1 files changed, 111 insertions, 125 deletions
diff --git a/kerberosV/src/kadmin/kadmin.c b/kerberosV/src/kadmin/kadmin.c
index 5c647ab69f7..c56f95b1396 100644
--- a/kerberosV/src/kadmin/kadmin.c
+++ b/kerberosV/src/kadmin/kadmin.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -32,13 +32,15 @@
  */
 
 #include "kadmin_locl.h"
+#include "kadmin-commands.h"
 #include <sl.h>
 
-RCSID("$KTH: kadmin.c,v 1.42 2003/03/31 10:20:19 lha Exp $");
+RCSID("$KTH: kadmin.c,v 1.56 2005/05/09 15:35:22 lha Exp $");
 
 static char *config_file;
 static char *keyfile;
-static int local_flag;
+int local_flag;
+static int ad_flag;
 static int help_flag;
 static int version_flag;
 static char *realm;
@@ -46,6 +48,9 @@ static char *admin_server;
 static int server_port = 0;
 static char *client_name;
 static char *keytab;
+static char *check_library  = NULL;
+static char *check_function = NULL;
+static getarg_strings policy_libraries = { 0, NULL };
 
 static struct getargs args[] = {
     {	"principal", 	'p',	arg_string,	&client_name,
@@ -72,6 +77,15 @@ static struct getargs args[] = {
 	"server-port",	's',	arg_integer,   &server_port, 
 	"port to use", "port number" 
     },
+    {	"ad", 		0, arg_flag, &ad_flag, "active directory admin mode" },
+#ifdef HAVE_DLOPEN
+    { "check-library", 0, arg_string, &check_library, 
+      "library to load password check function from", "library" },
+    { "check-function", 0, arg_string, &check_function,
+      "password check function to load", "function" },
+    { "policy-libraries", 0, arg_strings, &policy_libraries,
+      "password check function to load", "function" },
+#endif
     {	"local", 'l', arg_flag, &local_flag, "local admin mode" },
     {	"help",		'h',	arg_flag,   &help_flag },
     {	"version",	'v',	arg_flag,   &version_flag }
@@ -79,100 +93,51 @@ static struct getargs args[] = {
 
 static int num_args = sizeof(args) / sizeof(args[0]);
 
-static SL_cmd commands[] = {
-    /* commands that are only available with `-l' */
-    { 
-	"dump",		dump,		"dump [file]",
-	"Dumps the database in a human readable format to the\n"
-	"specified file, or the standard out." 
-    },
-    { 
-	"load",		load,		"load file",
-	"Loads a previously dumped file."
-    },
-    { 
-	"merge",	merge,		"merge file" ,
-	"Merges the contents of a dump file into the database."
-    },
-    { 
-	"init",		init,		"init realm...",
-	"Initializes the default principals for a realm.\n"
-	"Creates the database if necessary."
-    },
-    /* common commands */
-    { 
-	"add",	add_new_key, 	"add principal" ,
-	"Adds a principal to the database."
-    },
-    { "add_new_key"},
-    { "ank"},
-    { 
-	"passwd",	cpw_entry, 	"passwd expression..." ,
-	"Changes the password of one or more principals\n"
-	"matching the expressions."
-    },
-    { "change_password"},
-    { "cpw"},
-    { 
-	"delete",	del_entry, 	"delete expression...",
-	"Deletes all principals matching the expressions."
-    },
-    { "del_entry" },
-    { "del" },
-    {
-	"del_enctype",	del_enctype,	"del_enctype principal enctype...",
-	"Delete all the mentioned enctypes for principal."
-    },
-    { 
-	"ext_keytab",	ext_keytab, 	"ext_keytab expression...",
-	"Extracts the keys of all principals matching the expressions,\n"
-	"and stores them in a keytab." 
-    },
-    { 
-	"get",		get_entry, 	"get expression...",
-	"Shows information about principals matching the expressions."
-    },
-    { "get_entry" },
-    { 
-	"rename",	rename_entry, 	"rename source target",
-	"Renames `source' to `target'."
-    },
-    { 
-	"modify",	mod_entry, 	"modify principal",
-	"Modifies some attributes of the specified principal."
-    },
-    { 
-	"privileges",	get_privs,	"privileges",
-	"Shows which kinds of operations you are allowed to perform."
-    },
-    { "privs" },
-    { 
-	"list",		list_princs,	"list expression...", 
-	"Lists principals in a terse format. The same as `get -t'." 
-    },
-    { "help",		help, "help"},
-    { "?"},
-    { "exit",		exit_kadmin, "exit"},
-    { "quit" },
-    { NULL}
-};
 
