xref: /freebsd/crypto/krb5/src/kadmin/dbutil/kdb5_stash.c (revision 4b15965daa99044daf184221b7c283bf7f2d7e66) 
1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* kadmin/dbutil/kdb5_stash.c - Store the master database key in a file */
3 /*
4  * Copyright 1990 by the Massachusetts Institute of Technology.
5  * All Rights Reserved.
6  *
7  * Export of this software from the United States of America may
8  *   require a specific license from the United States Government.
9  *   It is the responsibility of any person or organization contemplating
10  *   export to obtain such a license before exporting.
11  *
12  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13  * distribute this software and its documentation for any purpose and
14  * without fee is hereby granted, provided that the above copyright
15  * notice appear in all copies and that both that copyright notice and
16  * this permission notice appear in supporting documentation, and that
17  * the name of M.I.T. not be used in advertising or publicity pertaining
18  * to distribution of the software without specific, written prior
19  * permission.  Furthermore if you modify this software you must label
20  * your software as modified software and not distribute it in such a
21  * fashion that it might be confused with the original M.I.T. software.
22  * M.I.T. makes no representations about the suitability of
23  * this software for any purpose.  It is provided "as is" without express
24  * or implied warranty.
25  */
26 /*
27  * Copyright (C) 1998 by the FundsXpress, INC.
28  *
29  * All rights reserved.
30  *
31  * Export of this software from the United States of America may require
32  * a specific license from the United States Government.  It is the
33  * responsibility of any person or organization contemplating export to
34  * obtain such a license before exporting.
35  *
36  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
37  * distribute this software and its documentation for any purpose and
38  * without fee is hereby granted, provided that the above copyright
39  * notice appear in all copies and that both that copyright notice and
40  * this permission notice appear in supporting documentation, and that
41  * the name of FundsXpress. not be used in advertising or publicity pertaining
42  * to distribution of the software without specific, written prior
43  * permission.  FundsXpress makes no representations about the suitability of
44  * this software for any purpose.  It is provided "as is" without express
45  * or implied warranty.
46  *
47  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
48  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
49  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
50  */
51 
52 #include "k5-int.h"
53 #include "com_err.h"
54 #include <kadm5/admin.h>
55 #include <stdio.h>
56 #include "kdb5_util.h"
57 
58 extern krb5_keyblock master_keyblock;
59 extern krb5_principal master_princ;
60 extern kadm5_config_params global_params;
61 
62 extern int exit_status;
63 extern int close_policy_db;
64 
65 void
66 kdb5_stash(argc, argv)
67     int argc;
68     char *argv[];
69 {
70     extern char *optarg;
71     extern int optind;
72     int optchar;
73     krb5_error_code retval;
74     char *keyfile = 0;
75     krb5_kvno mkey_kvno;
76 
77     keyfile = global_params.stash_file;
78 
79     optind = 1;
80     while ((optchar = getopt(argc, argv, "f:")) != -1) {
81         switch(optchar) {
82         case 'f':
83             keyfile = optarg;
84             break;
85         case '?':
86         default:
87             usage();
88             return;
89         }
90     }
91 
92     if (!krb5_c_valid_enctype(master_keyblock.enctype)) {
93         char tmp[32];
94         if (krb5_enctype_to_name(master_keyblock.enctype, FALSE,
95                                  tmp, sizeof(tmp)))
96             com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,
97                     _("while setting up enctype %d"), master_keyblock.enctype);
98         else
99             com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP, "%s", tmp);
100         exit_status++; return;
101     }
102 
103     if (global_params.mask & KADM5_CONFIG_KVNO)
104         mkey_kvno = global_params.kvno; /* user specified */
105     else
106         mkey_kvno = IGNORE_VNO; /* use whatever krb5_db_fetch_mkey finds */
107 
108     if (!valid_master_key) {
109         /* TRUE here means read the keyboard, but only once */
110         retval = krb5_db_fetch_mkey(util_context, master_princ,
111                                     master_keyblock.enctype,
112                                     TRUE, FALSE, (char *) NULL,
113                                     &mkey_kvno,
114                                     NULL, &master_keyblock);
115         if (retval) {
116             com_err(progname, retval, _("while reading master key"));
117             exit_status++; return;
118         }
119 
120         retval = krb5_db_fetch_mkey_list(util_context, master_princ,
121                                          &master_keyblock);
122         if (retval) {
123             com_err(progname, retval, _("while getting master key list"));
124             exit_status++; return;
125         }
126     } else {
127         printf(_("Using existing stashed keys to update stash file.\n"));
128     }
129 
130     retval = krb5_db_store_master_key_list(util_context, keyfile, master_princ,
131                                            NULL);
132     if (retval) {
133         com_err(progname, retval, _("while storing key"));
134         exit_status++; return;
135     }
136 
137     exit_status = 0;
138     return;
139 }
140