2 * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed by Kungliga Tekniska
20 * Högskolan and its contributors.
22 * 4. Neither the name of the Institute nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39 #include "kadmin_locl.h"
43 static struct getargs args
[] = {
44 { "random-key", 'r', arg_flag
, NULL
, "set random key" },
45 { "password", 'p', arg_string
, NULL
, "princial's password" },
46 { "max-ticket-life", 0, arg_string
, NULL
, "max ticket lifetime" },
47 { "max-renewable-life", 0, arg_string
, NULL
,
48 "max renewable lifetime" },
49 { "attributes", 0, arg_string
, NULL
, "attributes" }
52 static int num_args
= sizeof(args
) / sizeof(args
[0]);
57 arg_printusage (args
, num_args
, "ank", "principal");
61 add_new_key(int argc
, char **argv
)
63 kadm5_principal_ent_rec princ
;
65 char *password
= NULL
;
70 krb5_principal princ_ent
= NULL
;
71 char *max_ticket_life
= NULL
;
72 char *max_renewable_life
= NULL
;
73 char *attributes
= NULL
;
75 args
[0].value
= &rkey
;
76 args
[1].value
= &password
;
77 args
[2].value
= &max_ticket_life
;
78 args
[3].value
= &max_renewable_life
;
79 args
[4].value
= &attributes
;
81 if(getarg(args
, num_args
, argc
, argv
, &optind
))
85 memset(&princ
, 0, sizeof(princ
));
86 ret
= krb5_parse_name(context
, argv
[optind
], &princ_ent
);
88 krb5_warn(context
, ret
, "krb5_parse_name");
91 princ
.principal
= princ_ent
;
92 mask
|= KADM5_PRINCIPAL
;
93 if (set_entry(context
, &princ
, &mask
,
94 max_ticket_life
, max_renewable_life
, attributes
)) {
97 edit_entry(&princ
, &mask
);
99 princ
.attributes
|= KRB5_KDB_DISALLOW_ALL_TIX
;
100 mask
|= KADM5_ATTRIBUTES
;
103 if(password
== NULL
){
107 krb5_unparse_name(context
, princ_ent
, &princ_name
);
108 asprintf (&prompt
, "%s's Password: ", princ_name
);
110 ret
= des_read_pw_string (pwbuf
, sizeof(pwbuf
), prompt
, 1);
117 ret
= kadm5_create_principal(kadm_handle
, &princ
, mask
, password
);
119 krb5_warn(context
, ret
, "kadm5_create_principal");
121 krb5_keyblock
*new_keys
;
123 ret
= kadm5_randkey_principal(kadm_handle
, princ_ent
,
126 krb5_warn(context
, ret
, "kadm5_randkey_principal");
129 for(i
= 0; i
< n_keys
; i
++)
130 krb5_free_keyblock_contents(context
, &new_keys
[i
]);
132 kadm5_get_principal(kadm_handle
, princ_ent
, &princ
,
133 KADM5_PRINCIPAL
| KADM5_KVNO
| KADM5_ATTRIBUTES
);
134 princ
.attributes
&= (~KRB5_KDB_DISALLOW_ALL_TIX
);
136 kadm5_modify_principal(kadm_handle
, &princ
,
137 KADM5_ATTRIBUTES
| KADM5_KVNO
);
138 kadm5_free_principal_ent(kadm_handle
, &princ
);
142 krb5_free_principal(context
, princ_ent
);
143 if(!rkey
&& password
)
144 memset(password
, 0, strlen(password
));