From 71c63bd8c2bbdc92a865ff9613a6b96dd92383f4 Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Fri, 26 Jul 1996 17:23:29 +0000 Subject: [PATCH] Remove the new kdb5_create, which is subsumed by kdb5_util git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8835 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kadmin/create/ChangeLog | 9 - src/kadmin/create/Makefile.in | 15 - src/kadmin/create/Makefile.ov | 12 - src/kadmin/create/attic/Makefile.in | 20 - src/kadmin/create/attic/configure.in | 12 - src/kadmin/create/attic/make_extern | 16 - src/kadmin/create/attic/ovsec_adm_create.c | 663 --------------------- src/kadmin/create/configure.in | 11 - src/kadmin/create/kadm5_create.c | 241 -------- src/kadmin/create/kdb5_create.c | 536 ----------------- src/kadmin/create/string_table.c | 91 --- src/kadmin/create/string_table.h | 40 -- 12 files changed, 1666 deletions(-) delete mode 100644 src/kadmin/create/ChangeLog delete mode 100644 src/kadmin/create/Makefile.in delete mode 100644 src/kadmin/create/Makefile.ov delete mode 100644 src/kadmin/create/attic/Makefile.in delete mode 100644 src/kadmin/create/attic/configure.in delete mode 100644 src/kadmin/create/attic/make_extern delete mode 100644 src/kadmin/create/attic/ovsec_adm_create.c delete mode 100644 src/kadmin/create/configure.in delete mode 100644 src/kadmin/create/kadm5_create.c delete mode 100644 src/kadmin/create/kdb5_create.c delete mode 100644 src/kadmin/create/string_table.c delete mode 100644 src/kadmin/create/string_table.h diff --git a/src/kadmin/create/ChangeLog b/src/kadmin/create/ChangeLog deleted file mode 100644 index 0c724422d..000000000 --- a/src/kadmin/create/ChangeLog +++ /dev/null @@ -1,9 +0,0 @@ -Fri Jul 12 14:43:56 1996 Marc Horowitz - - * configure.in (USE_GSSAPI_LIBRARY): shared libraries require that - all symbols be resolved, even if they are not used by the - executeable. Thus, create needs to link against gssapi - -Wed Jul 10 01:24:29 1996 Marc Horowitz - - * Makefile.in, configure.in: added autoconf support diff --git a/src/kadmin/create/Makefile.in b/src/kadmin/create/Makefile.in deleted file mode 100644 index 547bd39c6..000000000 --- a/src/kadmin/create/Makefile.in +++ /dev/null @@ -1,15 +0,0 @@ -CFLAGS = $(CCOPTS) $(DEFS) $(LOCALINCLUDE) - -PROG = kdb5_create -OBJS = kdb5_create.o kadm5_create.o string_table.o - -all:: $(PROG) - -$(PROG): $(OBJS) $(DEPLIBS) - $(CC) $(LDFLAGS) $(LDARGS) -o $(PROG) $(OBJS) $(LIBS) - -install:: - $(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(ADMIN_BINDIR)/$(PROG) - -clean:: - $(RM) $(PROG) $(OBJS) diff --git a/src/kadmin/create/Makefile.ov b/src/kadmin/create/Makefile.ov deleted file mode 100644 index cdec414b7..000000000 --- a/src/kadmin/create/Makefile.ov +++ /dev/null @@ -1,12 +0,0 @@ -TOP = .. -include $(TOP)/config.mk/template - -PROG = kadmin_create -SRCS = kdb5_create.c kadm5_create.c string_table.c -OBJS = kdb5_create.o kadm5_create.o string_table.o - -LIBS = $(LIBADMSRV) $(LIBRPCLIB) $(LIBKDB5) $(LIBKRB5_ALL) \ - $(LIBDYN) $(NDBMLIB) $(LIBDB) $(BSDLIB) $(NETLIB) - -expand InstallAdmin -expand Depend diff --git a/src/kadmin/create/attic/Makefile.in b/src/kadmin/create/attic/Makefile.in deleted file mode 100644 index f7bd9ca38..000000000 --- a/src/kadmin/create/attic/Makefile.in +++ /dev/null @@ -1,20 +0,0 @@ -CFLAGS = $(CCOPTS) $(DEFS) $(LOCALINCLUDE) - -all:: - -SRCS = $(srcdir)/ovsec_adm_create.c \ - $(srcdir)/string_table.c - -OBJS = ovsec_adm_create.o \ - string_table.o - -all:: ovsec_adm_create - -ovsec_adm_create: $(OBJS) $(DEPLIBS) - $(LD) $(LDFLAGS) $(LDARGS) -o ovsec_adm_create $(OBJS) $(LIBS) - -install:: - $(INSTALL_PROGRAM) ./ovsec_adm_create ${DESTDIR}$(SERVER_BINDIR)/kadmind5 - -clean:: - $(RM) ovsec_adm_create diff --git a/src/kadmin/create/attic/configure.in b/src/kadmin/create/attic/configure.in deleted file mode 100644 index 67b8f7c52..000000000 --- a/src/kadmin/create/attic/configure.in +++ /dev/null @@ -1,12 +0,0 @@ -AC_INIT(ovsec_adm_create.c) -CONFIG_RULES -AC_PROG_INSTALL -USE_KADMSRV_LIBRARY -USE_GSSRPC_LIBRARY -USE_GSSAPI_LIBRARY -USE_KDB5_LIBRARY -USE_DYN_LIBRARY -USE_DB_LIBRARY -KRB5_LIBRARIES -V5_USE_SHARED_LIB -V5_AC_OUTPUT_MAKEFILE diff --git a/src/kadmin/create/attic/make_extern b/src/kadmin/create/attic/make_extern deleted file mode 100644 index 5432edf66..000000000 --- a/src/kadmin/create/attic/make_extern +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/csh - -echo '/*' -echo ' * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.' -echo ' * ' -echo ' * $Header$' -echo ' *' -echo ' */' -echo ' ' -echo '#ifndef _OVSEC_ADM_STRINGS_' -echo ' ' - -cat $1 | grep -v rcsid | grep ^char | awk '{printf "extern %s %s;\n",$1,$2}' - -echo ' ' -echo '#endif /* _OVSEC_ADM_STRINGS_ */' diff --git a/src/kadmin/create/attic/ovsec_adm_create.c b/src/kadmin/create/attic/ovsec_adm_create.c deleted file mode 100644 index 90be0c406..000000000 --- a/src/kadmin/create/attic/ovsec_adm_create.c +++ /dev/null @@ -1,663 +0,0 @@ -/* - * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved. - * - * $Id$ - * $Source$ - * - * $Log$ - * Revision 1.23 1996/07/22 20:24:35 marc - * this commit includes all the changes on the OV_9510_INTEGRATION and - * OV_MERGE branches. This includes, but is not limited to, the new openvision - * admin system, and major changes to gssapi to add functionality, and bring - * the implementation in line with rfc1964. before committing, the - * code was built and tested for netbsd and solaris. - * - * Revision 1.22.4.1 1996/07/18 03:01:22 marc - * merged in changes from OV_9510_BP to OV_9510_FINAL1 - * - * Revision 1.22.2.1 1996/06/20 21:44:55 marc - * File added to the repository on a branch - * - * Revision 1.22 1996/06/19 15:09:32 bjaspan - * changes to work in mit tree - * - * Revision 1.21 1995/11/07 23:27:28 grier - * Add