &data);
if(data.table != NULL) {
rtbl_format(data.table, stdout);
rtbl_destroy(data.table);
}
free_columns(&data);
return ret != 0;
}
int
cpw_entry(struct passwd_options *opt, int argc, char **argv)
{
krb5_error_code ret = 0;
int i;
struct cpw_entry_data data;
int num;
krb5_key_data key_data[3];
data.keepold = opt->keepold_flag;
data.random_key = opt->random_key_flag;
data.random_password = opt->random_password_flag;
data.password = opt->password_string;
data.key_data = NULL;
num = 0;
if (data.random_key)
++num;
if (data.random_password)
++num;
if (data.password)
++num;
if (opt->key_string)
++num;
if (num > 1) {
fprintf (stderr, "give only one of "
"--random-key, --random-password, --password, --key\n");
return 1;
}
if (opt->key_string) {
const char *error;
if (parse_des_key (opt->key_string, key_data, &error)) {
fprintf (stderr, "failed parsing key \"%s\": %s\n",
opt->key_string, error);
return 1;
}
data.key_data = key_data;
}
for(i = 0; i < argc; i++)
ret = foreach_principal(argv[i], do_cpw_entry, "cpw", &data);
if (data.key_data) {
int16_t dummy;
kadm5_free_key_data (kadm_handle, &dummy, key_data);
}
return ret != 0;
}
int
del_entry(void *opt, int argc, char **argv)
{
int i;
krb5_error_code ret = 0;
for(i = 0; i < argc; i++) {
ret = foreach_principal(argv[i], do_del_entry, "del", NULL);
if (ret)
break;
}
return ret != 0;
}
int
mod_entry(struct modify_options *opt, int argc, char **argv)
{
krb5_error_code ret = 0;
int i;
for(i = 0; i < argc; i++) {
ret = foreach_principal(argv[i], do_mod_entry, "mod", opt);
if (ret)
break;
}
return ret != 0;
}
static int
listit(const char *funcname, int argc, char **argv)
{
int i;
krb5_error_code ret, saved_ret = 0;
for (i = 0; i < argc; i++) {
ret = foreach_principal(argv[i], do_list_entry, funcname, NULL);
if (saved_ret == 0 && ret != 0)
saved_ret = ret;
}
return saved_ret != 0;
}
int
check(void *opt, int argc, char **argv)
{
kadm5_principal_ent_rec ent;
krb5_error_code ret;
char *realm = NULL, *p, *p2;
int found;
if (argc == 0) {
ret = krb5_get_default_realm(context, &realm);
if (ret) {
krb5_warn(context, ret, "krb5_get_default_realm");
goto fail;
}
} else {
realm = strdup(argv[0]);
if (realm == NULL) {
krb5_warnx(context, "malloc");
goto fail;
}
}
/*
* Check krbtgt/REALM@REALM
*
* For now, just check existance
*/
if (asprintf(&p, "%s/%s@%s", KRB5_TGS_NAME, realm, realm) == -1) {
krb5_warn(context, errno, "asprintf");
goto fail;
}
ret = get_check_entry(p, &ent);
if (ret) {
printf("%s doesn't exist, are you sure %s is a realm in your database",
p, realm);
free(p);
goto fail;
}
free(p);
kadm5_free_principal_ent(kadm_handle, &ent);
/*
* Check kadmin/admin@REALM
*/
if (asprintf(&p, "kadmin/admin@%s", realm) == -1) {
krb5_warn(context, errno, "asprintf");
goto fail;
}
ret = get_check_entry(p, &ent);
if (ret) {
printf("%s doesn't exist, "
"there is no way to do remote administration", p);
free(p);
goto fail;
}
free(p);
kadm5_free_principal_ent(kadm_handle, &ent);
/*
* Check kadmin/changepw@REALM
*/
if (asprintf(&p, "kadmin/changepw@%s", realm) == -1) {
krb5_warn(context, errno, "asprintf");
goto fail;
}
ret = get_check_entry(p, &ent);
if (ret) {
printf("%s doesn't exist, "
"there is no way to do change password", p);
free(p);
goto fail;
}
free(p);
kadm5_free_principal_ent(kadm_handle, &ent);
/*
* Check for duplicate afs keys
*/
p2 = strdup(realm);
if (p2 == NULL) {
krb5_warn(context, errno, "malloc");
goto fail;
}
strlwr(p2);
if (asprintf(&p, "afs/%s@%s", p2, realm) == -1) {
krb5_warn(context, errno, "asprintf");
free(p2);
goto fail;
}
free(p2);
ret = get_check_entry(p, &ent);
free(p);
if (ret == 0) {
kadm5_free_principal_ent(kadm_handle, &ent);
found = 1;
} else
found = 0;
if (asprintf(&p, "afs@%s", realm) == -1) {
krb5_warn(context, errno, "asprintf");
goto fail;
}
ret = get_check_entry(p, &ent);
free(p);
if (ret == 0) {
kadm5_free_principal_ent(kadm_handle, &ent);
if (found) {
krb5_warnx(context, "afs@REALM and afs/cellname@REALM both exists");
goto fail;
}
}
foreach_principal("*", do_check_entry, "check", NULL);
free(realm);
return 0;
fail:
free(realm);
return 1;
}
