diff options
| author | Greg Hudson <ghudson@mit.edu> | 2009-01-29 19:07:52 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2009-01-29 19:07:52 +0000 |
| commit | c4a2a012cd6497b966b9a0a9ec4d4aca4220fd78 (patch) | |
| tree | 8bf3cd41f9a3efe15f7972b6f6a743b8dbd8e196 /src/kadmin/dbutil/kdb5_stash.c | |
| parent | a364635f2b764772ddbb7fca739c58935099a023 (diff) | |
| download | krb5-c4a2a012cd6497b966b9a0a9ec4d4aca4220fd78.zip krb5-c4a2a012cd6497b966b9a0a9ec4d4aca4220fd78.tar.gz krb5-c4a2a012cd6497b966b9a0a9ec4d4aca4220fd78.tar.bz2 | |
Implement krb5_db_store_master_key_list.
Make "kdb5_util stash" store the full master key list.
Make "kdb5_util stash" use a preexisting stashed key if available.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21827 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kadmin/dbutil/kdb5_stash.c')
| -rw-r--r-- | src/kadmin/dbutil/kdb5_stash.c | 49 |
1 files changed, 26 insertions, 23 deletions
diff --git a/src/kadmin/dbutil/kdb5_stash.c b/src/kadmin/dbutil/kdb5_stash.c index 3583a32..cdd947a 100644 --- a/src/kadmin/dbutil/kdb5_stash.c +++ b/src/kadmin/dbutil/kdb5_stash.c @@ -60,6 +60,7 @@ #include "kdb5_util.h" extern krb5_keyblock master_keyblock; +extern krb5_keylist_node *master_keylist; extern krb5_principal master_princ; extern kadm5_config_params global_params; @@ -145,36 +146,38 @@ kdb5_stash(argc, argv) else mkey_kvno = IGNORE_VNO; /* use whatever krb5_db_fetch_mkey finds */ - /* TRUE here means read the keyboard, but only once */ - retval = krb5_db_fetch_mkey(context, master_princ, - master_keyblock.enctype, - TRUE, FALSE, (char *) NULL, - &mkey_kvno, - NULL, &master_keyblock); - if (retval) { - com_err(progname, retval, "while reading master key"); - (void) krb5_db_fini(context); - exit_status++; return; - } + if (!valid_master_key) { + /* TRUE here means read the keyboard, but only once */ + retval = krb5_db_fetch_mkey(context, master_princ, + master_keyblock.enctype, + TRUE, FALSE, (char *) NULL, + &mkey_kvno, + NULL, &master_keyblock); + if (retval) { + com_err(progname, retval, "while reading master key"); + (void) krb5_db_fini(context); + exit_status++; return; + } - retval = krb5_db_verify_master_key(context, master_princ, - mkey_kvno, - &master_keyblock); - if (retval) { - com_err(progname, retval, "while verifying master key"); - (void) krb5_db_fini(context); - exit_status++; return; - } + retval = krb5_db_fetch_mkey_list(context, master_princ, + &master_keyblock, mkey_kvno, + &master_keylist); + if (retval) { + com_err(progname, retval, "while getting master key list"); + (void) krb5_db_fini(context); + exit_status++; return; + } + } else { + printf("Using existing stashed keys to update stash file.\n"); + } - retval = krb5_db_store_master_key(context, keyfile, master_princ, - mkey_kvno, &master_keyblock, NULL); + retval = krb5_db_store_master_key_list(context, keyfile, master_princ, + master_keylist, NULL); if (retval) { com_err(progname, errno, "while storing key"); - memset((char *)master_keyblock.contents, 0, master_keyblock.length); (void) krb5_db_fini(context); exit_status++; return; } - memset((char *)master_keyblock.contents, 0, master_keyblock.length); retval = krb5_db_fini(context); if (retval) { |