search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
x
[heimdal.git] / kpasswd / kpasswdd.c
blobbe1d5eb325c63a2369f9a8f265049977d429b3b2
1 /*
2 * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kpasswd_locl.h"
35 RCSID("$Id$");
36
37 #include <kadm5/admin.h>
38 #ifdef HAVE_SYS_UN_H
39 #include <sys/un.h>
40 #endif
41 #include <hdb.h>
42 #include <kadm5/private.h>
43
44 static krb5_context context;
45 static krb5_log_facility *log_facility;
46
47 static struct getarg_strings addresses_str;
48 krb5_addresses explicit_addresses;
49
50 static sig_atomic_t exit_flag = 0;
51
52 static void
53 add_one_address (const char *str, int first)
54 {
55 krb5_error_code ret;
56 krb5_addresses tmp;
57
58 ret = krb5_parse_address (context, str, &tmp);
59 if (ret)
60 krb5_err (context, 1, ret, "parse_address `%s'", str);
61 if (first)
62 krb5_copy_addresses(context, &tmp, &explicit_addresses);
63 else
64 krb5_append_addresses(context, &explicit_addresses, &tmp);
65 krb5_free_addresses (context, &tmp);
66 }
67
68 static void
69 send_reply (int s,
70 struct sockaddr *sa,
71 int sa_size,
72 krb5_data *ap_rep,
73 krb5_data *rest)
74 {
75 struct msghdr msghdr;
76 struct iovec iov[3];
77 u_int16_t len, ap_rep_len;
78 u_char header[6];
79 u_char *p;
80
81 if (ap_rep)
82 ap_rep_len = ap_rep->length;
83 else
84 ap_rep_len = 0;
85
86 len = 6 + ap_rep_len + rest->length;
87 p = header;
88 *p++ = (len >> 8) & 0xFF;
89 *p++ = (len >> 0) & 0xFF;
90 *p++ = 0;
91 *p++ = 1;
92 *p++ = (ap_rep_len >> 8) & 0xFF;
93 *p++ = (ap_rep_len >> 0) & 0xFF;
94
95 memset (&msghdr, 0, sizeof(msghdr));
96 msghdr.msg_name = (void *)sa;
97 msghdr.msg_namelen = sa_size;
98 msghdr.msg_iov = iov;
99 msghdr.msg_iovlen = sizeof(iov)/sizeof(*iov);
100 #if 0
101 msghdr.msg_control = NULL;
102 msghdr.msg_controllen = 0;
103 #endif
104
105 iov[0].iov_base = (char *)header;
106 iov[0].iov_len = 6;
107 if (ap_rep_len) {
108 iov[1].iov_base = ap_rep->data;
109 iov[1].iov_len = ap_rep->length;
110 } else {
111 iov[1].iov_base = NULL;
112 iov[1].iov_len = 0;
113 }
114 iov[2].iov_base = rest->data;
115 iov[2].iov_len = rest->length;
116
117 if (sendmsg (s, &msghdr, 0) < 0)
118 krb5_warn (context, errno, "sendmsg");
119 }
120
121 static int
122 make_result (krb5_data *data,
123 u_int16_t result_code,
124 const char *expl)
125 {
126 krb5_data_zero (data);
127
128 data->length = asprintf ((char **)&data->data,
129 "%c%c%s",
130 (result_code >> 8) & 0xFF,
131 result_code & 0xFF,
132 expl);
133
134 if (data->data == NULL) {
135 krb5_warnx (context, "Out of memory generating error reply");
136 return 1;
137 }
138 return 0;
139 }
140
141 static void
142 reply_error (krb5_principal server,
143 int s,
144 struct sockaddr *sa,
145 int sa_size,
146 krb5_error_code error_code,
147 u_int16_t result_code,
148 const char *expl)
149 {
150 krb5_error_code ret;
151 krb5_data error_data;
152 krb5_data e_data;
153
154 if (make_result(&e_data, result_code, expl))
155 return;
156
157 ret = krb5_mk_error (context,
158 error_code,
159 NULL,
160 &e_data,
161 NULL,
162 server,
163 NULL,
164 NULL,
165 &error_data);
166 krb5_data_free (&e_data);
167 if (ret) {
168 krb5_warn (context, ret, "Could not even generate error reply");
169 return;
170 }
171 send_reply (s, sa, sa_size, NULL, &error_data);
172 krb5_data_free (&error_data);
