2 * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "kadmin_locl.h"
35 #include <kadm5/private.h>
37 RCSID("$Id: init.c,v 1.27 2000/09/10 19:20:16 joda Exp $");
40 create_random_entry(krb5_principal princ,
45 kadm5_principal_ent_rec ent;
51 memset(&ent, 0, sizeof(ent));
52 ent.principal = princ;
53 mask |= KADM5_PRINCIPAL;
55 ent.max_life = max_life;
56 mask |= KADM5_MAX_LIFE;
59 ent.max_renewable_life = max_rlife;
60 mask |= KADM5_MAX_RLIFE;
62 ent.attributes |= attributes | KRB5_KDB_DISALLOW_ALL_TIX;
63 mask |= KADM5_ATTRIBUTES;
65 ret = kadm5_create_principal(kadm_handle, &ent, mask, "hemlig");
68 ret = kadm5_randkey_principal(kadm_handle, princ, &keys, &n_keys);
71 for(i = 0; i < n_keys; i++)
72 krb5_free_keyblock_contents(context, &keys[i]);
74 ret = kadm5_get_principal(kadm_handle, princ, &ent,
75 KADM5_PRINCIPAL | KADM5_ATTRIBUTES);
78 ent.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
80 ret = kadm5_modify_principal(kadm_handle, &ent,
81 KADM5_ATTRIBUTES|KADM5_KVNO);
82 kadm5_free_principal_ent (kadm_handle, &ent);
88 static struct getargs args[] = {
89 { "realm-max-ticket-life", 0, arg_string, NULL,
90 "realm max ticket lifetime" },
91 { "realm-max-renewable-life", 0, arg_string, NULL,
92 "realm max renewable lifetime" },
95 static int num_args = sizeof(args) / sizeof(args[0]);
100 arg_printusage (args, num_args, "init", "realm...");
104 init(int argc, char **argv)
108 char *realm_max_life = NULL;
109 char *realm_max_rlife = NULL;
112 krb5_deltat max_life, max_rlife;
114 args[0].value = &realm_max_life;
115 args[1].value = &realm_max_rlife;
117 if(getarg(args, num_args, argc, argv, &optind)) {
122 if(argc - optind < 1) {
127 if (realm_max_life) {
128 if (str2deltat (realm_max_life, &max_life) != 0) {
129 krb5_warnx (context, "unable to parse `%s'", realm_max_life);
133 if (realm_max_rlife) {
134 if (str2deltat (realm_max_rlife, &max_rlife) != 0) {
135 krb5_warnx (context, "unable to parse `%s'", realm_max_rlife);
140 db = _kadm5_s_get_db(kadm_handle);
142 ret = db->open(context, db, O_RDWR | O_CREAT, 0600);
144 krb5_warn(context, ret, "hdb_open");
147 db->close(context, db);
148 for(i = optind; i < argc; i++){
149 krb5_principal princ;
150 const char *realm = argv[i];
152 /* Create `krbtgt/REALM' */
153 krb5_make_principal(context, &princ, realm,
154 KRB5_TGS_NAME, realm, NULL);
155 if (realm_max_life == NULL) {
157 edit_deltat ("Realm max ticket life", &max_life, NULL, 0);
159 if (realm_max_rlife == NULL) {
161 edit_deltat("Realm max renewable ticket life", &max_rlife,
164 create_random_entry(princ, max_life, max_rlife, 0);
165 krb5_free_principal(context, princ);
167 /* Create `kadmin/changepw' */
168 krb5_make_principal(context, &princ, realm,
169 "kadmin", "changepw", NULL);
170 create_random_entry(princ, 5*60, 5*60,
171 KRB5_KDB_DISALLOW_TGT_BASED|
172 KRB5_KDB_PWCHANGE_SERVICE|
173 KRB5_KDB_DISALLOW_POSTDATED|
174 KRB5_KDB_DISALLOW_FORWARDABLE|
175 KRB5_KDB_DISALLOW_RENEWABLE|
176 KRB5_KDB_DISALLOW_PROXIABLE|
177 KRB5_KDB_REQUIRES_PRE_AUTH);
178 krb5_free_principal(context, princ);
180 /* Create `kadmin/admin' */
181 krb5_make_principal(context, &princ, realm,
182 "kadmin", "admin", NULL);
183 create_random_entry(princ, 60*60, 60*60, KRB5_KDB_REQUIRES_PRE_AUTH);
184 krb5_free_principal(context, princ);
186 /* Create `changepw/kerberos' (for v4 compat) */
187 krb5_make_principal(context, &princ, realm,
188 "changepw", "kerberos", NULL);
189 create_random_entry(princ, 60*60, 60*60,
190 KRB5_KDB_DISALLOW_TGT_BASED|
191 KRB5_KDB_PWCHANGE_SERVICE);
193 krb5_free_principal(context, princ);
195 /* Create `kadmin/hprop' for database propagation */
196 krb5_make_principal(context, &princ, realm,
197 "kadmin", "hprop", NULL);
198 create_random_entry(princ, 60*60, 60*60,
199 KRB5_KDB_REQUIRES_PRE_AUTH|
200 KRB5_KDB_DISALLOW_TGT_BASED);
201 krb5_free_principal(context, princ);
203 /* Create `default' */
205 kadm5_principal_ent_rec ent;
208 memset (&ent, 0, sizeof(ent));
209 mask |= KADM5_PRINCIPAL;
210 krb5_make_principal(context, &ent.principal, realm,
212 mask |= KADM5_MAX_LIFE;
213 ent.max_life = 24 * 60 * 60;
214 mask |= KADM5_MAX_RLIFE;
215 ent.max_renewable_life = 7 * ent.max_life;
216 ent.attributes = KRB5_KDB_DISALLOW_ALL_TIX;
217 mask |= KADM5_ATTRIBUTES;
219 ret = kadm5_create_principal(kadm_handle, &ent, mask, "");
221 krb5_err (context, 1, ret, "kadm5_create_principal");
223 krb5_free_principal(context, ent.principal);