1 /* 2 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 #pragma ident "%Z%%M% %I% %E% SMI" 7 8 /* 9 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 10 * 11 * Openvision retains the copyright to derivative works of 12 * this source code. Do *NOT* create a derivative of this 13 * source code before consulting with your legal department. 14 * Do *NOT* integrate *ANY* of this source code into another 15 * product before consulting with your legal department. 16 * 17 * For further information, read the top-level Openvision 18 * copyright which is contained in the top-level MIT Kerberos 19 * copyright. 20 * 21 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 22 * 23 */ 24 25 26 /* 27 * admin/stash/kdb5_stash.c 28 * 29 * Copyright 1990 by the Massachusetts Institute of Technology. 30 * All Rights Reserved. 31 * 32 * Export of this software from the United States of America may 33 * require a specific license from the United States Government. 34 * It is the responsibility of any person or organization contemplating 35 * export to obtain such a license before exporting. 36 * 37 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 38 * distribute this software and its documentation for any purpose and 39 * without fee is hereby granted, provided that the above copyright 40 * notice appear in all copies and that both that copyright notice and 41 * this permission notice appear in supporting documentation, and that 42 * the name of M.I.T. not be used in advertising or publicity pertaining 43 * to distribution of the software without specific, written prior 44 * permission. Furthermore if you modify this software you must label 45 * your software as modified software and not distribute it in such a 46 * fashion that it might be confused with the original M.I.T. software. 47 * M.I.T. makes no representations about the suitability of 48 * this software for any purpose. It is provided "as is" without express 49 * or implied warranty. 50 * 51 * 52 * Store the master database key in a file. 53 */ 54 55 /* 56 * Copyright (C) 1998 by the FundsXpress, INC. 57 * 58 * All rights reserved. 59 * 60 * Export of this software from the United States of America may require 61 * a specific license from the United States Government. It is the 62 * responsibility of any person or organization contemplating export to 63 * obtain such a license before exporting. 64 * 65 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 66 * distribute this software and its documentation for any purpose and 67 * without fee is hereby granted, provided that the above copyright 68 * notice appear in all copies and that both that copyright notice and 69 * this permission notice appear in supporting documentation, and that 70 * the name of FundsXpress. not be used in advertising or publicity pertaining 71 * to distribution of the software without specific, written prior 72 * permission. FundsXpress makes no representations about the suitability of 73 * this software for any purpose. It is provided "as is" without express 74 * or implied warranty. 75 * 76 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 77 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 78 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 79 */ 80 81 82 #define KDB5_DISPATCH 83 #define KRB5_KDB5_DBM__ 84 #include <k5-int.h> 85 /* #define these to avoid an indirection function; for future implementations, 86 these may be redirected from a dispatch table/routine */ 87 #define krb5_dbm_db_set_name krb5_db_set_name 88 #define krb5_dbm_db_set_nonblocking krb5_db_set_nonblocking 89 #define krb5_dbm_db_init krb5_db_init 90 #define krb5_dbm_db_get_age krb5_db_get_age 91 #define krb5_dbm_db_create krb5_db_create 92 #define krb5_dbm_db_rename krb5_db_rename 93 #define krb5_dbm_db_get_principal krb5_db_get_principal 94 #define krb5_dbm_db_free_principal krb5_db_free_principal 