memset(&new_key_data, 0, sizeof(new_key_data));
- if (is_mkey) {
- key_ptr = &new_master_keyblock;
- /* override mkey princ's kvno */
- if (global_params.mask & KADM5_CONFIG_KVNO)
- kvno = global_params.kvno;
- else
- kvno = (krb5_kvno) key_data->key_data_kvno;
- } else {
- key_ptr = &v5plainkey;
- kvno = (krb5_kvno) key_data->key_data_kvno;
- }
+ if (is_mkey) {
+ key_ptr = &new_master_keyblock;
+ /* override mkey princ's kvno */
+ if (global_params.mask & KADM5_CONFIG_KVNO)
+ kvno = global_params.kvno;
+ else
+ kvno = (krb5_kvno) key_data->key_data_kvno;
+ } else {
+ key_ptr = &v5plainkey;
+ kvno = (krb5_kvno) key_data->key_data_kvno;
+ }
retval = krb5_dbekd_encrypt_key_data(context, &new_master_keyblock,
key_ptr, &keysalt,
master_keyblock.enctype,
TRUE, FALSE,
(char *) NULL,
- NULL, NULL,
+ NULL, NULL,
&master_keyblock);
if (retval) {
com_err(argv[0], retval,
}
retval = krb5_db_verify_master_key(util_context,
master_princ,
- IGNORE_VNO,
+ IGNORE_VNO,
&master_keyblock);
if (retval) {
com_err(argv[0], retval,
if (new_master_keyblock.enctype == ENCTYPE_UNKNOWN)
new_master_keyblock.enctype = DEFAULT_KDC_ENCTYPE;
- if (new_mkey_file) {
- krb5_kvno kt_kvno;
-
- if (global_params.mask & KADM5_CONFIG_KVNO)
- kt_kvno = global_params.kvno;
- else
- kt_kvno = IGNORE_VNO;
-
- if ((retval = krb5_db_fetch_mkey(util_context, master_princ,
- new_master_keyblock.enctype,
- FALSE,
- FALSE,
- new_mkey_file,
- &kt_kvno,
- NULL,
- &new_master_keyblock))) {
- com_err(argv[0], retval, "while reading new master key");
- exit(1);
- }
- } else {
- printf("Please enter new master key....\n");
- if ((retval = krb5_db_fetch_mkey(util_context, master_princ,
- new_master_keyblock.enctype,
- TRUE,
- TRUE,
- NULL, NULL, NULL,
- &new_master_keyblock))) {
- com_err(argv[0], retval, "while reading new master key");
- exit(1);
- }
- }
+ if (new_mkey_file) {
+ krb5_kvno kt_kvno;
+
+ if (global_params.mask & KADM5_CONFIG_KVNO)
+ kt_kvno = global_params.kvno;
+ else
+ kt_kvno = IGNORE_VNO;
+
+ if ((retval = krb5_db_fetch_mkey(util_context, master_princ,
+ new_master_keyblock.enctype,
+ FALSE,
+ FALSE,
+ new_mkey_file,
+ &kt_kvno,
+ NULL,
+ &new_master_keyblock))) {
+ com_err(argv[0], retval, "while reading new master key");
+ exit(1);
+ }
+ } else {
+ printf("Please enter new master key....\n");
+ if ((retval = krb5_db_fetch_mkey(util_context, master_princ,
+ new_master_keyblock.enctype,
+ TRUE,
+ TRUE,
+ NULL, NULL, NULL,
+ &new_master_keyblock))) {
+ com_err(argv[0], retval, "while reading new master key");
+ exit(1);
+ }
+ }
}
kret = 0;
char *krb5_mkey_pwd_prompt2 = KRB5_KDC_MKEY_2;
krb5_error_code
-krb5_db_fetch_mkey( krb5_context context,
- krb5_principal mname,
- krb5_enctype etype,
- krb5_boolean fromkeyboard,
- krb5_boolean twice,
- char * db_args,
- krb5_kvno * kvno,
- krb5_data * salt,
- krb5_keyblock * key)
+krb5_db_fetch_mkey(krb5_context context,
+ krb5_principal mname,
+ krb5_enctype etype,
+ krb5_boolean fromkeyboard,
+ krb5_boolean twice,
+ char * db_args,
+ krb5_kvno * kvno,
+ krb5_data * salt,
+ krb5_keyblock * key)
{
krb5_error_code retval;
char password[BUFSIZ];
}
krb5_error_code
-krb5_db_verify_master_key( krb5_context kcontext,
- krb5_principal mprinc,
- krb5_kvno kvno,
- krb5_keyblock * mkey)
+krb5_db_verify_master_key(krb5_context kcontext,
+ krb5_principal mprinc,
+ krb5_kvno kvno,
+ krb5_keyblock * mkey)
{
krb5_error_code status = 0;
kdb5_dal_handle *dal_handle;
/* Use temp keytab file name in case creation of keytab fails */
/* create temp file template for use by mktemp() */
- if ((retval = asprintf(&tmp_ktname, "WRFILE:%s_XXXXX", keyfile)) < 0) {
+ if ((retval = asprintf(&tmp_ktname, "WRFILE:%s_XXXXXX", keyfile)) < 0) {
krb5_set_error_message (context, retval,
"Could not create temp keytab file name.");
goto out;
}
static krb5_error_code
-krb5_db_def_fetch_mkey_stash( krb5_context context,
- const char *keyfile,
- krb5_keyblock *key,
- krb5_kvno *kvno)
+krb5_db_def_fetch_mkey_stash(krb5_context context,
+ const char *keyfile,
+ krb5_keyblock *key,
+ krb5_kvno *kvno)
{
krb5_error_code retval = 0;
krb5_ui_2 enctype;
}
static krb5_error_code
-krb5_db_def_fetch_mkey_keytab( krb5_context context,
- const char *keyfile,
- krb5_principal mname,
- krb5_keyblock *key,
- krb5_kvno *kvno)
+krb5_db_def_fetch_mkey_keytab(krb5_context context,
+ const char *keyfile,
+ krb5_principal mname,
+ krb5_keyblock *key,
+ krb5_kvno *kvno)
{
krb5_error_code retval = 0;
krb5_keytab kt;
* same as the one returned from the keytab.
*/
if (kvno != NULL && *kvno == IGNORE_VNO)
- *kvno = kt_ent.vno;
+ *kvno = kt_ent.vno;
/*
* kt_ent will be free'd so need to allocate and copy key contents for
}
krb5_error_code
-krb5_db_def_fetch_mkey( krb5_context context,
- krb5_principal mname,
- krb5_keyblock *key,
- krb5_kvno *kvno,
- char *db_args)
+krb5_db_def_fetch_mkey(krb5_context context,
+ krb5_principal mname,
+ krb5_keyblock *key,
+ krb5_kvno *kvno,
+ char *db_args)
{
krb5_error_code retval_ofs = 0, retval_kt = 0;
char keyfile[MAXPATHLEN+1];
}
krb5_error_code
-krb5_def_verify_master_key( krb5_context context,
- krb5_principal mprinc,
- krb5_kvno kvno,
- krb5_keyblock *mkey)
+krb5_def_verify_master_key(krb5_context context,
+ krb5_principal mprinc,
+ krb5_kvno kvno,
+ krb5_keyblock *mkey)
{
krb5_error_code retval;
krb5_db_entry master_entry;
projects / thirdparty / krb5.git / commitdiff
