krb5 commit: Add ktutil add_entry option to specify salt

Greg Hudson ghudson at mit.edu
Tue Jun 13 20:00:14 EDT 2017 

https://github.com/krb5/krb5/commit/1a3f7ce0708a0695fd93c2445cf1fd0401ce00d4
commit 1a3f7ce0708a0695fd93c2445cf1fd0401ce00d4
Author: Mubashir Kazia <mkazia at gmail.com>
Date:   Sun Jun 11 13:30:34 2017 +0000

    Add ktutil add_entry option to specify salt
    
    [ghudson at mit.edu: also fix minor leak in ktutil_add()]
    
    ticket: 7647

 doc/admin/admin_commands/ktutil.rst |    2 +-
 src/kadmin/ktutil/ktutil.c          |   13 ++++++++++---
 src/kadmin/ktutil/ktutil.h          |    3 ++-
 src/kadmin/ktutil/ktutil_funcs.c    |   17 ++++++++++++-----
 src/man/ktutil.man                  |    2 +-
 5 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/doc/admin/admin_commands/ktutil.rst b/doc/admin/admin_commands/ktutil.rst
index d55ddc8..2eb19de 100644
--- a/doc/admin/admin_commands/ktutil.rst
+++ b/doc/admin/admin_commands/ktutil.rst
@@ -87,7 +87,7 @@ add_entry
 ~~~~~~~~~
 
     **add_entry** {**-key**\|\ **-password**} **-p** *principal*
-    **-k** *kvno* **-e** *enctype*
+    **-k** *kvno* **-e** *enctype* [**-s** *salt*]
 
 Add *principal* to keylist using key or password.
 
diff --git a/src/kadmin/ktutil/ktutil.c b/src/kadmin/ktutil/ktutil.c
index 86e3d9b..6a8586d 100644
--- a/src/kadmin/ktutil/ktutil.c
+++ b/src/kadmin/ktutil/ktutil.c
@@ -141,6 +141,7 @@ void ktutil_add_entry(argc, argv)
     char *enctype = NULL;
     krb5_kvno kvno = 0;
     int use_pass = 0, use_key = 0, use_kvno = 0, i;
+    char *salt = NULL;
 
     for (i = 1; i < argc; i++) {
         if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-p", 2)) {
@@ -164,16 +165,22 @@ void ktutil_add_entry(argc, argv)
             use_key++;
             continue;
         }
+        if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-s", 2)) {
+            salt = argv[++i];
+            continue;
+        }
     }
 
-    if (argc != 8 || !(princ && use_kvno && enctype) ||
+    if (!((argc == 8 && princ && use_kvno && enctype) ||
+          (argc == 10 && princ && use_kvno && enctype && salt)) ||
         use_pass + use_key != 1) {
         fprintf(stderr, _("usage: %s (-key | -password) -p principal "
-                          "-k kvno -e enctype\n"), argv[0]);
+                          "-k kvno -e enctype [-s salt]\n"), argv[0]);
         return;
     }
 
-    retval = ktutil_add(kcontext, &ktlist, princ, kvno, enctype, use_pass);
+    retval = ktutil_add(kcontext, &ktlist, princ, kvno, enctype, use_pass,
+                        salt);
     if (retval)
         com_err(argv[0], retval, _("while adding new entry"));
 }
diff --git a/src/kadmin/ktutil/ktutil.h b/src/kadmin/ktutil/ktutil.h
index c4839ff..8bf4915 100644
--- a/src/kadmin/ktutil/ktutil.h
+++ b/src/kadmin/ktutil/ktutil.h
@@ -38,7 +38,8 @@ krb5_error_code ktutil_add (krb5_context,
                             char *,
                             krb5_kvno,
                             char *,
-                            int);
+                            int,
+                            char *);
 
 krb5_error_code ktutil_read_keytab (krb5_context,
                                     char *,
diff --git a/src/kadmin/ktutil/ktutil_funcs.c b/src/kadmin/ktutil/ktutil_funcs.c
index 20a348c..7a3aa0d 100644
--- a/src/kadmin/ktutil/ktutil_funcs.c
+++ b/src/kadmin/ktutil/ktutil_funcs.c
@@ -87,13 +87,14 @@ krb5_error_code ktutil_delete(context, list, idx)
  * one first.
  */
 krb5_error_code ktutil_add(context, list, princ_str, kvno,
-                           enctype_str, use_pass)
+                           enctype_str, use_pass, salt_str)
     krb5_context context;
     krb5_kt_list *list;
     char *princ_str;
     krb5_kvno kvno;
     char *enctype_str;
     int use_pass;
+    char *salt_str;
 {
     krb5_keytab_entry *entry;
     krb5_kt_list lp = NULL, prev = NULL;
@@ -101,7 +102,7 @@ krb5_error_code ktutil_add(context, list, princ_str, kvno,
     krb5_enctype enctype;
     krb5_timestamp now;
     krb5_error_code retval;
-    krb5_data password, salt;
+    krb5_data password, salt, defsalt = empty_data();
     krb5_keyblock key;
     char buf[BUFSIZ];
     char promptstr[1024];
@@ -165,9 +166,14 @@ krb5_error_code ktutil_add(context, list, princ_str, kvno,
                                     &password.length);
         if (retval)
             goto cleanup;
-        retval = krb5_principal2salt(context, princ, &salt);
-        if (retval)
-            goto cleanup;
+        if (salt_str != NULL) {
+            salt = string2data(salt_str);
+        } else {
+            retval = krb5_principal2salt(context, princ, &defsalt);
+            if (retval)
+                goto cleanup;
+            salt = defsalt;
+        }
         retval = krb5_c_string_to_key(context, enctype, &password,
                                       &salt, &key);
         if (retval)
@@ -225,6 +231,7 @@ cleanup:
     if (prev)
         prev->next = NULL;
     ktutil_free_kt_list(context, lp);
+    krb5_free_data_contents(context, &defsalt);
     return retval;
 }
 
diff --git a/src/man/ktutil.man b/src/man/ktutil.man
index f0bf88f..3498b65 100644
--- a/src/man/ktutil.man
+++ b/src/man/ktutil.man
@@ -113,7 +113,7 @@ Alias: \fBdelent\fP
 .INDENT 0.0
 .INDENT 3.5
 \fBadd_entry\fP {\fB\-key\fP|\fB\-password\fP} \fB\-p\fP \fIprincipal\fP
-\fB\-k\fP \fIkvno\fP \fB\-e\fP \fIenctype\fP
+\fB\-k\fP \fIkvno\fP \fB\-e\fP \fIenctype\fP [\fB\-s\fP \fIsalt\fP]
 .UNINDENT
 .UNINDENT
 .sp

More information about the cvs-krb5 mailing list