1#!/bin/sh
2#
3#
4# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
5# Use is subject to license terms.
6#
7
8TEXTDOMAIN=SUNW_OST_OSCMD
9export TEXTDOMAIN
10
11# list_princs keytab
12# returns a list of principals in the keytab
13# sorted and uniquified
14list_princs() {
15    klist -k $keytab | tail +4 | awk '{print $2}' | sort | uniq
16}
17
18set_command() {
19    if [ x$command != x ] ; then
20	cmd_error `gettext  "Only one command can be specified"`
21	usage
22	exit 1
23    fi
24    command=$1
25}
26
27#interactive_prompt prompt princ
28# If in interactive mode  return true if the principal  should be acted on
29# otherwise return true all the time
30#
31# SUNW14resync: If in interactive mode the default is now to return false
32#               i.e. if in interactive mode unless the user types "Yes" or
33#               "yes" false will be returned.
34#
35interactive_prompt() {
36    if [ $interactive = 0 ] ; then
37	return 0
38    fi
39    PROMPT=`gettext  "%s for %s? [yes no] "`
40    Y1=`gettext  "yes"`
41    Y2=`gettext  "Yes"`
42    printf "$PROMPT" "$1" "$2"
43    read ans
44    case $ans in
45    ${Y1}|${Y2})
46	return 0
47	;;
48    esac
49    return 1
50    }
51
52cmd_error() {
53    echo $@ 2>&1
54    }
55
56usage() {
57    USAGE=`gettext "Usage: $0 [-i] [-f file] list|change|delete|delold"`
58    echo $USAGE
59}
60
61
62
63change_key() {
64    princs=`list_princs `
65    for princ in $princs; do
66	ACTION=`gettext  "Change key"`
67	if interactive_prompt "$ACTION" $princ; then
68	    kadmin -k -t $keytab -p $princ -q "ktadd -k $keytab $princ"
69	fi
70    done
71    }
72
73delete_old_keys() {
74    princs=`list_princs `
75    for princ in $princs; do
76	ACTION=`gettext  "Delete old keys"`
77	if interactive_prompt "$ACTION" $princ; then
78	    kadmin -k -t $keytab -p $princ -q "ktrem -k $keytab $princ old"
79	fi
80    done
81    }
82
83delete_keys() {
84    interactive=1
85    princs=`list_princs `
86    for princ in $princs; do
87	ACTION=`gettext  "Delete all keys"`
88	if interactive_prompt "$ACTION" $princ; then
89	    kadmin -p $princ -k -t $keytab -q "ktrem -k $keytab $princ all"
90	fi
91    done
92    }
93
94
95keytab=/etc/krb5/krb5.keytab
96interactive=0
97
98CHANGE=`gettext  "change"`
99DELOLD=`gettext  "delold"`
100DELETE=`gettext  "delete"`
101LIST=`gettext  "list"`
102
103while [ $# -gt 0 ] ; do
104    opt=$1
105    shift
106        case $opt in
107	"-f")
108	keytab=$1
109	shift
110	;;
111	"-i")
112	interactive=1
113	;;
114	${CHANGE}|${DELOLD}|${DELETE}|${LIST})
115	set_command $opt
116	;;
117	*)
118	ILLEGAL=`gettext  "Illegal option: "`
119	cmd_error $ILLEGAL $opt
120	usage
121	exit 1
122	;;
123	esac
124done
125
126
127case $command in
128    $CHANGE)
129    change_key
130    ;;
131    $DELOLD)
132    delete_old_keys
133    ;;
134    $DELETE)
135    delete_keys
136    ;;
137    $LIST)
138    klist -k $keytab
139    ;;
140    *)
141        usage
142	;;
143    esac
144