1 /* 2 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 /* 7 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 8 * 9 * Openvision retains the copyright to derivative works of 10 * this source code. Do *NOT* create a derivative of this 11 * source code before consulting with your legal department. 12 * Do *NOT* integrate *ANY* of this source code into another 13 * product before consulting with your legal department. 14 * 15 * For further information, read the top-level Openvision 16 * copyright which is contained in the top-level MIT Kerberos 17 * copyright. 18 * 19 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 20 * 21 */ 22 23 24 /* 25 * admin/stash/kdb5_stash.c 26 * 27 * Copyright 1990 by the Massachusetts Institute of Technology. 28 * All Rights Reserved. 29 * 30 * Export of this software from the United States of America may 31 * require a specific license from the United States Government. 32 * It is the responsibility of any person or organization contemplating 33 * export to obtain such a license before exporting. 34 * 35 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 36 * distribute this software and its documentation for any purpose and 37 * without fee is hereby granted, provided that the above copyright 38 * notice appear in all copies and that both that copyright notice and 39 * this permission notice appear in supporting documentation, and that 40 * the name of M.I.T. not be used in advertising or publicity pertaining 41 * to distribution of the software without specific, written prior 42 * permission. Furthermore if you modify this software you must label 43 * your software as modified software and not distribute it in such a 44 * fashion that it might be confused with the original M.I.T. software. 45 * M.I.T. makes no representations about the suitability of 46 * this software for any purpose. It is provided "as is" without express 47 * or implied warranty. 48 * 49 * 50 * Store the master database key in a file. 51 */ 52 53 /* 54 * Copyright (C) 1998 by the FundsXpress, INC. 55 * 56 * All rights reserved. 57 * 58 * Export of this software from the United States of America may require 59 * a specific license from the United States Government. It is the 60 * responsibility of any person or organization contemplating export to 61 * obtain such a license before exporting. 62 * 63 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 64 * distribute this software and its documentation for any purpose and 65 * without fee is hereby granted, provided that the above copyright 66 * notice appear in all copies and that both that copyright notice and 67 * this permission notice appear in supporting documentation, and that 68 * the name of FundsXpress. not be used in advertising or publicity pertaining 69 * to distribution of the software without specific, written prior 70 * permission. FundsXpress makes no representations about the suitability of 71 * this software for any purpose. It is provided "as is" without express 72 * or implied warranty. 73 * 74 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 75 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 76 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 77 */ 78 79 #include "k5-int.h" 80 #include <kadm5/admin.h> 81 #include "com_err.h" 82 #include <kadm5/admin.h> 83 #include <stdio.h> 84 #include <libintl.h> 85 #include "kdb5_util.h" 86 87 extern krb5_principal master_princ; 88 extern kadm5_config_params global_params; 89 90 extern int exit_status; 91 92 void 93 kdb5_stash(argc, argv) 94 int argc; 95 char *argv[]; 96 { 97 extern char *optarg; 98 extern int optind; 99 int optchar; 100 krb5_error_code retval; 101 char *dbname = (char *) NULL; 102 char *realm = 0; 103 char *mkey_name = 0; 104 char *mkey_fullname; 105 char *keyfile = 0; 106 krb5_context context; 107 krb5_keyblock mkey; 108 109 /* Solaris Kerberos */ 110 #if 0 111 if (strrchr(argv[0], '/')) 112 argv[0] = strrchr(argv[0], '/')+1; 113 #endif 114 retval = kadm5_init_krb5_context(&context); 115 if( retval ) 116 { 117 /* Solaris Kerberos */ 118 com_err(progname, retval, "while initializing krb5_context"); 119 exit(1); 120 } 121 122 if ((retval = krb5_set_default_realm(context, 123 util_context->default_realm))) { 124 /* Solaris Kerberos */ 125 com_err(progname, retval, "while setting default realm name"); 126 exit(1); 127 } 128 129 dbname = global_params.dbname; 130 realm = global_params.realm; 131 mkey_name = global_params.mkey_name; 132 keyfile = global_params.stash_file; 133 134 optind = 1; 135 while ((optchar = getopt(argc, argv, "f:")) != -1) { 136 switch(optchar) { 137 case 'f': 138 keyfile = optarg; 139 break; 140 case '?': 141 default: 142 usage(); 143 return; 144 } 145 } 146 147 if (!krb5_c_valid_enctype(global_params.enctype)) { 148 char tmp[32]; 149 if (krb5_enctype_to_string(global_params.enctype, 150 tmp, sizeof (tmp))) 151 /* Solaris Kerberos */ 152 com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP, 153 gettext("while setting up enctype %d"), 154 global_params.enctype); 155 else { 156 /* Solaris Kerberos */ 157 com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP, tmp); 158 } 159 exit_status++; return; 160 } 161 162 /* assemble & parse the master key name */ 163 retval = krb5_db_setup_mkey_name(context, mkey_name, realm, 164 &mkey_fullname, &master_princ); 165 if (retval) { 166 /* Solaris Kerberos */ 167 com_err(progname, retval, 168 gettext("while setting up master key name")); 169 exit_status++; return; 170 } 171 172 retval = krb5_db_open(context, db5util_db_args, 173 KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_OTHER); 174 if (retval) { 175 /* Solaris Kerberos */ 176 com_err(progname, retval, 177 gettext("while initializing the database '%s'"), 178 dbname); 179 exit_status++; return; 180 } 181 182 /* TRUE here means read the keyboard, but only once */ 183 retval = krb5_db_fetch_mkey(context, master_princ, 184 global_params.enctype, 185 TRUE, FALSE, (char *) NULL, 186 0, &mkey); 187 if (retval) { 188 /* Solaris Kerberos */ 189 com_err(progname, retval, gettext("while reading master key")); 190 (void) krb5_db_fini(context); 191 exit_status++; return; 192 } 193 194 retval = krb5_db_verify_master_key(context, master_princ, &mkey); 195 if (retval) { 196 /* Solaris Kerberos */ 197 com_err(progname, retval, gettext("while verifying master key")); 198 krb5_free_keyblock_contents(context, &mkey); 199 (void) krb5_db_fini(context); 200 exit_status++; return; 201 } 202 203 retval = krb5_db_store_master_key(context, keyfile, master_princ, 204 &mkey, NULL); 205 if (retval) { 206 /* Solaris Kerberos */ 207 com_err(progname, errno, gettext("while storing key")); 208 krb5_free_keyblock_contents(context, &mkey); 209 (void) krb5_db_fini(context); 210 exit_status++; return; 211 } 212 krb5_free_keyblock_contents(context, &mkey); 213 214 retval = krb5_db_fini(context); 215 if (retval) { 216 /* Solaris Kerberos */ 217 com_err(progname, retval, 218 gettext("closing database '%s'"), dbname); 219 exit_status++; return; 220 } 221 222 krb5_free_context(context); 223 exit_status = 0; 224 return; 225 } 226