17c478bd9Sstevel@tonic-gate /*
2e2f93a30S * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
37c478bd9Sstevel@tonic-gate * Use is subject to license terms.
47c478bd9Sstevel@tonic-gate */
57c478bd9Sstevel@tonic-gate
67c478bd9Sstevel@tonic-gate /*
77c478bd9Sstevel@tonic-gate * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
87c478bd9Sstevel@tonic-gate *
97c478bd9Sstevel@tonic-gate * $Id: kadm5_create.c,v 1.6 1998/10/30 02:52:37 marc Exp $
107c478bd9Sstevel@tonic-gate * $Source: /cvs/krbdev/krb5/src/kadmin/dbutil/kadm5_create.c,v $
117c478bd9Sstevel@tonic-gate */
127c478bd9Sstevel@tonic-gate
137c478bd9Sstevel@tonic-gate /*
147c478bd9Sstevel@tonic-gate * Copyright (C) 1998 by the FundsXpress, INC.
15*55fea89dSDan Cross *
167c478bd9Sstevel@tonic-gate * All rights reserved.
17*55fea89dSDan Cross *
187c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may require
197c478bd9Sstevel@tonic-gate * a specific license from the United States Government. It is the
207c478bd9Sstevel@tonic-gate * responsibility of any person or organization contemplating export to
217c478bd9Sstevel@tonic-gate * obtain such a license before exporting.
22*55fea89dSDan Cross *
237c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
247c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and
257c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright
267c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and
277c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that
287c478bd9Sstevel@tonic-gate * the name of FundsXpress. not be used in advertising or publicity pertaining
297c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior
307c478bd9Sstevel@tonic-gate * permission. FundsXpress makes no representations about the suitability of
317c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express
327c478bd9Sstevel@tonic-gate * or implied warranty.
33*55fea89dSDan Cross *
347c478bd9Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
357c478bd9Sstevel@tonic-gate * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
367c478bd9Sstevel@tonic-gate * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
377c478bd9Sstevel@tonic-gate */
387c478bd9Sstevel@tonic-gate
397c478bd9Sstevel@tonic-gate #include "string_table.h"
407c478bd9Sstevel@tonic-gate
417c478bd9Sstevel@tonic-gate #include <stdio.h>
427c478bd9Sstevel@tonic-gate #include <stdlib.h>
437c478bd9Sstevel@tonic-gate #include <string.h>
4454925bf6Swillf #include <k5-int.h>
4554925bf6Swillf #include <kdb.h>
467c478bd9Sstevel@tonic-gate #include <kadm5/admin.h>
4756a424ccSmp #include <krb5/adm_proto.h>
4856a424ccSmp
497c478bd9Sstevel@tonic-gate #include <krb5.h>
507c478bd9Sstevel@tonic-gate #include <krb5/kdb.h>
5154925bf6Swillf #include "kdb5_util.h"
527c478bd9Sstevel@tonic-gate #include <libintl.h>
537c478bd9Sstevel@tonic-gate
547c478bd9Sstevel@tonic-gate int
557c478bd9Sstevel@tonic-gate add_admin_old_princ(void *handle, krb5_context context,
567c478bd9Sstevel@tonic-gate char *name, char *realm, int attrs, int lifetime);
577c478bd9Sstevel@tonic-gate int
587c478bd9Sstevel@tonic-gate add_admin_sname_princ(void *handle, krb5_context context,
597c478bd9Sstevel@tonic-gate char *sname, int attrs, int lifetime);