173 }
174
175 static void
176 reply_priv (krb5_auth_context auth_context,
177 int s,
178 struct sockaddr *sa,
179 int sa_size,
180 u_int16_t result_code,
181 const char *expl)
182 {
183 krb5_error_code ret;
184 krb5_data krb_priv_data;
185 krb5_data ap_rep_data;
186 krb5_data e_data;
187
188 ret = krb5_mk_rep (context,
189 auth_context,
190 &ap_rep_data);
191 if (ret) {
192 krb5_warn (context, ret, "Could not even generate error reply");
193 return;
194 }
195
196 if (make_result(&e_data, result_code, expl))
197 return;
198
199 ret = krb5_mk_priv (context,
200 auth_context,
201 &e_data,
202 &krb_priv_data,
203 NULL);
204 krb5_data_free (&e_data);
205 if (ret) {
206 krb5_warn (context, ret, "Could not even generate error reply");
207 return;
208 }
209 send_reply (s, sa, sa_size, &ap_rep_data, &krb_priv_data);
210 krb5_data_free (&ap_rep_data);
211 krb5_data_free (&krb_priv_data);
212 }
213
214 /*
215 * Change the password for `principal', sending the reply back on `s'
216 * (`sa', `sa_size') to `pwd_data'.
217 */
218
219 static void
220 change (krb5_auth_context auth_context,
221 krb5_principal admin_principal,
222 u_int16_t version,
223 int s,
224 struct sockaddr *sa,
225 int sa_size,
226 krb5_data *in_data)
227 {
228 krb5_error_code ret;
229 char *client = NULL, *admin = NULL;
230 const char *pwd_reason;
231 kadm5_config_params conf;
232 void *kadm5_handle = NULL;
233 krb5_principal principal;
234 krb5_data *pwd_data = NULL;
235 char *tmp;
236 ChangePasswdDataMS chpw;
237
238 memset (&conf, 0, sizeof(conf));
239 memset(&chpw, 0, sizeof(chpw));
240
241 if (version == KRB5_KPASSWD_VERS_CHANGEPW) {
242 ret = krb5_copy_data(context, in_data, &pwd_data);
243 if (ret) {
244 krb5_warn (context, ret, "krb5_copy_data");
245 reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_MALFORMED,
246 "out out memory copying password");
247 return;
248 }
249 principal = admin_principal;
250 } else if (version == KRB5_KPASSWD_VERS_SETPW) {
251 size_t len;
252
253 ret = decode_ChangePasswdDataMS(in_data->data, in_data->length,
254 &chpw, &len);
255 if (ret) {
256 krb5_warn (context, ret, "decode_ChangePasswdDataMS");
257 reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_MALFORMED,
258 "malformed ChangePasswdData");
259 return;
260 }
261
262
263 ret = krb5_copy_data(context, &chpw.newpasswd, &pwd_data);
264 if (ret) {
265 krb5_warn (context, ret, "krb5_copy_data");
266 reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_MALFORMED,
267 "out out memory copying password");
268 goto out;
269 }
270
271 if (chpw.targname == NULL && chpw.targrealm != NULL) {
272 krb5_warn (context, ret, "kadm5_init_with_password_ctx");
273 reply_priv (auth_context, s, sa, sa_size,
274 KRB5_KPASSWD_MALFORMED,
275 "targrealm but not targname");
276 goto out;
277 }
278
279 if (chpw.targname) {
280 krb5_principal_data princ;
281
282 princ.name = *chpw.targname;
283 princ.realm = *chpw.targrealm;
284 if (princ.realm == NULL) {
285 ret = krb5_get_default_realm(context, &princ.realm);
286
287 if (ret) {
288 krb5_warnx (context,
289 "kadm5_init_with_password_ctx: "
290 "failed to allocate realm");
291 reply_priv (auth_context, s, sa, sa_size,
292 KRB5_KPASSWD_SOFTERROR,
293 "failed to allocate realm");
294 goto out;
295 }
296 }
297 ret = krb5_copy_principal(context, &princ, &principal);
