diff options
author | Greg Hudson <ghudson@mit.edu> | 2009-09-21 18:40:02 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2009-09-21 18:40:02 +0000 |
commit | f07bca9fc94a5cf2e3c0f58226c7973a4b86b7a9 (patch) | |
tree | d025c8c46724b63e7e92d85ecf290c0f4cbcf7ac /src/lib/kadm5/srv/svr_principal.c | |
parent | f36a5ba4e2fd034d9f261b1b4faaa28e7c7e46e7 (diff) | |
download | krb5-f07bca9fc94a5cf2e3c0f58226c7973a4b86b7a9.tar.gz krb5-f07bca9fc94a5cf2e3c0f58226c7973a4b86b7a9.tar.xz krb5-f07bca9fc94a5cf2e3c0f58226c7973a4b86b7a9.zip |
Improve the mechanism used for addprinc -randkey. In the kadmin
server, if the password is null when creating a principal, treat that
as a request for a random key. In the kadmin client, try using the
new method for random key creation and then fall back to the old one.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22782 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/kadm5/srv/svr_principal.c')
-rw-r--r-- | src/lib/kadm5/srv/svr_principal.c | 35 |
1 files changed, 23 insertions, 12 deletions
diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index 5c5cdc8cc..1a60f52f4 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -226,7 +226,7 @@ kadm5_create_principal_3(void *server_handle, return KADM5_BAD_MASK; if((mask & ~ALL_PRINC_MASK)) return KADM5_BAD_MASK; - if (entry == (kadm5_principal_ent_t) NULL || password == NULL) + if (entry == NULL) return EINVAL; /* @@ -260,11 +260,14 @@ kadm5_create_principal_3(void *server_handle, return ret; } } - if ((ret = passwd_check(handle, password, (mask & KADM5_POLICY), - &polent, entry->principal))) { - if (mask & KADM5_POLICY) - (void) kadm5_free_policy_ent(handle->lhandle, &polent); - return ret; + if (password) { + ret = passwd_check(handle, password, (mask & KADM5_POLICY), + &polent, entry->principal); + if (ret) { + if (mask & KADM5_POLICY) + (void) kadm5_free_policy_ent(handle->lhandle, &polent); + return ret; + } } /* * Start populating the various DB fields, using the @@ -360,12 +363,20 @@ kadm5_create_principal_3(void *server_handle, return (ret); } - if ((ret = krb5_dbe_cpw(handle->context, act_mkey, - n_ks_tuple?ks_tuple:handle->params.keysalts, - n_ks_tuple?n_ks_tuple:handle->params.num_keysalts, - password, - (mask & KADM5_KVNO)?entry->kvno:1, - FALSE, &kdb))) { + if (password) { + ret = krb5_dbe_cpw(handle->context, act_mkey, + n_ks_tuple?ks_tuple:handle->params.keysalts, + n_ks_tuple?n_ks_tuple:handle->params.num_keysalts, + password, (mask & KADM5_KVNO)?entry->kvno:1, + FALSE, &kdb); + } else { + /* Null password means create with random key (new in 1.8). */ + ret = krb5_dbe_crk(handle->context, &master_keyblock, + n_ks_tuple?ks_tuple:handle->params.keysalts, + n_ks_tuple?n_ks_tuple:handle->params.num_keysalts, + FALSE, &kdb); + } + if (ret) { krb5_db_free_principal(handle->context, &kdb, 1); if (mask & KADM5_POLICY) (void) kadm5_free_policy_ent(handle->lhandle, &polent); |