 * Create or change a principal and/or generate a srvtab.
 * Sets the key of a principal in the AFS kaserver given a srvtab, enables or
 * disables a principal, or displays information about a principal in an AFS
 * kaserver.
 * Written by Roland Schemers <schemers@stanford.edu>
 * Updated by Russ Allbery <rra@stanford.edu>
 * Updated again by Anton Ushakov  <antonu@stanford.edu>
 * Copyright 1994, 1998, 1999, 2000, 2006, 2007, 2008
 *     Board of Trustees, Leland Stanford Jr. University
 * See LICENSE for licensing terms.

#include <config.h>
#include <portable/system.h>

#include <errno.h>
#include <fcntl.h>
#include <sys/stat.h>

# include <kerberosIV/krb.h>
# include <krb.h>

#include <afs/stds.h>
#include <afs/kauth.h>
#include <afs/kautils.h>
#include <afs/cellconfig.h>
#include <ubik.h>

#include <util/util.h>

/* Normally set by the AFS libraries. */
#ifndef SNAME_SZ
# define SNAME_SZ       40
# define INST_SZ        40
# define REALM_SZ       40

 * AFS currently doesn't prototype this function.  Cheat on the first argument
 * since it actually takes a function with a completely variable argument
 * list.
afs_int32 ubik_Call(void *, struct ubik_client *, afs_int32, ...);

/* The name of the program, for error reporting. */
static const char *program = NULL;

/* Some global state information. */
struct config {
    char *local_cell;
    int debug;                  /* Whether to enable debugging. */
    int init;                   /* Keyfile initialization. */
    int random;                 /* Randomize the key. */
    int tgs;                    /* Enable the principal. */
    int notgs;                  /* Disable the princial. */
    char *keyfile;              /* Name of srvtab to use. */
    char *admin;                /* Name of ADMIN user to use. */
    char *password;             /* Password to use. */
    char *srvtab;               /* srvtab file to generate. */
    char *service;              /* Principal to create/enable. */
    char *delete;               /* Principal to delete. */
    char *examine;              /* Principal to examine. */
    char *k5srvtab;             /* K5 converted srvtab to read for key. */

/* Usage message.  Pass in the program name four times. */
static const char usage_message[] = "\
Usage: %s [options]\n\
  -a adminuser     Admin user\n\
  -c k5srvtab      Use the key from the given srvtab (for sync w/ K5)\n\
  -D service       Name of service to delete\n\
  -d               Turn on debugging\n\
  -e principal     Examine the given principal\n\
  -f srvtab        Name of srvtab file to create\n\
  -h               This help\n\
  -i               Initialize DES key file\n\
  -k keyfile       File containing srvtab for admin user\n\
  -n               Set the principal NOTGS\n\
  -p password      Use given password to create key\n\
  -r               Use random key\n\
  -s service       Name of service to create\n\
  -t               Set the principal TGS\n\
  -v               Print version\n\
To create a srvtab for rcmd.slapshot and be prompted for the admin\n\
    %s -f srvtab.rcmd.slapshot -s rcmd.slapshot -r\n\
To create a srvtab from within a script you must stash the DES key\n\
in a srvtab with:\n\
    %s -a admin -i -k /.adminkey\n\
and then create a srvtab for rcmd.slapshot with:\n\
    %s -k /.adminkey -a admin -r -f srvtab -s rcmd.slapshot\n\

 * Print out the usage message and then exit with the status given as the only
 * argument.  If status is zero, the message is printed to standard output;
 * otherwise, it is sent to standard error.
static void
usage(int status)
    if (program == NULL)
        program = "";
    fprintf((status == 0) ? stdout : stderr, usage_message,
            program, program, program, program);

 * Parse a principal name into name, inst, and cell, filling in the cell from
 * local_cell if none was given.  cell here is actually a realm and shouldn't
 * need any further conversion.
static void
parse_principal(struct config *config, char *principal, char *name,
                char *inst, char *cell)
    long code;
    int local;

    code = ka_ParseLoginName(principal, name, inst, cell);
    if (config->debug)
        printf("ka_ParseLoginName %ld\n", code);
    if (code != 0)
        die("can't parse principal %s", principal);
    if (cell[0] == '\0') {
        if (ka_CellToRealm(config->local_cell, cell, &local) == KANOCELL)
            die("unable to determine realm from local cell");