298 if (*chpw.targrealm == NULL)
299 free(princ.realm);
300 if (ret) {
301 krb5_warn(context, ret, "krb5_copy_principal");
302 reply_priv(auth_context, s, sa, sa_size,
303 KRB5_KPASSWD_HARDERROR,
304 "failed to allocate principal");
305 goto out;
306 }
307 } else
308 principal = admin_principal;
309 } else {
310 krb5_warnx (context, "kadm5_init_with_password_ctx: unknown proto");
311 reply_priv (auth_context, s, sa, sa_size,
312 KRB5_KPASSWD_HARDERROR,
313 "Unknown protocol used");
314 return;
315 }
316
317 ret = krb5_unparse_name (context, admin_principal, &admin);
318 if (ret) {
319 krb5_warn (context, ret, "unparse_name failed");
320 reply_priv (auth_context, s, sa, sa_size,
321 KRB5_KPASSWD_HARDERROR, "out of memory error");
322 goto out;
323 }
324
325 ret = kadm5_init_with_password_ctx(context,
326 admin,
327 NULL,
328 KADM5_ADMIN_SERVICE,
329 &conf, 0, 0,
330 &kadm5_handle);
331 if (ret) {
332 krb5_warn (context, ret, "kadm5_init_with_password_ctx");
333 reply_priv (auth_context, s, sa, sa_size, 2,
334 "Internal error");
335 goto out;
336 }
337
338 ret = krb5_unparse_name(context, principal, &client);
339 if (ret) {
340 krb5_warn (context, ret, "unparse_name failed");
341 reply_priv (auth_context, s, sa, sa_size,
342 KRB5_KPASSWD_HARDERROR, "out of memory error");
343 goto out;
344 }
345
346 /*
347 * Check password quality if not changing as administrator
348 */
349
350 if (krb5_principal_compare(context, admin_principal, principal) == TRUE) {
351
352 pwd_reason = kadm5_check_password_quality (context, principal,
353 pwd_data);
354 if (pwd_reason != NULL ) {
355 krb5_warnx (context,
356 "%s didn't pass password quality check with error: %s",
357 client, pwd_reason);
358 reply_priv (auth_context, s, sa, sa_size,
359 KRB5_KPASSWD_SOFTERROR, pwd_reason);
360 goto out;
361 }
362 krb5_warnx (context, "Changing password for %s", client);
363 } else {
364 ret = _kadm5_acl_check_permission(kadm5_handle, KADM5_PRIV_CPW,
365 principal);
366 if (ret) {
367 krb5_warn (context, ret,
368 "Check ACL failed for %s for changing %s password",
369 admin, client);
370 reply_priv (auth_context, s, sa, sa_size,
371 KRB5_KPASSWD_HARDERROR, "permission denied");
372 goto out;
373 }
374 krb5_warnx (context, "%s is changing password for %s", admin, client);
375 }
376
377 ret = krb5_data_realloc(pwd_data, pwd_data->length + 1);
378 if (ret) {
379 krb5_warn (context, ret, "malloc: out of memory");
380 reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_HARDERROR,
381 "Internal error");
382 goto out;
383 }
384 tmp = pwd_data->data;
385 tmp[pwd_data->length - 1] = '\0';
386
387 ret = kadm5_s_chpass_principal_cond (kadm5_handle, principal, tmp);
388 krb5_free_data (context, pwd_data);
389 pwd_data = NULL;
390 if (ret) {
391 krb5_warn (context, ret, "kadm5_s_chpass_principal_cond");
392 reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_HARDERROR,
393 "Internal error");
394 goto out;
395 }
396 reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_SUCCESS,
397 "Password changed");
398 out:
399 free_ChangePasswdDataMS(&chpw);
400 if (admin)
401 free(admin);
402 if (client)
403 free(client);
404 if (pwd_data)
405 krb5_free_data(context, pwd_data);
406 if (kadm5_handle)
407 kadm5_destroy (kadm5_handle);
408 }
409
410 static int
