2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
11 * This file implements the kas related funtions for afscp
14 #include <afsconfig.h>
15 #include <afs/param.h>
26 * Generic fuction for converting input string to an integer. Pass
27 * the error_msg you want displayed if there is an error converting
32 GetIntFromString(const char *int_str
, const char *error_msg
)
35 char *bad_char
= NULL
;
37 i
= strtoul(int_str
, &bad_char
, 10);
38 if ((bad_char
== NULL
) || (*bad_char
== 0)) {
46 DoKasPrincipalCreate(struct cmd_syndesc
*as
, void *arock
)
48 enum { PRINCIPAL
, INSTANCE
,
55 if (existing_tokens
) {
56 ERR_EXT("can't use -usetokens with kas functions");
59 strcpy(user
.principal
, as
->parms
[PRINCIPAL
].items
->data
);
61 if (as
->parms
[INSTANCE
].items
) {
62 strcpy(user
.instance
, as
->parms
[INSTANCE
].items
->data
);
67 password
= as
->parms
[PASSWORD
].items
->data
;
69 if (!kas_PrincipalCreate(cellHandle
, 0, &user
, password
, &st
)) {
70 ERR_ST_EXT("kas_PrincipalCreate", st
);
77 DoKasPrincipalDelete(struct cmd_syndesc
*as
, void *arock
)
79 enum { PRINCIPAL
, INSTANCE
};
83 if (existing_tokens
) {
84 ERR_EXT("can't use -usetokens with kas functions");
87 strcpy(user
.principal
, as
->parms
[PRINCIPAL
].items
->data
);
89 if (as
->parms
[INSTANCE
].items
) {
90 strcpy(user
.instance
, as
->parms
[PRINCIPAL
].items
->data
);
95 if (!kas_PrincipalDelete(cellHandle
, 0, &user
, &st
)) {
96 ERR_ST_EXT("kas_PrincipalDelete", st
);
103 Print_kas_principalEntry_p(kas_principalEntry_p principal
, const char *prefix
)
107 if (principal
->adminSetting
== KAS_ADMIN
) {
108 printf("%sAdmin setting: KAS_ADMIN\n", prefix
);
110 printf("%sAdmin setting: NO_KAS_ADMIN\n", prefix
);
113 if (principal
->tgsSetting
== TGS
) {
114 printf("%sTGS setting: TGS\n", prefix
);
116 printf("%sTGS setting: NO_TGS\n", prefix
);
119 if (principal
->encSetting
== ENCRYPT
) {
120 printf("%sEncrypt setting: ENCRYPT\n", prefix
);
122 printf("%sEncrypt setting: NO_ENCRYPT\n", prefix
);
125 if (principal
->cpwSetting
== CHANGE_PASSWORD
) {
126 printf("%sChange password setting: CHANGE_PASSWORD\n", prefix
);
128 printf("%sChange password setting: NO_CHANGE_PASSWORD\n", prefix
);
131 if (principal
->rpwSetting
== REUSE_PASSWORD
) {
132 printf("%sReuse password setting: REUSE_PASSWORD\n", prefix
);
134 printf("%sReuse password setting: NO_REUSE_PASSWORD\n", prefix
);
137 printf("%sExpiration: %u\n", prefix
, principal
->userExpiration
);
138 printf("%sLast modification time %u\n", prefix
, principal
->lastModTime
);
139 printf("%sLast modifying principal %s", prefix
,
140 principal
->lastModPrincipal
.principal
);
141 if (principal
->lastModPrincipal
.instance
[0] != 0) {
142 printf(".%s\n", principal
->lastModPrincipal
.instance
);
147 printf("%sLast change password time %u\n", prefix
,
148 principal
->lastChangePasswordTime
);
149 printf("%sMax ticket lifetime %d\n", prefix
,
150 principal
->maxTicketLifetime
