2 Copyright (C) 1989 by the Massachusetts Institute of Technology
4 Export of this software from the United States of America is assumed
5 to require a specific license from the United States Government.
6 It is the responsibility of any person or organization contemplating
7 export to obtain such a license before exporting.
9 WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
10 distribute this software and its documentation for any purpose and
11 without fee is hereby granted, provided that the above copyright
12 notice appear in all copies and that both that copyright notice and
13 this permission notice appear in supporting documentation, and that
14 the name of M.I.T. not be used in advertising or publicity pertaining
15 to distribution of the software without specific, written prior
16 permission. M.I.T. makes no representations about the suitability of
17 this software for any purpose. It is provided "as is" without express
21 /* $FreeBSD: src/crypto/kerberosIV/kadmin/kadmin.c,v 1.1.1.3.2.1 2003/02/14 22:37:37 nectar Exp $ */
24 * Kerberos database administrator's tool.
26 * The default behavior of kadmin is if the -m option is given
27 * on the commandline, multiple requests are allowed to be given
28 * with one entry of the admin password (until the tickets expire).
31 #include "kadm_locl.h"
33 #include "parse_time.h"
35 RCSID("$Id: kadmin.c,v 1.62 1999/11/02 17:02:14 bg Exp $");
37 static int change_password(int argc, char **argv);
38 static int change_key(int argc, char **argv);
39 static int change_admin_password(int argc, char **argv);
40 static int add_new_key(int argc, char **argv);
41 static int del_entry(int argc, char **argv);
42 static int get_entry(int argc, char **argv);
43 static int mod_entry(int argc, char **argv);
44 static int help(int argc, char **argv);
45 static int clean_up_cmd(int argc, char **argv);
46 static int quit_cmd(int argc, char **argv);
47 static int set_timeout_cmd(int argc, char **argv);
49 static int set_timeout(const char *);
51 static SL_cmd cmds[] = {
52 {"change_password", change_password, "Change a user's password"},
55 {"change_key", change_key, "Change a user's password as a DES binary key"},
57 {"change_admin_password", change_admin_password,
58 "Change your admin password"},
60 {"add_new_key", add_new_key, "Add new user to kerberos database"},
62 {"del_entry", del_entry, "Delete entry from database"},
65 {"get_entry", get_entry, "Get entry from kerberos database"},
66 {"mod_entry", mod_entry, "Modify entry in kerberos database"},
67 {"destroy_tickets", clean_up_cmd, "Destroy admin tickets"},
68 {"set_timeout", set_timeout_cmd, "Set ticket timeout"},
70 {"exit", quit_cmd, "Exit program"},
72 {"help", help, "Help"},
79 #define FUDGE_VALUE 15 /* for ticket expiration time */
84 /* for get_password, whether it should do the swapping...necessary for
85 using vals structure, unnecessary for change_pw requests */
89 static krb_principal pr;
90 static char default_realm[REALM_SZ]; /* default kerberos realm */
91 static char krbrlm[REALM_SZ]; /* current realm being administered */
94 #define read_long_pw_string placebo_read_pw_string
96 #define read_long_pw_string des_read_pw_string
100 get_maxlife(Kadm_vals *vals)
107 printf("Maximum ticket lifetime? (%d) [%s] ",
108 vals->max_life, krb_life_to_atime(vals->max_life));
