141 lines
4.2 KiB
C
141 lines
4.2 KiB
C
/*
|
|
* Copyright (c) 2004 Kungliga Tekniska Högskolan
|
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
*
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
*
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* 3. Neither the name of the Institute nor the names of its contributors
|
|
* may be used to endorse or promote products derived from this software
|
|
* without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*/
|
|
|
|
#include "kadmin_locl.h"
|
|
#include "kadmin-commands.h"
|
|
|
|
RCSID("$Id: stash.c 22251 2007-12-09 05:58:43Z lha $");
|
|
|
|
extern int local_flag;
|
|
|
|
int
|
|
stash(struct stash_options *opt, int argc, char **argv)
|
|
{
|
|
char buf[1024];
|
|
krb5_error_code ret;
|
|
krb5_enctype enctype;
|
|
hdb_master_key mkey;
|
|
|
|
if(!local_flag) {
|
|
krb5_warnx(context, "stash is only available in local (-l) mode");
|
|
return 0;
|
|
}
|
|
|
|
ret = krb5_string_to_enctype(context, opt->enctype_string, &enctype);
|
|
if(ret) {
|
|
krb5_warn(context, ret, "%s", opt->enctype_string);
|
|
return 0;
|
|
}
|
|
|
|
if(opt->key_file_string == NULL) {
|
|
asprintf(&opt->key_file_string, "%s/m-key", hdb_db_dir(context));
|
|
if (opt->key_file_string == NULL)
|
|
errx(1, "out of memory");
|
|
}
|
|
|
|
ret = hdb_read_master_key(context, opt->key_file_string, &mkey);
|
|
if(ret && ret != ENOENT) {
|
|
krb5_warn(context, ret, "reading master key from %s",
|
|
opt->key_file_string);
|
|
return 0;
|
|
}
|
|
|
|
if (opt->convert_file_flag) {
|
|
if (ret)
|
|
krb5_warn(context, ret, "reading master key from %s",
|
|
opt->key_file_string);
|
|
return 0;
|
|
} else {
|
|
krb5_keyblock key;
|
|
krb5_salt salt;
|
|
salt.salttype = KRB5_PW_SALT;
|
|
/* XXX better value? */
|
|
salt.saltvalue.data = NULL;
|
|
salt.saltvalue.length = 0;
|
|
if(opt->master_key_fd_integer != -1) {
|
|
ssize_t n;
|
|
n = read(opt->master_key_fd_integer, buf, sizeof(buf));
|
|
if(n == 0)
|
|
krb5_warnx(context, "end of file reading passphrase");
|
|
else if(n < 0)
|
|
krb5_warn(context, errno, "reading passphrase");
|
|
buf[n] = '\0';
|
|
buf[strcspn(buf, "\r\n")] = '\0';
|
|
} else {
|
|
if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Master key: ", 1)) {
|
|
hdb_free_master_key(context, mkey);
|
|
return 0;
|
|
}
|
|
}
|
|
ret = krb5_string_to_key_salt(context, enctype, buf, salt, &key);
|
|
ret = hdb_add_master_key(context, &key, &mkey);
|
|
krb5_free_keyblock_contents(context, &key);
|
|
}
|
|
|
|
{
|
|
char *new, *old;
|
|
asprintf(&old, "%s.old", opt->key_file_string);
|
|
asprintf(&new, "%s.new", opt->key_file_string);
|
|
if(old == NULL || new == NULL) {
|
|
ret = ENOMEM;
|
|
goto out;
|
|
}
|
|
|
|
if(unlink(new) < 0 && errno != ENOENT) {
|
|
ret = errno;
|
|
goto out;
|
|
}
|
|
krb5_warnx(context, "writing key to \"%s\"", opt->key_file_string);
|
|
ret = hdb_write_master_key(context, new, mkey);
|
|
if(ret)
|
|
unlink(new);
|
|
else {
|
|
unlink(old);
|
|
if(link(opt->key_file_string, old) < 0 && errno != ENOENT) {
|
|
ret = errno;
|
|
unlink(new);
|
|
} else if(rename(new, opt->key_file_string) < 0) {
|
|
ret = errno;
|
|
}
|
|
}
|
|
out:
|
|
free(old);
|
|
free(new);
|
|
if(ret)
|
|
krb5_warn(context, errno, "writing master key file");
|
|
}
|
|
|
|
hdb_free_master_key(context, mkey);
|
|
return 0;
|
|
}
|