2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
11 * This file implements the kas related funtions for afscp
14 #include <afsconfig.h>
15 #include <afs/param.h>
26 * Generic fuction for converting input string to an integer. Pass
27 * the error_msg you want displayed if there is an error converting
32 GetIntFromString(const char *int_str, const char *error_msg)
35 char *bad_char = NULL;
37 i = strtoul(int_str, &bad_char, 10);
38 if ((bad_char == NULL) || (*bad_char == 0)) {
46 DoKasPrincipalCreate(struct cmd_syndesc *as, void *arock)
48 typedef enum { PRINCIPAL, INSTANCE,
50 } DoKasPrincipalCreate_parm_t;
55 strcpy(user.principal, as->parms[PRINCIPAL].items->data);
57 if (as->parms[INSTANCE].items) {
58 strcpy(user.instance, as->parms[INSTANCE].items->data);
63 password = as->parms[PASSWORD].items->data;
65 if (!kas_PrincipalCreate(cellHandle, 0, &user, password, &st)) {
66 ERR_ST_EXT("kas_PrincipalCreate", st);
73 DoKasPrincipalDelete(struct cmd_syndesc *as, void *arock)
75 typedef enum { PRINCIPAL, INSTANCE } DoKasPrincipalGet_parm_t;
79 strcpy(user.principal, as->parms[PRINCIPAL].items->data);
81 if (as->parms[INSTANCE].items) {
82 strcpy(user.instance, as->parms[PRINCIPAL].items->data);
87 if (!kas_PrincipalDelete(cellHandle, 0, &user, &st)) {
88 ERR_ST_EXT("kas_PrincipalDelete", st);
95 Print_kas_principalEntry_p(kas_principalEntry_p principal, const char *prefix)
99 if (principal->adminSetting == KAS_ADMIN) {
100 printf("%sAdmin setting: KAS_ADMIN\n", prefix);
102 printf("%sAdmin setting: NO_KAS_ADMIN\n", prefix);
105 if (principal->tgsSetting == TGS) {
106 printf("%sTGS setting: TGS\n", prefix);
108 printf("%sTGS setting: NO_TGS\n", prefix);
111 if (principal->encSetting == ENCRYPT) {
112 printf("%sEncrypt setting: ENCRYPT\n", prefix);
114 printf("%sEncrypt setting: NO_ENCRYPT\n", prefix);
117 if (principal->cpwSetting == CHANGE_PASSWORD) {
118 printf("%sChange password setting: CHANGE_PASSWORD\n", prefix);
120 printf("%sChange password setting: NO_CHANGE_PASSWORD\n", prefix);
123 if (principal->rpwSetting == REUSE_PASSWORD) {
124 printf("%sReuse password setting: REUSE_PASSWORD\n", prefix);
126 printf("%sReuse password setting: NO_REUSE_PASSWORD\n", prefix);
129 printf("%sExpiration: %u\n", prefix, principal->userExpiration);
130 printf("%sLast modification time %u\n", prefix, principal->lastModTime);
131 printf("%sLast modifying principal %s", prefix,
132 principal->lastModPrincipal.principal);
133 if (principal->lastModPrincipal.instance[0] != 0) {
134 printf(".%s\n", principal->lastModPrincipal.instance);
139 printf("%sLast change password time %u\n", prefix,
140 principal->lastChangePasswordTime);
141 printf("%sMax ticket lifetime %d\n", prefix,
142 principal->maxTicketLifetime);
143 printf("%sKey version number %d\n", prefix, principal->keyVersion);
145 printf("%sKey contents :", prefix);
146 for (i = 0; i < KAS_ENCRYPTION_KEY_LEN; i++) {
147 printf("%d ", principal->key.key[i]);
151 printf("%sKey checksum %u\n", prefix, principal->keyCheckSum);
152 printf("%sDays to password expire %d\n", prefix,
153 principal->daysToPasswordExpire);
154 printf("%sFailed login count %d\n", prefix, principal->failLoginCount);
