Removing programs which are now in the new OV admin system

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8980 dc483132-0cff-0310-8789-dd5450dbe970

6 files changed, 0 insertions, 798 deletions

diff --git a/src/admin/create/.Sanitize b/src/admin/create/.Sanitize
deleted file mode 100644
index a74d8b55d..000000000
--- a/src/admin/create/.Sanitize
+++ /dev/null
@@ -1,38 +0,0 @@
-# Sanitize.in for Kerberos V5
-
-# Each directory to survive it's way into a release will need a file
-# like this one called "./.Sanitize".  All keyword lines must exist,
-# and must exist in the order specified by this file.  Each directory
-# in the tree will be processed, top down, in the following order.
-
-# Hash started lines like this one are comments and will be deleted
-# before anything else is done.  Blank lines will also be squashed
-# out.
-
-# The lines between the "Do-first:" line and the "Things-to-keep:"
-# line are executed as a /bin/sh shell script before anything else is
-# done in this 
-
-Do-first:
-
-# All files listed between the "Things-to-keep:" line and the
-# "Files-to-sed:" line will be kept.  All other files will be removed.
-# Directories listed in this section will have their own Sanitize
-# called.  Directories not listed will be removed in their entirety
-# with rm -rf.
-
-Things-to-keep:
-
-.cvsignore
-ChangeLog
-Makefile.in
-configure
-configure.in
-kdb5_create.M
-kdb5_create.c
-
-Things-to-lose:
-
-Do-last:
-
-# End of file.
diff --git a/src/admin/create/ChangeLog b/src/admin/create/ChangeLog
deleted file mode 100644
index 611bdf10e..000000000
--- a/src/admin/create/ChangeLog
+++ /dev/null
@@ -1,132 +0,0 @@
-Tue May  7 23:04:17 1996  Marc Horowitz  <marc@mit.edu>
-
-	* kdb5_create.c (add_principal): convert to used new krb5_dbe_*
- 	tl_data functions.
-
-	* configure.in: use USE_KADMSRV_LIBRARY instead of
- 	USE_KADM_LIBRARY.
-
-Wed Dec 13 03:44:58 1995  Chris Provenzano (proven@mit.edu)
-
-	* kdb5_create.c : Remove mkvno from krb5_db_entry.
-
-Thu Nov 09 17:05:57 1995  Chris Provenzano (proven@mit.edu)
-
-	* kdb5_create.c : Remove krb5_enctype from krb5_string_to_key() args.
-
-Wed Oct 18 14:25:29 1995    <tytso@rsts-11.mit.edu>
-
-	* kdb5_create.c (main): Add new option 's' which automatically
-	        stashes the master key in the key stash file.  This
-	        eliminates the need for the admin to type kdb5_stash right
-	        after kdb5_create.
-
-Wed Sep 13 19:02:50 1995  Theodore Y. Ts'o  <tytso@dcl>
-
-	* kdb5_create.c (tgt_keysalt_iterate): Don't bash the master key
-		encblock when creating the various TGT keys.  Otherwise,
-		the keys end up getting encrypted using the wrong
-		encryption algorithm.  Initialize a new encblock,
-		random_encblock, from the master key password.
-		(main):  Prompt for the master key password ourselves, and
-		store it away so that it can be used by tgt_keysalt_iterate.
-
-Wed Sep 06 14:20:57 1995   Chris Provenzano (proven@mit.edu)
-
-	* kdb5_create.c : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g
-
-Tue Sep 05 22:10:34 1995   Chris Provenzano (proven@mit.edu)
-
-	* kdb5_create.c : Remove krb5_enctype references, and replace with 
-		krb5_keytype where appropriate.
-
-Wed Aug 9 18:05:44 EDT 1995	Paul Park	(pjpark@mit.edu)
-	* kdb5_create.c - Use default key/salt tuple list or one generated from
-		reading KDC profile to determine which key types to make for
-		the tgt principal.
-
-
-Mon Jul 31 15:45:49 EDT 1995	Paul Park	(pjpark@mit.edu)
-	* kdb5_create.c - Use new admin string conversion routines.
-	* kdb5_create.M - Remove "string representation of integer" for keytype
-		and etype.
-
-
-Thu Jul 27 02:59:05 1995   Chris Provenzano (proven@mit.edu)
-
-	* kdb5_create.c : Use new kdb format.
