17c478bd9Sstevel@tonic-gate /* 2159d09a2SMark Phalan * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 37c478bd9Sstevel@tonic-gate * Use is subject to license terms. 47c478bd9Sstevel@tonic-gate */ 57c478bd9Sstevel@tonic-gate 67c478bd9Sstevel@tonic-gate /* 77c478bd9Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 87c478bd9Sstevel@tonic-gate * 97c478bd9Sstevel@tonic-gate * Openvision retains the copyright to derivative works of 107c478bd9Sstevel@tonic-gate * this source code. Do *NOT* create a derivative of this 117c478bd9Sstevel@tonic-gate * source code before consulting with your legal department. 127c478bd9Sstevel@tonic-gate * Do *NOT* integrate *ANY* of this source code into another 137c478bd9Sstevel@tonic-gate * product before consulting with your legal department. 147c478bd9Sstevel@tonic-gate * 157c478bd9Sstevel@tonic-gate * For further information, read the top-level Openvision 167c478bd9Sstevel@tonic-gate * copyright which is contained in the top-level MIT Kerberos 177c478bd9Sstevel@tonic-gate * copyright. 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 207c478bd9Sstevel@tonic-gate * 217c478bd9Sstevel@tonic-gate */ 227c478bd9Sstevel@tonic-gate 237c478bd9Sstevel@tonic-gate 247c478bd9Sstevel@tonic-gate /* 257c478bd9Sstevel@tonic-gate * admin/stash/kdb5_stash.c 267c478bd9Sstevel@tonic-gate * 277c478bd9Sstevel@tonic-gate * Copyright 1990 by the Massachusetts Institute of Technology. 287c478bd9Sstevel@tonic-gate * All Rights Reserved. 297c478bd9Sstevel@tonic-gate * 307c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may 317c478bd9Sstevel@tonic-gate * require a specific license from the United States Government. 327c478bd9Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating 337c478bd9Sstevel@tonic-gate * export to obtain such a license before exporting. 347c478bd9Sstevel@tonic-gate * 357c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 367c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and 377c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright 387c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and 397c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that 407c478bd9Sstevel@tonic-gate * the name of M.I.T. not be used in advertising or publicity pertaining 417c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior 427c478bd9Sstevel@tonic-gate * permission. Furthermore if you modify this software you must label 437c478bd9Sstevel@tonic-gate * your software as modified software and not distribute it in such a 447c478bd9Sstevel@tonic-gate * fashion that it might be confused with the original M.I.T. software. 457c478bd9Sstevel@tonic-gate * M.I.T. makes no representations about the suitability of 467c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express 477c478bd9Sstevel@tonic-gate * or implied warranty. 487c478bd9Sstevel@tonic-gate * 497c478bd9Sstevel@tonic-gate * 507c478bd9Sstevel@tonic-gate * Store the master database key in a file. 517c478bd9Sstevel@tonic-gate */ 527c478bd9Sstevel@tonic-gate 5356a424ccSmp153739 /* 5456a424ccSmp153739 * Copyright (C) 1998 by the FundsXpress, INC. 5556a424ccSmp153739 * 5656a424ccSmp153739 * All rights reserved. 5756a424ccSmp153739 * 5856a424ccSmp153739 * Export of this software from the United States of America may require 5956a424ccSmp153739 * a specific license from the United States Government. It is the 6056a424ccSmp153739 * responsibility of any person or organization contemplating export to 6156a424ccSmp153739 * obtain such a license before exporting. 