110 if (fgets(buff, sizeof(buff), stdin) == NULL || *buff == '\n') {
114 life = krb_atime_to_life(buff);
118 if (buff[l-2] == 'm')
119 life = krb_time_to_life(0L, life*60);
120 if (buff[l-2] == 'h')
121 life = krb_time_to_life(0L, life*60*60);
123 vals->max_life = life;
124 SET_FIELD(KADM_MAXLIFE,vals->fields);
128 get_attr(Kadm_vals *vals)
130 char buff[BUFSIZ], *out;
134 printf("Attributes? [0x%.2x] ", vals->attributes);
136 if (fgets(buff, sizeof(buff), stdin) == NULL || *buff == '\n') {
140 attr = strtol(buff, &out, 0);
141 if (attr == 0 && out == buff)
143 } while (attr < 0 || attr > 0xffff);
145 vals->attributes = attr;
146 SET_FIELD(KADM_ATTR,vals->fields);
150 parse_expdate(const char *str)
154 memset(&edate, 0, sizeof(edate));
155 if (sscanf(str, "%d-%d-%d",
156 &edate.tm_year, &edate.tm_mon, &edate.tm_mday) == 3) {
157 edate.tm_mon--; /* January is 0, not 1 */
158 edate.tm_hour = 23; /* nearly midnight at the end of the */
159 edate.tm_min = 59; /* specified day */
161 if(krb_check_tm (edate))
163 edate.tm_year -= 1900;
164 return tm2time (edate, 1);
168 get_expdate(Kadm_vals *vals)
174 strftime(buff, sizeof(buff), "%Y-%m-%d", k_localtime(&vals->exp_date));
175 printf("Expiration date (enter yyyy-mm-dd) ? [%s] ", buff);
177 if (fgets(buff, sizeof(buff), stdin) == NULL || *buff == '\n') {
181 t = parse_expdate(buff);
184 SET_FIELD(KADM_EXPDATE,vals->fields);
188 princ_exists(char *name, char *instance, char *realm)
192 int old = krb_use_admin_server(1);
193 status = krb_get_pw_in_tkt(name, instance, realm,
194 KRB_TICKET_GRANTING_TICKET,
196 krb_use_admin_server(old);
198 if ((status == KSUCCESS) || (status == INTK_BADPW))
200 else if (status == KDC_PR_UNKNOWN)
207 passwd_to_lowhigh(u_int32_t *low, u_int32_t *high, char *password, int byteswap)
211 if (strlen(password) == 0) {
212 printf("Using random password.\n");
214 memset(newkey, 0, sizeof(newkey));
216 des_random_key(newkey);
220 memset(newkey, 0, sizeof(newkey));
222 des_string_to_key(password, &newkey);
226 memcpy(low, newkey, 4);
227 memcpy(high, ((char *)newkey) + 4, 4);
229 memset(newkey, 0, sizeof(newkey));
235 if (byteswap != DONTSWAP) {
237 *high = htonl(*high);
242 get_password(u_int32_t *low, u_int32_t *high, char *prompt, int byteswap)
244 char new_passwd[MAX_KPW_LEN]; /* new password */
246 if (read_long_pw_string(new_passwd, sizeof(new_passwd)-1, prompt, 1))
248 passwd_to_lowhigh (low, high, new_passwd, byteswap);
249 memset (new_passwd, 0, sizeof(new_passwd));
254 get_admin_password(void)
257 char admin_passwd[MAX_KPW_LEN]; /* Admin's password */
258 int ticket_life = 1; /* minimum ticket lifetime */
262 /* If admin tickets exist and are valid, just exit. */
263 memset(&c, 0, sizeof(c));
264 if (krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c) == KSUCCESS)
266 * If time is less than lifetime - FUDGE_VALUE after issue date,
267 * tickets will probably last long enough for the next
270 if (time(0) < (c.issue_date + (5 * 60 * c.lifetime) - FUDGE_VALUE))
271 return(KADM_SUCCESS);
272 ticket_life = DEFAULT_TKT_LIFE;
274 if (princ_exists(pr.name, pr.instance, pr.realm) != PE_NO) {
276 snprintf(prompt, sizeof(prompt), "%s's Password: ",
277 krb_unparse_name(&pr));
278 if (read_long_pw_string(admin_passwd,
279 sizeof(admin_passwd)-1,
281 warnx ("Error reading admin password.");
284 status = krb_get_pw_in_tkt(pr.name, pr.instance, pr.realm,
