2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
11 * This file implements the kas related funtions for afscp
14 #include <afsconfig.h>
15 #include <afs/param.h>
28 * Generic fuction for converting input string to an integer. Pass
29 * the error_msg you want displayed if there is an error converting
34 GetIntFromString(const char *int_str, const char *error_msg)
37 char *bad_char = NULL;
39 i = strtoul(int_str, &bad_char, 10);
40 if ((bad_char == NULL) || (*bad_char == 0)) {
48 DoKasPrincipalCreate(struct cmd_syndesc *as, char *arock)
50 typedef enum { PRINCIPAL, INSTANCE,
51 PASSWORD } DoKasPrincipalCreate_parm_t;
53 const char *instance = NULL;
57 strcpy(user.principal, as->parms[PRINCIPAL].items->data);
59 if (as->parms[INSTANCE].items) {
60 strcpy(user.instance, as->parms[INSTANCE].items->data);
65 password = as->parms[PASSWORD].items->data;
67 if (!kas_PrincipalCreate(cellHandle, 0, &user, password, &st)) {
68 ERR_ST_EXT("kas_PrincipalCreate", st);
75 DoKasPrincipalDelete(struct cmd_syndesc *as, char *arock)
77 typedef enum { PRINCIPAL, INSTANCE } DoKasPrincipalGet_parm_t;
79 const char *instance = NULL;
82 strcpy(user.principal, as->parms[PRINCIPAL].items->data);
84 if (as->parms[INSTANCE].items) {
85 strcpy(user.instance, as->parms[PRINCIPAL].items->data);
90 if (!kas_PrincipalDelete(cellHandle, 0, &user, &st)) {
91 ERR_ST_EXT("kas_PrincipalDelete", st);
98 Print_kas_principalEntry_p(kas_principalEntry_p principal, const char *prefix)
102 if (principal->adminSetting == KAS_ADMIN) {
103 printf("%sAdmin setting: KAS_ADMIN\n", prefix);
105 printf("%sAdmin setting: NO_KAS_ADMIN\n", prefix);
108 if (principal->tgsSetting == TGS) {
109 printf("%sTGS setting: TGS\n", prefix);
111 printf("%sTGS setting: NO_TGS\n", prefix);
114 if (principal->encSetting == ENCRYPT) {
115 printf("%sEncrypt setting: ENCRYPT\n", prefix);
117 printf("%sEncrypt setting: NO_ENCRYPT\n", prefix);
120 if (principal->cpwSetting == CHANGE_PASSWORD) {
121 printf("%sChange password setting: CHANGE_PASSWORD\n", prefix);
123 printf("%sChange password setting: NO_CHANGE_PASSWORD\n", prefix);
126 if (principal->rpwSetting == REUSE_PASSWORD) {
127 printf("%sReuse password setting: REUSE_PASSWORD\n", prefix);
129 printf("%sReuse password setting: NO_REUSE_PASSWORD\n", prefix);
132 printf("%sExpiration: %u\n", prefix, principal->userExpiration);
133 printf("%sLast modification time %u\n", prefix, principal->lastModTime);
134 printf("%sLast modifying principal %s", prefix,
135 principal->lastModPrincipal.principal);
136 if (principal->lastModPrincipal.instance[0] != 0) {
137 printf(".%s\n", principal->lastModPrincipal.instance);
142 printf("%sLast change password time %u\n", prefix,
143 principal->lastChangePasswordTime);
144 printf("%sMax ticket lifetime %d\n", prefix,
145 principal->maxTicketLifetime);
146 printf("%sKey version number %d\n", prefix, principal->keyVersion);
148 printf("%sKey contents :", prefix);
149 for (i = 0; i < KAS_ENCRYPTION_KEY_LEN; i++) {
150 printf("%d ", principal->key.key[i]);
152 printf("\n", prefix);
154 printf("%sKey checksum %u\n", prefix, principal->keyCheckSum);
155 printf("%sDays to password expire %d\n", prefix,