60e2f93a30S static int
617c478bd9Sstevel@tonic-gate add_admin_princ(void *handle, krb5_context context,
627c478bd9Sstevel@tonic-gate krb5_principal principal, int attrs, int lifetime);
637c478bd9Sstevel@tonic-gate
6456a424ccSmp static int add_admin_princs(void *handle, krb5_context context, char *realm);
6556a424ccSmp
6656a424ccSmp #define ERR 1
6756a424ccSmp #define OK 0
687c478bd9Sstevel@tonic-gate
697c478bd9Sstevel@tonic-gate #define ADMIN_LIFETIME 60*60*3 /* 3 hours */
707c478bd9Sstevel@tonic-gate #define CHANGEPW_LIFETIME 60*5 /* 5 minutes */
717c478bd9Sstevel@tonic-gate
727c478bd9Sstevel@tonic-gate extern char *progname;
737c478bd9Sstevel@tonic-gate
747c478bd9Sstevel@tonic-gate /*
757c478bd9Sstevel@tonic-gate * Function: kadm5_create
767c478bd9Sstevel@tonic-gate *
777c478bd9Sstevel@tonic-gate * Purpose: create admin principals in KDC database
787c478bd9Sstevel@tonic-gate *
797c478bd9Sstevel@tonic-gate * Arguments: params (r) configuration parameters to use
80*55fea89dSDan Cross *
817c478bd9Sstevel@tonic-gate * Effects: Creates KADM5_ADMIN_SERVICE and KADM5_CHANGEPW_SERVICE
827c478bd9Sstevel@tonic-gate * principals in the KDC database and sets their attributes
837c478bd9Sstevel@tonic-gate * appropriately.
847c478bd9Sstevel@tonic-gate */
kadm5_create(kadm5_config_params * params)8556a424ccSmp int kadm5_create(kadm5_config_params *params)
867c478bd9Sstevel@tonic-gate {
877c478bd9Sstevel@tonic-gate int retval;
887c478bd9Sstevel@tonic-gate krb5_context context;
897c478bd9Sstevel@tonic-gate
907c478bd9Sstevel@tonic-gate kadm5_config_params lparams;
917c478bd9Sstevel@tonic-gate
9254925bf6Swillf if ((retval = kadm5_init_krb5_context(&context)))
9356a424ccSmp exit(ERR);
947c478bd9Sstevel@tonic-gate
957c478bd9Sstevel@tonic-gate (void) memset(&lparams, 0, sizeof (kadm5_config_params));
967c478bd9Sstevel@tonic-gate
977c478bd9Sstevel@tonic-gate /*
987c478bd9Sstevel@tonic-gate * The lock file has to exist before calling kadm5_init, but
997c478bd9Sstevel@tonic-gate * params->admin_lockfile may not be set yet...
1007c478bd9Sstevel@tonic-gate */
101159d09a2SMark Phalan if ((retval = kadm5_get_config_params(context, 1,
10256a424ccSmp params, &lparams))) {
10356a424ccSmp com_err(progname, retval, gettext("while looking up the Kerberos configuration"));
10456a424ccSmp return 1;
1057c478bd9Sstevel@tonic-gate }
10656a424ccSmp
1077c478bd9Sstevel@tonic-gate retval = kadm5_create_magic_princs(&lparams, context);
1087c478bd9Sstevel@tonic-gate
1097c478bd9Sstevel@tonic-gate kadm5_free_config_params(context, &lparams);
1107c478bd9Sstevel@tonic-gate krb5_free_context(context);
1117c478bd9Sstevel@tonic-gate
11256a424ccSmp return retval;
1137c478bd9Sstevel@tonic-gate }
1147c478bd9Sstevel@tonic-gate
kadm5_create_magic_princs(kadm5_config_params * params,krb5_context context)11556a424ccSmp int kadm5_create_magic_princs(kadm5_config_params *params,
11656a424ccSmp krb5_context context)
1177c478bd9Sstevel@tonic-gate {
1187c478bd9Sstevel@tonic-gate int retval;
1197c478bd9Sstevel@tonic-gate void *handle;
120*55fea89dSDan Cross
12156a424ccSmp retval = krb5_klog_init(context, "admin_server", progname, 0);
