kdb5_ldap_util.c revision dd9ccd46893ed9c4247368a00a0253d45a26311c
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/*
*
* (C) Copyright 1990,1991, 1996 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
*
* Edit a KDC database.
*/
/*
* Copyright (C) 1998 by the FundsXpress, INC.
*
* All rights reserved.
*
* Export of this software from the United States of America may require
* a specific license from the United States Government. It is the
* responsibility of any person or organization contemplating export to
* obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of FundsXpress. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. FundsXpress makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
/* Copyright (c) 2004-2005, Novell, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* * The copyright holder's name is not used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <stdio.h>
#include <time.h>
#include <k5-int.h>
#include <adm_proto.h>
#include <libintl.h>
#include <locale.h>
#include "kdb5_ldap_util.h"
typedef void (*cmd_func)(int, char **);
char *mkey_password = 0;
int exit_status = 0;
char *progname;
/*
* This function prints the usage of kdb5_ldap_util, which is
* the LDAP configuration utility.
*/
void usage()
{
"kdb5_ldap_util [-D user_dn [-w passwd]] [-H ldapuri]\n"
"\tcmd [cmd_options]\n"
/* Create realm */
"create [-subtrees subtree_dn_list] [-sscope search_scope] [-containerref container_reference_dn]\n"
#ifdef HAVE_EDIRECTORY
"\t\t[-kdcdn kdc_service_list] [-admindn admin_service_list]\n"
"\t\t[-pwddn passwd_service_list]\n"
#endif
"\t\t[-m|-P password|-sf stashfilename] [-k mkeytype] [-s]\n"
"\t\t[-maxtktlife max_ticket_life] [-maxrenewlife max_renewable_ticket_life]\n"
"\t\t[ticket_flags] [-r realm]\n"
/* modify realm */
"modify [-subtrees subtree_dn_list] [-sscope search_scope] [-containerref container_reference_dn]\n"
#ifdef HAVE_EDIRECTORY
"\t\t[-kdcdn kdc_service_list |\n"
"\t\t[-clearkdcdn kdc_service_list] [-addkdcdn kdc_service_list]]\n"
"\t\t[-admindn admin_service_list | [-clearadmindn admin_service_list]\n"
"\t\t[-addadmindn admin_service_list]] [-pwddn passwd_service_list |\n"
"\t\t[-clearpwddn passwd_service_list] [-addpwddn passwd_service_list]]\n"
#endif
"\t\t[-maxtktlife max_ticket_life] [-maxrenewlife max_renewable_ticket_life]\n"
"\t\t[ticket_flags] [-r realm]\n"
/* View realm */
"view [-r realm]\n"
/* Destroy realm */
"destroy [-f] [-r realm]\n"
/* List realms */
"list\n"
#ifdef HAVE_EDIRECTORY
/* Create Service */
"create_service {-kdc|-admin|-pwd} [-servicehost service_host_list]\n"
"\t\t[-realm realm_list] \n"
"\t\t[-randpw|-fileonly] [-f filename] service_dn\n"
/* Modify service */
"modify_service [-servicehost service_host_list |\n"
"\t\t[-clearservicehost service_host_list]\n"
"\t\t[-addservicehost service_host_list]]\n"
"\t\t[-realm realm_list | [-clearrealm realm_list]\n"
"\t\t[-addrealm realm_list]] service_dn\n"
/* View Service */
"view_service service_dn\n"
/* Destroy Service */
"destroy_service [-force] [-f stashfilename] service_dn\n"
/* List services */
"list_service [-basedn base_dn]\n"
/* Set Service password */
"setsrvpw [-randpw|-fileonly] [-f filename] service_dn\n"
#else
/* Stash the service password */
"stashsrvpw [-f filename] service_dn\n"
#endif
/* Create policy */
"create_policy [-r realm] [-maxtktlife max_ticket_life]\n"
"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
/* Modify policy */
"modify_policy [-r realm] [-maxtktlife max_ticket_life]\n"
"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
/* View policy */
"view_policy [-r realm] policy\n"
/* Destroy policy */
"destroy_policy [-r realm] [-force] policy\n"
/* List policies */
"list_policy [-r realm]\n",
gettext("Usage"));
}
/*
* This should print usage of 'type' command. For now, we will print usage
* of all commands.
*/
usage ();
}
/* The help messages for all sub-commands should be in the
* same order as listed in this table.
