search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bump the sub-version to 1, for 2.0.1
[dragonfly.git] / crypto / heimdal-0.6.3 / kdc / hpropd.c
blobd27ff25727cca7a7a77c05a6d91529ae5ea87520
1 /*
2 * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "hprop.h"
35
36 RCSID("$Id: hpropd.c,v 1.36 2003/04/16 15:46:32 lha Exp $");
37
38 #ifdef KRB4
39 static des_cblock mkey4;
40 static des_key_schedule msched4;
41
42 static char *
43 time2str(time_t t)
44 {
45 static char buf[128];
46 strftime(buf, sizeof(buf), "%Y%m%d%H%M", gmtime(&t));
47 return buf;
48 }
49
50 static int
51 dump_krb4(krb5_context context, hdb_entry *ent, int fd)
52 {
53 char name[ANAME_SZ];
54 char instance[INST_SZ];
55 char realm[REALM_SZ];
56 char buf[1024];
57 char *p;
58 int i;
59 int ret;
60 char *princ_name;
61 Event *modifier;
62 krb5_realm *realms;
63 int cmp;
64
65 ret = krb5_524_conv_principal(context, ent->principal,
66 name, instance, realm);
67 if (ret) {
68 krb5_unparse_name(context, ent->principal, &princ_name);
69 krb5_warn(context, ret, "%s", princ_name);
70 free(princ_name);
71 return -1;
72 }
73
74 ret = krb5_get_default_realms (context, &realms);
75 if (ret) {
76 krb5_warn(context, ret, "krb5_get_default_realms");
77 return -1;
78 }
79
80 cmp = strcmp (realms[0], ent->principal->realm);
81 krb5_free_host_realm (context, realms);
82 if (cmp != 0)
83 return -1;
84
85 snprintf (buf, sizeof(buf), "%s %s ", name,
86 (strlen(instance) != 0) ? instance : "*");
87
88 if (ent->max_life) {
89 asprintf(&p, "%d", krb_time_to_life(0, *ent->max_life));
90 strlcat(buf, p, sizeof(buf));
91 free(p);
92 } else
93 strlcat(buf, "255", sizeof(buf));
94 strlcat(buf, " ", sizeof(buf));
95
96 i = 0;
97 while (i < ent->keys.len &&
98 ent->keys.val[i].key.keytype != KEYTYPE_DES)
99 ++i;
100
101 if (i == ent->keys.len) {
102 krb5_warnx(context, "No DES key for %s.%s", name, instance);
103 return -1;
104 }
105
106 if (ent->keys.val[i].mkvno)
107 asprintf(&p, "%d ", *ent->keys.val[i].mkvno);
108 else
109 asprintf(&p, "%d ", 1);
110 strlcat(buf, p, sizeof(buf));
111 free(p);
112
113 asprintf(&p, "%d ", ent->kvno);
114 strlcat(buf, p, sizeof(buf));
115 free(p);
116
117 asprintf(&p, "%d ", 0); /* Attributes are always 0*/
118 strlcat(buf, p, sizeof(buf));
119 free(p);
120
121 {
122 u_int32_t *key = ent->keys.val[i].key.keyvalue.data;
123 kdb_encrypt_key((des_cblock*)key, (des_cblock*)key,
124 &mkey4, msched4, DES_ENCRYPT);
125 asprintf(&p, "%x %x ", (int)htonl(*key), (int)htonl(*(key+1)));
126 strlcat(buf, p, sizeof(buf));
127 free(p);
128 }
129
130 if (ent->valid_end == NULL)
131 strlcat(buf, time2str(60*60*24*365*50), sizeof(buf)); /*no expiration*/
132 else
133 strlcat(buf, time2str(*ent->valid_end), sizeof(buf));
134 strlcat(buf, " ", sizeof(buf));
135
136 if (ent->modified_by == NULL)
137 modifier = &ent->created_by;
138 else
139 modifier = ent->modified_by;
140
141 ret = krb5_524_conv_principal(context, modifier->principal,
142 name, instance, realm);
143 if (ret) {
144 krb5_unparse_name(context, modifier->principal, &princ_name);
145 krb5_warn(context, ret, "%s", princ_name);
146 free(princ_name);
147 return -1;
148 }
149 asprintf(&p, "%s %s %s\n", time2str(modifier->time),
150 (strlen(name) != 0) ? name : "*",
151 (strlen(instance) != 0) ? instance : "*");
152 strlcat(buf, p, sizeof(buf));
153 free(p);
154
155 ret = write(fd, buf, strlen(buf));
156 if (ret == -1)
157 krb5_warnx(context, "write");
158 return 0;
159 }
160 #endif /* KRB4 */
161
162 static int inetd_flag = -1;
163 static int help_flag;
164 static int version_flag;
165 static int print_dump;