6256a424ccSmp153739 * 6356a424ccSmp153739 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 6456a424ccSmp153739 * distribute this software and its documentation for any purpose and 6556a424ccSmp153739 * without fee is hereby granted, provided that the above copyright 6656a424ccSmp153739 * notice appear in all copies and that both that copyright notice and 6756a424ccSmp153739 * this permission notice appear in supporting documentation, and that 6856a424ccSmp153739 * the name of FundsXpress. not be used in advertising or publicity pertaining 6956a424ccSmp153739 * to distribution of the software without specific, written prior 7056a424ccSmp153739 * permission. FundsXpress makes no representations about the suitability of 7156a424ccSmp153739 * this software for any purpose. It is provided "as is" without express 7256a424ccSmp153739 * or implied warranty. 7356a424ccSmp153739 * 7456a424ccSmp153739 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 7556a424ccSmp153739 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 7656a424ccSmp153739 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 7756a424ccSmp153739 */ 7856a424ccSmp153739 79159d09a2SMark Phalan #include "k5-int.h" 807c478bd9Sstevel@tonic-gate #include <kadm5/admin.h> 817c478bd9Sstevel@tonic-gate #include "com_err.h" 827c478bd9Sstevel@tonic-gate #include <kadm5/admin.h> 837c478bd9Sstevel@tonic-gate #include <stdio.h> 847c478bd9Sstevel@tonic-gate #include <libintl.h> 8556a424ccSmp153739 #include "kdb5_util.h" 867c478bd9Sstevel@tonic-gate 877c478bd9Sstevel@tonic-gate extern krb5_principal master_princ; 887c478bd9Sstevel@tonic-gate extern kadm5_config_params global_params; 897c478bd9Sstevel@tonic-gate 907c478bd9Sstevel@tonic-gate extern int exit_status; 917c478bd9Sstevel@tonic-gate 927c478bd9Sstevel@tonic-gate void 937c478bd9Sstevel@tonic-gate kdb5_stash(argc, argv) 947c478bd9Sstevel@tonic-gate int argc; 957c478bd9Sstevel@tonic-gate char *argv[]; 967c478bd9Sstevel@tonic-gate { 977c478bd9Sstevel@tonic-gate extern char *optarg; 987c478bd9Sstevel@tonic-gate extern int optind; 997c478bd9Sstevel@tonic-gate int optchar; 1007c478bd9Sstevel@tonic-gate krb5_error_code retval; 1017c478bd9Sstevel@tonic-gate char *dbname = (char *) NULL; 1027c478bd9Sstevel@tonic-gate char *realm = 0; 1037c478bd9Sstevel@tonic-gate char *mkey_name = 0; 1047c478bd9Sstevel@tonic-gate char *mkey_fullname; 1057c478bd9Sstevel@tonic-gate char *keyfile = 0; 1067c478bd9Sstevel@tonic-gate krb5_context context; 1077c478bd9Sstevel@tonic-gate krb5_keyblock mkey; 1087c478bd9Sstevel@tonic-gate 109*dd9ccd46S /* Solaris Kerberos */ 110*dd9ccd46S #if 0 1117c478bd9Sstevel@tonic-gate if (strrchr(argv[0], '/')) 1127c478bd9Sstevel@tonic-gate argv[0] = strrchr(argv[0], '/')+1; 113*dd9ccd46S #endif 11454925bf6Swillf retval = kadm5_init_krb5_context(&context); 11554925bf6Swillf if( retval ) 11654925bf6Swillf { 117*dd9ccd46S /* Solaris Kerberos */ 118*dd9ccd46S com_err(progname, retval, "while initializing krb5_context"); 11954925bf6Swillf exit(1); 12054925bf6Swillf } 1217c478bd9Sstevel@tonic-gate 12254925bf6Swillf if ((retval = krb5_set_default_realm(context, 12354925bf6Swillf util_context->default_realm))) { 124*dd9ccd46S /* Solaris Kerberos */ 125*dd9ccd46S com_err(progname, retval, "while setting default realm name"); 12654925bf6Swillf exit(1); 12754925bf6Swillf } 1287c478bd9Sstevel@tonic-gate 1297c478bd9Sstevel@tonic-gate dbname = global_params.dbname; 1307c478bd9Sstevel@tonic-gate realm = global_params.realm; 1317c478bd9Sstevel@tonic-gate mkey_name = global_params.mkey_name; 1327c478bd9Sstevel@tonic-gate keyfile = global_params.stash_file; 1337c478bd9Sstevel@tonic-gate 1347c478bd9Sstevel@tonic-gate optind = 1; 1357c478bd9Sstevel@tonic-gate while ((optchar = getopt(argc, argv, "f:")) != -1) { 1367c478bd9Sstevel@tonic-gate switch(optchar) { 1377c478bd9Sstevel@tonic-gate case 'f': 1387c478bd9Sstevel@tonic-gate keyfile = optarg; 1397c478bd9Sstevel@tonic-gate break; 1407c478bd9Sstevel@tonic-gate case '?': 1417c478bd9Sstevel@tonic-gate default: 1427c478bd9Sstevel@tonic-gate usage(); 1437c478bd9Sstevel@tonic-gate return; 1447c478bd9Sstevel@tonic-gate } 1457c478bd9Sstevel@tonic-gate } 1467c478bd9Sstevel@tonic-gate 147505d05c7Sgtb