1 /*
2 * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
3 * Use is subject to license terms.
4 */
5
6 #pragma ident "@(#)kdb5_create.c 1.9 04/09/08 SMI"
7
8 /*
9 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
10 *
11 * Openvision retains the copyright to derivative works of
12 * this source code. Do *NOT* create a derivative of this
13 * source code before consulting with your legal department.
14 * Do *NOT* integrate *ANY* of this source code into another
15 * product before consulting with your legal department.
16 *
17 * For further information, read the top-level Openvision
18 * copyright which is contained in the top-level MIT Kerberos
19 * copyright.
20 *
21 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
22 *
23 */
24
25
26 /*
69 #define krb5_dbm_db_set_nonblocking krb5_db_set_nonblocking
70 #define krb5_dbm_db_init krb5_db_init
71 #define krb5_dbm_db_get_age krb5_db_get_age
72 #define krb5_dbm_db_create krb5_db_create
73 #define krb5_dbm_db_rename krb5_db_rename
74 #define krb5_dbm_db_get_principal krb5_db_get_principal
75 #define krb5_dbm_db_free_principal krb5_db_free_principal
76 #define krb5_dbm_db_put_principal krb5_db_put_principal
77 #define krb5_dbm_db_delete_principal krb5_db_delete_principal
78 #define krb5_dbm_db_lock krb5_db_lock
79 #define krb5_dbm_db_unlock krb5_db_unlock
80 #define krb5_dbm_db_set_lockmode krb5_db_set_lockmode
81 #define krb5_dbm_db_close_database krb5_db_close_database
82 #define krb5_dbm_db_open_database krb5_db_open_database
83
84 #include <kadm5/admin.h>
85 #include <rpc/types.h>
86 #include <rpc/xdr.h>
87 #include <kadm5/adb.h>
88 #include <libintl.h>
89
90 enum ap_op {
91 NULL_KEY, /* setup null keys */
92 MASTER_KEY, /* use master key as new key */
93 TGT_KEY /* special handling for tgt key */
94 };
95
96 krb5_key_salt_tuple def_kslist =
97 {ENCTYPE_DES_CBC_CRC, KRB5_KDB_SALTTYPE_NORMAL};
98
99 struct realm_info {
100 krb5_deltat max_life;
101 krb5_deltat max_rlife;
102 krb5_timestamp expiration;
103 krb5_flags flags;
104 krb5_keyblock *key;
105 krb5_int32 nkslist;
106 krb5_key_salt_tuple *kslist;
107 } rblock = { /* XXX */
108
175 extern char *progname;
176 extern int exit_status;
177 extern osa_adb_policy_t policy_db;
178 extern kadm5_config_params global_params;
179 extern krb5_context util_context;
180
181 void
182 kdb5_create(argc, argv)
183 int argc;
184 char *argv[];
185 {
186 int optchar;
187
188 krb5_error_code retval;
189 char *mkey_fullname;
190 char *pw_str = 0;
191 unsigned int pw_size = 0;
192 int do_stash = 0;
193 krb5_int32 crflags = KRB5_KDB_CREATE_BTREE;
194 krb5_data pwd, seed;
195 krb5_keyblock mkey;
196 krb5_data master_salt = { 0, NULL };
197
198 if (strrchr(argv[0], '/'))
199 argv[0] = strrchr(argv[0], '/')+1;
200
201 while ((optchar = getopt(argc, argv, "s")) != -1) {
202 switch(optchar) {
203 case 's':
204 do_stash++;
205 break;
206 case 'h':
207 crflags = KRB5_KDB_CREATE_HASH;
208 case '?':
209 default:
210 usage();
211 return;
212 }
213 }
214
215 rblock.max_life = global_params.max_life;
216 rblock.max_rlife = global_params.max_rlife;
217 rblock.expiration = global_params.expiration;
218 rblock.flags = global_params.flags;
219 rblock.nkslist = global_params.num_keysalts;
220 rblock.kslist = global_params.keysalts;
221
222 retval = krb5_db_set_name(util_context, global_params.dbname);
223 if (!retval)
224 retval = EEXIST;
225
226 if (retval == EEXIST || retval == EACCES || retval == EPERM) {
227 /* it exists ! */
228 com_err(argv[0], 0,
229 gettext("The database '%s' appears to already exist"),
230 global_params.dbname);
231 exit_status++;
232 return;
233 }
234 /* assemble & parse the master key name */
235
236 if ((retval = krb5_db_setup_mkey_name(util_context,
237 global_params.mkey_name,
238 global_params.realm,
