| blob | 64381029f0fdd7f6f325942ce97eb471fe316754 |
1 /*
2 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
3 * Use is subject to license terms.
4 */
6 /*
7 * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
8 *
9 * $Id: kadm5_create.c,v 1.6 1998/10/30 02:52:37 marc Exp $
10 * $Source: /cvs/krbdev/krb5/src/kadmin/dbutil/kadm5_create.c,v $
11 */
13 /*
14 * Copyright (C) 1998 by the FundsXpress, INC.
15 *
16 * All rights reserved.
17 *
18 * Export of this software from the United States of America may require
19 * a specific license from the United States Government. It is the
20 * responsibility of any person or organization contemplating export to
21 * obtain such a license before exporting.
22 *
23 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
24 * distribute this software and its documentation for any purpose and
25 * without fee is hereby granted, provided that the above copyright
26 * notice appear in all copies and that both that copyright notice and
27 * this permission notice appear in supporting documentation, and that
28 * the name of FundsXpress. not be used in advertising or publicity pertaining
29 * to distribution of the software without specific, written prior
30 * permission. FundsXpress makes no representations about the suitability of
31 * this software for any purpose. It is provided "as is" without express
32 * or implied warranty.
33 *
34 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
35 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
36 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
37 */
41 #include <stdio.h>
42 #include <stdlib.h>
43 #include <string.h>
44 #include <k5-int.h>
45 #include <kdb.h>
46 #include <kadm5/admin.h>
47 #include <krb5/adm_proto.h>
49 #include <krb5.h>
50 #include <krb5/kdb.h>
52 #include <libintl.h>
54 int
57 int
60 static int
66 #define ERR 1
67 #define OK 0
74 /*
75 * Function: kadm5_create
76 *
77 * Purpose: create admin principals in KDC database
78 *
79 * Arguments: params (r) configuration parameters to use
80 *
81 * Effects: Creates KADM5_ADMIN_SERVICE and KADM5_CHANGEPW_SERVICE
82 * principals in the KDC database and sets their attributes
83 * appropriately.
84 */
86 {
88 krb5_context context;
90 kadm5_config_params lparams;
97 /*
98 * The lock file has to exist before calling kadm5_init, but
99 * params->admin_lockfile may not be set yet...
100 */
105 }
113 }
116 krb5_context context)
117 {
125 KADM5_STRUCT_VERSION,
126 KADM5_API_VERSION_2,
127 db5util_db_args,
131 }
140 }
142 /*
143 * Function: build_name_with_realm
144 *
145 * Purpose: concatenate a name and a realm to form a krb5 name
146 *
147 * Arguments:
148 *
149 * name (input) the name
150 * realm (input) the realm
151 *
152 * Returns:
153 *
154 * pointer to name@realm, in allocated memory, or NULL if it
155 * cannot be allocated
156 *
157 * Requires: both strings are null-terminated
158 */
160 {
166 }
168 /*
169 * Function: add_admin_princs
170 *
171 * Purpose: create admin principals
172 *
173 * Arguments:
174 *
175 * rseed (input) random seed
176 * realm (input) realm, or NULL for default realm
177 * <return value> (output) status, 0 for success, 1 for serious error
178 *
179 * Requires:
180 *
181 * Effects:
182 *
183 * add_admin_princs creates KADM5_ADMIN_SERVICE,
184 * KADM5_CHANGEPW_SERVICE. If any of these exist a message is
185 * printed. If any of these existing principal do not have the proper
186 * attributes, a warning message is printed.
187 */
189 {
192 /*
193 * Solaris Kerberos:
194 * The kadmin/admin principal is unused on Solaris. This principal is used
195 * in AUTH_GSSAPI but Solaris doesn't support AUTH_GSSAPI. RPCSEC_GSS can only
196 * be used with host-based principals.
197 *
198 */
200 #if 0
203 KRB5_KDB_DISALLOW_TGT_BASED,
204 ADMIN_LIFETIME)))
206 #endif
210 KRB5_KDB_DISALLOW_TGT_BASED |
211 KRB5_KDB_PWCHANGE_SERVICE,
212 CHANGEPW_LIFETIME)))
216 KADM5_ADMIN_HOST_SERVICE,
217 KRB5_KDB_DISALLOW_TGT_BASED,
218 ADMIN_LIFETIME)))
222 KADM5_CHANGEPW_HOST_SERVICE,
223 KRB5_KDB_DISALLOW_TGT_BASED |
224 KRB5_KDB_PWCHANGE_SERVICE,
225 ADMIN_LIFETIME)))
229 KADM5_KIPROP_HOST_SERVICE,
230 KRB5_KDB_DISALLOW_TGT_BASED,
231 ADMIN_LIFETIME)))
234 clean_and_exit:
237 }
239 /*
240 * Function: add_admin_princ
241 *
242 * Arguments:
243 *
244 * creator (r) principal to use as "mod_by"
245 * rseed (r) seed for random key generator
246 * principal (r) kerberos principal to add
247 * attrs (r) principal's attributes
248 * lifetime (r) principal's max life, or 0
249 * not_unique (r) error message for multiple entries, never used
250 * exists (r) warning message for principal exists
251 * wrong_attrs (r) warning message for wrong attributes
252 *
253 * Returns:
254 *
255 * OK on success
256 * ERR on serious errors
257 *
258 * Effects:
259 *
260 * If the principal is not unique, not_unique is printed (but this
261 * never happens). If the principal exists, then exists is printed
262 * and if the principals attributes != attrs, wrong_attrs is printed.
263 * Otherwise, the principal is created with mod_by creator and
264 * attributes attrs and max life of lifetime (if not zero).
265 */
269 {
271 krb5_error_code ret;
272 kadm5_principal_ent_rec ent;
285 KADM5_ATTRIBUTES),
294 }
296 /* only randomize key if we created the principal */
298 /*
299 * Solaris Kerberos:
300 * Create kadmind principals with keys for all supported encryption types.
301 * Follows a similar pattern to add_principal() in keytab.c.
302 */
306 krb5_int32 normalsalttype;
315 }
317 /* Count the number of enc types */
319 num_ks++;
329 }
340 }
342 /* Only create keys with "normal" salttype */
346 }
360 }
370 }
371 }
377 }
379 int
382 {
384 krb5_error_code ret;
385 krb5_principal principal;
391 }
394 }
396 int
399 {
400 krb5_error_code ret;
401 krb5_principal principal;
409 }
411 }