crypto/heimdal-0.6.3/kdc/kstash.c

   1 /*
   2  * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #include "headers.h"
  35
  36 RCSID("$Id: kstash.c,v 1.15 2002/04/18 09:47:25 joda Exp $");
  37
  38 krb5_context context;
  39
  40 const char *keyfile = HDB_DB_DIR "/m-key";
  41 int convert_flag;
  42 int help_flag;
  43 int version_flag;
  44
  45 int master_key_fd = -1;
  46
  47 const char *enctype_str = "des3-cbc-sha1";
  48
  49 struct getargs args[] = {
  50     { "enctype", 'e', arg_string, &enctype_str, "encryption type" },
  51     { "key-file", 'k', arg_string, &keyfile, "master key file", "file" },
  52     { "convert-file", 0, arg_flag, &convert_flag,
  53       "just convert keyfile to new format" },
  54     { "master-key-fd", 0, arg_integer, &master_key_fd,
  55       "filedescriptor to read passphrase from", "fd" },
  56     { "help", 'h', arg_flag, &help_flag },
  57     { "version", 0, arg_flag, &version_flag }
  58 };
  59
  60 int num_args = sizeof(args) / sizeof(args[0]);
  61
  62 int
  63 main(int argc, char **argv)
  64 {
  65     char buf[1024];
  66     krb5_error_code ret;
  67
  68     krb5_enctype enctype;
  69
  70     hdb_master_key mkey;
  71
  72     krb5_program_setup(&context, argc, argv, args, num_args, NULL);
  73
  74     if(help_flag)
  75         krb5_std_usage(0, args, num_args);
  76     if(version_flag){
  77         print_version(NULL);
  78         exit(0);
  79     }
  80
  81     ret = krb5_string_to_enctype(context, enctype_str, &enctype);
  82     if(ret)
  83         krb5_err(context, 1, ret, "krb5_string_to_enctype");
  84
  85     ret = hdb_read_master_key(context, keyfile, &mkey);
  86     if(ret && ret != ENOENT)
  87         krb5_err(context, 1, ret, "reading master key from %s", keyfile);
  88
  89     if (convert_flag) {
  90         if (ret)
  91             krb5_err(context, 1, ret, "reading master key from %s", keyfile);
  92     } else {
  93         krb5_keyblock key;
  94         krb5_salt salt;
  95         salt.salttype = KRB5_PW_SALT;
  96         /* XXX better value? */
  97         salt.saltvalue.data = NULL;
  98         salt.saltvalue.length = 0;
  99         if(master_key_fd != -1) {
 100             ssize_t n;
 101             n = read(master_key_fd, buf, sizeof(buf));
 102             if(n <= 0)
 103                 krb5_err(context, 1, errno, "failed to read passphrase");
 104             buf[n] = '\0';
 105             buf[strcspn(buf, "\r\n")] = '\0';
 106         } else {
 107             if(des_read_pw_string(buf, sizeof(buf), "Master key: ", 1))
 108                 exit(1);
 109         }
 110         krb5_string_to_key_salt(context, enctype, buf, salt, &key);
 111         ret = hdb_add_master_key(context, &key, &mkey);
 112
 113         krb5_free_keyblock_contents(context, &key);
 114
 115     }
 116
 117     {
 118         char *new, *old;
 119         asprintf(&old, "%s.old", keyfile);
 120         asprintf(&new, "%s.new", keyfile);
 121         if(unlink(new) < 0 && errno != ENOENT) {
 122             ret = errno;
 123             goto out;
 124         }
 125         krb5_warnx(context, "writing key to `%s'", keyfile);
 126         ret = hdb_write_master_key(context, new, mkey);
 127         if(ret)
 128             unlink(new);
 129         else {
 130             unlink(old);
 131             if(link(keyfile, old) < 0 && errno != ENOENT) {
 132                 ret = errno;
 133                 unlink(new);
 134             } else if(rename(new, keyfile) < 0) {
 135                 ret = errno;
 136             }
 137         }
 138     out:
 139         free(old);
 140         free(new);
 141         if(ret)
 142             krb5_warn(context, errno, "writing master key file");
 143     }
 144
 145     hdb_free_master_key(context, mkey);
 146
 147     exit(ret != 0);
 148 }