Add new option -P to specify master key passwrd on the command line.

For testing only!

Fix bug where use of the -R option would report a random error, due to
the error code variable passed to ss_execute_line not being cleared first.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4474 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 39 insertions, 6 deletions

diff --git a/src/admin/edit/ChangeLog b/src/admin/edit/ChangeLog
index 8217853ea8..870c634bf1 100644
--- a/src/admin/edit/ChangeLog
+++ b/src/admin/edit/ChangeLog
@@ -1,3 +1,13 @@
+Fri Oct  7 00:01:40 1994  Theodore Y. Ts'o  (tytso@dcl)
+
+	* ss_wrapper.c (main): Clear code before ss_execute_line, since
+		ss_execute_line doesn't set code to 0 if there are no
+	problems. 
+
+	* kdb5_edit.c (kdb5_edit_Init): Add a new option so that the
+		master key password can be entered on the command line ---
+		for testing only; not documented!!
+
 Mon Oct  3 19:10:47 1994  Theodore Y. Ts'o  (tytso@dcl)
 
 	* Makefile.in: Use $(srcdir) to find manual page for make install.
diff --git a/src/admin/edit/kdb5_edit.c b/src/admin/edit/kdb5_edit.c
index 3681ee92d2..0c07c98df0 100644
--- a/src/admin/edit/kdb5_edit.c
+++ b/src/admin/edit/kdb5_edit.c
@@ -60,6 +60,7 @@ static int num_name_tokens;
 static char search_instance[40];
 static int num_instance_tokens;
 static int must_be_first[2];
+static char *mkey_password = 0;
 
 /*
  * I can't figure out any way for this not to be global, given how ss
@@ -117,8 +118,11 @@ char *kdb5_edit_Init(argc, argv)
 
     progname = argv[0];
 
-    while ((optchar = getopt(argc, argv, "d:r:R:k:M:e:m")) != EOF) {
+    while ((optchar = getopt(argc, argv, "P:d:r:R:k:M:e:m")) != EOF) {
 	switch(optchar) {
+        case 'P':		/* Only used for testing!!! */
+	    mkey_password = optarg;
+	    break;
 	case 'd':			/* set db name */
 	    dbname = optarg;
 	    break;
@@ -374,6 +378,7 @@ char *dbname;
     krb5_error_code retval;
     int nentries;
     krb5_boolean more;
+    krb5_data scratch, pwd;
 
     if (current_dbname)
 	    free(current_dbname);
@@ -428,16 +433,34 @@ char *dbname;
     mblock.mkvno = master_entry.kvno;
 
     krb5_db_free_principal(&master_entry, nentries);
-    if (retval = krb5_db_fetch_mkey(master_princ, &master_encblock,
-				    manual_mkey, FALSE, 0, &master_keyblock)) {
+    if (mkey_password) {
+	pwd.data = mkey_password;
+	pwd.length = strlen(mkey_password);
+	retval = krb5_principal2salt(master_princ, &scratch);
+	if (retval) {
+	    com_err(pname, retval, "while calculated master key salt");
+	    return(1);
+	}
+	retval = krb5_string_to_key(&master_encblock, master_keyblock.keytype,
+				    &master_keyblock, &pwd, &scratch);
+	if (retval) {
+	    com_err(pname, retval,
+		    "while transforming master key from password");
+	    return(1);
+	}
+	free(scratch.data);
+	mkey_password = 0;
+    } else if (retval = krb5_db_fetch_mkey(master_princ, &master_encblock,
+					   manual_mkey, FALSE, 0,
+					   &master_keyblock)) {
 	com_err(pname, retval, "while reading master key");
 	com_err(pname, 0, "Warning: proceeding without master key");
 	exit_status++;
 	valid_master_key = 0;
 	dbactive = TRUE;
 	return(0);
-    } else
-	    valid_master_key = 1;
+    }
+    valid_master_key = 1;
     if (retval = krb5_db_verify_master_key(master_princ, &master_keyblock,
 					   &master_encblock)) {
 	com_err(pname, retval, "while verifying master key");
diff --git a/src/admin/edit/ss_wrapper.c b/src/admin/edit/ss_wrapper.c
index 0da8943393..3f86c45a43 100644
--- a/src/admin/edit/ss_wrapper.c
+++ b/src/admin/edit/ss_wrapper.c
@@ -38,7 +38,7 @@ int main(argc, argv)
 {
     char *request;
     krb5_error_code retval;
-    int sci_idx, code;
+    int sci_idx, code = 0;
 
     request = kdb5_edit_Init(argc, argv);
     sci_idx = ss_create_invocation("kdb5_edit", "5.0", (char *) NULL,