* kadmin.c (kadmin_addprinc): add "default" policy behavior;

 	delete kadmin_renprinc entirely, since it is no longer supported
 	by the api and there is no ss command for it anyway

	* kadmin.M: document "default" policy behavior.  [krb5-admin/84]

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9158 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 44 insertions, 76 deletions

diff --git a/src/kadmin/cli/ChangeLog b/src/kadmin/cli/ChangeLog
index 49c712e33..90ab3400b 100644
--- a/src/kadmin/cli/ChangeLog
+++ b/src/kadmin/cli/ChangeLog
@@ -1,3 +1,11 @@
+Wed Oct  9 15:23:51 1996  Barry Jaspan  <bjaspan@mit.edu>
+
+	* kadmin.c (kadmin_addprinc): add "default" policy behavior;
+ 	delete kadmin_renprinc entirely, since it is no longer supported
+ 	by the api and there is no ss command for it anyway
+
+	* kadmin.M: document "default" policy behavior.  [krb5-admin/84]
+
 Fri Oct  4 16:37:30 1996  Kevin L Mitchell  <klmitch@mit.edu>
 
 	* kadmin.c (kadmin_renprinc): Changed newcanon to oldcanon in the
diff --git a/src/kadmin/cli/kadmin.M b/src/kadmin/cli/kadmin.M
index e2c9a2b84..b744b88a8 100644
--- a/src/kadmin/cli/kadmin.M
+++ b/src/kadmin/cli/kadmin.M
@@ -151,7 +151,13 @@ Specifying "ago" in a duration may result in unexpected behavior.
 \fBadd_principal\fP [\fIoptions\fP] \fInewprinc\fP
 creates the principal
 .IR newprinc ,
-prompting twice for a password.  This command requires the
+prompting twice for a password.  If no policy is specified with the
+-policy option, and the policy named "default" exists, then that
+policy is assigned to the principal; note that the assignment of the
+policy "default" only occurs automatically when a principal is first
+created, so the policy "default" must already exist for the assignment
+to occur.  This assignment of "default" can be suppressed with the
+-clearpolicy option.  This command requires the 
 .I add
 privilege.  This command has the aliases
 .B addprinc
@@ -176,8 +182,17 @@ maximum renewable life of tickets for the principal
 explicity set the key version number.
 .TP
 \fB\-policy\fP \fIpolicy\fP
-policy used by this principal.  If no policy is supplied, the principal
-will default to having no policy, and a warning message will be printed.
+policy used by this principal.  If no policy is supplied, then if the
+policy "default" exists and the -clearpolicy is not also specified,
+then the policy "default" is used; otherwise, the principal 
+will have no policy, and a warning message will be printed.
+.TP
+\fB\-clearpolicy\fP 
+.B -clearpolicy
+prevents the policy "default" from being assigned when 
+.B -policy
+is not specified.  This option has no effect if the policy "default"
+does not exist.
 .TP
 {\fB\-\fP|\fB+\fP}\fBallow_postdated\fP
 .B -allow_postdated
diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c
index 3080652e0..9d12a4c79 100644
--- a/src/kadmin/cli/kadmin.c
+++ b/src/kadmin/cli/kadmin.c
@@ -493,79 +493,6 @@ void kadmin_delprinc(argc, argv)
     return;
 }
 
-void kadmin_renprinc(argc, argv)
-    int argc;
-    char *argv[];
-{
-    krb5_principal oldprinc, newprinc;
-    char *oldcanon, *newcanon;
-    char reply[5];
-    kadm5_ret_t retval;
-    
-    if (! (argc == 3 ||
-	   (argc == 4 && !strcmp("-force", argv[1])))) {
-	 fprintf(stderr, "usage: rename_principal [-force] old new\n");
-	 return;
-    }
-    retval = kadmin_parse_name(argv[argc - 2], &oldprinc);
-    if (retval) {
-	com_err("rename_principal", retval, "while parsing old principal");
-	return;
-    }
-    retval = kadmin_parse_name(argv[argc - 1], &newprinc);
-    if (retval) {
-	krb5_free_principal(context, oldprinc);
-	com_err("rename_principal", retval, "while parsing new principal");
-	return;
-    }
-    retval = krb5_unparse_name(context, oldprinc, &oldcanon);
-    if (retval) {
-	com_err("rename_principal", retval,
-		"while canonicalizing old principal");
-	krb5_free_principal(context, newprinc);
-	krb5_free_principal(context, oldprinc);
-	return;
-    }
-    retval = krb5_unparse_name(context, newprinc, &newcanon);
-    if (retval) {
-	com_err("rename_principal", retval,
-		"while canonicalizing new principal");
-	free(oldcanon);
-	krb5_free_principal(context, newprinc);
-	krb5_free_principal(context, oldprinc);
-	return;
-    }
-    if (argc == 3) {
-	printf("Are you sure you want to rename the principal \"%s\" to \"%s\"? (yes/no): ",
-	       oldcanon, newcanon);
-	fgets(reply, sizeof (reply), stdin);
-	if (strcmp("yes\n", reply)) {
-	    fprintf(stderr,
-		    "rename_principal: \"%s\" NOT renamed to \"%s\".\n",
-		    oldcanon, newcanon);
-	    free(newcanon);
-	    free(oldcanon);
-	    krb5_free_principal(context, newprinc);
-	    krb5_free_principal(context, oldprinc);
-	    return;
-	}
-    }
-    retval = kadm5_rename_principal(handle, oldprinc, newprinc);
-    krb5_free_principal(context, oldprinc);
-    krb5_free_principal(context, newprinc);
-    if (retval) {
-	com_err("rename_principal", retval,
-		"while renaming \"%s\" to \"%s\".", oldcanon,
-		newcanon);
-	free(newcanon);
-	free(oldcanon);
-	return;
-    }
-    printf("Principal \"%s\" renamed to \"%s\".\nMake sure that you have removed \"%s\" from all ACLs before reusing.\n",
-	   oldcanon, newcanon, oldcanon);
-    return;
-}
-
 void kadmin_cpw(argc, argv)
     int argc;
     char *argv[];
@@ -846,6 +773,7 @@ void kadmin_addprinc(argc, argv)
     char *argv[];
 {
     kadm5_principal_ent_rec princ;
+    kadm5_policy_ent_rec defpol;
     long mask;
     int randkey = 0;
     char *pass, *canon;
@@ -863,6 +791,7 @@ void kadmin_addprinc(argc, argv)
 	 kadmin_addprinc_usage("add_principal");
 	 return;
     }
+
     retval = krb5_unparse_name(context, princ.principal, &canon);
     if (retval) {
 	com_err("add_principal",
@@ -870,6 +799,22 @@ void kadmin_addprinc(argc, argv)
 	krb5_free_principal(context, princ.principal);
 	return;
     }
+
+    /*
+     * If -policy was not specified, and -clearpolicy was not
+     * specified, and the policy "default" exists, assign it.  If
+     * -clearpolicy was specified, then KADM5_POLICY_CLR should be
+     * unset, since it is never valid for kadm5_create_principal.
+     */
+    if ((! (mask & KADM5_POLICY)) &&
+	(! (mask & KADM5_POLICY_CLR)) &&
+	(! (retval = kadm5_get_policy(handle, "default", &defpol)))) {
+	 princ.policy = "default";
+	 mask |= KADM5_POLICY;
+	 (void) kadm5_free_policy_ent(handle, &defpol);
+    }
+    mask &= ~KADM5_POLICY_CLR;
+    
     if (randkey) {		/* do special stuff if -randkey specified */
 	princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX; /* set notix */
 	mask |= KADM5_ATTRIBUTES;