xref: /illumos-gate/usr/src/cmd/krb5/kadmin/dbutil/kdb5_stash.c (revision 55fea89dcaa64928bed4327112404dcb3e07b79f) 
1 /*
2  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 /*
7  * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
8  *
9  *	Openvision retains the copyright to derivative works of
10  *	this source code.  Do *NOT* create a derivative of this
11  *	source code before consulting with your legal department.
12  *	Do *NOT* integrate *ANY* of this source code into another
13  *	product before consulting with your legal department.
14  *
15  *	For further information, read the top-level Openvision
16  *	copyright which is contained in the top-level MIT Kerberos
17  *	copyright.
18  *
19  * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
20  *
21  */
22 
23 
24 /*
25  * admin/stash/kdb5_stash.c
26  *
27  * Copyright 1990 by the Massachusetts Institute of Technology.
28  * All Rights Reserved.
29  *
30  * Export of this software from the United States of America may
31  *   require a specific license from the United States Government.
32  *   It is the responsibility of any person or organization contemplating
33  *   export to obtain such a license before exporting.
34  *
35  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
36  * distribute this software and its documentation for any purpose and
37  * without fee is hereby granted, provided that the above copyright
38  * notice appear in all copies and that both that copyright notice and
39  * this permission notice appear in supporting documentation, and that
40  * the name of M.I.T. not be used in advertising or publicity pertaining
41  * to distribution of the software without specific, written prior
42  * permission.  Furthermore if you modify this software you must label
43  * your software as modified software and not distribute it in such a
44  * fashion that it might be confused with the original M.I.T. software.
45  * M.I.T. makes no representations about the suitability of
46  * this software for any purpose.  It is provided "as is" without express
47  * or implied warranty.
48  *
49  *
50  * Store the master database key in a file.
51  */
52 
53 /*
54  * Copyright (C) 1998 by the FundsXpress, INC.
55  *
56  * All rights reserved.
57  *
58  * Export of this software from the United States of America may require
59  * a specific license from the United States Government.  It is the
60  * responsibility of any person or organization contemplating export to
61  * obtain such a license before exporting.
62  *
63  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
64  * distribute this software and its documentation for any purpose and
65  * without fee is hereby granted, provided that the above copyright
66  * notice appear in all copies and that both that copyright notice and
67  * this permission notice appear in supporting documentation, and that
68  * the name of FundsXpress. not be used in advertising or publicity pertaining
69  * to distribution of the software without specific, written prior
70  * permission.  FundsXpress makes no representations about the suitability of
71  * this software for any purpose.  It is provided "as is" without express
72  * or implied warranty.
73  *
74  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
75  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
76  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
77  */
78 
79 #include "k5-int.h"
80 #include <kadm5/admin.h>
81 #include "com_err.h"
82 #include <kadm5/admin.h>
83 #include <stdio.h>
84 #include <libintl.h>
85 #include "kdb5_util.h"
86 
87 extern krb5_principal master_princ;
88 extern kadm5_config_params global_params;
89 
90 extern int exit_status;
91 
92 void
kdb5_stash(argc,argv)93 kdb5_stash(argc, argv)
94     int argc;
95     char *argv[];
96 {
97     extern char *optarg;
98     extern int optind;
99     int optchar;
100     krb5_error_code retval;
101     char *dbname = (char *) NULL;
102     char *realm = 0;
103     char *mkey_name = 0;
104     char *mkey_fullname;
105     char *keyfile = 0;
106     krb5_context context;
107     krb5_keyblock mkey;
108 
109 /* Solaris Kerberos */
110 #if 0
111     if (strrchr(argv[0], '/'))
112 	argv[0] = strrchr(argv[0], '/')+1;
113 #endif
114     retval = kadm5_init_krb5_context(&context);
115     if( retval )
116     {
117 	/* Solaris Kerberos */
118 	com_err(progname, retval, "while initializing krb5_context");
119 	exit(1);
120     }
121 
122     if ((retval = krb5_set_default_realm(context,
123 					  util_context->default_realm))) {
124 	/* Solaris Kerberos */
125 	com_err(progname, retval, "while setting default realm name");
126 	exit(1);
127     }
128 
129     dbname = global_params.dbname;
130     realm = global_params.realm;
131     mkey_name = global_params.mkey_name;
132     keyfile = global_params.stash_file;
133 
134     optind = 1;
135     while ((optchar = getopt(argc, argv, "f:")) != -1) {
136 	switch(optchar) {
137 	case 'f':
138 	    keyfile = optarg;
139 	    break;
140 	case '?':
141 	default:
142 	    usage();
143 	    return;
144 	}
145     }
146 
147     if (!krb5_c_valid_enctype(global_params.enctype)) {
148 	char tmp[32];
149 	if (krb5_enctype_to_string(global_params.enctype,
150 					    tmp, sizeof (tmp)))
151 	    /* Solaris Kerberos */
152 	    com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,
153 		gettext("while setting up enctype %d"),
154 		global_params.enctype);
155 	else {
156 	    /* Solaris Kerberos */
157 	    com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP, tmp);
158 	}
159 	exit_status++; return;
160     }
161 
162     /* assemble & parse the master key name */
163     retval = krb5_db_setup_mkey_name(context, mkey_name, realm,
164 				     &mkey_fullname, &master_princ);
165     if (retval) {
166 	/* Solaris Kerberos */
167 	com_err(progname, retval,
168 		gettext("while setting up master key name"));
169 	exit_status++; return;
170     }
171 
172     retval = krb5_db_open(context, db5util_db_args,
173 			  KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_OTHER);
174     if (retval) {
175 	/* Solaris Kerberos */
176 	com_err(progname, retval,
177 		gettext("while initializing the database '%s'"),
178 		dbname);
179 	exit_status++; return;
180     }
181 
182     /* TRUE here means read the keyboard, but only once */
183     retval = krb5_db_fetch_mkey(context, master_princ,
184 				global_params.enctype,
185 				TRUE, FALSE, (char *) NULL,
186 				0, &mkey);
187     if (retval) {
188 	/* Solaris Kerberos */
189 	com_err(progname, retval, gettext("while reading master key"));
190 	(void) krb5_db_fini(context);
191 	exit_status++; return;
192     }
193 
194     retval = krb5_db_verify_master_key(context, master_princ, &mkey);
195     if (retval) {
196 	/* Solaris Kerberos */
197 	com_err(progname, retval, gettext("while verifying master key"));
198 	krb5_free_keyblock_contents(context, &mkey);
199 	(void) krb5_db_fini(context);
200 	exit_status++; return;
201     }
202 
203     retval = krb5_db_store_master_key(context, keyfile, master_princ,
204 				    &mkey, NULL);
205     if (retval) {
206 	/* Solaris Kerberos */
207 	com_err(progname, errno, gettext("while storing key"));
208 	krb5_free_keyblock_contents(context, &mkey);
209 	(void) krb5_db_fini(context);
210 	exit_status++; return;
211     }
212     krb5_free_keyblock_contents(context, &mkey);
213 
214     retval = krb5_db_fini(context);
215     if (retval) {
216 	/* Solaris Kerberos */
217 	com_err(progname, retval,
218 		gettext("closing database '%s'"), dbname);
219 	exit_status++; return;
220     }
221 
222     krb5_free_context(context);
223     exit_status = 0;
224     return;
225 }
226