kdb5_stash.c revision 2881:ea6360e7e1c5 
1/*
2 * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
3 * Use is subject to license terms.
4 */
5
6#pragma ident	"%Z%%M%	%I%	%E% SMI"
7
8/*
9 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
10 *
11 *	Openvision retains the copyright to derivative works of
12 *	this source code.  Do *NOT* create a derivative of this
13 *	source code before consulting with your legal department.
14 *	Do *NOT* integrate *ANY* of this source code into another
15 *	product before consulting with your legal department.
16 *
17 *	For further information, read the top-level Openvision
18 *	copyright which is contained in the top-level MIT Kerberos
19 *	copyright.
20 *
21 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
22 *
23 */
24
25
26/*
27 * admin/stash/kdb5_stash.c
28 *
29 * Copyright 1990 by the Massachusetts Institute of Technology.
30 * All Rights Reserved.
31 *
32 * Export of this software from the United States of America may
33 *   require a specific license from the United States Government.
34 *   It is the responsibility of any person or organization contemplating
35 *   export to obtain such a license before exporting.
36 *
37 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
38 * distribute this software and its documentation for any purpose and
39 * without fee is hereby granted, provided that the above copyright
40 * notice appear in all copies and that both that copyright notice and
41 * this permission notice appear in supporting documentation, and that
42 * the name of M.I.T. not be used in advertising or publicity pertaining
43 * to distribution of the software without specific, written prior
44 * permission.  Furthermore if you modify this software you must label
45 * your software as modified software and not distribute it in such a
46 * fashion that it might be confused with the original M.I.T. software.
47 * M.I.T. makes no representations about the suitability of
48 * this software for any purpose.  It is provided "as is" without express
49 * or implied warranty.
50 *
51 *
52 * Store the master database key in a file.
53 */
54
55/*
56 * Copyright (C) 1998 by the FundsXpress, INC.
57 *
58 * All rights reserved.
59 *
60 * Export of this software from the United States of America may require
61 * a specific license from the United States Government.  It is the
62 * responsibility of any person or organization contemplating export to
63 * obtain such a license before exporting.
64 *
65 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
66 * distribute this software and its documentation for any purpose and
67 * without fee is hereby granted, provided that the above copyright
68 * notice appear in all copies and that both that copyright notice and
69 * this permission notice appear in supporting documentation, and that
70 * the name of FundsXpress. not be used in advertising or publicity pertaining
71 * to distribution of the software without specific, written prior
72 * permission.  FundsXpress makes no representations about the suitability of
73 * this software for any purpose.  It is provided "as is" without express
74 * or implied warranty.
75 *
76 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
77 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
78 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
79 */
80
81
82#define KDB5_DISPATCH
83#define KRB5_KDB5_DBM__
84#include <k5-int.h>
85/* #define these to avoid an indirection function; for future implementations,
86   these may be redirected from a dispatch table/routine */
87#define krb5_dbm_db_set_name krb5_db_set_name
88#define krb5_dbm_db_set_nonblocking krb5_db_set_nonblocking
89#define krb5_dbm_db_init krb5_db_init
90#define krb5_dbm_db_get_age krb5_db_get_age
91#define krb5_dbm_db_create krb5_db_create
92#define krb5_dbm_db_rename krb5_db_rename
93#define krb5_dbm_db_get_principal krb5_db_get_principal
94#define krb5_dbm_db_free_principal krb5_db_free_principal
95#define krb5_dbm_db_put_principal krb5_db_put_principal
