xref: /freebsd/crypto/krb5/src/kadmin/dbutil/kdb5_stash.c (revision f1c4c3daccbaf3820f0e2224de53df12fc952fcc) 
1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* kadmin/dbutil/kdb5_stash.c - Store the master database key in a file */
3 /*
4  * Copyright 1990 by the Massachusetts Institute of Technology.
5  * All Rights Reserved.
6  *
7  * Export of this software from the United States of America may
8  *   require a specific license from the United States Government.
9  *   It is the responsibility of any person or organization contemplating
10  *   export to obtain such a license before exporting.
11  *
12  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13  * distribute this software and its documentation for any purpose and
14  * without fee is hereby granted, provided that the above copyright
15  * notice appear in all copies and that both that copyright notice and
16  * this permission notice appear in supporting documentation, and that
17  * the name of M.I.T. not be used in advertising or publicity pertaining
18  * to distribution of the software without specific, written prior
19  * permission.  Furthermore if you modify this software you must label
20  * your software as modified software and not distribute it in such a
21  * fashion that it might be confused with the original M.I.T. software.
22  * M.I.T. makes no representations about the suitability of
23  * this software for any purpose.  It is provided "as is" without express
24  * or implied warranty.
25  */
26 /*
27  * Copyright (C) 1998 by the FundsXpress, INC.
28  *
29  * All rights reserved.
30  *
31  * Export of this software from the United States of America may require
32  * a specific license from the United States Government.  It is the
33  * responsibility of any person or organization contemplating export to
34  * obtain such a license before exporting.
35  *
36  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
37  * distribute this software and its documentation for any purpose and
38  * without fee is hereby granted, provided that the above copyright
39  * notice appear in all copies and that both that copyright notice and
40  * this permission notice appear in supporting documentation, and that
41  * the name of FundsXpress. not be used in advertising or publicity pertaining
42  * to distribution of the software without specific, written prior
43  * permission.  FundsXpress makes no representations about the suitability of
44  * this software for any purpose.  It is provided "as is" without express
45  * or implied warranty.
46  *
47  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
48  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
49  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
50  */
51 
52 #include "k5-int.h"
53 #include "com_err.h"
54 #include <kadm5/admin.h>
55 #include <stdio.h>
56 #include "kdb5_util.h"
57 
58 extern krb5_keyblock master_keyblock;
59 extern krb5_principal master_princ;
60 extern kadm5_config_params global_params;
61 
62 extern int exit_status;
63 extern int close_policy_db;
64 
65 void
kdb5_stash(int argc,char * argv[])66 kdb5_stash(int argc, char *argv[])
67 {
68     extern char *optarg;
69     extern int optind;
70     int optchar;
71     krb5_error_code retval;
72     char *keyfile = 0;
73     krb5_kvno mkey_kvno;
74 
75     keyfile = global_params.stash_file;
76 
77     optind = 1;
78     while ((optchar = getopt(argc, argv, "f:")) != -1) {
79         switch(optchar) {
80         case 'f':
81             keyfile = optarg;
82             break;
83         case '?':
84         default:
85             usage();
86             return;
87         }
88     }
89 
90     if (!krb5_c_valid_enctype(master_keyblock.enctype)) {
91         char tmp[32];
92         if (krb5_enctype_to_name(master_keyblock.enctype, FALSE,
93                                  tmp, sizeof(tmp)))
94             com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,
95                     _("while setting up enctype %d"), master_keyblock.enctype);
96         else
97             com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP, "%s", tmp);
98         exit_status++; return;
99     }
100 
101     if (global_params.mask & KADM5_CONFIG_KVNO)
102         mkey_kvno = global_params.kvno; /* user specified */
103     else
104         mkey_kvno = IGNORE_VNO; /* use whatever krb5_db_fetch_mkey finds */
105 
106     if (!valid_master_key) {
107         /* TRUE here means read the keyboard, but only once */
108         retval = krb5_db_fetch_mkey(util_context, master_princ,
109                                     master_keyblock.enctype,
110                                     TRUE, FALSE, (char *) NULL,
111                                     &mkey_kvno,
112                                     NULL, &master_keyblock);
113         if (retval) {
114             com_err(progname, retval, _("while reading master key"));
115             exit_status++; return;
116         }
117 
118         retval = krb5_db_fetch_mkey_list(util_context, master_princ,
119                                          &master_keyblock);
120         if (retval) {
121             com_err(progname, retval, _("while getting master key list"));
122             exit_status++; return;
123         }
124     } else {
125         printf(_("Using existing stashed keys to update stash file.\n"));
126     }
127 
128     retval = krb5_db_store_master_key_list(util_context, keyfile, master_princ,
129                                            NULL);
130     if (retval) {
131         com_err(progname, retval, _("while storing key"));
132         exit_status++; return;
133     }
134 
135     exit_status = 0;
136     return;
137 }
138