[OpenAFS] kas-to-kadmin migration?!

Charles Clancy security@xauth.net
Tue, 22 Jan 2002 22:02:12 -0600 (CST)


> I am wondering whether someone has a wrapper script that translates
> these kas commands into kadmin commands.

See below.  I whipped it up in about an hour.  I haven't extensively
tested it, but it should be pretty readable if any bug fixes /
customizations / extensions are needed.  It most certainly does not
reformat the output of kadmin to make it look like regular kas output.
Also, the first time you use a '-flag', you need to use them all the
following parameters.  Be sure to read the "NOTE:" section.

--
t. charles clancy <> tclancy@uiuc.edu <> www.uiuc.edu/~tclancy


#!/usr/bin/perl

###############
#
# Nifty kas wrapper for kadmin
# Author: tclancy@uiuc.edu
#
# supports: create, delete, examine, list, setfields, setpassword
# with limited arguments
#
# NOTE: the "-password_for_admin" flag is interpreted as a keytab file
#       the "-noauth" flag is interpreted as kadmin.local
#
###############

# location of kadmin:
chomp($kadmin = `which kadmin`);

# get current cell name, and user logged in
chomp($realm=`cat /usr/vice/etc/ThisCell`);
chomp($adminuser=`whoami`);

# let's find all the options with dashes specified
$x=0;
foreach $a (@ARGV) {
	$x++;
	$adminuser=@ARGV[$x] 	if ($a =~ /^\-ad/);
	$realm=@ARGV[$x]	if ($a =~ /^\-c/);
	$optexpir=@ARGV[$x]	if ($a =~ /^\-e/);
	$optinipas=@ARGV[$x]	if ($a =~ /^\-i/);
	$optlife=@ARGV[$x]	if ($a =~ /^\-li/);
	$optname=@ARGV[$x]	if ($a =~ /^\-na/);
	$optnewpass=@ARGV[$x]	if ($a =~ /^\-ne/);
	$local=".local"		if ($a =~ /^\-no/);
	$adminpass=@ARGV[$x]	if ($a =~ /^\-pa/);
	$optpwexp=@ARGV[$x]	if ($a =~ /^\-pw/);
}

# now, locate the first option with a dash
$fd=0;
for $x (1..$#ARGV) {
	$fd = $x if (($ARGV[$x]=~/^\-/) && ($fd==0));
}
$fd=($#ARGV)+1 if ($fd==0);

# capitalize our realm name
$realm =~ tr/a-z/A-Z/;

# add a "/admin" to the end, and maybe switch dots to slashes.
$adminuser =~ s/\./\//;
$adminuser.= "/admin" if (! ($adminuser =~ /\//));

# here's our kadmin command
$kadmin.=$local;
$kadmin.=" -r $realm -p $adminuser";
$kadmin.=" -k -t $adminpass" 		if ((!($adminpass eq "")) && ($local eq ""));

$_ = @ARGV[0];
SWITCH: {
	if (/^c/) { 	#create
		$optname = @ARGV[1]		if (($fd > 1) && ($optname eq ""));
		$optinipas = @ARGV[2]		if (($fd > 2) && ($optinipas eq ""));
		$query = "addprinc";
		$query .= " -pw $optinipas"	if (!($optinipas eq ""));
		$query .= " ".$optname;
		last SWITCH;
	}
	if (/^d/) {	#delete
		$optname = @ARGV[1]		if (($fd > 1) && ($optname eq ""));
		$query = "delprinc $optname";
		last SWITCH;
	}
	if (/^e/) {	#examine
		$optname = @ARGV[1]		if (($fd > 1) && ($optname eq ""));
		$query = "getprinc $optname";
		last SWITCH;
	}
	if (/^list$/) {	#list
		$query = "listprincs";
		last SWITCH;
	}
	if (/^setf/) {	#setfields
		$optname = @ARGV[1]		if (($fd > 1) && ($optname eq ""));
		$optexpir = @ARGV[3]		if (($fd > 3) && ($optexpir eq ""));
		$optlife = @ARGV[4]		if (($fd > 4) && ($optlife eq ""));
		$optpwexp = @ARGV[5]		if (($fd > 5) && ($optpwexp eq ""));
		$query = "modprinc";
		$query .= " -expire $optexpir"		if (!($optexpir eq ""));
		$query .= " -pwexpire $optpwexp"	if (!($optpwexp eq ""));
		$query .= " -maxlife $optlife"		if (!($optlife eq ""));
		$query .= " -maxrenewlife $optlife"	if (!($optlife eq ""));
		$query .= " $optname";
		last SWITCH;
	}
	if (/^setp/) {	#setpassword
		$optname = @ARGV[1]		if (($fd > 1) && ($optname eq ""));
		$optnewpass = @ARGV[2]		if (($fd > 2) && ($optnewpass eq ""));
		$query = "cpw";
		$query .= " -pw $optnewpass"	if (!($optnewpass eq ""));
		$query .= " $optname";
		last SWITCH;
	}

}

system($kadmin." -q '$query'");