xref: /illumos-gate/usr/src/cmd/krb5/kadmin/dbutil/kdb5_stash.c (revision 1b8adde7ba7d5e04395c141c5400dc2cffd7d809) 
1 /*
2  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 
7 /*
8  * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
9  *
10  *	Openvision retains the copyright to derivative works of
11  *	this source code.  Do *NOT* create a derivative of this
12  *	source code before consulting with your legal department.
13  *	Do *NOT* integrate *ANY* of this source code into another
14  *	product before consulting with your legal department.
15  *
16  *	For further information, read the top-level Openvision
17  *	copyright which is contained in the top-level MIT Kerberos
18  *	copyright.
19  *
20  * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
21  *
22  */
23 
24 
25 /*
26  * admin/stash/kdb5_stash.c
27  *
28  * Copyright 1990 by the Massachusetts Institute of Technology.
29  * All Rights Reserved.
30  *
31  * Export of this software from the United States of America may
32  *   require a specific license from the United States Government.
33  *   It is the responsibility of any person or organization contemplating
34  *   export to obtain such a license before exporting.
35  *
36  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
37  * distribute this software and its documentation for any purpose and
38  * without fee is hereby granted, provided that the above copyright
39  * notice appear in all copies and that both that copyright notice and
40  * this permission notice appear in supporting documentation, and that
41  * the name of M.I.T. not be used in advertising or publicity pertaining
42  * to distribution of the software without specific, written prior
43  * permission.  Furthermore if you modify this software you must label
44  * your software as modified software and not distribute it in such a
45  * fashion that it might be confused with the original M.I.T. software.
46  * M.I.T. makes no representations about the suitability of
47  * this software for any purpose.  It is provided "as is" without express
48  * or implied warranty.
49  *
50  *
51  * Store the master database key in a file.
52  */
53 
54 /*
55  * Copyright (C) 1998 by the FundsXpress, INC.
56  *
57  * All rights reserved.
58  *
59  * Export of this software from the United States of America may require
60  * a specific license from the United States Government.  It is the
61  * responsibility of any person or organization contemplating export to
62  * obtain such a license before exporting.
63  *
64  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
65  * distribute this software and its documentation for any purpose and
66  * without fee is hereby granted, provided that the above copyright
67  * notice appear in all copies and that both that copyright notice and
68  * this permission notice appear in supporting documentation, and that
69  * the name of FundsXpress. not be used in advertising or publicity pertaining
70  * to distribution of the software without specific, written prior
71  * permission.  FundsXpress makes no representations about the suitability of
72  * this software for any purpose.  It is provided "as is" without express
73  * or implied warranty.
74  *
75  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
76  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
77  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
78  */
79 
80 #include "k5-int.h"
81 #include <kadm5/admin.h>
82 #include "com_err.h"
83 #include <kadm5/admin.h>
84 #include <stdio.h>
85 #include <libintl.h>
86 #include "kdb5_util.h"
87 
88 extern krb5_principal master_princ;
89 extern kadm5_config_params global_params;
90 
91 extern int exit_status;
92 
93 void
94 kdb5_stash(argc, argv)
95     int argc;
96     char *argv[];
97 {
98     extern char *optarg;
99     extern int optind;
100     int optchar;
101     krb5_error_code retval;
102     char *dbname = (char *) NULL;
103     char *realm = 0;
104     char *mkey_name = 0;
105     char *mkey_fullname;
106     char *keyfile = 0;
107     krb5_context context;
108     krb5_keyblock mkey;
109 
110     if (strrchr(argv[0], '/'))
111 	argv[0] = strrchr(argv[0], '/')+1;
112 
113     retval = kadm5_init_krb5_context(&context);
114     if( retval )
115     {
116 	com_err(argv[0], retval, "while initializing krb5_context");
117 	exit(1);
118     }
119 
120     if ((retval = krb5_set_default_realm(context,
121 					  util_context->default_realm))) {
122 	com_err(argv[0], retval, "while setting default realm name");
123 	exit(1);
124     }
125 
126     dbname = global_params.dbname;
127     realm = global_params.realm;
128     mkey_name = global_params.mkey_name;
129     keyfile = global_params.stash_file;
130 
131     optind = 1;
132     while ((optchar = getopt(argc, argv, "f:")) != -1) {
133 	switch(optchar) {
134 	case 'f':
135 	    keyfile = optarg;
136 	    break;
137 	case '?':
138 	default:
139 	    usage();
140 	    return;
141 	}
142     }
143 
144     if (!krb5_c_valid_enctype(global_params.enctype)) {
145 	char tmp[32];
146 	if (krb5_enctype_to_string(global_params.enctype,
147 					    tmp, sizeof (tmp)))
148 	    com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP,
149 		gettext("while setting up enctype %d"),
150 		global_params.enctype);
151 	else
152 	    com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP, tmp);
153 	exit_status++; return;
154     }
155 
156     /* assemble & parse the master key name */
157     retval = krb5_db_setup_mkey_name(context, mkey_name, realm,
158 				     &mkey_fullname, &master_princ);
159     if (retval) {
160 	com_err(argv[0], retval,
161 		gettext("while setting up master key name"));
162 	exit_status++; return;
163     }
164 
165     retval = krb5_db_open(context, db5util_db_args,
166 			  KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_OTHER);
167     if (retval) {
168 	com_err(argv[0], retval,
169 		gettext("while initializing the database '%s'"),
170 		dbname);
171 	exit_status++; return;
172     }
173 
174     /* TRUE here means read the keyboard, but only once */
175     retval = krb5_db_fetch_mkey(context, master_princ,
176 				global_params.enctype,
177 				TRUE, FALSE, (char *) NULL,
178 				0, &mkey);
179     if (retval) {
180 	com_err(argv[0], retval, gettext("while reading master key"));
181 	(void) krb5_db_fini(context);
182 	exit_status++; return;
183     }
184 
185     retval = krb5_db_verify_master_key(context, master_princ, &mkey);
186     if (retval) {
187 	com_err(argv[0], retval, gettext("while verifying master key"));
188 	krb5_free_keyblock_contents(context, &mkey);
189 	(void) krb5_db_fini(context);
190 	exit_status++; return;
191     }
192 
193     retval = krb5_db_store_master_key(context, keyfile, master_princ,
194 				    &mkey, NULL);
195     if (retval) {
196 	com_err(argv[0], errno, gettext("while storing key"));
197 	krb5_free_keyblock_contents(context, &mkey);
198 	(void) krb5_db_fini(context);
199 	exit_status++; return;
200     }
201     krb5_free_keyblock_contents(context, &mkey);
202 
203     retval = krb5_db_fini(context);
204     if (retval) {
205 	com_err(argv[0], retval,
206 		gettext("closing database '%s'"), dbname);
207 	exit_status++; return;
208     }
209 
210     krb5_free_context(context);
211     exit_status = 0;
212     return;
213 }
214