2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
11 * This file implements the kas related funtions for afscp
14 #include <afsconfig.h>
15 #include <afs/param.h>
28 * Generic fuction for converting input string to an integer. Pass
29 * the error_msg you want displayed if there is an error converting
34 GetIntFromString(const char *int_str, const char *error_msg)
37 char *bad_char = NULL;
39 i = strtoul(int_str, &bad_char, 10);
40 if ((bad_char == NULL) || (*bad_char == 0)) {
48 DoKasPrincipalCreate(struct cmd_syndesc *as, char *arock)
50 typedef enum { PRINCIPAL, INSTANCE,
52 } DoKasPrincipalCreate_parm_t;
54 const char *instance = NULL;
58 strcpy(user.principal, as->parms[PRINCIPAL].items->data);
60 if (as->parms[INSTANCE].items) {
61 strcpy(user.instance, as->parms[INSTANCE].items->data);
66 password = as->parms[PASSWORD].items->data;
68 if (!kas_PrincipalCreate(cellHandle, 0, &user, password, &st)) {
69 ERR_ST_EXT("kas_PrincipalCreate", st);
76 DoKasPrincipalDelete(struct cmd_syndesc *as, char *arock)
78 typedef enum { PRINCIPAL, INSTANCE } DoKasPrincipalGet_parm_t;
80 const char *instance = NULL;
83 strcpy(user.principal, as->parms[PRINCIPAL].items->data);
85 if (as->parms[INSTANCE].items) {
86 strcpy(user.instance, as->parms[PRINCIPAL].items->data);
91 if (!kas_PrincipalDelete(cellHandle, 0, &user, &st)) {
92 ERR_ST_EXT("kas_PrincipalDelete", st);
99 Print_kas_principalEntry_p(kas_principalEntry_p principal, const char *prefix)
103 if (principal->adminSetting == KAS_ADMIN) {
104 printf("%sAdmin setting: KAS_ADMIN\n", prefix);
106 printf("%sAdmin setting: NO_KAS_ADMIN\n", prefix);
109 if (principal->tgsSetting == TGS) {
110 printf("%sTGS setting: TGS\n", prefix);
112 printf("%sTGS setting: NO_TGS\n", prefix);
115 if (principal->encSetting == ENCRYPT) {
116 printf("%sEncrypt setting: ENCRYPT\n", prefix);
118 printf("%sEncrypt setting: NO_ENCRYPT\n", prefix);
121 if (principal->cpwSetting == CHANGE_PASSWORD) {
122 printf("%sChange password setting: CHANGE_PASSWORD\n", prefix);
124 printf("%sChange password setting: NO_CHANGE_PASSWORD\n", prefix);
127 if (principal->rpwSetting == REUSE_PASSWORD) {
128 printf("%sReuse password setting: REUSE_PASSWORD\n", prefix);
130 printf("%sReuse password setting: NO_REUSE_PASSWORD\n", prefix);
133 printf("%sExpiration: %u\n", prefix, principal->userExpiration);
134 printf("%sLast modification time %u\n", prefix, principal->lastModTime);
135 printf("%sLast modifying principal %s", prefix,
136 principal->lastModPrincipal.principal);
137 if (principal->lastModPrincipal.instance[0] != 0) {
138 printf(".%s\n", principal->lastModPrincipal.instance);
143 printf("%sLast change password time %u\n", prefix,
144 principal->lastChangePasswordTime);
145 printf("%sMax ticket lifetime %d\n", prefix,
146 principal->maxTicketLifetime);
147 printf("%sKey version number %d\n", prefix, principal->keyVersion);
149 printf("%sKey contents :", prefix);
150 for (i = 0; i < KAS_ENCRYPTION_KEY_LEN; i++) {
151 printf("%d ", principal->key.key[i]);
153 printf("\n", prefix);
155 printf("%sKey checksum %u\n", prefix, principal->keyCheckSum);
156 printf("%sDays to password expire %d\n", prefix,
