diff options
Diffstat (limited to 'crypto/heimdal/kdc/kstash.c')
-rw-r--r-- | crypto/heimdal/kdc/kstash.c | 55 |
1 files changed, 36 insertions, 19 deletions
diff --git a/crypto/heimdal/kdc/kstash.c b/crypto/heimdal/kdc/kstash.c index dc0621a..9e499a1 100644 --- a/crypto/heimdal/kdc/kstash.c +++ b/crypto/heimdal/kdc/kstash.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,26 +33,28 @@ #include "headers.h" -RCSID("$Id: kstash.c,v 1.15 2002/04/18 09:47:25 joda Exp $"); +RCSID("$Id: kstash.c 22244 2007-12-08 23:47:42Z lha $"); krb5_context context; -const char *keyfile = HDB_DB_DIR "/m-key"; -int convert_flag; -int help_flag; -int version_flag; +static char *keyfile; +static int convert_flag; +static int help_flag; +static int version_flag; -int master_key_fd = -1; +static int master_key_fd = -1; +static int random_key_flag; -const char *enctype_str = "des3-cbc-sha1"; +static const char *enctype_str = "des3-cbc-sha1"; -struct getargs args[] = { +static struct getargs args[] = { { "enctype", 'e', arg_string, &enctype_str, "encryption type" }, { "key-file", 'k', arg_string, &keyfile, "master key file", "file" }, { "convert-file", 0, arg_flag, &convert_flag, "just convert keyfile to new format" }, { "master-key-fd", 0, arg_integer, &master_key_fd, "filedescriptor to read passphrase from", "fd" }, + { "random-key", 0, arg_flag, &random_key_flag, "generate a random master key" }, { "help", 'h', arg_flag, &help_flag }, { "version", 0, arg_flag, &version_flag } }; @@ -78,6 +80,13 @@ main(int argc, char **argv) exit(0); } + if (master_key_fd != -1 && random_key_flag) + krb5_errx(context, 1, "random-key and master-key-fd " + "is mutual exclusive"); + + if (keyfile == NULL) + asprintf(&keyfile, "%s/m-key", hdb_db_dir(context)); + ret = krb5_string_to_enctype(context, enctype_str, &enctype); if(ret) krb5_err(context, 1, ret, "krb5_string_to_enctype"); @@ -96,18 +105,26 @@ main(int argc, char **argv) /* XXX better value? */ salt.saltvalue.data = NULL; salt.saltvalue.length = 0; - if(master_key_fd != -1) { - ssize_t n; - n = read(master_key_fd, buf, sizeof(buf)); - if(n <= 0) - krb5_err(context, 1, errno, "failed to read passphrase"); - buf[n] = '\0'; - buf[strcspn(buf, "\r\n")] = '\0'; + if (random_key_flag) { + ret = krb5_generate_random_keyblock(context, enctype, &key); + if (ret) + krb5_err(context, 1, ret, "krb5_generate_random_keyblock"); + } else { - if(des_read_pw_string(buf, sizeof(buf), "Master key: ", 1)) - exit(1); + if(master_key_fd != -1) { + ssize_t n; + n = read(master_key_fd, buf, sizeof(buf)); + if(n <= 0) + krb5_err(context, 1, errno, "failed to read passphrase"); + buf[n] = '\0'; + buf[strcspn(buf, "\r\n")] = '\0'; + + } else { + if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Master key: ", 1)) + exit(1); + } + krb5_string_to_key_salt(context, enctype, buf, salt, &key); } - krb5_string_to_key_salt(context, enctype, buf, salt, &key); ret = hdb_add_master_key(context, &key, &mkey); krb5_free_keyblock_contents(context, &key); |