156 principal->daysToPasswordExpire);
157 printf("%sFailed login count %d\n", prefix, principal->failLoginCount);
158 printf("%sLock time %d\n", prefix, principal->lockTime);
162 DoKasPrincipalGet(struct cmd_syndesc *as, char *arock)
164 typedef enum { PRINCIPAL, INSTANCE } DoKasPrincipalGet_parm_t;
166 const char *instance = NULL;
168 kas_principalEntry_t principal;
170 strcpy(user.principal, as->parms[PRINCIPAL].items->data);
172 if (as->parms[INSTANCE].items) {
173 strcpy(user.instance, as->parms[PRINCIPAL].items->data);
175 user.instance[0] = 0;
178 if (!kas_PrincipalGet(cellHandle, 0, &user, &principal, &st)) {
179 ERR_ST_EXT("kas_PrincipalGet", st);
182 Print_kas_principalEntry_p(&principal, "");
188 DoKasPrincipalList(struct cmd_syndesc *as, char *arock)
194 if (!kas_PrincipalGetBegin(cellHandle, 0, &iter, &st)) {
195 ERR_ST_EXT("kas_PrincipalGetBegin", st);
198 printf("Listing principals:\n");
199 while (kas_PrincipalGetNext(iter, &prin, &st)) {
200 printf("%s", prin.principal);
201 if (prin.instance[0] != 0) {
202 printf(".%s\n", prin.instance);
208 if (st != ADMITERATORDONE) {
209 ERR_ST_EXT("kas_PrincipalGetNext", st);
212 if (!kas_PrincipalGetDone(iter, &st)) {
213 ERR_ST_EXT("kas_PrincipalGetDone", st);
220 DoKasPrincipalKeySet(struct cmd_syndesc *as, char *arock)
222 typedef enum { PRINCIPAL, INSTANCE, PASSWORD,
223 KEYVERSION } DoKasPrincipalKeySet_parm_t;
225 kas_encryptionKey_t key;
229 const char *password;
231 strcpy(user.principal, as->parms[PRINCIPAL].items->data);
233 if (as->parms[INSTANCE].items) {
234 strcpy(user.instance, as->parms[INSTANCE].items->data);
236 user.instance[0] = 0;
239 if (!afsclient_CellNameGet(cellHandle, &cell, &st)) {
240 ERR_ST_EXT("afsclient_CellNameGet", st);
243 password = as->parms[PASSWORD].items->data;
245 GetIntFromString(as->parms[KEYVERSION].items->data,
246 "invalid key version number");
247 if (!kas_StringToKey(cell, password, &key, &st)) {
248 ERR_ST_EXT("kas_StringToKey", st);
251 if (!kas_PrincipalKeySet(cellHandle, 0, &user, key_version, &key, &st)) {
252 ERR_ST_EXT("kas_PrincipalKeySet", st);
259 DoKasPrincipalLockStatusGet(struct cmd_syndesc *as, char *arock)
261 typedef enum { PRINCIPAL, INSTANCE } DoKasPrincipalLockStatusGet_parm_t;
264 unsigned int lock_end_time = 0;
266 strcpy(user.principal, as->parms[PRINCIPAL].items->data);
268 if (as->parms[INSTANCE].items) {
269 strcpy(user.instance, as->parms[INSTANCE].items->data);
271 user.instance[0] = 0;
274 if (!kas_PrincipalLockStatusGet
275 (cellHandle, 0, &user, &lock_end_time, &st)) {
276 ERR_ST_EXT("kas_PrincipalLockStatusGet", st);
279 printf("The lock end time is %u\n", lock_end_time);
285 DoKasPrincipalUnlock(struct cmd_syndesc *as, char *arock)
287 typedef enum { PRINCIPAL, INSTANCE } DoKasPrincipalUnlock_parm_t;
290 unsigned int lock_end_time = 0;
292 strcpy(user.principal, as->parms[PRINCIPAL].items->data);
294 if (as->parms[INSTANCE].items) {
295 strcpy(user.instance, as->parms[INSTANCE].items->data);
297 user.instance[0] = 0;
300 if (!kas_PrincipalUnlock(cellHandle, 0, &user, &st)) {
301 ERR_ST_EXT("kas_PrincipalUnlock", st);
308 DoKasPrincipalFieldsSet(struct cmd_syndesc *as, char *arock)