157 principal->daysToPasswordExpire);
158 printf("%sFailed login count %d\n", prefix, principal->failLoginCount);
159 printf("%sLock time %d\n", prefix, principal->lockTime);
163 DoKasPrincipalGet(struct cmd_syndesc *as, char *arock)
165 typedef enum { PRINCIPAL, INSTANCE } DoKasPrincipalGet_parm_t;
167 const char *instance = NULL;
169 kas_principalEntry_t principal;
171 strcpy(user.principal, as->parms[PRINCIPAL].items->data);
173 if (as->parms[INSTANCE].items) {
174 strcpy(user.instance, as->parms[PRINCIPAL].items->data);
176 user.instance[0] = 0;
179 if (!kas_PrincipalGet(cellHandle, 0, &user, &principal, &st)) {
180 ERR_ST_EXT("kas_PrincipalGet", st);
183 Print_kas_principalEntry_p(&principal, "");
189 DoKasPrincipalList(struct cmd_syndesc *as, char *arock)
195 if (!kas_PrincipalGetBegin(cellHandle, 0, &iter, &st)) {
196 ERR_ST_EXT("kas_PrincipalGetBegin", st);
199 printf("Listing principals:\n");
200 while (kas_PrincipalGetNext(iter, &prin, &st)) {
201 printf("%s", prin.principal);
202 if (prin.instance[0] != 0) {
203 printf(".%s\n", prin.instance);
209 if (st != ADMITERATORDONE) {
210 ERR_ST_EXT("kas_PrincipalGetNext", st);
213 if (!kas_PrincipalGetDone(iter, &st)) {
214 ERR_ST_EXT("kas_PrincipalGetDone", st);
221 DoKasPrincipalKeySet(struct cmd_syndesc *as, char *arock)
223 typedef enum { PRINCIPAL, INSTANCE, PASSWORD,
225 } DoKasPrincipalKeySet_parm_t;
227 kas_encryptionKey_t key;
231 const char *password;
233 strcpy(user.principal, as->parms[PRINCIPAL].items->data);
235 if (as->parms[INSTANCE].items) {
236 strcpy(user.instance, as->parms[INSTANCE].items->data);
238 user.instance[0] = 0;
241 if (!afsclient_CellNameGet(cellHandle, &cell, &st)) {
242 ERR_ST_EXT("afsclient_CellNameGet", st);
245 password = as->parms[PASSWORD].items->data;
247 GetIntFromString(as->parms[KEYVERSION].items->data,
248 "invalid key version number");
249 if (!kas_StringToKey(cell, password, &key, &st)) {
250 ERR_ST_EXT("kas_StringToKey", st);
253 if (!kas_PrincipalKeySet(cellHandle, 0, &user, key_version, &key, &st)) {
254 ERR_ST_EXT("kas_PrincipalKeySet", st);
261 DoKasPrincipalLockStatusGet(struct cmd_syndesc *as, char *arock)
263 typedef enum { PRINCIPAL, INSTANCE } DoKasPrincipalLockStatusGet_parm_t;
266 unsigned int lock_end_time = 0;
268 strcpy(user.principal, as->parms[PRINCIPAL].items->data);
270 if (as->parms[INSTANCE].items) {
271 strcpy(user.instance, as->parms[INSTANCE].items->data);
273 user.instance[0] = 0;
276 if (!kas_PrincipalLockStatusGet
277 (cellHandle, 0, &user, &lock_end_time, &st)) {
278 ERR_ST_EXT("kas_PrincipalLockStatusGet", st);
281 printf("The lock end time is %u\n", lock_end_time);
287 DoKasPrincipalUnlock(struct cmd_syndesc *as, char *arock)
289 typedef enum { PRINCIPAL, INSTANCE } DoKasPrincipalUnlock_parm_t;
292 unsigned int lock_end_time = 0;
294 strcpy(user.principal, as->parms[PRINCIPAL].items->data);
296 if (as->parms[INSTANCE].items) {
297 strcpy(user.instance, as->parms[INSTANCE].items->data);
299 user.instance[0] = 0;
302 if (!kas_PrincipalUnlock(cellHandle, 0, &user, &st)) {
303 ERR_ST_EXT("kas_PrincipalUnlock", st);
310 DoKasPrincipalFieldsSet(struct cmd_syndesc *as, char *arock)