95 #define krb5_dbm_db_put_principal krb5_db_put_principal 96 #define krb5_dbm_db_delete_principal krb5_db_delete_principal 97 #define krb5_dbm_db_lock krb5_db_lock 98 #define krb5_dbm_db_unlock krb5_db_unlock 99 #define krb5_dbm_db_set_lockmode krb5_db_set_lockmode 100 #define krb5_dbm_db_close_database krb5_db_close_database 101 #define krb5_dbm_db_open_database krb5_db_open_database 102 103 #include <kadm5/admin.h> 104 #include "com_err.h" 105 #include <kadm5/admin.h> 106 #include <stdio.h> 107 #include <libintl.h> 108 #include "kdb5_util.h" 109 110 extern krb5_principal master_princ; 111 extern kadm5_config_params global_params; 112 113 extern int exit_status; 114 extern int close_policy_db; 115 116 void 117 kdb5_stash(argc, argv) 118 int argc; 119 char *argv[]; 120 { 121 extern char *optarg; 122 extern int optind; 123 int optchar; 124 krb5_error_code retval; 125 char *dbname = (char *) NULL; 126 char *realm = 0; 127 char *mkey_name = 0; 128 char *mkey_fullname; 129 char *keyfile = 0; 130 krb5_context context; 131 krb5_keyblock mkey; 132 133 if (strrchr(argv[0], '/')) 134 argv[0] = strrchr(argv[0], '/')+1; 135 136 /* Tell upwards to close the policy db cause we don't */ 137 close_policy_db = 1; 138 139 krb5_init_context(&context); 140 141 dbname = global_params.dbname; 142 realm = global_params.realm; 143 mkey_name = global_params.mkey_name; 144 keyfile = global_params.stash_file; 145 146 optind = 1; 147 while ((optchar = getopt(argc, argv, "f:")) != -1) { 148 switch(optchar) { 149 case 'f': 150 keyfile = optarg; 151 break; 152 case '?': 153 default: 154 usage(); 155 return; 156 } 157 } 158 159 if (!krb5_c_valid_enctype(global_params.enctype)) { 160 char tmp[32]; 161 162 if (krb5_enctype_to_string(global_params.enctype, 163 tmp, sizeof (tmp))) 164 com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP, 165 gettext("while setting up enctype %d"), 166 global_params.enctype); 167 else 168 com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP, tmp); 169 exit_status++; return; 170 } 171 172 retval = krb5_db_set_name(context, dbname); 173 if (retval) { 174 com_err(argv[0], retval, 175 gettext("while setting active database to '%s'"), 176 dbname); 177 exit_status++; return; 178 } 179 180 /* assemble & parse the master key name */ 181 retval = krb5_db_setup_mkey_name(context, mkey_name, realm, 182 &mkey_fullname, &master_princ); 183 if (retval) { 184 com_err(argv[0], retval, 185 gettext("while setting up master key name")); 186 exit_status++; return; 187 } 188 189 retval = krb5_db_init(context); 190 if (retval) { 191 com_err(argv[0], retval, 192 gettext("while initializing the database '%s'"), 193 dbname); 194 exit_status++; return; 195 } 196 197 /* TRUE here means read the keyboard, but only once */ 198 retval = krb5_db_fetch_mkey(context, master_princ, 199 global_params.enctype, 200 TRUE, FALSE, (char *) NULL, 201 0, &mkey); 202 if (retval) { 203 com_err(argv[0], retval, gettext("while reading master key")); 204 (void) krb5_db_fini(context); 205 exit_status++; return; 206 } 207 208 retval = krb5_db_verify_master_key(context, master_princ, &mkey); 209 if (retval) { 210 com_err(argv[0], retval, gettext("while verifying master key")); 211 krb5_free_keyblock_contents(context, &mkey); 212 (void) krb5_db_fini(context); 213 exit_status++; return; 214 } 215 216 retval = krb5_db_store_mkey(context, keyfile, master_princ, 217 &mkey); 218 if (retval) { 219 com_err(argv[0], errno, gettext("while storing key")); 220 krb5_free_keyblock_contents(context, &mkey); 221 (void) krb5_db_fini(context); 222 exit_status++; return; 223 } 224 krb5_free_keyblock_contents(context, &mkey); 225 226 retval = krb5_db_fini(context); 227 if (retval) { 228 com_err(argv[0], retval, 229 gettext("closing database '%s'"), dbname); 230 exit_status++; return; 231 } 232 233 krb5_free_context(context); 234 exit_status = 0; 235 return; 236 } 237