From a2cc4fcc1ca8c120198f69f0e9acd5c952f172fd Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Fri, 7 Oct 1994 03:55:49 +0000 Subject: [PATCH] Allow master key to be passed in on the command line. Makes testing scripts easier. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4472 dc483132-0cff-0310-8789-dd5450dbe970 --- src/tests/create/ChangeLog | 4 ++++ src/tests/create/kdb5_mkdums.c | 36 ++++++++++++++++++++++++++++------ src/tests/verify/ChangeLog | 4 ++++ src/tests/verify/kdb5_verify.c | 34 +++++++++++++++++++++++++++----- 4 files changed, 67 insertions(+), 11 deletions(-) diff --git a/src/tests/create/ChangeLog b/src/tests/create/ChangeLog index 2b44c7386..bcc3ca1c5 100644 --- a/src/tests/create/ChangeLog +++ b/src/tests/create/ChangeLog @@ -1,5 +1,9 @@ Thu Oct 6 12:41:28 1994 Theodore Y. Ts'o (tytso@dcl) + * kdb5_mkdums.c (main, set_dbname_help): Allow master key password + to be passed in on the command line; to make testing + scripts simpler. + * kdb5_mkdums.c (add_princ): Initialize all the fields of the principal. diff --git a/src/tests/create/kdb5_mkdums.c b/src/tests/create/kdb5_mkdums.c index 45755de9d..5edb4ffbc 100644 --- a/src/tests/create/kdb5_mkdums.c +++ b/src/tests/create/kdb5_mkdums.c @@ -80,6 +80,7 @@ krb5_pointer master_random; static char *progname; static char *cur_realm = 0; static char *mkey_name = 0; +static char *mkey_password = 0; static krb5_boolean manual_mkey = FALSE; static krb5_boolean dbactive = FALSE; @@ -128,16 +129,19 @@ char *argv[]; num_to_create = 0; depth = 1; - while ((optchar = getopt(argc, argv, "D:p:n:d:r:k:M:e:m")) != EOF) { + while ((optchar = getopt(argc, argv, "D:P:p:n:d:r:k:M:e:m")) != EOF) { switch(optchar) { case 'D': depth = atoi(optarg); /* how deep to go */ break; + case 'P': /* Only used for testing!!! */ + mkey_password = optarg; + break; case 'p': /* prefix name to create */ strcpy(principal_string, optarg); suffix = principal_string + strlen(principal_string); break; - case 'n': /* how many to create */ + case 'n': /* how many to create */ num_to_create = atoi(optarg); break; case 'd': /* set db name */ @@ -328,6 +332,7 @@ char *dbname; int nentries; krb5_boolean more; register krb5_cryptosystem_entry *csentry; + krb5_data pwd, scratch; csentry = master_encblock.crypto_entry; @@ -343,10 +348,29 @@ char *dbname; com_err(pname, retval, "while setting up master key name"); return(1); } - if (retval = krb5_db_fetch_mkey(master_princ, &master_encblock, - manual_mkey, FALSE, 0, &master_keyblock)) { - com_err(pname, retval, "while reading master key"); - return(1); + if (mkey_password) { + pwd.data = mkey_password; + pwd.length = strlen(mkey_password); + retval = krb5_principal2salt(master_princ, &scratch); + if (retval) { + com_err(pname, retval, "while calculated master key salt"); + return(1); + } + retval = krb5_string_to_key(&master_encblock, master_keyblock.keytype, + &master_keyblock, &pwd, &scratch); + if (retval) { + com_err(pname, retval, + "while transforming master key from password"); + return(1); + } + free(scratch.data); + } else { + if (retval = krb5_db_fetch_mkey(master_princ, &master_encblock, + manual_mkey, FALSE, 0, + &master_keyblock)) { + com_err(pname, retval, "while reading master key"); + return(1); + } } if (retval = krb5_db_init()) { com_err(pname, retval, "while initializing database"); diff --git a/src/tests/verify/ChangeLog b/src/tests/verify/ChangeLog index 05c9aaa48..7da8d0654 100644 --- a/src/tests/verify/ChangeLog +++ b/src/tests/verify/ChangeLog @@ -1,5 +1,9 @@ Thu Oct 6 12:42:47 1994 Theodore Y. Ts'o (tytso@dcl) + * kdb5_verify.c (main, set_dbname_help): Allow master key password + to be passed in on the command line; to make testing + scripts simpler. + * kdb5_verify.c (check_princ): Check to make sure key version number is 1, not 0. diff --git a/src/tests/verify/kdb5_verify.c b/src/tests/verify/kdb5_verify.c index c2f081326..d5671e0ba 100644 --- a/src/tests/verify/kdb5_verify.c +++ b/src/tests/verify/kdb5_verify.c @@ -81,6 +81,7 @@ char *str_master_princ; static char *progname; static char *cur_realm = 0; static char *mkey_name = 0; +static char *mkey_password = 0; static krb5_boolean manual_mkey = FALSE; static krb5_boolean dbactive = FALSE; @@ -128,11 +129,14 @@ char *argv[]; num_to_check = 0; depth = 1; - while ((optchar = getopt(argc, argv, "D:p:n:d:r:R:k:M:e:m")) != EOF) { + while ((optchar = getopt(argc, argv, "D:P:p:n:d:r:R:k:M:e:m")) != EOF) { switch(optchar) { case 'D': depth = atoi(optarg); /* how deep to go */ break; + case 'P': /* Only used for testing!!! */ + mkey_password = optarg; + break; case 'p': /* prefix name to check */ strcpy(principal_string, optarg); suffix = principal_string + strlen(principal_string); @@ -376,6 +380,7 @@ char *dbname; int nentries; krb5_boolean more; register krb5_cryptosystem_entry *csentry; + krb5_data pwd, scratch; csentry = master_encblock.crypto_entry; @@ -391,10 +396,29 @@ char *dbname; com_err(pname, retval, "while setting up master key name"); return(1); } - if (retval = krb5_db_fetch_mkey(master_princ, &master_encblock, - manual_mkey, FALSE, 0, &master_keyblock)) { - com_err(pname, retval, "while reading master key"); - return(1); + if (mkey_password) { + pwd.data = mkey_password; + pwd.length = strlen(mkey_password); + retval = krb5_principal2salt(master_princ, &scratch); + if (retval) { + com_err(pname, retval, "while calculated master key salt"); + return(1); + } + retval = krb5_string_to_key(&master_encblock, master_keyblock.keytype, + &master_keyblock, &pwd, &scratch); + if (retval) { + com_err(pname, retval, + "while transforming master key from password"); + return(1); + } + free(scratch.data); + } else { + if (retval = krb5_db_fetch_mkey(master_princ, &master_encblock, + manual_mkey, FALSE, 0, + &master_keyblock)) { + com_err(pname, retval, "while reading master key"); + return(1); + } } if (retval = krb5_db_init()) { com_err(pname, retval, "while initializing database"); -- 2.26.2