312 typedef enum { PRINCIPAL, INSTANCE, ADMIN, NOADMIN, GRANTTICKET,
313 NOGRANTTICKET, ENCRYPT2, NOENCRYPT, CHANGEPASSWORD,
314 NOCHANGEPASSWORD, REUSEPASSWORD, NOREUSEPASSWORD,
315 EXPIRES, MAXTICKETLIFETIME, PASSWORDEXPIRES,
316 FAILEDPASSWORDATTEMPTS, FAILEDPASSWORDLOCKTIME
317 } DoKasPrincipalFieldsSet_parm_t;
321 kas_admin_p admin_ptr = NULL;
324 kas_tgs_p tgs_ptr = NULL;
327 kas_enc_p enc_ptr = NULL;
330 kas_cpw_p cpw_ptr = NULL;
333 kas_rpw_p reuse_ptr = NULL;
336 unsigned int *expire_ptr = NULL;
338 unsigned int max_ticket;
339 unsigned int *max_ticket_ptr = NULL;
340 int have_max_ticket = 0;
341 unsigned int password_expire;
342 unsigned int *password_expire_ptr = NULL;
343 int have_password_expire = 0;
344 unsigned int failed_password_attempts;
345 unsigned int *failed_password_attempts_ptr = NULL;
346 int have_failed_password_attempts = 0;
347 unsigned int failed_password_lock_time;
348 unsigned int *failed_password_lock_time_ptr = NULL;
349 int have_failed_password_lock_time = 0;
351 strcpy(user.principal, as->parms[PRINCIPAL].items->data);
353 if (as->parms[INSTANCE].items) {
354 strcpy(user.instance, as->parms[INSTANCE].items->data);
356 user.instance[0] = 0;
359 if (as->parms[ADMIN].items) {
365 if (as->parms[NOADMIN].items) {
366 admin = NO_KAS_ADMIN;
369 ERR_EXT("specify either admin or noadmin, not both");
374 if (as->parms[GRANTTICKET].items) {
380 if (as->parms[NOGRANTTICKET].items) {
384 ERR_EXT("specify either grantticket or nograntticket, not both");
389 if (as->parms[ENCRYPT2].items) {
395 if (as->parms[NOENCRYPT].items) {
399 ERR_EXT("specify either encrypt or noencrypt, not both");
404 if (as->parms[CHANGEPASSWORD].items) {
405 cpw = CHANGE_PASSWORD;
410 if (as->parms[NOCHANGEPASSWORD].items) {
411 cpw = NO_CHANGE_PASSWORD;
414 ERR_EXT("specify either changepassword or "
415 "nochangepassword, not both");
420 if (as->parms[REUSEPASSWORD].items) {
421 reuse = REUSE_PASSWORD;
426 if (as->parms[REUSEPASSWORD].items) {
427 reuse = NO_REUSE_PASSWORD;
430 ERR_EXT("specify either reusepassword or "
431 "noreusepassword, not both");
436 if (as->parms[EXPIRES].items) {
438 GetIntFromString(as->parms[EXPIRES].items->data,
439 "bad expiration date");
440 expire_ptr = &expire;
444 if (as->parms[MAXTICKETLIFETIME].items) {
446 GetIntFromString(as->parms[MAXTICKETLIFETIME].items->data,
447 "bad max ticket lifetime");
448 max_ticket_ptr = &max_ticket;
452 if (as->parms[PASSWORDEXPIRES].items) {
454 GetIntFromString(as->parms[PASSWORDEXPIRES].items->data,
455 "bad expiration date");
456 password_expire_ptr = &password_expire;
457 have_password_expire = 1;
460 if (as->parms[FAILEDPASSWORDATTEMPTS].items) {
461 failed_password_attempts =
462 GetIntFromString(as->parms[FAILEDPASSWORDATTEMPTS].items->data,
463 "bad expiration date");
464 failed_password_attempts_ptr = &failed_password_attempts;
465 have_failed_password_attempts = 1;
468 if (as->parms[FAILEDPASSWORDLOCKTIME].items) {
469 failed_password_lock_time =
470 GetIntFromString(as->parms[FAILEDPASSWORDLOCKTIME].items->data,
471 "bad expiration date");
472 failed_password_lock_time_ptr = &failed_password_lock_time;
473 have_failed_password_lock_time = 1;