);
151 printf("%sKey version number %d\n", prefix
, principal
->keyVersion
);
153 printf("%sKey contents :", prefix
);
154 for (i
= 0; i
< KAS_ENCRYPTION_KEY_LEN
; i
++) {
155 printf("%d ", principal
->key
.key
[i
]);
159 printf("%sKey checksum %u\n", prefix
, principal
->keyCheckSum
);
160 printf("%sDays to password expire %d\n", prefix
,
161 principal
->daysToPasswordExpire
);
162 printf("%sFailed login count %d\n", prefix
, principal
->failLoginCount
);
163 printf("%sLock time %d\n", prefix
, principal
->lockTime
);
167 DoKasPrincipalGet(struct cmd_syndesc
*as
, void *arock
)
169 enum { PRINCIPAL
, INSTANCE
};
172 kas_principalEntry_t principal
;
174 if (existing_tokens
) {
175 ERR_EXT("can't use -usetokens with kas functions");
178 strcpy(user
.principal
, as
->parms
[PRINCIPAL
].items
->data
);
180 if (as
->parms
[INSTANCE
].items
) {
181 strcpy(user
.instance
, as
->parms
[PRINCIPAL
].items
->data
);
183 user
.instance
[0] = 0;
186 if (!kas_PrincipalGet(cellHandle
, 0, &user
, &principal
, &st
)) {
187 ERR_ST_EXT("kas_PrincipalGet", st
);
190 Print_kas_principalEntry_p(&principal
, "");
196 DoKasPrincipalList(struct cmd_syndesc
*as
, void *arock
)
202 if (existing_tokens
) {
203 ERR_EXT("can't use -usetokens with kas functions");
206 if (!kas_PrincipalGetBegin(cellHandle
, 0, &iter
, &st
)) {
207 ERR_ST_EXT("kas_PrincipalGetBegin", st
);
210 printf("Listing principals:\n");
211 while (kas_PrincipalGetNext(iter
, &prin
, &st
)) {
212 printf("%s", prin
.principal
);
213 if (prin
.instance
[0] != 0) {
214 printf(".%s\n", prin
.instance
);
220 if (st
!= ADMITERATORDONE
) {
221 ERR_ST_EXT("kas_PrincipalGetNext", st
);
224 if (!kas_PrincipalGetDone(iter
, &st
)) {
225 ERR_ST_EXT("kas_PrincipalGetDone", st
);
232 DoKasPrincipalKeySet(struct cmd_syndesc
*as
, void *arock
)
234 enum { PRINCIPAL
, INSTANCE
, PASSWORD
,
238 kas_encryptionKey_t key
;
242 const char *password
;
244 if (existing_tokens
) {
245 ERR_EXT("can't use -usetokens with kas functions");
248 strcpy(user
.principal
, as
->parms
[PRINCIPAL
].items
->data
);
250 if (as
->parms
[INSTANCE
].items
) {
251 strcpy(user
.instance
, as
->parms
[INSTANCE
].items
->data
);
253 user
.instance
[0] = 0;
256 if (!afsclient_CellNameGet(cellHandle
, &cell
, &st
)) {
257 ERR_ST_EXT("afsclient_CellNameGet", st
);
260 password
= as
->parms
[PASSWORD
].items
->data
;
262 GetIntFromString(as
->parms
[KEYVERSION
].items
->data
,
263 "invalid key version number");
264 if (!kas_StringToKey(cell
, password
, &key
, &st
)) {
265 ERR_ST_EXT("kas_StringToKey", st
);
268 if (!kas_PrincipalKeySet(cellHandle
, 0, &user
, key_version
, &key
, &st
)) {
269 ERR_ST_EXT("kas_PrincipalKeySet", st
);
276 DoKasPrincipalLockStatusGet(struct cmd_syndesc
*as
, void *arock
)
278 enum { PRINCIPAL
, INSTANCE
};
281 unsigned int lock_end_time
= 0;
283 if (existing_tokens
) {
284 ERR_EXT("can't use -usetokens with kas functions");
287 strcpy(user
.principal
, as
