etc/services - sync with NetBSD-8
[minix.git] / crypto / external / bsd / heimdal / dist / kdc / kstash.c
blobb6d4c73a0a4e958642a568209fefe45e9e71513a
1 /* $NetBSD: kstash.c,v 1.1.1.2 2014/04/24 12:45:27 pettai Exp $ */
3 /*
4 * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
5 * (Royal Institute of Technology, Stockholm, Sweden).
6 * All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
36 #include "headers.h"
38 krb5_context context;
40 static char *keyfile;
41 static int convert_flag;
42 static int help_flag;
43 static int version_flag;
45 static int master_key_fd = -1;
46 static int random_key_flag;
48 static const char *enctype_str = "des3-cbc-sha1";
50 static struct getargs args[] = {
51 { "enctype", 'e', arg_string, rk_UNCONST(&enctype_str), "encryption type",
52 NULL },
53 { "key-file", 'k', arg_string, &keyfile, "master key file", "file" },
54 { "convert-file", 0, arg_flag, &convert_flag,
55 "just convert keyfile to new format", NULL },
56 { "master-key-fd", 0, arg_integer, &master_key_fd,
57 "filedescriptor to read passphrase from", "fd" },
58 { "random-key", 0, arg_flag, &random_key_flag,
59 "generate a random master key", NULL },
60 { "help", 'h', arg_flag, &help_flag, NULL, NULL },
61 { "version", 0, arg_flag, &version_flag, NULL, NULL }
64 int num_args = sizeof(args) / sizeof(args[0]);
66 int
67 main(int argc, char **argv)
69 char buf[1024];
70 krb5_error_code ret;
72 krb5_enctype enctype;
74 hdb_master_key mkey;
76 krb5_program_setup(&context, argc, argv, args, num_args, NULL);
78 if(help_flag)
79 krb5_std_usage(0, args, num_args);
80 if(version_flag){
81 print_version(NULL);
82 exit(0);
85 if (master_key_fd != -1 && random_key_flag)
86 krb5_errx(context, 1, "random-key and master-key-fd "
87 "is mutual exclusive");
89 if (keyfile == NULL)
90 asprintf(&keyfile, "%s/m-key", hdb_db_dir(context));
92 ret = krb5_string_to_enctype(context, enctype_str, &enctype);
93 if(ret)
94 krb5_err(context, 1, ret, "krb5_string_to_enctype");
96 ret = hdb_read_master_key(context, keyfile, &mkey);
97 if(ret && ret != ENOENT)
98 krb5_err(context, 1, ret, "reading master key from %s", keyfile);
100 if (convert_flag) {
101 if (ret)
102 krb5_err(context, 1, ret, "reading master key from %s", keyfile);
103 } else {
104 krb5_keyblock key;
105 krb5_salt salt;
106 salt.salttype = KRB5_PW_SALT;
107 /* XXX better value? */
108 salt.saltvalue.data = NULL;
109 salt.saltvalue.length = 0;
110 if (random_key_flag) {
111 ret = krb5_generate_random_keyblock(context, enctype, &key);
112 if (ret)
113 krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
115 } else {
116 if(master_key_fd != -1) {
117 ssize_t n;
118 n = read(master_key_fd, buf, sizeof(buf));
119 if(n <= 0)
120 krb5_err(context, 1, errno, "failed to read passphrase");
121 buf[n] = '\0';
122 buf[strcspn(buf, "\r\n")] = '\0';
124 } else {
125 if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Master key: ", 1))
126 exit(1);
128 krb5_string_to_key_salt(context, enctype, buf, salt, &key);
130 ret = hdb_add_master_key(context, &key, &mkey);
132 krb5_free_keyblock_contents(context, &key);
137 char *new, *old;
138 asprintf(&old, "%s.old", keyfile);
139 asprintf(&new, "%s.new", keyfile);
140 if(unlink(new) < 0 && errno != ENOENT) {
141 ret = errno;
142 goto out;
144 krb5_warnx(context, "writing key to `%s'", keyfile);
145 ret = hdb_write_master_key(context, new, mkey);
146 if(ret)
147 unlink(new);
148 else {
149 #ifndef NO_POSIX_LINKS
150 unlink(old);
151 if(link(keyfile, old) < 0 && errno != ENOENT) {
152 ret = errno;
153 unlink(new);
154 } else {
155 #endif
156 if(rename(new, keyfile) < 0) {
157 ret = errno;
159 #ifndef NO_POSIX_LINKS
161 #endif
163 out:
164 free(old);
165 free(new);
166 if(ret)
167 krb5_warn(context, errno, "writing master key file");
170 hdb_free_master_key(context, mkey);
172 exit(ret != 0);