411 verify (krb5_auth_context *auth_context,
412 krb5_principal server,
413 krb5_keytab keytab,
414 krb5_ticket **ticket,
415 krb5_data *out_data,
416 u_int16_t *version,
417 int s,
418 struct sockaddr *sa,
419 int sa_size,
420 u_char *msg,
421 size_t len)
422 {
423 krb5_error_code ret;
424 u_int16_t pkt_len, pkt_ver, ap_req_len;
425 krb5_data ap_req_data;
426 krb5_data krb_priv_data;
427
428 pkt_len = (msg[0] << 8) | (msg[1]);
429 pkt_ver = (msg[2] << 8) | (msg[3]);
430 ap_req_len = (msg[4] << 8) | (msg[5]);
431 if (pkt_len != len) {
432 krb5_warnx (context, "Strange len: %ld != %ld",
433 (long)pkt_len, (long)len);
434 reply_error (server, s, sa, sa_size, 0, 1, "Bad request");
435 return 1;
436 }
437 if (pkt_ver != KRB5_KPASSWD_VERS_CHANGEPW &&
438 pkt_ver != KRB5_KPASSWD_VERS_SETPW) {
439 krb5_warnx (context, "Bad version (%d)", pkt_ver);
440 reply_error (server, s, sa, sa_size, 0, 1, "Wrong program version");
441 return 1;
442 }
443 *version = pkt_ver;
444
445 ap_req_data.data = msg + 6;
446 ap_req_data.length = ap_req_len;
447
448 ret = krb5_rd_req (context,
449 auth_context,
450 &ap_req_data,
451 server,
452 keytab,
453 NULL,
454 ticket);
455 if (ret) {
456 if(ret == KRB5_KT_NOTFOUND) {
457 char *name;
458 krb5_unparse_name(context, server, &name);
459 krb5_warnx (context, "krb5_rd_req: %s (%s)",
460 krb5_get_err_text(context, ret), name);
461 free(name);
462 } else
463 krb5_warn (context, ret, "krb5_rd_req");
464 reply_error (server, s, sa, sa_size, ret, 3, "Authentication failed");
465 return 1;
466 }
467
468 if (!(*ticket)->ticket.flags.initial) {
469 krb5_warnx (context, "initial flag not set");
470 reply_error (server, s, sa, sa_size, ret, 1,
471 "Bad request");
472 goto out;
473 }
474 krb_priv_data.data = msg + 6 + ap_req_len;
475 krb_priv_data.length = len - 6 - ap_req_len;
476
477 ret = krb5_rd_priv (context,
478 *auth_context,
479 &krb_priv_data,
480 out_data,
481 NULL);
482
483 if (ret) {
484 krb5_warn (context, ret, "krb5_rd_priv");
485 reply_error (server, s, sa, sa_size, ret, 3, "Bad request");
486 goto out;
487 }
488 return 0;
489 out:
490 krb5_free_ticket (context, *ticket);
491 ticket = NULL;
492 return 1;
493 }
494
495 static void
496 process (krb5_principal server,
497 krb5_keytab keytab,
498 int s,
499 krb5_address *this_addr,
500 struct sockaddr *sa,
501 int sa_size,
502 u_char *msg,
503 int len)
504 {
505 krb5_error_code ret;
506 krb5_auth_context auth_context = NULL;
507 krb5_data out_data;
508 krb5_ticket *ticket;
509 krb5_address other_addr;
510 u_int16_t version;
511
512
513 krb5_data_zero (&out_data);
514
515 ret = krb5_auth_con_init (context, &auth_context);
516 if (ret) {
517 krb5_warn (context, ret, "krb5_auth_con_init");
518 return;
519 }
520
521 krb5_auth_con_setflags (context, auth_context,
522 KRB5_AUTH_CONTEXT_DO_SEQUENCE);
523
524 ret = krb5_sockaddr2address (context, sa, &other_addr);
525 if (ret) {
526 krb5_warn (context, ret, "krb5_sockaddr2address");
527 goto out;
528 }
529
530 ret = krb5_auth_con_setaddrs (context,
531 auth_context,
532 this_addr,
533 &other_addr);
534 krb5_free_address (context, &other_addr);
535 if (ret) {
536 krb5_warn (context, ret, "krb5_auth_con_setaddr");
537 goto out;
538 }
539
540 if (verify (&auth_context, server, keytab, &ticket, &out_data,
541 &version, s, sa, sa_size, msg, len) == 0) {