 krb5_context context;
 void *kadm_handle;
 
-static SL_cmd *actual_cmds;
-
 int
-help(int argc, char **argv)
+help(void *opt, int argc, char **argv)
 {
-    sl_help(actual_cmds, argc, argv);
+    if(argc == 0) {
+	sl_help(commands, 1, argv - 1 /* XXX */);
+    } else {
+	SL_cmd *c = sl_match (commands, argv[0], 0);
+ 	if(c == NULL) {
+	    fprintf (stderr, "No such command: %s. "
+		     "Try \"help\" for a list of commands\n",
+		     argv[0]);
+	} else {
+	    if(c->func) {
+		char *fake[] = { NULL, "--help", NULL };
+		fake[0] = argv[0];
+		(*c->func)(2, fake);
+		fprintf(stderr, "\n");
+	    }
+	    if(c->help && *c->help)
+		fprintf (stderr, "%s\n", c->help);
+	    if((++c)->name && c->func == NULL) {
+		int f = 0;
+		fprintf (stderr, "Synonyms:");
+		while (c->name && c->func == NULL) {
+		    fprintf (stderr, "%s%s", f ? ", " : " ", (c++)->name);
+		    f = 1;
+		}
+		fprintf (stderr, "\n");
+	    }
+	}
+    }
     return 0;
 }
 
+static int exit_seen = 0;
+
 int
-exit_kadmin (int argc, char **argv)
+exit_kadmin (void *opt, int argc, char **argv)
 {
-    return 1;
+    exit_seen = 1;
+    return 0;
 }
 
 static void
@@ -183,30 +148,12 @@ usage(int ret)
 }
 
 int
-get_privs(int argc, char **argv)
+get_privs(void *opt, int argc, char **argv)
 {
     u_int32_t privs;
     char str[128];
     kadm5_ret_t ret;
     
-    int help_flag = 0;
-    struct getargs args[] = {
-	{ "help",	'h',	arg_flag,	NULL }
-    };
-    int num_args = sizeof(args) / sizeof(args[0]);
-    int optind = 0;
-
-    args[0].value = &help_flag;
-
-    if(getarg(args, num_args, argc, argv, &optind)) {
-	arg_printusage (args, num_args, "privileges", NULL);
-	return 0;
-    }
-    if(help_flag) {
-	arg_printusage (args, num_args, "privileges", NULL);
-	return 0;
-    }
-
     ret = kadm5_get_privs(kadm_handle, &privs);
     if(ret)
 	krb5_warn(context, ret, "kadm5_get_privs");
@@ -221,9 +168,10 @@ int
 main(int argc, char **argv)
 {
     krb5_error_code ret;
-    krb5_config_section *cf = NULL;
+    char **files;
     kadm5_config_params conf;
     int optind = 0;
+    int exit_status = 0;
 
     ret = krb5_init_context(&context);
     if (ret)
@@ -246,14 +194,15 @@ main(int argc, char **argv)
     if (config_file == NULL)
 	config_file = HDB_DB_DIR "/kdc.conf";
 
