17c478bd9Sstevel@tonic-gate /* 2*aa5f683fSmp153739 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 37c478bd9Sstevel@tonic-gate * Use is subject to license terms. 47c478bd9Sstevel@tonic-gate */ 57c478bd9Sstevel@tonic-gate 67c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 77c478bd9Sstevel@tonic-gate /* 87c478bd9Sstevel@tonic-gate * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved. 97c478bd9Sstevel@tonic-gate * 107c478bd9Sstevel@tonic-gate * $Id: kadm5_create.c,v 1.6 1998/10/30 02:52:37 marc Exp $ 117c478bd9Sstevel@tonic-gate * $Source: /cvs/krbdev/krb5/src/kadmin/dbutil/kadm5_create.c,v $ 127c478bd9Sstevel@tonic-gate */ 137c478bd9Sstevel@tonic-gate 147c478bd9Sstevel@tonic-gate /* 157c478bd9Sstevel@tonic-gate * Copyright (C) 1998 by the FundsXpress, INC. 167c478bd9Sstevel@tonic-gate * 177c478bd9Sstevel@tonic-gate * All rights reserved. 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may require 207c478bd9Sstevel@tonic-gate * a specific license from the United States Government. It is the 217c478bd9Sstevel@tonic-gate * responsibility of any person or organization contemplating export to 227c478bd9Sstevel@tonic-gate * obtain such a license before exporting. 237c478bd9Sstevel@tonic-gate * 247c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 257c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and 267c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright 277c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and 287c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that 297c478bd9Sstevel@tonic-gate * the name of FundsXpress. not be used in advertising or publicity pertaining 307c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior 317c478bd9Sstevel@tonic-gate * permission. FundsXpress makes no representations about the suitability of 327c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express 337c478bd9Sstevel@tonic-gate * or implied warranty. 347c478bd9Sstevel@tonic-gate * 357c478bd9Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 367c478bd9Sstevel@tonic-gate * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 377c478bd9Sstevel@tonic-gate * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 387c478bd9Sstevel@tonic-gate */ 397c478bd9Sstevel@tonic-gate 407c478bd9Sstevel@tonic-gate #if !defined(lint) && !defined(__CODECENTER__) 417c478bd9Sstevel@tonic-gate static char *rcsid = "$Header: /cvs/krbdev/krb5/src/kadmin/dbutil/kadm5_create.c,v 1.6 1998/10/30 02:52:37 marc Exp $"; 427c478bd9Sstevel@tonic-gate #endif 437c478bd9Sstevel@tonic-gate 447c478bd9Sstevel@tonic-gate #include "string_table.h" 457c478bd9Sstevel@tonic-gate 467c478bd9Sstevel@tonic-gate #include <stdio.h> 477c478bd9Sstevel@tonic-gate #include <stdlib.h> 487c478bd9Sstevel@tonic-gate #include <string.h> 497c478bd9Sstevel@tonic-gate #include <kadm5/adb.h> 507c478bd9Sstevel@tonic-gate #include <kadm5/admin.h> 517c478bd9Sstevel@tonic-gate 527c478bd9Sstevel@tonic-gate #include <krb5.h> 537c478bd9Sstevel@tonic-gate #include <krb5/kdb.h> 547c478bd9Sstevel@tonic-gate #include <libintl.h> 557c478bd9Sstevel@tonic-gate 567c478bd9Sstevel@tonic-gate int 577c478bd9Sstevel@tonic-gate add_admin_old_princ(void *handle, krb5_context