From: John Kohl <jtkohl@mit.edu>
Date: Mon, 5 Feb 1990 12:04:13 +0000 (+0000)
Subject: *** empty log message ***
X-Git-Tag: krb5-1.0-alpha2~1115
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=d69f0ed88e08517ae43ed3f9032cb1e3edac9feb;p=krb5.git

*** empty log message ***

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@269 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/kdb/verify_mky.c b/src/lib/kdb/verify_mky.c
new file mode 100644
index 000000000..6937c16a5
--- /dev/null
+++ b/src/lib/kdb/verify_mky.c
@@ -0,0 +1,67 @@
+/*
+ * $Source$
+ * $Author$
+ *
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <krb5/mit-copyright.h>.
+ * 
+ * krb5_db_verify_master_key();
+ */
+
+#if !defined(lint) && !defined(SABER)
+static char rcsid_verify_mky_c[] =
+"$Id$";
+#endif	/* !lint & !SABER */
+
+#include <krb5/copyright.h>
+#include <krb5/krb5.h>
+#include <krb5/kdb.h>
+#include <krb5/krb5_err.h>
+#include <krb5/kdb5_err.h>
+#include <errno.h>
+
+krb5_error_code
+krb5_db_verify_master_key(mprinc, mkey)
+krb5_principal mprinc;
+krb5_keyblock *mkey;
+{
+    krb5_error_code retval;
+    krb5_db_entry master_entry;
+    int nprinc, more;
+    krb5_encrypt_block eblock;
+    extern krb5_encrypt_block master_encblock;
+    krb5_keyblock tempkey;
+
+    nprinc = 1;
+    if (retval = krb5_db_get_principal(mprinc, &master_entry, &nprinc, &more))
+	return(retval);
+	
+    if (nprinc != 1) {
+	if (nprinc)
+	    krb5_db_free_principal(&master_entry, nprinc);
+	return(KRB5_KDB_NOMASTERKEY);
+    } else if (more) {
+	krb5_db_free_principal(&master_entry, nprinc);
+	return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE);
+    }	
+
+    eblock = master_encblock;
+
+    /* do any necessary key pre-processing */
+    if (retval = (*eblock.crypto_entry->process_key)(&eblock, mkey)) {
+	return(retval);
+    }
+    if (retval = krb5_kdb_decrypt_key(&master_entry.key, &tempkey, &eblock)) {
+	(void) (*eblock.crypto_entry->finish_key)(&eblock);
+	return retval;
+    }
+    if (!bcmp(mkey->contents, tempkey.contents, mkey->length)) {
+	retval = KRB5_KDB_BADMASTERKEY;
+	(void) (*eblock.crypto_entry->finish_key)(&eblock);
+    } else
+	retval = (*eblock.crypto_entry->finish_key)(&eblock);
+    
+    return retval;
+}