2 * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 #include <parse_time.h>
37 #include "iprop-commands.h"
41 static krb5_context context;
43 static kadm5_server_context *
44 get_kadmin_context(const char *config_file, char *realm)
46 kadm5_config_params conf;
53 if (config_file == NULL) {
54 aret = asprintf(&file, "%s/kdc.conf", hdb_db_dir(context));
55 if (aret == -1 || file == NULL)
56 errx(1, "out of memory");
60 ret = krb5_prepend_config_files_default(config_file, &files);
63 krb5_err(context, 1, ret, "getting configuration files");
65 ret = krb5_set_config_files(context, files);
66 krb5_free_config_files(files);
68 krb5_err(context, 1, ret, "reading configuration files");
70 memset(&conf, 0, sizeof(conf));
72 conf.mask |= KADM5_CONFIG_REALM;
76 ret = kadm5_init_with_password_ctx (context,
83 krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
85 return (kadm5_server_context *)kadm_handle;
92 static const char *op_names[] = {
107 print_entry(kadm5_server_context *server_context,
116 const char *entry_kind = ctx;
121 krb5_principal source;
124 krb5_context scontext = server_context->context;
127 krb5_data_zero(&data);
129 strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", localtime(×tamp));
131 if((int)op < (int)kadm_get || (int)op > (int)kadm_nop) {
132 printf("unknown op: %d\n", op);
136 printf ("%s%s: ver = %u, timestamp = %s, len = %u\n",
137 entry_kind, op_names[op], ver, t, len);
140 krb5_ret_principal(sp, &source);
141 krb5_unparse_name(scontext, source, &name1);
142 printf(" %s\n", name1);
144 krb5_free_principal(scontext, source);
147 ret = krb5_data_alloc(&data, len);
149 krb5_err (scontext, 1, ret, "kadm_rename: data alloc: %d", len);
150 krb5_ret_principal(sp, &source);
151 krb5_storage_read(sp, data.data, data.length);
152 hdb_value2entry(scontext, &data, &ent);
153 krb5_unparse_name(scontext, source, &name1);
154 krb5_unparse_name(scontext, ent.principal, &name2);
155 printf(" %s -> %s\n", name1, name2);
158 krb5_free_principal(scontext, source);
159 free_hdb_entry(&ent);
162 ret = krb5_data_alloc(&data, len);
164 krb5_err (scontext, 1, ret, "kadm_create: data alloc: %d", len);
165 krb5_storage_read(sp, data.data, data.length);
166 ret = hdb_value2entry(scontext, &data, &ent);
172 ret = krb5_data_alloc(&data, len);
174 krb5_err (scontext, 1, ret, "kadm_modify: data alloc: %d", len);
175 krb5_ret_int32(sp, &mask);
176 krb5_storage_read(sp, data.data, data.length);
177 ret = hdb_value2entry(scontext, &data, &ent);
181 if(ent.principal /* mask & KADM5_PRINCIPAL */) {
182 krb5_unparse_name(scontext, ent.principal, &name1);
183 printf(" principal = %s\n", name1);
186 if(mask & KADM5_PRINC_EXPIRE_TIME) {
187 if(ent.valid_end == NULL) {
188 strlcpy(t, "never", sizeof(t));
190 strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S",
191 localtime(ent.valid_end));
193 printf(" expires = %s\n", t);
195 if(mask & KADM5_PW_EXPIRATION) {
196 if(ent.pw_end == NULL) {
197 strlcpy(t, "never", sizeof(t));
199 strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S",
200 localtime(ent.pw_end));
202 printf(" password exp = %s\n", t);
204 if(mask & KADM5_LAST_PWD_CHANGE) {
206 if(mask & KADM5_ATTRIBUTES) {
207 unparse_flags(HDBFlags2int(ent.flags),
208 asn1_HDBFlags_units(), t, sizeof(t));
209 printf(" attributes = %s\n", t);
211 if(mask & KADM5_MAX_LIFE) {
212 if(ent.max_life == NULL)
213 strlcpy(t, "for ever", sizeof(t));
215 unparse_time(*ent.max_life, t, sizeof(t));
216 printf(" max life = %s\n", t);
218 if(mask & KADM5_MAX_RLIFE) {
219 if(ent.max_renew == NULL)
220 strlcpy(t, "for ever", sizeof(t));
222 unparse_time(*ent.max_renew, t, sizeof(t));
223 printf(" max rlife = %s\n", t);
225 if(mask & KADM5_MOD_TIME) {
226 printf(" mod time\n");
228 if(mask & KADM5_MOD_NAME) {
229 printf(" mod name\n");
231 if(mask & KADM5_KVNO) {
232 printf(" kvno = %d\n", ent.kvno);
234 if(mask & KADM5_MKVNO) {
237 if(mask & KADM5_AUX_ATTRIBUTES) {
238 printf(" aux attributes\n");
