search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
*** empty log message ***
[heimdal.git] / kdc / hpropd.c
blob464eaeb197a93a57d9844cbb42d4a93fea20261e
1 /*
2 * Copyright (c) 1997 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed by Kungliga Tekniska
20 * Högskolan and its contributors.
21 *
22 * 4. Neither the name of the Institute nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
25 *
26 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * SUCH DAMAGE.
37 */
38
39 #include "hprop.h"
40
41 RCSID("$Id$");
42
43 static int
44 open_socket(krb5_context context)
45 {
46 int s, s2;
47 int sin_len;
48 struct sockaddr_in sin;
49 int one = 1;
50
51 sin_len = sizeof(sin);
52 if(getpeername(0, (struct sockaddr*)&sin, &sin_len)){
53
54 s = socket(AF_INET, SOCK_STREAM, 0);
55 if(s < 0){
56 krb5_warn(context, errno, "socket");
57 return -1;
58 }
59 setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
60 memset(&sin, 0, sizeof(sin));
61 sin.sin_family = AF_INET;
62 sin.sin_port = krb5_getportbyname (context, "hprop", "tcp", HPROP_PORT);
63 if(bind(s, (struct sockaddr*)&sin, sizeof(sin)) < 0){
64 krb5_warn(context, errno, "bind");
65 close(s);
66 return -1;
67 }
68 if(listen(s, 5) < 0){
69 krb5_warn(context, errno, "listen");
70 close(s);
71 return -1;
72 }
73
74 s2 = accept(s, NULL, 0);
75 if(s2 < 0)
76 krb5_warn(context, errno, "accept");
77 close(s);
78 return s2;
79 }
80 return 0;
81 }
82
83 static int help_flag;
84 static int version_flag;
85 static char *database = HDB_DEFAULT_DB;
86 static int from_stdin;
87
88 struct getargs args[] = {
89 #if 0
90 { "slave", 's', arg_strings, &slaves, "slave server", "host" },
91 #endif
92 { "database", 'd', arg_string, &database, "database", "file" },
93 { "stdin", 'n', arg_flag, &from_stdin , "read from stdin" },
94 { "version", 0, arg_flag, &version_flag, NULL, NULL },
95 { "help", 'h', arg_flag, &help_flag, NULL, NULL}
96 };
97
98 static int num_args = sizeof(args) / sizeof(args[0]);
99
100 static void
101 usage(int ret)
102 {
103 arg_printusage (args, num_args, "");
104 exit (ret);
105 }
106
107
108 int main(int argc, char **argv)
109 {
110 krb5_error_code ret;
111 krb5_context context;
112 krb5_auth_context ac = NULL;
113 krb5_principal server;
114 krb5_principal c1, c2;
115 krb5_authenticator authent;
116 krb5_keytab keytab;
117 int fd;
118 HDB *db;
119 char hostname[128];
120 int optind = 0;
121 char *tmp_db;
122 krb5_log_facility *fac;
123 int nprincs;
124
125 set_progname(argv[0]);
126
127 ret = krb5_init_context(&context);
128 if(ret) exit(1);
129
130 ret = krb5_openlog(context, "hpropd", &fac);
131 if(ret)
132 ;
133 krb5_set_warn_dest(context, fac);
134
135 if(getarg(args, num_args, argc, argv, &optind))
136 usage(1);
137 if(help_flag)
138 usage(0);
139 if(version_flag)
140 krb5_errx(context, 0, "%s (%s)\n", __progname, heimdal_version);
141
142 argc -= optind;
143 argv += optind;
144
145 if (argc != 0)
146 usage(1);
147
148 if(from_stdin)
149 fd = STDIN_FILENO;
150 else{
151 fd = open_socket(context);
152 if(fd < 0)
153 krb5_errx(context, 1, "Failed to obtain socket - exiting");
154
155 {
156 int sin_len;
157 struct sockaddr_in sin;
158 sin_len = sizeof(sin);
159 if(getpeername(fd, (struct sockaddr*)&sin, &sin_len))
160 krb5_err(context, 1, errno, "getpeername");
161 krb5_log(context, fac, 0, "Connection from %s", inet_ntoa(sin.sin_addr));
162 }
163
164 gethostname(hostname, sizeof(hostname));
165 ret = krb5_sname_to_principal(context, hostname, HPROP_NAME, KRB5_NT_SRV_HST, &server);
166 if(ret) krb5_err(context, 1, ret, "krb5_sname_to_principal");
167
168 ret = krb5_kt_default(context, &keytab);
169 if(ret) krb5_err(context, 1, ret, "krb5_kt_default");
170
171 ret = krb5_recvauth(context, &ac, &fd, HPROP_VERSION, server, 0, keytab, NULL);
172 if(ret) krb5_err(context, 1, ret, "krb5_recvauth");
173
174 ret = krb5_auth_getauthenticator(context, ac, &authent);
175 if(ret) krb5_err(context, 1, ret, "krb5_auth_getauthenticator");
176
177 ret = krb5_make_principal(context, &c1, NULL, "kadmin", "hprop", NULL);
178 if(ret) krb5_err(context, 1, ret, "krb5_make_principal");
179 principalname2krb5_principal(&c2, authent->cname, authent->crealm);
180 if(!krb5_principal_compare(context, c1, c2)){
181 char *s;
182 krb5_unparse_name(context, c2, &s);
183 krb5_errx(context, 1, "Unauthorized connection from %s", s);
184 }
185 krb5_free_principal(context, c1);
186 krb5_free_principal(context, c2);
187
188 ret = krb5_kt_close(context, keytab);
189 if(ret) krb5_err(context, 1, ret, "krb5_kt_close");
190 }
191
192 asprintf(&tmp_db, "%s~", database);
193 ret = hdb_create(context, &db, tmp_db);
194 if(ret)
195 krb5_err(context, 1, ret, "hdb_open(%s)", tmp_db);
196 ret = db->open(context, db, O_RDWR | O_CREAT | O_TRUNC, 0600);
197 if(ret)
198 krb5_err(context, 1, ret, "hdb_open");
199
200 nprincs = 0;
201 while(1){
202 krb5_data data;
203 hdb_entry entry;
204
205 if(from_stdin){
206 ret = recv_clear(context, fd, &data);
207 if(ret) krb5_err(context, 1, ret, "recv_clear");
208 }else{
209 ret = recv_priv(context, ac, fd, &data);
210 if(ret) krb5_err(context, 1, ret, "recv_priv");
211 }
212
213 if(data.length == 0){
214 if(!from_stdin){
215 data.data = NULL;
216 data.length = 0;
217 send_priv(context, ac, &data, fd);
218 }
219 ret = db->rename(context, db, database);
220 if(ret) krb5_err(context, 1, ret, "db_rename");
221 ret = db->close(context, db);
222 if(ret) krb5_err(context, 1, ret, "db_close");
223 break;
224 }
225 ret = hdb_value2entry(context, &data, &entry);
226 if(ret) krb5_err(context, 1, ret, "hdb_value2entry");
227 ret = db->store(context, db, 0, &entry);
228 if(ret == HDB_ERR_EXISTS){
229 char *s;
230 krb5_unparse_name(context, entry.principal, &s);
231 krb5_warnx(context, "Entry exists: %s", s);
232 free(s);
233 } else if(ret)
234 krb5_err(context, 1, ret, "db_store");
235 else
236 nprincs++;
237 hdb_free_entry(context, &entry);
238 }
239 krb5_log(context, fac, 0, "Received %d principals", nprincs);
240 exit(0);
241 }
Heimdal