1 /* 2 * Copyright (c) 1997-1999 Kungliga Tekniska H�gskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #include "headers.h" 35 36 RCSID("$Id: kstash.c,v 1.10 1999/11/13 04:14:17 assar Exp $"); 37 38 krb5_context context; 39 40 char *keyfile = HDB_DB_DIR "/m-key"; 41 char *v4_keyfile; 42 int convert_flag; 43 int help_flag; 44 int version_flag; 45 46 struct getargs args[] = { 47 { "key-file", 'k', arg_string, &keyfile, "master key file", "file" }, 48 { "version4-key-file", '4', arg_string, &v4_keyfile, 49 "kerberos 4 master key file", "file" }, 50 { "convert-file", 0, arg_flag, &convert_flag, 51 "convert keytype of keyfile" }, 52 { "help", 'h', arg_flag, &help_flag }, 53 { "version", 0, arg_flag, &version_flag } 54 }; 55 56 int num_args = sizeof(args) / sizeof(args[0]); 57 58 static void 59 write_keyfile(EncryptionKey key) 60 { 61 FILE *f; 62 char buf[1024]; 63 size_t len; 64 65 #ifdef HAVE_UMASK 66 umask(077); 67 #endif 68 69 f = fopen(keyfile, "w"); 70 if(f == NULL) 71 krb5_err(context, 1, errno, "%s", keyfile); 72 encode_EncryptionKey((unsigned char *)buf + sizeof(buf) - 1, 73 sizeof(buf), &key, &len); 74 fwrite(buf + sizeof(buf) - len, len, 1, f); 75 memset(buf, 0, sizeof(buf)); 76 if(ferror(f)) { 77 int e = errno; 78 unlink(keyfile); 79 krb5_err(context, 1, e, "%s", keyfile); 80 } 81 fclose(f); 82 chmod(keyfile, 0400); 83 } 84 85 static int 86 convert_file(void) 87 { 88 FILE *f; 89 unsigned char buf[1024]; 90 char *fn; 91 size_t len; 92 EncryptionKey key; 93 krb5_error_code ret; 94 95 f = fopen(keyfile, "r"); 96 if(f == NULL) { 97 krb5_warn(context, errno, "%s", keyfile); 98 return 1; 99 } 100 len = fread(buf, 1, sizeof(buf), f); 101 if(ferror(f)) { 102 krb5_warn(context, errno, "fread"); 103 ret = 1; 104 goto out1; 105 } 106 fclose(f); 107 ret = decode_EncryptionKey(buf, len, &key, &len); 108 memset(buf, 0, sizeof(buf)); 109 if(ret) { 110 krb5_warn(context, ret, "decode_EncryptionKey"); 111 goto out2; 112 } 113 if(key.keytype == KEYTYPE_DES) 114 key.keytype = ETYPE_DES_CBC_MD5; 115 else if(key.keytype == ETYPE_DES_CBC_MD5) { 116 krb5_warnx(context, "keyfile already converted"); 117 ret = 0; 118 goto out2; 119 } else { 120 krb5_warnx(context, "bad encryption key type (%d)", key.keytype); 121 ret = 1; 122 goto out2; 123 } 124 asprintf(&fn, "%s.old", keyfile); 125 if(fn == NULL) { 126 krb5_warn(context, ENOMEM, "malloc"); 127 ret = 1; 128 goto out1; 129 } 130 if(rename(keyfile, fn) < 0) { 131 krb5_warn(context, errno, "rename"); 132 ret = 1; 133 goto out1; 134 } 135 write_keyfile(key); 136 krb5_free_keyblock_contents(context, &key); 137 return 0; 138 out1: 139 memset(buf, 0, sizeof(buf)); 140 return ret ? 1 : 0; 141 out2: 142 krb5_free_keyblock_contents(context, &key); 143 return ret ? 1 : 0; 144 } 145 146 int 147 main(int argc, char **argv) 148 { 149 char buf[1024]; 150 EncryptionKey key; 151 FILE *f; 152 153 krb5_program_setup(&context, argc, argv, args, num_args, NULL); 154 155 if(help_flag) 156 krb5_std_usage(0, args, num_args); 157 if(version_flag){ 158 print_version(NULL); 159 exit(0); 160 } 161 162 if(convert_flag) 163 exit(convert_file()); 164 165 key.keytype = ETYPE_DES_CBC_MD5; /* XXX */ 166 if(v4_keyfile) { 167 f = fopen(v4_keyfile, "r"); 168 if(f == NULL) 169 krb5_err(context, 1, errno, "fopen(%s)", v4_keyfile); 170 key.keyvalue.length = sizeof(des_cblock); 171 key.keyvalue.data = malloc(key.keyvalue.length); 172 fread(key.keyvalue.data, 1, key.keyvalue.length, f); 173 fclose(f); 174 } else { 175 krb5_salt salt; 176 salt.salttype = KRB5_PW_SALT; 177 /* XXX better value? */ 178 salt.saltvalue.data = NULL; 179 salt.saltvalue.length = 0; 180 if(des_read_pw_string(buf, sizeof(buf), "Master key: ", 1)) 181 exit(1); 182 krb5_string_to_key_salt(context, key.keytype, buf, salt, &key); 183 } 184 185 write_keyfile(key); 186 krb5_free_keyblock_contents(context, &key); 187 exit(0); 188 } 189