From 65fc7036916bfa0ef655a9a2bb9401fb95036f29 Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Fri, 7 Oct 1994 04:55:30 +0000 Subject: [PATCH] Add new option -P to specify master key passwrd on the command line. For testing only! Fix bug where use of the -R option would report a random error, due to the error code variable passed to ss_execute_line not being cleared first. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4474 dc483132-0cff-0310-8789-dd5450dbe970 --- src/admin/edit/ChangeLog | 10 ++++++++++ src/admin/edit/kdb5_edit.c | 33 ++++++++++++++++++++++++++++----- src/admin/edit/ss_wrapper.c | 2 +- 3 files changed, 39 insertions(+), 6 deletions(-) diff --git a/src/admin/edit/ChangeLog b/src/admin/edit/ChangeLog index 8217853ea..870c634bf 100644 --- a/src/admin/edit/ChangeLog +++ b/src/admin/edit/ChangeLog @@ -1,3 +1,13 @@ +Fri Oct 7 00:01:40 1994 Theodore Y. Ts'o (tytso@dcl) + + * ss_wrapper.c (main): Clear code before ss_execute_line, since + ss_execute_line doesn't set code to 0 if there are no + problems. + + * kdb5_edit.c (kdb5_edit_Init): Add a new option so that the + master key password can be entered on the command line --- + for testing only; not documented!! + Mon Oct 3 19:10:47 1994 Theodore Y. Ts'o (tytso@dcl) * Makefile.in: Use $(srcdir) to find manual page for make install. diff --git a/src/admin/edit/kdb5_edit.c b/src/admin/edit/kdb5_edit.c index 3681ee92d..0c07c98df 100644 --- a/src/admin/edit/kdb5_edit.c +++ b/src/admin/edit/kdb5_edit.c @@ -60,6 +60,7 @@ static int num_name_tokens; static char search_instance[40]; static int num_instance_tokens; static int must_be_first[2]; +static char *mkey_password = 0; /* * I can't figure out any way for this not to be global, given how ss @@ -117,8 +118,11 @@ char *kdb5_edit_Init(argc, argv) progname = argv[0]; - while ((optchar = getopt(argc, argv, "d:r:R:k:M:e:m")) != EOF) { + while ((optchar = getopt(argc, argv, "P:d:r:R:k:M:e:m")) != EOF) { switch(optchar) { + case 'P': /* Only used for testing!!! */ + mkey_password = optarg; + break; case 'd': /* set db name */ dbname = optarg; break; @@ -374,6 +378,7 @@ char *dbname; krb5_error_code retval; int nentries; krb5_boolean more; + krb5_data scratch, pwd; if (current_dbname) free(current_dbname); @@ -428,16 +433,34 @@ char *dbname; mblock.mkvno = master_entry.kvno; krb5_db_free_principal(&master_entry, nentries); - if (retval = krb5_db_fetch_mkey(master_princ, &master_encblock, - manual_mkey, FALSE, 0, &master_keyblock)) { + if (mkey_password) { + pwd.data = mkey_password; + pwd.length = strlen(mkey_password); + retval = krb5_principal2salt(master_princ, &scratch); + if (retval) { + com_err(pname, retval, "while calculated master key salt"); + return(1); + } + retval = krb5_string_to_key(&master_encblock, master_keyblock.keytype, + &master_keyblock, &pwd, &scratch); + if (retval) { + com_err(pname, retval, + "while transforming master key from password"); + return(1); + } + free(scratch.data); + mkey_password = 0; + } else if (retval = krb5_db_fetch_mkey(master_princ, &master_encblock, + manual_mkey, FALSE, 0, + &master_keyblock)) { com_err(pname, retval, "while reading master key"); com_err(pname, 0, "Warning: proceeding without master key"); exit_status++; valid_master_key = 0; dbactive = TRUE; return(0); - } else - valid_master_key = 1; + } + valid_master_key = 1; if (retval = krb5_db_verify_master_key(master_princ, &master_keyblock, &master_encblock)) { com_err(pname, retval, "while verifying master key"); diff --git a/src/admin/edit/ss_wrapper.c b/src/admin/edit/ss_wrapper.c index 0da894339..3f86c45a4 100644 --- a/src/admin/edit/ss_wrapper.c +++ b/src/admin/edit/ss_wrapper.c @@ -38,7 +38,7 @@ int main(argc, argv) { char *request; krb5_error_code retval; - int sci_idx, code; + int sci_idx, code = 0; request = kdb5_edit_Init(argc, argv); sci_idx = ss_create_invocation("kdb5_edit", "5.0", (char *) NULL, -- 2.26.2