->parms
[PRINCIPAL
].items
->data
);
289 if (as
->parms
[INSTANCE
].items
) {
290 strcpy(user
.instance
, as
->parms
[INSTANCE
].items
->data
);
292 user
.instance
[0] = 0;
295 if (!kas_PrincipalLockStatusGet
296 (cellHandle
, 0, &user
, &lock_end_time
, &st
)) {
297 ERR_ST_EXT("kas_PrincipalLockStatusGet", st
);
300 printf("The lock end time is %u\n", lock_end_time
);
306 DoKasPrincipalUnlock(struct cmd_syndesc
*as
, void *arock
)
308 enum { PRINCIPAL
, INSTANCE
};
312 if (existing_tokens
) {
313 ERR_EXT("can't use -usetokens with kas functions");
316 strcpy(user
.principal
, as
->parms
[PRINCIPAL
].items
->data
);
318 if (as
->parms
[INSTANCE
].items
) {
319 strcpy(user
.instance
, as
->parms
[INSTANCE
].items
->data
);
321 user
.instance
[0] = 0;
324 if (!kas_PrincipalUnlock(cellHandle
, 0, &user
, &st
)) {
325 ERR_ST_EXT("kas_PrincipalUnlock", st
);
332 DoKasPrincipalFieldsSet(struct cmd_syndesc
*as
, void *arock
)
334 enum { PRINCIPAL
, INSTANCE
, ADMIN
, NOADMIN
, GRANTTICKET
,
335 NOGRANTTICKET
, ENCRYPT2
, NOENCRYPT
, CHANGEPASSWORD
,
336 NOCHANGEPASSWORD
, REUSEPASSWORD
, NOREUSEPASSWORD
,
337 EXPIRES
, MAXTICKETLIFETIME
, PASSWORDEXPIRES
,
338 FAILEDPASSWORDATTEMPTS
, FAILEDPASSWORDLOCKTIME
343 kas_admin_p admin_ptr
= NULL
;
346 kas_tgs_p tgs_ptr
= NULL
;
349 kas_enc_p enc_ptr
= NULL
;
352 kas_cpw_p cpw_ptr
= NULL
;
355 kas_rpw_p reuse_ptr
= NULL
;
358 unsigned int *expire_ptr
= NULL
;
360 unsigned int max_ticket
;
361 unsigned int *max_ticket_ptr
= NULL
;
362 int have_max_ticket
= 0;
363 unsigned int password_expire
;
364 unsigned int *password_expire_ptr
= NULL
;
365 int have_password_expire
= 0;
366 unsigned int failed_password_attempts
;
367 unsigned int *failed_password_attempts_ptr
= NULL
;
368 int have_failed_password_attempts
= 0;
369 unsigned int failed_password_lock_time
;
370 unsigned int *failed_password_lock_time_ptr
= NULL
;
371 int have_failed_password_lock_time
= 0;
373 if (existing_tokens
) {
374 ERR_EXT("can't use -usetokens with kas functions");
377 strcpy(user
.principal
, as
->parms
[PRINCIPAL
].items
->data
);
379 if (as
->parms
[INSTANCE
].items
) {
380 strcpy(user
.instance
, as
->parms
[INSTANCE
].items
->data
);
382 user
.instance
[0] = 0;
385 if (as
->parms
[ADMIN
].items
) {
391 if (as
->parms
[NOADMIN
].items
) {
392 admin
= NO_KAS_ADMIN
;
395 ERR_EXT("specify either admin or noadmin, not both");
400 if (as
->parms
[GRANTTICKET
].items
) {
406 if (as
->parms
[NOGRANTTICKET
].items
) {
410 ERR_EXT("specify either grantticket or nograntticket, not both");
415 if (as
->parms
[ENCRYPT2
].items
) {
421 if (as
->parms
[NOENCRYPT
].items
) {
425 ERR_EXT("specify either encrypt or noencrypt, not both");
430 if (as
->parms
[CHANGEPASSWORD
].items
) {
431 cpw
= CHANGE_PASSWORD
;
436 if (as
->parms
[NOCHANGEPASSWORD
].items
) {
437 cpw
= NO_CHANGE_PASSWORD
;
440 ERR_EXT("specify either changepassword or "
441 "nochangepassword, not both");
446 if (as
->parms