542 change (auth_context,
543 ticket->client,
544 version,
545 s,
546 sa, sa_size,
547 &out_data);
548 memset (out_data.data, 0, out_data.length);
549 krb5_free_ticket (context, ticket);
550 }
551
552 out:
553 krb5_data_free (&out_data);
554 krb5_auth_con_free (context, auth_context);
555 }
556
557 static int
558 doit (krb5_keytab keytab, int port)
559 {
560 krb5_error_code ret;
561 krb5_principal server;
562 int *sockets;
563 int maxfd;
564 char *realm;
565 krb5_addresses addrs;
566 unsigned n, i;
567 fd_set real_fdset;
568 struct sockaddr_storage __ss;
569 struct sockaddr *sa = (struct sockaddr *)&__ss;
570
571 ret = krb5_get_default_realm (context, &realm);
572 if (ret)
573 krb5_err (context, 1, ret, "krb5_get_default_realm");
574
575 ret = krb5_build_principal (context,
576 &server,
577 strlen(realm),
578 realm,
579 "kadmin",
580 "changepw",
581 NULL);
582 if (ret)
583 krb5_err (context, 1, ret, "krb5_build_principal");
584
585 free (realm);
586
587 if (explicit_addresses.len) {
588 addrs = explicit_addresses;
589 } else {
590 ret = krb5_get_all_server_addrs (context, &addrs);
591 if (ret)
592 krb5_err (context, 1, ret, "krb5_get_all_server_addrs");
593 }
594 n = addrs.len;
595
596 sockets = malloc (n * sizeof(*sockets));
597 if (sockets == NULL)
598 krb5_errx (context, 1, "out of memory");
599 maxfd = -1;
600 FD_ZERO(&real_fdset);
601 for (i = 0; i < n; ++i) {
602 int sa_size = sizeof(__ss);
603
604 krb5_addr2sockaddr (context, &addrs.val[i], sa, &sa_size, port);
605
606 sockets[i] = socket (sa->sa_family, SOCK_DGRAM, 0);
607 if (sockets[i] < 0)
608 krb5_err (context, 1, errno, "socket");
609 if (bind (sockets[i], sa, sa_size) < 0) {
610 char str[128];
611 size_t len;
612 int save_errno = errno;
613
614 ret = krb5_print_address (&addrs.val[i], str, sizeof(str), &len);
615 if (ret)
616 strlcpy(str, "unknown address", sizeof(str));
617 krb5_warn (context, save_errno, "bind(%s)", str);
618 continue;
619 }
620 maxfd = max (maxfd, sockets[i]);
621 if (maxfd >= FD_SETSIZE)
622 krb5_errx (context, 1, "fd too large");
623 FD_SET(sockets[i], &real_fdset);
624 }
625 if (maxfd == -1)
626 krb5_errx (context, 1, "No sockets!");
627
628 while(exit_flag == 0) {
629 int ret;
630 fd_set fdset = real_fdset;
631
632 ret = select (maxfd + 1, &fdset, NULL, NULL, NULL);
633 if (ret < 0) {
634 if (errno == EINTR)
635 continue;
636 else
637 krb5_err (context, 1, errno, "select");
638 }
639 for (i = 0; i < n; ++i)
640 if (FD_ISSET(sockets[i], &fdset)) {
641 u_char buf[BUFSIZ];
642 socklen_t addrlen = sizeof(__ss);
643
644 ret = recvfrom (sockets[i], buf, sizeof(buf), 0,
645 sa, &addrlen);
646 if (ret < 0) {
647 if(errno == EINTR)
648 break;
649 else
650 krb5_err (context, 1, errno, "recvfrom");
651 }
652
653 process (server, keytab, sockets[i],
654 &addrs.val[i],
655 sa, addrlen,
656 buf, ret);
657 }
658 }
659 krb5_free_addresses (context, &addrs);
660 krb5_free_principal (context, server);
661 krb5_free_context (context);
662 return 0;
663 }
664
665 static RETSIGTYPE
666 sigterm(int sig)
667 {
668 exit_flag = 1;
669 }
670
671 const char *check_library = NULL;
672 const char *check_function = NULL;
673 char *keytab_str = "HDB:";
674 char *realm_str;
675 int version_flag;
676 int help_flag;
677 char *port_str;
678 char *config_file;
679
680 struct getargs args[] = {