155 printf("%sLock time %d\n", prefix, principal->lockTime);
159 DoKasPrincipalGet(struct cmd_syndesc *as, void *arock)
161 typedef enum { PRINCIPAL, INSTANCE } DoKasPrincipalGet_parm_t;
164 kas_principalEntry_t principal;
166 strcpy(user.principal, as->parms[PRINCIPAL].items->data);
168 if (as->parms[INSTANCE].items) {
169 strcpy(user.instance, as->parms[PRINCIPAL].items->data);
171 user.instance[0] = 0;
174 if (!kas_PrincipalGet(cellHandle, 0, &user, &principal, &st)) {
175 ERR_ST_EXT("kas_PrincipalGet", st);
178 Print_kas_principalEntry_p(&principal, "");
184 DoKasPrincipalList(struct cmd_syndesc *as, void *arock)
190 if (!kas_PrincipalGetBegin(cellHandle, 0, &iter, &st)) {
191 ERR_ST_EXT("kas_PrincipalGetBegin", st);
194 printf("Listing principals:\n");
195 while (kas_PrincipalGetNext(iter, &prin, &st)) {
196 printf("%s", prin.principal);
197 if (prin.instance[0] != 0) {
198 printf(".%s\n", prin.instance);
204 if (st != ADMITERATORDONE) {
205 ERR_ST_EXT("kas_PrincipalGetNext", st);
208 if (!kas_PrincipalGetDone(iter, &st)) {
209 ERR_ST_EXT("kas_PrincipalGetDone", st);
216 DoKasPrincipalKeySet(struct cmd_syndesc *as, void *arock)
218 typedef enum { PRINCIPAL, INSTANCE, PASSWORD,
220 } DoKasPrincipalKeySet_parm_t;
222 kas_encryptionKey_t key;
226 const char *password;
228 strcpy(user.principal, as->parms[PRINCIPAL].items->data);
230 if (as->parms[INSTANCE].items) {
231 strcpy(user.instance, as->parms[INSTANCE].items->data);
233 user.instance[0] = 0;
236 if (!afsclient_CellNameGet(cellHandle, &cell, &st)) {
237 ERR_ST_EXT("afsclient_CellNameGet", st);
240 password = as->parms[PASSWORD].items->data;
242 GetIntFromString(as->parms[KEYVERSION].items->data,
243 "invalid key version number");
244 if (!kas_StringToKey(cell, password, &key, &st)) {
245 ERR_ST_EXT("kas_StringToKey", st);
248 if (!kas_PrincipalKeySet(cellHandle, 0, &user, key_version, &key, &st)) {
249 ERR_ST_EXT("kas_PrincipalKeySet", st);
256 DoKasPrincipalLockStatusGet(struct cmd_syndesc *as, void *arock)
258 typedef enum { PRINCIPAL, INSTANCE } DoKasPrincipalLockStatusGet_parm_t;
261 unsigned int lock_end_time = 0;
263 strcpy(user.principal, as->parms[PRINCIPAL].items->data);
265 if (as->parms[INSTANCE].items) {
266 strcpy(user.instance, as->parms[INSTANCE].items->data);
268 user.instance[0] = 0;
271 if (!kas_PrincipalLockStatusGet
272 (cellHandle, 0, &user, &lock_end_time, &st)) {
273 ERR_ST_EXT("kas_PrincipalLockStatusGet", st);
276 printf("The lock end time is %u\n", lock_end_time);
282 DoKasPrincipalUnlock(struct cmd_syndesc *as, void *arock)
284 typedef enum { PRINCIPAL, INSTANCE } DoKasPrincipalUnlock_parm_t;
288 strcpy(user.principal, as->parms[PRINCIPAL].items->data);
290 if (as->parms[INSTANCE].items) {
291 strcpy(user.instance, as->parms[INSTANCE].items->data);
293 user.instance[0] = 0;
296 if (!kas_PrincipalUnlock(cellHandle, 0, &user, &st)) {
297 ERR_ST_EXT("kas_PrincipalUnlock", st);
304 DoKasPrincipalFieldsSet(struct cmd_syndesc *as, void *arock)
306 typedef enum { PRINCIPAL, INSTANCE, ADMIN, NOADMIN, GRANTTICKET,
307 NOGRANTTICKET, ENCRYPT2, NOENCRYPT, CHANGEPASSWORD,
