int main(int argc, char **argv) { krb5_context context; int ret, o = 0; setprogname(argv[0]); if(getarg(args, num_args, argc, argv, &o)) krb5_std_usage(1, args, num_args); if(help_flag) krb5_std_usage(0, args, num_args); if(version_flag){ print_version(NULL); exit(0); } ret = krb5_init_context(&context); if (ret) errx(1, "krb5_init_context failed: %d", ret); if (mkey_file) { hdb_master_key mkey; ret = hdb_read_master_key(context, mkey_file, &mkey); if (ret) krb5_err(context, 1, ret, "failed to read master key %s", mkey_file); hdb_free_master_key(context, mkey); } else krb5_errx(context, 1, "no command option given"); krb5_free_context(context); return 0; }
int main(int argc, char **argv) { krb5_error_code ret; krb5_context context; krb5_ccache ccache = NULL; HDB *db = NULL; int optidx = 0; int type, exit_code; setprogname(argv[0]); if(getarg(args, num_args, argc, argv, &optidx)) usage(1); if(help_flag) usage(0); if(version_flag){ print_version(NULL); exit(0); } ret = krb5_init_context(&context); if(ret) exit(1); /* We may be reading an old database encrypted with a DES master key. */ ret = krb5_allow_weak_crypto(context, 1); if(ret) krb5_err(context, 1, ret, "krb5_allow_weak_crypto"); if(local_realm) krb5_set_default_realm(context, local_realm); if(encrypt_flag && decrypt_flag) krb5_errx(context, 1, "only one of `--encrypt' and `--decrypt' is meaningful"); if(source_type != NULL) { type = parse_source_type(source_type); if(type == 0) krb5_errx(context, 1, "unknown source type `%s'", source_type); } else type = HPROP_HEIMDAL; if(!to_stdout) get_creds(context, &ccache); if(decrypt_flag || encrypt_flag) { ret = hdb_read_master_key(context, mkeyfile, &mkey5); if(ret && ret != ENOENT) krb5_err(context, 1, ret, "hdb_read_master_key"); if(ret) krb5_errx(context, 1, "No master key file found"); } switch(type) { case HPROP_MIT_DUMP: if (database == NULL) krb5_errx(context, 1, "no dump file specified"); break; case HPROP_HEIMDAL: ret = hdb_create (context, &db, database); if(ret) krb5_err(context, 1, ret, "hdb_create: %s", database); ret = db->hdb_open(context, db, O_RDONLY, 0); if(ret) krb5_err(context, 1, ret, "db->hdb_open"); break; default: krb5_errx(context, 1, "unknown dump type `%d'", type); break; } if (to_stdout) exit_code = dump_database (context, type, database, db); else exit_code = propagate_database (context, type, database, db, ccache, optidx, argc, argv); if(ccache != NULL) krb5_cc_destroy(context, ccache); if(db != NULL) (*db->hdb_destroy)(context, db); krb5_free_context(context); return exit_code; }
int main(int argc, char **argv) { krb5_error_code ret; krb5_context context; krb5_ccache ccache = NULL; HDB *db = NULL; int optidx = 0; int type, exit_code; setprogname(argv[0]); if(getarg(args, num_args, argc, argv, &optidx)) usage(1); if(help_flag) usage(0); if(version_flag){ print_version(NULL); exit(0); } ret = krb5_init_context(&context); if(ret) exit(1); if(local_realm) krb5_set_default_realm(context, local_realm); if(v4_realm == NULL) { ret = krb5_get_default_realm(context, &v4_realm); if(ret) krb5_err(context, 1, ret, "krb5_get_default_realm"); } if(afs_cell == NULL) { afs_cell = strdup(v4_realm); if(afs_cell == NULL) krb5_errx(context, 1, "out of memory"); strlwr(afs_cell); } if(encrypt_flag && decrypt_flag) krb5_errx(context, 1, "only one of `--encrypt' and `--decrypt' is meaningful"); if(source_type != NULL) { type = parse_source_type(source_type); if(type == 0) krb5_errx(context, 1, "unknown source type `%s'", source_type); } else type = HPROP_HEIMDAL; if(!to_stdout) get_creds(context, &ccache); if(decrypt_flag || encrypt_flag) { ret = hdb_read_master_key(context, mkeyfile, &mkey5); if(ret && ret != ENOENT) krb5_err(context, 1, ret, "hdb_read_master_key"); if(ret) krb5_errx(context, 1, "No master key file found"); } if (IS_TYPE_V4(type) && v4_realm == NULL) krb5_errx(context, 1, "Its a Kerberos 4 database " "but no realm configured"); switch(type) { case HPROP_KASERVER: if (database == NULL) database = DEFAULT_DATABASE; ka_use_null_salt = krb5_config_get_bool_default(context, NULL, FALSE, "hprop", "afs_uses_null_salt", NULL); break; case HPROP_KRB4_DUMP: if (database == NULL) krb5_errx(context, 1, "no dump file specified"); break; case HPROP_MIT_DUMP: if (database == NULL) krb5_errx(context, 1, "no dump file specified"); break; case HPROP_HEIMDAL: ret = hdb_create (context, &db, database); if(ret) krb5_err(context, 1, ret, "hdb_create: %s", database); ret = db->hdb_open(context, db, O_RDONLY, 0); if(ret) krb5_err(context, 1, ret, "db->hdb_open"); break; default: krb5_errx(context, 1, "unknown dump type `%d'", type); break; } if (to_stdout) exit_code = dump_database (context, type, database, db); else exit_code = propagate_database (context, type, database, db, ccache, optidx, argc, argv); if(ccache != NULL) krb5_cc_destroy(context, ccache); if(db != NULL) (*db->hdb_destroy)(context, db); krb5_free_context(context); return exit_code; }