-
-Mon Jul 17 14:58:00 EDT 1995	Paul Park	(pjpark@mit.edu)
-	* configure.in - Add KADM library.
-	* kdb5_create.c - Add KDC profile reading/handling as a supplement to
-		command line supplied arguments.  Change calling sequence to
-		krb5_db_fetch_mkey().
-
-
-Fri Jul 7 15:36:00 EDT 1995	Paul Park	(pjpark@mit.edu)
-	* Makefile.in - Remove all explicit library handling and LDFLAGS.
-	* configure.in - Add USE_KDB5_LIBRARY and KRB5_LIBRARIES.
-
-
-Fri Jun 30 14:30:07 EDT 1995	Paul Park	(pjpark@mit.edu)
-	* configure.in - Add --with-dbm to select between Berkeley and DBM
-		KDC database format.
-
-
-Thu Jun 15 15:29:39 EDT 1995	Paul Park	(pjpark@mit.edu)
-	* Makefile.in - Change explicit library names to -l<lib> form, and
-		change target link line to use $(LD) and associated flags.
-		Also, remove DBMLIB, it wasn't used.
-	* configure.in - Remove checks for dbm, they are not needed any
-		more with the Berkeley database code.  Add shared library
-		usage check.
-
-Fri Jun  9 18:14:21 1995    <tytso@rsx-11.mit.edu>
-
-	* configure.in: Remove standardized set of autoconf macros, which
-		are now handled by CONFIG_RULES.
-
-Thu Mar  2 12:18:02 1995  Theodore Y. Ts'o  <tytso@dcl>
-
-	* Makefile.in (ISODELIB): Remove reference to $(ISODELIB).
-
-Wed Mar  1 11:52:18 1995  Theodore Y. Ts'o  <tytso@dcl>
-
-	* configure.in: Remove ISODE_INCLUDE, replace check for -lsocket
-		and -lnsl with WITH_NETLIB check.
-
-Tue Feb 28 02:05:32 1995  John Gilmore  (gnu at toad.com)
-
-	* kdb5_create.c:  Avoid <krb5/...> and <com_err.h> includes.
-
-Fri Jan 13 15:23:47 1995  Chris Provenzano (proven@mit.edu)
-
-    * Added krb5_context to all krb5_routines
-
-Thu Oct  6 23:29:07 1994  Theodore Y. Ts'o  (tytso@dcl)
-
-	* kdb5_create.c (main): Add a new option so that the master key
-		password can be entered on the command line --- for
-		testing only; not documented!!
-
-Mon Oct  3 19:10:01 1994  Theodore Y. Ts'o  (tytso@dcl)
-
-	* Makefile.in: Use $(srcdir) to find manual page for make install.
-
-Fri Sep 30 22:04:35 1994  Theodore Y. Ts'o  (tytso@dcl)
-
-	* kdb5_create.c: Add placeholders for magic numbers.
-
-Thu Sep 29 22:19:37 1994  Theodore Y. Ts'o  (tytso@dcl)
-
-	* Makefile.in: Relink executable when libraries change.
-
-Tue Jul 19 18:56:59 1994  Tom Yu  (tlyu at dragons-lair)
-
-	* kdb5_create.c: start kvno and mkno at 1, not 0.