239 &mkey_fullname, &master_princ))) {
240 com_err(argv[0], retval,
241 gettext("while setting up master key name"));
330 com_err(argv[0], retval,
331 gettext("while closing current database"));
332 exit_status++;
333 goto cleanup;
334 }
335 if ((retval = krb5_db_set_name(util_context, global_params.dbname))) {
336 com_err(argv[0], retval,
337 gettext("while setting active database to '%s'"),
338 global_params.dbname);
339 exit_status++;
340 goto cleanup;
341 }
342 if ((retval = krb5_db_init(util_context))) {
343 com_err(argv[0], retval,
344 gettext("while initializing the database '%s'"),
345 global_params.dbname);
346 exit_status++;
347 goto cleanup;
348 }
349
350 if ((retval = add_principal(util_context,
351 master_princ, MASTER_KEY, &rblock, &mkey)) ||
352 (retval = add_principal(util_context,
353 &tgt_princ, TGT_KEY, &rblock, &mkey))) {
354 (void) krb5_db_fini(util_context);
355 com_err(argv[0], retval,
356 gettext("while adding entries to the database"));
357 exit_status++;
358 goto cleanup;
359 }
360 /*
361 * Always stash the master key so kadm5_create does not prompt for
362 * it; delete the file below if it was not requested. DO NOT EXIT
363 * BEFORE DELETING THE KEYFILE if do_stash is not set.
364 */
365 if (retval = krb5_db_store_mkey(util_context,
366 global_params.stash_file,
367 master_princ,
368 &mkey)) {
369 com_err(argv[0], errno, gettext("while storing key"));
|
1 /*
2 * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
3 * Use is subject to license terms.
4 */
5
6 #pragma ident "@(#)kdb5_create.c 1.8 04/05/04 SMI"
7
8 /*
9 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
10 *
11 * Openvision retains the copyright to derivative works of
12 * this source code. Do *NOT* create a derivative of this
13 * source code before consulting with your legal department.
14 * Do *NOT* integrate *ANY* of this source code into another
15 * product before consulting with your legal department.
16 *
17 * For further information, read the top-level Openvision
18 * copyright which is contained in the top-level MIT Kerberos
19 * copyright.
20 *
21 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
22 *
23 */
24
25
26 /*
69 #define krb5_dbm_db_set_nonblocking krb5_db_set_nonblocking
70 #define krb5_dbm_db_init krb5_db_init
71 #define krb5_dbm_db_get_age krb5_db_get_age
72 #define krb5_dbm_db_create krb5_db_create
73 #define krb5_dbm_db_rename krb5_db_rename
74 #define krb5_dbm_db_get_principal krb5_db_get_principal
75 #define krb5_dbm_db_free_principal krb5_db_free_principal
76 #define krb5_dbm_db_put_principal krb5_db_put_principal
77 #define krb5_dbm_db_delete_principal krb5_db_delete_principal
78 #define krb5_dbm_db_lock krb5_db_lock
79 #define krb5_dbm_db_unlock krb5_db_unlock
80 #define krb5_dbm_db_set_lockmode krb5_db_set_lockmode
81 #define krb5_dbm_db_close_database krb5_db_close_database
82 #define krb5_dbm_db_open_database krb5_db_open_database
83
84 #include <kadm5/admin.h>
85 #include <rpc/types.h>
86 #include <rpc/xdr.h>
87 #include <kadm5/adb.h>
88 #include <libintl.h>
89 #include "kdb5_util.h"
90
91 enum ap_op {
92 NULL_KEY, /* setup null keys */
93 MASTER_KEY, /* use master key as new key */
94 TGT_KEY /* special handling for tgt key */
95 };
96
97 krb5_key_salt_tuple def_kslist =
98 {ENCTYPE_DES_CBC_CRC, KRB5_KDB_SALTTYPE_NORMAL};
99
100 struct realm_info {
101 krb5_deltat max_life;
102 krb5_deltat max_rlife;
103 krb5_timestamp expiration;
104 krb5_flags flags;
105 krb5_keyblock *key;
106 krb5_int32 nkslist;
107 krb5_key_salt_tuple *kslist;
108 } rblock = { /* XXX */
109
176 extern char *progname;
177 extern int exit_status;
178 extern osa_adb_policy_t policy_db;
179 extern kadm5_config_params global_params;
180 extern krb5_context util_context;
181
182 void
