static void tokey(krb5_context context, krb5_enctype enctype, const char *pw, krb5_salt salt, const char *label) { krb5_error_code ret; size_t i; krb5_keyblock key; char *e; ret = krb5_string_to_key_salt(context, enctype, pw, salt, &key); if (ret) krb5_err(context, 1, ret, "krb5_string_to_key_salt"); ret = krb5_enctype_to_string(context, enctype, &e); if (ret) krb5_err(context, 1, ret, "krb5_enctype_to_string"); printf(label, e); printf(": "); for(i = 0; i < key.keyvalue.length; i++) printf("%02x", ((unsigned char*)key.keyvalue.data)[i]); printf("\n"); krb5_free_keyblock_contents(context, &key); free(e); }
KRB5_DEPRECATED KRB5_LIB_FUNCTION krb5_error_code KRB5_CALLCONV krb5_password_key_proc (krb5_context context, krb5_enctype type, krb5_salt salt, krb5_const_pointer keyseed, krb5_keyblock **key) { krb5_error_code ret; const char *password = (const char *)keyseed; char buf[BUFSIZ]; *key = malloc (sizeof (**key)); if (*key == NULL) { krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } if (password == NULL) { if(UI_UTIL_read_pw_string (buf, sizeof(buf), "Password: ", 0)) { free (*key); krb5_clear_error_message(context); return KRB5_LIBOS_PWDINTR; } password = buf; } ret = krb5_string_to_key_salt (context, type, password, salt, *key); memset (buf, 0, sizeof(buf)); return ret; }
int create_kerberos_key_from_string_direct(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype) { int ret; krb5_salt salt; ret = krb5_get_pw_salt(context, host_princ, &salt); if (ret) { DEBUG(1,("krb5_get_pw_salt failed (%s)\n", error_message(ret))); return ret; } ret = krb5_string_to_key_salt(context, enctype, (const char *)password->data, salt, key); krb5_free_salt(context, salt); return ret; }
krb5_error_code hdb_generate_key_set_password(krb5_context context, krb5_principal principal, const char *password, krb5_key_salt_tuple *ks_tuple, int n_ks_tuple, Key **keys, size_t *num_keys) { krb5_error_code ret; size_t i; ret = hdb_generate_key_set(context, principal, ks_tuple, n_ks_tuple, keys, num_keys, 0); if (ret) return ret; for (i = 0; i < (*num_keys); i++) { krb5_salt salt; Key *key = &(*keys)[i]; salt.salttype = key->salt->type; salt.saltvalue.length = key->salt->salt.length; salt.saltvalue.data = key->salt->salt.data; ret = krb5_string_to_key_salt (context, key->key.keytype, password, salt, &key->key); if(ret) break; } if(ret) { hdb_free_keys (context, *num_keys, *keys); return ret; } return ret; }
static krb5_error_code kcm_password_key_proc(krb5_context context, krb5_enctype etype, krb5_salt salt, krb5_const_pointer keyseed, krb5_keyblock **key) { krb5_error_code ret; struct kcm_keyseed_data *s = (struct kcm_keyseed_data *)keyseed; /* we may be called multiple times */ krb5_free_salt(context, s->salt); krb5_data_zero(&s->salt.saltvalue); /* stash the salt */ s->salt.salttype = salt.salttype; ret = krb5_data_copy(&s->salt.saltvalue, salt.saltvalue.data, salt.saltvalue.length); if (ret) return ret; *key = (krb5_keyblock *)malloc(sizeof(**key)); if (*key == NULL) { return ENOMEM; } ret = krb5_string_to_key_salt(context, etype, s->password, s->salt, *key); if (ret) { free(*key); *key = NULL; } return ret; }