context, 587c478bd9Sstevel@tonic-gate char *name, char *realm, int attrs, int lifetime); 597c478bd9Sstevel@tonic-gate int 607c478bd9Sstevel@tonic-gate add_admin_sname_princ(void *handle, krb5_context context, 617c478bd9Sstevel@tonic-gate char *sname, int attrs, int lifetime); 627c478bd9Sstevel@tonic-gate int 637c478bd9Sstevel@tonic-gate add_admin_princ(void *handle, krb5_context context, 647c478bd9Sstevel@tonic-gate krb5_principal principal, int attrs, int lifetime); 657c478bd9Sstevel@tonic-gate 667c478bd9Sstevel@tonic-gate #define KADM5_ERR 1 677c478bd9Sstevel@tonic-gate #define KADM5_OK 0 687c478bd9Sstevel@tonic-gate 697c478bd9Sstevel@tonic-gate #define ADMIN_LIFETIME 60*60*3 /* 3 hours */ 707c478bd9Sstevel@tonic-gate #define CHANGEPW_LIFETIME 60*5 /* 5 minutes */ 717c478bd9Sstevel@tonic-gate 727c478bd9Sstevel@tonic-gate extern char *progname; 737c478bd9Sstevel@tonic-gate 747c478bd9Sstevel@tonic-gate /* 757c478bd9Sstevel@tonic-gate * Function: kadm5_create 767c478bd9Sstevel@tonic-gate * 777c478bd9Sstevel@tonic-gate * Purpose: create admin principals in KDC database 787c478bd9Sstevel@tonic-gate * 797c478bd9Sstevel@tonic-gate * Arguments: params (r) configuration parameters to use 807c478bd9Sstevel@tonic-gate * 817c478bd9Sstevel@tonic-gate * Effects: Creates KADM5_ADMIN_SERVICE and KADM5_CHANGEPW_SERVICE 827c478bd9Sstevel@tonic-gate * principals in the KDC database and sets their attributes 837c478bd9Sstevel@tonic-gate * appropriately. 847c478bd9Sstevel@tonic-gate */ 857c478bd9Sstevel@tonic-gate int 867c478bd9Sstevel@tonic-gate kadm5_create(kadm5_config_params * params) 877c478bd9Sstevel@tonic-gate { 887c478bd9Sstevel@tonic-gate int retval; 897c478bd9Sstevel@tonic-gate void *handle; 907c478bd9Sstevel@tonic-gate krb5_context context; 917c478bd9Sstevel@tonic-gate FILE *f; 927c478bd9Sstevel@tonic-gate 937c478bd9Sstevel@tonic-gate kadm5_config_params lparams; 947c478bd9Sstevel@tonic-gate 957c478bd9Sstevel@tonic-gate if (retval = krb5_init_context(&context)) 967c478bd9Sstevel@tonic-gate exit(KADM5_ERR); 977c478bd9Sstevel@tonic-gate 987c478bd9Sstevel@tonic-gate (void) memset(&lparams, 0, sizeof (kadm5_config_params)); 997c478bd9Sstevel@tonic-gate 1007c478bd9Sstevel@tonic-gate /* 1017c478bd9Sstevel@tonic-gate * The lock file has to exist before calling kadm5_init, but 1027c478bd9Sstevel@tonic-gate * params->admin_lockfile may not be set yet... 1037c478bd9Sstevel@tonic-gate */ 1047c478bd9Sstevel@tonic-gate if (retval = kadm5_get_config_params(context, NULL, NULL, 1057c478bd9Sstevel@tonic-gate params, &lparams)) { 1067c478bd9Sstevel@tonic-gate com_err(progname, retval, gettext(str_INITING_KCONTEXT)); 1077c478bd9Sstevel@tonic-gate return (1); 1087c478bd9Sstevel@tonic-gate } 1097c478bd9Sstevel@tonic-gate if (retval = osa_adb_create_policy_db(&lparams)) { 1107c478bd9Sstevel@tonic-gate com_err(progname, retval, gettext(str_CREATING_POLICY_DB)); 1117c478bd9Sstevel@tonic-gate return (1); 1127c478bd9Sstevel@tonic-gate } 1137c478bd9Sstevel@tonic-gate 1147c478bd9Sstevel@tonic-gate retval = kadm5_create_magic_princs(&lparams, context); 1157c478bd9Sstevel@tonic-gate 1167c478bd9Sstevel@tonic-gate kadm5_free_config_params(context, &lparams); 