240 if(mask & KADM5_POLICY) {
243 if(mask & KADM5_POLICY_CLR) {
244 printf(" mod time\n");
246 if(mask & KADM5_LAST_SUCCESS) {
247 printf(" last success\n");
249 if(mask & KADM5_LAST_FAILED) {
250 printf(" last failed\n");
252 if(mask & KADM5_FAIL_AUTH_COUNT) {
253 printf(" fail auth count\n");
255 if(mask & KADM5_KEY_DATA) {
256 printf(" key data\n");
258 if(mask & KADM5_TL_DATA) {
259 printf(" tl data\n");
261 free_hdb_entry(&ent);
266 krb5_ret_uint64(sp, &off);
267 printf("uberblock offset %llu ", (unsigned long long)off);
271 if (len == 16 || len == 8) {
272 krb5_ret_int32(sp, &nop_time);
273 krb5_ret_uint32(sp, &nop_ver);
275 timestamp = nop_time;
276 strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", localtime(×tamp));
277 printf("timestamp %s version %u", t, nop_ver);
284 krb5_data_free(&data);
290 iprop_dump(struct dump_options *opt, int argc, char **argv)
292 kadm5_server_context *server_context;
294 enum kadm_iter_opts iter_opts_1st = 0;
295 enum kadm_iter_opts iter_opts_2nd = 0;
299 server_context = get_kadmin_context(opt->config_file_string,
303 free(server_context->log_context.log_file);
304 server_context->log_context.log_file = strdup(argv[0]);
305 if (server_context->log_context.log_file == NULL)
306 krb5_err(context, 1, errno, "strdup");
309 if (opt->reverse_flag) {
310 iter_opts_1st = kadm_backward | kadm_unconfirmed;
311 iter_opts_2nd = kadm_backward | kadm_confirmed;
312 desc_1st = "unconfirmed ";
314 iter_opts_1st = kadm_forward | kadm_confirmed;
315 iter_opts_2nd = kadm_forward | kadm_unconfirmed;
316 desc_2nd = "unconfirmed";
319 if (opt->no_lock_flag) {
320 ret = kadm5_log_init_sharedlock(server_context, LOCK_NB);
321 if (ret == EAGAIN || ret == EWOULDBLOCK) {
322 warnx("Not locking the iprop log");
323 ret = kadm5_log_init_nolock(server_context);
325 krb5_err(context, 1, ret, "kadm5_log_init_nolock");
328 warnx("If this command appears to block, try the --no-lock option");
329 ret = kadm5_log_init_sharedlock(server_context, 0);
331 krb5_err(context, 1, ret, "kadm5_log_init_sharedlock");
334 ret = kadm5_log_foreach(server_context, iter_opts_1st,
335 NULL, print_entry, desc_1st);
337 krb5_warn(context, ret, "kadm5_log_foreach");
339 ret = kadm5_log_foreach(server_context, iter_opts_2nd,
340 NULL, print_entry, desc_2nd);
342 krb5_warn(context, ret, "kadm5_log_foreach");
344 ret = kadm5_log_end (server_context);
346 krb5_warn(context, ret, "kadm5_log_end");
348 kadm5_destroy(server_context);
353 iprop_truncate(struct truncate_options *opt, int argc, char **argv)
355 kadm5_server_context *server_context;
358 server_context = get_kadmin_context(opt->config_file_string,
362 free(server_context->log_context.log_file);
363 server_context->log_context.log_file = strdup(argv[0]);
364 if (server_context->log_context.log_file == NULL)
365 krb5_err(context, 1, errno, "strdup");
368 if (opt->keep_entries_integer < 0 &&
369 opt->max_bytes_integer < 0) {
370 opt->keep_entries_integer = 100;
371 opt->max_bytes_integer = 0;
373 if (opt->keep_entries_integer < 0)
374 opt->keep_entries_integer = 0;
375 if (opt->max_bytes_integer < 0)
376 opt->max_bytes_integer = 0;
378 if (opt->reset_flag) {
379 /* First recover unconfirmed records */
380 ret = kadm5_log_init(server_context);
382 ret = kadm5_log_reinit(server_context, 0);
384 ret = kadm5_log_init(server_context);
386 krb5_err(context, 1, ret, "kadm5_log_init");
387 ret = kadm5_log_truncate(server_context, opt->keep_entries_integer,
388 opt->max_bytes_integer);
391 krb5_err(context, 1, ret, "kadm5_log_truncate");
393 kadm5_log_signal_master(server_context);
395 kadm5_destroy(server_context);
400 last_version(struct last_version_options *opt, int argc, char **argv)
402 kadm5_server_context *server_context;
403 char *alt_argv[2] = { NULL, NULL };
408 server_context = get_kadmin_context(opt->config_file_string,
412 alt_argv[0] = strdup(server_context->log_context.log_file);
413 if (alt_argv[0] == NULL)