308 NOCHANGEPASSWORD, REUSEPASSWORD, NOREUSEPASSWORD,
309 EXPIRES, MAXTICKETLIFETIME, PASSWORDEXPIRES,
310 FAILEDPASSWORDATTEMPTS, FAILEDPASSWORDLOCKTIME
311 } DoKasPrincipalFieldsSet_parm_t;
315 kas_admin_p admin_ptr = NULL;
318 kas_tgs_p tgs_ptr = NULL;
321 kas_enc_p enc_ptr = NULL;
324 kas_cpw_p cpw_ptr = NULL;
327 kas_rpw_p reuse_ptr = NULL;
330 unsigned int *expire_ptr = NULL;
332 unsigned int max_ticket;
333 unsigned int *max_ticket_ptr = NULL;
334 int have_max_ticket = 0;
335 unsigned int password_expire;
336 unsigned int *password_expire_ptr = NULL;
337 int have_password_expire = 0;
338 unsigned int failed_password_attempts;
339 unsigned int *failed_password_attempts_ptr = NULL;
340 int have_failed_password_attempts = 0;
341 unsigned int failed_password_lock_time;
342 unsigned int *failed_password_lock_time_ptr = NULL;
343 int have_failed_password_lock_time = 0;
345 strcpy(user.principal, as->parms[PRINCIPAL].items->data);
347 if (as->parms[INSTANCE].items) {
348 strcpy(user.instance, as->parms[INSTANCE].items->data);
350 user.instance[0] = 0;
353 if (as->parms[ADMIN].items) {
359 if (as->parms[NOADMIN].items) {
360 admin = NO_KAS_ADMIN;
363 ERR_EXT("specify either admin or noadmin, not both");
368 if (as->parms[GRANTTICKET].items) {
374 if (as->parms[NOGRANTTICKET].items) {
378 ERR_EXT("specify either grantticket or nograntticket, not both");
383 if (as->parms[ENCRYPT2].items) {
389 if (as->parms[NOENCRYPT].items) {
393 ERR_EXT("specify either encrypt or noencrypt, not both");
398 if (as->parms[CHANGEPASSWORD].items) {
399 cpw = CHANGE_PASSWORD;
404 if (as->parms[NOCHANGEPASSWORD].items) {
405 cpw = NO_CHANGE_PASSWORD;
408 ERR_EXT("specify either changepassword or "
409 "nochangepassword, not both");
414 if (as->parms[REUSEPASSWORD].items) {
415 reuse = REUSE_PASSWORD;
420 if (as->parms[REUSEPASSWORD].items) {
421 reuse = NO_REUSE_PASSWORD;
424 ERR_EXT("specify either reusepassword or "
425 "noreusepassword, not both");
430 if (as->parms[EXPIRES].items) {
432 GetIntFromString(as->parms[EXPIRES].items->data,
433 "bad expiration date");
434 expire_ptr = &expire;
438 if (as->parms[MAXTICKETLIFETIME].items) {
440 GetIntFromString(as->parms[MAXTICKETLIFETIME].items->data,
441 "bad max ticket lifetime");
442 max_ticket_ptr = &max_ticket;
446 if (as->parms[PASSWORDEXPIRES].items) {
448 GetIntFromString(as->parms[PASSWORDEXPIRES].items->data,
449 "bad expiration date");
450 password_expire_ptr = &password_expire;
451 have_password_expire = 1;
454 if (as->parms[FAILEDPASSWORDATTEMPTS].items) {
455 failed_password_attempts =
456 GetIntFromString(as->parms[FAILEDPASSWORDATTEMPTS].items->data,
457 "bad expiration date");
458 failed_password_attempts_ptr = &failed_password_attempts;
459 have_failed_password_attempts = 1;
462 if (as->parms[FAILEDPASSWORDLOCKTIME].items) {
463 failed_password_lock_time =
464 GetIntFromString(as->parms[FAILEDPASSWORDLOCKTIME].items->data,
465 "bad expiration date");
466 failed_password_lock_time_ptr = &failed_password_lock_time;
467 have_failed_password_lock_time = 1;
470 if ((have_admin + have_tgs + have_enc + have_cpw + have_reuse +
471 have_expire + have_max_ticket + have_password_expire +
