summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTheodore Tso <tytso@mit.edu>1994-10-07 04:55:30 +0000
committerTheodore Tso <tytso@mit.edu>1994-10-07 04:55:30 +0000
commit65fc7036916bfa0ef655a9a2bb9401fb95036f29 (patch)
tree44f4a408832c76cea885ec4639154456f67b2293
parent17339eb1dc3e18d59b055c6523676f9442e14b1f (diff)
downloadkrb5-65fc7036916bfa0ef655a9a2bb9401fb95036f29.tar.gz
krb5-65fc7036916bfa0ef655a9a2bb9401fb95036f29.tar.xz
krb5-65fc7036916bfa0ef655a9a2bb9401fb95036f29.zip
Add new option -P to specify master key passwrd on the command line.
For testing only! Fix bug where use of the -R option would report a random error, due to the error code variable passed to ss_execute_line not being cleared first. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4474 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r--src/admin/edit/ChangeLog10
-rw-r--r--src/admin/edit/kdb5_edit.c33
-rw-r--r--src/admin/edit/ss_wrapper.c2
3 files changed, 39 insertions, 6 deletions
diff --git a/src/admin/edit/ChangeLog b/src/admin/edit/ChangeLog
index 8217853ea8..870c634bf1 100644
--- a/src/admin/edit/ChangeLog
+++ b/src/admin/edit/ChangeLog
@@ -1,3 +1,13 @@
+Fri Oct 7 00:01:40 1994 Theodore Y. Ts'o (tytso@dcl)
+
+ * ss_wrapper.c (main): Clear code before ss_execute_line, since
+ ss_execute_line doesn't set code to 0 if there are no
+ problems.
+
+ * kdb5_edit.c (kdb5_edit_Init): Add a new option so that the
+ master key password can be entered on the command line ---
+ for testing only; not documented!!
+
Mon Oct 3 19:10:47 1994 Theodore Y. Ts'o (tytso@dcl)
* Makefile.in: Use $(srcdir) to find manual page for make install.
diff --git a/src/admin/edit/kdb5_edit.c b/src/admin/edit/kdb5_edit.c
index 3681ee92d2..0c07c98df0 100644
--- a/src/admin/edit/kdb5_edit.c
+++ b/src/admin/edit/kdb5_edit.c
@@ -60,6 +60,7 @@ static int num_name_tokens;
static char search_instance[40];
static int num_instance_tokens;
static int must_be_first[2];
+static char *mkey_password = 0;
/*
* I can't figure out any way for this not to be global, given how ss
@@ -117,8 +118,11 @@ char *kdb5_edit_Init(argc, argv)
progname = argv[0];
- while ((optchar = getopt(argc, argv, "d:r:R:k:M:e:m")) != EOF) {
+ while ((optchar = getopt(argc, argv, "P:d:r:R:k:M:e:m")) != EOF) {
switch(optchar) {
+ case 'P': /* Only used for testing!!! */
+ mkey_password = optarg;
+ break;
case 'd': /* set db name */
dbname = optarg;
break;
@@ -374,6 +378,7 @@ char *dbname;
krb5_error_code retval;
int nentries;
krb5_boolean more;
+ krb5_data scratch, pwd;
if (current_dbname)
free(current_dbname);
@@ -428,16 +433,34 @@ char *dbname;
mblock.mkvno = master_entry.kvno;
krb5_db_free_principal(&master_entry, nentries);
- if (retval = krb5_db_fetch_mkey(master_princ, &master_encblock,
- manual_mkey, FALSE, 0, &master_keyblock)) {
+ if (mkey_password) {
+ pwd.data = mkey_password;
+ pwd.length = strlen(mkey_password);
+ retval = krb5_principal2salt(master_princ, &scratch);
+ if (retval) {
+ com_err(pname, retval, "while calculated master key salt");
+ return(1);
+ }
+ retval = krb5_string_to_key(&master_encblock, master_keyblock.keytype,
+ &master_keyblock, &pwd, &scratch);
+ if (retval) {
+ com_err(pname, retval,
+ "while transforming master key from password");
+ return(1);
+ }
+ free(scratch.data);
+ mkey_password = 0;
+ } else if (retval = krb5_db_fetch_mkey(master_princ, &master_encblock,
+ manual_mkey, FALSE, 0,
+ &master_keyblock)) {
com_err(pname, retval, "while reading master key");
com_err(pname, 0, "Warning: proceeding without master key");
exit_status++;
valid_master_key = 0;
dbactive = TRUE;
return(0);
- } else
- valid_master_key = 1;
+ }
+ valid_master_key = 1;
if (retval = krb5_db_verify_master_key(master_princ, &master_keyblock,
&master_encblock)) {
com_err(pname, retval, "while verifying master key");
diff --git a/src/admin/edit/ss_wrapper.c b/src/admin/edit/ss_wrapper.c
index 0da8943393..3f86c45a43 100644
--- a/src/admin/edit/ss_wrapper.c
+++ b/src/admin/edit/ss_wrapper.c
@@ -38,7 +38,7 @@ int main(argc, argv)
{
char *request;
krb5_error_code retval;
- int sci_idx, code;
+ int sci_idx, code = 0;
request = kdb5_edit_Init(argc, argv);
sci_idx = ss_create_invocation("kdb5_edit", "5.0", (char *) NULL,