2 * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "kadmin_locl.h"
36 RCSID("$Id: ank.c,v 1.25 2002/12/03 14:11:24 joda Exp $");
39 * fetch the default principal corresponding to `princ'
42 static krb5_error_code
43 get_default (kadm5_server_context
*context
,
45 kadm5_principal_ent_t default_ent
)
48 krb5_principal def_principal
;
49 krb5_realm
*realm
= krb5_princ_realm(context
->context
, princ
);
51 ret
= krb5_make_principal (context
->context
, &def_principal
,
52 *realm
, "default", NULL
);
55 ret
= kadm5_get_principal (context
, def_principal
, default_ent
,
56 KADM5_PRINCIPAL_NORMAL_MASK
);
57 krb5_free_principal (context
->context
, def_principal
);
62 * Add the principal `name' to the database.
63 * Prompt for all data not given by the input parameters.
66 static krb5_error_code
67 add_one_principal (const char *name
,
72 krb5_key_data
*key_data
,
73 const char *max_ticket_life
,
74 const char *max_renewable_life
,
75 const char *attributes
,
76 const char *expiration
,
77 const char *pw_expiration
)
80 kadm5_principal_ent_rec princ
, defrec
;
81 kadm5_principal_ent_rec
*default_ent
= NULL
;
82 krb5_principal princ_ent
= NULL
;
87 memset(&princ
, 0, sizeof(princ
));
88 ret
= krb5_parse_name(context
, name
, &princ_ent
);
90 krb5_warn(context
, ret
, "krb5_parse_name");
93 princ
.principal
= princ_ent
;
94 mask
|= KADM5_PRINCIPAL
;
96 ret
= set_entry(context
, &princ
, &mask
,
97 max_ticket_life
, max_renewable_life
,
98 expiration
, pw_expiration
, attributes
);
102 default_ent
= &defrec
;
103 ret
= get_default (kadm_handle
, princ_ent
, default_ent
);
108 default_mask
= KADM5_ATTRIBUTES
| KADM5_MAX_LIFE
| KADM5_MAX_RLIFE
|
109 KADM5_PRINC_EXPIRE_TIME
| KADM5_PW_EXPIRATION
;
113 set_defaults(&princ
, &mask
, default_ent
, default_mask
);
115 if(edit_entry(&princ
, &mask
, default_ent
, default_mask
))
117 if(rand_key
|| key_data
) {
118 princ
.attributes
|= KRB5_KDB_DISALLOW_ALL_TIX
;
119 mask
|= KADM5_ATTRIBUTES
;
120 strlcpy (pwbuf
, "hemlig", sizeof(pwbuf
));
122 } else if (rand_password
) {
123 random_password (pwbuf
, sizeof(pwbuf
));
125 } else if(password
== NULL
) {
129 krb5_unparse_name(context
, princ_ent
, &princ_name
);
130 asprintf (&prompt
, "%s's Password: ", princ_name
);
132 ret
= des_read_pw_string (pwbuf
, sizeof(pwbuf
), prompt
, 1);
139 ret
= kadm5_create_principal(kadm_handle
, &princ
, mask
, password
);
141 krb5_warn(context
, ret
, "kadm5_create_principal");
145 krb5_keyblock
*new_keys
;
147 ret
= kadm5_randkey_principal(kadm_handle
, princ_ent
,
150 krb5_warn(context
, ret
, "kadm5_randkey_principal");
153 for(i
= 0; i
< n_keys
; i
++)
154 krb5_free_keyblock_contents(context
, &new_keys
[i
]);
157 kadm5_get_principal(kadm_handle
, princ_ent
, &princ
,
158 KADM5_PRINCIPAL
| KADM5_KVNO
| KADM5_ATTRIBUTES
);
159 princ
.attributes
&= (~KRB5_KDB_DISALLOW_ALL_TIX
);
161 kadm5_modify_principal(kadm_handle
, &princ
,
162 KADM5_ATTRIBUTES
| KADM5_KVNO
);
163 kadm5_free_principal_ent(kadm_handle
, &princ
);
