dup of ok for the fast cookie

This commit is contained in:
Love Hörnquist Åstrand
2011-11-06 09:27:19 -08:00
parent 01ddeee37f
commit 1a562410c9

View File

@@ -37,11 +37,14 @@
#include "kadmin-commands.h"
#include <kadm5/private.h>
#define CRE_DUP_OK 1
static kadm5_ret_t
create_random_entry(krb5_principal princ,
unsigned max_life,
unsigned max_rlife,
uint32_t attributes)
uint32_t attributes,
unsigned flags)
{
kadm5_principal_ent_rec ent;
kadm5_ret_t ret;
@@ -78,6 +81,8 @@ create_random_entry(krb5_principal princ,
/* Create the entry with a random password */
ret = kadm5_create_principal(kadm_handle, &ent, mask, password);
if(ret) {
if (ret == KADM5_DUP && (flags & CRE_DUP_OK))
goto out;
krb5_warn(context, ret, "create_random_entry(%s): randkey failed",
name);
goto out;
@@ -177,7 +182,7 @@ init(struct init_options *opt, int argc, char **argv)
if(ret)
return 0;
create_random_entry(princ, max_life, max_rlife, 0);
create_random_entry(princ, max_life, max_rlife, 0, 0);
krb5_free_principal(context, princ);
if (opt->bare_flag)
@@ -198,13 +203,14 @@ init(struct init_options *opt, int argc, char **argv)
KRB5_KDB_DISALLOW_POSTDATED|
KRB5_KDB_DISALLOW_RENEWABLE|
KRB5_KDB_DISALLOW_PROXIABLE|
KRB5_KDB_REQUIRES_PRE_AUTH);
KRB5_KDB_REQUIRES_PRE_AUTH,
0);
krb5_free_principal(context, princ);
/* Create `kadmin/admin' */
krb5_make_principal(context, &princ, realm,
"kadmin", "admin", NULL);
create_random_entry(princ, 60*60, 60*60, KRB5_KDB_REQUIRES_PRE_AUTH);
create_random_entry(princ, 60*60, 60*60, KRB5_KDB_REQUIRES_PRE_AUTH, 0);
krb5_free_principal(context, princ);
/* Create `changepw/kerberos' (for v4 compat) */
@@ -212,7 +218,7 @@ init(struct init_options *opt, int argc, char **argv)
"changepw", "kerberos", NULL);
create_random_entry(princ, 60*60, 60*60,
KRB5_KDB_DISALLOW_TGT_BASED|
KRB5_KDB_PWCHANGE_SERVICE);
KRB5_KDB_PWCHANGE_SERVICE, 0);
krb5_free_principal(context, princ);
@@ -221,14 +227,14 @@ init(struct init_options *opt, int argc, char **argv)
"kadmin", "hprop", NULL);
create_random_entry(princ, 60*60, 60*60,
KRB5_KDB_REQUIRES_PRE_AUTH|
KRB5_KDB_DISALLOW_TGT_BASED);
KRB5_KDB_DISALLOW_TGT_BASED, 0);
krb5_free_principal(context, princ);
/* Create `WELLKNOWN/ANONYMOUS' for anonymous as-req */
krb5_make_principal(context, &princ, realm,
KRB5_WELLKNOWN_NAME, KRB5_ANON_NAME, NULL);
create_random_entry(princ, 60*60, 60*60,
KRB5_KDB_REQUIRES_PRE_AUTH);
KRB5_KDB_REQUIRES_PRE_AUTH, 0);
krb5_free_principal(context, princ);
@@ -238,7 +244,7 @@ init(struct init_options *opt, int argc, char **argv)
create_random_entry(princ, 60*60, 60*60,
KRB5_KDB_REQUIRES_PRE_AUTH|
KRB5_KDB_DISALLOW_TGT_BASED|
KRB5_KDB_DISALLOW_ALL_TIX);
KRB5_KDB_DISALLOW_ALL_TIX, CRE_DUP_OK);
krb5_free_principal(context, princ);
/* Create `default' */