*/
static struct _cmd_table {
char *name;
int opendb;
} cmd_table[] = {
#ifdef HAVE_EDIRECTORY
{"setsrvpw", kdb5_ldap_set_service_password, 0},
#else
{"stashsrvpw", kdb5_ldap_stash_service_password, 0},
#endif
};
/*
* The function cmd_lookup returns the structure matching the
* command name and returns NULL if nothing matches.
*/
char *name;
{
int i;
return &cmd_table[i];
return NULL;
}
/*
* The function cmd_index provides the offset of the command
* in the command table, which can be used to get the corresponding
* help from the help message table.
*/
char *name;
{
int i;
return -1;
return i;
return -1;
}
{
const char *emsg;
/* Solaris Kerberos: code should be like that in kdb5_util.c */
if (code) {
} else {
}
}
int argc;
char *argv[];
{
int cmd_argc = 0;
int usage_print = 0;
int gp_is_static = 1;
char *ldap_server = NULL;
unsigned int ldapmask = 0;
unsigned int passwd_len = 0;
/*
* Solaris Kerberos:
* Ensure that "progname" is set before calling com_err.
*/
if (retval) {
exit_status++;
goto cleanup;
}
exit_status++;
goto cleanup;
}
cmd_argc = 1;
while (*argv) {
}
manual_mkey = TRUE;
/* not sure this is really necessary */
global_params.realm))) {
exit_status++;
goto cleanup;
}
/* Solaris Kerberos */
}
else
manual_mkey = TRUE;
exit_status++;
goto cleanup;
}
ldapmask |= CMD_LDAP_D;
exit_status++;
goto cleanup;
}
ldapmask |= CMD_LDAP_W;
if (ldap_server == NULL) {
exit_status++;
goto cleanup;
}
ldapmask |= CMD_LDAP_H;
else {
usage();
goto cleanup;
}
} else {
}
}
usage();
goto cleanup;
}
/* if we need to print the help message (because of --help option)
* we will print the help corresponding to the sub-command.
*/
if (print_help_message) {
usage();
goto cleanup;
}
/* We need to check for the presence of default realm name only in
* the case of realm related operations like create, destroy etc.
*/
}
if (!util_context->default_realm) {
if (retval) {
if (realm_name_required) {
exit_status++;
goto cleanup;
}
} else
}
/* If we have the realm name, we can safely say that
* realm_name is required so that we don't neglect any information.
*/
else
NULL,
&value);
if (!(value)) {
NULL,
&value);
if (!(value)) {
if (util_context->default_realm)
} else {
}
} else {
}
if (realm_name_required) {
if (retval) {
/* Solaris Kerberos */
exit_status++;
goto cleanup;
}
gp_is_static = 0;
}
if ((retval = krb5_ldap_lib_init()) != 0) {
/* Solaris Kerberos */
exit_status++;
goto cleanup;
}
/* Initialize the ldap context */
if (ldap_context == NULL) {
/* Solaris Kerberos */
exit_status++;
goto cleanup;
}
/* If LDAP parameters are specified, replace them with the values from config */
if (ldapmask & CMD_LDAP_D) {
/* If password is not specified, prompt for it */
/* Solaris Kerberos */
exit_status++;
goto cleanup;
}
/* Solaris Kerberos */
exit_status++;
goto cleanup;
}
if ((db_retval) || (passwd_len == 0)) {
/* Solaris Kerberos */
exit_status++;
goto cleanup;
}
}
}
/* If ldaphost is specified, release entry filled by configuration & use this */
if (ldapmask & CMD_LDAP_H) {
ldap_context->server_info_list = (krb5_ldap_server_info **) calloc (2, sizeof (krb5_ldap_server_info *)) ;
/* Solaris Kerberos */
exit_status++;
goto cleanup;
}
ldap_context->server_info_list[0] = (krb5_ldap_server_info *) calloc (1, sizeof (krb5_ldap_server_info));
/* Solaris Kerberos */
exit_status++;
goto cleanup;
}
/* Solaris Kerberos */
exit_status++;
goto cleanup;
}
}
if (bind_dn) {
/* Solaris Kerberos */
exit_status++;
goto cleanup;
}
} else
if (realm_name_required) {
/* Solaris Kerberos */
}
}
/* Setup DAL handle to access the database */
if (dal_handle == NULL) {
goto cleanup;
}
if (db_retval) {
/* Solaris Kerberos */
exit_status++;
goto cleanup;
}
if (db_retval) {
exit_status++;
goto cleanup;
}
}
goto cleanup;
if (passwd)
if (util_context) {
if (gp_is_static == 0)
}
if (cmd_argv)
if (prompt)
if (conf_section)
if (dal_handle)
if (usage_print) {
usage();
}
return exit_status;
}