476 if ((have_admin + have_tgs + have_enc + have_cpw + have_reuse +
477 have_expire + have_max_ticket + have_password_expire +
478 have_failed_password_attempts + have_failed_password_lock_time) ==
480 ERR_EXT("You must specify at least one attribute to change");
483 if (!kas_PrincipalFieldsSet
484 (cellHandle, 0, &user, admin_ptr, tgs_ptr, enc_ptr, cpw_ptr,
485 expire_ptr, max_ticket_ptr, password_expire_ptr, reuse_ptr,
486 failed_password_attempts_ptr, failed_password_lock_time_ptr, &st)) {
487 ERR_ST_EXT("kas_PrincipalFieldsSet", st);
494 Print_kas_serverStats_p(kas_serverStats_p stats, const char *prefix)
496 time_t stime = stats->serverStartTime;
498 printf("%sAllocations %d\n", prefix, stats->allocations);
499 printf("%sFrees %d\n", prefix, stats->frees);
500 printf("%sChange password requests %d\n", prefix,
501 stats->changePasswordRequests);
502 printf("%sAdmin accounts %d\n", prefix, stats->adminAccounts);
503 printf("%sHost %x\n", prefix, stats->host);
504 printf("%sServer start time %s\n", prefix, ctime(&stime));
505 printf("%sUser time %ld secs %ld usec\n", prefix, stats->userTime.tv_sec,
506 stats->userTime.tv_usec);
507 printf("%sSystem time %ld secs %ld usec\n", prefix,
508 stats->systemTime.tv_sec, stats->systemTime.tv_usec);
509 printf("%sData size %d\n", prefix, stats->dataSize);
510 printf("%sStack size %d\n", prefix, stats->stackSize);
511 printf("%sPage faults %d\n", prefix, stats->pageFaults);
512 printf("%sHash table utilization %d\n", prefix,
513 stats->hashTableUtilization);
514 printf("%sAuthentication requests %d aborts %d\n", prefix,
515 stats->authenticate.requests, stats->authenticate.aborts);
516 printf("%sChange password requests %d aborts %d\n", prefix,
517 stats->changePassword.requests, stats->changePassword.aborts);
518 printf("%sGet ticket requests %d aborts %d\n", prefix,
519 stats->getTicket.requests, stats->getTicket.aborts);
520 printf("%sCreate user requests %d aborts %d\n", prefix,
521 stats->createUser.requests, stats->createUser.aborts);
522 printf("%sSet password requests %d aborts %d\n", prefix,
523 stats->setPassword.requests, stats->setPassword.aborts);
524 printf("%sSet fields requests %d aborts %d\n", prefix,
525 stats->setFields.requests, stats->setFields.aborts);
526 printf("%sDelete user requests %d aborts %d\n", prefix,
527 stats->deleteUser.requests, stats->deleteUser.aborts);
528 printf("%sGet entry requests %d aborts %d\n", prefix,
529 stats->getEntry.requests, stats->getEntry.aborts);
530 printf("%sList entry requests %d aborts %d\n", prefix,
531 stats->listEntry.requests, stats->listEntry.aborts);
532 printf("%sGet stats requests %d aborts %d\n", prefix,
533 stats->getStats.requests, stats->getStats.aborts);
534 printf("%sGet password requests %d aborts %d\n", prefix,
535 stats->getPassword.requests, stats->getPassword.aborts);
536 printf("%sGet random key requests %d aborts %d\n", prefix,
537 stats->getRandomKey.requests, stats->getRandomKey.aborts);
538 printf("%sDebug requests %d aborts %d\n", prefix, stats->debug.requests,
539 stats->debug.aborts);
540 printf("%sUDP authenticate requests %d aborts %d\n", prefix,
541 stats->udpAuthenticate.requests, stats->udpAuthenticate.aborts);