472 have_failed_password_attempts + have_failed_password_lock_time) ==
474 ERR_EXT("You must specify at least one attribute to change");
477 if (!kas_PrincipalFieldsSet
478 (cellHandle, 0, &user, admin_ptr, tgs_ptr, enc_ptr, cpw_ptr,
479 expire_ptr, max_ticket_ptr, password_expire_ptr, reuse_ptr,
480 failed_password_attempts_ptr, failed_password_lock_time_ptr, &st)) {
481 ERR_ST_EXT("kas_PrincipalFieldsSet", st);
488 Print_kas_serverStats_p(kas_serverStats_p stats, const char *prefix)
490 time_t stime = stats->serverStartTime;
492 printf("%sAllocations %d\n", prefix, stats->allocations);
493 printf("%sFrees %d\n", prefix, stats->frees);
494 printf("%sChange password requests %d\n", prefix,
495 stats->changePasswordRequests);
496 printf("%sAdmin accounts %d\n", prefix, stats->adminAccounts);
497 printf("%sHost %x\n", prefix, stats->host);
498 printf("%sServer start time %s\n", prefix, ctime(&stime));
499 printf("%sUser time %ld secs %ld usec\n", prefix, stats->userTime.tv_sec,
500 (long) stats->userTime.tv_usec);
501 printf("%sSystem time %ld secs %ld usec\n", prefix,
502 stats->systemTime.tv_sec, (long) stats->systemTime.tv_usec);
503 printf("%sData size %d\n", prefix, stats->dataSize);
504 printf("%sStack size %d\n", prefix, stats->stackSize);
505 printf("%sPage faults %d\n", prefix, stats->pageFaults);
506 printf("%sHash table utilization %d\n", prefix,
507 stats->hashTableUtilization);
508 printf("%sAuthentication requests %d aborts %d\n", prefix,
509 stats->authenticate.requests, stats->authenticate.aborts);
510 printf("%sChange password requests %d aborts %d\n", prefix,
511 stats->changePassword.requests, stats->changePassword.aborts);
512 printf("%sGet ticket requests %d aborts %d\n", prefix,
513 stats->getTicket.requests, stats->getTicket.aborts);
514 printf("%sCreate user requests %d aborts %d\n", prefix,
515 stats->createUser.requests, stats->createUser.aborts);
516 printf("%sSet password requests %d aborts %d\n", prefix,
517 stats->setPassword.requests, stats->setPassword.aborts);
518 printf("%sSet fields requests %d aborts %d\n", prefix,
519 stats->setFields.requests, stats->setFields.aborts);
520 printf("%sDelete user requests %d aborts %d\n", prefix,
521 stats->deleteUser.requests, stats->deleteUser.aborts);
522 printf("%sGet entry requests %d aborts %d\n", prefix,
523 stats->getEntry.requests, stats->getEntry.aborts);
524 printf("%sList entry requests %d aborts %d\n", prefix,
525 stats->listEntry.requests, stats->listEntry.aborts);
526 printf("%sGet stats requests %d aborts %d\n", prefix,
527 stats->getStats.requests, stats->getStats.aborts);
528 printf("%sGet password requests %d aborts %d\n", prefix,
529 stats->getPassword.requests, stats->getPassword.aborts);
530 printf("%sGet random key requests %d aborts %d\n", prefix,
531 stats->getRandomKey.requests, stats->getRandomKey.aborts);
532 printf("%sDebug requests %d aborts %d\n", prefix, stats->debug.requests,
533 stats->debug.aborts);
534 printf("%sUDP authenticate requests %d aborts %d\n", prefix,
535 stats->udpAuthenticate.requests, stats->udpAuthenticate.aborts);
536 printf("%sUDP get ticket requests %d aborts %d\n", prefix,