-    if(krb5_config_parse_file(context, config_file, &cf) == 0) {
-	const char *p = krb5_config_get_string (context, cf, 
-						"kdc", "key-file", NULL);
-	if (p)
-	    keyfile = strdup(p);
-    }
-    krb5_clear_error_string (context);
-
+    ret = krb5_prepend_config_files_default(config_file, &files);
+    if (ret)
+	krb5_err(context, 1, ret, "getting configuration files");
+    
+    ret = krb5_set_config_files(context, files);
+    krb5_free_config_files(files);
+    if(ret) 
+	krb5_err(context, 1, ret, "reading configuration files");
+    
     memset(&conf, 0, sizeof(conf));
     if(realm) {
 	krb5_set_default_realm(context, realm); /* XXX should be fixed
@@ -272,31 +221,58 @@ main(int argc, char **argv)
 	conf.mask |= KADM5_CONFIG_KADMIND_PORT;
     }
 
-    if(local_flag){
+    if (keyfile) {
+	conf.stash_file = keyfile;
+	conf.mask |= KADM5_CONFIG_STASH_FILE;
+    }
+
+    if(local_flag) {
+	int i;
+
+	kadm5_setup_passwd_quality_check (context, 
+					  check_library, check_function);
+	
+	for (i = 0; i < policy_libraries.num_strings; i++) {
+	    ret = kadm5_add_passwd_quality_verifier(context, 
+						    policy_libraries.strings[i]);
+	    if (ret)
+		krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
+	}
+	ret = kadm5_add_passwd_quality_verifier(context, NULL);
+	if (ret)
+	    krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
+	
 	ret = kadm5_s_init_with_password_ctx(context, 
 					     KADM5_ADMIN_SERVICE,
 					     NULL,
 					     KADM5_ADMIN_SERVICE,
 					     &conf, 0, 0, 
 					     &kadm_handle);
-	actual_cmds = commands;
+    } else if (ad_flag) {
+	if (client_name == NULL)
+	    krb5_errx(context, 1, "keytab mode require principal name");
+	ret = kadm5_ad_init_with_password_ctx(context,
+					      client_name,
+					      NULL,
+					      KADM5_ADMIN_SERVICE,
+					      &conf, 0, 0,
+					      &kadm_handle);
     } else if (keytab) {
+	if (client_name == NULL)
+	    krb5_errx(context, 1, "keytab mode require principal name");
         ret = kadm5_c_init_with_skey_ctx(context,
 					 client_name,
 					 keytab,
 					 KADM5_ADMIN_SERVICE,
                                          &conf, 0, 0,
                                          &kadm_handle);
-        actual_cmds = commands + 4; /* XXX */
-    } else {
+    } else
 	ret = kadm5_c_init_with_password_ctx(context, 
 					     client_name,
 					     NULL,
 					     KADM5_ADMIN_SERVICE,
 					     &conf, 0, 0, 
 					     &kadm_handle);
-	actual_cmds = commands + 4; /* XXX */
-    }
     
     if(ret)
 	krb5_err(context, 1, ret, "kadm5_init_with_password");
@@ -307,14 +283,24 @@ main(int argc, char **argv)
                                 each function, f.i `get' might be
                                 interruptable, but not `create' */
     if (argc != 0) {
-	ret = sl_command (actual_cmds, argc, argv);
+	ret = sl_command (commands, argc, argv);
 	if(ret == -1)
 	    krb5_warnx (context, "unrecognized command: %s", argv[0]);
-    } else
-	ret = sl_loop (actual_cmds, "kadmin> ") != 0;
+	else if (ret == -2)
+	    ret = 0;
+	if(ret != 0)
+	    exit_status = 1;
+    } else {
+	while(!exit_seen) {
+	    ret = sl_command_loop(commands, "kadmin> ", NULL);
+	    if (ret == -2)
+		exit_seen = 1;
+	    else if (ret != 0)
+		exit_status = 1;
+	}
+    }
 
     kadm5_destroy(kadm_handle);
-    krb5_config_file_free (context, cf);
     krb5_free_context(context);
-    return ret;
+    return exit_status;
 }