2 * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed by Kungliga Tekniska
20 * Högskolan and its contributors.
22 * 4. Neither the name of the Institute nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39 #include "kadmin_locl.h"
40 #include <kadm5/private.h>
45 create_random_entry(krb5_principal princ
, time_t max_life
, time_t max_rlife
,
48 kadm5_principal_ent_rec ent
;
54 memset(&ent
, 0, sizeof(ent
));
55 ent
.principal
= princ
;
56 mask
|= KADM5_PRINCIPAL
;
57 ent
.max_life
= max_life
;
58 mask
|= KADM5_MAX_LIFE
;
59 ent
.max_renewable_life
= max_rlife
;
60 mask
|= KADM5_MAX_RLIFE
;
61 ent
.attributes
|= attributes
| KRB5_KDB_DISALLOW_ALL_TIX
;
62 mask
|= KADM5_ATTRIBUTES
;
64 ret
= kadm5_create_principal(kadm_handle
, &ent
, mask
, "hemlig");
67 ret
= kadm5_randkey_principal(kadm_handle
, princ
, &keys
, &n_keys
);
70 for(i
= 0; i
< n_keys
; i
++)
71 krb5_free_keyblock_contents(context
, &keys
[i
]);
73 ret
= kadm5_get_principal(kadm_handle
, princ
, &ent
,
74 KADM5_PRINCIPAL
| KADM5_ATTRIBUTES
);
77 ent
.attributes
&= (~KRB5_KDB_DISALLOW_ALL_TIX
);
79 ret
= kadm5_modify_principal(kadm_handle
, &ent
,
80 KADM5_ATTRIBUTES
|KADM5_KVNO
);
81 kadm5_free_principal_ent (kadm_handle
, &ent
);
87 static struct getargs args
[] = {
88 { "realm-max-ticket-life", 0, arg_string
, NULL
,
89 "realm max ticket lifetime" },
90 { "realm-max-renewable-life", 0, arg_string
, NULL
,
91 "realm max renewable lifetime" },
94 static int num_args
= sizeof(args
) / sizeof(args
[0]);
99 arg_printusage (args
, num_args
, "ank", "principal");
103 init(int argc
, char **argv
)
107 char *realm_max_life
;
108 char *realm_max_rlife
;
111 unsigned max_life
, max_rlife
;
113 args
[0].value
= &realm_max_life
;
114 args
[1].value
= &realm_max_rlife
;
116 if(getarg(args
, num_args
, argc
, argv
, &optind
)) {
121 if (realm_max_life
) {
122 if (str2deltat (realm_max_life
, &max_life
) != 0) {
123 krb5_warnx (context
, "unable to parse `%s'", realm_max_life
);
127 if (realm_max_rlife
) {
128 if (str2deltat (realm_max_rlife
, &max_rlife
) != 0) {
129 krb5_warnx (context
, "unable to parse `%s'", realm_max_rlife
);
134 db
= _kadm5_s_get_db(kadm_handle
);
136 ret
= db
->open(context
, db
, O_RDWR
| O_CREAT
, 0600);
138 krb5_warn(context
, ret
, "hdb_open");
141 db
->close(context
, db
);
142 for(i
= optind
; i
< argc
; i
++){
143 krb5_principal princ
;
145 /* Create `krbtgt/REALM' */
146 krb5_make_principal(context
, &princ
, argv
[i
], "krbtgt", argv
[i
], NULL
);
147 if (realm_max_life
== NULL
)
148 get_deltat("Realm max ticket life",
151 if (realm_max_rlife
== NULL
)
152 get_deltat("Realm max renewable ticket life",
155 create_random_entry(princ
, max_life
, max_rlife
, 0);
156 krb5_free_principal(context
, princ
);
157 /* Create `kadmin/changepw' */
158 krb5_make_principal(context
, &princ
, argv
[i
],
159 "kadmin", "changepw", NULL
);
160 create_random_entry(princ
, 5*60, 5*60,
161 KRB5_KDB_DISALLOW_TGT_BASED
|
162 KRB5_KDB_PWCHANGE_SERVICE
|
163 KRB5_KDB_DISALLOW_POSTDATED
|
164 KRB5_KDB_DISALLOW_FORWARDABLE
|
165 KRB5_KDB_DISALLOW_RENEWABLE
|
166 KRB5_KDB_DISALLOW_PROXIABLE
|
167 KRB5_KDB_REQUIRES_PRE_AUTH
);
168 krb5_free_principal(context
, princ
);
169 /* Create `kadmin/admin' */
170 krb5_make_principal(context
, &princ
, argv
[i
],
171 "kadmin", "admin", NULL
);
172 create_random_entry(princ
, 60*60, 60*60, KRB5_KDB_REQUIRES_PRE_AUTH
);
173 krb5_free_principal(context
, princ
);
174 /* Create `default' */
176 kadm5_principal_ent_rec ent
;
179 memset (&ent
, 0, sizeof(ent
));
180 mask
|= KADM5_PRINCIPAL
;
181 krb5_make_principal(context
, &ent
.principal
, argv
[i
],
183 mask
|= KADM5_MAX_LIFE
;
184 ent
.max_life
= 24 * 60 * 60;
185 mask
|= KADM5_MAX_RLIFE
;
186 ent
.max_renewable_life
= 7 * ent
.max_life
;
187 ent
.attributes
= KRB5_KDB_DISALLOW_ALL_TIX
;
188 mask
|= KADM5_ATTRIBUTES
;
190 ret
= kadm5_create_principal(kadm_handle
, &ent
, mask
, "");
192 krb5_err (context
, 1, ret
, "kadm5_create_principal");
194 krb5_free_principal(context
, ent
.principal
);