stdlib.h - * Add string.h - * - * Revision 1.20 1995/08/13 16:41:11 jik - * Fix a nonsensical comment about the iterator() function. See PR - * secure-admin/470. - * - * Revision 1.19 1995/07/02 19:55:13 jik - * Key version numbers should start out at 1, not 0. - * Should get the master key version number from the master_db entry in - * server_kdb.c, rather than assuming that the master key version number - * is 0. - * - * Revision 1.18 1995/03/14 16:58:50 jik - * Use krb5_xfree instead of xfree if KRB5B4 is defined. - * - * Revision 1.17 1994/03/11 19:37:34 bjaspan - * [secure-admin/1593: ovsec_adm_create non-error messages go to stderr] - * [secure-releng/1608: audit secure-admin/1593: ovsec_adm_create non-error messages go to stderr] - * - * Sandbox: - * - * Normal messages should be printed to stdout rather than displayed - * using com_err, which will cause then to go to stderr. - * - * Revision 1.17 1994/03/09 22:21:33 jik - * Normal messages should be printed to stdout rather than displayed - * using com_err, which will cause then to go to stderr. - * - * Revision 1.16 1993/12/21 20:26:34 marc - * create new principals with policy NULL, not "" - * - * Revision 1.15 1993/12/14 22:51:35 marc - * missing * in call to krb5_random_key - * - * Revision 1.14 1993/11/27 20:42:32 bjaspan - * fix secure/621: coredumps with default realm - * - * Revision 1.13 1993/11/19 20:03:51 shanzer - * osa_adb_open_T takes a file name argument. - * - * Revision 1.12 1993/11/10 21:30:24 bjaspan - * move init code to main, accept -m - * - * Revision 1.11 1993/11/10 04:33:35 bjaspan - * rewrote adding principals to kdb, and set lifetimes - * - * Revision 1.10 1993/11/06 00:08:44 bjaspan - * use new OVSEC_KADM_* names, use correct realm - * - * Revision 1.9 1993/11/05 05:05:35 bjaspan - * added -r realm argument - * - */ - -#if !defined(lint) && !defined(__CODECENTER__) -static char *rcsid = "$Header$"; -#endif - -#include "string_table.h" - -#include -#include -#include -#include -#include - -#include -#include - -int add_admin_princ(void *handle, krb5_context context, - char *name, char *realm, int attrs, int lifetime); - -#define ERR 1 -#define OK 0 - -#define ADMIN_LIFETIME 60*60*3 /* 3 hours */ -#define CHANGEPW_LIFETIME 60*5 /* 5 minutes */ - -char *whoami; - -extern krb5_encrypt_block master_encblock; -extern krb5_keyblock master_keyblock; -extern krb5_db_entry master_db; - -/* - * Function: main - * - * Purpose: create admin principals, create and populate admin dbs - * - * Arguments: - * - * input none - * exit status 1 for error 0 for success - * - * Requires: - * - * - * Effects: - * - * - * Modifies: - * - */ - -void usage() -{ - fprintf(stderr, "%s\n", str_PROG_CREATE_USAGE); - exit(1); -} - -void main(int argc, char **argv) -{ - char *realm = NULL; - int freerealm = 0; - int retval, from_keyboard = 0; - krb5_principal creator = NULL; - void *handle; - krb5_context context; - - whoami = str_PROG_NAME_CREATE; - - argc--; argv++; - while (argc) { - if (strcmp(*argv, "-r") == 0) { - argc--; argv++; - if (!argc) - usage(); - realm = *argv; - } else if (strcmp(*argv, "-m") == 0) { - from_keyboard = 1; - } else - break; - argc--; argv++; - } - - if (argc != 0) - usage(); - - if (retval = krb5_init_context(&context)) - exit(ERR); - - if (realm == NULL) { - if ((retval = krb5_get_default_realm(context, &realm)) != 0) - exit(retval); - freerealm = 1; - } - - if ((retval = ovsec_kadm_init(whoami, from_keyboard?"non-null":NULL, - NULL, realm, - OVSEC_KADM_STRUCT_VERSION, - OVSEC_KADM_API_VERSION_1, - &handle))) { - com_err(whoami, retval, str_INITING_KCONTEXT); - - krb5_free_context(context); - exit(ERR); - } - - retval = add_admin_princs(handle, context, realm); - - ovsec_kadm_destroy(handle); - krb5_free_context(context); - - if (retval) - exit(retval); - - exit(0); -} - -/* - * Function: build_name_with_realm - * - * Purpose: concatenate a name and a realm to form a krb5 name - * - * Arguments: - * - * name (input) the name - * realm (input) the realm - * - * Returns: - * - * pointer to name@realm, in allocated memory, or NULL if it - * cannot be allocated - * - * Requires: both strings are null-terminated - */ -char *build_name_with_realm(char *name, char *realm) -{ - char *n; - - n = (char *) malloc(strlen(name) + strlen(realm) + 2); - sprintf(n, "%s@%s", name, realm); - return n; -} - -/* - * Function: add_admin_princs - * - * Purpose: create admin principals - * - * Arguments: - * - * rseed (input) random seed - * realm (input) realm, or NULL for default realm - * (output) status, 0 for success, 1 for serious error - * - * Requires: - * - * Effects: - * - * add_admin_princs creates OVSEC_KADM_ADMIN_SERVICE, - * OVSEC_KADM_CHANGEPW_SERVICE, and OVSEC_KADM_HIST_PRINCIPAL. If any - * of these exist a message is printed. If any of these existing - * principal do not have the proper attributes, a warning message is - * printed. - */ -int add_admin_princs(void *handle, krb5_context context, char *realm) -{ - krb5_error_code ret = 0; - - if ((ret = add_admin_princ(handle, context, - OVSEC_KADM_ADMIN_SERVICE, realm, - KRB5_KDB_DISALLOW_TGT_BASED, - ADMIN_LIFETIME))) - goto clean_and_exit; - - if ((ret = add_admin_princ(handle, context, - OVSEC_KADM_CHANGEPW_SERVICE, realm, - KRB5_KDB_DISALLOW_TGT_BASED | - KRB5_KDB_PWCHANGE_SERVICE, - CHANGEPW_LIFETIME))) - goto clean_and_exit; - -#if 0 - /* this is now done inside kdb_init_hist in the admin server */ - - if ((ret = add_admin_princ(handle, context, - OVSEC_KADM_HIST_PRINCIPAL, realm, - KRB5_KDB_DISALLOW_ALL_TIX, - 0))) - goto clean_and_exit; -#endif - -clean_and_exit: - - return ret; -} - -/* - * Function: add_admin_princ - * - * Arguments: - * - * creator (r) principal to use as "mod_by" - * rseed (r) seed for random key generator - * name (r) principal name - * realm (r) realm name for principal - * attrs (r) principal's attributes - * lifetime (r) principal's max life, or 0 - * not_unique (r) error message for multiple entries, never used - * exists (r) warning message for principal exists - * wrong_attrs (r) warning message for wrong attributes - * - * Returns: - * - * OK on success - * ERR on serious errors - * - * Effects: - * - * If the principal is not unique, not_unique is printed (but this - * never happens). If the principal exists, then exists is printed - * and if the principals attributes != attrs, wrong_attrs is printed. - * Otherwise, the principal is created with mod_by creator and - * attributes attrs and max life of lifetime (if not zero). - */ - -int add_admin_princ(void *handle, krb5_context context, - char *name, char *realm, int attrs, int lifetime) -{ - char *fullname; - int nprincs; - krb5_error_code ret; - ovsec_kadm_principal_ent_rec ent; - - memset(&ent, 0, sizeof(ent)); - - fullname = build_name_with_realm(name, realm); - if (ret = krb5_parse_name(context, fullname, &ent.principal)) { - com_err(whoami, ret, str_PARSE_NAME); - return(ERR); - } - ent.max_life = lifetime; - ent.attributes = attrs; - - if (ret = ovsec_kadm_create_principal(handle, &ent, - (OVSEC_KADM_PRINCIPAL | - OVSEC_KADM_MAX_LIFE | - OVSEC_KADM_ATTRIBUTES), - "to-be-random")) { - if (ret == OVSEC_KADM_DUP) - ret = ovsec_kadm_modify_principal(handle, &ent, - (OVSEC_KADM_PRINCIPAL | - OVSEC_KADM_MAX_LIFE | - OVSEC_KADM_ATTRIBUTES)); - - if (ret) { - com_err(whoami, ret, str_PUT_PRINC, fullname); - krb5_free_principal(context, ent.principal); - free(fullname); - return ERR; - } - } - - ret = ovsec_kadm_randkey_principal(handle, ent.principal, NULL); - - krb5_free_principal(context, ent.principal); - free(fullname); - - if (ret) { - com_err(whoami, ret, str_RANDOM_KEY, fullname); - return ERR; - } - - return OK; -} - -#if 0 -/* - * Function: main - * - * Purpose: Return "garbage" if the caller asks for it. - * - * Arguments: - * - * input (input) A null-terminated string, - * or NULL. - * delay (input/output) The number of seconds the - * function should delay before returning. - * (output) A string. - * - * Requires: - * - * "input" must either be NULL or point to an address in the - * program's address space. "delay" must point to an address in - * the program's address space. - * - * Effects: - * - * The function first sleeps for approximately the number of - * seconds specified in "delay". - * - * Then, if "input" is non-NULL and points to a null-terminated - * string which is equal to "garbage", the function sets "delay" - * to 42 and returns a string allocated with malloc(3) containing - * "more-garbage". - * - * If "input" is NULL or does not contain "garbage", the function - * returns NULL without modifying "delay". - * - * If "" is non-NULL, the caller should deallocate - * the string in it (with free(3)) when it is no longer needed. - * - * Modifies: - * - * May allocate a new block of memory in the malloc(3) arena. - * May change the value in the memory location pointed to by - * "delay". - */ - -krb5_error_code add_random_princ(princ_str, princ, attrs, lifetime, - creator, rseed) - char *princ_str; - krb5_principal princ, creator; - krb5_flags attrs; - int lifetime; - krb5_pointer *rseed; -{ - krb5_db_entry entry; - krb5_error_code ret; - krb5_encrypted_keyblock ekey; - krb5_keyblock *rkey; - int nentries = 1; - - memset((char *) &entry, 0, sizeof(entry)); - entry.principal = princ; - entry.kvno = 1; - entry.max_life = KRB5_KDB_MAX_LIFE; - entry.max_renewable_life = 0; - entry.mkvno = master_db.mkvno; - entry.expiration = KRB5_KDB_EXPIRATION; - entry.mod_name = creator; - if (lifetime != 0) - entry.max_life = lifetime; - - if (ret = krb5_timeofday(&entry.mod_date)) - return(ret); - - entry.attributes = attrs; - - ret = krb5_random_key(&master_encblock, *rseed, &rkey); - if (ret != 0) { - com_err(whoami, ret, str_RANDOM_KEY, princ_str); - return (ERR); - } - - - ret = krb5_kdb_encrypt_key(&master_encblock, rkey, &ekey); - krb5_free_keyblock(rkey); - if (ret != 0) { - com_err(whoami, ret, str_ENCRYPT_KEY, princ_str); - return (ERR); - } - - entry.key = ekey; - entry.salt_type = KRB5_KDB_SALTTYPE_NORMAL; - entry.salt_length = 0; - entry.salt = 0; - - ret = krb5_db_put_principal(&entry, &nentries); - if (ret != 0) - com_err(whoami, ret, str_PUT_PRINC, princ_str); -#ifdef KRB5B4 - krb5_xfree(ekey.contents); -#else - xfree(ekey.contents); -#endif - - if (ret) return(ERR); - - printf(str_CREATED_PRINC, whoami, princ_str); - - return(OK); -} - -/* - * Function: create_admin_policy_db - * - * Purpose: Return "garbage" if the caller asks for it. - * - * Arguments: - * - * input (input) A null-terminated string, - * or NULL. - * delay (input/output) The number of seconds the - * function should delay before returning. - * (output) A string. - * - * Requires: - * - * "input" must either be NULL or point to an address in the - * program's address space. "delay" must point to an address in - * the program's address space. - * - * Effects: - * - * The function first sleeps for approximately the number of - * seconds specified in "delay". - * - * Then, if "input" is non-NULL and points to a null-terminated - * string which is equal to "garbage", the function sets "delay" - * to 42 and returns a string allocated with malloc(3) containing - * "more-garbage". - * - * If "input" is NULL or does not contain "garbage", the function - * returns NULL without modifying "delay". - * - * If "" is non-NULL, the caller should deallocate - * the string in it (with free(3)) when it is no longer needed. - * - * Modifies: - * - * May allocate a new block of memory in the malloc(3) arena. - * May change the value in the memory location pointed to by - * "delay". - */ - -int create_admin_policy_db() -{ - /* We don't have a create/destroy routine, so opening the db and - closing it will have to do. */ - osa_adb_policy_t policy_db = NULL; - osa_adb_ret_t ret; - - ret = osa_adb_open_policy(&policy_db, POLICY_DB); - if (ret != OSA_ADB_OK) { - com_err (whoami, ret, str_CREATING_POLICY_DB); - return(-1); - } - - /* Should create sample policies here */ - - ret = osa_adb_close_policy(policy_db); - if (ret != OSA_ADB_OK) { - com_err (whoami, ret, str_CLOSING_POLICY_DB); - return(-1); - } - - printf(str_CREATED_POLICY_DB, whoami); - - return(OK); -} - -/* - - * Function: iterator(ptr, entry) - * - * Purpose: - * - * Creates an entry in the Admin database corresponding to the - * specified entry in the Kerberos database. - * - * Arguments: - * - * ptr (input) Actually of type osa_adb_princ_t, - * represents the Admin database in which to - * create the principal. - * entry (input) The entry in the Kerberos database for - * which to create an entry in the Admin - * database. - * - * Requires: - * - * "ptr" represents a valid, open Admin principal database. - * "entry" represents a valid, decoded Kerberos database - * principal entry. - * - * Effects: - * - * Modifies the Admin principal database by creating a principal - * in the database with the same name as "entry" and no other - * information. - * - * Modifies: - * - * Does not modify any global memory. Modifies the Admin - * principal database whose handle is passed into it. - */ - -krb5_error_code -iterator(ptr, entry) -krb5_pointer ptr; -krb5_db_entry *entry; -{ - osa_adb_ret_t retval; - krb5_error_code retval2; - char *princ_str = NULL; - osa_princ_ent_rec osa_princ; - - /* Zero the whole struct, and fill in the princ name */ - memset(&osa_princ, 0, sizeof(osa_princ_ent_rec)); - - osa_princ.name = entry->principal; - osa_princ.policy = NULL; - - retval = osa_adb_create_princ((osa_adb_princ_t) ptr, &osa_princ); - if (retval != OSA_ADB_OK) { - if (retval2 = krb5_unparse_name(entry->principal, &princ_str)) { - com_err(whoami, retval2, str_UNPARSE_PRINC); - } - com_err(whoami, retval, str_CREATING_PRINC_ENTRY, - (princ_str ? princ_str : str_A_PRINC)); - if (princ_str) free(princ_str); - } - return (0); -} - -/* - * Function: create_and_populate_admin_princ_db - * - * Purpose: Return "garbage" if the caller asks for it. - * - * Arguments: - * - * input (input) A null-terminated string, - * or NULL. - * delay (input/output) The number of seconds the - * function should delay before returning. - * (output) A string. - * - * Requires: - * - * "input" must either be NULL or point to an address in the - * program's address space. "delay" must point to an address in - * the program's address space. - * - * Effects: - * - * The function first sleeps for approximately the number of - * seconds specified in "delay". - * - * Then, if "input" is non-NULL and points to a null-terminated - * string which is equal to "garbage", the function sets "delay" - * to 42 and returns a string allocated with malloc(3) containing - * "more-garbage". - * - * If "input" is NULL or does not contain "garbage", the function - * returns NULL without modifying "delay". - * - * If "" is non-NULL, the caller should deallocate - * the string in it (with free(3)) when it is no longer needed. - * - * Modifies: - * - * May allocate a new block of memory in the malloc(3) arena. - * May change the value in the memory location pointed to by - * "delay". - */ - -int create_and_populate_admin_princ_db() -{ - osa_adb_princ_t princ_db = NULL; - osa_adb_ret_t ret; - - /* We don't have a create/destroy routine, so opening the db and - closing it will have to do. */ - - ret = osa_adb_open_princ(&princ_db, PRINCIPAL_DB); - if (ret != OSA_ADB_OK) { - com_err (whoami, ret, str_CREATING_PRINC_DB); - return(-1); - } - - printf(str_CREATED_PRINC_DB, whoami); - - (void) krb5_db_iterate(iterator, princ_db); - - ret = osa_adb_close_princ(princ_db); - if (ret != OSA_ADB_OK) { - com_err (whoami, ret, str_CLOSING_PRINC_DB); - return(-1); - } - - - return(OK); -} - -#endif diff --git a/src/kadmin/create/configure.in b/src/kadmin/create/configure.in deleted file mode 100644 index 403034263..000000000 --- a/src/kadmin/create/configure.in +++ /dev/null @@ -1,11 +0,0 @@ -AC_INIT(kdb5_create.c) -CONFIG_RULES -AC_PROG_INSTALL -USE_KADMSRV_LIBRARY -USE_GSSRPC_LIBRARY -USE_GSSAPI_LIBRARY -USE_DYN_LIBRARY -USE_KDB5_LIBRARY -KRB5_LIBRARIES -V5_USE_SHARED_LIB -V5_AC_OUTPUT_MAKEFILE diff --git a/src/kadmin/create/kadm5_create.c b/src/kadmin/create/kadm5_create.c deleted file mode 100644 index 33b30ec9c..000000000 --- a/src/kadmin/create/kadm5_create.c +++ /dev/null @@ -1,241 +0,0 @@ -/* - * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved. - * - * $Id$ - * $Source$ - */ - -#if !defined(lint) && !defined(__CODECENTER__) -static char *rcsid = "$Header$"; -#endif - -#include "string_table.h" - -#include -#include -#include -#include -#include - -#include -#include - -int add_admin_princ(void *handle, krb5_context context, - char *name, char *realm, int attrs, int lifetime); - -#define ERR 1 -#define OK 0 - -#define ADMIN_LIFETIME 60*60*3 /* 3 hours */ -#define CHANGEPW_LIFETIME 60*5 /* 5 minutes */ - -extern char *whoami; - -extern krb5_encrypt_block master_encblock; -extern krb5_keyblock master_keyblock; -extern krb5_db_entry master_db; - -/* - * Function: kadm5_create - * - * Purpose: create admin principals in KDC database - * - * Arguments: params (r) configuration parameters to use - * - * Effects: Creates KADM5_ADMIN_SERVICE and KADM5_CHANGEPW_SERVICE - * principals in the KDC database and sets their attributes - * appropriately. - */ -void kadm5_create(kadm5_config_params *params) -{ - int retval; - void *handle; - krb5_context context; - FILE *f; - - - if (retval = krb5_init_context(&context)) - exit(ERR); - - /* - * The