search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MFC r1.6 r1.15 (HEAD)
[dragonfly.git] / crypto / heimdal-0.6.3 / kadmin / init.c
blob587458b17f738a50bb0afb737c4f89932c99da07
1 /*
2 * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kadmin_locl.h"
35 #include <kadm5/private.h>
36
37 RCSID("$Id: init.c,v 1.29 2002/12/03 14:08:17 joda Exp $");
38
39 static kadm5_ret_t
40 create_random_entry(krb5_principal princ,
41 unsigned max_life,
42 unsigned max_rlife,
43 u_int32_t attributes)
44 {
45 kadm5_principal_ent_rec ent;
46 kadm5_ret_t ret;
47 int mask = 0;
48 krb5_keyblock *keys;
49 int n_keys, i;
50
51 memset(&ent, 0, sizeof(ent));
52 ent.principal = princ;
53 mask |= KADM5_PRINCIPAL;
54 if (max_life) {
55 ent.max_life = max_life;
56 mask |= KADM5_MAX_LIFE;
57 }
58 if (max_rlife) {
59 ent.max_renewable_life = max_rlife;
60 mask |= KADM5_MAX_RLIFE;
61 }
62 ent.attributes |= attributes | KRB5_KDB_DISALLOW_ALL_TIX;
63 mask |= KADM5_ATTRIBUTES;
64
65 ret = kadm5_create_principal(kadm_handle, &ent, mask, "hemlig");
66 if(ret)
67 return ret;
68 ret = kadm5_randkey_principal(kadm_handle, princ, &keys, &n_keys);
69 if(ret)
70 return ret;
71 for(i = 0; i < n_keys; i++)
72 krb5_free_keyblock_contents(context, &keys[i]);
73 free(keys);
74 ret = kadm5_get_principal(kadm_handle, princ, &ent,
75 KADM5_PRINCIPAL | KADM5_ATTRIBUTES);
76 if(ret)
77 return ret;
78 ent.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
79 ent.kvno = 1;
80 ret = kadm5_modify_principal(kadm_handle, &ent,
81 KADM5_ATTRIBUTES|KADM5_KVNO);
82 kadm5_free_principal_ent (kadm_handle, &ent);
83 if(ret)
84 return ret;
85 return 0;
86 }
87
88 static struct getargs args[] = {
89 { "realm-max-ticket-life", 0, arg_string, NULL,
90 "realm max ticket lifetime" },
91 { "realm-max-renewable-life", 0, arg_string, NULL,
92 "realm max renewable lifetime" },
93 { "help", 'h', arg_flag, NULL },
94 };
95
96 static int num_args = sizeof(args) / sizeof(args[0]);
97
98 static void
99 usage(void)
100 {
101 arg_printusage (args, num_args, "init", "realm...");
102 }
103
104 int
105 init(int argc, char **argv)
106 {
107 kadm5_ret_t ret;
108 int i;
109 char *realm_max_life = NULL;
110 char *realm_max_rlife = NULL;
111 int help_flag = 0;
112 HDB *db;
113 int optind = 0;
114 krb5_deltat max_life, max_rlife;
115
116 args[0].value = &realm_max_life;
117 args[1].value = &realm_max_rlife;
118 args[2].value = &help_flag;
119
120 if(getarg(args, num_args, argc, argv, &optind) || help_flag) {
121 usage();
122 return 0;
123 }
124
125 if(argc - optind < 1) {
126 usage();
127 return 0;
128 }
129
130 if (realm_max_life) {
131 if (str2deltat (realm_max_life, &max_life) != 0) {
132 krb5_warnx (context, "unable to parse `%s'", realm_max_life);
133 return 0;
134 }
135 }
136 if (realm_max_rlife) {
137 if (str2deltat (realm_max_rlife, &max_rlife) != 0) {
138 krb5_warnx (context, "unable to parse `%s'", realm_max_rlife);