 * Given a srvtab file name, the principal, the kvno, and the key, write out a
 * new srvtab file.  Dies on any error.
static void
write_srvtab(const char *filename, const char *name, const char *inst,
             char *cell, unsigned char kvno, struct ktc_encryptionKey *key)
    int fd;

    fd = open(filename, O_WRONLY | O_CREAT, 0600);
    if (fd == -1)
        sysdie("can't create srvtab %s", filename);
    if (write(fd, name, strlen(name) + 1) != (ssize_t) strlen(name) + 1)
        sysdie("can't write to srvtab %s", filename);
    if (write(fd, inst, strlen(inst) + 1) != (ssize_t) strlen(inst) + 1)
        sysdie("can't write to srvtab %s", filename);
    if (write(fd, cell, strlen(cell) + 1) != (ssize_t) strlen(cell) + 1)
        sysdie("can't write to srvtab %s", filename);
    if (write(fd, &kvno, 1) != 1)
        sysdie("can't write to srvtab %s", filename);
    if (write(fd, key, sizeof(*key)) != sizeof(*key))
        sysdie("can't write to srvtab %s", filename);
    if (close(fd) != 0)
        sysdie("can't close srvtab %s", filename);

 * Initialize a DES keyfile from a password.  If the password wasn't given via
 * a command-line option, prompt for it.
static void
initialize_admin_srvtab(struct config *config)
    struct ktc_encryptionKey key;
    char name[MAXKTCNAMELEN];
    char inst[MAXKTCNAMELEN];
    char cell[MAXKTCNAMELEN];
    long code;

    if (config->keyfile == NULL || config->admin == NULL)

    /* Get the password, one way or another. */
    parse_principal(config, config->admin, name, inst, cell);
    if (config->password != NULL) {
        ka_StringToKey(config->password, cell, &key);
        memset(config->password, 0, strlen(config->password));
    } else {
        char buffer[MAXKTCNAMELEN * 3 + 40];

        sprintf(buffer,"password for %s: ", config->admin);
        code = ka_ReadPassword(buffer, 1, cell, &key);
        if (code != 0)
            die("can't read password");

    /* Create the admin srvtab, removing any old one if one exists. */
    write_srvtab(config->keyfile, name, inst, cell, 0, &key);

 * Takes the configuration struct and obtains an admin token, which it stores
 * in the second parameter.  Dies on any failure.
static void
authenticate(struct config *config, struct ktc_token *token)
    char name[MAXKTCNAMELEN];
    char inst[MAXKTCNAMELEN];
    char cell[MAXKTCNAMELEN];
    long code;
    struct ktc_encryptionKey key;

    /* Get the admin password one way or the other. */
    parse_principal(config, config->admin, name, inst, cell);
    if (config->keyfile) {
        code = read_service_key(name, inst, cell, 0, config->keyfile,
                                (char *) &key);
        if (config->debug)
            printf("read_service_key %ld\n", code);
        if (code != 0)
            die("can't get key for %s.%s@%s from srvtab %s", name, inst,
                cell, config->keyfile);
    } else {
        char buffer[MAXKTCNAMELEN * 3 + 40];

        sprintf(buffer, "password for %s: ", config->admin);
        code = ka_ReadPassword(buffer, 0, cell, &key);
        if (code)
            die("can't read password");

    /* Now, get the admin token. */
    code = ka_GetAdminToken(name, inst, cell, &key, 300, token, 1);
    memset(&key, 0, sizeof(key));
    if (config->debug)
        printf("ka_GetAdminToken %ld\n", code);
    if (code != 0)
        die("can't get admin token");

 * Delete a principal out of the AFS kaserver.
static void
delete_principal(struct config *config)
    struct ktc_token token;
    struct ubik_client *conn;
    char name[MAXKTCNAMELEN];
    char inst[MAXKTCNAMELEN];
    char cell[MAXKTCNAMELEN];
    long code;

    /* Make connection to AuthServer. */
    authenticate(config, &token);
    parse_principal(config, config->delete, name, inst, cell);
    code = ka_AuthServerConn(cell, KA_MAINTENANCE_SERVICE, &token, &conn);
    if (config->debug)
        printf("ka_AuthServerConn %s %ld\n", cell, code);
    if (code != 0)
        die("can't make connection to auth server");

    /* Delete the user. */
    code = ubik_Call(KAM_DeleteUser, conn, 0, name, inst);
    if (config->debug)
        printf("ubik_Call KAM_DeleteUser %ld\n", code);
    if (code != 0 && code != KANOENT)
        die("can't delete existing instance");
    code = ubik_ClientDestroy(conn);

 * Format a date.  The output format expects ctime-style date formatting, so
 * we use that.  Takes a buffer into which to put the date.  There will be a
 * trailing newline.
static void
format_date(char *buffer, size_t size, time_t date)
    if (date == (time_t) NEVERDATE)
        strlcpy(buffer, "never\n", size);
        strlcpy(buffer, ctime(&date), size);