285 PWSERV_NAME, KADM_SINST,
286 ticket_life, admin_passwd);
287 memset(admin_passwd, 0, sizeof(admin_passwd));
289 /* Initialize non shared random sequence from session key. */
290 memset(&c, 0, sizeof(c));
291 krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c);
294 status = KDC_PR_UNKNOWN;
300 printf("Principal %s does not exist.\n", krb_unparse_name(&pr));
303 printf("Incorrect admin password.\n");
306 com_err("kadmin", status+krb_err_base,
307 "while getting password tickets");
312 memset(admin_passwd, 0, sizeof(admin_passwd));
317 static char *principal;
318 static char *username;
320 static char *timeout;
321 static int tflag; /* use existing tickets */
322 static int mflag; /* compatibility */
323 static int version_flag;
324 static int help_flag;
326 static time_t destroy_timeout = 5 * 60;
328 struct getargs args[] = {
329 { NULL, 'p', arg_string, &principal,
330 "principal to authenticate as"},
331 { NULL, 'u', arg_string, &username,
332 "username, other than default" },
333 { NULL, 'r', arg_string, &realm, "local realm" },
334 { NULL, 'm', arg_flag, &mflag, "disable ticket timeout" },
335 { NULL, 'T', arg_string, &timeout, "default ticket timeout" },
336 { NULL, 't', arg_flag, &tflag, "use existing tickets" },
337 { "version",0, arg_flag, &version_flag },
338 { "help", 'h', arg_flag, &help_flag },
341 static int num_args = sizeof(args) / sizeof(args[0]);
347 return dest_tkt() == KSUCCESS;
352 clean_up_cmd (int argc, char **argv)
359 quit_cmd (int argc, char **argv)
367 arg_printusage(args, num_args, NULL, "[command]");
372 do_init(int argc, char **argv)
377 set_progname (argv[0]);
379 if(getarg(args, num_args, argc, argv, &optind) < 0)
388 memset(&pr, 0, sizeof(pr));
389 ret = krb_get_default_principal(pr.name, pr.instance, default_realm);
391 errx(1, "Can't figure out default principal");
392 if(pr.instance[0] == '\0')
393 strlcpy(pr.instance, "admin", sizeof(pr.instance));
396 warnx("Ignoring username when principal is given");
397 ret = krb_parse_name(principal, &pr);
399 errx(1, "%s: %s", principal, krb_get_err_text(ret));
400 if(pr.realm[0] != '\0')
401 strlcpy(default_realm, pr.realm, sizeof(default_realm));
402 } else if(username) {
403 strlcpy(pr.name, username, sizeof(pr.name));
404 strlcpy(pr.instance, "admin", sizeof(pr.instance));
408 strlcpy(default_realm, realm, sizeof(default_realm));
410 strlcpy(krbrlm, default_realm, sizeof(krbrlm));
412 if(pr.realm[0] == '\0')
413 strlcpy(pr.realm, krbrlm, sizeof(pr.realm));
415 if (kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm) != KADM_SUCCESS)
419 if(set_timeout(timeout) == -1)
420 warnx("bad timespecification `%s'", timeout);
425 destroy_timeout = 0; /* disable timeout */
428 snprintf(tktstring, sizeof(tktstring), "%s_adm_%d",
429 TKT_ROOT, (int)getpid());
430 krb_set_tkt_string(tktstring);
439 printf("\nTickets destroyed.\n");
443 main(int argc, char **argv)
445 int optind = do_init(argc, argv);
447 sl_command(cmds, argc - optind, argv + optind);
450 signal(SIGALRM, sigalrm);
451 while(sl_command_loop(cmds, "kadmin: ", &data) == 0)
452 alarm(destroy_timeout);
459 setvals(Kadm_vals *vals, char *string)
461 char realm[REALM_SZ];
462 int status = KADM_SUCCESS;
464 memset(vals, 0, sizeof(*vals));
465 memset(realm, 0, sizeof(realm));
467 SET_FIELD(KADM_NAME,vals->fields);
