if (!update && (kret = osa_adb_create_policy_db(&newparams))) {
fprintf(stderr, "%s: %s while creating policy database\n",
programname, error_message(kret));
+ exit_status++;
+ kadm5_free_config_params(kcontext, &newparams);
+ if (dumpfile) fclose(f);
+ return;
+ }
+ if (!update && (load != &beta7_version) &&
+ (kret = kadm5_create_magic_princs(&newparams, kcontext))) {
+ fprintf(stderr, "%s: %s while creating KADM5 principals\n",
+ programname, error_message(kret));
+ exit_status++;
kadm5_free_config_params(kcontext, &newparams);
if (dumpfile) fclose(f);
return;
#define ADMIN_LIFETIME 60*60*3 /* 3 hours */
#define CHANGEPW_LIFETIME 60*5 /* 5 minutes */
-extern char *whoami;
+extern char *progname;
extern krb5_encrypt_block master_encblock;
extern krb5_keyblock master_keyblock;
*/
if (retval = kadm5_get_config_params(context, NULL, NULL,
params, params)) {
- com_err(whoami, retval, str_INITING_KCONTEXT);
+ com_err(progname, retval, str_INITING_KCONTEXT);
return 1;
}
if (retval = osa_adb_create_policy_db(params)) {
- com_err(whoami, retval, str_CREATING_POLICY_DB);
+ com_err(progname, retval, str_CREATING_POLICY_DB);
return 1;
}
- if ((retval = kadm5_init(whoami, NULL, NULL, params,
+ retval = kadm5_create_magic_princs(params, context);
+
+ krb5_free_context(context);
+
+ return retval;
+}
+
+int kadm5_create_magic_princs(kadm5_config_params *params,
+ krb5_context *context)
+{
+ int retval;
+ void *handle;
+
+ if ((retval = kadm5_init(progname, NULL, NULL, params,
KADM5_STRUCT_VERSION,
KADM5_API_VERSION_2,
&handle))) {
- com_err(whoami, retval, str_INITING_KCONTEXT);
-
- krb5_free_context(context);
- exit(ERR);
+ com_err(progname, retval, str_INITING_KCONTEXT);
+ return retval;
}
retval = add_admin_princs(handle, context, params->realm);
kadm5_destroy(handle);
- krb5_free_context(context);
- if (retval)
- exit(retval);
-
- return 0;
+ return retval;
}
/*
fullname = build_name_with_realm(name, realm);
if (ret = krb5_parse_name(context, fullname, &ent.principal)) {
- com_err(whoami, ret, str_PARSE_NAME);
+ com_err(progname, ret, str_PARSE_NAME);
return(ERR);
}
ent.max_life = lifetime;
KADM5_ATTRIBUTES));
if (ret) {
- com_err(whoami, ret, str_PUT_PRINC, fullname);
+ com_err(progname, ret, str_PUT_PRINC, fullname);
krb5_free_principal(context, ent.principal);
free(fullname);
return ERR;
free(fullname);
if (ret) {
- com_err(whoami, ret, str_RANDOM_KEY, fullname);
+ com_err(progname, ret, str_RANDOM_KEY, fullname);
return ERR;
}
};
static char *mkey_password = 0;
-char *whoami;
+extern char *progname;
extern int exit_status;
extern osa_adb_policy_t policy_db;
extern kadm5_config_params global_params;
static void usage()
{
- fprintf(stderr, "usage: %s [-s]\n", whoami);
+ fprintf(stderr, "usage: %s [-s]\n", progname);
exit_status++;
}
if (strrchr(argv[0], '/'))
argv[0] = strrchr(argv[0], '/')+1;
- whoami = argv[0];
mkey_password = NULL;
optind = 1;
memset((char *)master_keyblock.contents, 0, master_keyblock.length);
/*
- * Cons up config params for new policy database (which will be
- * empty). The policy dbname keys off the dbname.
+ * Cons up config params for new database.
*/
newparams = global_params;
newparams.mask &= ~(KADM5_CONFIG_ADBNAME | KADM5_CONFIG_ADB_LOCKFILE);
"parameters");
return;
}
+
/*
* Always create the policy db, even if we are not loading a dump
- * file with policy info, because they are probably loading an old
- * dump intending to use it with the new kadm5 system (ie: using
- * load as create).
+ * file with policy info.
*/
if (retval = osa_adb_create_policy_db(&newparams)) {
com_err(PROGNAME, retval, "while creating policy database");
kadm5_free_config_params(context, &newparams);
return;
}
-
+ /*
+ * Create the magic principals in the database.
+ */
+ if (retval = kadm5_create_magic_princs(&newparams, context)) {
+ com_err(PROGNAME, retval, "while creating KADM5 principals");
+ return;
+ }
+
krb5_free_context(context);
return;
}