-
-Wed Jun 29 00:19:17 1994  Tom Yu  (tlyu at dragons-lair)
-
-	* kdb5_create.c: fixed up something that should have been a call
-	to init_ets()
-
diff --git a/src/admin/create/Makefile.in b/src/admin/create/Makefile.in
deleted file mode 100644
index 945a55301..000000000
--- a/src/admin/create/Makefile.in
+++ /dev/null
@@ -1,15 +0,0 @@
-CFLAGS = $(CCOPTS) $(DEFS) $(LOCALINCLUDE)
-
-all:: kdb5_create
-
-kdb5_create: kdb5_create.o $(DEPLIBS)
-	$(LD) $(LDFLAGS) $(LDARGS) -o kdb5_create kdb5_create.o $(LIBS)
-
-install::
-	$(INSTALL_PROGRAM) kdb5_create $(DESTDIR)$(ADMIN_BINDIR)/kdb5_create
-	$(INSTALL_DATA) $(srcdir)/kdb5_create.M $(DESTDIR)$(ADMIN_MANDIR)/kdb5_create.8
-
-clean::
-	$(RM) kdb5_create kdb5_create.o
-
-
diff --git a/src/admin/create/configure.in b/src/admin/create/configure.in
deleted file mode 100644
index c88475027..000000000
--- a/src/admin/create/configure.in
+++ /dev/null
@@ -1,8 +0,0 @@
-AC_INIT(kdb5_create.c)
-CONFIG_RULES
-AC_PROG_INSTALL
-USE_KADMSRV_LIBRARY
-USE_KDB5_LIBRARY
-KRB5_LIBRARIES
-V5_USE_SHARED_LIB
-V5_AC_OUTPUT_MAKEFILE
diff --git a/src/admin/create/kdb5_create.M b/src/admin/create/kdb5_create.M
deleted file mode 100644
index 7f9d3405f..000000000
--- a/src/admin/create/kdb5_create.M
+++ /dev/null
@@ -1,86 +0,0 @@
-.\" admin/create/kdb5_create.M
-.\"
-.\" Copyright 1990 by the Massachusetts Institute of Technology.
-.\"
-.\" Export of this software from the United States of America may
-.\"   require a specific license from the United States Government.
-.\"   It is the responsibility of any person or organization contemplating
-.\"   export to obtain such a license before exporting.
-.\" 
-.\" WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\" distribute this software and its documentation for any purpose and
-.\" without fee is hereby granted, provided that the above copyright
-.\" notice appear in all copies and that both that copyright notice and
-.\" this permission notice appear in supporting documentation, and that
-.\" the name of M.I.T. not be used in advertising or publicity pertaining
-.\" to distribution of the software without specific, written prior
-.\" permission.  M.I.T. makes no representations about the suitability of
-.\" this software for any purpose.  It is provided "as is" without express
-.\" or implied warranty.
-.\" 
-.\"
-.TH KDB5_CREATE 8 "Kerberos Version 5.0" "MIT Project Athena"
-.SH NAME
-kdb5_create \- create a new Kerberos V5 principal database
-.SH SYNOPSIS
-.B kdb5_create
-[
-.B \-r
-.I realm
-] [
-.B \-d
-.I dbname
-] [
-.B \-k
-.I keytype
-] [
-.B \-M
-.I mkeyname
-] [
-.B \-e
-.I enctype
-]
-.br
-.SH DESCRIPTION
-.I kdb5_create
-is used to create an empty Kerberos version 5 principal database.
-The user is prompted for the master password, which will be used to
-generate an encryption key under which all entries are stored (in order
-to provide some security against database theft).
-.PP
-The
-.B \-r
-.I realm
-option specifies the realm for which the database should be created;
-by default the realm returned by
-.IR krb5_default_local_realm (3)
-is used.
-.PP
-The
-.B \-d
-.I dbname
-option specifies the name under which the principal database is to be
-created; by default the database is in DEFAULT_DBM_FILE (normally
-/krb5/principal).
-.PP
-The
-.B \-k
-.I keytype
-option specifies the key type of the master key in the database.
-.PP
-The
-.B \-M
-.I mkeyname
-option specifies the principal name for the master key in the database;
-the default is KRB5_KDB_M_NAME (usually "K/M" in the KDC's realm).
-.PP
-The
-.B \-e
-.I enctype
-option specifies the encryption type to be used when placing entries in
-the database.
-keytype.
-.SH SEE ALSO
-krb5(3), krb5kdc(8)
-.SH BUGS
-Doesn't have flexibility about expiration times.
diff --git a/src/admin/create/kdb5_create.c b/src/admin/create/kdb5_create.c
deleted file mode 100644
index 963d16f03..000000000
--- a/src/admin/create/kdb5_create.c
+++ /dev/null
@@ -1,519 +0,0 @@
-/*
- * admin/create/kdb5_create.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- * 
- *
- * Generate (from scratch) a Kerberos KDC database.