183 kdb5_create(argc, argv)
184 int argc;
185 char *argv[];
186 {
187 int optchar;
188
189 krb5_error_code retval;
190 char *mkey_fullname;
191 char *pw_str = 0;
192 unsigned int pw_size = 0;
193 int do_stash = 0;
194 krb5_int32 crflags = KRB5_KDB_CREATE_BTREE;
195 krb5_data pwd, seed;
196 kdb_log_context *log_ctx;
197 krb5_keyblock mkey;
198 krb5_data master_salt = { 0, NULL };
199
200 if (strrchr(argv[0], '/'))
201 argv[0] = strrchr(argv[0], '/')+1;
202
203 while ((optchar = getopt(argc, argv, "s")) != -1) {
204 switch(optchar) {
205 case 's':
206 do_stash++;
207 break;
208 case 'h':
209 crflags = KRB5_KDB_CREATE_HASH;
210 case '?':
211 default:
212 usage();
213 return;
214 }
215 }
216
217 rblock.max_life = global_params.max_life;
218 rblock.max_rlife = global_params.max_rlife;
219 rblock.expiration = global_params.expiration;
220 rblock.flags = global_params.flags;
221 rblock.nkslist = global_params.num_keysalts;
222 rblock.kslist = global_params.keysalts;
223
224 log_ctx = util_context->kdblog_context;
225
226 retval = krb5_db_set_name(util_context, global_params.dbname);
227 if (!retval)
228 retval = EEXIST;
229
230 if (retval == EEXIST || retval == EACCES || retval == EPERM) {
231 /* it exists ! */
232 com_err(argv[0], 0,
233 gettext("The database '%s' appears to already exist"),
234 global_params.dbname);
235 exit_status++;
236 return;
237 }
238 /* assemble & parse the master key name */
239
240 if ((retval = krb5_db_setup_mkey_name(util_context,
241 global_params.mkey_name,
242 global_params.realm,
243 &mkey_fullname, &master_princ))) {
244 com_err(argv[0], retval,
245 gettext("while setting up master key name"));
334 com_err(argv[0], retval,
335 gettext("while closing current database"));
336 exit_status++;
337 goto cleanup;
338 }
339 if ((retval = krb5_db_set_name(util_context, global_params.dbname))) {
340 com_err(argv[0], retval,
341 gettext("while setting active database to '%s'"),
342 global_params.dbname);
343 exit_status++;
344 goto cleanup;
345 }
346 if ((retval = krb5_db_init(util_context))) {
347 com_err(argv[0], retval,
348 gettext("while initializing the database '%s'"),
349 global_params.dbname);
350 exit_status++;
351 goto cleanup;
352 }
353
354 if (log_ctx && log_ctx->iproprole) {
355 if (retval = ulog_map(util_context, &global_params, FKCOMMAND)) {
356 com_err(argv[0], retval,
357 gettext("while creating update log"));
358 exit_status++;
359 goto cleanup;
360 }
361
362 /*
363 * We're reinitializing the update log in case one already
364 * existed, but this should never happen.
365 */
366 (void) memset(log_ctx->ulog, 0, sizeof (kdb_hlog_t));
367
368 log_ctx->ulog->kdb_hmagic = KDB_HMAGIC;
369 log_ctx->ulog->db_version_num = KDB_VERSION;
370 log_ctx->ulog->kdb_state = KDB_STABLE;
371 log_ctx->ulog->kdb_block = ULOG_BLOCK;
372
373 /*
374 * Since we're creating a new db we shouldn't worry about
375 * adding the initial principals since any slave might as well
376 * do full resyncs from this newly created db.
377 */
378 log_ctx->iproprole = IPROP_NULL;
379 }
380
381 if ((retval = add_principal(util_context,
382 master_princ, MASTER_KEY, &rblock, &mkey)) ||
383 (retval = add_principal(util_context,
384 &tgt_princ, TGT_KEY, &rblock, &mkey))) {
385 (void) krb5_db_fini(util_context);
386 com_err(argv[0], retval,
387 gettext("while adding entries to the database"));
388 exit_status++;
389 goto cleanup;
390 }
391 /*
392 * Always stash the master key so kadm5_create does not prompt for
393 * it; delete the file below if it was not requested. DO NOT EXIT
394 * BEFORE DELETING THE KEYFILE if do_stash is not set.
395 */
396 if (retval = krb5_db_store_mkey(util_context,
397 global_params.stash_file,
398 master_princ,
399 &mkey)) {
400 com_err(argv[0], errno, gettext("while storing key"));
|