static void
parse_file(krb5_context context, krb5_principal principal, int no_salt)
{
krb5_error_code ret;
size_t nkeys;
Key *keys;
ret = hdb_generate_key_set(context, principal, &keys, &nkeys, no_salt);
if (ret)
krb5_err(context, 1, ret, "hdb_generate_key_set");
print_keys(context, keys, nkeys);
hdb_free_keys(context, nkeys, keys);
}
krb5_error_code
hdb_generate_key_set_password(krb5_context context,
krb5_principal principal,
const char *password,
krb5_key_salt_tuple *ks_tuple, int n_ks_tuple,
Key **keys, size_t *num_keys)
{
krb5_error_code ret;
size_t i;
ret = hdb_generate_key_set(context, principal, ks_tuple, n_ks_tuple,
keys, num_keys, 0);
if (ret)
return ret;
for (i = 0; i < (*num_keys); i++) {
krb5_salt salt;
Key *key = &(*keys)[i];
salt.salttype = key->salt->type;
salt.saltvalue.length = key->salt->salt.length;
salt.saltvalue.data = key->salt->salt.data;
ret = krb5_string_to_key_salt (context,
key->key.keytype,
password,
salt,
&key->key);
if(ret)
break;
}
if(ret) {
hdb_free_keys (context, *num_keys, *keys);
return ret;
}
return ret;
}
kadm5_ret_t
_kadm5_set_keys_randomly (kadm5_server_context *context,
hdb_entry *ent,
krb5_keyblock **new_keys,
int *n_keys)
{
krb5_keyblock *kblock = NULL;
kadm5_ret_t ret = 0;
int i, des_keyblock;
size_t num_keys;
Key *keys;
ret = hdb_generate_key_set(context->context, ent->principal,
&keys, &num_keys, 1);
if (ret)
return ret;
kblock = malloc(num_keys * sizeof(kblock[0]));
if (kblock == NULL) {
ret = ENOMEM;
_kadm5_free_keys (context->context, num_keys, keys);
return ret;
}
memset(kblock, 0, num_keys * sizeof(kblock[0]));
des_keyblock = -1;
for (i = 0; i < num_keys; i++) {
/*
* To make sure all des keys are the the same we generate only
* the first one and then copy key to all other des keys.
*/
if (des_keyblock != -1 && is_des_key_p(keys[i].key.keytype)) {
ret = krb5_copy_keyblock_contents (context->context,
&kblock[des_keyblock],
&kblock[i]);
if (ret)
goto out;
kblock[i].keytype = keys[i].key.keytype;
} else {
ret = krb5_generate_random_keyblock (context->context,
keys[i].key.keytype,
&kblock[i]);
if (ret)
goto out;
if (is_des_key_p(keys[i].key.keytype))
des_keyblock = i;
}
ret = krb5_copy_keyblock_contents (context->context,
&kblock[i],
&keys[i].key);
if (ret)
goto out;
}
out:
if(ret) {
for (i = 0; i < num_keys; ++i)
krb5_free_keyblock_contents (context->context, &kblock[i]);
free(kblock);
_kadm5_free_keys (context->context, num_keys, keys);
return ret;
}
_kadm5_free_keys (context->context, ent->keys.len, ent->keys.val);
ent->keys.val = keys;
ent->keys.len = num_keys;
*new_keys = kblock;
*n_keys = num_keys;
hdb_entry_set_pw_change_time(context->context, ent, 0);
hdb_entry_clear_password(context->context, ent);
return 0;
}