310 typedef enum { PRINCIPAL, INSTANCE, ADMIN, NOADMIN, GRANTTICKET,
311 NOGRANTTICKET, ENCRYPT2, NOENCRYPT, CHANGEPASSWORD,
312 NOCHANGEPASSWORD, REUSEPASSWORD, NOREUSEPASSWORD,
313 EXPIRES, MAXTICKETLIFETIME, PASSWORDEXPIRES,
314 FAILEDPASSWORDATTEMPTS, FAILEDPASSWORDLOCKTIME
315 } DoKasPrincipalFieldsSet_parm_t;
319 kas_admin_p admin_ptr = NULL;
322 kas_tgs_p tgs_ptr = NULL;
325 kas_enc_p enc_ptr = NULL;
328 kas_cpw_p cpw_ptr = NULL;
331 kas_rpw_p reuse_ptr = NULL;
334 unsigned int *expire_ptr = NULL;
336 unsigned int max_ticket;
337 unsigned int *max_ticket_ptr = NULL;
338 int have_max_ticket = 0;
339 unsigned int password_expire;
340 unsigned int *password_expire_ptr = NULL;
341 int have_password_expire = 0;
342 unsigned int failed_password_attempts;
343 unsigned int *failed_password_attempts_ptr = NULL;
344 int have_failed_password_attempts = 0;
345 unsigned int failed_password_lock_time;
346 unsigned int *failed_password_lock_time_ptr = NULL;
347 int have_failed_password_lock_time = 0;
349 strcpy(user.principal, as->parms[PRINCIPAL].items->data);
351 if (as->parms[INSTANCE].items) {
352 strcpy(user.instance, as->parms[INSTANCE].items->data);
354 user.instance[0] = 0;
357 if (as->parms[ADMIN].items) {
363 if (as->parms[NOADMIN].items) {
364 admin = NO_KAS_ADMIN;
367 ERR_EXT("specify either admin or noadmin, not both");
372 if (as->parms[GRANTTICKET].items) {
378 if (as->parms[NOGRANTTICKET].items) {
382 ERR_EXT("specify either grantticket or nograntticket, not both");
387 if (as->parms[ENCRYPT2].items) {
393 if (as->parms[NOENCRYPT].items) {
397 ERR_EXT("specify either encrypt or noencrypt, not both");
402 if (as->parms[CHANGEPASSWORD].items) {
403 cpw = CHANGE_PASSWORD;
408 if (as->parms[NOCHANGEPASSWORD].items) {
409 cpw = NO_CHANGE_PASSWORD;
412 ERR_EXT("specify either changepassword or "
413 "nochangepassword, not both");
418 if (as->parms[REUSEPASSWORD].items) {
419 reuse = REUSE_PASSWORD;
424 if (as->parms[REUSEPASSWORD].items) {
425 reuse = NO_REUSE_PASSWORD;
428 ERR_EXT("specify either reusepassword or "
429 "noreusepassword, not both");
434 if (as->parms[EXPIRES].items) {
436 GetIntFromString(as->parms[EXPIRES].items->data,
437 "bad expiration date");
438 expire_ptr = &expire;
442 if (as->parms[MAXTICKETLIFETIME].items) {
444 GetIntFromString(as->parms[MAXTICKETLIFETIME].items->data,
445 "bad max ticket lifetime");
446 max_ticket_ptr = &max_ticket;
450 if (as->parms[PASSWORDEXPIRES].items) {
452 GetIntFromString(as->parms[PASSWORDEXPIRES].items->data,
453 "bad expiration date");
454 password_expire_ptr = &password_expire;
455 have_password_expire = 1;
458 if (as->parms[FAILEDPASSWORDATTEMPTS].items) {
459 failed_password_attempts =
460 GetIntFromString(as->parms[FAILEDPASSWORDATTEMPTS].items->data,
461 "bad expiration date");
462 failed_password_attempts_ptr = &failed_password_attempts;
463 have_failed_password_attempts = 1;
466 if (as->parms[FAILEDPASSWORDLOCKTIME].items) {
467 failed_password_lock_time =
468 GetIntFromString(as->parms[FAILEDPASSWORDLOCKTIME].items->data,
469 "bad expiration date");
470 failed_password_lock_time_ptr = &failed_password_lock_time;
471 have_failed_password_lock_time = 1;