468 SET_FIELD(KADM_INST,vals->fields);
469 if ((status = kname_parse(vals->name, vals->instance, realm, string))) {
470 printf("kerberos error: %s\n", krb_get_err_text(status));
474 strlcpy(realm, default_realm, sizeof(realm));
475 if (strcmp(realm, krbrlm)) {
476 strlcpy(krbrlm, realm, sizeof(krbrlm));
477 if ((status = kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm))
479 printf("kadm error for realm %s: %s\n",
480 krbrlm, error_message(status));
489 set_timeout(const char *timespec)
491 int t = parse_time(timespec, "s");
499 set_timeout_cmd(int argc, char **argv)
503 printf("Usage: set_timeout [timeout]\n");
507 if(set_timeout(argv[1]) == -1){
508 printf("Bad time specification `%s'\n", argv[1]);
512 if(destroy_timeout == 0)
513 printf("Timeout disabled.\n");
515 unparse_time(destroy_timeout, ts, sizeof(ts));
516 printf("Timeout after %s.\n", ts);
522 change_password(int argc, char **argv)
526 char pw_prompt[BUFSIZ];
529 int generate_password = 0;
534 struct getargs cpw_args[] = {
535 { "random", 'r', arg_flag, NULL, "generate random password" },
538 cpw_args[i++].value = &generate_password;
540 if(getarg(cpw_args, sizeof(cpw_args) / sizeof(cpw_args[0]),
541 argc, argv, &optind)){
542 arg_printusage(cpw_args,
543 sizeof(cpw_args) / sizeof(cpw_args[0]),
553 printf("Usage: change_password [options] principal\n");
559 if (setvals(&old, user) != KADM_SUCCESS)
564 SET_FIELD(KADM_DESKEY,new.fields);
566 if (princ_exists(old.name, old.instance, krbrlm) != PE_NO) {
567 /* get the admin's password */
568 if (get_admin_password() != GOOD_PW)
572 if (generate_password) {
573 random_password(pw, sizeof(pw), &new.key_low, &new.key_high);
575 /* get the new password */
576 snprintf(pw_prompt, sizeof(pw_prompt),
577 "New password for %s:", user);
579 if (get_password(&new.key_low, &new.key_high,
580 pw_prompt, SWAP) != GOOD_PW) {
581 printf("Error reading password; password unchanged\n");
586 status = kadm_mod(&old, &new);
587 if (status == KADM_SUCCESS) {
588 printf("Password changed for %s.\n", user);
589 if (generate_password)
590 printf("Password is: %s\n", pw);
592 printf("kadmin: %s\nwhile changing password for %s",
593 error_message(status), user);
596 memset(pw, 0, sizeof(pw));
597 memset(&new, 0, sizeof(new));
599 printf("kadmin: Principal %s does not exist.\n",
600 krb_unparse_name_long (old.name, old.instance, krbrlm));
605 getkey(unsigned char *k)
608 for (i = 0; i < 8; i++)
617 if (oct < 0 || oct > 255)
621 else if (!isalpha(c))
629 return 1; /* Success */
633 printkey(unsigned char *tkey)
636 for(j = 0; j < 8; j++)
637 if(tkey[j] != '\\' && isalpha(tkey[j]) != 0)
638 printf("%c", tkey[j]);
640 printf("\\%03o",(unsigned char)tkey[j]);
645 change_key(int argc, char **argv)
648 unsigned char newkey[8];
652 printf("Usage: change_key principal-name\n");
656 if (setvals(&old, argv[1]) != KADM_SUCCESS)
661 SET_FIELD(KADM_DESKEY,new.fields);
663 if (princ_exists(old.name, old.instance, krbrlm) != PE_NO) {
664 /* get the admin's password */
665 if (get_admin_password() != GOOD_PW)
668 /* get the new password */
669 printf("New DES key for %s: ", argv[1]);
671 if (getkey(newkey)) {
672 memcpy(&new.key_low, newkey, 4);
673 memcpy(&new.key_high, ((char *)newkey) + 4, 4);
674 printf("Entered key for %s: ", argv[1]);
676 memset(newkey, 0, sizeof(newkey));
678 status = kadm_mod(&old, &new);
