Allow master key to be passed in on the command line. Makes testing

scripts easier.   This is for testing only --- the option is not documented!!

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4473 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/admin/create/ChangeLog b/src/admin/create/ChangeLog
index e347db6c94beb3a1ede50a6cebd9b6d9c0136fea..62068c04833850c2840aef8678bd4d4d2e197e6a 100644 (file)
--- a/src/admin/create/ChangeLog
+++ b/src/admin/create/ChangeLog
@@ -1,3 +1,9 @@
+Thu Oct  6 23:29:07 1994  Theodore Y. Ts'o  (tytso@dcl)
+
+       * kdb5_create.c (main): Add a new option so that the master key
+               password can be entered on the command line --- for
+               testing only; not documented!!
+
 Mon Oct  3 19:10:01 1994  Theodore Y. Ts'o  (tytso@dcl)
 
        * Makefile.in: Use $(srcdir) to find manual page for make install.

diff --git a/src/admin/create/kdb5_create.c b/src/admin/create/kdb5_create.c
index c66e24ef2100e4851040773f6f9cf43aa190fa59..b71df6209e1a599bc78adddecddfe4227b2822a7 100644 (file)
--- a/src/admin/create/kdb5_create.c
+++ b/src/admin/create/kdb5_create.c
@@ -129,15 +129,17 @@ char *argv[];
     char *mkey_name = 0;
     char *mkey_fullname;
     char *defrealm;
+    char *mkey_password = 0;
     int keytypedone = 0;
     krb5_enctype etype = 0xffff;
+    krb5_data scratch, pwd;
 
     krb5_init_ets();
 
     if (strrchr(argv[0], '/'))
        argv[0] = strrchr(argv[0], '/')+1;
 
-    while ((optchar = getopt(argc, argv, "d:r:k:M:e:")) != EOF) {
+    while ((optchar = getopt(argc, argv, "d:r:k:M:e:P:")) != EOF) {
        switch(optchar) {
        case 'd':                       /* set db name */
            dbname = optarg;
@@ -152,6 +154,9 @@ char *argv[];
        case 'M':                       /* master key name in DB */
            mkey_name = optarg;
            break;
+        case 'P':              /* Only used for testing!!! */
+           mkey_password = optarg;
+           break;
        case 'e':
            etype = atoi(optarg);
            break;
@@ -217,16 +222,35 @@ char *argv[];
 master key name '%s'\n",
           dbname, realm, mkey_fullname);
 
-    printf("You will be prompted for the database Master Password.\n");
-    printf("It is important that you NOT FORGET this password.\n");
-    fflush(stdout);
-
-    /* TRUE here means read the keyboard, and do it twice */
-    if (retval = krb5_db_fetch_mkey(master_princ, &master_encblock, TRUE, TRUE,
-                                   0, &master_keyblock)) {
-       com_err(argv[0], retval, "while reading master key");
-       exit(1);
+    if (mkey_password) {
+       pwd.data = mkey_password;
+       pwd.length = strlen(mkey_password);
+       retval = krb5_principal2salt(master_princ, &scratch);
+       if (retval) {
+           com_err(argv[0], retval, "while calculated master key salt");
+           exit(1);
+       }
+       retval = krb5_string_to_key(&master_encblock, master_keyblock.keytype,
+                                   &master_keyblock, &pwd, &scratch);
+       if (retval) {
+           com_err(argv[0], retval,
+                   "while transforming master key from password");
+           exit(1);
+       }
+       free(scratch.data);
+    } else {
+       printf("You will be prompted for the database Master Password.\n");
+       printf("It is important that you NOT FORGET this password.\n");
+       fflush(stdout);
+
+       /* TRUE here means read the keyboard, and do it twice */
+       if (retval = krb5_db_fetch_mkey(master_princ, &master_encblock, TRUE,
+                                       TRUE, 0, &master_keyblock)) {
+           com_err(argv[0], retval, "while reading master key");
+           exit(1);
+       }
     }
+    
     if (retval = krb5_process_key(&master_encblock, &master_keyblock)) {
        com_err(argv[0], retval, "while processing master key");
        exit(1);