diff options
| author | Will Fiveash <will.fiveash@oracle.com> | 2008-08-15 00:38:41 +0000 |
|---|---|---|
| committer | Will Fiveash <will.fiveash@oracle.com> | 2008-08-15 00:38:41 +0000 |
| commit | c438b327af4cf5ba96ed3f7e02b6327b9d06c1ae (patch) | |
| tree | 6a65a30d2f7c368d8d29b9755ec52bb082f908c4 /src/plugins | |
| parent | 7b2fd388c28d4c8a3a7a2a4bf2b70a251bf037e8 (diff) | |
| download | krb5-c438b327af4cf5ba96ed3f7e02b6327b9d06c1ae.tar.gz krb5-c438b327af4cf5ba96ed3f7e02b6327b9d06c1ae.tar.xz krb5-c438b327af4cf5ba96ed3f7e02b6327b9d06c1ae.zip | |
a stash file is not a keytab
Note, this is the commit for the associated Krb Consortium project:
Projects/Masterkey Keytab Stash
ticket: 194
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20661 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/plugins')
| -rw-r--r-- | src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c | 11 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M | 6 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c | 18 |
3 files changed, 30 insertions, 5 deletions
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c index eb20a28ed..288a5a0c6 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c @@ -845,9 +845,20 @@ void kdb5_ldap_create(argc, argv) /* Stash the master key only if '-s' option is specified */ if (do_stash || global_params.mask & KADM5_CONFIG_STASH_FILE) { + krb5_kvno mkey_kvno; + /* + * Determine the kvno to use, it must be that used to create the master + * key princ. + */ + if (global_params.mask & KADM5_CONFIG_KVNO) + mkey_kvno = global_params.kvno; /* user specified */ + else + mkey_kvno = 1; /* Default */ + retval = krb5_def_store_mkey(util_context, global_params.stash_file, master_princ, + mkey_kvno, &master_keyblock, NULL); if (retval) { com_err(progname, errno, "while storing key"); diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M index 08463b7f8..484c4ce88 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M @@ -25,7 +25,7 @@ This option is not recommended. Specifies the URI of the LDAP server. .SH COMMANDS .TP -\fBcreate\fP [\fB\-subtrees\fP\ \fIsubtree_dn_list\fP] [\fB\-sscope\fP\ \fIsearch_scope\fP] [\fB\-containerref\fP\ \fIcontainer_reference_dn\fP] [\fB\-k\fP\ \fImkeytype\fP] [\fB\-m\fP|\fB\-P\fP\ \fIpassword\fP|\fB\-sf\fP\ \fIstashfilename\fP] [\fB\-s\fP] [\fB\-r\fP\ \fIrealm\fP] [\fB\-kdcdn\fP\ \fIkdc_service_list\fP] [\fB\-admindn\fP\ \fIadmin_service_list\fP] [\fB\-maxtktlife\fP\ \fImax_ticket_life\fP] [\fB\-maxrenewlife\fP\ \fImax_renewable_ticket_life\fP] [\fIticket_flags\fP] +\fBcreate\fP [\fB\-subtrees\fP\ \fIsubtree_dn_list\fP] [\fB\-sscope\fP\ \fIsearch_scope\fP] [\fB\-containerref\fP\ \fIcontainer_reference_dn\fP] [\fB\-k\fP\ \fImkeytype\fP] [\fB\-kv\fP\ \fImkeyVNO\fP] [\fB\-m\fP|\fB\-P\fP\ \fIpassword\fP|\fB\-sf\fP\ \fIstashfilename\fP] [\fB\-s\fP] [\fB\-r\fP\ \fIrealm\fP] [\fB\-kdcdn\fP\ \fIkdc_service_list\fP] [\fB\-admindn\fP\ \fIadmin_service_list\fP] [\fB\-maxtktlife\fP\ \fImax_ticket_life\fP] [\fB\-maxrenewlife\fP\ \fImax_renewable_ticket_life\fP] [\fIticket_flags\fP] Creates realm in directory. Options: .RS .TP @@ -47,6 +47,10 @@ Specifies the key type of the master key in the database; the default is that given in .IR kdc.conf . .TP +\fB\-kv\fP\ \fImkeyVNO\fP +Specifies the version number of the master key in the database; the default is +1. Note that 0 is not allowed. +.TP \fB\-m\fP Specifies that the master database password should be read from the TTY rather than fetched from a file on the disk. diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c index 704bb163e..1f900e67a 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c @@ -116,7 +116,7 @@ void usage() "\t\t[-kdcdn kdc_service_list] [-admindn admin_service_list]\n" "\t\t[-pwddn passwd_service_list]\n" #endif -"\t\t[-m|-P password|-sf stashfilename] [-k mkeytype] [-s]\n" +"\t\t[-m|-P password|-sf stashfilename] [-k mkeytype] [-kv mkeyVNO] [-s]\n" "\t\t[-maxtktlife max_ticket_life] [-maxrenewlife max_renewable_ticket_life]\n" "\t\t[ticket_flags] [-r realm]\n" @@ -346,10 +346,20 @@ int main(argc, argv) goto cleanup; } } else if (strcmp(*argv, "-k") == 0 && ARG_VAL) { - if (krb5_string_to_enctype(koptarg, &global_params.enctype)) - com_err(progname, 0, "%s is an invalid enctype", koptarg); - else + if (krb5_string_to_enctype(koptarg, &global_params.enctype)) { + com_err(progname, EINVAL, ": %s is an invalid enctype", koptarg); + exit_status++; + goto cleanup; + } else global_params.mask |= KADM5_CONFIG_ENCTYPE; + } else if (strcmp(*argv, "-kv") == 0 && ARG_VAL) { + global_params.kvno = (krb5_kvno) atoi(koptarg); + if (global_params.kvno == IGNORE_VNO) { + com_err(progname, EINVAL, ": %s is an invalid mkeyVNO", koptarg); + exit_status++; + goto cleanup; + } else + global_params.mask |= KADM5_CONFIG_KVNO; } else if (strcmp(*argv, "-M") == 0 && ARG_VAL) { global_params.mkey_name = koptarg; global_params.mask |= KADM5_CONFIG_MKEY_NAME; |