From f07bca9fc94a5cf2e3c0f58226c7973a4b86b7a9 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Mon, 21 Sep 2009 18:40:02 +0000 Subject: Improve the mechanism used for addprinc -randkey. In the kadmin server, if the password is null when creating a principal, treat that as a request for a random key. In the kadmin client, try using the new method for random key creation and then fall back to the old one. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22782 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/kadm5/srv/svr_principal.c | 35 +++++++++++++++++++++++------------ 1 file changed, 23 insertions(+), 12 deletions(-) (limited to 'src/lib/kadm5/srv/svr_principal.c') diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index 5c5cdc8..1a60f52 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -226,7 +226,7 @@ kadm5_create_principal_3(void *server_handle, return KADM5_BAD_MASK; if((mask & ~ALL_PRINC_MASK)) return KADM5_BAD_MASK; - if (entry == (kadm5_principal_ent_t) NULL || password == NULL) + if (entry == NULL) return EINVAL; /* @@ -260,11 +260,14 @@ kadm5_create_principal_3(void *server_handle, return ret; } } - if ((ret = passwd_check(handle, password, (mask & KADM5_POLICY), - &polent, entry->principal))) { - if (mask & KADM5_POLICY) - (void) kadm5_free_policy_ent(handle->lhandle, &polent); - return ret; + if (password) { + ret = passwd_check(handle, password, (mask & KADM5_POLICY), + &polent, entry->principal); + if (ret) { + if (mask & KADM5_POLICY) + (void) kadm5_free_policy_ent(handle->lhandle, &polent); + return ret; + } } /* * Start populating the various DB fields, using the @@ -360,12 +363,20 @@ kadm5_create_principal_3(void *server_handle, return (ret); } - if ((ret = krb5_dbe_cpw(handle->context, act_mkey, - n_ks_tuple?ks_tuple:handle->params.keysalts, - n_ks_tuple?n_ks_tuple:handle->params.num_keysalts, - password, - (mask & KADM5_KVNO)?entry->kvno:1, - FALSE, &kdb))) { + if (password) { + ret = krb5_dbe_cpw(handle->context, act_mkey, + n_ks_tuple?ks_tuple:handle->params.keysalts, + n_ks_tuple?n_ks_tuple:handle->params.num_keysalts, + password, (mask & KADM5_KVNO)?entry->kvno:1, + FALSE, &kdb); + } else { + /* Null password means create with random key (new in 1.8). */ + ret = krb5_dbe_crk(handle->context, &master_keyblock, + n_ks_tuple?ks_tuple:handle->params.keysalts, + n_ks_tuple?n_ks_tuple:handle->params.num_keysalts, + FALSE, &kdb); + } + if (ret) { krb5_db_free_principal(handle->context, &kdb, 1); if (mask & KADM5_POLICY) (void) kadm5_free_policy_ent(handle->lhandle, &polent); -- cgit v1.1