 * Enable or disable a principal in the AFS kaserver (by setting or clearing
 * the NOTGS flag).  The second argument says to enable if it's true, disable
 * otherwise.
static void
enable_principal(struct config *config, int enable)
    struct ktc_token token;
    struct ubik_client *conn;
    struct kaentryinfo entry;
    char name[MAXKTCNAMELEN];
    char inst[MAXKTCNAMELEN];
    char cell[MAXKTCNAMELEN];
    long code;

    /* Make connection to AuthServer. */
    authenticate(config, &token);
    parse_principal(config, config->service, name, inst, cell);
    code = ka_AuthServerConn(cell, KA_MAINTENANCE_SERVICE, &token, &conn);
    if (config->debug)
        printf("ka_AuthServerConn %s %ld\n", cell, code);
    if (code != 0)
        die("can't make connection to auth server");

    /* Retrieve the principal information. */
    code = ubik_Call(KAM_GetEntry, conn, 0, name, inst, KAMAJORVERSION,
    if (config->debug)
        printf("ubik_Call KAM_GetEntry %ld\n", code);
    if (code != 0)
        die("can't retrieve current flags");

    /* Set the flags. */
    if (enable)
        entry.flags &= ~KAFNOTGS;
        entry.flags |= KAFNOTGS;
    code = ubik_Call(KAM_SetFields, conn, 0, name, inst, entry.flags, 0, 0,
                     -1, 0, 0);
    if (config->debug)
        printf("ubik_Call KAM_SetFields %ld\n", code);
    if (code != 0)
        die("can't %s principal", enable ? "enable" : "disable");
    code = ubik_ClientDestroy(conn);

 * Examine a principal.  The output format is compatible with the old Stanford
 * Kerberos v4 kadmin, which may be compatible with Kerberos v4 kadmin in
 * general (I haven't checked).
static void
examine_principal(struct config *config)
    struct ktc_token token;
    struct ubik_client *conn;
    struct kaentryinfo entry;
    char name[MAXKTCNAMELEN];
    char inst[MAXKTCNAMELEN];
    char cell[MAXKTCNAMELEN];
    long code;
    char edate[64], cdate[64], mdate[64];

    /* Make connection to AuthServer. */
    authenticate(config, &token);
    parse_principal(config, config->examine, name, inst, cell);
    code = ka_AuthServerConn(cell, KA_MAINTENANCE_SERVICE, &token, &conn);
    if (config->debug)
        printf("ka_AuthServerConn %s %ld\n", cell, code);
    if (code != 0)
        die("can't make connection to auth server");

    /* Retrieve and format the entry. */
    code = ubik_Call(KAM_GetEntry, conn, 0, name, inst, KAMAJORVERSION,
    if (config->debug)
        printf("ubik_Call KAM_GetEntry %ld\n", code);
    if (code != 0) {
        if (code == KANOENT)
            die("no such entry in the database");
            die("can't retrieve principal information");
    format_date(edate, sizeof(edate), entry.user_expiration);
    format_date(mdate, sizeof(cdate), entry.modification_time);
    format_date(cdate, sizeof(mdate), entry.change_password_time);
    printf("status: %s\n", (entry.flags & KAFNOTGS) ? "disabled" : "enabled");
    printf("account expiration: %s", edate);
    printf("password last changed: %s", cdate);
    printf("modification time: %s", mdate);
    printf("modified by: %s%s%s\n", entry.modification_user.name,
           (entry.modification_user.instance[0] != '\0') ? "." : "",
    code = ubik_ClientDestroy(conn);

 * Create a new principal in the AFS kaserver (deleting it and recreating it
 * if it already exists) with either the indicated key or with a random key,
 * and then write out a srvtab for that principal.  Also supported is reading
 * the key from an existing srvtab (likely created via Kerberos v5 kadmin from
 * a keytab).
static void
generate_srvtab(struct config *config)
    struct ktc_token token;
    struct ubik_client *conn;
    char name[MAXKTCNAMELEN];
    char inst[MAXKTCNAMELEN];
    char cell[MAXKTCNAMELEN];
    long code;
    struct ktc_encryptionKey key;

    /* Make connection to AuthServer. */
    authenticate(config, &token);
    parse_principal(config, config->service, name, inst, cell);
    code = ka_AuthServerConn(cell, KA_MAINTENANCE_SERVICE, &token, &conn);
    if (config->debug)
        printf("ka_AuthServerConn %s %ld\n", cell, code);
    if (code != 0)
        die("can't make connection to auth server");

    /* Get the key for the principal we're creating. */
    if (config->k5srvtab != NULL) { 
        char buffer[SNAME_SZ * 4];
        char *p;
        char sname[SNAME_SZ];
        char sinst[INST_SZ];
        char srealm[REALM_SZ];
        unsigned char kvno;
        FILE *srvtab;