12256a424ccSmp if (retval)
12356a424ccSmp return retval;
1247c478bd9Sstevel@tonic-gate if ((retval = kadm5_init(progname, NULL, NULL, params,
1257c478bd9Sstevel@tonic-gate KADM5_STRUCT_VERSION,
1267c478bd9Sstevel@tonic-gate KADM5_API_VERSION_2,
12754925bf6Swillf db5util_db_args,
1287c478bd9Sstevel@tonic-gate &handle))) {
12956a424ccSmp com_err(progname, retval, gettext("while initializing the Kerberos admin interface"));
13056a424ccSmp return retval;
1317c478bd9Sstevel@tonic-gate }
13256a424ccSmp
1337c478bd9Sstevel@tonic-gate retval = add_admin_princs(handle, context, params->realm);
1347c478bd9Sstevel@tonic-gate
1357c478bd9Sstevel@tonic-gate kadm5_destroy(handle);
1367c478bd9Sstevel@tonic-gate
13756a424ccSmp krb5_klog_close(context);
13856a424ccSmp
13956a424ccSmp return retval;
1407c478bd9Sstevel@tonic-gate }
1417c478bd9Sstevel@tonic-gate
1427c478bd9Sstevel@tonic-gate /*
1437c478bd9Sstevel@tonic-gate * Function: build_name_with_realm
1447c478bd9Sstevel@tonic-gate *
1457c478bd9Sstevel@tonic-gate * Purpose: concatenate a name and a realm to form a krb5 name
1467c478bd9Sstevel@tonic-gate *
1477c478bd9Sstevel@tonic-gate * Arguments:
1487c478bd9Sstevel@tonic-gate *
1497c478bd9Sstevel@tonic-gate * name (input) the name
1507c478bd9Sstevel@tonic-gate * realm (input) the realm
1517c478bd9Sstevel@tonic-gate *
1527c478bd9Sstevel@tonic-gate * Returns:
1537c478bd9Sstevel@tonic-gate *
1547c478bd9Sstevel@tonic-gate * pointer to name@realm, in allocated memory, or NULL if it
1557c478bd9Sstevel@tonic-gate * cannot be allocated
1567c478bd9Sstevel@tonic-gate *
1577c478bd9Sstevel@tonic-gate * Requires: both strings are null-terminated
1587c478bd9Sstevel@tonic-gate */
build_name_with_realm(char * name,char * realm)15956a424ccSmp static char *build_name_with_realm(char *name, char *realm)
1607c478bd9Sstevel@tonic-gate {
1617c478bd9Sstevel@tonic-gate char *n;
1627c478bd9Sstevel@tonic-gate
1637c478bd9Sstevel@tonic-gate n = (char *) malloc(strlen(name) + strlen(realm) + 2);
1647c478bd9Sstevel@tonic-gate sprintf(n, "%s@%s", name, realm);
16556a424ccSmp return n;
1667c478bd9Sstevel@tonic-gate }
1677c478bd9Sstevel@tonic-gate
1687c478bd9Sstevel@tonic-gate /*
1697c478bd9Sstevel@tonic-gate * Function: add_admin_princs
1707c478bd9Sstevel@tonic-gate *
1717c478bd9Sstevel@tonic-gate * Purpose: create admin principals
1727c478bd9Sstevel@tonic-gate *
1737c478bd9Sstevel@tonic-gate * Arguments:
1747c478bd9Sstevel@tonic-gate *
1757c478bd9Sstevel@tonic-gate * rseed (input) random seed
1767c478bd9Sstevel@tonic-gate * realm (input) realm, or NULL for default realm
1777c478bd9Sstevel@tonic-gate * <return value> (output) status, 0 for success, 1 for serious error
178*55fea89dSDan Cross *
1797c478bd9Sstevel@tonic-gate * Requires:
180*55fea89dSDan Cross *
1817c478bd9Sstevel@tonic-gate * Effects:
182*55fea89dSDan Cross *
1837c478bd9Sstevel@tonic-gate * add_admin_princs creates KADM5_ADMIN_SERVICE,
1847c478bd9Sstevel@tonic-gate * KADM5_CHANGEPW_SERVICE. If any of these exist a message is
1857c478bd9Sstevel@tonic-gate * printed. If any of these existing principal do not have the proper
1867c478bd9Sstevel@tonic-gate * attributes, a warning message is printed.