537 stats->udpGetTicket.requests, stats->udpGetTicket.aborts);
538 printf("%sUnlock requests %d aborts %d\n", prefix, stats->unlock.requests,
539 stats->unlock.aborts);
540 printf("%sLock status requests %d aborts %d\n", prefix,
541 stats->lockStatus.requests, stats->lockStatus.aborts);
542 printf("%sString checks %d\n", prefix, stats->stringChecks);
546 DoKasServerStatsGet(struct cmd_syndesc *as, void *arock)
548 typedef enum { SERVER } DoKasServerStatsGet_parm_t;
550 const char *server_list[2] = { 0, 0 };
551 void *kas_server = NULL;
552 kas_serverStats_t stats;
554 if (as->parms[SERVER].items) {
555 server_list[0] = as->parms[SERVER].items->data;
558 if (!kas_ServerOpen(cellHandle, server_list, &kas_server, &st)) {
559 ERR_ST_EXT("kas_ServerOpen", st);
562 if (!kas_ServerStatsGet(0, kas_server, &stats, &st)) {
563 ERR_ST_EXT("kas_ServerStatsGet", st);
566 Print_kas_serverStats_p(&stats, "");
568 kas_ServerClose(kas_server, 0);
574 Print_kas_serverDebugInfo_p(kas_serverDebugInfo_p debug, const char *prefix)
579 printf("%sHost %x\n", prefix, debug->host);
580 time = debug->serverStartTime;
581 printf("%sServer start time %s\n", prefix, ctime(&time));
582 time = debug->currentTime;
583 printf("%sCurrent time %s\n", prefix, ctime(&time));
584 printf("%sNo auth %d\n", prefix, debug->noAuth);
585 time = debug->lastTransaction;
586 printf("%sLast transaction %s\n", prefix, ctime(&time));
587 printf("%sLast operation %s\n", prefix, debug->lastOperation);
588 printf("%sLast principal auth %s\n", prefix, debug->lastPrincipalAuth);
589 printf("%sLast principal UDP auth %s\n", prefix,
590 debug->lastPrincipalUDPAuth);
591 printf("%sLast principal TGS auth %s\n", prefix, debug->lastPrincipalTGS);
592 printf("%sLast principal UDP TGS auth %s\n", prefix,
593 debug->lastPrincipalUDPTGS);
594 printf("%sLast principal admin %s\n", prefix, debug->lastPrincipalAdmin);
595 printf("%sLast server TGS %s\n", prefix, debug->lastServerTGS);
596 printf("%sLast server UDP TGS %s\n", prefix, debug->lastServerUDPTGS);
597 time = debug->nextAutoCheckPointWrite;
598 printf("%sNext auto check point write %s\n", prefix, ctime(&time));
599 printf("%sUpdates remaining before ACPW %d\n", prefix,
600 debug->updatesRemainingBeforeAutoCheckPointWrite);
601 time = debug->dbHeaderRead;
602 printf("%sDatabase header read %s\n", prefix, ctime(&time));
603 printf("%sDatabase version %d\n", prefix, debug->dbVersion);
604 printf("%sDatabase free ptr %d\n", prefix, debug->dbFreePtr);
605 printf("%sDatabase EOF ptr %d\n", prefix, debug->dbEOFPtr);
606 printf("%sDatabase kvno ptr %d\n", prefix, debug->dbKvnoPtr);
607 printf("%sDatabase special keys version%d\n", prefix,
608 debug->dbSpecialKeysVersion);
609 printf("%sDatabase header lock %d\n", prefix, debug->dbHeaderLock);
610 printf("%sKey cache lock %d\n", prefix, debug->keyCacheLock);
611 printf("%sKey cache version %d\n", prefix, debug->keyCacheVersion);
612 printf("%sKey cache size %d\n", prefix, debug->keyCacheSize);
613 printf("%sKey cache used %d\n", prefix, debug->keyCacheUsed);
615 printf("%sKey cache\n", prefix);
617 for (i = 0; i < debug->keyCacheUsed; i++) {
