search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fixes for build headers
[heimdal.git] / kdc / hprop.c
blobde0ac6e2b92ce77ecdab913b608f1aab2749d0e1
1 /*
2 * Copyright (c) 1997 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed by Kungliga Tekniska
20 * Högskolan and its contributors.
21 *
22 * 4. Neither the name of the Institute nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
25 *
26 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * SUCH DAMAGE.
37 */
38
39 #include "hprop.h"
40 #ifdef KRB4
41 #define Principal Principal4
42 #include <krb.h>
43 #include <krb_db.h>
44 #endif
45
46 RCSID("$Id$");
47
48 int open_socket(const char *hostname)
49 {
50 int s;
51 struct hostent *hp;
52 struct sockaddr_in sin;
53 s = socket(AF_INET, SOCK_STREAM, 0);
54 if(s < 0){
55 warn("socket");
56 return -1;
57 }
58 hp = gethostbyname(hostname);
59 if(hp == NULL){
60 warnx("%s: %s", hostname, hstrerror(h_errno));
61 close(s);
62 return -1;
63 }
64 memset(&sin, 0, sizeof(sin));
65 sin.sin_family = AF_INET;
66 sin.sin_port = krb5_getportbyname ("hprop", "tcp", htons(HPROP_PORT));
67 memcpy(&sin.sin_addr, hp->h_addr, hp->h_length);
68 if(connect(s, (struct sockaddr*)&sin, sizeof(sin)) < 0){
69 warn("connect");
70 close(s);
71 return -1;
72 }
73 return s;
74 }
75
76 struct prop_data{
77 krb5_context context;
78 krb5_auth_context auth_context;
79 int sock;
80 };
81
82 int hdb_entry2value(krb5_context, hdb_entry*, krb5_data*);
83
84 krb5_error_code
85 func(krb5_context context, HDB *db, hdb_entry *entry, void *appdata)
86 {
87 krb5_error_code ret;
88 struct prop_data *pd = appdata;
89 krb5_data data;
90
91 ret = hdb_entry2value(context, entry, &data);
92 if(ret) return ret;
93
94 ret = send_priv(context, pd->auth_context, &data, pd->sock);
95 krb5_data_free(&data);
96 return ret;
97 }
98
99 #ifdef KRB4
100 static des_cblock mkey;
101 static des_key_schedule msched;
102 static char realm[REALM_SZ];
103
104 static int
105 conv_db(void *arg, Principal *p)
106 {
107 struct prop_data *pd = arg;
108 hdb_entry ent;
109 krb5_error_code ret;
110
111 memset(&ent, 0, sizeof(ent));
112
113 ret = krb5_425_conv_principal(pd->context, p->name, p->instance, realm,
114 &ent.principal);
115 if(ret){
116 krb5_warn(pd->context, ret, "%s.%s@%s", p->name, p->instance, realm);
117 return 0;
118 }
119
120 ent.keys.len = 1;
121 ALLOC(ent.keys.val);
122 ent.keys.val[0].mkvno = p->kdc_key_ver;
123 ent.keys.val[0].salt = calloc(1, sizeof(*ent.keys.val[0].salt));
124 ent.kvno = p->key_version;
125 ent.keys.val[0].key.keytype = KEYTYPE_DES;
126 krb5_data_alloc(&ent.keys.val[0].key.keyvalue, sizeof(des_cblock));
127
128 {
129 unsigned char *key = ent.keys.val[0].key.keyvalue.data;
130 memcpy(key, &p->key_low, 4);
131 memcpy(key + 4, &p->key_high, 4);
132 kdb_encrypt_key(key, key, &mkey, msched, 0);
133 }
134 hdb_seal_key(&ent.keys.val[0], msched);
135
136 ALLOC(ent.max_life);
137 *ent.max_life = krb_life_to_time(0, p->max_life);
138 if(*ent.max_life == (1U << 31) - 1){
139 free(ent.max_life);
140 ent.max_life = NULL;
141 }
142
143 ALLOC(ent.pw_end);
144 *ent.pw_end = p->exp_date;
145 ret = krb5_make_principal(pd->context, &ent.created_by.principal,
146 realm,
147 "kadmin",
148 "hprop",
149 NULL);
150 ent.created_by.time = time(NULL);
151 ALLOC(ent.modified_by);
152 krb5_425_conv_principal(pd->context, p->mod_name, p->mod_instance, realm,
153 &ent.modified_by->principal);
154 ent.modified_by->time = p->mod_date;
155
156 ent.flags.forwardable = 1;
157 ent.flags.renewable = 1;
158 ent.flags.proxiable = 1;
159 ent.flags.postdate = 1;
160 ent.flags.client = 1;
161 ent.flags.server = 1;
162
163 {
164 krb5_data data;
165 ret = hdb_entry2value(pd->context, &ent, &data);
166 if(ret) return ret;
167
168 ret = send_priv(pd->context, pd->auth_context, &data, pd->sock);
169 krb5_data_free(&data);
170 return ret;
171 }
172 }
173
174 #endif
175
176 static getarg_strings slaves;
177 static int version_flag;
178 static int help_flag;
179 static char *ktname = HPROP_KEYTAB;
180 static char *database;
181 #ifdef KRB4
182 static int v4_db;
183 #endif
184
185 struct getargs args[] = {
186 #if 0
187 { "slave", 's', arg_strings, &slaves, "slave server", "host" },
188 #endif