542 printf("%sUDP get ticket requests %d aborts %d\n", prefix,
543 stats->udpGetTicket.requests, stats->udpGetTicket.aborts);
544 printf("%sUnlock requests %d aborts %d\n", prefix, stats->unlock.requests,
545 stats->unlock.aborts);
546 printf("%sLock status requests %d aborts %d\n", prefix,
547 stats->lockStatus.requests, stats->lockStatus.aborts);
548 printf("%sString checks %d\n", prefix, stats->stringChecks);
552 DoKasServerStatsGet(struct cmd_syndesc *as, char *arock)
554 typedef enum { SERVER } DoKasServerStatsGet_parm_t;
556 const char *server_list[2] = { 0, 0 };
557 void *kas_server = NULL;
558 kas_serverStats_t stats;
560 if (as->parms[SERVER].items) {
561 server_list[0] = as->parms[SERVER].items->data;
564 if (!kas_ServerOpen(cellHandle, server_list, &kas_server, &st)) {
565 ERR_ST_EXT("kas_ServerOpen", st);
568 if (!kas_ServerStatsGet(0, kas_server, &stats, &st)) {
569 ERR_ST_EXT("kas_ServerStatsGet", st);
572 Print_kas_serverStats_p(&stats, "");
574 kas_ServerClose(kas_server, 0);
580 Print_kas_serverDebugInfo_p(kas_serverDebugInfo_p debug, const char *prefix)
585 printf("%sHost %x\n", prefix, debug->host);
586 time = debug->serverStartTime;
587 printf("%sServer start time %s\n", prefix, ctime(&time));
588 time = debug->currentTime;
589 printf("%sCurrent time %s\n", prefix, ctime(&time));
590 printf("%sNo auth %d\n", prefix, debug->noAuth);
591 time = debug->lastTransaction;
592 printf("%sLast transaction %s\n", prefix, ctime(&time));
593 printf("%sLast operation %s\n", prefix, debug->lastOperation);
594 printf("%sLast principal auth %s\n", prefix, debug->lastPrincipalAuth);
595 printf("%sLast principal UDP auth %s\n", prefix,
596 debug->lastPrincipalUDPAuth);
597 printf("%sLast principal TGS auth %s\n", prefix, debug->lastPrincipalTGS);
598 printf("%sLast principal UDP TGS auth %s\n", prefix,
599 debug->lastPrincipalUDPTGS);
600 printf("%sLast principal admin %s\n", prefix, debug->lastPrincipalAdmin);
601 printf("%sLast server TGS %s\n", prefix, debug->lastServerTGS);
602 printf("%sLast server UDP TGS %s\n", prefix, debug->lastServerUDPTGS);
603 time = debug->nextAutoCheckPointWrite;
604 printf("%sNext auto check point write %s\n", prefix, ctime(&time));
605 printf("%sUpdates remaining before ACPW %d\n", prefix,
606 debug->updatesRemainingBeforeAutoCheckPointWrite);
607 time = debug->dbHeaderRead;
608 printf("%sDatabase header read %s\n", prefix, ctime(&time));
609 printf("%sDatabase version %d\n", prefix, debug->dbVersion);
610 printf("%sDatabase free ptr %d\n", prefix, debug->dbFreePtr);
611 printf("%sDatabase EOF ptr %d\n", prefix, debug->dbEOFPtr);
612 printf("%sDatabase kvno ptr %d\n", prefix, debug->dbKvnoPtr);
613 printf("%sDatabase special keys version%d\n", prefix,
614 debug->dbSpecialKeysVersion);
615 printf("%sDatabase header lock %d\n", prefix, debug->dbHeaderLock);
616 printf("%sKey cache lock %d\n", prefix, debug->keyCacheLock);
617 printf("%sKey cache version %d\n", prefix, debug->keyCacheVersion);
618 printf("%sKey cache size %d\n", prefix, debug->keyCacheSize);
619 printf("%sKey cache used %d\n", prefix, debug->keyCacheUsed);
621 printf("%sKey cache\n", prefix);