164 } else if (key_data
) {
165 ret
= kadm5_chpass_principal_with_key (kadm_handle
, princ_ent
,
168 krb5_warn(context
, ret
, "kadm5_chpass_principal_with_key");
170 kadm5_get_principal(kadm_handle
, princ_ent
, &princ
,
171 KADM5_PRINCIPAL
| KADM5_ATTRIBUTES
);
172 princ
.attributes
&= (~KRB5_KDB_DISALLOW_ALL_TIX
);
173 kadm5_modify_principal(kadm_handle
, &princ
, KADM5_ATTRIBUTES
);
174 kadm5_free_principal_ent(kadm_handle
, &princ
);
175 } else if (rand_password
) {
178 krb5_unparse_name(context
, princ_ent
, &princ_name
);
179 printf ("added %s with password `%s'\n", princ_name
, password
);
184 krb5_free_principal (context
, princ_ent
);
186 kadm5_free_principal_ent (context
, default_ent
);
187 if (password
!= NULL
)
188 memset (password
, 0, strlen(password
));
193 * parse the string `key_string' into `key', returning 0 iff succesful.
200 static struct getargs args
[] = {
201 { "random-key", 'r', arg_flag
, NULL
, "set random key" },
202 { "random-password", 0, arg_flag
, NULL
, "set random password" },
203 { "password", 'p', arg_string
, NULL
, "princial's password" },
204 { "key", 0, arg_string
, NULL
, "DES-key in hex" },
205 { "max-ticket-life", 0, arg_string
, NULL
, "max ticket lifetime",
207 { "max-renewable-life", 0, arg_string
, NULL
,
208 "max renewable lifetime", "lifetime" },
209 { "attributes", 0, arg_string
, NULL
, "principal attributes",
211 { "expiration-time",0, arg_string
, NULL
, "expiration time",
213 { "pw-expiration-time", 0, arg_string
, NULL
,
214 "password expiration time", "time"},
215 { "use-defaults", 0, arg_flag
, NULL
, "use default values" }
218 static int num_args
= sizeof(args
) / sizeof(args
[0]);
223 arg_printusage (args
, num_args
, "add", "principal...");
227 * Parse arguments and add all the principals.
231 add_new_key(int argc
, char **argv
)
233 char *password
= NULL
;
236 int random_password
= 0;
239 char *max_ticket_life
= NULL
;
240 char *max_renewable_life
= NULL
;
241 char *attributes
= NULL
;
242 char *expiration
= NULL
;
243 char *pw_expiration
= NULL
;
244 int use_defaults
= 0;
247 krb5_key_data key_data
[3];
248 krb5_key_data
*kdp
= NULL
;
250 args
[0].value
= &random_key
;
251 args
[1].value
= &random_password
;
252 args
[2].value
= &password
;
253 args
[3].value
= &key
;
254 args
[4].value
= &max_ticket_life
;
255 args
[5].value
= &max_renewable_life
;
256 args
[6].value
= &attributes
;
257 args
[7].value
= &expiration
;
258 args
[8].value
= &pw_expiration
;
259 args
[9].value
= &use_defaults
;
261 if(getarg(args
, num_args
, argc
, argv
, &optind
)) {
281 printf ("give only one of "
282 "--random-key, --random-password, --password, --key\n");
289 if (parse_des_key (key
, key_data
, &error
)) {
290 printf ("failed parsing key `%s': %s\n", key
, error
);
296 for (i
= optind
; i
< argc
; ++i
) {
297 ret
= add_one_principal (argv
[i
], random_key
, random_password
,
307 krb5_warn (context
, ret
, "adding %s", argv
[i
]);
313 kadm5_free_key_data (kadm_handle
, &dummy
, key_data
);