- */
-
-#include "k5-int.h"
-#include "com_err.h"
-#include "adm.h"
-#include "adm_proto.h"
-#include <stdio.h>
-
-enum ap_op {
-    NULL_KEY,				/* setup null keys */
-    MASTER_KEY,				/* use master key as new key */
-    TGT_KEY				/* special handling for tgt key */
-};
-
-krb5_key_salt_tuple def_kslist = { ENCTYPE_DES_CBC_CRC, KRB5_KDB_SALTTYPE_NORMAL };
-
-struct realm_info {
-    krb5_deltat max_life;
-    krb5_deltat max_rlife;
-    krb5_timestamp expiration;
-    krb5_flags flags;
-    krb5_encrypt_block *eblock;
-    krb5_pointer rseed;
-    krb5_int32 nkslist;
-    krb5_key_salt_tuple *kslist;
-} rblock = { /* XXX */
-    KRB5_KDB_MAX_LIFE,
-    KRB5_KDB_MAX_RLIFE,
-    KRB5_KDB_EXPIRATION,
-    KRB5_KDB_DEF_FLAGS,
-    (krb5_encrypt_block *) NULL,
-    (krb5_pointer) NULL,
-    1,
-    &def_kslist
-};
-
-struct iterate_args {
-    krb5_context	ctx;
-    struct realm_info	*rblock;
-    krb5_db_entry	*dbentp;
-};
-
-static krb5_error_code add_principal 
-	PROTOTYPE((krb5_context,
-		   krb5_principal, 
-		   enum ap_op,
-		   struct realm_info *));
-
-/*
- * Steps in creating a database:
- *
- * 1) use the db calls to open/create a new database
- *
- * 2) get a realm name for the new db
- *
- * 3) get a master password for the new db; convert to an encryption key.
- *
- * 4) create various required entries in the database
- *
- * 5) close & exit
- */
-
-static void
-usage(who, status)
-char *who;
-int status;
-{
-    fprintf(stderr, "usage: %s [-d dbpathname] [-r realmname] [-k enctype]\n\
-\t[-M mkeyname]\n",
-	    who);
-    exit(status);
-}
-
-krb5_keyblock master_keyblock;
-krb5_principal master_princ;
-krb5_encrypt_block master_encblock;
-krb5_data master_salt;
-
-krb5_data tgt_princ_entries[] = {
-	{0, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME},
-	{0, 0, 0} };
-
-krb5_data db_creator_entries[] = {
-	{0, sizeof("db_creation")-1, "db_creation"} };
-
-/* XXX knows about contents of krb5_principal, and that tgt names
- are of form TGT/REALM@REALM */
-krb5_principal_data tgt_princ = {
-        0,					/* magic number */
-	{0, 0, 0},				/* krb5_data realm */
-	tgt_princ_entries,			/* krb5_data *data */
-	2,					/* int length */
-	KRB5_NT_SRV_INST			/* int type */
-};
-
-krb5_principal_data db_create_princ = {
-        0,					/* magic number */
-	{0, 0, 0},				/* krb5_data realm */
-	db_creator_entries,			/* krb5_data *data */
-	1,					/* int length */
-	KRB5_NT_SRV_INST			/* int type */
-};
-
-char *mkey_password = 0;
-
-void
-main(argc, argv)
-int argc;
-char *argv[];
-{
-    extern char *optarg;	
-    int optchar;
-
-    krb5_error_code retval;
-    char *dbname = (char *) NULL;
-    char *realm = 0;
-    char *mkey_name = 0;
-    char *mkey_fullname;
-    char *defrealm;
-    char *pw_str = 0;
-    char *keyfile = 0;
-    int pw_size = 0;
-    int enctypedone = 0;
-    int do_stash = 0;
-    krb5_data pwd;
-    krb5_context context;
-    krb5_realm_params *rparams;
-
-    krb5_init_context(&context);
-    krb5_init_ets(context);
-
-    if (strrchr(argv[0], '/'))
-	argv[0] = strrchr(argv[0], '/')+1;
-
-    while ((optchar = getopt(argc, argv, "d:r:k:M:e:P:sf:")) != EOF) {
-	switch(optchar) {
-	case 'd':			/* set db name */
-	    dbname = optarg;
-	    break;
-	case 'r':
-	    realm = optarg;
-	    break;
-	case 'k':
-	    if (!krb5_string_to_enctype(optarg, &master_keyblock.enctype))
-		enctypedone++;
-	    else
-		com_err(argv[0], 0, "%s is an invalid enctype", optarg);
-	    break;
-	case 's':
-	    do_stash++;
-	    break;
-	case 'f':
-	    keyfile = optarg;
-	    break;
-	case 'M':			/* master key name in DB */
-	    mkey_name = optarg;
-	    break;
-        case 'P':		/* Only used for testing!!! */
-	    mkey_password = optarg;
-	    break;
-	case '?':
-	default:
-	    usage(argv[0], 1);
-	    /*NOTREACHED*/
-	}
-    }
-
-    /*
-     * Attempt to read the KDC profile.  If we do, then read appropriate values
-     * from it and augment values supplied on the command line.
