kadmin/kadmind.c

   1 /*
   2  * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #include "kadmin_locl.h"
  35
  36 static char *check_library  = NULL;
  37 static char *check_function = NULL;
  38 static getarg_strings policy_libraries = { 0, NULL };
  39 static char *config_file;
  40 static char *keytab_str = "HDB:";
  41 static int help_flag;
  42 static int version_flag;
  43 static int debug_flag;
  44 static char *port_str;
  45 char *realm;
  46
  47 static struct getargs args[] = {
  48     {
  49         "config-file",  'c',    arg_string,     &config_file,
  50         "location of config file",      "file"
  51     },
  52     {
  53         "keytab",       0,      arg_string, &keytab_str,
  54         "what keytab to use", "keytab"
  55     },
  56     {   "realm",        'r',    arg_string,   &realm,
  57         "realm to use", "realm"
  58     },
  59 #ifdef HAVE_DLOPEN
  60     { "check-library", 0, arg_string, &check_library,
  61       "library to load password check function from", "library" },
  62     { "check-function", 0, arg_string, &check_function,
  63       "password check function to load", "function" },
  64     { "policy-libraries", 0, arg_strings, &policy_libraries,
  65       "password check function to load", "function" },
  66 #endif
  67     {   "debug",        'd',    arg_flag,   &debug_flag,
  68         "enable debugging"
  69     },
  70     {   "ports",        'p',    arg_string, &port_str,
  71         "ports to listen to", "port" },
  72     {   "help",         'h',    arg_flag,   &help_flag },
  73     {   "version",      'v',    arg_flag,   &version_flag }
  74 };
  75
  76 static int num_args = sizeof(args) / sizeof(args[0]);
  77
  78 krb5_context context;
  79
  80 static void
  81 usage(int ret)
  82 {
  83     arg_printusage (args, num_args, NULL, "");
  84     exit (ret);
  85 }
  86
  87 int
  88 main(int argc, char **argv)
  89 {
  90     krb5_error_code ret;
  91     char **files;
  92     int optidx = 0;
  93     int i;
  94     krb5_log_facility *logfacility;
  95     krb5_keytab keytab;
  96     krb5_socket_t sfd = rk_INVALID_SOCKET;
  97
  98     setprogname(argv[0]);
  99
 100     ret = krb5_init_context(&context);
 101     if (ret)
 102         errx (1, "krb5_init_context failed: %d", ret);
 103
 104     if (getarg(args, num_args, argc, argv, &optidx)) {
 105         warnx("error at argument `%s'", argv[optidx]);
 106         usage(1);
 107     }
 108
 109     if (help_flag)
 110         usage (0);
 111
 112     if (version_flag) {
 113         print_version(NULL);
 114         exit(0);
 115     }
 116
 117     argc -= optidx;
 118     argv += optidx;
 119
 120     if (config_file == NULL) {
 121         asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
 122         if (config_file == NULL)
 123             errx(1, "out of memory");
 124     }
 125
 126     ret = krb5_prepend_config_files_default(config_file, &files);
 127     if (ret)
 128         krb5_err(context, 1, ret, "getting configuration files");
 129
 130     ret = krb5_set_config_files(context, files);
 131     krb5_free_config_files(files);
 132     if(ret)
 133         krb5_err(context, 1, ret, "reading configuration files");
 134
 135     ret = krb5_openlog(context, "kadmind", &logfacility);
 136     if (ret)
 137         krb5_err(context, 1, ret, "krb5_openlog");
 138     ret = krb5_set_warn_dest(context, logfacility);
 139     if (ret)
 140         krb5_err(context, 1, ret, "krb5_set_warn_dest");
 141
 142     ret = krb5_kt_register(context, &hdb_kt_ops);
 143     if(ret)
 144         krb5_err(context, 1, ret, "krb5_kt_register");
 145
 146     ret = krb5_kt_resolve(context, keytab_str, &keytab);
 147     if(ret)
 148         krb5_err(context, 1, ret, "krb5_kt_resolve");
 149
 150     kadm5_setup_passwd_quality_check (context, check_library, check_function);
 151
 152     for (i = 0; i < policy_libraries.num_strings; i++) {
 153         ret = kadm5_add_passwd_quality_verifier(context,
 154                                                 policy_libraries.strings[i]);
 155         if (ret)
 156             krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
 157     }
 158     ret = kadm5_add_passwd_quality_verifier(context, NULL);
 159     if (ret)
 160         krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
 161
 162     if(debug_flag) {
 163         int debug_port;
 164
 165         if(port_str == NULL)
 166             debug_port = krb5_getportbyname (context, "kerberos-adm",
 167                                              "tcp", 749);
 168         else
 169             debug_port = htons(atoi(port_str));
 170         mini_inetd(debug_port, &sfd);
 171     } else {
 172 #ifdef _WIN32
 173         pidfile(NULL);
 174         start_server(context, port_str);
 175 #else
 176         struct sockaddr_storage __ss;
 177         struct sockaddr *sa = (struct sockaddr *)&__ss;
 178         socklen_t sa_size = sizeof(__ss);
 179
 180         /*
 181          * Check if we are running inside inetd or not, if not, start
 182          * our own server.
 183          */
 184
 185         if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 &&
 186            rk_SOCK_ERRNO == ENOTSOCK) {
 187             pidfile(NULL);
 188             start_server(context, port_str);
 189         }
 190 #endif /* _WIN32 */
 191         sfd = STDIN_FILENO;
 192     }
 193
 194     if(realm)
 195         krb5_set_default_realm(context, realm); /* XXX */
 196
 197     kadmind_loop(context, keytab, sfd);
 198
 199     return 0;
 200 }