summaryrefslogtreecommitdiffstats
path: root/src/kadmin/dbutil/kdb5_create.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/kadmin/dbutil/kdb5_create.c')
-rw-r--r--src/kadmin/dbutil/kdb5_create.c25
1 files changed, 23 insertions, 2 deletions
diff --git a/src/kadmin/dbutil/kdb5_create.c b/src/kadmin/dbutil/kdb5_create.c
index c7fb31bb20..6a638a3512 100644
--- a/src/kadmin/dbutil/kdb5_create.c
+++ b/src/kadmin/dbutil/kdb5_create.c
@@ -230,6 +230,10 @@ master key name '%s'\n",
pw_size = 1024;
pw_str = malloc(pw_size);
+ if (pw_str == NULL) {
+ com_err(progname, ENOMEM, "while creating new master key");
+ exit_status++; return;
+ }
retval = krb5_read_password(util_context, KRB5_KDC_MKEY_1, KRB5_KDC_MKEY_2,
pw_str, &pw_size);
@@ -315,6 +319,9 @@ master key name '%s'\n",
com_err(progname, retval, "while adding entries to the database");
exit_status++; return;
}
+
+
+
/*
* Always stash the master key so kadm5_create does not prompt for
* it; delete the file below if it was not requested. DO NOT EXIT
@@ -414,11 +421,10 @@ add_principal(context, princ, op, pblock)
krb5_error_code retval;
krb5_db_entry entry;
krb5_kvno mkey_kvno;
-
krb5_timestamp now;
struct iterate_args iargs;
-
int nentries = 1;
+ krb5_actkvno_node actkvno;
memset((char *) &entry, 0, sizeof(entry));
@@ -455,6 +461,21 @@ add_principal(context, princ, op, pblock)
&master_keyblock, NULL,
mkey_kvno, entry.key_data)))
return retval;
+ /*
+ * There should always be at least one "active" mkey so creating the
+ * KRB5_TL_ACTKVNO entry now so the initial mkey is active.
+ */
+ actkvno.next = NULL;
+ actkvno.act_kvno = mkey_kvno;
+ /* earliest possible time in case system clock is set back */
+ actkvno.act_time = 0;
+ if ((retval = krb5_dbe_update_actkvno(context, &entry, &actkvno)))
+ return retval;
+
+ /* so getprinc shows the right kvno */
+ if ((retval = krb5_dbe_update_mkvno(context, &entry, mkey_kvno)))
+ return retval;
+
break;
case TGT_KEY:
iargs.ctx = context;
generated by cgit (git 2.34.1) at 2024-06-07 21:41:22 +0000