kdb5_create.c revision 3441f6a1af86b9b2f883f3323bf02c9dd0f7a94d
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
*
* Openvision retains the copyright to derivative works of
* this source code. Do *NOT* create a derivative of this
* source code before consulting with your legal department.
* Do *NOT* integrate *ANY* of this source code into another
* product before consulting with your legal department.
*
* For further information, read the top-level Openvision
* copyright which is contained in the top-level MIT Kerberos
* copyright.
*
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
*
*/
/*
*
* Copyright 1990,1991 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
*
* Generate (from scratch) a Kerberos KDC database.
*/
/*
* Yes, I know this is a hack, but we need admin.h without including the
* a des.h header which causes other problems.
*/
#define _RPC_RPC_H
#include <stdio.h>
#define KDB5_DISPATCH
#define KRB5_KDB5_DBM__
#include <k5-int.h>
/* #define these to avoid an indirection function; for future implementations,
#define krb5_dbm_db_set_name krb5_db_set_name
#define krb5_dbm_db_init krb5_db_init
#define krb5_dbm_db_get_age krb5_db_get_age
#define krb5_dbm_db_create krb5_db_create
#define krb5_dbm_db_rename krb5_db_rename
#define krb5_dbm_db_lock krb5_db_lock
#define krb5_dbm_db_unlock krb5_db_unlock
#include <libintl.h>
#include "kdb5_util.h"
enum ap_op {
NULL_KEY, /* setup null keys */
MASTER_KEY, /* use master key as new key */
TGT_KEY /* special handling for tgt key */
};
struct realm_info {
} rblock = { /* XXX */
(krb5_keyblock *) NULL,
1,
};
struct iterate_args {
struct realm_info *rblock;
};
static krb5_error_code add_principal
enum ap_op,
struct realm_info *,
krb5_keyblock *);
/*
* Steps in creating a database:
*
*
* 2) get a realm name for the new db
*
* 3) get a master password for the new db; convert to an encryption key.
*
* 4) create various required entries in the database
*
* 5) close & exit
*/
extern krb5_principal master_princ;
krb5_data tgt_princ_entries[] = {
{0, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME},
{0, 0, 0} };
krb5_data db_creator_entries[] = {
{0, sizeof("db_creation")-1, "db_creation"} };
/* XXX knows about contents of krb5_principal, and that tgt names
0, /* magic number */
{0, 0, 0}, /* krb5_data realm */
tgt_princ_entries, /* krb5_data *data */
2, /* int length */
KRB5_NT_SRV_INST /* int type */
};
0, /* magic number */
{0, 0, 0}, /* krb5_data realm */
db_creator_entries, /* krb5_data *data */
1, /* int length */
KRB5_NT_SRV_INST /* int type */
};
extern char *mkey_password;
extern char *progname;
extern int exit_status;
extern osa_adb_policy_t policy_db;
extern kadm5_config_params global_params;
extern krb5_context util_context;
int argc;
char *argv[];
{
int optchar;
char *mkey_fullname;
char *pw_str = 0;
unsigned int pw_size = 0;
int do_stash = 0;
switch(optchar) {
case 's':
do_stash++;
break;
case 'h':
case '?':
default:
usage();
return;
}
}
/* it exists ! */
gettext("The database '%s' appears to already exist"),
exit_status++; return;
}
/* SUNW14resync XXX */
#if 0
printf ("Loading random data\n");
if (retval) {
exit_status++; return;
}
#endif
/* assemble & parse the master key name */
&mkey_fullname, &master_princ))) {
gettext("while setting up master key name"));
exit_status++; return;
}
"master key name '%s'\n"),
if (!mkey_password) {
"database Master Password.\n"));
pw_size = 1024;
gettext("Enter KDC database master key"),
gettext("Re-enter KDC database "
"master key to verify"),
if (retval) {
gettext("while reading master key from keyboard"));
exit_status++; return;
}
}
if (retval) {
gettext("while calculated master key salt"));
exit_status++;
goto cleanup;
}
if (retval) {
gettext("while transforming master key from password"));
exit_status++;
goto cleanup;
}
if (retval) {
exit_status++;
goto cleanup;
}
gettext("while initializing random key generator"));
exit_status++;
goto cleanup;
}
gettext("while creating database '%s'"),
exit_status++;
goto cleanup;
}
gettext("while closing current database"));
exit_status++;
goto cleanup;
}
gettext("while setting active database to '%s'"),
exit_status++;
goto cleanup;
}
gettext("while initializing the database '%s'"),
exit_status++;
goto cleanup;
}
gettext("while creating update log"));
exit_status++;
goto cleanup;
}
/*
* We're reinitializing the update log in case one already
* existed, but this should never happen.
*/
/*
* Since we're creating a new db we shouldn't worry about
* adding the initial principals since any slave might as well
* do full resyncs from this newly created db.
*/
}
(void) krb5_db_fini(util_context);
gettext("while adding entries to the database"));
exit_status++;
goto cleanup;
}
/*
* Always stash the master key so kadm5_create does not prompt for
* it; delete the file below if it was not requested. DO NOT EXIT
* BEFORE DELETING THE KEYFILE if do_stash is not set.
*/
&mkey);
if (retval) {
}
if (pw_str)
if (kadm5_create(&global_params)) {
exit_status++;
goto cleanup;
}
if (pw_str) {
if (mkey_password == pw_str)
}
if (master_salt.data)
(void) krb5_db_fini(util_context);
return;
}
static krb5_error_code
{
struct iterate_args *iargs;
kret = 0;
/*
* Convert the master key password into a key for this particular
* encryption system.
*/
if (kret)
return kret;
&key))) {
&key,
NULL,
1,
}
}
return(kret);
}
static krb5_error_code
struct realm_info *pblock;
{
struct iterate_args iargs;
int nentries = 1;
goto error_out;
goto error_out;
now, &db_create_princ)))
goto error_out;
switch (op) {
case MASTER_KEY:
== NULL)
goto error_out;
goto error_out;
break;
case TGT_KEY:
/*
*/
1,
(krb5_pointer) &iargs)))
return retval;
break;
case NULL_KEY:
return EOPNOTSUPP;
default:
break;
}
return retval;
}