679 if (status == KADM_SUCCESS) {
680 printf("Key changed for %s.\n", argv[1]);
682 printf("kadmin: %s\nwhile changing key for %s",
683 error_message(status), argv[1]);
686 printf("Error reading key; key unchanged\n");
687 memset(&new, 0, sizeof(new));
690 printf("kadmin: Principal %s does not exist.\n",
691 krb_unparse_name_long (old.name, old.instance, krbrlm));
696 change_admin_password(int argc, char **argv)
700 char pword[MAX_KPW_LEN];
705 printf("Usage: change_admin_password\n");
708 if (get_pw_new_pwd(pword, sizeof(pword), &pr, 1) == 0) {
709 des_string_to_key(pword, &newkey);
710 status = kadm_change_pw_plain(newkey, pword, &pw_msg);
711 if(status == KADM_INSECURE_PW)
712 printf("Insecure password: %s\n", pw_msg);
713 else if (status == KADM_SUCCESS)
714 printf("Admin password changed\n");
716 printf("kadm error: %s\n",error_message(status));
717 memset(newkey, 0, sizeof(newkey));
718 memset(pword, 0, sizeof(pword));
723 void random_password(char*, size_t, u_int32_t*, u_int32_t*);
726 add_new_key(int argc, char **argv)
729 char pw_prompt[BUFSIZ];
731 int generate_password = 0;
732 char *password = NULL;
734 char *expiration_string = NULL;
735 time_t default_expiration = 0;
736 int expiration_set = 0;
738 char *life_string = NULL;
739 time_t default_life = 0;
743 int default_attributes = 0;
744 int attributes_set = 0;
748 /* XXX remember to update value assignments below */
749 struct getargs add_args[] = {
750 { "random", 'r', arg_flag, NULL, "generate random password" },
751 { "password", 'p', arg_string, NULL },
752 { "life", 'l', arg_string, NULL, "max ticket life" },
753 { "expiration", 'e', arg_string, NULL, "principal expiration" },
754 { "attributes", 'a', arg_integer, NULL }
757 add_args[i++].value = &generate_password;
758 add_args[i++].value = &password;
759 add_args[i++].value = &life_string;
760 add_args[i++].value = &expiration_string;
761 add_args[i++].value = &attributes;
764 if(getarg(add_args, sizeof(add_args) / sizeof(add_args[0]),
765 argc, argv, &optind)){
766 arg_printusage(add_args,
767 sizeof(add_args) / sizeof(add_args[0]),
773 if(expiration_string) {
774 default_expiration = parse_expdate(expiration_string);
775 if(default_expiration < 0)
776 warnx("Unknown expiration date `%s'", expiration_string);
781 time_t t = parse_time(life_string, "hour");
783 warnx("Unknown lifetime `%s'", life_string);
785 default_life = krb_time_to_life(0, t);
789 if(attributes != -1) {
790 default_attributes = attributes;
796 char default_name[ANAME_SZ + INST_SZ + 1];
797 char old_default[INST_SZ + 1] = "";
798 Kadm_vals new, default_vals;
802 for(i = optind; i < argc; i++) {
803 if (setvals(&new, argv[i]) != KADM_SUCCESS)
805 SET_FIELD(KADM_EXPDATE, new.fields);
806 SET_FIELD(KADM_ATTR, new.fields);
807 SET_FIELD(KADM_MAXLIFE, new.fields);
808 SET_FIELD(KADM_DESKEY, new.fields);
810 if (princ_exists(new.name, new.instance, krbrlm) == PE_YES) {
811 printf("kadmin: Principal %s already exists.\n", argv[i]);
814 /* get the admin's password */
815 if (get_admin_password() != GOOD_PW)
818 snprintf (default_name, sizeof(default_name),
819 "default.%s", new.instance);
820 if(strcmp(old_default, default_name) != 0) {
821 memset(fields, 0, sizeof(fields));
822 SET_FIELD(KADM_NAME, fields);
823 SET_FIELD(KADM_INST, fields);
824 SET_FIELD(KADM_EXPDATE, fields);
825 SET_FIELD(KADM_ATTR, fields);
