From 17339eb1dc3e18d59b055c6523676f9442e14b1f Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Fri, 7 Oct 1994 03:56:55 +0000 Subject: [PATCH] Allow master key to be passed in on the command line. Makes testing scripts easier. This is for testing only --- the option is not documented!! git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4473 dc483132-0cff-0310-8789-dd5450dbe970 --- src/admin/create/ChangeLog | 6 +++++ src/admin/create/kdb5_create.c | 44 ++++++++++++++++++++++++++-------- 2 files changed, 40 insertions(+), 10 deletions(-) diff --git a/src/admin/create/ChangeLog b/src/admin/create/ChangeLog index e347db6c9..62068c048 100644 --- a/src/admin/create/ChangeLog +++ b/src/admin/create/ChangeLog @@ -1,3 +1,9 @@ +Thu Oct 6 23:29:07 1994 Theodore Y. Ts'o (tytso@dcl) + + * kdb5_create.c (main): Add a new option so that the master key + password can be entered on the command line --- for + testing only; not documented!! + Mon Oct 3 19:10:01 1994 Theodore Y. Ts'o (tytso@dcl) * Makefile.in: Use $(srcdir) to find manual page for make install. diff --git a/src/admin/create/kdb5_create.c b/src/admin/create/kdb5_create.c index c66e24ef2..b71df6209 100644 --- a/src/admin/create/kdb5_create.c +++ b/src/admin/create/kdb5_create.c @@ -129,15 +129,17 @@ char *argv[]; char *mkey_name = 0; char *mkey_fullname; char *defrealm; + char *mkey_password = 0; int keytypedone = 0; krb5_enctype etype = 0xffff; + krb5_data scratch, pwd; krb5_init_ets(); if (strrchr(argv[0], '/')) argv[0] = strrchr(argv[0], '/')+1; - while ((optchar = getopt(argc, argv, "d:r:k:M:e:")) != EOF) { + while ((optchar = getopt(argc, argv, "d:r:k:M:e:P:")) != EOF) { switch(optchar) { case 'd': /* set db name */ dbname = optarg; @@ -152,6 +154,9 @@ char *argv[]; case 'M': /* master key name in DB */ mkey_name = optarg; break; + case 'P': /* Only used for testing!!! */ + mkey_password = optarg; + break; case 'e': etype = atoi(optarg); break; @@ -217,16 +222,35 @@ char *argv[]; master key name '%s'\n", dbname, realm, mkey_fullname); - printf("You will be prompted for the database Master Password.\n"); - printf("It is important that you NOT FORGET this password.\n"); - fflush(stdout); - - /* TRUE here means read the keyboard, and do it twice */ - if (retval = krb5_db_fetch_mkey(master_princ, &master_encblock, TRUE, TRUE, - 0, &master_keyblock)) { - com_err(argv[0], retval, "while reading master key"); - exit(1); + if (mkey_password) { + pwd.data = mkey_password; + pwd.length = strlen(mkey_password); + retval = krb5_principal2salt(master_princ, &scratch); + if (retval) { + com_err(argv[0], retval, "while calculated master key salt"); + exit(1); + } + retval = krb5_string_to_key(&master_encblock, master_keyblock.keytype, + &master_keyblock, &pwd, &scratch); + if (retval) { + com_err(argv[0], retval, + "while transforming master key from password"); + exit(1); + } + free(scratch.data); + } else { + printf("You will be prompted for the database Master Password.\n"); + printf("It is important that you NOT FORGET this password.\n"); + fflush(stdout); + + /* TRUE here means read the keyboard, and do it twice */ + if (retval = krb5_db_fetch_mkey(master_princ, &master_encblock, TRUE, + TRUE, 0, &master_keyblock)) { + com_err(argv[0], retval, "while reading master key"); + exit(1); + } } + if (retval = krb5_process_key(&master_encblock, &master_keyblock)) { com_err(argv[0], retval, "while processing master key"); exit(1); -- 2.26.2