96#define krb5_dbm_db_delete_principal krb5_db_delete_principal
97#define krb5_dbm_db_lock krb5_db_lock
98#define krb5_dbm_db_unlock krb5_db_unlock
99#define krb5_dbm_db_set_lockmode krb5_db_set_lockmode
100#define krb5_dbm_db_close_database krb5_db_close_database
101#define krb5_dbm_db_open_database krb5_db_open_database
102
103#include <kadm5/admin.h>
104#include "com_err.h"
105#include <kadm5/admin.h>
106#include <stdio.h>
107#include <libintl.h>
108#include "kdb5_util.h"
109
110extern krb5_principal master_princ;
111extern kadm5_config_params global_params;
112
113extern int exit_status;
114extern int close_policy_db;
115
116void
117kdb5_stash(argc, argv)
118    int argc;
119    char *argv[];
120{
121    extern char *optarg;
122    extern int optind;
123    int optchar;
124    krb5_error_code retval;
125    char *dbname = (char *) NULL;
126    char *realm = 0;
127    char *mkey_name = 0;
128    char *mkey_fullname;
129    char *keyfile = 0;
130    krb5_context context;
131    krb5_keyblock mkey;
132
133    if (strrchr(argv[0], '/'))
134	argv[0] = strrchr(argv[0], '/')+1;
135
136    /* Tell upwards to close the policy db cause we don't */
137    close_policy_db = 1;
138
139    krb5_init_context(&context);
140
141    dbname = global_params.dbname;
142    realm = global_params.realm;
143    mkey_name = global_params.mkey_name;
144    keyfile = global_params.stash_file;
145
146    optind = 1;
147    while ((optchar = getopt(argc, argv, "f:")) != -1) {
148	switch(optchar) {
149	case 'f':
150	    keyfile = optarg;
151	    break;
152	case '?':
153	default:
154	    usage();
155	    return;
156	}
157    }
158
159    if (!krb5_c_valid_enctype(global_params.enctype)) {
160	char tmp[32];
161
162	if (krb5_enctype_to_string(global_params.enctype,
163					    tmp, sizeof (tmp)))
164	    com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP,
165		gettext("while setting up enctype %d"),
166		global_params.enctype);
167	else
168	    com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP, tmp);
169	exit_status++; return;
170    }
171
172    retval = krb5_db_set_name(context, dbname);
173    if (retval) {
174	com_err(argv[0], retval,
175	    gettext("while setting active database to '%s'"),
176	dbname);
177	exit_status++; return;
178    }
179
180    /* assemble & parse the master key name */
181    retval = krb5_db_setup_mkey_name(context, mkey_name, realm,
182				     &mkey_fullname, &master_princ);
183    if (retval) {
184	com_err(argv[0], retval,
185		gettext("while setting up master key name"));
186	exit_status++; return;
187    }
188
189    retval = krb5_db_init(context);
190    if (retval) {
191	com_err(argv[0], retval,
192		gettext("while initializing the database '%s'"),
193		dbname);
194	exit_status++; return;
195    }
196
197    /* TRUE here means read the keyboard, but only once */
198    retval = krb5_db_fetch_mkey(context, master_princ,
199				global_params.enctype,
200				TRUE, FALSE, (char *) NULL,
201				0, &mkey);
202    if (retval) {
203	com_err(argv[0], retval, gettext("while reading master key"));
204	(void) krb5_db_fini(context);
205	exit_status++; return;
206    }
207
208    retval = krb5_db_verify_master_key(context, master_princ, &mkey);
209    if (retval) {
210	com_err(argv[0], retval, gettext("while verifying master key"));
211	krb5_free_keyblock_contents(context, &mkey);
212	(void) krb5_db_fini(context);
213	exit_status++; return;
214    }
215
216    retval = krb5_db_store_mkey(context, keyfile, master_princ,
217				    &mkey);
218    if (retval) {
219	com_err(argv[0], errno, gettext("while storing key"));
220	krb5_free_keyblock_contents(context, &mkey);
221	(void) krb5_db_fini(context);
222	exit_status++; return;
223    }
224    krb5_free_keyblock_contents(context, &mkey);
225
226    retval = krb5_db_fini(context);
227    if (retval) {
228	com_err(argv[0], retval,
229		gettext("closing database '%s'"), dbname);
230	exit_status++; return;
231    }
232
233    krb5_free_context(context);
234    exit_status = 0;
235    return;
236}
237