623 for (i = 0; i < debug->keyCacheUsed; i++) {
624 printf("%s\tPrincipal %s\n", prefix, debug->keyCache[i].principal);
625 time = debug->keyCache[i].lastUsed;
626 printf("%s\tLast used %s\n", prefix, ctime(&time));
627 printf("%s\tVersion number %d\n", prefix,
628 debug->keyCache[i].keyVersionNumber);
629 printf("%s\tPrimary %d\n", prefix, debug->keyCache[i].primary);
630 printf("%s\tCheck sum %d\n", prefix, debug->keyCache[i].keyCheckSum);
637 DoKasServerDebugGet(struct cmd_syndesc *as, char *arock)
639 typedef enum { SERVER } DoKasServerDebugGet_parm_t;
641 const char *server_list[2] = { 0, 0 };
642 void *kas_server = NULL;
643 kas_serverDebugInfo_t debug;
645 if (as->parms[SERVER].items) {
646 server_list[0] = as->parms[SERVER].items->data;
649 if (!kas_ServerOpen(cellHandle, server_list, &kas_server, &st)) {
650 ERR_ST_EXT("kas_ServerOpen", st);
653 if (!kas_ServerDebugGet(0, kas_server, &debug, &st)) {
654 ERR_ST_EXT("kas_ServerDebugGet", st);
657 Print_kas_serverDebugInfo_p(&debug, "");
659 kas_ServerClose(kas_server, 0);
665 DoKasServerRandomKeyGet(struct cmd_syndesc *as, char *arock)
668 kas_encryptionKey_t key;
671 if (!kas_ServerRandomKeyGet(cellHandle, 0, &key, &st)) {
672 ERR_ST_EXT("kas_ServerRandomKeyGet", st);
676 for (i = 0; i < KAS_ENCRYPTION_KEY_LEN; i++) {
677 printf("%d ", key.key[i]);
685 SetupKasAdminCmd(void)
687 struct cmd_syndesc *ts;
689 ts = cmd_CreateSyntax("KasPrincipalCreate", DoKasPrincipalCreate, 0,
690 "create a new principal");
691 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_REQUIRED,
692 "principal to create");
693 cmd_AddParm(ts, "-instance", CMD_SINGLE, CMD_OPTIONAL,
694 "principal instance");
695 cmd_AddParm(ts, "-password", CMD_SINGLE, CMD_REQUIRED,
696 "initial principal password");
697 SetupCommonCmdArgs(ts);
699 ts = cmd_CreateSyntax("KasPrincipalDelete", DoKasPrincipalDelete, 0,
700 "delete a principal");
701 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_REQUIRED,
702 "principal to delete");
703 cmd_AddParm(ts, "-instance", CMD_SINGLE, CMD_OPTIONAL,
704 "principal instance");
705 SetupCommonCmdArgs(ts);
707 ts = cmd_CreateSyntax("KasPrincipalGet", DoKasPrincipalGet, 0,
708 "get information about a principal");
709 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_REQUIRED,
711 cmd_AddParm(ts, "-instance", CMD_SINGLE, CMD_OPTIONAL,
712 "principal instance");
713 SetupCommonCmdArgs(ts);
715 ts = cmd_CreateSyntax("KasPrincipalList", DoKasPrincipalList, 0,
716 "list all principals");
717 SetupCommonCmdArgs(ts);
719 ts = cmd_CreateSyntax("KasPrincipalKeySet", DoKasPrincipalKeySet, 0,
720 "set the password for a principal");
721 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_REQUIRED,
722 "principal to modify");
723 cmd_AddParm(ts, "-instance", CMD_SINGLE, CMD_OPTIONAL,
724 "principal instance");
725 cmd_AddParm(ts, "-password", CMD_SINGLE, CMD_REQUIRED,
726 "new principal password");
727 cmd_AddParm(ts, "-version", CMD_SINGLE, CMD_REQUIRED,
728 "password version number");
729 SetupCommonCmdArgs(ts);
731 ts = cmd_CreateSyntax("KasPrincipalLockStatusGet",
732 DoKasPrincipalLockStatusGet, 0,
733 "get the lock status of a principal");
