diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 17:47:29 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 17:47:29 +0000 |
commit | 4f5791ebd03eaec1c7da0865a383175b05102712 (patch) | |
tree | 8ce7b00f7a76baa386372422adebbe64510812d4 /third_party/heimdal/kdc/kstash.c | |
parent | Initial commit. (diff) | |
download | samba-upstream.tar.xz samba-upstream.zip |
Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'third_party/heimdal/kdc/kstash.c')
-rw-r--r-- | third_party/heimdal/kdc/kstash.c | 189 |
1 files changed, 189 insertions, 0 deletions
diff --git a/third_party/heimdal/kdc/kstash.c b/third_party/heimdal/kdc/kstash.c new file mode 100644 index 0000000..6ec1a54 --- /dev/null +++ b/third_party/heimdal/kdc/kstash.c @@ -0,0 +1,189 @@ +/* + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "headers.h" + +krb5_context context; + +static char *keyfile; +static int convert_flag; +static int help_flag; +static int version_flag; + +static int master_key_fd = -1; +static int random_key_flag; + +static const char *enctype_str = "des3-cbc-sha1"; + +static struct getargs args[] = { + { "enctype", 'e', arg_string, rk_UNCONST(&enctype_str), "encryption type", + NULL }, + { "key-file", 'k', arg_string, &keyfile, "master key file", "file" }, + { "convert-file", 0, arg_flag, &convert_flag, + "just convert keyfile to new format", NULL }, + { "master-key-fd", 0, arg_integer, &master_key_fd, + "filedescriptor to read passphrase from", "fd" }, + { "random-key", 0, arg_flag, &random_key_flag, + "generate a random master key", NULL }, + { "help", 'h', arg_flag, &help_flag, NULL, NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL } +}; + +int num_args = sizeof(args) / sizeof(args[0]); + +int +main(int argc, char **argv) +{ + char buf[1024+1]; + krb5_error_code ret; + int aret; + + krb5_enctype enctype; + + hdb_master_key mkey; + + krb5_program_setup(&context, argc, argv, args, num_args, NULL); + + if(help_flag) + krb5_std_usage(0, args, num_args); + if(version_flag){ + print_version(NULL); + exit(0); + } + + if (master_key_fd != -1 && random_key_flag) + krb5_errx(context, 1, "random-key and master-key-fd " + "is mutual exclusive"); + + if (keyfile == NULL) { + aret = asprintf(&keyfile, "%s/m-key", hdb_db_dir(context)); + if (aret == -1) + krb5_errx(context, 1, "out of memory"); + } + + ret = krb5_string_to_enctype(context, enctype_str, &enctype); + if(ret) + krb5_err(context, 1, ret, "krb5_string_to_enctype"); + + ret = hdb_read_master_key(context, keyfile, &mkey); + if(ret && ret != ENOENT) + krb5_err(context, 1, ret, "reading master key from %s", keyfile); + + if (convert_flag) { + if (ret) + krb5_err(context, 1, ret, "reading master key from %s", keyfile); + } else { + krb5_keyblock key; + krb5_salt salt; + salt.salttype = KRB5_PW_SALT; + /* XXX better value? */ + salt.saltvalue.data = NULL; + salt.saltvalue.length = 0; + if (random_key_flag) { + ret = krb5_generate_random_keyblock(context, enctype, &key); + if (ret) + krb5_err(context, 1, ret, "krb5_generate_random_keyblock"); + + } else { + if(master_key_fd != -1) { + ssize_t n; + n = read(master_key_fd, buf, sizeof(buf)-1); + if(n <= 0) + krb5_err(context, 1, errno, "failed to read passphrase"); + buf[n] = '\0'; + buf[strcspn(buf, "\r\n")] = '\0'; + + } else { + if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Master key: ", + UI_UTIL_FLAG_VERIFY)) + exit(1); + } + krb5_string_to_key_salt(context, enctype, buf, salt, &key); + } + ret = hdb_add_master_key(context, &key, &mkey); + if (ret) + krb5_err(context, 1, ret, "hdb_add_master_key"); + + krb5_free_keyblock_contents(context, &key); + + } + + { + char *new = NULL, *old = NULL; + + aret = asprintf(&old, "%s.old", keyfile); + if (aret == -1) { + old = NULL; + ret = ENOMEM; + goto out; + } + aret = asprintf(&new, "%s.new", keyfile); + if (aret == -1) { + new = NULL; + ret = ENOMEM; + goto out; + } + if(unlink(new) < 0 && errno != ENOENT) { + ret = errno; + goto out; + } + krb5_warnx(context, "writing key to `%s'", keyfile); + ret = hdb_write_master_key(context, new, mkey); + if(ret) + unlink(new); + else { +#ifndef NO_POSIX_LINKS + unlink(old); + if(link(keyfile, old) < 0 && errno != ENOENT) { + ret = errno; + unlink(new); + } else { +#endif + if(rename(new, keyfile) < 0) { + ret = errno; + } +#ifndef NO_POSIX_LINKS + } +#endif + } + out: + free(old); + free(new); + if(ret) + krb5_warn(context, errno, "writing master key file"); + } + + hdb_free_master_key(context, mkey); + + exit(ret != 0); +} |