if (!krb5_c_valid_enctype(global_params.enctype)) { 1487c478bd9Sstevel@tonic-gate char tmp[32]; 1497c478bd9Sstevel@tonic-gate if (krb5_enctype_to_string(global_params.enctype, 1507c478bd9Sstevel@tonic-gate tmp, sizeof (tmp))) 151*dd9ccd46S /* Solaris Kerberos */ 152*dd9ccd46S com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP, 1537c478bd9Sstevel@tonic-gate gettext("while setting up enctype %d"), 1547c478bd9Sstevel@tonic-gate global_params.enctype); 155*dd9ccd46S else { 156*dd9ccd46S /* Solaris Kerberos */ 157*dd9ccd46S com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP, tmp); 158*dd9ccd46S } 15956a424ccSmp153739 exit_status++; return; 1607c478bd9Sstevel@tonic-gate } 1617c478bd9Sstevel@tonic-gate 1627c478bd9Sstevel@tonic-gate /* assemble & parse the master key name */ 16356a424ccSmp153739 retval = krb5_db_setup_mkey_name(context, mkey_name, realm, 16456a424ccSmp153739 &mkey_fullname, &master_princ); 16556a424ccSmp153739 if (retval) { 166*dd9ccd46S /* Solaris Kerberos */ 167*dd9ccd46S com_err(progname, retval, 1687c478bd9Sstevel@tonic-gate gettext("while setting up master key name")); 16956a424ccSmp153739 exit_status++; return; 1707c478bd9Sstevel@tonic-gate } 17156a424ccSmp153739 17254925bf6Swillf retval = krb5_db_open(context, db5util_db_args, 17354925bf6Swillf KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_OTHER); 17456a424ccSmp153739 if (retval) { 175*dd9ccd46S /* Solaris Kerberos */ 176*dd9ccd46S com_err(progname, retval, 1777c478bd9Sstevel@tonic-gate gettext("while initializing the database '%s'"), 1787c478bd9Sstevel@tonic-gate dbname); 17956a424ccSmp153739 exit_status++; return; 1807c478bd9Sstevel@tonic-gate } 1817c478bd9Sstevel@tonic-gate 1827c478bd9Sstevel@tonic-gate /* TRUE here means read the keyboard, but only once */ 18356a424ccSmp153739 retval = krb5_db_fetch_mkey(context, master_princ, 1847c478bd9Sstevel@tonic-gate global_params.enctype, 1857c478bd9Sstevel@tonic-gate TRUE, FALSE, (char *) NULL, 18656a424ccSmp153739 0, &mkey); 18756a424ccSmp153739 if (retval) { 188*dd9ccd46S /* Solaris Kerberos */ 189*dd9ccd46S com_err(progname, retval, gettext("while reading master key")); 1907c478bd9Sstevel@tonic-gate (void) krb5_db_fini(context); 19156a424ccSmp153739 exit_status++; return; 1927c478bd9Sstevel@tonic-gate } 19356a424ccSmp153739 19456a424ccSmp153739 retval = krb5_db_verify_master_key(context, master_princ, &mkey); 19556a424ccSmp153739 if (retval) { 196*dd9ccd46S /* Solaris Kerberos */ 197*dd9ccd46S com_err(progname, retval, gettext("while verifying master key")); 1987c478bd9Sstevel@tonic-gate krb5_free_keyblock_contents(context, &mkey); 1997c478bd9Sstevel@tonic-gate (void) krb5_db_fini(context); 20056a424ccSmp153739 exit_status++; return; 2017c478bd9Sstevel@tonic-gate } 20256a424ccSmp153739 20354925bf6Swillf retval = krb5_db_store_master_key(context, keyfile, master_princ, 20454925bf6Swillf &mkey, NULL); 20556a424ccSmp153739 if (retval) { 206*dd9ccd46S /* Solaris Kerberos */ 207*dd9ccd46S com_err(progname, errno, gettext("while storing key")); 2087c478bd9Sstevel@tonic-gate krb5_free_keyblock_contents(context, &mkey); 2097c478bd9Sstevel@tonic-gate (void) krb5_db_fini(context); 21056a424ccSmp153739 exit_status++; return; 2117c478bd9Sstevel@tonic-gate } 2127c478bd9Sstevel@tonic-gate krb5_free_keyblock_contents(context, &mkey); 21356a424ccSmp153739 21456a424ccSmp153739 retval = krb5_db_fini(context); 21556a424ccSmp153739 if (retval) { 216*dd9ccd46S /* Solaris Kerberos */ 217*dd9ccd46S com_err(progname, retval, 2187c478bd9Sstevel@tonic-gate gettext("closing database '%s'"), dbname); 21956a424ccSmp153739 exit_status++; return; 2207c478bd9Sstevel@tonic-gate } 2217c478bd9Sstevel@tonic-gate 2227c478bd9Sstevel@tonic-gate krb5_free_context(context); 2237c478bd9Sstevel@tonic-gate exit_status = 0; 22456a424ccSmp153739 return; 2257c478bd9Sstevel@tonic-gate } 226