474 if ((have_admin + have_tgs + have_enc + have_cpw + have_reuse +
475 have_expire + have_max_ticket + have_password_expire +
476 have_failed_password_attempts + have_failed_password_lock_time) ==
478 ERR_EXT("You must specify at least one attribute to change");
481 if (!kas_PrincipalFieldsSet
482 (cellHandle, 0, &user, admin_ptr, tgs_ptr, enc_ptr, cpw_ptr,
483 expire_ptr, max_ticket_ptr, password_expire_ptr, reuse_ptr,
484 failed_password_attempts_ptr, failed_password_lock_time_ptr, &st)) {
485 ERR_ST_EXT("kas_PrincipalFieldsSet", st);
492 Print_kas_serverStats_p(kas_serverStats_p stats, const char *prefix)
494 time_t stime = stats->serverStartTime;
496 printf("%sAllocations %d\n", prefix, stats->allocations);
497 printf("%sFrees %d\n", prefix, stats->frees);
498 printf("%sChange password requests %d\n", prefix,
499 stats->changePasswordRequests);
500 printf("%sAdmin accounts %d\n", prefix, stats->adminAccounts);
501 printf("%sHost %x\n", prefix, stats->host);
502 printf("%sServer start time %s\n", prefix, ctime(&stime));
503 printf("%sUser time %ld secs %ld usec\n", prefix, stats->userTime.tv_sec,
504 stats->userTime.tv_usec);
505 printf("%sSystem time %ld secs %ld usec\n", prefix,
506 stats->systemTime.tv_sec, stats->systemTime.tv_usec);
507 printf("%sData size %d\n", prefix, stats->dataSize);
508 printf("%sStack size %d\n", prefix, stats->stackSize);
509 printf("%sPage faults %d\n", prefix, stats->pageFaults);
510 printf("%sHash table utilization %d\n", prefix,
511 stats->hashTableUtilization);
512 printf("%sAuthentication requests %d aborts %d\n", prefix,
513 stats->authenticate.requests, stats->authenticate.aborts);
514 printf("%sChange password requests %d aborts %d\n", prefix,
515 stats->changePassword.requests, stats->changePassword.aborts);
516 printf("%sGet ticket requests %d aborts %d\n", prefix,
517 stats->getTicket.requests, stats->getTicket.aborts);
518 printf("%sCreate user requests %d aborts %d\n", prefix,
519 stats->createUser.requests, stats->createUser.aborts);
520 printf("%sSet password requests %d aborts %d\n", prefix,
521 stats->setPassword.requests, stats->setPassword.aborts);
522 printf("%sSet fields requests %d aborts %d\n", prefix,
523 stats->setFields.requests, stats->setFields.aborts);
524 printf("%sDelete user requests %d aborts %d\n", prefix,
525 stats->deleteUser.requests, stats->deleteUser.aborts);
526 printf("%sGet entry requests %d aborts %d\n", prefix,
527 stats->getEntry.requests, stats->getEntry.aborts);
528 printf("%sList entry requests %d aborts %d\n", prefix,
529 stats->listEntry.requests, stats->listEntry.aborts);
530 printf("%sGet stats requests %d aborts %d\n", prefix,
531 stats->getStats.requests, stats->getStats.aborts);
532 printf("%sGet password requests %d aborts %d\n", prefix,
533 stats->getPassword.requests, stats->getPassword.aborts);
534 printf("%sGet random key requests %d aborts %d\n", prefix,
535 stats->getRandomKey.requests, stats->getRandomKey.aborts);
536 printf("%sDebug requests %d aborts %d\n", prefix, stats->debug.requests,
537 stats->debug.aborts);
538 printf("%sUDP authenticate requests %d aborts %d\n", prefix,