139 return 0;
140 }
141 }
142
143 db = _kadm5_s_get_db(kadm_handle);
144
145 ret = db->open(context, db, O_RDWR | O_CREAT, 0600);
146 if(ret){
147 krb5_warn(context, ret, "hdb_open");
148 return 0;
149 }
150 db->close(context, db);
151 for(i = optind; i < argc; i++){
152 krb5_principal princ;
153 const char *realm = argv[i];
154
155 /* Create `krbtgt/REALM' */
156 ret = krb5_make_principal(context, &princ, realm,
157 KRB5_TGS_NAME, realm, NULL);
158 if(ret)
159 return 0;
160 if (realm_max_life == NULL) {
161 max_life = 0;
162 if(edit_deltat ("Realm max ticket life", &max_life, NULL, 0)) {
163 krb5_free_principal(context, princ);
164 return 0;
165 }
166 }
167 if (realm_max_rlife == NULL) {
168 max_rlife = 0;
169 if(edit_deltat("Realm max renewable ticket life", &max_rlife,
170 NULL, 0)) {
171 krb5_free_principal(context, princ);
172 return 0;
173 }
174 }
175 create_random_entry(princ, max_life, max_rlife, 0);
176 krb5_free_principal(context, princ);
177
178 /* Create `kadmin/changepw' */
179 krb5_make_principal(context, &princ, realm,
180 "kadmin", "changepw", NULL);
181 create_random_entry(princ, 5*60, 5*60,
182 KRB5_KDB_DISALLOW_TGT_BASED|
183 KRB5_KDB_PWCHANGE_SERVICE|
184 KRB5_KDB_DISALLOW_POSTDATED|
185 KRB5_KDB_DISALLOW_FORWARDABLE|
186 KRB5_KDB_DISALLOW_RENEWABLE|
187 KRB5_KDB_DISALLOW_PROXIABLE|
188 KRB5_KDB_REQUIRES_PRE_AUTH);
189 krb5_free_principal(context, princ);
190
191 /* Create `kadmin/admin' */
192 krb5_make_principal(context, &princ, realm,
193 "kadmin", "admin", NULL);
194 create_random_entry(princ, 60*60, 60*60, KRB5_KDB_REQUIRES_PRE_AUTH);
195 krb5_free_principal(context, princ);
196
197 /* Create `changepw/kerberos' (for v4 compat) */
198 krb5_make_principal(context, &princ, realm,
199 "changepw", "kerberos", NULL);
200 create_random_entry(princ, 60*60, 60*60,
201 KRB5_KDB_DISALLOW_TGT_BASED|
202 KRB5_KDB_PWCHANGE_SERVICE);
203
204 krb5_free_principal(context, princ);
205
206 /* Create `kadmin/hprop' for database propagation */
207 krb5_make_principal(context, &princ, realm,
208 "kadmin", "hprop", NULL);
209 create_random_entry(princ, 60*60, 60*60,
210 KRB5_KDB_REQUIRES_PRE_AUTH|
211 KRB5_KDB_DISALLOW_TGT_BASED);
212 krb5_free_principal(context, princ);
213
214 /* Create `default' */
215 {
216 kadm5_principal_ent_rec ent;
217 int mask = 0;
218
219 memset (&ent, 0, sizeof(ent));
220 mask |= KADM5_PRINCIPAL;
221 krb5_make_principal(context, &ent.principal, realm,
222 "default", NULL);
223 mask |= KADM5_MAX_LIFE;
224 ent.max_life = 24 * 60 * 60;
225 mask |= KADM5_MAX_RLIFE;
226 ent.max_renewable_life = 7 * ent.max_life;
227 ent.attributes = KRB5_KDB_DISALLOW_ALL_TIX;
228 mask |= KADM5_ATTRIBUTES;
229
230 ret = kadm5_create_principal(kadm_handle, &ent, mask, "");
231 if (ret)
232 krb5_err (context, 1, ret, "kadm5_create_principal");
233
234 krb5_free_principal(context, ent.principal);
235 }
236 }
237 return 0;
238 }
DragonFly BSD