Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/krb5/src/kadmin/dbutil/kdb5_stash.c
34889 views
1
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */

2
/* kadmin/dbutil/kdb5_stash.c - Store the master database key in a file */

3
/*

4
 * Copyright 1990 by the Massachusetts Institute of Technology.

5
 * All Rights Reserved.

6
 *

7
 * Export of this software from the United States of America may

8
 *   require a specific license from the United States Government.

9
 *   It is the responsibility of any person or organization contemplating

10
 *   export to obtain such a license before exporting.

11
 *

12
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and

13
 * distribute this software and its documentation for any purpose and

14
 * without fee is hereby granted, provided that the above copyright

15
 * notice appear in all copies and that both that copyright notice and

16
 * this permission notice appear in supporting documentation, and that

17
 * the name of M.I.T. not be used in advertising or publicity pertaining

18
 * to distribution of the software without specific, written prior

19
 * permission.  Furthermore if you modify this software you must label

20
 * your software as modified software and not distribute it in such a

21
 * fashion that it might be confused with the original M.I.T. software.

22
 * M.I.T. makes no representations about the suitability of

23
 * this software for any purpose.  It is provided "as is" without express

24
 * or implied warranty.

25
 */

26
/*

27
 * Copyright (C) 1998 by the FundsXpress, INC.

28
 *

29
 * All rights reserved.

30
 *

31
 * Export of this software from the United States of America may require

32
 * a specific license from the United States Government.  It is the

33
 * responsibility of any person or organization contemplating export to

34
 * obtain such a license before exporting.

35
 *

36
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and

37
 * distribute this software and its documentation for any purpose and

38
 * without fee is hereby granted, provided that the above copyright

39
 * notice appear in all copies and that both that copyright notice and

40
 * this permission notice appear in supporting documentation, and that

41
 * the name of FundsXpress. not be used in advertising or publicity pertaining

42
 * to distribution of the software without specific, written prior

43
 * permission.  FundsXpress makes no representations about the suitability of

44
 * this software for any purpose.  It is provided "as is" without express

45
 * or implied warranty.

46
 *

47
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR

48
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED

49
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.

50
 */

51


52
#include "k5-int.h"

53
#include "com_err.h"

54
#include <kadm5/admin.h>

55
#include <stdio.h>

56
#include "kdb5_util.h"

57


58
extern krb5_keyblock master_keyblock;

59
extern krb5_principal master_princ;

60
extern kadm5_config_params global_params;

61


62
extern int exit_status;

63
extern int close_policy_db;

64


65
void

66
kdb5_stash(int argc, char *argv[])

67
{

68
    extern char *optarg;

69
    extern int optind;

70
    int optchar;

71
    krb5_error_code retval;

72
    char *keyfile = 0;

73
    krb5_kvno mkey_kvno;

74


75
    keyfile = global_params.stash_file;

76


77
    optind = 1;

78
    while ((optchar = getopt(argc, argv, "f:")) != -1) {

79
        switch(optchar) {

80
        case 'f':

81
            keyfile = optarg;

82
            break;

83
        case '?':

84
        default:

85
            usage();

86
            return;

87
        }

88
    }

89


90
    if (!krb5_c_valid_enctype(master_keyblock.enctype)) {

91
        char tmp[32];

92
        if (krb5_enctype_to_name(master_keyblock.enctype, FALSE,

93
                                 tmp, sizeof(tmp)))

94
            com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,

95
                    _("while setting up enctype %d"), master_keyblock.enctype);

96
        else

97
            com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP, "%s", tmp);

98
        exit_status++; return;

99
    }

100


101
    if (global_params.mask & KADM5_CONFIG_KVNO)

102
        mkey_kvno = global_params.kvno; /* user specified */

103
    else

104
        mkey_kvno = IGNORE_VNO; /* use whatever krb5_db_fetch_mkey finds */

105


106
    if (!valid_master_key) {

107
        /* TRUE here means read the keyboard, but only once */

108
        retval = krb5_db_fetch_mkey(util_context, master_princ,

109
                                    master_keyblock.enctype,

110
                                    TRUE, FALSE, (char *) NULL,

111
                                    &mkey_kvno,

112
                                    NULL, &master_keyblock);

113
        if (retval) {

114
            com_err(progname, retval, _("while reading master key"));

115
            exit_status++; return;

116
        }

117


118
        retval = krb5_db_fetch_mkey_list(util_context, master_princ,

119
                                         &master_keyblock);

120
        if (retval) {

121
            com_err(progname, retval, _("while getting master key list"));

122
            exit_status++; return;

123
        }

124
    } else {

125
        printf(_("Using existing stashed keys to update stash file.\n"));

126
    }

127


128
    retval = krb5_db_store_master_key_list(util_context, keyfile, master_princ,

129
                                           NULL);

130
    if (retval) {

131
        com_err(progname, retval, _("while storing key"));

132
        exit_status++; return;

133
    }

134


135
    exit_status = 0;

136
    return;

137
}

138


139