[REUSEPASSWORD
].items
) {
447 reuse
= REUSE_PASSWORD
;
452 if (as
->parms
[REUSEPASSWORD
].items
) {
453 reuse
= NO_REUSE_PASSWORD
;
456 ERR_EXT("specify either reusepassword or "
457 "noreusepassword, not both");
462 if (as
->parms
[EXPIRES
].items
) {
464 GetIntFromString(as
->parms
[EXPIRES
].items
->data
,
465 "bad expiration date");
466 expire_ptr
= &expire
;
470 if (as
->parms
[MAXTICKETLIFETIME
].items
) {
472 GetIntFromString(as
->parms
[MAXTICKETLIFETIME
].items
->data
,
473 "bad max ticket lifetime");
474 max_ticket_ptr
= &max_ticket
;
478 if (as
->parms
[PASSWORDEXPIRES
].items
) {
480 GetIntFromString(as
->parms
[PASSWORDEXPIRES
].items
->data
,
481 "bad expiration date");
482 password_expire_ptr
= &password_expire
;
483 have_password_expire
= 1;
486 if (as
->parms
[FAILEDPASSWORDATTEMPTS
].items
) {
487 failed_password_attempts
=
488 GetIntFromString(as
->parms
[FAILEDPASSWORDATTEMPTS
].items
->data
,
489 "bad expiration date");
490 failed_password_attempts_ptr
= &failed_password_attempts
;
491 have_failed_password_attempts
= 1;
494 if (as
->parms
[FAILEDPASSWORDLOCKTIME
].items
) {
495 failed_password_lock_time
=
496 GetIntFromString(as
->parms
[FAILEDPASSWORDLOCKTIME
].items
->data
,
497 "bad expiration date");
498 failed_password_lock_time_ptr
= &failed_password_lock_time
;
499 have_failed_password_lock_time
= 1;
502 if ((have_admin
+ have_tgs
+ have_enc
+ have_cpw
+ have_reuse
+
503 have_expire
+ have_max_ticket
+ have_password_expire
+
504 have_failed_password_attempts
+ have_failed_password_lock_time
) ==
506 ERR_EXT("You must specify at least one attribute to change");
509 if (!kas_PrincipalFieldsSet
510 (cellHandle
, 0, &user
, admin_ptr
, tgs_ptr
, enc_ptr
, cpw_ptr
,
511 expire_ptr
, max_ticket_ptr
, password_expire_ptr
, reuse_ptr
,
512 failed_password_attempts_ptr
, failed_password_lock_time_ptr
, &st
)) {
513 ERR_ST_EXT("kas_PrincipalFieldsSet", st
);
520 Print_kas_serverStats_p(kas_serverStats_p stats
, const char *prefix
)
522 time_t stime
= stats
->serverStartTime
;
524 printf("%sAllocations %d\n", prefix
, stats
->allocations
);
525 printf("%sFrees %d\n", prefix
, stats
->frees
);
526 printf("%sChange password requests %d\n", prefix
,
527 stats
->changePasswordRequests
);
528 printf("%sAdmin accounts %d\n", prefix
, stats
->adminAccounts
);
529 printf("%sHost %x\n", prefix
, stats
->host
);
530 printf("%sServer start time %s\n", prefix
, ctime(&stime
));
531 printf("%sUser time %ld secs %ld usec\n", prefix
, stats
->userTime
.tv_sec
,
532 (long) stats
->userTime
.tv_usec
);
533 printf("%sSystem time %ld secs %ld usec\n", prefix
,
534 stats
->systemTime
.tv_sec
, (long) stats
->systemTime
.tv_usec
);
535 printf("%sData size %d\n", prefix
, stats
->dataSize
);
536 printf("%sStack size %d\n", prefix
, stats
->stackSize
);
537 printf("%sPage faults %d\n", prefix
, stats
->pageFaults
);
538 printf("%sHash table utilization %d\n", prefix
,
539 stats