618 printf("%s\tPrincipal %s\n", prefix, debug->keyCache[i].principal);
619 time = debug->keyCache[i].lastUsed;
620 printf("%s\tLast used %s\n", prefix, ctime(&time));
621 printf("%s\tVersion number %d\n", prefix,
622 debug->keyCache[i].keyVersionNumber);
623 printf("%s\tPrimary %d\n", prefix, debug->keyCache[i].primary);
624 printf("%s\tCheck sum %d\n", prefix, debug->keyCache[i].keyCheckSum);
631 DoKasServerDebugGet(struct cmd_syndesc *as, void *arock)
633 typedef enum { SERVER } DoKasServerDebugGet_parm_t;
635 const char *server_list[2] = { 0, 0 };
636 void *kas_server = NULL;
637 kas_serverDebugInfo_t debug;
639 if (as->parms[SERVER].items) {
640 server_list[0] = as->parms[SERVER].items->data;
643 if (!kas_ServerOpen(cellHandle, server_list, &kas_server, &st)) {
644 ERR_ST_EXT("kas_ServerOpen", st);
647 if (!kas_ServerDebugGet(0, kas_server, &debug, &st)) {
648 ERR_ST_EXT("kas_ServerDebugGet", st);
651 Print_kas_serverDebugInfo_p(&debug, "");
653 kas_ServerClose(kas_server, 0);
659 DoKasServerRandomKeyGet(struct cmd_syndesc *as, void *arock)
662 kas_encryptionKey_t key;
665 if (!kas_ServerRandomKeyGet(cellHandle, 0, &key, &st)) {
666 ERR_ST_EXT("kas_ServerRandomKeyGet", st);
670 for (i = 0; i < KAS_ENCRYPTION_KEY_LEN; i++) {
671 printf("%d ", key.key[i]);
679 SetupKasAdminCmd(void)
681 struct cmd_syndesc *ts;
683 ts = cmd_CreateSyntax("KasPrincipalCreate", DoKasPrincipalCreate, NULL,
684 "create a new principal");
685 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_REQUIRED,
686 "principal to create");
687 cmd_AddParm(ts, "-instance", CMD_SINGLE, CMD_OPTIONAL,
688 "principal instance");
689 cmd_AddParm(ts, "-password", CMD_SINGLE, CMD_REQUIRED,
690 "initial principal password");
691 SetupCommonCmdArgs(ts);
693 ts = cmd_CreateSyntax("KasPrincipalDelete", DoKasPrincipalDelete, NULL,
694 "delete a principal");
695 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_REQUIRED,
696 "principal to delete");
697 cmd_AddParm(ts, "-instance", CMD_SINGLE, CMD_OPTIONAL,
698 "principal instance");
699 SetupCommonCmdArgs(ts);
701 ts = cmd_CreateSyntax("KasPrincipalGet", DoKasPrincipalGet, NULL,
702 "get information about a principal");
703 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_REQUIRED,
705 cmd_AddParm(ts, "-instance", CMD_SINGLE, CMD_OPTIONAL,
706 "principal instance");
707 SetupCommonCmdArgs(ts);
709 ts = cmd_CreateSyntax("KasPrincipalList", DoKasPrincipalList, NULL,
710 "list all principals");
711 SetupCommonCmdArgs(ts);
713 ts = cmd_CreateSyntax("KasPrincipalKeySet", DoKasPrincipalKeySet, NULL,
714 "set the password for a principal");
715 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_REQUIRED,
716 "principal to modify");
717 cmd_AddParm(ts, "-instance", CMD_SINGLE, CMD_OPTIONAL,
718 "principal instance");
719 cmd_AddParm(ts, "-password", CMD_SINGLE, CMD_REQUIRED,
720 "new principal password");
721 cmd_AddParm(ts, "-version", CMD_SINGLE, CMD_REQUIRED,
722 "password version number");
723 SetupCommonCmdArgs(ts);
725 ts = cmd_CreateSyntax("KasPrincipalLockStatusGet",
726 DoKasPrincipalLockStatusGet, NULL,
727 "get the lock status of a principal");