1177c478bd9Sstevel@tonic-gate krb5_free_context(context); 1187c478bd9Sstevel@tonic-gate 1197c478bd9Sstevel@tonic-gate return (retval); 1207c478bd9Sstevel@tonic-gate } 1217c478bd9Sstevel@tonic-gate 1227c478bd9Sstevel@tonic-gate int 1237c478bd9Sstevel@tonic-gate kadm5_create_magic_princs(kadm5_config_params * params, 1247c478bd9Sstevel@tonic-gate krb5_context *context) 1257c478bd9Sstevel@tonic-gate { 1267c478bd9Sstevel@tonic-gate int retval; 1277c478bd9Sstevel@tonic-gate void *handle; 1287c478bd9Sstevel@tonic-gate 1297c478bd9Sstevel@tonic-gate if ((retval = kadm5_init(progname, NULL, NULL, params, 1307c478bd9Sstevel@tonic-gate KADM5_STRUCT_VERSION, 1317c478bd9Sstevel@tonic-gate KADM5_API_VERSION_2, 1327c478bd9Sstevel@tonic-gate &handle))) { 1337c478bd9Sstevel@tonic-gate com_err(progname, retval, gettext(str_INITING_KCONTEXT)); 1347c478bd9Sstevel@tonic-gate return (retval); 1357c478bd9Sstevel@tonic-gate } 1367c478bd9Sstevel@tonic-gate retval = add_admin_princs(handle, context, params->realm); 1377c478bd9Sstevel@tonic-gate 1387c478bd9Sstevel@tonic-gate kadm5_destroy(handle); 1397c478bd9Sstevel@tonic-gate 1407c478bd9Sstevel@tonic-gate return (retval); 1417c478bd9Sstevel@tonic-gate } 1427c478bd9Sstevel@tonic-gate 1437c478bd9Sstevel@tonic-gate /* 1447c478bd9Sstevel@tonic-gate * Function: build_name_with_realm 1457c478bd9Sstevel@tonic-gate * 1467c478bd9Sstevel@tonic-gate * Purpose: concatenate a name and a realm to form a krb5 name 1477c478bd9Sstevel@tonic-gate * 1487c478bd9Sstevel@tonic-gate * Arguments: 1497c478bd9Sstevel@tonic-gate * 1507c478bd9Sstevel@tonic-gate * name (input) the name 1517c478bd9Sstevel@tonic-gate * realm (input) the realm 1527c478bd9Sstevel@tonic-gate * 1537c478bd9Sstevel@tonic-gate * Returns: 1547c478bd9Sstevel@tonic-gate * 1557c478bd9Sstevel@tonic-gate * pointer to name@realm, in allocated memory, or NULL if it 1567c478bd9Sstevel@tonic-gate * cannot be allocated 1577c478bd9Sstevel@tonic-gate * 1587c478bd9Sstevel@tonic-gate * Requires: both strings are null-terminated 1597c478bd9Sstevel@tonic-gate */ 1607c478bd9Sstevel@tonic-gate char * 1617c478bd9Sstevel@tonic-gate build_name_with_realm(char *name, char *realm) 1627c478bd9Sstevel@tonic-gate { 1637c478bd9Sstevel@tonic-gate char *n; 1647c478bd9Sstevel@tonic-gate 1657c478bd9Sstevel@tonic-gate n = (char *) malloc(strlen(name) + strlen(realm) + 2); 1667c478bd9Sstevel@tonic-gate sprintf(n, "%s@%s", name, realm); 1677c478bd9Sstevel@tonic-gate return (n); 1687c478bd9Sstevel@tonic-gate } 1697c478bd9Sstevel@tonic-gate 1707c478bd9Sstevel@tonic-gate /* 1717c478bd9Sstevel@tonic-gate * Function: add_admin_princs 1727c478bd9Sstevel@tonic-gate * 1737c478bd9Sstevel@tonic-gate * Purpose: create admin principals 1747c478bd9Sstevel@tonic-gate * 1757c478bd9Sstevel@tonic-gate * Arguments: 1767c478bd9Sstevel@tonic-gate * 1777c478bd9Sstevel@tonic-gate * rseed (input) random seed 1787c478bd9Sstevel@tonic-gate * realm (input) realm, or NULL for default realm 1797c478bd9Sstevel@tonic-gate * <return value> (output) status, 0 for success, 1 for serious error 1807c478bd9Sstevel@tonic-gate * 1817c478bd9Sstevel@tonic-gate * Requires: 1827c478bd9Sstevel@tonic-gate * 1837c478bd9Sstevel@tonic-gate * Effects: 1847c478bd9Sstevel@tonic-gate * 1857c478bd9Sstevel@tonic-gate * add_admin_princs creates KADM5_ADMIN_SERVICE, 1867c478bd9Sstevel@tonic-gate * KADM5_CHANGEPW_SERVICE. If any of these exist a message is 1877c478bd9Sstevel@tonic-gate * printed. If any of these existing principal do not have the proper 1887c478bd9Sstevel@tonic-gate * attributes, a warning message is printed. 