681 #ifdef HAVE_DLOPEN
682 { "check-library", 0, arg_string, &check_library,
683 "library to load password check function from", "library" },
684 { "check-function", 0, arg_string, &check_function,
685 "password check function to load", "function" },
686 #endif
687 { "addresses", 0, arg_strings, &addresses_str,
688 "addresses to listen on", "list of addresses" },
689 { "keytab", 'k', arg_string, &keytab_str,
690 "keytab to get authentication key from", "kspec" },
691 { "config-file", 'c', arg_string, &config_file },
692 { "realm", 'r', arg_string, &realm_str, "default realm", "realm" },
693 { "port", 'p', arg_string, &port_str, "port" },
694 { "version", 0, arg_flag, &version_flag },
695 { "help", 0, arg_flag, &help_flag }
696 };
697 int num_args = sizeof(args) / sizeof(args[0]);
698
699 int
700 main (int argc, char **argv)
701 {
702 int optind;
703 krb5_keytab keytab;
704 krb5_error_code ret;
705 char **files;
706 int port;
707
708 optind = krb5_program_setup(&context, argc, argv, args, num_args, NULL);
709
710 if(help_flag)
711 krb5_std_usage(0, args, num_args);
712 if(version_flag) {
713 print_version(NULL);
714 exit(0);
715 }
716
717 if (config_file == NULL)
718 config_file = HDB_DB_DIR "/kdc.conf";
719
720 ret = krb5_prepend_config_files_default(config_file, &files);
721 if (ret)
722 krb5_err(context, 1, ret, "getting configuration files");
723
724 ret = krb5_set_config_files(context, files);
725 krb5_free_config_files(files);
726 if (ret)
727 krb5_err(context, 1, ret, "reading configuration files");
728
729 if(realm_str)
730 krb5_set_default_realm(context, realm_str);
731
732 krb5_openlog (context, "kpasswdd", &log_facility);
733 krb5_set_warn_dest(context, log_facility);
734
735 if (port_str != NULL) {
736 struct servent *s = roken_getservbyname (port_str, "udp");
737
738 if (s != NULL)
739 port = s->s_port;
740 else {
741 char *ptr;
742
743 port = strtol (port_str, &ptr, 10);
744 if (port == 0 && ptr == port_str)
745 krb5_errx (context, 1, "bad port `%s'", port_str);
746 port = htons(port);
747 }
748 } else
749 port = krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT);
750
751 ret = krb5_kt_register(context, &hdb_kt_ops);
752 if(ret)
753 krb5_err(context, 1, ret, "krb5_kt_register");
754
755 ret = krb5_kt_resolve(context, keytab_str, &keytab);
756 if(ret)
757 krb5_err(context, 1, ret, "%s", keytab_str);
758
759 kadm5_setup_passwd_quality_check (context, check_library, check_function);
760
761 explicit_addresses.len = 0;
762
763 if (addresses_str.num_strings) {
764 int i;
765
766 for (i = 0; i < addresses_str.num_strings; ++i)
767 add_one_address (addresses_str.strings[i], i == 0);
768 free_getarg_strings (&addresses_str);
769 } else {
770 char **foo = krb5_config_get_strings (context, NULL,
771 "kdc", "addresses", NULL);
772
773 if (foo != NULL) {
774 add_one_address (*foo++, TRUE);
775 while (*foo)
776 add_one_address (*foo++, FALSE);
777 }
778 }
779
780 #ifdef HAVE_SIGACTION
781 {
782 struct sigaction sa;
783
784 sa.sa_flags = 0;
785 sa.sa_handler = sigterm;
786 sigemptyset(&sa.sa_mask);
787
788 sigaction(SIGINT, &sa, NULL);
789 sigaction(SIGTERM, &sa, NULL);
790 }
791 #else
792 signal(SIGINT, sigterm);
793 signal(SIGTERM, sigterm);
794 #endif
795
796 pidfile(NULL);
797
798 return doit (keytab, port);
799 }
Heimdal