1877c478bd9Sstevel@tonic-gate */
add_admin_princs(void * handle,krb5_context context,char * realm)18856a424ccSmp static int add_admin_princs(void *handle, krb5_context context, char *realm)
1897c478bd9Sstevel@tonic-gate {
1907c478bd9Sstevel@tonic-gate krb5_error_code ret = 0;
191aa5f683fSmp
192aa5f683fSmp /*
193aa5f683fSmp * Solaris Kerberos:
194aa5f683fSmp * The kadmin/admin principal is unused on Solaris. This principal is used
195aa5f683fSmp * in AUTH_GSSAPI but Solaris doesn't support AUTH_GSSAPI. RPCSEC_GSS can only
196*55fea89dSDan Cross * be used with host-based principals.
197aa5f683fSmp *
198*55fea89dSDan Cross */
199aa5f683fSmp
200aa5f683fSmp #if 0
201aa5f683fSmp if ((ret = add_admin_old_princ(handle, context,
202aa5f683fSmp KADM5_ADMIN_SERVICE, realm,
203aa5f683fSmp KRB5_KDB_DISALLOW_TGT_BASED,
204aa5f683fSmp ADMIN_LIFETIME)))
205aa5f683fSmp goto clean_and_exit;
206*55fea89dSDan Cross #endif
2077c478bd9Sstevel@tonic-gate
2087c478bd9Sstevel@tonic-gate if ((ret = add_admin_old_princ(handle, context,
209*55fea89dSDan Cross KADM5_CHANGEPW_SERVICE, realm,
2107c478bd9Sstevel@tonic-gate KRB5_KDB_DISALLOW_TGT_BASED |
2117c478bd9Sstevel@tonic-gate KRB5_KDB_PWCHANGE_SERVICE,
2127c478bd9Sstevel@tonic-gate CHANGEPW_LIFETIME)))
2137c478bd9Sstevel@tonic-gate goto clean_and_exit;
214*55fea89dSDan Cross
2157c478bd9Sstevel@tonic-gate if ((ret = add_admin_sname_princ(handle, context,
2167c478bd9Sstevel@tonic-gate KADM5_ADMIN_HOST_SERVICE,
2177c478bd9Sstevel@tonic-gate KRB5_KDB_DISALLOW_TGT_BASED,
2187c478bd9Sstevel@tonic-gate ADMIN_LIFETIME)))
2197c478bd9Sstevel@tonic-gate goto clean_and_exit;
2207c478bd9Sstevel@tonic-gate
2217c478bd9Sstevel@tonic-gate if ((ret = add_admin_sname_princ(handle, context,
2227c478bd9Sstevel@tonic-gate KADM5_CHANGEPW_HOST_SERVICE,
2237c478bd9Sstevel@tonic-gate KRB5_KDB_DISALLOW_TGT_BASED |
2247c478bd9Sstevel@tonic-gate KRB5_KDB_PWCHANGE_SERVICE,
2257c478bd9Sstevel@tonic-gate ADMIN_LIFETIME)))
2267c478bd9Sstevel@tonic-gate goto clean_and_exit;
2277c478bd9Sstevel@tonic-gate
228aa5f683fSmp if ((ret = add_admin_sname_princ(handle, context,
229aa5f683fSmp KADM5_KIPROP_HOST_SERVICE,
230aa5f683fSmp KRB5_KDB_DISALLOW_TGT_BASED,
231aa5f683fSmp ADMIN_LIFETIME)))
232aa5f683fSmp goto clean_and_exit;
233aa5f683fSmp
2347c478bd9Sstevel@tonic-gate clean_and_exit:
2357c478bd9Sstevel@tonic-gate
23656a424ccSmp return ret;
2377c478bd9Sstevel@tonic-gate }
2387c478bd9Sstevel@tonic-gate
2397c478bd9Sstevel@tonic-gate /*
2407c478bd9Sstevel@tonic-gate * Function: add_admin_princ
2417c478bd9Sstevel@tonic-gate *
2427c478bd9Sstevel@tonic-gate * Arguments:
2437c478bd9Sstevel@tonic-gate *
2447c478bd9Sstevel@tonic-gate * creator (r) principal to use as "mod_by"
2457c478bd9Sstevel@tonic-gate * rseed (r) seed for random key generator
2467c478bd9Sstevel@tonic-gate * principal (r) kerberos principal to add
2477c478bd9Sstevel@tonic-gate * attrs (r) principal's attributes