734 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_REQUIRED,
735 "principal to query");
736 cmd_AddParm(ts, "-instance", CMD_SINGLE, CMD_OPTIONAL,
737 "principal instance");
738 SetupCommonCmdArgs(ts);
740 ts = cmd_CreateSyntax("KasPrincipalUnlock", DoKasPrincipalUnlock, 0,
741 "unlock a principal");
742 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_REQUIRED,
743 "principal to unlock");
744 cmd_AddParm(ts, "-instance", CMD_SINGLE, CMD_OPTIONAL,
745 "principal instance");
746 SetupCommonCmdArgs(ts);
748 ts = cmd_CreateSyntax("KasPrincipalFieldsSet", DoKasPrincipalFieldsSet, 0,
749 "modify a principal");
750 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_REQUIRED,
751 "principal to modify");
752 cmd_AddParm(ts, "-instance", CMD_SINGLE, CMD_OPTIONAL,
753 "principal instance");
754 cmd_AddParm(ts, "-admin", CMD_FLAG, CMD_OPTIONAL,
755 "make this principal an admin");
756 cmd_AddParm(ts, "-noadmin", CMD_FLAG, CMD_OPTIONAL,
757 "remove admin from this principal");
758 cmd_AddParm(ts, "-grantticket", CMD_FLAG, CMD_OPTIONAL,
759 "this principal can grant server tickets");
760 cmd_AddParm(ts, "-nograntticket", CMD_FLAG, CMD_OPTIONAL,
761 "this principal cannot grant server tickets");
762 cmd_AddParm(ts, "-encrypt", CMD_FLAG, CMD_OPTIONAL,
763 "this principal can encrypt data");
764 cmd_AddParm(ts, "-noencrypt", CMD_FLAG, CMD_OPTIONAL,
765 "this principal cannot encrypt data");
766 cmd_AddParm(ts, "-changepassword", CMD_FLAG, CMD_OPTIONAL,
767 "this principal can change its password");
768 cmd_AddParm(ts, "-nochangepassword", CMD_FLAG, CMD_OPTIONAL,
769 "this principal cannot change its password");
770 cmd_AddParm(ts, "-reusepassword", CMD_FLAG, CMD_OPTIONAL,
771 "this principal can reuse its password");
772 cmd_AddParm(ts, "-noreusepassword", CMD_FLAG, CMD_OPTIONAL,
773 "this principal cannot reuse its password");
774 cmd_AddParm(ts, "-expires", CMD_SINGLE, CMD_OPTIONAL,
775 "the time at which this principal expires");
776 cmd_AddParm(ts, "-maxticketlifetime", CMD_SINGLE, CMD_OPTIONAL,
777 "the maximum ticket lifetime this principal can request");
778 cmd_AddParm(ts, "-passwordexpires", CMD_SINGLE, CMD_OPTIONAL,
779 "the time at which this principal's password expires");
780 cmd_AddParm(ts, "-failedpasswordattempts", CMD_SINGLE, CMD_OPTIONAL,
781 "the number of failed password attempts this principal "
782 "can incur before it is locked");
783 cmd_AddParm(ts, "-failedpasswordlocktime", CMD_SINGLE, CMD_OPTIONAL,
784 "the amount of time this principal will be locked if the "
785 "maximum failed password attempts is exceeded");
786 SetupCommonCmdArgs(ts);
788 ts = cmd_CreateSyntax("KasServerStatsGet", DoKasServerStatsGet, 0,
789 "get stats on a kaserver");
790 cmd_AddParm(ts, "-server", CMD_SINGLE, CMD_REQUIRED, "server to query");
791 SetupCommonCmdArgs(ts);
793 ts = cmd_CreateSyntax("KasServerDebugGet", DoKasServerDebugGet, 0,
794 "get debug info from a kaserver");
795 cmd_AddParm(ts, "-server", CMD_SINGLE, CMD_REQUIRED, "server to query");
796 SetupCommonCmdArgs(ts);
798 ts = cmd_CreateSyntax("KasServerRandomKeyGet", DoKasServerRandomKeyGet, 0,
799 "create a random key");
800 SetupCommonCmdArgs(ts);