826 SET_FIELD(KADM_MAXLIFE, fields);
827 if (setvals(&default_vals, default_name) != KADM_SUCCESS)
830 if (kadm_get(&default_vals, fields) != KADM_SUCCESS) {
831 /* no such entry, try just `default' */
832 if (setvals(&default_vals, "default") != KADM_SUCCESS)
834 if ((status = kadm_get(&default_vals, fields)) != KADM_SUCCESS) {
835 warnx ("kadm error: %s", error_message(status));
836 break; /* no point in continuing */
840 if (default_vals.max_life == 255) /* Defaults not set! */ {
841 /* This is the default maximum lifetime for new principals. */
842 if (strcmp(new.instance, "admin") == 0)
843 default_vals.max_life = 1 + (CLOCK_SKEW/(5*60)); /* 5+5 minutes */
844 else if (strcmp(new.instance, "root") == 0)
845 default_vals.max_life = 96; /* 8 hours */
846 else if (krb_life_to_time(0, 162) >= 24*60*60)
847 default_vals.max_life = 162; /* ca 100 hours */
849 default_vals.max_life = 255; /* ca 21 hours (maximum) */
851 /* Also fix expiration date. */
858 if (strcmp(new.name, "rcmd") == 0 ||
859 strcmp(new.name, "ftp") == 0 ||
860 strcmp(new.name, "pop") == 0)
864 default_vals.exp_date = mktime(&tm);
866 default_vals.attributes = default_vals.attributes;
869 default_life = default_vals.max_life;
871 default_expiration = default_vals.exp_date;
873 default_attributes = default_vals.attributes;
876 new.max_life = default_life;
877 new.exp_date = default_expiration;
878 new.attributes = default_attributes;
886 if(generate_password) {
887 random_password(pw, sizeof(pw), &new.key_low, &new.key_high);
888 } else if (password == NULL) {
889 /* get the new password */
890 snprintf(pw_prompt, sizeof(pw_prompt), "Password for %s:",
893 if (get_password(&new.key_low, &new.key_high,
894 pw_prompt, SWAP) != GOOD_PW) {
895 printf("Error reading password: %s not added\n", argv[i]);
896 memset(&new, 0, sizeof(new));
900 passwd_to_lowhigh (&new.key_low, &new.key_high, password, SWAP);
901 memset (password, 0, strlen(password));
904 status = kadm_add(&new);
905 if (status == KADM_SUCCESS) {
906 printf("%s added to database", argv[i]);
907 if (generate_password)
908 printf (" with password `%s'", pw);
911 printf("kadm error: %s\n",error_message(status));
913 memset(pw, 0, sizeof(pw));
914 memset(&new, 0, sizeof(new));
922 del_entry(int argc, char **argv)
929 printf("Usage: delete principal...\n");
933 for(i = 1; i < argc; i++) {
934 if (setvals(&vals, argv[i]) != KADM_SUCCESS)
937 if (princ_exists(vals.name, vals.instance, krbrlm) != PE_NO) {
938 /* get the admin's password */
939 if (get_admin_password() != GOOD_PW)
942 if ((status = kadm_del(&vals)) == KADM_SUCCESS)
943 printf("%s removed from database.\n", argv[i]);
945 printf("kadm error: %s\n",error_message(status));
948 printf("kadmin: Principal %s does not exist.\n",
949 krb_unparse_name_long (vals.name, vals.instance, krbrlm));
955 get_entry(int argc, char **argv)
962 printf("Usage: get_entry username\n");
966 memset(fields, 0, sizeof(fields));
968 SET_FIELD(KADM_NAME,fields);
969 SET_FIELD(KADM_INST,fields);
970 SET_FIELD(KADM_EXPDATE,fields);
971 SET_FIELD(KADM_ATTR,fields);
972 SET_FIELD(KADM_MAXLIFE,fields);
974 SET_FIELD(KADM_DESKEY,fields);
977 SET_FIELD(KADM_MODDATE, fields);
978 SET_FIELD(KADM_MODNAME, fields);
979 SET_FIELD(KADM_MODINST, fields);
980 SET_FIELD(KADM_KVNO, fields);
983 if (setvals(&vals, argv[1]) != KADM_SUCCESS)
