xref: /titanic_41/usr/src/cmd/krb5/kadmin/dbutil/kdb5_stash.c (revision b02e9a2d4d2071d770e5aa9ae8f83f2bbe1f2ced) 
1 /*
2  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 #pragma ident	"%Z%%M%	%I%	%E% SMI"
7 
8 /*
9  * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
10  *
11  *	Openvision retains the copyright to derivative works of
12  *	this source code.  Do *NOT* create a derivative of this
13  *	source code before consulting with your legal department.
14  *	Do *NOT* integrate *ANY* of this source code into another
15  *	product before consulting with your legal department.
16  *
17  *	For further information, read the top-level Openvision
18  *	copyright which is contained in the top-level MIT Kerberos
19  *	copyright.
20  *
21  * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
22  *
23  */
24 
25 
26 /*
27  * admin/stash/kdb5_stash.c
28  *
29  * Copyright 1990 by the Massachusetts Institute of Technology.
30  * All Rights Reserved.
31  *
32  * Export of this software from the United States of America may
33  *   require a specific license from the United States Government.
34  *   It is the responsibility of any person or organization contemplating
35  *   export to obtain such a license before exporting.
36  *
37  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
38  * distribute this software and its documentation for any purpose and
39  * without fee is hereby granted, provided that the above copyright
40  * notice appear in all copies and that both that copyright notice and
41  * this permission notice appear in supporting documentation, and that
42  * the name of M.I.T. not be used in advertising or publicity pertaining
43  * to distribution of the software without specific, written prior
44  * permission.  Furthermore if you modify this software you must label
45  * your software as modified software and not distribute it in such a
46  * fashion that it might be confused with the original M.I.T. software.
47  * M.I.T. makes no representations about the suitability of
48  * this software for any purpose.  It is provided "as is" without express
49  * or implied warranty.
50  *
51  *
52  * Store the master database key in a file.
53  */
54 
55 /*
56  * Copyright (C) 1998 by the FundsXpress, INC.
57  *
58  * All rights reserved.
59  *
60  * Export of this software from the United States of America may require
61  * a specific license from the United States Government.  It is the
62  * responsibility of any person or organization contemplating export to
63  * obtain such a license before exporting.
64  *
65  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
66  * distribute this software and its documentation for any purpose and
67  * without fee is hereby granted, provided that the above copyright
68  * notice appear in all copies and that both that copyright notice and
69  * this permission notice appear in supporting documentation, and that
70  * the name of FundsXpress. not be used in advertising or publicity pertaining
71  * to distribution of the software without specific, written prior
72  * permission.  FundsXpress makes no representations about the suitability of
73  * this software for any purpose.  It is provided "as is" without express
74  * or implied warranty.
75  *
76  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
77  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
78  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
79  */
80 
81 
82 #include <k5-int.h>
83 #include <kadm5/admin.h>
84 #include "com_err.h"
85 #include <kadm5/admin.h>
86 #include <stdio.h>
87 #include <libintl.h>
88 #include "kdb5_util.h"
89 
90 extern krb5_principal master_princ;
91 extern kadm5_config_params global_params;
92 
93 extern int exit_status;
94 
95 void
96 kdb5_stash(argc, argv)
97     int argc;
98     char *argv[];
99 {
100     extern char *optarg;
101     extern int optind;
102     int optchar;
103     krb5_error_code retval;
104     char *dbname = (char *) NULL;
105     char *realm = 0;
106     char *mkey_name = 0;
107     char *mkey_fullname;
108     char *keyfile = 0;
109     krb5_context context;
110     krb5_keyblock mkey;
111 
112     if (strrchr(argv[0], '/'))
113 	argv[0] = strrchr(argv[0], '/')+1;
114 
115     retval = kadm5_init_krb5_context(&context);
116     if( retval )
117     {
118 	com_err(argv[0], retval, "while initializing krb5_context");
119 	exit(1);
120     }
121 
122     if ((retval = krb5_set_default_realm(context,
123 					  util_context->default_realm))) {
124 	com_err(argv[0], retval, "while setting default realm name");
125 	exit(1);
126     }
127 
128     dbname = global_params.dbname;
129     realm = global_params.realm;
130     mkey_name = global_params.mkey_name;
131     keyfile = global_params.stash_file;
132 
133     optind = 1;
134     while ((optchar = getopt(argc, argv, "f:")) != -1) {
135 	switch(optchar) {
136 	case 'f':
137 	    keyfile = optarg;
138 	    break;
139 	case '?':
140 	default:
141 	    usage();
142 	    return;
143 	}
144     }
145 
146     if (!krb5_c_valid_enctype(global_params.enctype)) {
147 	char tmp[32];
148 
149 	if (krb5_enctype_to_string(global_params.enctype,
150 					    tmp, sizeof (tmp)))
151 	    com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP,
152 		gettext("while setting up enctype %d"),
153 		global_params.enctype);
154 	else
155 	    com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP, tmp);
156 	exit_status++; return;
157     }
158 
159     /* assemble & parse the master key name */
160     retval = krb5_db_setup_mkey_name(context, mkey_name, realm,
161 				     &mkey_fullname, &master_princ);
162     if (retval) {
163 	com_err(argv[0], retval,
164 		gettext("while setting up master key name"));
165 	exit_status++; return;
166     }
167 
168     retval = krb5_db_open(context, db5util_db_args,
169 			  KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_OTHER);
170     if (retval) {
171 	com_err(argv[0], retval,
172 		gettext("while initializing the database '%s'"),
173 		dbname);
174 	exit_status++; return;
175     }
176 
177     /* TRUE here means read the keyboard, but only once */
178     retval = krb5_db_fetch_mkey(context, master_princ,
179 				global_params.enctype,
180 				TRUE, FALSE, (char *) NULL,
181 				0, &mkey);
182     if (retval) {
183 	com_err(argv[0], retval, gettext("while reading master key"));
184 	(void) krb5_db_fini(context);
185 	exit_status++; return;
186     }
187 
188     retval = krb5_db_verify_master_key(context, master_princ, &mkey);
189     if (retval) {
190 	com_err(argv[0], retval, gettext("while verifying master key"));
191 	krb5_free_keyblock_contents(context, &mkey);
192 	(void) krb5_db_fini(context);
193 	exit_status++; return;
194     }
195 
196     retval = krb5_db_store_master_key(context, keyfile, master_princ,
197 				    &mkey, NULL);
198     if (retval) {
199 	com_err(argv[0], errno, gettext("while storing key"));
200 	krb5_free_keyblock_contents(context, &mkey);
201 	(void) krb5_db_fini(context);
202 	exit_status++; return;
203     }
204     krb5_free_keyblock_contents(context, &mkey);
205 
206     retval = krb5_db_fini(context);
207     if (retval) {
208 	com_err(argv[0], retval,
209 		gettext("closing database '%s'"), dbname);
210 	exit_status++; return;
211     }
212 
213     krb5_free_context(context);
214     exit_status = 0;
215     return;
216 }
217