1/*
2 * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33/* Id */
34
35command = {
36          name = "stash"
37          name = "kstash"
38          option = {
39                    long = "enctype"
40                    short = "e"
41                    type = "string"
42                    help = "encryption type"
43                    default = "des3-cbc-sha1"
44          }
45          option = {
46                    long = "key-file"
47                    short = "k"
48                    type = "string"
49                    argument = "file"
50                    help = "master key file"
51          }
52          option = {
53                    long = "convert-file"
54                    type = "flag"
55                    help = "just convert keyfile to new format"
56          }
57          option = {
58                    long = "random-password"
59                    type = "flag"
60                    help = "use a random password (and print the password to stdout)"
61          }
62          option = {
63                    long = "master-key-fd"
64                    type = "integer"
65                    argument = "fd"
66                    help = "filedescriptor to read passphrase from"
67                    default = "-1"
68          }
69          help = "Writes the Kerberos master key to a file used by the KDC. \nLocal (-l) mode only."
70}
71command = {
72          name = "dump"
73          option = {
74                    long = "decrypt"
75                    short = "d"
76                    type = "flag"
77                    help = "decrypt keys"
78          }
79          option = {
80                    long = "format"
81                    short = "f"
82                    type = "string"
83                    help = "dump format, mit or heimdal (default: heimdal)"
84          }
85          argument = "[dump-file]"
86          min_args = "0"
87          max_args = "1"
88          help = "Dumps the database in a human readable format to the specified file, \nor the standard out. Local (-l) mode only."
89}
90
91command = {
92          name = "init"
93          option = {
94                    long = "realm-max-ticket-life"
95                    type = "string"
96                    help = "realm max ticket lifetime"
97          }
98          option = {
99                    long = "realm-max-renewable-life"
100                    type = "string"
101                    help = "realm max renewable lifetime"
102          }
103          option = {
104                    long = "bare"
105                    type = "flag"
106                    help = "only create krbtgt for realm"
107          }
108          argument = "realm..."
109          min_args = "1"
110          help = "Initializes the default principals for a realm. Creates the database\nif necessary. Local (-l) mode only."
111}
112command = {
113          name = "load"
114          argument = "file"
115          min_args = "1"
116          max_args = "1"
117          help = "Loads a previously dumped file. Local (-l) mode only."
118}
119command = {
120          name = "merge"
121          argument = "file"
122          min_args = "1"
123          max_args = "1"
124          help = "Merges the contents of a dump file into the database. Local (-l) mode only."
125}
126command = {
127          name = "add"
128          name = "ank"
129          name = "add_new_key"
130          function = "add_new_key"
131          option = {
132                    long = "random-key"
133                    short = "r"
134                    type = "flag"
135                    help = "set random key"
136          }
137          option = {
138                    long = "random-password"
139                    type = "flag"
140                    help = "set random password"
141          }
142          option = {
143                    long = "password"
144                    short = "p"
145                    type = "string"
146                    help = "principal's password"
147          }
148          option = {
149                    long = "key"
150                    type = "string"
151                    help = "DES-key in hex"
152          }
153          option = {
154                    long = "max-ticket-life"
155                    type = "string"
156                    argument ="lifetime"
157                    help = "max ticket lifetime"
158          }
159          option = {
160                    long = "max-renewable-life"
161                    type = "string"
162                    argument = "lifetime"
163                    help = "max renewable life"
164          }
165          option = {
166                    long = "attributes"
167                    type = "string"
168                    argument = "attributes"
169                    help = "principal attributes"
170          }
171          option = {
172                    long = "expiration-time"
173                    type = "string"
174                    argument = "time"
175                    help = "principal expiration time"
176          }
177          option = {
178                    long = "pw-expiration-time"
179                    type = "string"
180                    argument = "time"
181                    help = "password expiration time"
182          }
183          option = {
184                    long = "hist-kvno-diff-clnt"
185                    type = "integer"
186                    argument = "kvno diff"
187                    help = "historic keys allowed for client"
188                    default = "-1"
189          }
190          option = {
191                    long = "hist-kvno-diff-svc"
192                    type = "integer"
193                    argument = "kvno diff"
194                    help = "historic keys allowed for service"
195                    default = "-1"
196          }
197          option = {
198                    long = "use-defaults"
199                    type = "flag"
200                    help = "use default values"
201          }
202          option = {
203                    long = "policy"
204                    type = "string"
205                    argument = "policy"
206                    help = "policy name"
207          }
208          argument = "principal..."
209          min_args = "1"
210          help = "Adds a principal to the database."
211}
212command = {
213          name = "passwd"
214          name = "cpw"
215          name = "change_password"
216          function = "cpw_entry"
217          option = {
218                    long = "random-key"
219                    short = "r"
220                    type = "flag"
221                    help = "set random key"
222          }
223          option = {
224                    long = "random-password"
225                    type = "flag"
226                    help = "set random password"
227          }
228          option = {
229                    long = "password"
230                    short = "p"
231                    type = "string"
232                    help = "princial's password"
233          }
234          option = {
235                    long = "key"
236                    type = "string"
237                    help = "DES key in hex"
238          }
239          option = {
240                    long = "keepold"
241                    type = "flag"
242                    help = "keep old keys/password"
243          }
244          argument = "principal..."
245          min_args = "1"
246          help = "Changes the password of one or more principals matching the expressions."
247}
248command = {
249          name = "delete"
250          name = "del"
251          name = "del_entry"
252          function = "del_entry"
253          argument = "principal..."
254          min_args = "1"
255          help = "Deletes all principals matching the expressions."
256}
257command = {
258          name = "del_enctype"
259          argument = "principal enctype..."
260          min_args = "2"
261          help = "Delete all the mentioned enctypes for principal."