166 static const char *database = HDB_DEFAULT_DB;
167 static int from_stdin;
168 static char *local_realm;
169 #ifdef KRB4
170 static int v4dump;
171 #endif
172 static char *ktname = NULL;
173
174 struct getargs args[] = {
175 { "database", 'd', arg_string, &database, "database", "file" },
176 { "stdin", 'n', arg_flag, &from_stdin, "read from stdin" },
177 { "print", 0, arg_flag, &print_dump, "print dump to stdout" },
178 { "inetd", 'i', arg_negative_flag, &inetd_flag,
179 "Not started from inetd" },
180 { "keytab", 'k', arg_string, &ktname, "keytab to use for authentication", "keytab" },
181 { "realm", 'r', arg_string, &local_realm, "realm to use" },
182 #ifdef KRB4
183 { "v4dump", '4', arg_flag, &v4dump, "create v4 type DB" },
184 #endif
185 { "version", 0, arg_flag, &version_flag, NULL, NULL },
186 { "help", 'h', arg_flag, &help_flag, NULL, NULL}
187 };
188
189 static int num_args = sizeof(args) / sizeof(args[0]);
190
191 static void
192 usage(int ret)
193 {
194 arg_printusage (args, num_args, NULL, "");
195 exit (ret);
196 }
197
198 int
199 main(int argc, char **argv)
200 {
201 krb5_error_code ret;
202 krb5_context context;
203 krb5_auth_context ac = NULL;
204 krb5_principal c1, c2;
205 krb5_authenticator authent;
206 krb5_keytab keytab;
207 int fd;
208 HDB *db;
209 int optind = 0;
210 char *tmp_db;
211 krb5_log_facility *fac;
212 int nprincs;
213 #ifdef KRB4
214 int e;
215 int fd_out = -1;
216 #endif
217
218 setprogname(argv[0]);
219
220 ret = krb5_init_context(&context);
221 if(ret)
222 exit(1);
223
224 ret = krb5_openlog(context, "hpropd", &fac);
225 if(ret)
226 ;
227 krb5_set_warn_dest(context, fac);
228
229 if(getarg(args, num_args, argc, argv, &optind))
230 usage(1);
231
232 #ifdef KRB4
233 if (v4dump && database == HDB_DEFAULT_DB)
234 database = "/var/kerberos/524_dump";
235 #endif /* KRB4 */
236
237 if(local_realm != NULL)
238 krb5_set_default_realm(context, local_realm);
239
240 if(help_flag)
241 usage(0);
242 if(version_flag) {
243 print_version(NULL);
244 exit(0);
245 }
246
247 argc -= optind;
248 argv += optind;
249
250 if (argc != 0)
251 usage(1);
252
253 if(from_stdin)
254 fd = STDIN_FILENO;
255 else {
256 struct sockaddr_storage ss;
257 struct sockaddr *sa = (struct sockaddr *)&ss;
258 socklen_t sin_len = sizeof(ss);
259 char addr_name[256];
260 krb5_ticket *ticket;
261 char *server;
262
263 fd = STDIN_FILENO;
264 if (inetd_flag == -1) {
265 if (getpeername (fd, sa, &sin_len) < 0)
266 inetd_flag = 0;
267 else
268 inetd_flag = 1;
269 }
270 if (!inetd_flag) {
271 mini_inetd (krb5_getportbyname (context, "hprop", "tcp",
272 HPROP_PORT));
273 }
274 sin_len = sizeof(ss);
275 if(getpeername(fd, sa, &sin_len) < 0)
276 krb5_err(context, 1, errno, "getpeername");
277
278 if (inet_ntop(sa->sa_family,
279 socket_get_address (sa),
280 addr_name,
281 sizeof(addr_name)) == NULL)
282 strlcpy (addr_name, "unknown address",
283 sizeof(addr_name));
284
285 krb5_log(context, fac, 0, "Connection from %s", addr_name);
286
287 ret = krb5_kt_register(context, &hdb_kt_ops);
288 if(ret)
289 krb5_err(context, 1, ret, "krb5_kt_register");
290
291 if (ktname != NULL) {
292 ret = krb5_kt_resolve(context, ktname, &keytab);
293 if (ret)
294 krb5_err (context, 1, ret, "krb5_kt_resolve %s", ktname);
295 } else {
296 ret = krb5_kt_default (context, &keytab);
297 if (ret)
298 krb5_err (context, 1, ret, "krb5_kt_default");
299 }
300
301 ret = krb5_recvauth(context, &ac, &fd, HPROP_VERSION, NULL,
302 0, keytab, &ticket);
303 if(ret)
304 krb5_err(context, 1, ret, "krb5_recvauth");
305
306 ret = krb5_unparse_name(context, ticket->server, &server);