539 stats->udpAuthenticate.requests, stats->udpAuthenticate.aborts);
540 printf("%sUDP get ticket requests %d aborts %d\n", prefix,
541 stats->udpGetTicket.requests, stats->udpGetTicket.aborts);
542 printf("%sUnlock requests %d aborts %d\n", prefix, stats->unlock.requests,
543 stats->unlock.aborts);
544 printf("%sLock status requests %d aborts %d\n", prefix,
545 stats->lockStatus.requests, stats->lockStatus.aborts);
546 printf("%sString checks %d\n", prefix, stats->stringChecks);
550 DoKasServerStatsGet(struct cmd_syndesc *as, char *arock)
552 typedef enum { SERVER } DoKasServerStatsGet_parm_t;
554 const char *server_list[2] = { 0, 0 };
555 void *kas_server = NULL;
556 kas_serverStats_t stats;
558 if (as->parms[SERVER].items) {
559 server_list[0] = as->parms[SERVER].items->data;
562 if (!kas_ServerOpen(cellHandle, server_list, &kas_server, &st)) {
563 ERR_ST_EXT("kas_ServerOpen", st);
566 if (!kas_ServerStatsGet(0, kas_server, &stats, &st)) {
567 ERR_ST_EXT("kas_ServerStatsGet", st);
570 Print_kas_serverStats_p(&stats, "");
572 kas_ServerClose(kas_server, 0);
578 Print_kas_serverDebugInfo_p(kas_serverDebugInfo_p debug, const char *prefix)
583 printf("%sHost %x\n", prefix, debug->host);
584 time = debug->serverStartTime;
585 printf("%sServer start time %s\n", prefix, ctime(&time));
586 time = debug->currentTime;
587 printf("%sCurrent time %s\n", prefix, ctime(&time));
588 printf("%sNo auth %d\n", prefix, debug->noAuth);
589 time = debug->lastTransaction;
590 printf("%sLast transaction %d\n", prefix, ctime(&time));
591 printf("%sLast operation %s\n", prefix, debug->lastOperation);
592 printf("%sLast principal auth %s\n", prefix, debug->lastPrincipalAuth);
593 printf("%sLast principal UDP auth %s\n", prefix,
594 debug->lastPrincipalUDPAuth);
595 printf("%sLast principal TGS auth %s\n", prefix, debug->lastPrincipalTGS);
596 printf("%sLast principal UDP TGS auth %s\n", prefix,
597 debug->lastPrincipalUDPTGS);
598 printf("%sLast principal admin %s\n", prefix, debug->lastPrincipalAdmin);
599 printf("%sLast server TGS %s\n", prefix, debug->lastServerTGS);
600 printf("%sLast server UDP TGS %s\n", prefix, debug->lastServerUDPTGS);
601 time = debug->nextAutoCheckPointWrite;
602 printf("%sNext auto check point write %s\n", prefix, ctime(&time));
603 printf("%sUpdates remaining before ACPW %d\n", prefix,
604 debug->updatesRemainingBeforeAutoCheckPointWrite);
605 time = debug->dbHeaderRead;
606 printf("%sDatabase header read %s\n", prefix, ctime(&time));
607 printf("%sDatabase version %d\n", prefix, debug->dbVersion);
608 printf("%sDatabase free ptr %d\n", prefix, debug->dbFreePtr);
609 printf("%sDatabase EOF ptr %d\n", prefix, debug->dbEOFPtr);
610 printf("%sDatabase kvno ptr %d\n", prefix, debug->dbKvnoPtr);
611 printf("%sDatabase special keys version%d\n", prefix,
612 debug->dbSpecialKeysVersion);
613 printf("%sDatabase header lock %d\n", prefix, debug->dbHeaderLock);
614 printf("%sKey cache lock %d\n", prefix, debug->keyCacheLock);
615 printf("%sKey cache version %d\n", prefix, debug->keyCacheVersion);
616 printf("%sKey cache size %d\n", prefix, debug->keyCacheSize);
617 printf("%sKey cache used %d\n", prefix, debug->keyCacheUsed);
619 printf("%sKey cache\n", prefix);