2487c478bd9Sstevel@tonic-gate * lifetime (r) principal's max life, or 0
2497c478bd9Sstevel@tonic-gate * not_unique (r) error message for multiple entries, never used
2507c478bd9Sstevel@tonic-gate * exists (r) warning message for principal exists
2517c478bd9Sstevel@tonic-gate * wrong_attrs (r) warning message for wrong attributes
2527c478bd9Sstevel@tonic-gate *
2537c478bd9Sstevel@tonic-gate * Returns:
2547c478bd9Sstevel@tonic-gate *
25556a424ccSmp * OK on success
25656a424ccSmp * ERR on serious errors
2577c478bd9Sstevel@tonic-gate *
2587c478bd9Sstevel@tonic-gate * Effects:
259*55fea89dSDan Cross *
2607c478bd9Sstevel@tonic-gate * If the principal is not unique, not_unique is printed (but this
2617c478bd9Sstevel@tonic-gate * never happens). If the principal exists, then exists is printed
2627c478bd9Sstevel@tonic-gate * and if the principals attributes != attrs, wrong_attrs is printed.
2637c478bd9Sstevel@tonic-gate * Otherwise, the principal is created with mod_by creator and
2647c478bd9Sstevel@tonic-gate * attributes attrs and max life of lifetime (if not zero).
2657c478bd9Sstevel@tonic-gate */
2667c478bd9Sstevel@tonic-gate
add_admin_princ(void * handle,krb5_context context,krb5_principal principal,int attrs,int lifetime)267e2f93a30S static int add_admin_princ(void *handle, krb5_context context,
2687c478bd9Sstevel@tonic-gate krb5_principal principal, int attrs, int lifetime)
2697c478bd9Sstevel@tonic-gate {
2707c478bd9Sstevel@tonic-gate char *fullname;
2717c478bd9Sstevel@tonic-gate krb5_error_code ret;
2727c478bd9Sstevel@tonic-gate kadm5_principal_ent_rec ent;
2737c478bd9Sstevel@tonic-gate
2747c478bd9Sstevel@tonic-gate memset(&ent, 0, sizeof(ent));
2757c478bd9Sstevel@tonic-gate
2767c478bd9Sstevel@tonic-gate if (krb5_unparse_name(context, principal, &fullname))
27756a424ccSmp return ERR;
2787c478bd9Sstevel@tonic-gate
2797c478bd9Sstevel@tonic-gate ent.principal = principal;
2807c478bd9Sstevel@tonic-gate ent.max_life = lifetime;
2817c478bd9Sstevel@tonic-gate ent.attributes = attrs | KRB5_KDB_DISALLOW_ALL_TIX;
282*55fea89dSDan Cross
28356a424ccSmp ret = kadm5_create_principal(handle, &ent,
28456a424ccSmp (KADM5_PRINCIPAL | KADM5_MAX_LIFE |
28556a424ccSmp KADM5_ATTRIBUTES),
28656a424ccSmp "to-be-random");
28756a424ccSmp if (ret) {
2887c478bd9Sstevel@tonic-gate if (ret != KADM5_DUP) {
289159d09a2SMark Phalan com_err(progname, ret,
2907c478bd9Sstevel@tonic-gate gettext(str_PUT_PRINC), fullname);
2917c478bd9Sstevel@tonic-gate krb5_free_principal(context, ent.principal);
2927c478bd9Sstevel@tonic-gate free(fullname);
29356a424ccSmp return ERR;
2947c478bd9Sstevel@tonic-gate }
2957c478bd9Sstevel@tonic-gate } else {
2967c478bd9Sstevel@tonic-gate /* only randomize key if we created the principal */
297e2f93a30S
298e2f93a30S /*
299e2f93a30S * Solaris Kerberos:
300e2f93a30S * Create kadmind principals with keys for all supported encryption types.