-     */
-    if (!(retval = krb5_read_realm_params(context,
-					  realm,
-					  (char *) NULL,
-					  (char *) NULL,
-					  &rparams))) {
-	/* Get the value for the database */
-	if (rparams->realm_dbname && !dbname)
-	    dbname = strdup(rparams->realm_dbname);
-
-	/* Get the value for the master key name */
-	if (rparams->realm_mkey_name && !mkey_name)
-	    mkey_name = strdup(rparams->realm_mkey_name);
-
-	/* Get the value for the master key type */
-	if (rparams->realm_enctype_valid && !enctypedone) {
-	    master_keyblock.enctype = rparams->realm_enctype;
-	    enctypedone++;
-	}
-
-	/* Get the value for maximum ticket lifetime. */
-	if (rparams->realm_max_life_valid)
-	    rblock.max_life = rparams->realm_max_life;
-
-	/* Get the value for maximum renewable ticket lifetime. */
-	if (rparams->realm_max_rlife_valid)
-	    rblock.max_rlife = rparams->realm_max_rlife;
-
-	/* Get the value for the default principal expiration */
-	if (rparams->realm_expiration_valid)
-	    rblock.expiration = rparams->realm_expiration;
-
-	/* Get the value for the default principal flags */
-	if (rparams->realm_flags_valid)
-	    rblock.flags = rparams->realm_flags;
-
-	/* Get the value of the supported key/salt pairs */
-	if (rparams->realm_num_keysalts) {
-	    rblock.nkslist = rparams->realm_num_keysalts;
-	    rblock.kslist = rparams->realm_keysalts;
-	    rparams->realm_num_keysalts = 0;
-	    rparams->realm_keysalts = (krb5_key_salt_tuple *) NULL;
-	}
-
-	/* Get the value for the stash file */
-	if (rparams->realm_stash_file && !keyfile)
-	    keyfile = strdup(rparams->realm_stash_file);
-
-	krb5_free_realm_params(context, rparams);
-    }
-
-    if (!dbname)
-	dbname = DEFAULT_KDB_FILE;
-
-    if (!enctypedone)
-	master_keyblock.enctype = DEFAULT_KDC_ENCTYPE;
-
-    if (!valid_enctype(master_keyblock.enctype)) {
-	char tmp[32];
-	if (krb5_enctype_to_string(master_keyblock.enctype, tmp, sizeof(tmp)))
-	    com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP,
-		    "while setting up enctype %d", master_keyblock.enctype);
-	else
-	    com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP, tmp);
-	exit(1);
-    }
-
-    krb5_use_enctype(context, &master_encblock, master_keyblock.enctype);
-
-    retval = krb5_db_set_name(context, dbname);
-    if (!retval) retval = EEXIST;
-
-    if (retval == EEXIST || retval == EACCES || retval == EPERM) {
-	/* it exists ! */
-	com_err(argv[0], 0, "The database '%s' appears to already exist",
-		dbname);
-	exit(1);
-    }
-    if (!realm) {
-	if ((retval = krb5_get_default_realm(context, &defrealm))) {
-	    com_err(argv[0], retval, "while retrieving default realm name");
-	    exit(1);
-	}	    
-	realm = defrealm;
-    }
-
-    /* assemble & parse the master key name */
-
-    if ((retval = krb5_db_setup_mkey_name(context, mkey_name, realm, 
-					  &mkey_fullname, &master_princ))) {
-	com_err(argv[0], retval, "while setting up master key name");
-	exit(1);
-    }
-
-    krb5_princ_set_realm_data(context, &db_create_princ, realm);
-    krb5_princ_set_realm_length(context, &db_create_princ, strlen(realm));
-    krb5_princ_set_realm_data(context, &tgt_princ, realm);
-    krb5_princ_set_realm_length(context, &tgt_princ, strlen(realm));
-    krb5_princ_component(context, &tgt_princ,1)->data = realm;
-    krb5_princ_component(context, &tgt_princ,1)->length = strlen(realm);
-
-    printf("Initializing database '%s' for realm '%s',\n\
-master key name '%s'\n",
-	   dbname, realm, mkey_fullname);
-
-    if (!mkey_password) {
-	printf("You will be prompted for the database Master Password.\n");
-	printf("It is important that you NOT FORGET this password.\n");
-	fflush(stdout);