189 { "database", 'd', arg_string, &database, "database", "file" },
190 #ifdef KRB4
191 { "v4-db", '4', arg_flag, &v4_db, "use version 4 database" },
192 #endif
193 { "keytab", 'k', arg_string, &ktname, "keytab to use for authentication", "keytab" },
194 { "version", 0, arg_flag, &version_flag, NULL, NULL },
195 { "help", 'h', arg_flag, &help_flag, NULL, NULL}
196 };
197
198 static int num_args = sizeof(args) / sizeof(args[0]);
199
200 void usage(int ret)
201 {
202 arg_printusage (args, num_args, "host ...");
203 exit (ret);
204 }
205
206 int main(int argc, char **argv)
207 {
208 krb5_error_code ret;
209 int e;
210 krb5_context context;
211 krb5_auth_context ac;
212 krb5_principal client;
213 krb5_principal server;
214 krb5_creds creds;
215 krb5_ccache ccache;
216 krb5_keytab keytab;
217 int fd;
218 HDB *db;
219 krb5_get_init_creds_opt init_opts;
220 krb5_preauthtype preauth = KRB5_PADATA_ENC_TIMESTAMP;
221 int optind = 0;
222 int i;
223
224 set_progname(argv[0]);
225
226 if(getarg(args, num_args, argc, argv, &optind))
227 usage(1);
228
229 if(help_flag)
230 usage(0);
231
232 if(version_flag){
233 fprintf(stderr, "%s (%s)\n", __progname, heimdal_version);
234 exit(0);
235 }
236
237 ret = krb5_init_context(&context);
238 if(ret)
239 exit(1);
240
241 ret = krb5_kt_resolve(context, ktname, &keytab);
242 if(ret) krb5_err(context, 1, ret, "krb5_kt_resolve");
243
244 ret = krb5_make_principal(context, &client, NULL, "kadmin", HPROP_NAME, NULL);
245 if(ret) krb5_err(context, 1, ret, "krb5_make_principal");
246
247 krb5_get_init_creds_opt_init(&init_opts);
248 krb5_get_init_creds_opt_set_preauth_list(&init_opts, &preauth, 1);
249
250 ret = krb5_get_init_creds_keytab(context, &creds, client, keytab, 0, NULL, &init_opts);
251 if(ret) krb5_err(context, 1, ret, "krb5_get_init_creds");
252
253 ret = krb5_kt_close(context, keytab);
254 if(ret) krb5_err(context, 1, ret, "krb5_kt_close");
255
256 ret = krb5_cc_gen_new(context, &mcc_ops, &ccache);
257 if(ret) krb5_err(context, 1, ret, "krb5_cc_gen_new");
258
259 ret = krb5_cc_initialize(context, ccache, client);
260 if(ret) krb5_err(context, 1, ret, "krb5_cc_initialize");
261
262 ret = krb5_cc_store_cred(context, ccache, &creds);
263 if(ret) krb5_err(context, 1, ret, "krb5_cc_store_cred");
264
265 #ifdef KRB4
266 if(v4_db){
267 e = kerb_db_set_name (database);
268 if(e) krb5_errx(context, 1, "kerb_db_set_name: %s", krb_get_err_text(e));
269 e = kdb_get_master_key(0, &mkey, msched);
270 if(e) krb5_errx(context, 1, "kdb_get_master_key: %s", krb_get_err_text(e));
271 e = krb_get_lrealm(realm, 1);
272 if(e) krb5_errx(context, 1, "krb_get_lrealm: %s", krb_get_err_text(e));
273 }else
274 #endif
275 {
276 ret = hdb_open(context, &db, database, O_RDONLY, 0);
277 if(ret) krb5_err(context, 1, ret, "hdb_open");
278 }
279
280
281
282 for(i = optind; i < argc; i++){
283 fd = open_socket(argv[i]);
284 if(fd < 0)
285 continue;
286
287 ret = krb5_sname_to_principal(context, argv[i], HPROP_NAME, KRB5_NT_SRV_HST, &server);
288 if(ret) {
289 krb5_warn(context, ret, "krb5_sname_to_principal(%s)", argv[i]);
290 close(fd);
291 continue;
292 }
293
294 ac = NULL;
295 ret = krb5_sendauth(context,
296 &ac,
297 &fd,
298 HPROP_VERSION,
299 NULL,
300 server,
301 AP_OPTS_MUTUAL_REQUIRED,
302 NULL, /* in_data */
303 NULL, /* in_creds */
304 ccache,
305 NULL,
306 NULL,
307 NULL);
308
309 if(ret){
310 krb5_warn(context, ret, "krb5_sendauth");
311 close(fd);
312 continue;
313 }
314
315 {
316 struct prop_data pd;
317 pd.context = context;
318 pd.auth_context = ac;
319 pd.sock = fd;
320
321 #ifdef KRB4
322 if(v4_db)
323 e = kerb_db_iterate ((k_iter_proc_t)conv_db, &pd);
324 else
325 #endif
326 ret = hdb_foreach(context, db, func, &pd);
327 }
328 if(ret)
329 krb5_warn(context, ret, "krb5_sendauth");
330 else {
331 krb5_data data;
332 data.data = NULL;
333 data.length = 0;
334 ret = send_priv(context, ac, &data, fd);
335 }
336
337 {
338 krb5_data data;
339 ret = recv_priv(context, ac, fd, &data);
340 if(ret) krb5_warn(context, ret, "recv_priv");
341 if(data.length != 0)
342 krb5_data_free(&data); /* XXX */
343 }
344
345 if(ret) krb5_warn(context, ret, "send_priv");
346 krb5_auth_con_free(context, ac);
347 close(fd);
348 }
349 exit(0);
350 }
Heimdal