Add a server side implementation of kadm5_create_principal_3().

lib/kadm5/ad.c

@@ -572,6 +572,8 @@ static kadm5_ret_t
 kadm5_ad_create_principal(void *server_handle,
 			  kadm5_principal_ent_t entry,
 			  uint32_t mask,
+			  int n_ks_tuple,
+			  krb5_key_salt_tuple *ks_tuple,
 			  const char *password)
 {
     kadm5_ad_context *context = server_handle;
@@ -597,6 +599,14 @@ kadm5_ad_create_principal(void *server_handle,
     if ((mask & KADM5_PRINCIPAL) == 0)
 	return KADM5_BAD_MASK;
 
+    /*
+     * We should get around to implementing this...  At the moment, the
+     * the server side API is implemented but the wire protocol has not
+     * been updated.
+     */
+    if (n_ks_tuple > 0)
+       return KADM5_KS_TUPLE_NOSUPP;
+
     for (i = 0; i < sizeof(rattrs)/sizeof(rattrs[0]); i++)
 	attrs[i] = &rattrs[i];
     attrs[i] = NULL;

lib/kadm5/common_glue.c

@@ -79,13 +79,26 @@ kadm5_chpass_principal_with_key_3(void *server_handle,
 		  (server_handle, princ, keepold, n_key_data, key_data));
 }
 
+kadm5_ret_t
+kadm5_create_principal_3(void *server_handle,
+			 kadm5_principal_ent_t princ,
+			 uint32_t mask,
+			 int n_ks_tuple,
+			 krb5_key_salt_tuple *ks_tuple,
+			 char *password)
+{
+    return __CALL(create_principal,
+		  (server_handle, princ, mask, n_ks_tuple, ks_tuple, password));
+}
+
 kadm5_ret_t
 kadm5_create_principal(void *server_handle,
 		       kadm5_principal_ent_t princ,
 		       uint32_t mask,
 		       const char *password)
 {
-    return __CALL(create_principal, (server_handle, princ, mask, password));
+    return __CALL(create_principal,
+		  (server_handle, princ, mask, 0, NULL, password));
 }
 
 kadm5_ret_t

lib/kadm5/create_c.c

@@ -39,6 +39,8 @@ kadm5_ret_t
 kadm5_c_create_principal(void *server_handle,
 			 kadm5_principal_ent_t princ,
 			 uint32_t mask,
+			 int n_ks_tuple,
+			 krb5_key_salt_tuple *ks_tuple,
 			 const char *password)
 {
     kadm5_client_context *context = server_handle;
@@ -48,6 +50,14 @@ kadm5_c_create_principal(void *server_handle,
     int32_t tmp;
     krb5_data reply;
 
+    /*
+     * We should get around to implementing this...  At the moment, the
+     * the server side API is implemented but the wire protocol has not
+     * been updated.
+     */
+    if (n_ks_tuple > 0)
+	return KADM5_KS_TUPLE_NOSUPP;
+
     ret = _kadm5_connect(server_handle);
     if(ret)
 	return ret;

lib/kadm5/create_s.c

@@ -153,6 +153,8 @@ kadm5_ret_t
 kadm5_s_create_principal(void *server_handle,
 			 kadm5_principal_ent_t princ,
 			 uint32_t mask,
+			 int n_ks_tuple,
+			 krb5_key_salt_tuple *ks_tuple,
 			 const char *password)
 {
     kadm5_ret_t ret;
@@ -178,7 +180,7 @@ kadm5_s_create_principal(void *server_handle,
     ent.entry.keys.len = 0;
     ent.entry.keys.val = NULL;
 
-    ret = _kadm5_set_keys(context, &ent.entry, 0, NULL, password);
+    ret = _kadm5_set_keys(context, &ent.entry, n_ks_tuple, ks_tuple, password);
     if (ret)
 	goto out;
 

lib/kadm5/private.h

@@ -39,8 +39,9 @@
 struct kadm_func {
     kadm5_ret_t (*chpass_principal) (void *, krb5_principal, int,
 				     int, krb5_key_salt_tuple*, const char*);
-    kadm5_ret_t (*create_principal) (void*, kadm5_principal_ent_t,
+    kadm5_ret_t (*create_principal) (void*, kadm5_principal_ent_t, uint32_t,
-				     uint32_t, const char*);
+				     int, krb5_key_salt_tuple *,
+				     const char*);
     kadm5_ret_t (*delete_principal) (void*, krb5_principal);
     kadm5_ret_t (*destroy) (void*);
     kadm5_ret_t (*flush) (void*);

lib/kadm5/version-script.map

@@ -12,6 +12,7 @@ HEIMDAL_KAMD5_SERVER_1.0 {
 		kadm5_chpass_principal_with_key_3;
 		kadm5_create_policy;
 		kadm5_create_principal;
+		kadm5_create_principal_3;
 		kadm5_delete_principal;
 		kadm5_destroy;
 		kadm5_decrypt_key;