307 if (ret)
308 krb5_err(context, 1, ret, "krb5_unparse_name");
309 if (strncmp(server, "hprop/", 5) != 0)
310 krb5_errx(context, 1, "ticket not for hprop (%s)", server);
311
312 free(server);
313 krb5_free_ticket (context, ticket);
314
315 ret = krb5_auth_con_getauthenticator(context, ac, &authent);
316 if(ret)
317 krb5_err(context, 1, ret, "krb5_auth_con_getauthenticator");
318
319 ret = krb5_make_principal(context, &c1, NULL, "kadmin", "hprop", NULL);
320 if(ret)
321 krb5_err(context, 1, ret, "krb5_make_principal");
322 principalname2krb5_principal(&c2, authent->cname, authent->crealm);
323 if(!krb5_principal_compare(context, c1, c2)) {
324 char *s;
325 krb5_unparse_name(context, c2, &s);
326 krb5_errx(context, 1, "Unauthorized connection from %s", s);
327 }
328 krb5_free_principal(context, c1);
329 krb5_free_principal(context, c2);
330
331 ret = krb5_kt_close(context, keytab);
332 if(ret)
333 krb5_err(context, 1, ret, "krb5_kt_close");
334 }
335
336 if(!print_dump) {
337 asprintf(&tmp_db, "%s~", database);
338 #ifdef KRB4
339 if (v4dump) {
340 fd_out = open(tmp_db, O_WRONLY | O_CREAT | O_TRUNC, 0600);
341 if (fd_out == -1)
342 krb5_errx(context, 1, "%s", strerror(errno));
343 }
344 else
345 #endif /* KRB4 */
346 {
347 ret = hdb_create(context, &db, tmp_db);
348 if(ret)
349 krb5_err(context, 1, ret, "hdb_create(%s)", tmp_db);
350 ret = db->open(context, db, O_RDWR | O_CREAT | O_TRUNC, 0600);
351 if(ret)
352 krb5_err(context, 1, ret, "hdb_open(%s)", tmp_db);
353 }
354 }
355
356 #ifdef KRB4
357 if (v4dump) {
358 e = kdb_get_master_key(0, &mkey4, msched4);
359 if(e)
360 krb5_errx(context, 1, "kdb_get_master_key: %s",
361 krb_get_err_text(e));
362 }
363 #endif /* KRB4 */
364
365 nprincs = 0;
366 while(1){
367 krb5_data data;
368 hdb_entry entry;
369
370 if(from_stdin) {
371 ret = krb5_read_message(context, &fd, &data);
372 if(ret != 0 && ret != HEIM_ERR_EOF)
373 krb5_err(context, 1, ret, "krb5_read_message");
374 } else {
375 ret = krb5_read_priv_message(context, ac, &fd, &data);
376 if(ret)
377 krb5_err(context, 1, ret, "krb5_read_priv_message");
378 }
379
380 if(ret == HEIM_ERR_EOF || data.length == 0) {
381 if(!from_stdin) {
382 data.data = NULL;
383 data.length = 0;
384 krb5_write_priv_message(context, ac, &fd, &data);
385 }
386 if(!print_dump) {
387 #ifdef KRB4
388 if (v4dump) {
389 ret = rename(tmp_db, database);
390 if (ret)
391 krb5_errx(context, 1, "rename");
392 ret = close(fd_out);
393 if (ret)
394 krb5_errx(context, 1, "close");
395 } else
396 #endif /* KRB4 */
397 {
398 ret = db->rename(context, db, database);
399 if(ret)
400 krb5_err(context, 1, ret, "db_rename");
401 ret = db->close(context, db);
402 if(ret)
403 krb5_err(context, 1, ret, "db_close");
404 }
405 }
406 break;
407 }
408 ret = hdb_value2entry(context, &data, &entry);
409 if(ret)
410 krb5_err(context, 1, ret, "hdb_value2entry");
411 if(print_dump)
412 hdb_print_entry(context, db, &entry, stdout);
413 else {
414 #ifdef KRB4
415 if (v4dump) {
416 ret = dump_krb4(context, &entry, fd_out);
417 if(!ret) nprincs++;
418 }
419 else
420 #endif /* KRB4 */
421 {
422 ret = db->store(context, db, 0, &entry);
423 if(ret == HDB_ERR_EXISTS) {
424 char *s;
425 krb5_unparse_name(context, entry.principal, &s);
426 krb5_warnx(context, "Entry exists: %s", s);
427 free(s);
428 } else if(ret)
429 krb5_err(context, 1, ret, "db_store");
430 else
431 nprincs++;
432 }
433 }
434 hdb_free_entry(context, &entry);
435 }
436 if (!print_dump)
437 krb5_log(context, fac, 0, "Received %d principals", nprincs);
438 exit(0);
439 }
DragonFly BSD