414 krb5_err(context, 1, errno, "strdup");
419 for (i = 0; i < argc; i++) {
420 free(server_context->log_context.log_file);
421 server_context->log_context.log_file = strdup(argv[i]);
422 if (server_context->log_context.log_file == NULL)
423 krb5_err(context, 1, errno, "strdup");
425 if (opt->no_lock_flag) {
426 ret = kadm5_log_init_sharedlock(server_context, LOCK_NB);
427 if (ret == EAGAIN || ret == EWOULDBLOCK) {
428 warnx("Not locking the iprop log");
429 ret = kadm5_log_init_nolock(server_context);
431 krb5_err(context, 1, ret, "kadm5_log_init_nolock");
434 warnx("If this command appears to block, try the "
436 ret = kadm5_log_init_sharedlock(server_context, 0);
438 krb5_err(context, 1, ret, "kadm5_log_init_sharedlock");
441 ret = kadm5_log_get_version (server_context, &version);
443 krb5_err (context, 1, ret, "kadm5_log_get_version");
445 ret = kadm5_log_end (server_context);
447 krb5_warn(context, ret, "kadm5_log_end");
449 printf("version: %lu\n", (unsigned long)version);
452 kadm5_destroy(server_context);
458 signal_master(struct signal_options *opt, int argc, char **argv)
460 kadm5_server_context *server_context;
462 server_context = get_kadmin_context(opt->config_file_string,
465 kadm5_log_signal_master(server_context);
467 kadm5_destroy(server_context);
475 int start_version = -1;
476 int end_version = -1;
479 apply_entry(kadm5_server_context *server_context,
487 struct replay_options *opt = ctx;
490 if((opt->start_version_integer != -1 && ver < (uint32_t)opt->start_version_integer) ||
491 (opt->end_version_integer != -1 && ver > (uint32_t)opt->end_version_integer)) {
492 /* XXX skip this entry */
495 printf ("ver %u... ", ver);
498 ret = kadm5_log_replay(server_context, op, ver, len, sp);
500 krb5_warn (server_context->context, ret, "kadm5_log_replay");
508 iprop_replay(struct replay_options *opt, int argc, char **argv)
510 kadm5_server_context *server_context;
513 server_context = get_kadmin_context(opt->config_file_string,
517 free(server_context->log_context.log_file);
518 server_context->log_context.log_file = strdup(argv[0]);
519 if (server_context->log_context.log_file == NULL)
520 krb5_err(context, 1, errno, "strdup");
523 ret = server_context->db->hdb_open(context,
525 O_RDWR | O_CREAT, 0600);
527 krb5_err (context, 1, ret, "db->open");
529 ret = kadm5_log_init (server_context);
531 krb5_err (context, 1, ret, "kadm5_log_init");
533 ret = kadm5_log_foreach(server_context,
534 kadm_forward | kadm_confirmed | kadm_unconfirmed,
535 NULL, apply_entry, opt);
537 krb5_warn(context, ret, "kadm5_log_foreach");
538 ret = kadm5_log_end (server_context);
540 krb5_warn(context, ret, "kadm5_log_end");
541 ret = server_context->db->hdb_close (context, server_context->db);
543 krb5_err (context, 1, ret, "db->close");
545 kadm5_destroy(server_context);
549 static int help_flag;
550 static int version_flag;
552 static struct getargs args[] = {
553 { "version", 0, arg_flag, &version_flag,
556 { "help", 'h', arg_flag, &help_flag,
561 static int num_args = sizeof(args) / sizeof(args[0]);
564 help(void *opt, int argc, char **argv)
567 sl_help(commands, 1, argv - 1 /* XXX */);
569 SL_cmd *c = sl_match (commands, argv[0], 0);
571 fprintf (stderr, "No such command: %s. "
572 "Try \"help\" for a list of commands\n",
576 static char shelp[] = "--help";
582 fprintf(stderr, "\n");
584 if(c->help && *c->help)
585 fprintf (stderr, "%s\n", c->help);
586 if((++c)->name && c->func == NULL) {
588 fprintf (stderr, "Synonyms:");
589 while (c->name && c->func == NULL) {
590 fprintf (stderr, "%s%s", f ? ", " : " ", (c++)->name);
593 fprintf (stderr, "\n");
603 arg_printusage(args, num_args, NULL, "command");
608 main(int argc, char **argv)
613 setprogname(argv[0]);
615 if(getarg(args, num_args, argc, argv, &optidx))
628 ret = krb5_init_context(&context);
630 errx(1, "krb5_init_context failed with: %d\n", ret);
632 ret = sl_command(commands, argc, argv);
634 warnx ("unrecognized command: %s", argv[0]);