301e2f93a30S * Follows a similar pattern to add_principal() in keytab.c.
302e2f93a30S */
303e2f93a30S krb5_enctype *tmpenc, *enctype = NULL;
304e2f93a30S krb5_key_salt_tuple *keysalt;
305e2f93a30S int num_ks, i;
306e2f93a30S krb5_int32 normalsalttype;
307e2f93a30S
308e2f93a30S ret = krb5_get_permitted_enctypes(context, &enctype);
309b89e8170SToomas Soome if (ret || *enctype == 0) {
310e2f93a30S com_err(progname, ret,
311e2f93a30S gettext("while getting list of permitted encryption types"));
312e2f93a30S krb5_free_principal(context, ent.principal);
313e2f93a30S free(fullname);
314e2f93a30S return ERR;
315e2f93a30S }
316e2f93a30S
317e2f93a30S /* Count the number of enc types */
318e2f93a30S for (tmpenc = enctype, num_ks = 0; *tmpenc; tmpenc++)
319e2f93a30S num_ks++;
320e2f93a30S
321e2f93a30S keysalt = malloc (sizeof (krb5_key_salt_tuple) * num_ks);
322e2f93a30S if (keysalt == NULL) {
323e2f93a30S com_err(progname, ENOMEM,
324e2f93a30S gettext("while generating list of key salt tuples"));
325e2f93a30S krb5_free_ktypes(context, enctype);
326e2f93a30S krb5_free_principal(context, ent.principal);
327e2f93a30S free(fullname);
328e2f93a30S return ERR;
329e2f93a30S }
330e2f93a30S
331e2f93a30S ret = krb5_string_to_salttype("normal", &normalsalttype);
332e2f93a30S if (ret) {
333e2f93a30S com_err(progname, ret,
334e2f93a30S gettext("while converting \"normal\" to a salttype"));
335e2f93a30S free(keysalt);
336e2f93a30S krb5_free_ktypes(context, enctype);
337e2f93a30S krb5_free_principal(context, ent.principal);
338e2f93a30S free(fullname);
339e2f93a30S return ERR;
340e2f93a30S }
341e2f93a30S
342e2f93a30S /* Only create keys with "normal" salttype */
343e2f93a30S for (i = 0; i < num_ks; i++) {
344e2f93a30S keysalt[i].ks_enctype = enctype[i];
345e2f93a30S keysalt[i].ks_salttype = normalsalttype;
346e2f93a30S }
347e2f93a30S
348e2f93a30S ret = kadm5_randkey_principal_3(handle, ent.principal, FALSE, num_ks,
349e2f93a30S keysalt, NULL, NULL);
350e2f93a30S free(keysalt);
351e2f93a30S krb5_free_ktypes (context, enctype);
352e2f93a30S
353e2f93a30S
354159d09a2SMark Phalan if (ret) {
355159d09a2SMark Phalan com_err(progname, ret,
3567c478bd9Sstevel@tonic-gate gettext(str_RANDOM_KEY), fullname);
35756a424ccSmp krb5_free_principal(context, ent.principal);
35856a424ccSmp free(fullname);
35956a424ccSmp return ERR;
36056a424ccSmp }
361*55fea89dSDan Cross
36256a424ccSmp ent.attributes = attrs;
36356a424ccSmp ret = kadm5_modify_principal(handle, &ent, KADM5_ATTRIBUTES);
36456a424ccSmp if (ret) {
36556a424ccSmp com_err(progname, ret,