->hashTableUtilization
);
540 printf("%sAuthentication requests %d aborts %d\n", prefix
,
541 stats
->authenticate
.requests
, stats
->authenticate
.aborts
);
542 printf("%sChange password requests %d aborts %d\n", prefix
,
543 stats
->changePassword
.requests
, stats
->changePassword
.aborts
);
544 printf("%sGet ticket requests %d aborts %d\n", prefix
,
545 stats
->getTicket
.requests
, stats
->getTicket
.aborts
);
546 printf("%sCreate user requests %d aborts %d\n", prefix
,
547 stats
->createUser
.requests
, stats
->createUser
.aborts
);
548 printf("%sSet password requests %d aborts %d\n", prefix
,
549 stats
->setPassword
.requests
, stats
->setPassword
.aborts
);
550 printf("%sSet fields requests %d aborts %d\n", prefix
,
551 stats
->setFields
.requests
, stats
->setFields
.aborts
);
552 printf("%sDelete user requests %d aborts %d\n", prefix
,
553 stats
->deleteUser
.requests
, stats
->deleteUser
.aborts
);
554 printf("%sGet entry requests %d aborts %d\n", prefix
,
555 stats
->getEntry
.requests
, stats
->getEntry
.aborts
);
556 printf("%sList entry requests %d aborts %d\n", prefix
,
557 stats
->listEntry
.requests
, stats
->listEntry
.aborts
);
558 printf("%sGet stats requests %d aborts %d\n", prefix
,
559 stats
->getStats
.requests
, stats
->getStats
.aborts
);
560 printf("%sGet password requests %d aborts %d\n", prefix
,
561 stats
->getPassword
.requests
, stats
->getPassword
.aborts
);
562 printf("%sGet random key requests %d aborts %d\n", prefix
,
563 stats
->getRandomKey
.requests
, stats
->getRandomKey
.aborts
);
564 printf("%sDebug requests %d aborts %d\n", prefix
, stats
->debug
.requests
,
565 stats
->debug
.aborts
);
566 printf("%sUDP authenticate requests %d aborts %d\n", prefix
,
567 stats
->udpAuthenticate
.requests
, stats
->udpAuthenticate
.aborts
);
568 printf("%sUDP get ticket requests %d aborts %d\n", prefix
,
569 stats
->udpGetTicket
.requests
, stats
->udpGetTicket
.aborts
);
570 printf("%sUnlock requests %d aborts %d\n", prefix
, stats
->unlock
.requests
,
571 stats
->unlock
.aborts
);
572 printf("%sLock status requests %d aborts %d\n", prefix
,
573 stats
->lockStatus
.requests
, stats
->lockStatus
.aborts
);
574 printf("%sString checks %d\n", prefix
, stats
->stringChecks
);
578 DoKasServerStatsGet(struct cmd_syndesc
*as
, void *arock
)
582 const char *server_list
[2] = { 0, 0 };
583 void *kas_server
= NULL
;
584 kas_serverStats_t stats
;
586 if (existing_tokens
) {
587 ERR_EXT("can't use -usetokens with kas functions");
590 if (as
->parms
[SERVER
].items
) {
591 server_list
[0] = as
->parms
[SERVER
].items
->data
;
594 if (!kas_ServerOpen(cellHandle
, server_list
, &kas_server
, &st
)) {
595 ERR_ST_EXT("kas_ServerOpen", st
);
598 if (!kas_ServerStatsGet(0, kas_server
, &stats
, &st
)) {
599 ERR_ST_EXT("kas_ServerStatsGet", st
);
602 Print_kas_serverStats_p(&stats
, "");
604 kas_ServerClose(kas_server
, 0);
610 Print_kas_serverDebugInfo_p(kas_serverDebugInfo_p debug