-
-	pw_size = 1024;
-	pw_str = malloc(pw_size);
-	
-	retval = krb5_read_password(context, KRB5_KDC_MKEY_1, KRB5_KDC_MKEY_2,
-				    pw_str, &pw_size);
-	if (retval) {
-	    com_err(argv[0], retval, "while reading master key from keyboard");
-	    exit(1);
-	}
-	mkey_password = pw_str;
-    }
-
-    pwd.data = mkey_password;
-    pwd.length = strlen(mkey_password);
-    retval = krb5_principal2salt(context, master_princ, &master_salt);
-    if (retval) {
-	com_err(argv[0], retval, "while calculated master key salt");
-	exit(1);
-    }
-    if (retval = krb5_string_to_key(context, &master_encblock, 
-				    &master_keyblock, &pwd, &master_salt)) {
-	com_err(argv[0], retval, "while transforming master key from password");
-	exit(1);
-    }
-
-    if ((retval = krb5_process_key(context, &master_encblock,
-				   &master_keyblock))) {
-	com_err(argv[0], retval, "while processing master key");
-	exit(1);
-    }
-
-    rblock.eblock = &master_encblock;
-    if ((retval = krb5_init_random_key(context, &master_encblock, 
-				       &master_keyblock, &rblock.rseed))) {
-	com_err(argv[0], retval, "while initializing random key generator");
-	(void) krb5_finish_key(context, &master_encblock);
-	exit(1);
-    }
-    if ((retval = krb5_db_create(context, dbname))) {
-	(void) krb5_finish_key(context, &master_encblock);
-	(void) krb5_finish_random_key(context, &master_encblock, &rblock.rseed);
-	com_err(argv[0], retval, "while creating database '%s'",
-		dbname);
-	exit(1);
-    }
-    if ((retval = krb5_db_set_name(context, dbname))) {
-	(void) krb5_finish_key(context, &master_encblock);
-	(void) krb5_finish_random_key(context, &master_encblock, &rblock.rseed);
-        com_err(argv[0], retval, "while setting active database to '%s'",
-                dbname);
-        exit(1);
-    }
-    if ((retval = krb5_db_init(context))) {
-	(void) krb5_finish_key(context, &master_encblock);
-	(void) krb5_finish_random_key(context, &master_encblock, &rblock.rseed);
-	com_err(argv[0], retval, "while initializing the database '%s'",
-		dbname);
-	exit(1);
-    }
-
-    if ((retval = add_principal(context, master_princ, MASTER_KEY, &rblock)) ||
-	(retval = add_principal(context, &tgt_princ, TGT_KEY, &rblock))) {
-	(void) krb5_db_fini(context);
-	(void) krb5_finish_key(context, &master_encblock);
-	(void) krb5_finish_random_key(context, &master_encblock, &rblock.rseed);
-	com_err(argv[0], retval, "while adding entries to the database");
-	exit(1);
-    }
-    if (do_stash &&
-	((retval = krb5_db_store_mkey(context, keyfile, master_princ, 
-				    &master_keyblock)))) {
-	com_err(argv[0], errno, "while storing key");
-	printf("Warning: couldn't stash master key.\n");
-    }
-    /* clean up */
-    (void) krb5_db_fini(context);
-    (void) krb5_finish_key(context, &master_encblock);
-    (void) krb5_finish_random_key(context, &master_encblock, &rblock.rseed);
-    memset((char *)master_keyblock.contents, 0, master_keyblock.length);
-    free(master_keyblock.contents);
-    if (pw_str) {
-	memset(pw_str, 0, pw_size);
-	free(pw_str);
-    }
-    free(master_salt.data);
-    exit(0);
-
-}
-
-static krb5_error_code
-tgt_keysalt_iterate(ksent, ptr)
-    krb5_key_salt_tuple	*ksent;
-    krb5_pointer	ptr;
-{
-    krb5_context	context;
-    krb5_error_code	kret;
-    struct iterate_args	*iargs;
-    krb5_keyblock	random_keyblock, *key;
-    krb5_int32		ind;
-    krb5_encrypt_block  random_encblock;
-    krb5_pointer rseed;
-    krb5_data	pwd;
-
-    iargs = (struct iterate_args *) ptr;
-    kret = 0;
-
-    context = iargs->ctx;
-
-    /*
-     * Convert the master key password into a key for this particular
-     * encryption system.