36656a424ccSmp gettext(str_PUT_PRINC), fullname);
36756a424ccSmp krb5_free_principal(context, ent.principal);
36856a424ccSmp free(fullname);
36956a424ccSmp return ERR;
37056a424ccSmp }
37156a424ccSmp }
372*55fea89dSDan Cross
37356a424ccSmp krb5_free_principal(context, ent.principal);
37456a424ccSmp free(fullname);
3757c478bd9Sstevel@tonic-gate
37656a424ccSmp return OK;
3777c478bd9Sstevel@tonic-gate }
3787c478bd9Sstevel@tonic-gate
3797c478bd9Sstevel@tonic-gate int
add_admin_old_princ(void * handle,krb5_context context,char * name,char * realm,int attrs,int lifetime)3807c478bd9Sstevel@tonic-gate add_admin_old_princ(void *handle, krb5_context context,
3817c478bd9Sstevel@tonic-gate char *name, char *realm, int attrs, int lifetime)
3827c478bd9Sstevel@tonic-gate {
3837c478bd9Sstevel@tonic-gate char *fullname;
3847c478bd9Sstevel@tonic-gate krb5_error_code ret;
3857c478bd9Sstevel@tonic-gate krb5_principal principal;
3867c478bd9Sstevel@tonic-gate
3877c478bd9Sstevel@tonic-gate fullname = build_name_with_realm(name, realm);
3887c478bd9Sstevel@tonic-gate if (ret = krb5_parse_name(context, fullname, &principal)) {
3897c478bd9Sstevel@tonic-gate com_err(progname, ret, gettext(str_PARSE_NAME));
39056a424ccSmp return (ERR);
3917c478bd9Sstevel@tonic-gate }
3927c478bd9Sstevel@tonic-gate
3937c478bd9Sstevel@tonic-gate return (add_admin_princ(handle, context, principal, attrs, lifetime));
3947c478bd9Sstevel@tonic-gate }
3957c478bd9Sstevel@tonic-gate
3967c478bd9Sstevel@tonic-gate int
add_admin_sname_princ(void * handle,krb5_context context,char * sname,int attrs,int lifetime)3977c478bd9Sstevel@tonic-gate add_admin_sname_princ(void *handle, krb5_context context,
3987c478bd9Sstevel@tonic-gate char *sname, int attrs, int lifetime)
3997c478bd9Sstevel@tonic-gate {
4007c478bd9Sstevel@tonic-gate krb5_error_code ret;
4017c478bd9Sstevel@tonic-gate krb5_principal principal;
4027c478bd9Sstevel@tonic-gate
4037c478bd9Sstevel@tonic-gate if (ret = krb5_sname_to_principal(context, NULL, sname,
4047c478bd9Sstevel@tonic-gate KRB5_NT_SRV_HST, &principal)) {
4057c478bd9Sstevel@tonic-gate com_err(progname, ret,
4067c478bd9Sstevel@tonic-gate gettext("Could not get host based "
4077c478bd9Sstevel@tonic-gate "service name for %s principal\n"), sname);
40856a424ccSmp return (ERR);
4097c478bd9Sstevel@tonic-gate }
4107c478bd9Sstevel@tonic-gate return (add_admin_princ(handle, context, principal, attrs, lifetime));
4117c478bd9Sstevel@tonic-gate }
4127c478bd9Sstevel@tonic-gate
4137c478bd9Sstevel@tonic-gate
414*55fea89dSDan Cross
415