int main(int argc, char **argv) { char buf[1024]; krb5_error_code ret; krb5_enctype enctype; hdb_master_key mkey; krb5_program_setup(&context, argc, argv, args, num_args, NULL); if(help_flag) krb5_std_usage(0, args, num_args); if(version_flag){ print_version(NULL); exit(0); } if (master_key_fd != -1 && random_key_flag) krb5_errx(context, 1, "random-key and master-key-fd " "is mutual exclusive"); if (keyfile == NULL) asprintf(&keyfile, "%s/m-key", hdb_db_dir(context)); ret = krb5_string_to_enctype(context, enctype_str, &enctype); if(ret) krb5_err(context, 1, ret, "krb5_string_to_enctype"); ret = hdb_read_master_key(context, keyfile, &mkey); if(ret && ret != ENOENT) krb5_err(context, 1, ret, "reading master key from %s", keyfile); if (convert_flag) { if (ret) krb5_err(context, 1, ret, "reading master key from %s", keyfile); } else { krb5_keyblock key; krb5_salt salt; salt.salttype = KRB5_PW_SALT; /* XXX better value? */ salt.saltvalue.data = NULL; salt.saltvalue.length = 0; if (random_key_flag) { ret = krb5_generate_random_keyblock(context, enctype, &key); if (ret) krb5_err(context, 1, ret, "krb5_generate_random_keyblock"); } else { if(master_key_fd != -1) { ssize_t n; n = read(master_key_fd, buf, sizeof(buf)); if(n <= 0) krb5_err(context, 1, errno, "failed to read passphrase"); buf[n] = '\0'; buf[strcspn(buf, "\r\n")] = '\0'; } else { if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Master key: ", 1)) exit(1); } krb5_string_to_key_salt(context, enctype, buf, salt, &key); } ret = hdb_add_master_key(context, &key, &mkey); krb5_free_keyblock_contents(context, &key); } { char *new, *old; asprintf(&old, "%s.old", keyfile); asprintf(&new, "%s.new", keyfile); if(unlink(new) < 0 && errno != ENOENT) { ret = errno; goto out; } krb5_warnx(context, "writing key to `%s'", keyfile); ret = hdb_write_master_key(context, new, mkey); if(ret) unlink(new); else { #ifndef NO_POSIX_LINKS unlink(old); if(link(keyfile, old) < 0 && errno != ENOENT) { ret = errno; unlink(new); } else { #endif if(rename(new, keyfile) < 0) {
int stash(struct stash_options *opt, int argc, char **argv) { char buf[1024]; krb5_error_code ret; krb5_enctype enctype; hdb_master_key mkey; int aret; if(!local_flag) { krb5_warnx(context, "stash is only available in local (-l) mode"); return 0; } ret = krb5_string_to_enctype(context, opt->enctype_string, &enctype); if(ret) { krb5_warn(context, ret, "%s", opt->enctype_string); return 0; } if(opt->key_file_string == NULL) { aret = asprintf(&opt->key_file_string, "%s/m-key", hdb_db_dir(context)); if (aret == -1) errx(1, "out of memory"); } ret = hdb_read_master_key(context, opt->key_file_string, &mkey); if(ret && ret != ENOENT) { krb5_warn(context, ret, "reading master key from %s", opt->key_file_string); return 0; } if (opt->convert_file_flag) { if (ret) krb5_warn(context, ret, "reading master key from %s", opt->key_file_string); return 0; } else { krb5_keyblock key; krb5_salt salt; salt.salttype = KRB5_PW_SALT; /* XXX better value? */ salt.saltvalue.data = NULL; salt.saltvalue.length = 0; if(opt->master_key_fd_integer != -1) { ssize_t n; n = read(opt->master_key_fd_integer, buf, sizeof(buf)); if(n == 0) krb5_warnx(context, "end of file reading passphrase"); else if(n < 0) { krb5_warn(context, errno, "reading passphrase"); n = 0; } buf[n] = '\0'; buf[strcspn(buf, "\r\n")] = '\0'; } else if (opt->random_password_flag) { random_password (buf, sizeof(buf)); printf("Using random master stash password: %s\n", buf); } else { if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Master key: ", 1)) { hdb_free_master_key(context, mkey); return 0; } } ret = krb5_string_to_key_salt(context, enctype, buf, salt, &key); ret = hdb_add_master_key(context, &key, &mkey); krb5_free_keyblock_contents(context, &key); } { char *new = NULL, *old = NULL; int aret; aret = asprintf(&old, "%s.old", opt->key_file_string); if (aret == -1) { ret = ENOMEM; goto out; } aret = asprintf(&new, "%s.new", opt->key_file_string); if (aret == -1) { ret = ENOMEM; goto out; } if(unlink(new) < 0 && errno != ENOENT) { ret = errno; goto out; } krb5_warnx(context, "writing key to \"%s\"", opt->key_file_string); ret = hdb_write_master_key(context, new, mkey); if(ret) unlink(new); else { unlink(old); #ifndef NO_POSIX_LINKS if(link(opt->key_file_string, old) < 0 && errno != ENOENT) { ret = errno; unlink(new); } else { #endif if(rename(new, opt->key_file_string) < 0) {