-     */
-    krb5_use_enctype(context, &random_encblock, ksent->ks_enctype);
-    pwd.data = mkey_password;
-    pwd.length = strlen(mkey_password);
-    if (kret = krb5_string_to_key(context, &random_encblock, &random_keyblock, 
-			      &pwd, &master_salt))
-	return kret;
-    if ((kret = krb5_init_random_key(context, &random_encblock, 
-				       &random_keyblock, &rseed)))
-	return kret;
-    
-    if (!(kret = krb5_dbe_create_key_data(iargs->ctx, iargs->dbentp))) {
-	ind = iargs->dbentp->n_key_data-1;
-	if (!(kret = krb5_random_key(context,
-				     &random_encblock, rseed,
-				     &key))) {
-	    kret = krb5_dbekd_encrypt_key_data(context,
-					       iargs->rblock->eblock,
-					       key, 
-					       NULL,
-					       1,
-					       &iargs->dbentp->key_data[ind]);
-	    krb5_free_keyblock(context, key);
-	}
-    }
-    memset((char *)random_keyblock.contents, 0, random_keyblock.length);
-    free(random_keyblock.contents);
-    (void) krb5_finish_random_key(context, &random_encblock, &rseed);
-    return(kret);
-}
-
-static krb5_error_code
-add_principal(context, princ, op, pblock)
-    krb5_context context;
-    krb5_principal princ;
-    enum ap_op op;
-    struct realm_info *pblock;
-{
-    krb5_error_code 	  retval;
-    krb5_db_entry 	  entry;
-
-    krb5_timestamp	  now;
-    struct iterate_args	  iargs;
-
-    int			  nentries = 1;
-
-    memset((char *) &entry, 0, sizeof(entry));
-
-    entry.len = KRB5_KDB_V1_BASE_LENGTH;
-    entry.attributes = pblock->flags;
-    entry.max_life = pblock->max_life;
-    entry.max_renewable_life = pblock->max_rlife;
-    entry.expiration = pblock->expiration;
-
-    if ((retval = krb5_copy_principal(context, princ, &entry.princ)))
-	goto error_out;
-
-    if ((retval = krb5_timeofday(context, &now)))
-	goto error_out;
-
-    if ((retval = krb5_dbe_update_mod_princ_data(context, &entry,
-						 now, &db_create_princ)))
-	goto error_out;
-
-    switch (op) {
-    case MASTER_KEY:
-	if ((entry.key_data=(krb5_key_data*)malloc(sizeof(krb5_key_data)))
-	    == NULL)
-	    goto error_out;
-	memset((char *) entry.key_data, 0, sizeof(krb5_key_data));
-	entry.n_key_data = 1;
-
-	entry.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
-	if ((retval = krb5_dbekd_encrypt_key_data(context, pblock->eblock,
-						  &master_keyblock, NULL, 
-						  1, entry.key_data)))
-	    return retval;
-	break;
-    case TGT_KEY:
-	iargs.ctx = context;
-	iargs.rblock = pblock;
-	iargs.dbentp = &entry;
-	/*
-	 * Iterate through the key/salt list, ignoring salt types.
-	 */
-	if ((retval = krb5_keysalt_iterate(pblock->kslist,
-					   pblock->nkslist,
-					   1,
-					   tgt_keysalt_iterate,
-					   (krb5_pointer) &iargs)))
-	    return retval;
-	break;
-    case NULL_KEY:
-	return EOPNOTSUPP;
-    default:
-	break;
-    }
-
-    retval = krb5_db_put_principal(context, &entry, &nentries);
-
-error_out:;
-    krb5_dbe_free_contents(context, &entry);
-    return retval;
-}