621 for (i = 0; i < debug->keyCacheUsed; i++) {
622 printf("%s\tPrincipal %s\n", prefix, debug->keyCache[i].principal);
623 time = debug->keyCache[i].lastUsed;
624 printf("%s\tLast used %s\n", prefix, ctime(&time));
625 printf("%s\tVersion number %d\n", prefix,
626 debug->keyCache[i].keyVersionNumber);
627 printf("%s\tPrimary %d\n", prefix, debug->keyCache[i].primary);
628 printf("%s\tCheck sum %d\n", prefix, debug->keyCache[i].keyCheckSum);
635 DoKasServerDebugGet(struct cmd_syndesc *as, char *arock)
637 typedef enum { SERVER } DoKasServerDebugGet_parm_t;
639 const char *server_list[2] = { 0, 0 };
640 void *kas_server = NULL;
641 kas_serverDebugInfo_t debug;
643 if (as->parms[SERVER].items) {
644 server_list[0] = as->parms[SERVER].items->data;
647 if (!kas_ServerOpen(cellHandle, server_list, &kas_server, &st)) {
648 ERR_ST_EXT("kas_ServerOpen", st);
651 if (!kas_ServerDebugGet(0, kas_server, &debug, &st)) {
652 ERR_ST_EXT("kas_ServerDebugGet", st);
655 Print_kas_serverDebugInfo_p(&debug, "");
657 kas_ServerClose(kas_server, 0);
663 DoKasServerRandomKeyGet(struct cmd_syndesc *as, char *arock)
666 kas_encryptionKey_t key;
669 if (!kas_ServerRandomKeyGet(cellHandle, 0, &key, &st)) {
670 ERR_ST_EXT("kas_ServerRandomKeyGet", st);
674 for (i = 0; i < KAS_ENCRYPTION_KEY_LEN; i++) {
675 printf("%d ", key.key[i]);
683 SetupKasAdminCmd(void)
685 struct cmd_syndesc *ts;
687 ts = cmd_CreateSyntax("KasPrincipalCreate", DoKasPrincipalCreate, 0,
688 "create a new principal");
689 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_REQUIRED,
690 "principal to create");
691 cmd_AddParm(ts, "-instance", CMD_SINGLE, CMD_OPTIONAL,
692 "principal instance");
693 cmd_AddParm(ts, "-password", CMD_SINGLE, CMD_REQUIRED,
694 "initial principal password");
695 SetupCommonCmdArgs(ts);
697 ts = cmd_CreateSyntax("KasPrincipalDelete", DoKasPrincipalDelete, 0,
698 "delete a principal");
699 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_REQUIRED,
700 "principal to delete");
701 cmd_AddParm(ts, "-instance", CMD_SINGLE, CMD_OPTIONAL,
702 "principal instance");
703 SetupCommonCmdArgs(ts);
705 ts = cmd_CreateSyntax("KasPrincipalGet", DoKasPrincipalGet, 0,
706 "get information about a principal");
707 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_REQUIRED,
709 cmd_AddParm(ts, "-instance", CMD_SINGLE, CMD_OPTIONAL,
710 "principal instance");
711 SetupCommonCmdArgs(ts);
713 ts = cmd_CreateSyntax("KasPrincipalList", DoKasPrincipalList, 0,
714 "list all principals");
715 SetupCommonCmdArgs(ts);
717 ts = cmd_CreateSyntax("KasPrincipalKeySet", DoKasPrincipalKeySet, 0,
718 "set the password for a principal");
719 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_REQUIRED,
720 "principal to modify");
721 cmd_AddParm(ts, "-instance", CMD_SINGLE, CMD_OPTIONAL,
722 "principal instance");
723 cmd_AddParm(ts, "-password", CMD_SINGLE, CMD_REQUIRED,
724 "new principal password");
725 cmd_AddParm(ts, "-version", CMD_SINGLE, CMD_REQUIRED,
726 "password version number");
727 SetupCommonCmdArgs(ts);
729 ts = cmd_CreateSyntax("KasPrincipalLockStatusGet",
730 DoKasPrincipalLockStatusGet, 0,
731 "get the lock status of a principal");
