kstash.c (102644) | kstash.c (178825) |
---|---|
1/* | 1/* |
2 * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan | 2 * Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan |
3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright --- 17 unchanged lines hidden (view full) --- 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34#include "headers.h" 35 | 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright --- 17 unchanged lines hidden (view full) --- 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34#include "headers.h" 35 |
36RCSID("$Id: kstash.c,v 1.15 2002/04/18 09:47:25 joda Exp $"); | 36RCSID("$Id: kstash.c 22244 2007-12-08 23:47:42Z lha $"); |
37 38krb5_context context; 39 | 37 38krb5_context context; 39 |
40const char *keyfile = HDB_DB_DIR "/m-key"; 41int convert_flag; 42int help_flag; 43int version_flag; | 40static char *keyfile; 41static int convert_flag; 42static int help_flag; 43static int version_flag; |
44 | 44 |
45int master_key_fd = -1; | 45static int master_key_fd = -1; 46static int random_key_flag; |
46 | 47 |
47const char *enctype_str = "des3-cbc-sha1"; | 48static const char *enctype_str = "des3-cbc-sha1"; |
48 | 49 |
49struct getargs args[] = { | 50static struct getargs args[] = { |
50 { "enctype", 'e', arg_string, &enctype_str, "encryption type" }, 51 { "key-file", 'k', arg_string, &keyfile, "master key file", "file" }, 52 { "convert-file", 0, arg_flag, &convert_flag, 53 "just convert keyfile to new format" }, 54 { "master-key-fd", 0, arg_integer, &master_key_fd, 55 "filedescriptor to read passphrase from", "fd" }, | 51 { "enctype", 'e', arg_string, &enctype_str, "encryption type" }, 52 { "key-file", 'k', arg_string, &keyfile, "master key file", "file" }, 53 { "convert-file", 0, arg_flag, &convert_flag, 54 "just convert keyfile to new format" }, 55 { "master-key-fd", 0, arg_integer, &master_key_fd, 56 "filedescriptor to read passphrase from", "fd" }, |
57 { "random-key", 0, arg_flag, &random_key_flag, "generate a random master key" }, |
|
56 { "help", 'h', arg_flag, &help_flag }, 57 { "version", 0, arg_flag, &version_flag } 58}; 59 60int num_args = sizeof(args) / sizeof(args[0]); 61 62int 63main(int argc, char **argv) --- 9 unchanged lines hidden (view full) --- 73 74 if(help_flag) 75 krb5_std_usage(0, args, num_args); 76 if(version_flag){ 77 print_version(NULL); 78 exit(0); 79 } 80 | 58 { "help", 'h', arg_flag, &help_flag }, 59 { "version", 0, arg_flag, &version_flag } 60}; 61 62int num_args = sizeof(args) / sizeof(args[0]); 63 64int 65main(int argc, char **argv) --- 9 unchanged lines hidden (view full) --- 75 76 if(help_flag) 77 krb5_std_usage(0, args, num_args); 78 if(version_flag){ 79 print_version(NULL); 80 exit(0); 81 } 82 |
83 if (master_key_fd != -1 && random_key_flag) 84 krb5_errx(context, 1, "random-key and master-key-fd " 85 "is mutual exclusive"); 86 87 if (keyfile == NULL) 88 asprintf(&keyfile, "%s/m-key", hdb_db_dir(context)); 89 |
|
81 ret = krb5_string_to_enctype(context, enctype_str, &enctype); 82 if(ret) 83 krb5_err(context, 1, ret, "krb5_string_to_enctype"); 84 85 ret = hdb_read_master_key(context, keyfile, &mkey); 86 if(ret && ret != ENOENT) 87 krb5_err(context, 1, ret, "reading master key from %s", keyfile); 88 89 if (convert_flag) { 90 if (ret) 91 krb5_err(context, 1, ret, "reading master key from %s", keyfile); 92 } else { 93 krb5_keyblock key; 94 krb5_salt salt; 95 salt.salttype = KRB5_PW_SALT; 96 /* XXX better value? */ 97 salt.saltvalue.data = NULL; 98 salt.saltvalue.length = 0; | 90 ret = krb5_string_to_enctype(context, enctype_str, &enctype); 91 if(ret) 92 krb5_err(context, 1, ret, "krb5_string_to_enctype"); 93 94 ret = hdb_read_master_key(context, keyfile, &mkey); 95 if(ret && ret != ENOENT) 96 krb5_err(context, 1, ret, "reading master key from %s", keyfile); 97 98 if (convert_flag) { 99 if (ret) 100 krb5_err(context, 1, ret, "reading master key from %s", keyfile); 101 } else { 102 krb5_keyblock key; 103 krb5_salt salt; 104 salt.salttype = KRB5_PW_SALT; 105 /* XXX better value? */ 106 salt.saltvalue.data = NULL; 107 salt.saltvalue.length = 0; |
99 if(master_key_fd != -1) { 100 ssize_t n; 101 n = read(master_key_fd, buf, sizeof(buf)); 102 if(n <= 0) 103 krb5_err(context, 1, errno, "failed to read passphrase"); 104 buf[n] = '\0'; 105 buf[strcspn(buf, "\r\n")] = '\0'; | 108 if (random_key_flag) { 109 ret = krb5_generate_random_keyblock(context, enctype, &key); 110 if (ret) 111 krb5_err(context, 1, ret, "krb5_generate_random_keyblock"); 112 |
106 } else { | 113 } else { |
107 if(des_read_pw_string(buf, sizeof(buf), "Master key: ", 1)) 108 exit(1); | 114 if(master_key_fd != -1) { 115 ssize_t n; 116 n = read(master_key_fd, buf, sizeof(buf)); 117 if(n <= 0) 118 krb5_err(context, 1, errno, "failed to read passphrase"); 119 buf[n] = '\0'; 120 buf[strcspn(buf, "\r\n")] = '\0'; 121 122 } else { 123 if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Master key: ", 1)) 124 exit(1); 125 } 126 krb5_string_to_key_salt(context, enctype, buf, salt, &key); |
109 } | 127 } |
110 krb5_string_to_key_salt(context, enctype, buf, salt, &key); | |
111 ret = hdb_add_master_key(context, &key, &mkey); 112 113 krb5_free_keyblock_contents(context, &key); 114 115 } 116 117 { 118 char *new, *old; --- 30 unchanged lines hidden --- | 128 ret = hdb_add_master_key(context, &key, &mkey); 129 130 krb5_free_keyblock_contents(context, &key); 131 132 } 133 134 { 135 char *new, *old; --- 30 unchanged lines hidden --- |