xref: /illumos-gate/usr/src/cmd/krb5/kadmin/cli/k5srvutil.sh (revision 2b24ab6b3865caeede9eeb9db6b83e1d89dcd1ea) 
1#!/bin/sh
2#
3#
4# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
5# Use is subject to license terms.
6#
7#
8#
9#
10#pragma ident	"%Z%%M%	%I%	%E% SMI"
11
12TEXTDOMAIN=SUNW_OST_OSCMD
13export TEXTDOMAIN
14
15# list_princs keytab
16# returns a list of principals in the keytab
17# sorted and uniquified
18list_princs() {
19    klist -k $keytab | tail +4 | awk '{print $2}' | sort | uniq
20}
21
22set_command() {
23    if [ x$command != x ] ; then
24	cmd_error `gettext  "Only one command can be specified"`
25	usage
26	exit 1
27    fi
28    command=$1
29}
30
31#interactive_prompt prompt princ
32# If in interactive mode  return true if the principal  should be acted on
33# otherwise return true all the time
34#
35# SUNW14resync: If in interactive mode the default is now to return false
36#               i.e. if in interactive mode unless the user types "Yes" or
37#               "yes" false will be returned.
38#
39interactive_prompt() {
40    if [ $interactive = 0 ] ; then
41	return 0
42    fi
43    PROMPT=`gettext  "%s for %s? [yes no] "`
44    Y1=`gettext  "yes"`
45    Y2=`gettext  "Yes"`
46    printf "$PROMPT" "$1" "$2"
47    read ans
48    case $ans in
49    ${Y1}|${Y2})
50	return 0
51	;;
52    esac
53    return 1
54    }
55
56cmd_error() {
57    echo $@ 2>&1
58    }
59
60usage() {
61    USAGE=`gettext "Usage: $0 [-i] [-f file] list|change|delete|delold"`
62    echo $USAGE
63}
64
65
66
67change_key() {
68    princs=`list_princs `
69    for princ in $princs; do
70	ACTION=`gettext  "Change key"`
71	if interactive_prompt "$ACTION" $princ; then
72	    kadmin -k -t $keytab -p $princ -q "ktadd -k $keytab $princ"
73	fi
74    done
75    }
76
77delete_old_keys() {
78    princs=`list_princs `
79    for princ in $princs; do
80	ACTION=`gettext  "Delete old keys"`
81	if interactive_prompt "$ACTION" $princ; then
82	    kadmin -k -t $keytab -p $princ -q "ktrem -k $keytab $princ old"
83	fi
84    done
85    }
86
87delete_keys() {
88    interactive=1
89    princs=`list_princs `
90    for princ in $princs; do
91	ACTION=`gettext  "Delete all keys"`
92	if interactive_prompt "$ACTION" $princ; then
93	    kadmin -p $princ -k -t $keytab -q "ktrem -k $keytab $princ all"
94	fi
95    done
96    }
97
98
99keytab=/etc/krb5/krb5.keytab
100interactive=0
101
102CHANGE=`gettext  "change"`
103DELOLD=`gettext  "delold"`
104DELETE=`gettext  "delete"`
105LIST=`gettext  "list"`
106
107while [ $# -gt 0 ] ; do
108    opt=$1
109    shift
110        case $opt in
111	"-f")
112	keytab=$1
113	shift
114	;;
115	"-i")
116	interactive=1
117	;;
118	${CHANGE}|${DELOLD}|${DELETE}|${LIST})
119	set_command $opt
120	;;
121	*)
122	ILLEGAL=`gettext  "Illegal option: "`
123	cmd_error $ILLEGAL $opt
124	usage
125	exit 1
126	;;
127	esac
128done
129
130
131case $command in
132    $CHANGE)
133    change_key
134    ;;
135    $DELOLD)
136    delete_old_keys
137    ;;
138    $DELETE)
139    delete_keys
140    ;;
141    $LIST)
142    klist -k $keytab
143    ;;
144    *)
145        usage
146	;;
147    esac
148