728 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_REQUIRED,
729 "principal to query");
730 cmd_AddParm(ts, "-instance", CMD_SINGLE, CMD_OPTIONAL,
731 "principal instance");
732 SetupCommonCmdArgs(ts);
734 ts = cmd_CreateSyntax("KasPrincipalUnlock", DoKasPrincipalUnlock, NULL,
735 "unlock a principal");
736 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_REQUIRED,
737 "principal to unlock");
738 cmd_AddParm(ts, "-instance", CMD_SINGLE, CMD_OPTIONAL,
739 "principal instance");
740 SetupCommonCmdArgs(ts);
742 ts = cmd_CreateSyntax("KasPrincipalFieldsSet", DoKasPrincipalFieldsSet, NULL,
743 "modify a principal");
744 cmd_AddParm(ts, "-principal", CMD_SINGLE, CMD_REQUIRED,
745 "principal to modify");
746 cmd_AddParm(ts, "-instance", CMD_SINGLE, CMD_OPTIONAL,
747 "principal instance");
748 cmd_AddParm(ts, "-admin", CMD_FLAG, CMD_OPTIONAL,
749 "make this principal an admin");
750 cmd_AddParm(ts, "-noadmin", CMD_FLAG, CMD_OPTIONAL,
751 "remove admin from this principal");
752 cmd_AddParm(ts, "-grantticket", CMD_FLAG, CMD_OPTIONAL,
753 "this principal can grant server tickets");
754 cmd_AddParm(ts, "-nograntticket", CMD_FLAG, CMD_OPTIONAL,
755 "this principal cannot grant server tickets");
756 cmd_AddParm(ts, "-encrypt", CMD_FLAG, CMD_OPTIONAL,
757 "this principal can encrypt data");
758 cmd_AddParm(ts, "-noencrypt", CMD_FLAG, CMD_OPTIONAL,
759 "this principal cannot encrypt data");
760 cmd_AddParm(ts, "-changepassword", CMD_FLAG, CMD_OPTIONAL,
761 "this principal can change its password");
762 cmd_AddParm(ts, "-nochangepassword", CMD_FLAG, CMD_OPTIONAL,
763 "this principal cannot change its password");
764 cmd_AddParm(ts, "-reusepassword", CMD_FLAG, CMD_OPTIONAL,
765 "this principal can reuse its password");
766 cmd_AddParm(ts, "-noreusepassword", CMD_FLAG, CMD_OPTIONAL,
767 "this principal cannot reuse its password");
768 cmd_AddParm(ts, "-expires", CMD_SINGLE, CMD_OPTIONAL,
769 "the time at which this principal expires");
770 cmd_AddParm(ts, "-maxticketlifetime", CMD_SINGLE, CMD_OPTIONAL,
771 "the maximum ticket lifetime this principal can request");
772 cmd_AddParm(ts, "-passwordexpires", CMD_SINGLE, CMD_OPTIONAL,
773 "the time at which this principal's password expires");
774 cmd_AddParm(ts, "-failedpasswordattempts", CMD_SINGLE, CMD_OPTIONAL,
775 "the number of failed password attempts this principal "
776 "can incur before it is locked");
777 cmd_AddParm(ts, "-failedpasswordlocktime", CMD_SINGLE, CMD_OPTIONAL,
778 "the amount of time this principal will be locked if the "
779 "maximum failed password attempts is exceeded");
780 SetupCommonCmdArgs(ts);
782 ts = cmd_CreateSyntax("KasServerStatsGet", DoKasServerStatsGet, NULL,
783 "get stats on a kaserver");
784 cmd_AddParm(ts, "-server", CMD_SINGLE, CMD_REQUIRED, "server to query");
785 SetupCommonCmdArgs(ts);
787 ts = cmd_CreateSyntax("KasServerDebugGet", DoKasServerDebugGet, NULL,
788 "get debug info from a kaserver");
789 cmd_AddParm(ts, "-server", CMD_SINGLE, CMD_REQUIRED, "server to query");
790 SetupCommonCmdArgs(ts);
792 ts = cmd_CreateSyntax("KasServerRandomKeyGet", DoKasServerRandomKeyGet, NULL,
793 "create a random key");
794 SetupCommonCmdArgs(ts);