lock file has to exist before calling kadm5_init, but - * params->admin_lockfile may not be set yet... - */ - if (retval = kadm5_get_config_params(context, NULL, NULL, - params, params)) { - com_err(whoami, retval, str_INITING_KCONTEXT); - exit(1); - } - - if (retval = osa_adb_create_policy_db(params)) { - com_err(whoami, retval, str_CREATING_POLICY_DB); - exit(1); - } - - if ((retval = kadm5_init(whoami, NULL, NULL, params, - KADM5_STRUCT_VERSION, - KADM5_API_VERSION_2, - &handle))) { - com_err(whoami, retval, str_INITING_KCONTEXT); - - krb5_free_context(context); - exit(ERR); - } - - retval = add_admin_princs(handle, context, params->realm); - - kadm5_destroy(handle); - krb5_free_context(context); - - if (retval) - exit(retval); - - exit(0); -} - -/* - * Function: build_name_with_realm - * - * Purpose: concatenate a name and a realm to form a krb5 name - * - * Arguments: - * - * name (input) the name - * realm (input) the realm - * - * Returns: - * - * pointer to name@realm, in allocated memory, or NULL if it - * cannot be allocated - * - * Requires: both strings are null-terminated - */ -char *build_name_with_realm(char *name, char *realm) -{ - char *n; - - n = (char *) malloc(strlen(name) + strlen(realm) + 2); - sprintf(n, "%s@%s", name, realm); - return n; -} - -/* - * Function: add_admin_princs - * - * Purpose: create admin principals - * - * Arguments: - * - * rseed (input) random seed - * realm (input) realm, or NULL for default realm - * (output) status, 0 for success, 1 for serious error - * - * Requires: - * - * Effects: - * - * add_admin_princs creates KADM5_ADMIN_SERVICE, - * KADM5_CHANGEPW_SERVICE. If any of these exist a message is - * printed. If any of these existing principal do not have the proper - * attributes, a warning message is printed. - */ -int add_admin_princs(void *handle, krb5_context context, char *realm) -{ - krb5_error_code ret = 0; - - if ((ret = add_admin_princ(handle, context, - KADM5_ADMIN_SERVICE, realm, - KRB5_KDB_DISALLOW_TGT_BASED, - ADMIN_LIFETIME))) - goto clean_and_exit; - - if ((ret = add_admin_princ(handle, context, - KADM5_CHANGEPW_SERVICE, realm, - KRB5_KDB_DISALLOW_TGT_BASED | - KRB5_KDB_PWCHANGE_SERVICE, - CHANGEPW_LIFETIME))) - goto clean_and_exit; - -clean_and_exit: - - return ret; -} - -/* - * Function: add_admin_princ - * - * Arguments: - * - * creator (r) principal to use as "mod_by" - * rseed (r) seed for random key generator - * name (r) principal name - * realm (r) realm name for principal - * attrs (r) principal's attributes - * lifetime (r) principal's max life, or 0 - * not_unique (r) error message for multiple entries, never used - * exists (r) warning message for principal exists - * wrong_attrs (r) warning message for wrong attributes - * - * Returns: - * - * OK on success - * ERR on serious errors - * - * Effects: - * - * If the principal is not unique, not_unique is printed (but this - * never happens). If the principal exists, then exists is printed - * and if the principals attributes != attrs, wrong_attrs is printed. - * Otherwise, the principal is created with mod_by creator and - * attributes attrs and max life of lifetime (if not zero). - */ - -int add_admin_princ(void *handle, krb5_context context, - char *name, char *realm, int attrs, int lifetime) -{ - char *fullname; - int nprincs; - krb5_error_code ret; - kadm5_principal_ent_rec ent; - - memset(&ent, 0, sizeof(ent)); - - fullname = build_name_with_realm(name, realm); - if (ret = krb5_parse_name(context, fullname, &ent.principal)) { - com_err(whoami, ret, str_PARSE_NAME); - return(ERR); - } - ent.max_life = lifetime; - ent.attributes = attrs; - - if (ret = kadm5_create_principal(handle, &ent, - (KADM5_PRINCIPAL | - KADM5_MAX_LIFE | - KADM5_ATTRIBUTES), - "to-be-random")) { - if (ret == KADM5_DUP) - ret = kadm5_modify_principal(handle, &ent, - (KADM5_PRINCIPAL | - KADM5_MAX_LIFE | - KADM5_ATTRIBUTES)); - - if (ret) { - com_err(whoami, ret, str_PUT_PRINC, fullname); - krb5_free_principal(context, ent.principal); - free(fullname); - return ERR; - } - } - - ret = kadm5_randkey_principal(handle, ent.principal, NULL, NULL); - - krb5_free_principal(context, ent.principal); - free(fullname); - - if (ret) { - com_err(whoami, ret, str_RANDOM_KEY, fullname); - return ERR; - } - - return OK; -} diff --git a/src/kadmin/create/kdb5_create.c b/src/kadmin/create/kdb5_create.c deleted file mode 100644 index 8b167b6b9..000000000 --- a/src/kadmin/create/kdb5_create.c +++ /dev/null @@ -1,536 +0,0 @@ -/* - * admin/create/kdb5_create.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * Generate (from scratch) a Kerberos KDC database. - */ - -#include -#include -#include - -enum ap_op { - NULL_KEY, /* setup null keys */ - MASTER_KEY, /* use master key as new key */ - TGT_KEY /* special handling for tgt key */ -}; - -krb5_key_salt_tuple def_kslist = { ENCTYPE_DES_CBC_CRC, KRB5_KDB_SALTTYPE_NORMAL }; - -struct realm_info { - krb5_deltat max_life; - krb5_deltat max_rlife; - krb5_timestamp expiration; - krb5_flags flags; - krb5_encrypt_block *eblock; - krb5_pointer rseed; - krb5_int32 nkslist; - krb5_key_salt_tuple *kslist; -} rblock = { /* XXX */ - KRB5_KDB_MAX_LIFE, - KRB5_KDB_MAX_RLIFE, - KRB5_KDB_EXPIRATION, - KRB5_KDB_DEF_FLAGS, - (krb5_encrypt_block *) NULL, - (krb5_pointer) NULL, - 1, - &def_kslist -}; - -struct iterate_args { - krb5_context ctx; - struct realm_info *rblock; - krb5_db_entry *dbentp; -}; - -static krb5_error_code add_principal - PROTOTYPE((krb5_context, - krb5_principal, - enum ap_op, - struct realm_info *)); - -/* - * Steps in creating a database: - * - * 1) use the db calls to open/create a new database - * - * 2) get a realm name for the new db - * - * 3) get a master password for the new db; convert to an encryption key. - * - * 4) create various required entries in the database - * - * 5) close & exit - */ - -static void -usage(who, status) -char *who; -int status; -{ - fprintf(stderr, "usage: %s [-d dbpathname] [-r realmname] [-k enctype]\n\ -\t[-M mkeyname]\n", - who); - exit(status); -} - -krb5_keyblock master_keyblock; -krb5_principal master_princ; -krb5_encrypt_block master_encblock; -krb5_data master_salt; - -krb5_data tgt_princ_entries[] = { - {0, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME}, - {0, 0, 0} }; - -krb5_data db_creator_entries[] = { - {0, sizeof("db_creation")-1, "db_creation"} }; - -/* XXX knows about contents of krb5_principal, and that tgt names - are of form TGT/REALM@REALM */ -krb5_principal_data tgt_princ = { - 0, /* magic number */ - {0, 0, 0}, /* krb5_data realm */ - tgt_princ_entries, /* krb5_data *data */ - 2, /* int length */ - KRB5_NT_SRV_INST /* int type */ -}; - -krb5_principal_data db_create_princ = { - 0, /* magic number */ - {0, 0, 0}, /* krb5_data realm */ - db_creator_entries, /* krb5_data *data */ - 1, /* int length */ - KRB5_NT_SRV_INST /* int type */ -}; - -char *mkey_password = 0; -char *whoami; - -void -main(argc, argv) -int argc; -char *argv[]; -{ - extern char *optarg; - int optchar; - - krb5_error_code retval; - char *dbname = (char *) NULL; - char *realm = 0; - char *mkey_name = 0; - char *mkey_fullname; - char *defrealm; - char *pw_str = 0; - char *keyfile = 0; - int pw_size = 0; - int enctypedone = 0; - int do_stash = 0; - krb5_data pwd; - krb5_context context; - krb5_realm_params *rparams; - kadm5_config_params kadm5_params; - - memset(&kadm5_params, 0, sizeof(kadm5_params)); - - krb5_init_context(&context); - krb5_init_ets(context); - - if (strrchr(argv[0], '/')) - argv[0] = strrchr(argv[0], '/')+1; - whoami = argv[0]; - - kadm5_params.mask |= KADM5_CONFIG_MKEY_FROM_KBD; - kadm5_params.mkey_from_kbd = 1; - - while ((optchar = getopt(argc, argv, "d:r:k:M:e:P:sf:")) != EOF) { - switch(optchar) { - case 'd': /* set db name */ - kadm5_params.dbname = dbname = optarg; - kadm5_params.mask |= KADM5_CONFIG_DBNAME; - break; - case 'r': - kadm5_params.realm = realm = optarg; - kadm5_params.mask |= KADM5_CONFIG_REALM; - break; - case 'k': - if (!krb5_string_to_enctype(optarg, &master_keyblock.enctype)){ - enctypedone++; - kadm5_params.enctype = master_keyblock.enctype; - kadm5_params.mask |= KADM5_CONFIG_ENCTYPE; - } - else - com_err(argv[0], 0, "%s is an invalid enctype", optarg); - break; - case 's': - do_stash++; - kadm5_params.mkey_from_kbd = 0; - break; - case 'f': - kadm5_params.stash_file = keyfile = optarg; - kadm5_params.mask |= KADM5_CONFIG_STASH_FILE; - break; - case 'M': /* master key name in DB */ - kadm5_params.mkey_name = mkey_name = optarg; - kadm5_params.mask |= KADM5_CONFIG_MKEY_NAME; - break; - case 'P': /* Only used for testing!!! */ - mkey_password = optarg; - break; - case '?': - default: - usage(argv[0], 1); - /*NOTREACHED*/ - } - } - - /* - * Attempt to read the KDC profile. If we do, then read appropriate values - * from it and augment values supplied on the command line. - */ - if (!(retval = krb5_read_realm_params(context, - realm, - (char *) NULL, - (char *) NULL, - &rparams))) { - /* Get the value for the database */ - if (rparams->realm_dbname && !dbname) - dbname = strdup(rparams->realm_dbname); - - /* Get the value for the master key name */ - if (rparams->realm_mkey_name && !mkey_name) - mkey_name = strdup(rparams->realm_mkey_name); - - /* Get the value for the master key type */ - if (rparams->realm_enctype_valid && !enctypedone) { - master_keyblock.enctype = rparams->realm_enctype; - enctypedone++; - } - - /* Get the value for maximum ticket lifetime. */ - if (rparams->realm_max_life_valid) - rblock.max_life = rparams->realm_max_life; - - /* Get the value for maximum renewable ticket lifetime. */ - if (rparams->realm_max_rlife_valid) - rblock.max_rlife = rparams->realm_max_rlife; - - /* Get the value for the default principal expiration */ - if (rparams->realm_expiration_valid) - rblock.expiration = rparams->realm_expiration; - - /* Get the value for the default principal flags */ - if (rparams->realm_flags_valid) - rblock.flags = rparams->realm_flags; - - /* Get the value of the supported key/salt pairs */ - if (rparams->realm_num_keysalts) { - rblock.nkslist = rparams->realm_num_keysalts; - rblock.kslist = rparams->realm_keysalts; - rparams->realm_num_keysalts = 0; - rparams->realm_keysalts = (krb5_key_salt_tuple *) NULL; - } - - /* Get the value for the stash file */ - if (rparams->realm_stash_file && !keyfile) - keyfile = strdup(rparams->realm_stash_file); - - krb5_free_realm_params(context, rparams); - } - - if (!dbname) - dbname = DEFAULT_KDB_FILE; - - if (!enctypedone) - master_keyblock.enctype = DEFAULT_KDC_ENCTYPE; - - if (!valid_enctype(master_keyblock.enctype)) { - char tmp[32]; - if (krb5_enctype_to_string(master_keyblock.enctype, tmp, sizeof(tmp))) - com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP, - "while setting up enctype %d", master_keyblock.enctype); - else - com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP, tmp); - exit(1); - } - - krb5_use_enctype(context, &master_encblock, master_keyblock.enctype); - - retval = krb5_db_set_name(context, dbname); - if (!retval) retval = EEXIST; - - if (retval == EEXIST || retval == EACCES || retval == EPERM) { - /* it exists ! */ - com_err(argv[0], 0, "The database '%s' appears to already exist", - dbname); - exit(1); - } - if (!realm) { - if ((retval = krb5_get_default_realm(context, &defrealm))) { - com_err(argv[0], retval, "while retrieving default realm name"); - exit(1); - } - realm = defrealm; - } - - /* assemble & parse the master key name */ - - if ((retval = krb5_db_setup_mkey_name(context, mkey_name, realm, - &mkey_fullname, &master_princ))) { - com_err(argv[0], retval, "while setting up master key name"); - exit(1); - } - - krb5_princ_set_realm_data(context, &db_create_princ, realm); - krb5_princ_set_realm_length(context, &db_create_princ, strlen(realm)); - krb5_princ_set_realm_data(context, &tgt_princ, realm); - krb5_princ_set_realm_length(context, &tgt_princ, strlen(realm)); - krb5_princ_component(context, &tgt_princ,1)->data = realm; - krb5_princ_component(context, &tgt_princ,1)->length = strlen(realm); - - printf("Initializing database '%s' for realm '%s',\n\ -master key name '%s'\n", - dbname, realm, mkey_fullname); - - if (!mkey_password) { - printf("You will be prompted for the database Master Password.