summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/kdc/kstash.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/kdc/kstash.c')
-rw-r--r--crypto/heimdal/kdc/kstash.c55
1 files changed, 36 insertions, 19 deletions
diff --git a/crypto/heimdal/kdc/kstash.c b/crypto/heimdal/kdc/kstash.c
index dc0621a..9e499a1 100644
--- a/crypto/heimdal/kdc/kstash.c
+++ b/crypto/heimdal/kdc/kstash.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,26 +33,28 @@
#include "headers.h"
-RCSID("$Id: kstash.c,v 1.15 2002/04/18 09:47:25 joda Exp $");
+RCSID("$Id: kstash.c 22244 2007-12-08 23:47:42Z lha $");
krb5_context context;
-const char *keyfile = HDB_DB_DIR "/m-key";
-int convert_flag;
-int help_flag;
-int version_flag;
+static char *keyfile;
+static int convert_flag;
+static int help_flag;
+static int version_flag;
-int master_key_fd = -1;
+static int master_key_fd = -1;
+static int random_key_flag;
-const char *enctype_str = "des3-cbc-sha1";
+static const char *enctype_str = "des3-cbc-sha1";
-struct getargs args[] = {
+static struct getargs args[] = {
{ "enctype", 'e', arg_string, &enctype_str, "encryption type" },
{ "key-file", 'k', arg_string, &keyfile, "master key file", "file" },
{ "convert-file", 0, arg_flag, &convert_flag,
"just convert keyfile to new format" },
{ "master-key-fd", 0, arg_integer, &master_key_fd,
"filedescriptor to read passphrase from", "fd" },
+ { "random-key", 0, arg_flag, &random_key_flag, "generate a random master key" },
{ "help", 'h', arg_flag, &help_flag },
{ "version", 0, arg_flag, &version_flag }
};
@@ -78,6 +80,13 @@ main(int argc, char **argv)
exit(0);
}
+ if (master_key_fd != -1 && random_key_flag)
+ krb5_errx(context, 1, "random-key and master-key-fd "
+ "is mutual exclusive");
+
+ if (keyfile == NULL)
+ asprintf(&keyfile, "%s/m-key", hdb_db_dir(context));
+
ret = krb5_string_to_enctype(context, enctype_str, &enctype);
if(ret)
krb5_err(context, 1, ret, "krb5_string_to_enctype");
@@ -96,18 +105,26 @@ main(int argc, char **argv)
/* XXX better value? */
salt.saltvalue.data = NULL;
salt.saltvalue.length = 0;
- if(master_key_fd != -1) {
- ssize_t n;
- n = read(master_key_fd, buf, sizeof(buf));
- if(n <= 0)
- krb5_err(context, 1, errno, "failed to read passphrase");
- buf[n] = '\0';
- buf[strcspn(buf, "\r\n")] = '\0';
+ if (random_key_flag) {
+ ret = krb5_generate_random_keyblock(context, enctype, &key);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
+
} else {
- if(des_read_pw_string(buf, sizeof(buf), "Master key: ", 1))
- exit(1);
+ if(master_key_fd != -1) {
+ ssize_t n;
+ n = read(master_key_fd, buf, sizeof(buf));
+ if(n <= 0)
+ krb5_err(context, 1, errno, "failed to read passphrase");
+ buf[n] = '\0';
+ buf[strcspn(buf, "\r\n")] = '\0';
+
+ } else {
+ if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Master key: ", 1))
+ exit(1);
+ }
+ krb5_string_to_key_salt(context, enctype, buf, salt, &key);
}
- krb5_string_to_key_salt(context, enctype, buf, salt, &key);
ret = hdb_add_master_key(context, &key, &mkey);
krb5_free_keyblock_contents(context, &key);
OpenPOWER on IntegriCloud