* kdb5_stash.c (main): added -o option to read a Kerberos V4

	kstash'ed master key.
	(usage): mention it in the usage message.
	* kdb5_stash.M: document it.

Necessary for practical conversion of a functioning v4 realm...

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4609 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 59 insertions, 7 deletions

diff --git a/src/admin/stash/ChangeLog b/src/admin/stash/ChangeLog
index 7e09d9375..516cdd791 100644
--- a/src/admin/stash/ChangeLog
+++ b/src/admin/stash/ChangeLog
@@ -1,3 +1,10 @@
+Tue Nov  1 19:19:22 1994  Mark Eichin  (eichin@cygnus.com)
+
+	* kdb5_stash.c (main): added -o option to read a Kerberos V4
+	kstash'ed master key.
+	(usage): mention it in the usage message.
+	* kdb5_stash.M: document it.
+
 Mon Oct  3 19:11:08 1994  Theodore Y. Ts'o  (tytso@dcl)
 
 	* Makefile.in: Use $(srcdir) to find manual page for make install.
diff --git a/src/admin/stash/kdb5_stash.M b/src/admin/stash/kdb5_stash.M
index 06d02cc81..e45abb56e 100644
--- a/src/admin/stash/kdb5_stash.M
+++ b/src/admin/stash/kdb5_stash.M
@@ -43,6 +43,9 @@ kdb5_stash \- store a principal database master key on disk
 ] [
 .B \-f
 .I keyfile
+] [
+.B \-o
+.I v4-stash-file
 ]
 .br
 .SH DESCRIPTION
@@ -91,6 +94,11 @@ The
 .B \-f
 option specifies the file in which the master key should be stored; the
 default is DEFAULT_KEYFILE_STUB ("/.k5." concatenated with the realm name).
+.PP
+The
+.B \-o
+option specifies the file in which an old V4 master key was stored; this is
+usually the file "/.k".
 .SH SEE ALSO
 krb5(3), krb5kdc(8), kdb5_create(8)
 .SH BUGS
diff --git a/src/admin/stash/kdb5_stash.c b/src/admin/stash/kdb5_stash.c
index a713e281a..7aceeb49c 100644
--- a/src/admin/stash/kdb5_stash.c
+++ b/src/admin/stash/kdb5_stash.c
@@ -47,7 +47,7 @@ char *who;
 int status;
 {
     fprintf(stderr, "usage: %s [-d dbpathname] [-r realmname] [-k keytype]\n\
-\t[-e etype] [-M mkeyname] [-f keyfile]\n",
+\t[-e etype] [-M mkeyname] [-f keyfile] [-o v4-stash-file]\n",
 	    who);
     exit(status);
 }
@@ -67,6 +67,7 @@ char *argv[];
     char *mkey_name = 0;
     char *mkey_fullname;
     char *keyfile = 0;
+    char *v4_stashfile = 0;
 
     int keytypedone = 0;
     krb5_enctype etype = 0xffff;
@@ -76,7 +77,7 @@ char *argv[];
 
     krb5_init_ets();
 
-    while ((optchar = getopt(argc, argv, "d:r:k:M:e:f:")) != EOF) {
+    while ((optchar = getopt(argc, argv, "d:r:k:M:e:f:o:")) != EOF) {
 	switch(optchar) {
 	case 'd':			/* set db name */
 	    dbname = optarg;
@@ -97,6 +98,9 @@ char *argv[];
 	case 'f':
 	    keyfile = optarg;
 	    break;
+	case 'o':
+	    v4_stashfile = optarg;
+	    break;
 	case '?':
 	default:
 	    usage(argv[0], 1);
@@ -151,11 +155,44 @@ char *argv[];
     }
 
     /* TRUE here means read the keyboard, but only once */
-    if (retval = krb5_db_fetch_mkey(master_princ, &master_encblock, TRUE,
-				    FALSE, 0, &master_keyblock)) {
-	com_err(argv[0], retval, "while reading master key");
-	(void) krb5_db_fini();
-	exit(1);
+    if (v4_stashfile) {
+	FILE *kf;
+	krb5_keyblock *key = &master_keyblock;
+
+	key->length = 8;
+
+#ifdef ANSI_STDIO
+#define STDIO_RB "rb"
+#else
+#define STDIO_RB "r"
+#endif
+	if (!(kf = fopen(v4_stashfile, STDIO_RB))) {
+	    retval = errno;
+	} else if (!(key->contents = (krb5_octet *)malloc(key->length))) {
+	    retval = ENOMEM;
+	} else if (fread((krb5_pointer) key->contents,
+			 sizeof(key->contents[0]), key->length, kf) != key->length) {
+	    memset(key->contents, 0, key->length);
+	    free(key->contents);
+	    key->contents = 0;
+	    retval = KRB5_KDB_CANTREAD_STORED;
+	}
+	
+	fclose(kf);
+
+	if (retval)
+	{
+	    (void) krb5_db_fini();
+	    com_err(argv[0], retval, "trying to open old kstash file");
+	    exit(1);
+	}
+    } else {
+	if (retval = krb5_db_fetch_mkey(master_princ, &master_encblock, TRUE,
+					FALSE, 0, &master_keyblock)) {
+	    com_err(argv[0], retval, "while reading master key");
+	    (void) krb5_db_fini();
+	    exit(1);
+	}
     }
     if (retval = krb5_db_verify_master_key(master_princ, &master_keyblock,
 					   &master_encblock)) {