static void add_users (const char *filename, unsigned n) { krb5_error_code ret; int i; void *kadm_handle; krb5_context context; unsigned nwords; char **words; ret = krb5_init_context(&context); if (ret) errx (1, "krb5_init_context failed: %d", ret); ret = kadm5_s_init_with_password_ctx(context, KADM5_ADMIN_SERVICE, NULL, KADM5_ADMIN_SERVICE, NULL, 0, 0, &kadm_handle); if(ret) krb5_err(context, 1, ret, "kadm5_init_with_password"); nwords = read_words (filename, &words); for (i = 0; i < n; ++i) add_user (context, kadm_handle, nwords, words); kadm5_destroy(kadm_handle); krb5_free_context(context); }
kadm5_ret_t kadm5_s_init_with_password(const char *client_name, const char *password, const char *service_name, kadm5_config_params *realm_params, unsigned long struct_version, unsigned long api_version, void **server_handle) { krb5_context context; kadm5_ret_t ret; kadm5_server_context *ctx; ret = krb5_init_context(&context); if (ret) return ret; ret = kadm5_s_init_with_password_ctx(context, client_name, password, service_name, realm_params, struct_version, api_version, server_handle); if(ret){ krb5_free_context(context); return ret; } ctx = *server_handle; ctx->my_context = 1; return 0; }
static void handle_v5(krb5_context contextp, krb5_keytab keytab, krb5_socket_t fd) { krb5_error_code ret; krb5_ticket *ticket; char *server_name; char *client; void *kadm_handlep; krb5_boolean initial; krb5_auth_context ac = NULL; unsigned kadm_version; kadm5_config_params realm_params; ret = krb5_recvauth_match_version(contextp, &ac, &fd, match_appl_version, &kadm_version, NULL, KRB5_RECVAUTH_IGNORE_VERSION, keytab, &ticket); if (ret) krb5_err(contextp, 1, ret, "krb5_recvauth"); ret = krb5_unparse_name (contextp, ticket->server, &server_name); if (ret) krb5_err (contextp, 1, ret, "krb5_unparse_name"); if (strncmp (server_name, KADM5_ADMIN_SERVICE, strlen(KADM5_ADMIN_SERVICE)) != 0) krb5_errx (contextp, 1, "ticket for strange principal (%s)", server_name); free (server_name); memset(&realm_params, 0, sizeof(realm_params)); if(kadm_version == 1) { krb5_data params; ret = krb5_read_priv_message(contextp, ac, &fd, ¶ms); if(ret) krb5_err(contextp, 1, ret, "krb5_read_priv_message"); _kadm5_unmarshal_params(contextp, ¶ms, &realm_params); } initial = ticket->ticket.flags.initial; ret = krb5_unparse_name(contextp, ticket->client, &client); if (ret) krb5_err (contextp, 1, ret, "krb5_unparse_name"); krb5_free_ticket (contextp, ticket); ret = kadm5_s_init_with_password_ctx(contextp, client, NULL, KADM5_ADMIN_SERVICE, &realm_params, 0, 0, &kadm_handlep); if(ret) krb5_err (contextp, 1, ret, "kadm5_init_with_password_ctx"); v5_loop (contextp, ac, initial, kadm_handlep, fd); }
kadm5_ret_t kadm5_init_with_password_ctx(krb5_context context, const char *client_name, const char *password, const char *service_name, kadm5_config_params *realm_params, unsigned long struct_version, unsigned long api_version, void **server_handle) { return kadm5_s_init_with_password_ctx(context, client_name, password, service_name, realm_params, struct_version, api_version, server_handle); }
int main(int argc, char **argv) { krb5_error_code ret; char **files; kadm5_config_params conf; int optidx = 0; int exit_status = 0; setprogname(argv[0]); ret = krb5_init_context(&context); if (ret) errx (1, "krb5_init_context failed: %d", ret); if(getarg(args, num_args, argc, argv, &optidx)) usage(1); if (help_flag) usage (0); if (version_flag) { print_version(NULL); exit(0); } argc -= optidx; argv += optidx; if (config_file == NULL) { asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context)); if (config_file == NULL) errx(1, "out of memory"); } ret = krb5_prepend_config_files_default(config_file, &files); if (ret) krb5_err(context, 1, ret, "getting configuration files"); ret = krb5_set_config_files(context, files); krb5_free_config_files(files); if(ret) krb5_err(context, 1, ret, "reading configuration files"); memset(&conf, 0, sizeof(conf)); if(realm) { krb5_set_default_realm(context, realm); /* XXX should be fixed some other way */ conf.realm = realm; conf.mask |= KADM5_CONFIG_REALM; } if (admin_server) { conf.admin_server = admin_server; conf.mask |= KADM5_CONFIG_ADMIN_SERVER; } if (server_port) { conf.kadmind_port = htons(server_port); conf.mask |= KADM5_CONFIG_KADMIND_PORT; } if (keyfile) { conf.stash_file = keyfile; conf.mask |= KADM5_CONFIG_STASH_FILE; } if(local_flag) { int i; kadm5_setup_passwd_quality_check (context, check_library, check_function); for (i = 0; i < policy_libraries.num_strings; i++) { ret = kadm5_add_passwd_quality_verifier(context, policy_libraries.strings[i]); if (ret) krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); } ret = kadm5_add_passwd_quality_verifier(context, NULL); if (ret) krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); ret = kadm5_s_init_with_password_ctx(context, KADM5_ADMIN_SERVICE, NULL, KADM5_ADMIN_SERVICE, &conf, 0, 0, &kadm_handle); } else if (mit_flag) { ret = kadm5_mit_init_with_password_ctx(context, client_name, NULL, &conf, 0, 0, &kadm_handle); } else if (ad_flag) { if (client_name == NULL) krb5_errx(context, 1, "keytab mode require principal name"); ret = kadm5_ad_init_with_password_ctx(context, client_name, NULL, KADM5_ADMIN_SERVICE, &conf, 0, 0, &kadm_handle); } else if (keytab) { if (client_name == NULL) krb5_errx(context, 1, "keytab mode require principal name"); ret = kadm5_c_init_with_skey_ctx(context, client_name, keytab, KADM5_ADMIN_SERVICE, &conf, 0, 0, &kadm_handle); } else ret = kadm5_c_init_with_password_ctx(context, client_name, NULL, KADM5_ADMIN_SERVICE, &conf, 0, 0, &kadm_handle); if(ret) krb5_err(context, 1, ret, "kadm5_init_with_password"); signal(SIGINT, SIG_IGN); /* ignore signals for now, the sl command parser will handle SIGINT its own way; we should really take care of this in each function, f.i `get' might be interruptable, but not `create' */ if (argc != 0) { ret = sl_command (commands, argc, argv); if(ret == -1) krb5_warnx (context, "unrecognized command: %s", argv[0]); else if (ret == -2) ret = 0; if(ret != 0) exit_status = 1; } else { while(!exit_seen) { ret = sl_command_loop(commands, "kadmin> ", NULL); if (ret == -2) exit_seen = 1; else if (ret != 0) exit_status = 1; } } kadm5_destroy(kadm_handle); krb5_free_context(context); return exit_status; }