krb5KeyblockObject *keyblock_new(PyObject *unused, PyObject *args) { krb5_error_code ret; krb5ContextObject *context; krb5EnctypeObject *enctype; char *password; PyObject *arg; krb5KeyblockObject *self = (krb5KeyblockObject *) PyObject_New(krb5KeyblockObject, &krb5KeyblockType); int error = 0; if (!PyArg_ParseTuple(args, "OOsO", &context, &enctype, &password, &arg)) return NULL; if (self == NULL) return NULL; self->context = context->context; #if PY_MAJOR_VERSION >= 2 && PY_MINOR_VERSION >= 2 if (PyObject_TypeCheck(arg, &krb5SaltType)) { krb5SaltObject *salt = (krb5SaltObject*)arg; ret = krb5_string_to_key_salt(context->context, enctype->enctype, password, salt->salt, &self->keyblock); } else if (PyObject_TypeCheck(arg, &krb5PrincipalType)) { #else if (1) { #endif krb5PrincipalObject *principal = (krb5PrincipalObject*)arg; ret = krb5_string_to_key(context->context, enctype->enctype, password, principal->principal, &self->keyblock); } else { PyErr_SetString(PyExc_TypeError, "either principal or salt needs to be passed"); error = 1; goto out; } if (ret) { error = 1; krb5_exception(NULL, ret); goto out; } out: if (error) return NULL; else return self; } krb5KeyblockObject *keyblock_raw_new(PyObject *unused, PyObject *args) { krb5_error_code ret; krb5ContextObject *py_context; PyObject *py_enctype; PyObject *py_key; uint8_t *key_buf; size_t key_len; krb5_enctype enctype; int error = 0; krb5KeyblockObject *self = (krb5KeyblockObject *) PyObject_NEW(krb5KeyblockObject, &krb5KeyblockType); if (!PyArg_ParseTuple(args, "O!OS", &krb5ContextType, &py_context, &py_enctype, &py_key)) return NULL; if (self == NULL) return NULL; self->context = py_context->context; if (PyObject_TypeCheck(py_enctype, &krb5EnctypeType)) { krb5EnctypeObject *enctype_obj = (krb5EnctypeObject*)py_enctype; enctype = enctype_obj>enctype; } else if (PyInt_Check(py_enctype)) { enctype = PyInt_AsLong(py_enctype); } else { PyErr_SetString(PyExc_TypeError, "enctype must be of type integer or krb5EnctypeObject"); error = 1; goto out; } key_buf = (uint8_t *) PyString_AsString(py_key); key_len = PyString_Size(py_key); ret = krb5_keyblock_init(py_context->context, enctype, key_buf, key_len, &self->keyblock); if (ret) { error = 1; krb5_exception(NULL, ret); goto out; } out: if (error) return NULL; else return self; }
int main(int argc, char **argv) { char buf[1024]; krb5_error_code ret; krb5_enctype enctype; hdb_master_key mkey; krb5_program_setup(&context, argc, argv, args, num_args, NULL); if(help_flag) krb5_std_usage(0, args, num_args); if(version_flag){ print_version(NULL); exit(0); } if (master_key_fd != -1 && random_key_flag) krb5_errx(context, 1, "random-key and master-key-fd " "is mutual exclusive"); if (keyfile == NULL) asprintf(&keyfile, "%s/m-key", hdb_db_dir(context)); ret = krb5_string_to_enctype(context, enctype_str, &enctype); if(ret) krb5_err(context, 1, ret, "krb5_string_to_enctype"); ret = hdb_read_master_key(context, keyfile, &mkey); if(ret && ret != ENOENT) krb5_err(context, 1, ret, "reading master key from %s", keyfile); if (convert_flag) { if (ret) krb5_err(context, 1, ret, "reading master key from %s", keyfile); } else { krb5_keyblock key; krb5_salt salt; salt.salttype = KRB5_PW_SALT; /* XXX better value? */ salt.saltvalue.data = NULL; salt.saltvalue.length = 0; if (random_key_flag) { ret = krb5_generate_random_keyblock(context, enctype, &key); if (ret) krb5_err(context, 