#include "k5-int.h"
#include "com_err.h"
#include <kadm5/admin.h>
#include <stdio.h>
#include "kdb5_util.h"
extern krb5_keyblock master_keyblock;
extern krb5_principal master_princ;
extern kadm5_config_params global_params;
extern int exit_status;
extern int close_policy_db;
void
kdb5_stash(argc, argv)
int argc;
char *argv[];
{
extern char *optarg;
extern int optind;
int optchar;
krb5_error_code retval;
char *dbname = (char *) NULL;
char *realm = 0;
char *mkey_name = 0;
char *mkey_fullname;
char *keyfile = 0;
krb5_context context;
if (strrchr(argv[0], '/'))
argv[0] = strrchr(argv[0], '/')+1;
retval = kadm5_init_krb5_context(&context);
if( retval )
{
com_err(argv[0], retval, "while initializing krb5_context");
exit(1);
}
if ((retval = krb5_set_default_realm(context,
util_context->default_realm))) {
com_err(argv[0], retval, "while setting default realm name");
exit(1);
}
dbname = global_params.dbname;
realm = global_params.realm;
mkey_name = global_params.mkey_name;
keyfile = global_params.stash_file;
optind = 1;
while ((optchar = getopt(argc, argv, "f:")) != -1) {
switch(optchar) {
case 'f':
keyfile = optarg;
break;
case '?':
default:
usage();
return;
}
}
if (!krb5_c_valid_enctype(master_keyblock.enctype)) {
char tmp[32];
if (krb5_enctype_to_string(master_keyblock.enctype, tmp, sizeof(tmp)))
com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP,
"while setting up enctype %d", master_keyblock.enctype);
else
com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP, tmp);
exit_status++; return;
}
retval = krb5_db_setup_mkey_name(context, mkey_name, realm,
&mkey_fullname, &master_princ);
if (retval) {
com_err(argv[0], retval, "while setting up master key name");
exit_status++; return;
}
retval = krb5_db_open(context, db5util_db_args,
KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_OTHER);
if (retval) {
com_err(argv[0], retval, "while initializing the database '%s'",
dbname);
exit_status++; return;
}
retval = krb5_db_fetch_mkey(context, master_princ,
master_keyblock.enctype,
TRUE, FALSE, (char *) NULL,
0, &master_keyblock);
if (retval) {
com_err(argv[0], retval, "while reading master key");
(void) krb5_db_fini(context);
exit_status++; return;
}
retval = krb5_db_verify_master_key(context, master_princ,
&master_keyblock);
if (retval) {
com_err(argv[0], retval, "while verifying master key");
(void) krb5_db_fini(context);
exit_status++; return;
}
retval = krb5_db_store_master_key(context, keyfile, master_princ,
&master_keyblock, NULL);
if (retval) {
com_err(argv[0], errno, "while storing key");
memset((char *)master_keyblock.contents, 0, master_keyblock.length);
(void) krb5_db_fini(context);
exit_status++; return;
}
memset((char *)master_keyblock.contents, 0, master_keyblock.length);
retval = krb5_db_fini(context);
if (retval) {
com_err(argv[0], retval, "closing database '%s'", dbname);
exit_status++; return;
}
krb5_free_context(context);
exit_status = 0;
return;
}