987 if (princ_exists(vals.name, vals.instance, krbrlm) != PE_NO) {
988 /* get the admin's password */
989 if (get_admin_password() != GOOD_PW)
992 if ((status = kadm_get(&vals, fields)) == KADM_SUCCESS)
995 printf("kadm error: %s\n",error_message(status));
998 printf("kadmin: Principal %s does not exist.\n",
999 krb_unparse_name_long (vals.name, vals.instance, krbrlm));
1004 mod_entry(int argc, char **argv)
1008 Kadm_vals ovals, nvals;
1011 char *expiration_string = NULL;
1012 time_t default_expiration = 0;
1013 int expiration_set = 0;
1015 char *life_string = NULL;
1016 time_t default_life = 0;
1019 int attributes = -1;
1020 int default_attributes = 0;
1021 int attributes_set = 0;
1025 /* XXX remember to update value assignments below */
1026 struct getargs mod_args[] = {
1027 { "life", 'l', arg_string, NULL, "max ticket life" },
1028 { "expiration", 'e', arg_string, NULL, "principal expiration" },
1029 { "attributes", 'a', arg_integer, NULL }
1032 mod_args[i++].value = &life_string;
1033 mod_args[i++].value = &expiration_string;
1034 mod_args[i++].value = &attributes;
1037 if(getarg(mod_args, sizeof(mod_args) / sizeof(mod_args[0]),
1038 argc, argv, &optind)){
1039 arg_printusage(mod_args,
1040 sizeof(mod_args) / sizeof(mod_args[0]),
1046 if(expiration_string) {
1047 default_expiration = parse_expdate(expiration_string);
1048 if(default_expiration < 0)
1049 warnx("Unknown expiration date `%s'", expiration_string);
1054 time_t t = parse_time(life_string, "hour");
1056 warnx("Unknown lifetime `%s'", life_string);
1058 default_life = krb_time_to_life(0, t);
1062 if(attributes != -1) {
1063 default_attributes = attributes;
1068 for(i = optind; i < argc; i++) {
1070 memset(fields, 0, sizeof(fields));
1072 SET_FIELD(KADM_NAME,fields);
1073 SET_FIELD(KADM_INST,fields);
1074 SET_FIELD(KADM_EXPDATE,fields);
1075 SET_FIELD(KADM_ATTR,fields);
1076 SET_FIELD(KADM_MAXLIFE,fields);
1078 if (setvals(&ovals, argv[i]) != KADM_SUCCESS)
1083 if (princ_exists(ovals.name, ovals.instance, krbrlm) == PE_NO) {
1084 printf("kadmin: Principal %s does not exist.\n",
1085 krb_unparse_name_long (ovals.name, ovals.instance, krbrlm));
1089 /* get the admin's password */
1090 if (get_admin_password() != GOOD_PW)
1093 if ((status = kadm_get(&ovals, fields)) != KADM_SUCCESS) {
1094 printf("[ unable to retrieve current settings: %s ]\n",
1095 error_message(status));
1096 nvals.max_life = DEFAULT_TKT_LIFE;
1098 nvals.attributes = 0;
1100 nvals.max_life = ovals.max_life;
1101 nvals.exp_date = ovals.exp_date;
1102 nvals.attributes = ovals.attributes;
1106 nvals.max_life = default_life;
1107 SET_FIELD(KADM_MAXLIFE, nvals.fields);
1109 get_maxlife(&nvals);
1110 if(attributes_set) {
1111 nvals.attributes = default_attributes;
1112 SET_FIELD(KADM_ATTR, nvals.fields);
1115 if(expiration_set) {
1116 nvals.exp_date = default_expiration;
1117 SET_FIELD(KADM_EXPDATE, nvals.fields);
1119 get_expdate(&nvals);
1121 if (IS_FIELD(KADM_MAXLIFE, nvals.fields) ||
1122 IS_FIELD(KADM_ATTR, nvals.fields) ||
1123 IS_FIELD(KADM_EXPDATE, nvals.fields)) {
1124 if ((status = kadm_mod(&ovals, &nvals)) != KADM_SUCCESS) {
1125 printf("kadm error: %s\n",error_message(status));
1128 if ((status = kadm_get(&ovals, fields)) != KADM_SUCCESS) {
1129 printf("kadm error: %s\n",error_message(status));
1141 help(int argc, char **argv)
1143 sl_help (cmds, argc, argv);