, const char *prefix
)
615 printf("%sHost %x\n", prefix
, debug
->host
);
616 time
= debug
->serverStartTime
;
617 printf("%sServer start time %s\n", prefix
, ctime(&time
));
618 time
= debug
->currentTime
;
619 printf("%sCurrent time %s\n", prefix
, ctime(&time
));
620 printf("%sNo auth %d\n", prefix
, debug
->noAuth
);
621 time
= debug
->lastTransaction
;
622 printf("%sLast transaction %s\n", prefix
, ctime(&time
));
623 printf("%sLast operation %s\n", prefix
, debug
->lastOperation
);
624 printf("%sLast principal auth %s\n", prefix
, debug
->lastPrincipalAuth
);
625 printf("%sLast principal UDP auth %s\n", prefix
,
626 debug
->lastPrincipalUDPAuth
);
627 printf("%sLast principal TGS auth %s\n", prefix
, debug
->lastPrincipalTGS
);
628 printf("%sLast principal UDP TGS auth %s\n", prefix
,
629 debug
->lastPrincipalUDPTGS
);
630 printf("%sLast principal admin %s\n", prefix
, debug
->lastPrincipalAdmin
);
631 printf("%sLast server TGS %s\n", prefix
, debug
->lastServerTGS
);
632 printf("%sLast server UDP TGS %s\n", prefix
, debug
->lastServerUDPTGS
);
633 time
= debug
->nextAutoCheckPointWrite
;
634 printf("%sNext auto check point write %s\n", prefix
, ctime(&time
));
635 printf("%sUpdates remaining before ACPW %d\n", prefix
,
636 debug
->updatesRemainingBeforeAutoCheckPointWrite
);
637 time
= debug
->dbHeaderRead
;
638 printf("%sDatabase header read %s\n", prefix
, ctime(&time
));
639 printf("%sDatabase version %d\n", prefix
, debug
->dbVersion
);
640 printf("%sDatabase free ptr %d\n", prefix
, debug
->dbFreePtr
);
641 printf("%sDatabase EOF ptr %d\n", prefix
, debug
->dbEOFPtr
);
642 printf("%sDatabase kvno ptr %d\n", prefix
, debug
->dbKvnoPtr
);
643 printf("%sDatabase special keys version%d\n", prefix
,
644 debug
->dbSpecialKeysVersion
);
645 printf("%sDatabase header lock %d\n", prefix
, debug
->dbHeaderLock
);
646 printf("%sKey cache lock %d\n", prefix
, debug
->keyCacheLock
);
647 printf("%sKey cache version %d\n", prefix
, debug
->keyCacheVersion
);
648 printf("%sKey cache size %d\n", prefix
, debug
->keyCacheSize
);
649 printf("%sKey cache used %d\n", prefix
, debug
->keyCacheUsed
);
651 printf("%sKey cache\n", prefix
);
653 for (i
= 0; i
< debug
->keyCacheUsed
; i
++) {
654 printf("%s\tPrincipal %s\n", prefix
, debug
->keyCache
[i
].principal
);
655 time
= debug
->keyCache
[i
].lastUsed
;
656 printf("%s\tLast used %s\n", prefix
, ctime(&time
));
657 printf("%s\tVersion number %d\n", prefix
,
658 debug
->keyCache
[i
].keyVersionNumber
);
659 printf("%s\tPrimary %d\n", prefix
, debug
->keyCache
[i
].primary
);
660 printf("%s\tCheck sum %d\n", prefix
, debug
->keyCache
[i
].keyCheckSum
);
667 DoKasServerDebugGet(struct cmd_syndesc
*as
, void *arock
)
671 const char *server_list
[2] = { 0, 0 };
672 void *kas_server
= NULL
;
673 kas_serverDebugInfo_t debug
;
675 if (existing_tokens
) {
676 ERR_EXT("can't use -usetokens with kas functions");
679 if (as
->parms
[SERVER
].items
) {
