From 368536bc08d529fd4631fc09efe0f6bb117aaf63 Mon Sep 17 00:00:00 2001
From: Love Hornquist Astrand <lha@h5l.org>
Date: Sat, 21 Nov 2009 23:53:26 -0800
Subject: [PATCH] add password/bare options

---
 kadmin/init.c             | 19 ++++++++++++-------
 kadmin/kadmin-commands.in | 10 ++++++++++
 kadmin/stash.c            |  5 +++++
 3 files changed, 27 insertions(+), 7 deletions(-)

diff --git a/kadmin/init.c b/kadmin/init.c
index 62ff55ded..8c70e610c 100644
--- a/kadmin/init.c
+++ b/kadmin/init.c
@@ -3,6 +3,8 @@
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  *
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -157,15 +159,9 @@ init(struct init_options *opt, int argc, char **argv)
 	krb5_principal princ;
 	const char *realm = argv[i];
 
-	/* Create `krbtgt/REALM' */
-	ret = krb5_make_principal(context, &princ, realm,
-				  KRB5_TGS_NAME, realm, NULL);
-	if(ret)
-	    return 0;
 	if (opt->realm_max_ticket_life_string == NULL) {
 	    max_life = 0;
 	    if(edit_deltat ("Realm max ticket life", &max_life, NULL, 0)) {
-		krb5_free_principal(context, princ);
 		return 0;
 	    }
 	}
@@ -173,13 +169,22 @@ init(struct init_options *opt, int argc, char **argv)
 	    max_rlife = 0;
 	    if(edit_deltat("Realm max renewable ticket life", &max_rlife,
 			   NULL, 0)) {
-		krb5_free_principal(context, princ);
 		return 0;
 	    }
 	}
+
+	/* Create `krbtgt/REALM' */
+	ret = krb5_make_principal(context, &princ, realm,
+				  KRB5_TGS_NAME, realm, NULL);
+	if(ret)
+	    return 0;
+
 	create_random_entry(princ, max_life, max_rlife, 0);
 	krb5_free_principal(context, princ);
 
+	if (opt->bare_flag)
+	    continue;
+
 	/* Create `kadmin/changepw' */
 	krb5_make_principal(context, &princ, realm,
 			    "kadmin", "changepw", NULL);
diff --git a/kadmin/kadmin-commands.in b/kadmin/kadmin-commands.in
index 5760a52d8..4396ff800 100644
--- a/kadmin/kadmin-commands.in
+++ b/kadmin/kadmin-commands.in
@@ -54,6 +54,11 @@ command = {
 		type = "flag"
 		help = "just convert keyfile to new format"
 	}
+	option = {
+		long = "random-password"
+		type = "flag"
+		help = "use a random password (and print the password to stdout)"
+	}
 	option = {
 		long = "master-key-fd"
 		type = "integer"
@@ -89,6 +94,11 @@ command = {
 		type = "string"
 		help = "realm max renewable lifetime"
 	}
+	option = {
+		long = "bare"
+		type = "flag"
+		help = "only create krbtgt for realm"
+	}
 	argument = "realm..."
 	min_args = "1"
 	help = "Initializes the default principals for a realm. Creates the database\nif necessary. Local (-l) mode only."
diff --git a/kadmin/stash.c b/kadmin/stash.c
index 62e4db653..3d4c51065 100644
--- a/kadmin/stash.c
+++ b/kadmin/stash.c
@@ -3,6 +3,8 @@
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  *
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -93,6 +95,9 @@ stash(struct stash_options *opt, int argc, char **argv)
 	    }
 	    buf[n] = '\0';
 	    buf[strcspn(buf, "\r\n")] = '\0';
+	} else if (opt->random_password_flag) {
+	    random_password (buf, sizeof(buf));
+	    printf("Using random master stash password: %s\n", buf);
 	} else {
 	    if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Master key: ", 1)) {
 		hdb_free_master_key(context, mkey);