        /* Read the whole converted srvtab into memory. */
        srvtab = fopen(config->k5srvtab, "r");
        if (srvtab == NULL)
            sysdie("can't open converted srvtab %s", config->k5srvtab);
        if (fgets(buffer, sizeof(buffer), srvtab) == NULL)
            sysdie("can't read converted srvtab %s", config->k5srvtab);

        /* Now parse it.  Fields are delimited by NUL. */
        p = buffer;
        strncpy(sname, p, SNAME_SZ - 1);
        sname[sizeof(sname) - 1] = '\0';
        p += strlen(sname) + 1;
        strncpy(sinst, p, INST_SZ - 1);
        sinst[sizeof(sinst) - 1] = '\0';
        p += strlen(sinst) + 1;
        strncpy(srealm, p, REALM_SZ - 1);
        srealm[sizeof(srealm) - 1] = '\0';
        p += strlen(srealm) + 1;
        memcpy(&kvno, p, sizeof(unsigned char));
        p += sizeof(unsigned char);
        memcpy(key.data, p, sizeof(key));
        memset(buffer, 0, sizeof(buffer));
    } else if (config->random) {
        code = ubik_Call(KAM_GetRandomKey, conn, 0, &key);
        if (config->debug)
            printf("ubik_Call KAM_GetRandomKey %ld\n", code);
        if (code != 0)
            die("can't get random key");
    } else {
        code = ka_ReadPassword((char *) "service password: ", 1, cell, &key);
        if (code != 0)
            die("can't read password");

     * Now, we have the key.  Try to create the principal.  If it already
     * exists, try deleting it first and then creating it again.
    code = ubik_Call(KAM_CreateUser, conn, 0, name, inst, key);
    if (config->debug)
        printf("ubik_Call KAM_CreateUser %ld\n", code);
    if (code == KAEXIST) {
        code = ubik_Call(KAM_DeleteUser, conn, 0, name, inst);
        if (config->debug)
            printf("ubik_Call KAM_DeleteUser %ld\n", code);
        if (code != 0)
            die("can't delete existing instance");
        code = ubik_Call(KAM_CreateUser, conn, 0, name, inst, key);
        if (config->debug)
            printf("ubik_Call KAM_CreateUser %ld\n", code);
    if (code != 0)
        die("can't create user");
    code = ubik_ClientDestroy (conn);

    /* Create the srvtab file.  Don't bother if we have a converted one. */
    if (config->srvtab && !config->k5srvtab) {
        unsigned char kvno = 0;

        /* Make a backup copy of any existing one, just in case. */
        if (access(config->srvtab, F_OK) == 0) {
            char backup[MAXPATHLEN];

            snprintf(backup, sizeof(backup), "%s.bak", config->srvtab);
            if (rename(config->srvtab, backup) != 0)
                sysdie("can't create backup srvtab %s", backup);
        write_srvtab(config->srvtab, name, inst, cell, kvno, &key);
    memset(&key, 0, sizeof(key));

main(int argc, char *argv[])
    long code;
    int opt;
    struct config config;
    /* Initialize, get our local cell, etc. */
    memset(&config, 0, sizeof(config));
    code = ka_Init(0);
    config.local_cell = ka_LocalCell();
    if (config.local_cell == NULL || code != 0)
        die("can't initialize");

    /* Parse options. */
    while ((opt = getopt(argc, argv, "a:c:D:de:f:hik:np:rs:tv")) != EOF) {
        switch (opt) {
        case 'a': config.admin = optarg;        break;
        case 'c': config.k5srvtab = optarg;     break;
        case 'D': config.delete = optarg;       break;
        case 'd': config.debug = 1;             break;
        case 'e': config.examine = optarg;      break;
        case 'f': config.srvtab = optarg;       break;
        case 'i': config.init = 1;              break;
        case 'k': config.keyfile = optarg;      break;
        case 'n': config.notgs = 1;             break;
        case 'p': config.password = optarg;     break;
        case 'r': config.random = 1;            break;
        case 's': config.service = optarg;      break;
        case 't': config.tgs = 1;               break;

        /* Usage doesn't return. */
        case 'h':
        case 'v':
            printf("kasetkey %s\n", PACKAGE_VERSION);

    /* Take the right action. */
    if (config.random && config.k5srvtab)
    if (config.notgs && config.tgs)
        die("cannot set principal both TGS and NOTGS at the same time");
    if ((config.notgs || config.tgs) && config.service == NULL)
        die("must specify a principal with -s");
    if (config.debug)
        fprintf(stdout, "cell: %s\n", config.local_cell);
    if (config.init)
    else if (config.tgs || config.notgs)
        enable_principal(&config, config.tgs);
    else if (config.examine != NULL)
    else if (config.service != NULL)
    else if (config.delete != NULL)