680 server_list
[0] = as
->parms
[SERVER
].items
->data
;
683 if (!kas_ServerOpen(cellHandle
, server_list
, &kas_server
, &st
)) {
684 ERR_ST_EXT("kas_ServerOpen", st
);
687 if (!kas_ServerDebugGet(0, kas_server
, &debug
, &st
)) {
688 ERR_ST_EXT("kas_ServerDebugGet", st
);
691 Print_kas_serverDebugInfo_p(&debug
, "");
693 kas_ServerClose(kas_server
, 0);
699 DoKasServerRandomKeyGet(struct cmd_syndesc
*as
, void *arock
)
702 kas_encryptionKey_t key
;
705 if (existing_tokens
) {
706 ERR_EXT("can't use -usetokens with kas functions");
709 if (!kas_ServerRandomKeyGet(cellHandle
, 0, &key
, &st
)) {
710 ERR_ST_EXT("kas_ServerRandomKeyGet", st
);
714 for (i
= 0; i
< KAS_ENCRYPTION_KEY_LEN
; i
++) {
715 printf("%d ", key
.key
[i
]);
723 SetupKasAdminCmd(void)
725 struct cmd_syndesc
*ts
;
727 ts
= cmd_CreateSyntax("KasPrincipalCreate", DoKasPrincipalCreate
, NULL
, 0,
728 "create a new principal");
729 cmd_AddParm(ts
, "-principal", CMD_SINGLE
, CMD_REQUIRED
,
730 "principal to create");
731 cmd_AddParm(ts
, "-instance", CMD_SINGLE
, CMD_OPTIONAL
,
732 "principal instance");
733 cmd_AddParm(ts
, "-password", CMD_SINGLE
, CMD_REQUIRED
,
734 "initial principal password");
735 SetupCommonCmdArgs(ts
);
737 ts
= cmd_CreateSyntax("KasPrincipalDelete", DoKasPrincipalDelete
, NULL
, 0,
738 "delete a principal");
739 cmd_AddParm(ts
, "-principal", CMD_SINGLE
, CMD_REQUIRED
,
740 "principal to delete");
741 cmd_AddParm(ts
, "-instance", CMD_SINGLE
, CMD_OPTIONAL
,
742 "principal instance");
743 SetupCommonCmdArgs(ts
);
745 ts
= cmd_CreateSyntax("KasPrincipalGet", DoKasPrincipalGet
, NULL
, 0,
746 "get information about a principal");
747 cmd_AddParm(ts
, "-principal", CMD_SINGLE
, CMD_REQUIRED
,
749 cmd_AddParm(ts
, "-instance", CMD_SINGLE
, CMD_OPTIONAL
,
750 "principal instance");
751 SetupCommonCmdArgs(ts
);
753 ts
= cmd_CreateSyntax("KasPrincipalList", DoKasPrincipalList
, NULL
, 0,
754 "list all principals");
755 SetupCommonCmdArgs(ts
);
757 ts
= cmd_CreateSyntax("KasPrincipalKeySet", DoKasPrincipalKeySet
, NULL
, 0,
758 "set the password for a principal");
759 cmd_AddParm(ts
, "-principal", CMD_SINGLE
, CMD_REQUIRED
,
760 "principal to modify");
761 cmd_AddParm(ts
, "-instance", CMD_SINGLE
, CMD_OPTIONAL
,
762 "principal instance");
763 cmd_AddParm(ts
, "-password", CMD_SINGLE
, CMD_REQUIRED
,
764 "new principal password");
765 cmd_AddParm(ts
, "-version", CMD_SINGLE
, CMD_REQUIRED
,
766 "password version number");
767 SetupCommonCmdArgs(ts
);
769 ts
= cmd_CreateSyntax("KasPrincipalLockStatusGet",
770 DoKasPrincipalLockStatusGet
, NULL
, 0,
771 "get the lock status of a principal");
772 cmd_AddParm(ts
, "-principal", CMD_SINGLE
, CMD_REQUIRED
,
773 "principal to query");
774 cmd_AddParm(ts
, "-instance", CMD_SINGLE
, CMD_OPTIONAL
,
775 "principal instance");
776 SetupCommonCmdArgs(ts
);
778 ts
= cmd_CreateSyntax("KasPrincipalUnlock", DoKasPrincipalUnlock
, NULL
, 0,
779 "unlock a principal");
