From 7b392735e1eb9682675d6738b3e5bde36c635ec1 Mon Sep 17 00:00:00 2001 From: Mark Eichin Date: Wed, 2 Nov 1994 01:43:48 +0000 Subject: [PATCH] * kdb5_stash.c (main): added -o option to read a Kerberos V4 kstash'ed master key. (usage): mention it in the usage message. * kdb5_stash.M: document it. Necessary for practical conversion of a functioning v4 realm... git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4609 dc483132-0cff-0310-8789-dd5450dbe970 --- src/admin/stash/ChangeLog | 7 +++++ src/admin/stash/kdb5_stash.M | 8 ++++++ src/admin/stash/kdb5_stash.c | 51 +++++++++++++++++++++++++++++++----- 3 files changed, 59 insertions(+), 7 deletions(-) diff --git a/src/admin/stash/ChangeLog b/src/admin/stash/ChangeLog index 7e09d9375..516cdd791 100644 --- a/src/admin/stash/ChangeLog +++ b/src/admin/stash/ChangeLog @@ -1,3 +1,10 @@ +Tue Nov 1 19:19:22 1994 Mark Eichin (eichin@cygnus.com) + + * kdb5_stash.c (main): added -o option to read a Kerberos V4 + kstash'ed master key. + (usage): mention it in the usage message. + * kdb5_stash.M: document it. + Mon Oct 3 19:11:08 1994 Theodore Y. Ts'o (tytso@dcl) * Makefile.in: Use $(srcdir) to find manual page for make install. diff --git a/src/admin/stash/kdb5_stash.M b/src/admin/stash/kdb5_stash.M index 06d02cc81..e45abb56e 100644 --- a/src/admin/stash/kdb5_stash.M +++ b/src/admin/stash/kdb5_stash.M @@ -43,6 +43,9 @@ kdb5_stash \- store a principal database master key on disk ] [ .B \-f .I keyfile +] [ +.B \-o +.I v4-stash-file ] .br .SH DESCRIPTION @@ -91,6 +94,11 @@ The .B \-f option specifies the file in which the master key should be stored; the default is DEFAULT_KEYFILE_STUB ("/.k5." concatenated with the realm name). +.PP +The +.B \-o +option specifies the file in which an old V4 master key was stored; this is +usually the file "/.k". .SH SEE ALSO krb5(3), krb5kdc(8), kdb5_create(8) .SH BUGS diff --git a/src/admin/stash/kdb5_stash.c b/src/admin/stash/kdb5_stash.c index a713e281a..7aceeb49c 100644 --- a/src/admin/stash/kdb5_stash.c +++ b/src/admin/stash/kdb5_stash.c @@ -47,7 +47,7 @@ char *who; int status; { fprintf(stderr, "usage: %s [-d dbpathname] [-r realmname] [-k keytype]\n\ -\t[-e etype] [-M mkeyname] [-f keyfile]\n", +\t[-e etype] [-M mkeyname] [-f keyfile] [-o v4-stash-file]\n", who); exit(status); } @@ -67,6 +67,7 @@ char *argv[]; char *mkey_name = 0; char *mkey_fullname; char *keyfile = 0; + char *v4_stashfile = 0; int keytypedone = 0; krb5_enctype etype = 0xffff; @@ -76,7 +77,7 @@ char *argv[]; krb5_init_ets(); - while ((optchar = getopt(argc, argv, "d:r:k:M:e:f:")) != EOF) { + while ((optchar = getopt(argc, argv, "d:r:k:M:e:f:o:")) != EOF) { switch(optchar) { case 'd': /* set db name */ dbname = optarg; @@ -97,6 +98,9 @@ char *argv[]; case 'f': keyfile = optarg; break; + case 'o': + v4_stashfile = optarg; + break; case '?': default: usage(argv[0], 1); @@ -151,11 +155,44 @@ char *argv[]; } /* TRUE here means read the keyboard, but only once */ - if (retval = krb5_db_fetch_mkey(master_princ, &master_encblock, TRUE, - FALSE, 0, &master_keyblock)) { - com_err(argv[0], retval, "while reading master key"); - (void) krb5_db_fini(); - exit(1); + if (v4_stashfile) { + FILE *kf; + krb5_keyblock *key = &master_keyblock; + + key->length = 8; + +#ifdef ANSI_STDIO +#define STDIO_RB "rb" +#else +#define STDIO_RB "r" +#endif + if (!(kf = fopen(v4_stashfile, STDIO_RB))) { + retval = errno; + } else if (!(key->contents = (krb5_octet *)malloc(key->length))) { + retval = ENOMEM; + } else if (fread((krb5_pointer) key->contents, + sizeof(key->contents[0]), key->length, kf) != key->length) { + memset(key->contents, 0, key->length); + free(key->contents); + key->contents = 0; + retval = KRB5_KDB_CANTREAD_STORED; + } + + fclose(kf); + + if (retval) + { + (void) krb5_db_fini(); + com_err(argv[0], retval, "trying to open old kstash file"); + exit(1); + } + } else { + if (retval = krb5_db_fetch_mkey(master_princ, &master_encblock, TRUE, + FALSE, 0, &master_keyblock)) { + com_err(argv[0], retval, "while reading master key"); + (void) krb5_db_fini(); + exit(1); + } } if (retval = krb5_db_verify_master_key(master_princ, &master_keyblock, &master_encblock)) { -- 2.26.2