1897c478bd9Sstevel@tonic-gate */ 1907c478bd9Sstevel@tonic-gate int 1917c478bd9Sstevel@tonic-gate add_admin_princs(void *handle, krb5_context context, char *realm) 1927c478bd9Sstevel@tonic-gate { 1937c478bd9Sstevel@tonic-gate krb5_error_code ret = 0; 1947c478bd9Sstevel@tonic-gate 195*aa5f683fSmp153739 /* 196*aa5f683fSmp153739 * Solaris Kerberos: 197*aa5f683fSmp153739 * The kadmin/admin principal is unused on Solaris. This principal is used 198*aa5f683fSmp153739 * in AUTH_GSSAPI but Solaris doesn't support AUTH_GSSAPI. RPCSEC_GSS can only 199*aa5f683fSmp153739 * be used with host-based principals. 200*aa5f683fSmp153739 * 201*aa5f683fSmp153739 */ 202*aa5f683fSmp153739 203*aa5f683fSmp153739 #if 0 2047c478bd9Sstevel@tonic-gate if ((ret = add_admin_old_princ(handle, context, 2057c478bd9Sstevel@tonic-gate KADM5_ADMIN_SERVICE, realm, 2067c478bd9Sstevel@tonic-gate KRB5_KDB_DISALLOW_TGT_BASED, 2077c478bd9Sstevel@tonic-gate ADMIN_LIFETIME))) 2087c478bd9Sstevel@tonic-gate goto clean_and_exit; 209*aa5f683fSmp153739 #endif 2107c478bd9Sstevel@tonic-gate 2117c478bd9Sstevel@tonic-gate if ((ret = add_admin_old_princ(handle, context, 2127c478bd9Sstevel@tonic-gate KADM5_CHANGEPW_SERVICE, realm, 2137c478bd9Sstevel@tonic-gate KRB5_KDB_DISALLOW_TGT_BASED | 2147c478bd9Sstevel@tonic-gate KRB5_KDB_PWCHANGE_SERVICE, 2157c478bd9Sstevel@tonic-gate CHANGEPW_LIFETIME))) 2167c478bd9Sstevel@tonic-gate goto clean_and_exit; 2177c478bd9Sstevel@tonic-gate 2187c478bd9Sstevel@tonic-gate if ((ret = add_admin_sname_princ(handle, context, 2197c478bd9Sstevel@tonic-gate KADM5_ADMIN_HOST_SERVICE, 2207c478bd9Sstevel@tonic-gate KRB5_KDB_DISALLOW_TGT_BASED, 2217c478bd9Sstevel@tonic-gate ADMIN_LIFETIME))) 2227c478bd9Sstevel@tonic-gate goto clean_and_exit; 2237c478bd9Sstevel@tonic-gate 2247c478bd9Sstevel@tonic-gate if ((ret = add_admin_sname_princ(handle, context, 2257c478bd9Sstevel@tonic-gate KADM5_CHANGEPW_HOST_SERVICE, 2267c478bd9Sstevel@tonic-gate KRB5_KDB_DISALLOW_TGT_BASED | 2277c478bd9Sstevel@tonic-gate KRB5_KDB_PWCHANGE_SERVICE, 2287c478bd9Sstevel@tonic-gate ADMIN_LIFETIME))) 2297c478bd9Sstevel@tonic-gate goto clean_and_exit; 2307c478bd9Sstevel@tonic-gate 231*aa5f683fSmp153739 if ((ret = add_admin_sname_princ(handle, context, 232*aa5f683fSmp153739 KADM5_KIPROP_HOST_SERVICE, 233*aa5f683fSmp153739 KRB5_KDB_DISALLOW_TGT_BASED, 234*aa5f683fSmp153739 ADMIN_LIFETIME))) 235*aa5f683fSmp153739 goto clean_and_exit; 236*aa5f683fSmp153739 2377c478bd9Sstevel@tonic-gate clean_and_exit: 2387c478bd9Sstevel@tonic-gate 2397c478bd9Sstevel@tonic-gate return (ret); 2407c478bd9Sstevel@tonic-gate } 2417c478bd9Sstevel@tonic-gate 2427c478bd9Sstevel@tonic-gate /* 2437c478bd9Sstevel@tonic-gate * Function: add_admin_princ 2447c478bd9Sstevel@tonic-gate * 2457c478bd9Sstevel@tonic-gate * Arguments: 2467c478bd9Sstevel@tonic-gate * 2477c478bd9Sstevel@tonic-gate * creator (r) principal to use as "mod_by" 2487c478bd9Sstevel@tonic-gate * rseed (r) seed for random key generator 2497c478bd9Sstevel@tonic-gate * principal (r) kerberos principal to add 2507c478bd9Sstevel@tonic-gate * attrs (r) principal's attributes 2517c478bd9Sstevel@tonic-gate * lifetime (r) principal's max life, or 0 2527c478bd9Sstevel@tonic-gate * not_unique (r) error message for multiple entries, never used 2537c478bd9Sstevel@tonic-gate * exists (r) warning message for principal exists 2547c478bd9Sstevel@tonic-gate * wrong_attrs (r) warning message for wrong attributes 2557c478bd9Sstevel@tonic-gate * 2567c478bd9Sstevel@tonic-gate * Returns: 2577c478bd9Sstevel@tonic-gate * 2587c478bd9Sstevel@tonic-gate * KADM5_OK on success 2597c478bd9Sstevel@tonic-gate * KADM5_ERR on serious errors 2607c478bd9Sstevel@tonic-gate * 2617c478bd9Sstevel@tonic-gate * Effects: 2627c478bd9Sstevel@tonic-gate * 2637c478bd9Sstevel@tonic-gate * If the principal is not unique, not_unique is printed (but this 2647c478bd9Sstevel@tonic-gate * never happens). If the principal exists, then exists is printed 2657c478bd9Sstevel@tonic-gate * and if the principals attributes != attrs, wrong_attrs is printed. 2667c478bd9Sstevel@tonic-gate * Otherwise, the principal is created with mod_by creator and 2677c478bd9Sstevel@tonic-gate * attributes attrs and max life of lifetime (if not zero). 2687c478bd9Sstevel@tonic-gate */ 2697c478bd9Sstevel@tonic-gate 2707c478bd9Sstevel@tonic-gate int 2717c478bd9Sstevel@tonic-gate add_admin_princ(void *handle, krb5_context context, 2727c478bd9Sstevel@tonic-gate krb5_principal principal, int attrs, int lifetime) 2737c478bd9Sstevel@tonic-gate { 2747c478bd9Sstevel@tonic-gate char *fullname; 2757c478bd9Sstevel@tonic-gate krb5_error_code ret; 2767c478bd9Sstevel@tonic-gate kadm5_principal_ent_rec ent; 2777c478bd9Sstevel@tonic-gate 2787c478bd9Sstevel@tonic-gate memset(&ent, 0, sizeof(ent)); 2797c478bd9Sstevel@tonic-gate 2807c478bd9Sstevel@tonic-gate if (krb5_unparse_name(context, principal, &fullname)) 2817c478bd9Sstevel@tonic-gate return (KADM5_ERR); 2827c478bd9Sstevel@tonic-gate 2837c478bd9Sstevel@tonic-gate ent.principal = principal; 2847c478bd9Sstevel@tonic-gate ent.max_life = lifetime; 2857c478bd9Sstevel@tonic-gate ent.attributes = attrs | KRB5_KDB_DISALLOW_ALL_TIX; 2867c478bd9Sstevel@tonic-gate 2877c478bd9Sstevel@tonic-gate if (ret = kadm5_create_principal(handle, &ent, 2887c478bd9Sstevel@tonic-gate (KADM5_PRINCIPAL | 2897c478bd9Sstevel@tonic-gate KADM5_MAX_LIFE | 2907c478bd9Sstevel@tonic-gate KADM5_ATTRIBUTES), 2917c478bd9Sstevel@tonic-gate "to-be-random")) { 2927c478bd9Sstevel@tonic-gate if (ret != KADM5_DUP) { 2937c478bd9Sstevel@tonic-gate com_err(progname, ret, 2947c478bd9Sstevel@tonic-gate gettext(str_PUT_PRINC), fullname); 2957c478bd9Sstevel@tonic-gate krb5_free_principal(context, ent.principal); 2967c478bd9Sstevel@tonic-gate free(fullname); 2977c478bd9Sstevel@tonic-gate return (KADM5_ERR); 2987c478bd9Sstevel@tonic-gate } 2997c478bd9Sstevel@tonic-gate } else { 3007c478bd9Sstevel@tonic-gate /* only randomize key if we created the principal */ 3017c478bd9Sstevel@tonic-gate ret = kadm5_randkey_principal(handle, ent.principal, NULL, NULL); 3027c478bd9Sstevel@tonic-gate if (ret) { 3037c478bd9Sstevel@tonic-gate com_err(progname, ret, 3047c478bd9Sstevel@tonic-gate gettext(str_RANDOM_KEY), fullname); 3057c478bd9Sstevel@tonic-gate krb5_free_principal(context, ent.principal); 3067c478bd9Sstevel@tonic-gate free(fullname); 3077c478bd9Sstevel@tonic-gate return (KADM5_ERR); 3087c478bd9Sstevel@tonic-gate } 3097c478bd9Sstevel@tonic-gate ent.attributes = attrs; 3107c478bd9Sstevel@tonic-gate ret = kadm5_modify_principal(handle, &ent, KADM5_ATTRIBUTES); 3117c478bd9Sstevel@tonic-gate if (ret) { 3127c478bd9Sstevel@tonic-gate com_err(progname, ret, 3137c478bd9Sstevel@tonic-gate gettext(str_PUT_PRINC), fullname); 3147c478bd9Sstevel@tonic-gate krb5_free_principal(context, ent.principal); 3157c478bd9Sstevel@tonic-gate free(fullname); 3167c478bd9Sstevel@tonic-gate return (KADM5_ERR); 3177c478bd9Sstevel@tonic-gate } 3187c478bd9Sstevel@tonic-gate } 3197c478bd9Sstevel@tonic-gate 3207c478bd9Sstevel@tonic-gate krb5_free_principal(context, ent.principal); 3217c478bd9Sstevel@tonic-gate free(fullname); 3227c478bd9Sstevel@tonic-gate 3237c478bd9Sstevel@tonic-gate return (KADM5_OK); 3247c478bd9Sstevel@tonic-gate } 3257c478bd9Sstevel@tonic-gate 3267c478bd9Sstevel@tonic-gate int 3277c478bd9Sstevel@tonic-gate add_admin_old_princ(void *handle, krb5_context context, 3287c478bd9Sstevel@tonic-gate char *name, char *realm, int attrs, int lifetime) 3297c478bd9Sstevel@tonic-gate { 3307c478bd9Sstevel@tonic-gate char *fullname; 3317c478bd9Sstevel@tonic-gate krb5_error_code ret; 3327c478bd9Sstevel@tonic-gate krb5_principal principal; 3337c478bd9Sstevel@tonic-gate 3347c478bd9Sstevel@tonic-gate fullname = build_name_with_realm(name, realm); 3357c478bd9Sstevel@tonic-gate if (ret = krb5_parse_name(context, fullname, &principal)) { 3367c478bd9Sstevel@tonic-gate com_err(progname, ret, gettext(str_PARSE_NAME)); 3377c478bd9Sstevel@tonic-gate return (KADM5_ERR); 3387c478bd9Sstevel@tonic-gate } 3397c478bd9Sstevel@tonic-gate 3407c478bd9Sstevel@tonic-gate return (add_admin_princ(handle, context, principal, attrs, lifetime)); 3417c478bd9Sstevel@tonic-gate } 3427c478bd9Sstevel@tonic-gate 3437c478bd9Sstevel@tonic-gate int 3447c478bd9Sstevel@tonic-gate add_admin_sname_princ(void *handle, krb5_context context, 3457c478bd9Sstevel@tonic-gate char *sname, int attrs, int lifetime) 3467c478bd9Sstevel@tonic-gate { 3477c478bd9Sstevel@tonic-gate krb5_error_code ret; 3487c478bd9Sstevel@tonic-gate krb5_principal principal; 3497c478bd9Sstevel@tonic-gate 3507c478bd9Sstevel@tonic-gate if (ret = krb5_sname_to_principal(context, NULL, sname, 3517c478bd9Sstevel@tonic-gate KRB5_NT_SRV_HST, &principal)) { 3527c478bd9Sstevel@tonic-gate com_err(progname, ret, 3537c478bd9Sstevel@tonic-gate gettext("Could not get host based " 3547c478bd9Sstevel@tonic-gate "service name for %s principal\n"), sname); 3557c478bd9Sstevel@tonic-gate return (KADM5_ERR); 3567c478bd9Sstevel@tonic-gate } 3577c478bd9Sstevel@tonic-gate return (add_admin_princ(handle, context, principal, attrs, lifetime)); 3587c478bd9Sstevel@tonic-gate } 3597c478bd9Sstevel@tonic-gate 3607c478bd9Sstevel@tonic-gate 3617c478bd9Sstevel@tonic-gate 362