dup of ok for the fast cookie
This commit is contained in:
@@ -37,11 +37,14 @@
|
||||
#include "kadmin-commands.h"
|
||||
#include <kadm5/private.h>
|
||||
|
||||
#define CRE_DUP_OK 1
|
||||
|
||||
static kadm5_ret_t
|
||||
create_random_entry(krb5_principal princ,
|
||||
unsigned max_life,
|
||||
unsigned max_rlife,
|
||||
uint32_t attributes)
|
||||
uint32_t attributes,
|
||||
unsigned flags)
|
||||
{
|
||||
kadm5_principal_ent_rec ent;
|
||||
kadm5_ret_t ret;
|
||||
@@ -78,6 +81,8 @@ create_random_entry(krb5_principal princ,
|
||||
/* Create the entry with a random password */
|
||||
ret = kadm5_create_principal(kadm_handle, &ent, mask, password);
|
||||
if(ret) {
|
||||
if (ret == KADM5_DUP && (flags & CRE_DUP_OK))
|
||||
goto out;
|
||||
krb5_warn(context, ret, "create_random_entry(%s): randkey failed",
|
||||
name);
|
||||
goto out;
|
||||
@@ -177,7 +182,7 @@ init(struct init_options *opt, int argc, char **argv)
|
||||
if(ret)
|
||||
return 0;
|
||||
|
||||
create_random_entry(princ, max_life, max_rlife, 0);
|
||||
create_random_entry(princ, max_life, max_rlife, 0, 0);
|
||||
krb5_free_principal(context, princ);
|
||||
|
||||
if (opt->bare_flag)
|
||||
@@ -198,13 +203,14 @@ init(struct init_options *opt, int argc, char **argv)
|
||||
KRB5_KDB_DISALLOW_POSTDATED|
|
||||
KRB5_KDB_DISALLOW_RENEWABLE|
|
||||
KRB5_KDB_DISALLOW_PROXIABLE|
|
||||
KRB5_KDB_REQUIRES_PRE_AUTH);
|
||||
KRB5_KDB_REQUIRES_PRE_AUTH,
|
||||
0);
|
||||
krb5_free_principal(context, princ);
|
||||
|
||||
/* Create `kadmin/admin' */
|
||||
krb5_make_principal(context, &princ, realm,
|
||||
"kadmin", "admin", NULL);
|
||||
create_random_entry(princ, 60*60, 60*60, KRB5_KDB_REQUIRES_PRE_AUTH);
|
||||
create_random_entry(princ, 60*60, 60*60, KRB5_KDB_REQUIRES_PRE_AUTH, 0);
|
||||
krb5_free_principal(context, princ);
|
||||
|
||||
/* Create `changepw/kerberos' (for v4 compat) */
|
||||
@@ -212,7 +218,7 @@ init(struct init_options *opt, int argc, char **argv)
|
||||
"changepw", "kerberos", NULL);
|
||||
create_random_entry(princ, 60*60, 60*60,
|
||||
KRB5_KDB_DISALLOW_TGT_BASED|
|
||||
KRB5_KDB_PWCHANGE_SERVICE);
|
||||
KRB5_KDB_PWCHANGE_SERVICE, 0);
|
||||
|
||||
krb5_free_principal(context, princ);
|
||||
|
||||
@@ -221,14 +227,14 @@ init(struct init_options *opt, int argc, char **argv)
|
||||
"kadmin", "hprop", NULL);
|
||||
create_random_entry(princ, 60*60, 60*60,
|
||||
KRB5_KDB_REQUIRES_PRE_AUTH|
|
||||
KRB5_KDB_DISALLOW_TGT_BASED);
|
||||
KRB5_KDB_DISALLOW_TGT_BASED, 0);
|
||||
krb5_free_principal(context, princ);
|
||||
|
||||
/* Create `WELLKNOWN/ANONYMOUS' for anonymous as-req */
|
||||
krb5_make_principal(context, &princ, realm,
|
||||
KRB5_WELLKNOWN_NAME, KRB5_ANON_NAME, NULL);
|
||||
create_random_entry(princ, 60*60, 60*60,
|
||||
KRB5_KDB_REQUIRES_PRE_AUTH);
|
||||
KRB5_KDB_REQUIRES_PRE_AUTH, 0);
|
||||
krb5_free_principal(context, princ);
|
||||
|
||||
|
||||
@@ -238,7 +244,7 @@ init(struct init_options *opt, int argc, char **argv)
|
||||
create_random_entry(princ, 60*60, 60*60,
|
||||
KRB5_KDB_REQUIRES_PRE_AUTH|
|
||||
KRB5_KDB_DISALLOW_TGT_BASED|
|
||||
KRB5_KDB_DISALLOW_ALL_TIX);
|
||||
KRB5_KDB_DISALLOW_ALL_TIX, CRE_DUP_OK);
|
||||
krb5_free_principal(context, princ);
|
||||
|
||||
/* Create `default' */
|
||||
|
Reference in New Issue
Block a user