2 * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "kadmin_locl.h"
35 #include "kadmin-commands.h"
40 * fetch the default principal corresponding to `princ'
43 static krb5_error_code
44 get_default (kadm5_server_context
*context
,
46 kadm5_principal_ent_t default_ent
)
49 krb5_principal def_principal
;
50 krb5_realm
*realm
= krb5_princ_realm(context
->context
, princ
);
52 ret
= krb5_make_principal (context
->context
, &def_principal
,
53 *realm
, "default", NULL
);
56 ret
= kadm5_get_principal (context
, def_principal
, default_ent
,
57 KADM5_PRINCIPAL_NORMAL_MASK
);
58 krb5_free_principal (context
->context
, def_principal
);
63 * Add the principal `name' to the database.
64 * Prompt for all data not given by the input parameters.
67 static krb5_error_code
68 add_one_principal (const char *name
,
73 krb5_key_data
*key_data
,
74 const char *max_ticket_life
,
75 const char *max_renewable_life
,
76 const char *attributes
,
77 const char *expiration
,
78 const char *pw_expiration
)
81 kadm5_principal_ent_rec princ
, defrec
;
82 kadm5_principal_ent_rec
*default_ent
= NULL
;
83 krb5_principal princ_ent
= NULL
;
88 memset(&princ
, 0, sizeof(princ
));
89 ret
= krb5_parse_name(context
, name
, &princ_ent
);
91 krb5_warn(context
, ret
, "krb5_parse_name");
94 princ
.principal
= princ_ent
;
95 mask
|= KADM5_PRINCIPAL
;
97 ret
= set_entry(context
, &princ
, &mask
,
98 max_ticket_life
, max_renewable_life
,
99 expiration
, pw_expiration
, attributes
);
103 default_ent
= &defrec
;
104 ret
= get_default (kadm_handle
, princ_ent
, default_ent
);
109 default_mask
= KADM5_ATTRIBUTES
| KADM5_MAX_LIFE
| KADM5_MAX_RLIFE
|
110 KADM5_PRINC_EXPIRE_TIME
| KADM5_PW_EXPIRATION
;
114 set_defaults(&princ
, &mask
, default_ent
, default_mask
);
116 if(edit_entry(&princ
, &mask
, default_ent
, default_mask
))
118 if(rand_key
|| key_data
) {
119 princ
.attributes
|= KRB5_KDB_DISALLOW_ALL_TIX
;
120 mask
|= KADM5_ATTRIBUTES
;
121 random_password (pwbuf
, sizeof(pwbuf
));
123 } else if (rand_password
) {
124 random_password (pwbuf
, sizeof(pwbuf
));
126 } else if(password
== NULL
) {
130 krb5_unparse_name(context
, princ_ent
, &princ_name
);
131 asprintf (&prompt
, "%s's Password: ", princ_name
);
133 ret
= UI_UTIL_read_pw_string (pwbuf
, sizeof(pwbuf
), prompt
, 1);
136 krb5_set_error_string(context
, "failed to verify password");
137 ret
= KRB5_LIBOS_BADPWDMATCH
;
143 ret
= kadm5_create_principal(kadm_handle
, &princ
, mask
, password
);
145 krb5_warn(context
, ret
, "kadm5_create_principal");
149 krb5_keyblock
*new_keys
;
151 ret
= kadm5_randkey_principal(kadm_handle
, princ_ent
,
154 krb5_warn(context
, ret
, "kadm5_randkey_principal");
157 for(i
= 0; i
< n_keys
; i
++)
158 krb5_free_keyblock_contents(context
, &new_keys
[i
]);
161 kadm5_get_principal(kadm_handle
, princ_ent
, &princ
,
162 KADM5_PRINCIPAL
| KADM5_KVNO
| KADM5_ATTRIBUTES
);
163 princ
.attributes
&= (~KRB5_KDB_DISALLOW_ALL_TIX
);
165 kadm5_modify_principal(kadm_handle
, &princ
,
166 KADM5_ATTRIBUTES
| KADM5_KVNO
);
167 kadm5_free_principal_ent(kadm_handle
, &princ
);
168 } else if (key_data
) {
169 ret
= kadm5_chpass_principal_with_key (kadm_handle
, princ_ent
,
172 krb5_warn(context
, ret
, "kadm5_chpass_principal_with_key");
174 kadm5_get_principal(kadm_handle
, princ_ent
, &princ
,
175 KADM5_PRINCIPAL
| KADM5_ATTRIBUTES
);
176 princ
.attributes
&= (~KRB5_KDB_DISALLOW_ALL_TIX
);
177 kadm5_modify_principal(kadm_handle
, &princ
, KADM5_ATTRIBUTES
);
178 kadm5_free_principal_ent(kadm_handle
, &princ
);
179 } else if (rand_password
) {
182 krb5_unparse_name(context
, princ_ent
, &princ_name
);
183 printf ("added %s with password \"%s\"\n", princ_name
, password
);
188 krb5_free_principal (context
, princ_ent
);
190 kadm5_free_principal_ent (kadm_handle
, default_ent
);
191 if (password
!= NULL
)
192 memset (password
, 0, strlen(password
));
197 * parse the string `key_string' into `key', returning 0 iff succesful.
205 * Parse arguments and add all the principals.
209 add_new_key(struct add_options
*opt
, int argc
, char **argv
)
214 krb5_key_data key_data
[3];
215 krb5_key_data
*kdp
= NULL
;
218 if (opt
->random_key_flag
)
220 if (opt
->random_password_flag
)
222 if (opt
->password_string
)
228 fprintf (stderr
, "give only one of "
229 "--random-key, --random-password, --password, --key\n");
233 if (opt
->key_string
) {
236 if (parse_des_key (opt
->key_string
, key_data
, &error
)) {
237 fprintf (stderr
, "failed parsing key \"%s\": %s\n",
238 opt
->key_string
, error
);
244 for(i
= 0; i
< argc
; i
++) {
245 ret
= add_one_principal (argv
[i
],
246 opt
->random_key_flag
,
247 opt
->random_password_flag
,
248 opt
->use_defaults_flag
,
249 opt
->password_string
,
251 opt
->max_ticket_life_string
,
252 opt
->max_renewable_life_string
,
253 opt
->attributes_string
,
254 opt
->expiration_time_string
,
255 opt
->pw_expiration_time_string
);
257 krb5_warn (context
, ret
, "adding %s", argv
[i
]);
263 kadm5_free_key_data (kadm_handle
, &dummy
, key_data
);