780 cmd_AddParm(ts
, "-principal", CMD_SINGLE
, CMD_REQUIRED
,
781 "principal to unlock");
782 cmd_AddParm(ts
, "-instance", CMD_SINGLE
, CMD_OPTIONAL
,
783 "principal instance");
784 SetupCommonCmdArgs(ts
);
786 ts
= cmd_CreateSyntax("KasPrincipalFieldsSet", DoKasPrincipalFieldsSet
, NULL
, 0,
787 "modify a principal");
788 cmd_AddParm(ts
, "-principal", CMD_SINGLE
, CMD_REQUIRED
,
789 "principal to modify");
790 cmd_AddParm(ts
, "-instance", CMD_SINGLE
, CMD_OPTIONAL
,
791 "principal instance");
792 cmd_AddParm(ts
, "-admin", CMD_FLAG
, CMD_OPTIONAL
,
793 "make this principal an admin");
794 cmd_AddParm(ts
, "-noadmin", CMD_FLAG
, CMD_OPTIONAL
,
795 "remove admin from this principal");
796 cmd_AddParm(ts
, "-grantticket", CMD_FLAG
, CMD_OPTIONAL
,
797 "this principal can grant server tickets");
798 cmd_AddParm(ts
, "-nograntticket", CMD_FLAG
, CMD_OPTIONAL
,
799 "this principal cannot grant server tickets");
800 cmd_AddParm(ts
, "-encrypt", CMD_FLAG
, CMD_OPTIONAL
,
801 "this principal can encrypt data");
802 cmd_AddParm(ts
, "-noencrypt", CMD_FLAG
, CMD_OPTIONAL
,
803 "this principal cannot encrypt data");
804 cmd_AddParm(ts
, "-changepassword", CMD_FLAG
, CMD_OPTIONAL
,
805 "this principal can change its password");
806 cmd_AddParm(ts
, "-nochangepassword", CMD_FLAG
, CMD_OPTIONAL
,
807 "this principal cannot change its password");
808 cmd_AddParm(ts
, "-reusepassword", CMD_FLAG
, CMD_OPTIONAL
,
809 "this principal can reuse its password");
810 cmd_AddParm(ts
, "-noreusepassword", CMD_FLAG
, CMD_OPTIONAL
,
811 "this principal cannot reuse its password");
812 cmd_AddParm(ts
, "-expires", CMD_SINGLE
, CMD_OPTIONAL
,
813 "the time at which this principal expires");
814 cmd_AddParm(ts
, "-maxticketlifetime", CMD_SINGLE
, CMD_OPTIONAL
,
815 "the maximum ticket lifetime this principal can request");
816 cmd_AddParm(ts
, "-passwordexpires", CMD_SINGLE
, CMD_OPTIONAL
,
817 "the time at which this principal's password expires");
818 cmd_AddParm(ts
, "-failedpasswordattempts", CMD_SINGLE
, CMD_OPTIONAL
,
819 "the number of failed password attempts this principal "
820 "can incur before it is locked");
821 cmd_AddParm(ts
, "-failedpasswordlocktime", CMD_SINGLE
, CMD_OPTIONAL
,
822 "the amount of time this principal will be locked if the "
823 "maximum failed password attempts is exceeded");
824 SetupCommonCmdArgs(ts
);
826 ts
= cmd_CreateSyntax("KasServerStatsGet", DoKasServerStatsGet
, NULL
, 0,
827 "get stats on a kaserver");
828 cmd_AddParm(ts
, "-server", CMD_SINGLE
, CMD_REQUIRED
, "server to query");
829 SetupCommonCmdArgs(ts
);
831 ts
= cmd_CreateSyntax("KasServerDebugGet", DoKasServerDebugGet
, NULL
, 0,
832 "get debug info from a kaserver");
833 cmd_AddParm(ts
, "-server", CMD_SINGLE
, CMD_REQUIRED
, "server to query");
834 SetupCommonCmdArgs(ts
);
836 ts
= cmd_CreateSyntax("KasServerRandomKeyGet", DoKasServerRandomKeyGet
, NULL
, 0,
837 "create a random key");
838 SetupCommonCmdArgs(ts
);