\n"); - printf("It is important that you NOT FORGET this password.\n"); - fflush(stdout); - - pw_size = 1024; - pw_str = malloc(pw_size); - - retval = krb5_read_password(context, KRB5_KDC_MKEY_1, KRB5_KDC_MKEY_2, - pw_str, &pw_size); - if (retval) { - com_err(argv[0], retval, "while reading master key from keyboard"); - exit(1); - } - mkey_password = pw_str; - } - - pwd.data = mkey_password; - pwd.length = strlen(mkey_password); - retval = krb5_principal2salt(context, master_princ, &master_salt); - if (retval) { - com_err(argv[0], retval, "while calculated master key salt"); - exit(1); - } - if (retval = krb5_string_to_key(context, &master_encblock, - &master_keyblock, &pwd, &master_salt)) { - com_err(argv[0], retval, "while transforming master key from password"); - exit(1); - } - - if ((retval = krb5_process_key(context, &master_encblock, - &master_keyblock))) { - com_err(argv[0], retval, "while processing master key"); - exit(1); - } - - rblock.eblock = &master_encblock; - if ((retval = krb5_init_random_key(context, &master_encblock, - &master_keyblock, &rblock.rseed))) { - com_err(argv[0], retval, "while initializing random key generator"); - (void) krb5_finish_key(context, &master_encblock); - exit(1); - } - if ((retval = krb5_db_create(context, dbname))) { - (void) krb5_finish_key(context, &master_encblock); - (void) krb5_finish_random_key(context, &master_encblock, &rblock.rseed); - com_err(argv[0], retval, "while creating database '%s'", - dbname); - exit(1); - } - if ((retval = krb5_db_set_name(context, dbname))) { - (void) krb5_finish_key(context, &master_encblock); - (void) krb5_finish_random_key(context, &master_encblock, &rblock.rseed); - com_err(argv[0], retval, "while setting active database to '%s'", - dbname); - exit(1); - } - if ((retval = krb5_db_init(context))) { - (void) krb5_finish_key(context, &master_encblock); - (void) krb5_finish_random_key(context, &master_encblock, &rblock.rseed); - com_err(argv[0], retval, "while initializing the database '%s'", - dbname); - exit(1); - } - - if ((retval = add_principal(context, master_princ, MASTER_KEY, &rblock)) || - (retval = add_principal(context, &tgt_princ, TGT_KEY, &rblock))) { - (void) krb5_db_fini(context); - (void) krb5_finish_key(context, &master_encblock); - (void) krb5_finish_random_key(context, &master_encblock, &rblock.rseed); - com_err(argv[0], retval, "while adding entries to the database"); - exit(1); - } - if (do_stash && - ((retval = krb5_db_store_mkey(context, keyfile, master_princ, - &master_keyblock)))) { - com_err(argv[0], errno, "while storing key"); - printf("Warning: couldn't stash master key.\n"); - } - /* clean up */ - (void) krb5_db_fini(context); - (void) krb5_finish_key(context, &master_encblock); - (void) krb5_finish_random_key(context, &master_encblock, &rblock.rseed); - memset((char *)master_keyblock.contents, 0, master_keyblock.length); - free(master_keyblock.contents); - if (pw_str) { - memset(pw_str, 0, pw_size); - free(pw_str); - } - free(master_salt.data); - - kadm5_create(&kadm5_params); - - exit(0); - -} - -static krb5_error_code -tgt_keysalt_iterate(ksent, ptr) - krb5_key_salt_tuple *ksent; - krb5_pointer ptr; -{ - krb5_context context; - krb5_error_code kret; - struct iterate_args *iargs; - krb5_keyblock random_keyblock, *key; - krb5_int32 ind; - krb5_encrypt_block random_encblock; - krb5_pointer rseed; - krb5_data pwd; - - iargs = (struct iterate_args *) ptr; - kret = 0; - - context = iargs->ctx; - - /* - * Convert the master key password into a key for this particular - * encryption system. - */ - krb5_use_enctype(context, &random_encblock, ksent->ks_enctype); - pwd.data = mkey_password; - pwd.length = strlen(mkey_password); - if (kret = krb5_string_to_key(context, &random_encblock, &random_keyblock, - &pwd, &master_salt)) - return kret; - if ((kret = krb5_init_random_key(context, &random_encblock, - &random_keyblock, &rseed))) - return kret; - - if (!(kret = krb5_dbe_create_key_data(iargs->ctx, iargs->dbentp))) { - ind = iargs->dbentp->n_key_data-1; - if (!(kret = krb5_random_key(context, - &random_encblock, rseed, - &key))) { - kret = krb5_dbekd_encrypt_key_data(context, - iargs->rblock->eblock, - key, - NULL, - 1, - &iargs->dbentp->key_data[ind]); - krb5_free_keyblock(context, key); - } - } - memset((char *)random_keyblock.contents, 0, random_keyblock.length); - free(random_keyblock.contents); - (void) krb5_finish_random_key(context, &random_encblock, &rseed); - return(kret); -} - -static krb5_error_code -add_principal(context, princ, op, pblock) - krb5_context context; - krb5_principal princ; - enum ap_op op; - struct realm_info *pblock; -{ - krb5_error_code retval; - krb5_db_entry entry; - - krb5_timestamp now; - struct iterate_args iargs; - - int nentries = 1; - - memset((char *) &entry, 0, sizeof(entry)); - - entry.len = KRB5_KDB_V1_BASE_LENGTH; - entry.attributes = pblock->flags; - entry.max_life = pblock->max_life; - entry.max_renewable_life = pblock->max_rlife; - entry.expiration = pblock->expiration; - - if ((retval = krb5_copy_principal(context, princ, &entry.princ))) - goto error_out; - - if ((retval = krb5_timeofday(context, &now))) - goto error_out; - - if ((retval = krb5_dbe_update_mod_princ_data(context, &entry, - now, &db_create_princ))) - goto error_out; - - switch (op) { - case MASTER_KEY: - if ((entry.key_data=(krb5_key_data*)malloc(sizeof(krb5_key_data))) - == NULL) - goto error_out; - memset((char *) entry.key_data, 0, sizeof(krb5_key_data)); - entry.n_key_data = 1; - - entry.attributes |= KRB5_KDB_DISALLOW_ALL_TIX; - if ((retval = krb5_dbekd_encrypt_key_data(context, pblock->eblock, - &master_keyblock, NULL, - 1, entry.key_data))) - return retval; - break; - case TGT_KEY: - iargs.ctx = context; - iargs.rblock = pblock; - iargs.dbentp = &entry; - /* - * Iterate through the key/salt list, ignoring salt types. - */ - if ((retval = krb5_keysalt_iterate(pblock->kslist, - pblock->nkslist, - 1, - tgt_keysalt_iterate, - (krb5_pointer) &iargs))) - return retval; - break; - case NULL_KEY: - return EOPNOTSUPP; - default: - break; - } - - retval = krb5_db_put_principal(context, &entry, &nentries); - -error_out:; - krb5_dbe_free_contents(context, &entry); - return retval; -} diff --git a/src/kadmin/create/string_table.c b/src/kadmin/create/string_table.c deleted file mode 100644 index b9f86a363..000000000 --- a/src/kadmin/create/string_table.c +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved. - * - * $Header$ - */ - -#if !defined(lint) && !defined(__CODECENTER__) -static char *rcsid = "$Header$"; -#endif - -/* String table of messages for kadm5_create */ - -char *str_INITING_KCONTEXT = "while initializing the kerberos context"; - -char *str_PARSE_NAME = "while parsing admin principal name."; - -char *str_HISTORY_PARSE_NAME = "while parsing admin history principal name."; - -char *str_ADMIN_PRINC_EXISTS = "Warning! Admin principal already exists."; - -char *str_CHANGEPW_PRINC_EXISTS = "Warning! Changepw principal already exists."; - -char *str_HISTORY_PRINC_EXISTS = "Warning! Admin history principal already exists."; - -char *str_ADMIN_PRINC_WRONG_ATTRS = - "Warning! Admin principal has incorrect attributes.\n" - "\tDISALLOW_TGT should be set, and max_life should be three hours.\n" - "\tThis program will leave them as-is, but beware!."; - -char *str_CHANGEPW_PRINC_WRONG_ATTRS = - "Warning! Changepw principal has incorrect attributes.\n" - "\tDISALLOW_TGT and PW_CHANGE_SERVICE should both be set, and " - "max_life should be five minutes.\n" - "\tThis program will leave them as-is, but beware!."; - -char *str_HISTORY_PRINC_WRONG_ATTRS = - "Warning! Admin history principal has incorrect attributes.\n" - "\tDISALLOW_ALL_TIX should be set.\n" - "\tThis program will leave it as-is, but beware!."; - -char *str_CREATED_PRINC_DB = - "%s: Admin principal database created (or it already existed).\n"; /* whoami */ - -char *str_CREATED_POLICY_DB = - "%s: Admin policy database created (or it already existed).\n"; /* whoami */ - -char *str_RANDOM_KEY = - "while calling random key for %s."; /* principal name */ - -char *str_ENCRYPT_KEY = - "while calling encrypt key for %s."; /* principal name */ - -char *str_PUT_PRINC = - "while calling storing %s in Kerberos database."; /* principal name */ - -char *str_CREATING_POLICY_DB = "while creating/opening admin policy database."; - -char *str_CLOSING_POLICY_DB = "while closing admin policy database."; - -char *str_CREATING_PRINC_DB = "while creating/opening admin principal database."; - -char *str_CLOSING_PRINC_DB = "while closing admin principal database."; - -char *str_CREATING_PRINC_ENTRY = - "while creating admin principal database entry for %s."; /* princ_name */ - -char *str_A_PRINC = "a principal"; - -char *str_UNPARSE_PRINC = "while unparsing principal."; - -char *str_CREATED_PRINC = "%s: Created %s principal.\n"; /* whoami, princ_name */ - -char *str_INIT_KDB = "while initializing kdb."; - -char *str_NO_KDB = -"while initializing kdb.\nThe Kerberos KDC database needs to exist in /krb5.\n\ -If you haven't run kdb5_create you need to do so before running this command."; - - -char *str_INIT_RANDOM_KEY = "while initializing random key generator."; - -char *str_TOO_MANY_ADMIN_PRINC = - "while fetching admin princ. Can only have one admin principal."; - -char *str_TOO_MANY_CHANGEPW_PRINC = - "while fetching changepw princ. Can only have one changepw principal."; - -char *str_TOO_MANY_HIST_PRINC = - "while fetching history princ. Can only have one history principal."; - -char *str_WHILE_DESTROYING_ADMIN_SESSION = "while closing session with admin server and destroying tickets."; diff --git a/src/kadmin/create/string_table.h b/src/kadmin/create/string_table.h deleted file mode 100644 index e8cb45367..000000000 --- a/src/kadmin/create/string_table.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved. - * - * $Header$ - * - */ - -#ifndef _OVSEC_ADM_STRINGS_ - -extern char *str_INITING_KCONTEXT; -extern char *str_PARSE_NAME; -extern char *str_HISTORY_PARSE_NAME; -extern char *str_ADMIN_PRINC_EXISTS; -extern char *str_CHANGEPW_PRINC_EXISTS; -extern char *str_HISTORY_PRINC_EXISTS; -extern char *str_ADMIN_PRINC_WRONG_ATTRS; -extern char *str_CHANGEPW_PRINC_WRONG_ATTRS; -extern char *str_HISTORY_PRINC_WRONG_ATTRS; -extern char *str_CREATED_PRINC_DB; -extern char *str_CREATED_POLICY_DB; -extern char *str_RANDOM_KEY; -extern char *str_ENCRYPT_KEY; -extern char *str_PUT_PRINC; -extern char *str_CREATING_POLICY_DB; -extern char *str_CLOSING_POLICY_DB; -extern char *str_CREATING_PRINC_DB; -extern char *str_CLOSING_PRINC_DB; -extern char *str_CREATING_PRINC_ENTRY; -extern char *str_A_PRINC; -extern char *str_UNPARSE_PRINC; -extern char *str_CREATED_PRINC; -extern char *str_INIT_KDB; -extern char *str_NO_KDB; -extern char *str_INIT_RANDOM_KEY; -extern char *str_TOO_MANY_ADMIN_PRINC; -extern char *str_TOO_MANY_CHANGEPW_PRINC; -extern char *str_TOO_MANY_HIST_PRINC; -extern char *str_WHILE_DESTROYING_ADMIN_SESSION; - -#endif /* _OVSEC_ADM_STRINGS_ */ -- 2.26.2