262}
263command = {
264          name = "add_enctype"
265          option = {
266                    long = "random-key"
267                    short = "r"
268                    type = "flag"
269                    help = "set random key"
270          }
271          argument = "principal enctype..."
272          min_args = "2"
273          help = "Add new enctypes for principal."
274}
275command = {
276          name = "ext_keytab"
277          option = {
278                    long = "keytab"
279                    short = "k"
280                    type = "string"
281                    help = "keytab to use"
282          }
283          option = {
284                    long = "random-key"
285                    short = "r"
286                    type = "flag"
287                    help = "set random key"
288          }
289          argument = "principal..."
290          min_args = "1"
291          help = "Extracts the keys of all principals matching the expressions, and stores them in a keytab."
292}
293command = {
294          name = "get"
295          name = "get_entry"
296          function = "get_entry"
297          /* XXX sync options with "list" */
298          option = {
299                    long = "long"
300                    short = "l"
301                    type = "flag"
302                    help = "long format"
303                    default = "-1"
304          }
305          option = {
306                    long = "short"
307                    short = "s"
308                    type = "flag"
309                    help = "short format"
310          }
311          option = {
312                    long = "terse"
313                    short = "t"
314                    type = "flag"
315                    help = "terse format"
316          }
317          option = {
318                    long = "column-info"
319                    short = "o"
320                    type = "string"
321                    help = "columns to print for short output"
322          }
323          argument = "principal..."
324          min_args = "1"
325          help = "Shows information about principals matching the expressions."
326}
327command = {
328          name = "rename"
329          function = "rename_entry"
330          argument = "from to"
331          min_args = "2"
332          max_args = "2"
333          help = "Renames a principal."
334}
335command = {
336          name = "modify"
337          function = "mod_entry"
338          option = {
339                    long = "max-ticket-life"
340                    type = "string"
341                    argument ="lifetime"
342                    help = "max ticket lifetime"
343          }
344          option = {
345                    long = "max-renewable-life"
346                    type = "string"
347                    argument = "lifetime"
348                    help = "max renewable life"
349          }
350          option = {
351                    long = "attributes"
352                    short = "a"
353                    type = "string"
354                    argument = "attributes"
355                    help = "principal attributes"
356          }
357          option = {
358                    long = "expiration-time"
359                    type = "string"
360                    argument = "time"
361                    help = "principal expiration time"
362          }
363          option = {
364                    long = "pw-expiration-time"
365                    type = "string"
366                    argument = "time"
367                    help = "password expiration time"
368          }
369          option = {
370                    long = "kvno"
371                    type = "integer"
372                    help = "key version number"
373                    default = "-1"
374          }
375          option = {
376                    long = "constrained-delegation"
377                    type = "strings"
378                    argument = "principal"
379                    help = "allowed target principals"
380          }
381          option = {
382                    long = "alias"
383                    type = "strings"
384                    argument = "principal"
385                    help = "aliases"
386          }
387          option = {
388                    long = "pkinit-acl"
389                    type = "strings"
390                    argument = "subject dn"
391                    help = "aliases"
392          }
393          option = {
394                    long = "policy"
395                    type = "string"
396                    argument = "policy"
397                    help = "policy name"
398          }
399          option = {
400                    long = "hist-kvno-diff-clnt"
401                    type = "integer"
402                    argument = "kvno diff"
403                    help = "historic keys allowed for client"
404                    default = "-1"
405          }
406          option = {
407                    long = "hist-kvno-diff-svc"
408                    type = "integer"
409                    argument = "kvno diff"
410                    help = "historic keys allowed for service"
411                    default = "-1"
412          }
413          argument = "principal"
414          min_args = "1"
415          max_args = "1"
416          help = "Modifies some attributes of the specified principal."
417}
418command = {
419          name = "privileges"
420          name = "privs"
421          function = "get_privs"
422          help = "Shows which operations you are allowed to perform."
423}
424command = {
425          name = "list"
426          function = "list_princs"
427          /* XXX sync options with "get" */
428          option = {
429                    long = "long"
430                    short = "l"
431                    type = "flag"
432                    help = "long format"
433          }
434          option = {
435                    long = "short"
436                    short = "s"
437                    type = "flag"
438                    help = "short format"
439          }
440          option = {
441                    long = "terse"
442                    short = "t"
443                    type = "flag"
444                    help = "terse format"
445                    default = "-1"
446          }
447          option = {
448                    long = "column-info"
449                    short = "o"
450                    type = "string"
451                    help = "columns to print for short output"
452          }
453          argument = "principal..."
454          min_args = "1"
455          help = "Lists principals in a terse format. Equivalent to \"get -t\"."
456}
457command = {
458          name = "verify-password-quality"
459          name = "pwq"
460          function = "password_quality"
461          argument = "principal password"
462          min_args = "2"
463          max_args = "2"
464          help = "Try run the password quality function locally (not doing RPC out to server)."
465}
466command = {
467          name = "check"
468          function = "check"
469          argument = "[realm]"
470          min_args = "0"
471          max_args = "1"
472          help = "Check the realm (if not given, the default realm) for configuration errors."
473}
474command = {
475          name = "lock"
476          function = "lock"
477          argument = ""
478          min_args = "0"
479          max_args = "0"
480          help = "Lock the database for writing (use with care)."
481}
482command = {
483          name = "unlock"
484          function = "unlock"
485          argument = ""
486          min_args = "0"
487          max_args = "0"
488          help = "Unlock the database."
489}
490command = {
491          name = "help"
492          name = "?"
493          argument = "[command]"
494          min_args = "0"
495          max_args = "1"
496          help = "Help! I need somebody."
497}
498command = {
499          name = "exit"
500          name = "quit"
501          function = "exit_kadmin"
502          help = "Quits."
503}
504