usr/src/cmd/krb5/kadmin/dbutil/kdb5_stash.c

root/usr/src/cmd/krb5/kadmin/dbutil/kdb5_stash.c
/*
 * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

/*
 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
 *
 *      Openvision retains the copyright to derivative works of
 *      this source code.  Do *NOT* create a derivative of this
 *      source code before consulting with your legal department.
 *      Do *NOT* integrate *ANY* of this source code into another
 *      product before consulting with your legal department.
 *
 *      For further information, read the top-level Openvision
 *      copyright which is contained in the top-level MIT Kerberos
 *      copyright.
 *
 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
 *
 */


/*
 * admin/stash/kdb5_stash.c
 *
 * Copyright 1990 by the Massachusetts Institute of Technology.
 * All Rights Reserved.
 *
 * Export of this software from the United States of America may
 *   require a specific license from the United States Government.
 *   It is the responsibility of any person or organization contemplating
 *   export to obtain such a license before exporting.
 *
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
 * distribute this software and its documentation for any purpose and
 * without fee is hereby granted, provided that the above copyright
 * notice appear in all copies and that both that copyright notice and
 * this permission notice appear in supporting documentation, and that
 * the name of M.I.T. not be used in advertising or publicity pertaining
 * to distribution of the software without specific, written prior
 * permission.  Furthermore if you modify this software you must label
 * your software as modified software and not distribute it in such a
 * fashion that it might be confused with the original M.I.T. software.
 * M.I.T. makes no representations about the suitability of
 * this software for any purpose.  It is provided "as is" without express
 * or implied warranty.
 *
 *
 * Store the master database key in a file.
 */

/*
 * Copyright (C) 1998 by the FundsXpress, INC.
 *
 * All rights reserved.
 *
 * Export of this software from the United States of America may require
 * a specific license from the United States Government.  It is the
 * responsibility of any person or organization contemplating export to
 * obtain such a license before exporting.
 *
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
 * distribute this software and its documentation for any purpose and
 * without fee is hereby granted, provided that the above copyright
 * notice appear in all copies and that both that copyright notice and
 * this permission notice appear in supporting documentation, and that
 * the name of FundsXpress. not be used in advertising or publicity pertaining
 * to distribution of the software without specific, written prior
 * permission.  FundsXpress makes no representations about the suitability of
 * this software for any purpose.  It is provided "as is" without express
 * or implied warranty.
 *
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 */

#include "k5-int.h"
#include <kadm5/admin.h>
#include "com_err.h"
#include <kadm5/admin.h>
#include <stdio.h>
#include <libintl.h>
#include "kdb5_util.h"

extern krb5_principal master_princ;
extern kadm5_config_params global_params;

extern int exit_status;

void
kdb5_stash(argc, argv)
    int argc;
    char *argv[];
{
    extern char *optarg;
    extern int optind;
    int optchar;
    krb5_error_code retval;
    char *dbname = (char *) NULL;
    char *realm = 0;
    char *mkey_name = 0;
    char *mkey_fullname;
    char *keyfile = 0;
    krb5_context context;
    krb5_keyblock mkey;

/* Solaris Kerberos */
#if 0
    if (strrchr(argv[0], '/'))
        argv[0] = strrchr(argv[0], '/')+1;
#endif
    retval = kadm5_init_krb5_context(&context);
    if( retval )
    {
        /* Solaris Kerberos */
        com_err(progname, retval, "while initializing krb5_context");
        exit(1);
    }

    if ((retval = krb5_set_default_realm(context,
                                          util_context->default_realm))) {
        /* Solaris Kerberos */
        com_err(progname, retval, "while setting default realm name");
        exit(1);
    }

    dbname = global_params.dbname;
    realm = global_params.realm;
    mkey_name = global_params.mkey_name;
    keyfile = global_params.stash_file;

    optind = 1;
    while ((optchar = getopt(argc, argv, "f:")) != -1) {
        switch(optchar) {
        case 'f':
            keyfile = optarg;
            break;
        case '?':
        default:
            usage();
            return;
        }
    }

    if (!krb5_c_valid_enctype(global_params.enctype)) {
        char tmp[32];
        if (krb5_enctype_to_string(global_params.enctype,
                                            tmp, sizeof (tmp)))
            /* Solaris Kerberos */
            com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,
                gettext("while setting up enctype %d"),
                global_params.enctype);
        else {
            /* Solaris Kerberos */
            com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP, tmp);
        }
        exit_status++; return;
    }

    /* assemble & parse the master key name */
    retval = krb5_db_setup_mkey_name(context, mkey_name, realm,
                                     &mkey_fullname, &master_princ);
    if (retval) {
        /* Solaris Kerberos */
        com_err(progname, retval,
                gettext("while setting up master key name"));
        exit_status++; return;
    }

    retval = krb5_db_open(context, db5util_db_args,
                          KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_OTHER);
    if (retval) {
        /* Solaris Kerberos */
        com_err(progname, retval,
                gettext("while initializing the database '%s'"),
                dbname);
        exit_status++; return;
    }

    /* TRUE here means read the keyboard, but only once */
    retval = krb5_db_fetch_mkey(context, master_princ,
                                global_params.enctype,
                                TRUE, FALSE, (char *) NULL,
                                0, &mkey);
    if (retval) {
        /* Solaris Kerberos */
        com_err(progname, retval, gettext("while reading master key"));
        (void) krb5_db_fini(context);
        exit_status++; return;
    }

    retval = krb5_db_verify_master_key(context, master_princ, &mkey);
    if (retval) {
        /* Solaris Kerberos */
        com_err(progname, retval, gettext("while verifying master key"));
        krb5_free_keyblock_contents(context, &mkey);
        (void) krb5_db_fini(context);
        exit_status++; return;
    }

    retval = krb5_db_store_master_key(context, keyfile, master_princ,
                                    &mkey, NULL);
    if (retval) {
        /* Solaris Kerberos */
        com_err(progname, errno, gettext("while storing key"));
        krb5_free_keyblock_contents(context, &mkey);
        (void) krb5_db_fini(context);
        exit_status++; return;
    }
    krb5_free_keyblock_contents(context, &mkey);

    retval = krb5_db_fini(context);
    if (retval) {
        /* Solaris Kerberos */
        com_err(progname, retval,
                gettext("closing database '%s'"), dbname);
        exit_status++; return;
    }

    krb5_free_context(context);
    exit_status = 0;
    return;
}
Illumos