1, ret, "krb5_generate_random_keyblock"); } else { if(master_key_fd != -1) { ssize_t n; n = read(master_key_fd, buf, sizeof(buf)); if(n <= 0) krb5_err(context, 1, errno, "failed to read passphrase"); buf[n] = '\0'; buf[strcspn(buf, "\r\n")] = '\0'; } else { if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Master key: ", 1)) exit(1); } krb5_string_to_key_salt(context, enctype, buf, salt, &key); } ret = hdb_add_master_key(context, &key, &mkey); krb5_free_keyblock_contents(context, &key); } { char *new, *old; asprintf(&old, "%s.old", keyfile); asprintf(&new, "%s.new", keyfile); if(unlink(new) < 0 && errno != ENOENT) { ret = errno; goto out; } krb5_warnx(context, "writing key to `%s'", keyfile); ret = hdb_write_master_key(context, new, mkey); if(ret) unlink(new); else { #ifndef NO_POSIX_LINKS unlink(old); if(link(keyfile, old) < 0 && errno != ENOENT) { ret = errno; unlink(new); } else { #endif if(rename(new, keyfile) < 0) {
int stash(struct stash_options *opt, int argc, char **argv) { char buf[1024]; krb5_error_code ret; krb5_enctype enctype; hdb_master_key mkey; int aret; if(!local_flag) { krb5_warnx(context, "stash is only available in local (-l) mode"); return 0; } ret = krb5_string_to_enctype(context, opt->enctype_string, &enctype); if(ret) { krb5_warn(context, ret, "%s", opt->enctype_string); return 0; } if(opt->key_file_string == NULL) { aret = asprintf(&opt->key_file_string, "%s/m-key", hdb_db_dir(context)); if (aret == -1) errx(1, "out of memory"); } ret = hdb_read_master_key(context, opt->key_file_string, &mkey); if(ret && ret != ENOENT) { krb5_warn(context, ret, "reading master key from %s", opt->key_file_string); return 0; } if (opt->convert_file_flag) { if (ret) krb5_warn(context, ret, "reading master key from %s", opt->key_file_string); return 0; } else { krb5_keyblock key; krb5_salt salt; salt.salttype = KRB5_PW_SALT; /* XXX better value? */ salt.saltvalue.data = NULL; salt.saltvalue.length = 0; if(opt->master_key_fd_integer != -1) { ssize_t n; n = read(opt->master_key_fd_integer, buf, sizeof(buf)); if(n == 0) krb5_warnx(context, "end of file reading passphrase"); else if(n < 0) { krb5_warn(context, errno, "reading passphrase"); n = 0; } buf[n] = '\0'; buf[strcspn(buf, "\r\n")] = '\0'; } else if (opt->random_password_flag) { random_password (buf, sizeof(buf)); printf("Using random master stash password: %s\n", buf); } else { if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Master key: ", 1)) { hdb_free_master_key(context, mkey); return 0; } } ret = krb5_string_to_key_salt(context, enctype, buf, salt, &key); ret = hdb_add_master_key(context, &key, &mkey); krb5_free_keyblock_contents(context, &key); } { char *new = NULL, *old = NULL; int aret; aret = asprintf(&old, "%s.old", opt->key_file_string); if (aret == -1) { ret = ENOMEM; goto out; } aret = asprintf(&new, "%s.new", opt->key_file_string); if (aret == -1) { ret = ENOMEM; goto out; } if(unlink(new) < 0 && errno != ENOENT) { ret = errno; goto out; } krb5_warnx(context, "writing key to \"%s\"", opt->key_file_string); ret = hdb_write_master_key(context, new, mkey); if(ret) unlink(new); else { unlink(old); #ifndef NO_POSIX_LINKS if(link(opt->key_file_string, old) < 0 && errno != ENOENT) { ret = errno; unlink(new); } else { #endif if(rename(new, opt->key_file_string) < 0) {