732 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_REQUIRED,
733 "principal to query");
734 cmd_AddParm(ts, "-instance", CMD_SINGLE, CMD_OPTIONAL,
735 "principal instance");
736 SetupCommonCmdArgs(ts);
738 ts = cmd_CreateSyntax("KasPrincipalUnlock", DoKasPrincipalUnlock, 0,
739 "unlock a principal");
740 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_REQUIRED,
741 "principal to unlock");
742 cmd_AddParm(ts, "-instance", CMD_SINGLE, CMD_OPTIONAL,
743 "principal instance");
744 SetupCommonCmdArgs(ts);
746 ts = cmd_CreateSyntax("KasPrincipalFieldsSet", DoKasPrincipalFieldsSet, 0,
747 "modify a principal");
748 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_REQUIRED,
749 "principal to modify");
750 cmd_AddParm(ts, "-instance", CMD_SINGLE, CMD_OPTIONAL,
751 "principal instance");
752 cmd_AddParm(ts, "-admin", CMD_FLAG, CMD_OPTIONAL,
753 "make this principal an admin");
754 cmd_AddParm(ts, "-noadmin", CMD_FLAG, CMD_OPTIONAL,
755 "remove admin from this principal");
756 cmd_AddParm(ts, "-grantticket", CMD_FLAG, CMD_OPTIONAL,
757 "this principal can grant server tickets");
758 cmd_AddParm(ts, "-nograntticket", CMD_FLAG, CMD_OPTIONAL,
759 "this principal cannot grant server tickets");
760 cmd_AddParm(ts, "-encrypt", CMD_FLAG, CMD_OPTIONAL,
761 "this principal can encrypt data");
762 cmd_AddParm(ts, "-noencrypt", CMD_FLAG, CMD_OPTIONAL,
763 "this principal cannot encrypt data");
764 cmd_AddParm(ts, "-changepassword", CMD_FLAG, CMD_OPTIONAL,
765 "this principal can change its password");
766 cmd_AddParm(ts, "-nochangepassword", CMD_FLAG, CMD_OPTIONAL,
767 "this principal cannot change its password");
768 cmd_AddParm(ts, "-reusepassword", CMD_FLAG, CMD_OPTIONAL,
769 "this principal can reuse its password");
770 cmd_AddParm(ts, "-noreusepassword", CMD_FLAG, CMD_OPTIONAL,
771 "this principal cannot reuse its password");
772 cmd_AddParm(ts, "-expires", CMD_SINGLE, CMD_OPTIONAL,
773 "the time at which this principal expires");
774 cmd_AddParm(ts, "-maxticketlifetime", CMD_SINGLE, CMD_OPTIONAL,
775 "the maximum ticket lifetime this principal can request");
776 cmd_AddParm(ts, "-passwordexpires", CMD_SINGLE, CMD_OPTIONAL,
777 "the time at which this principal's password expires");
778 cmd_AddParm(ts, "-failedpasswordattempts", CMD_SINGLE, CMD_OPTIONAL,
779 "the number of failed password attempts this principal "
780 "can incur before it is locked");
781 cmd_AddParm(ts, "-failedpasswordlocktime", CMD_SINGLE, CMD_OPTIONAL,
782 "the amount of time this principal will be locked if the "
783 "maximum failed password attempts is exceeded");
784 SetupCommonCmdArgs(ts);
786 ts = cmd_CreateSyntax("KasServerStatsGet", DoKasServerStatsGet, 0,
787 "get stats on a kaserver");
788 cmd_AddParm(ts, "-server", CMD_SINGLE, CMD_REQUIRED, "server to query");
789 SetupCommonCmdArgs(ts);
791 ts = cmd_CreateSyntax("KasServerDebugGet", DoKasServerDebugGet, 0,
792 "get debug info from a kaserver");
793 cmd_AddParm(ts, "-server", CMD_SINGLE, CMD_REQUIRED, "server to query");
794 SetupCommonCmdArgs(ts);
796 ts = cmd_CreateSyntax("KasServerRandomKeyGet", DoKasServerRandomKeyGet, 0,
797 "create a random key");
798 SetupCommonCmdArgs(ts);