diff --git a/kdc/kstash.c b/kdc/kstash.c index fa2a0ba74..f70f37e4d 100644 --- a/kdc/kstash.c +++ b/kdc/kstash.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -40,8 +40,11 @@ RCSID("$Id$"); +krb5_context context; + char *keyfile = HDB_DB_DIR "/m-key"; char *v4_keyfile; +int convert_flag; int help_flag; int version_flag; @@ -49,27 +52,116 @@ struct getargs args[] = { { "key-file", 'k', arg_string, &keyfile, "master key file", "file" }, { "version4-key-file", '4', arg_string, &v4_keyfile, "kerberos 4 master key file", "file" }, + { "convert-file", 0, arg_flag, &convert_flag, + "convert keytype of keyfile" }, { "help", 'h', arg_flag, &help_flag }, { "version", 0, arg_flag, &version_flag } }; int num_args = sizeof(args) / sizeof(args[0]); -int main(int argc, char **argv) +static void +write_keyfile(EncryptionKey key) +{ + FILE *f; + char buf[1024]; + size_t len; + +#ifdef HAVE_UMASK + umask(077); +#endif + + f = fopen(keyfile, "w"); + if(f == NULL) + krb5_err(context, 1, errno, "%s", keyfile); + encode_EncryptionKey((unsigned char *)buf + sizeof(buf) - 1, + sizeof(buf), &key, &len); + fwrite(buf + sizeof(buf) - len, len, 1, f); + memset(buf, 0, sizeof(buf)); + if(ferror(f)) + krb5_err(context, 1, errno, "%s", keyfile); + fclose(f); +} + +static int +convert_file(void) +{ + FILE *f; + char buf[1024]; + char *fn; + size_t len; + EncryptionKey key; + krb5_error_code ret; + + f = fopen(keyfile, "r"); + if(f == NULL) { + krb5_warn(context, errno, "%s", keyfile); + return 1; + } + len = fread(buf, 1, sizeof(buf), f); + if(ferror(f)) { + krb5_warn(context, errno, "fread"); + ret = 1; + goto out1; + } + fclose(f); + ret = decode_EncryptionKey(buf, len, &key, &len); + memset(buf, 0, sizeof(buf)); + if(ret) { + krb5_warn(context, ret, "decode_EncryptionKey"); + goto out2; + } + if(key.keytype == KEYTYPE_DES) + key.keytype = ETYPE_DES_CBC_MD5; + else if(key.keytype == ETYPE_DES_CBC_MD5) { + krb5_warnx(context, "keyfile already converted"); + ret = 0; + goto out2; + } else { + krb5_warnx(context, "bad encryption key type (%d)", key.keytype); + ret = 1; + goto out2; + } + asprintf(&fn, "%s.old", keyfile); + if(fn == NULL) { + krb5_warn(context, ENOMEM, "malloc"); + ret = 1; + goto out1; + } + if(rename(keyfile, fn) < 0) { + krb5_warn(context, errno, "rename"); + ret = 1; + goto out1; + } + write_keyfile(key); + krb5_free_keyblock_contents(context, &key); + return 0; +out1: + memset(buf, 0, sizeof(buf)); + return ret ? 1 : 0; +out2: + krb5_free_keyblock_contents(context, &key); + return ret ? 1 : 0; +} + +int +main(int argc, char **argv) { char buf[1024]; EncryptionKey key; FILE *f; - size_t len; - krb5_context context = NULL; krb5_program_setup(&context, argc, argv, args, num_args, NULL); if(help_flag) krb5_std_usage(0, args, num_args); - if(version_flag) - krb5_errx(context, 0, "%s", heimdal_version); + if(version_flag){ + print_version(NULL); + exit(0); + } + if(convert_flag) + exit(convert_file()); key.keytype = ETYPE_DES_CBC_MD5; /* XXX */ if(v4_keyfile){ @@ -90,16 +182,7 @@ int main(int argc, char **argv) krb5_string_to_key_salt(context, key.keytype, buf, salt, &key); } -#ifdef HAVE_UMASK - umask(077); -#endif - - f = fopen(keyfile, "w"); - if(f == NULL) - krb5_err(context, 1, errno, "fopen(%s)", keyfile); - encode_EncryptionKey((unsigned char *)buf + sizeof(buf) - 1, - sizeof(buf), &key, &len); - fwrite(buf + sizeof(buf) - len, len, 1, f); - fclose(f); + write_keyfile(key); + krb5_free_keyblock_contents(context, &key); exit(0); }