From 12b24ad8763b2818fadaf0f83e11485978e58af0 Mon Sep 17 00:00:00 2001
From: "Roland C. Dowdeswell" <elric@imrryr.org>
Date: Fri, 24 Feb 2012 17:39:54 +0000
Subject: [PATCH] Add a server side implementation of
 kadm5_create_principal_3().

---
 lib/kadm5/ad.c               | 10 ++++++++++
 lib/kadm5/common_glue.c      | 15 ++++++++++++++-
 lib/kadm5/create_c.c         | 10 ++++++++++
 lib/kadm5/create_s.c         |  4 +++-
 lib/kadm5/private.h          |  5 +++--
 lib/kadm5/version-script.map |  1 +
 6 files changed, 41 insertions(+), 4 deletions(-)

diff --git a/lib/kadm5/ad.c b/lib/kadm5/ad.c
index 731a37e03..f53f2dfec 100644
--- a/lib/kadm5/ad.c
+++ b/lib/kadm5/ad.c
@@ -572,6 +572,8 @@ static kadm5_ret_t
 kadm5_ad_create_principal(void *server_handle,
 			  kadm5_principal_ent_t entry,
 			  uint32_t mask,
+			  int n_ks_tuple,
+			  krb5_key_salt_tuple *ks_tuple,
 			  const char *password)
 {
     kadm5_ad_context *context = server_handle;
@@ -597,6 +599,14 @@ kadm5_ad_create_principal(void *server_handle,
     if ((mask & KADM5_PRINCIPAL) == 0)
 	return KADM5_BAD_MASK;
 
+    /*
+     * We should get around to implementing this...  At the moment, the
+     * the server side API is implemented but the wire protocol has not
+     * been updated.
+     */
+    if (n_ks_tuple > 0)
+       return KADM5_KS_TUPLE_NOSUPP;
+
     for (i = 0; i < sizeof(rattrs)/sizeof(rattrs[0]); i++)
 	attrs[i] = &rattrs[i];
     attrs[i] = NULL;
diff --git a/lib/kadm5/common_glue.c b/lib/kadm5/common_glue.c
index ca6fc7f29..3270197b4 100644
--- a/lib/kadm5/common_glue.c
+++ b/lib/kadm5/common_glue.c
@@ -79,13 +79,26 @@ kadm5_chpass_principal_with_key_3(void *server_handle,
 		  (server_handle, princ, keepold, n_key_data, key_data));
 }
 
+kadm5_ret_t
+kadm5_create_principal_3(void *server_handle,
+			 kadm5_principal_ent_t princ,
+			 uint32_t mask,
+			 int n_ks_tuple,
+			 krb5_key_salt_tuple *ks_tuple,
+			 char *password)
+{
+    return __CALL(create_principal,
+		  (server_handle, princ, mask, n_ks_tuple, ks_tuple, password));
+}
+
 kadm5_ret_t
 kadm5_create_principal(void *server_handle,
 		       kadm5_principal_ent_t princ,
 		       uint32_t mask,
 		       const char *password)
 {
-    return __CALL(create_principal, (server_handle, princ, mask, password));
+    return __CALL(create_principal,
+		  (server_handle, princ, mask, 0, NULL, password));
 }
 
 kadm5_ret_t
diff --git a/lib/kadm5/create_c.c b/lib/kadm5/create_c.c
index e36b2969c..f6706b027 100644
--- a/lib/kadm5/create_c.c
+++ b/lib/kadm5/create_c.c
@@ -39,6 +39,8 @@ kadm5_ret_t
 kadm5_c_create_principal(void *server_handle,
 			 kadm5_principal_ent_t princ,
 			 uint32_t mask,
+			 int n_ks_tuple,
+			 krb5_key_salt_tuple *ks_tuple,
 			 const char *password)
 {
     kadm5_client_context *context = server_handle;
@@ -48,6 +50,14 @@ kadm5_c_create_principal(void *server_handle,
     int32_t tmp;
     krb5_data reply;
 
+    /*
+     * We should get around to implementing this...  At the moment, the
+     * the server side API is implemented but the wire protocol has not
+     * been updated.
+     */
+    if (n_ks_tuple > 0)
+	return KADM5_KS_TUPLE_NOSUPP;
+
     ret = _kadm5_connect(server_handle);
     if(ret)
 	return ret;
diff --git a/lib/kadm5/create_s.c b/lib/kadm5/create_s.c
index 782b8145a..ae6da4aa3 100644
--- a/lib/kadm5/create_s.c
+++ b/lib/kadm5/create_s.c
@@ -153,6 +153,8 @@ kadm5_ret_t
 kadm5_s_create_principal(void *server_handle,
 			 kadm5_principal_ent_t princ,
 			 uint32_t mask,
+			 int n_ks_tuple,
+			 krb5_key_salt_tuple *ks_tuple,
 			 const char *password)
 {
     kadm5_ret_t ret;
@@ -178,7 +180,7 @@ kadm5_s_create_principal(void *server_handle,
     ent.entry.keys.len = 0;
     ent.entry.keys.val = NULL;
 
-    ret = _kadm5_set_keys(context, &ent.entry, 0, NULL, password);
+    ret = _kadm5_set_keys(context, &ent.entry, n_ks_tuple, ks_tuple, password);
     if (ret)
 	goto out;
 
diff --git a/lib/kadm5/private.h b/lib/kadm5/private.h
index 04fb7c206..43ee5e86f 100644
--- a/lib/kadm5/private.h
+++ b/lib/kadm5/private.h
@@ -39,8 +39,9 @@
 struct kadm_func {
     kadm5_ret_t (*chpass_principal) (void *, krb5_principal, int,
 				     int, krb5_key_salt_tuple*, const char*);
-    kadm5_ret_t (*create_principal) (void*, kadm5_principal_ent_t,
-				     uint32_t, const char*);
+    kadm5_ret_t (*create_principal) (void*, kadm5_principal_ent_t, uint32_t,
+				     int, krb5_key_salt_tuple *,
+				     const char*);
     kadm5_ret_t (*delete_principal) (void*, krb5_principal);
     kadm5_ret_t (*destroy) (void*);
     kadm5_ret_t (*flush) (void*);
diff --git a/lib/kadm5/version-script.map b/lib/kadm5/version-script.map
index 2aff390ec..9bf751d87 100644
--- a/lib/kadm5/version-script.map
+++ b/lib/kadm5/version-script.map
@@ -12,6 +12,7 @@ HEIMDAL_KAMD5_SERVER_1.0 {
 		kadm5_chpass_principal_with_key_3;
 		kadm5_create_policy;
 		kadm5_create_principal;
+		kadm5_create_principal_3;
 		kadm5_delete_principal;
 		kadm5_destroy;
 		kadm5_decrypt_key;