kadmin/kadmind.c

   1 /*
   2  * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #include "kadmin_locl.h"
  35
  36 static char *check_library  = NULL;
  37 static char *check_function = NULL;
  38 static getarg_strings policy_libraries = { 0, NULL };
  39 static char *config_file;
  40 static char sHDB[] = "HDB:";
  41 static char *keytab_str = sHDB;
  42 static int help_flag;
  43 static int version_flag;
  44 static int debug_flag;
  45 static char *port_str;
  46 char *realm;
  47
  48 static struct getargs args[] = {
  49     {
  50         "config-file",  'c',    arg_string,     &config_file,
  51         "location of config file",      "file"
  52     },
  53     {
  54         "keytab",       0,      arg_string, &keytab_str,
  55         "what keytab to use", "keytab"
  56     },
  57     {   "realm",        'r',    arg_string,   &realm,
  58         "realm to use", "realm"
  59     },
  60 #ifdef HAVE_DLOPEN
  61     { "check-library", 0, arg_string, &check_library,
  62       "library to load password check function from", "library" },
  63     { "check-function", 0, arg_string, &check_function,
  64       "password check function to load", "function" },
  65     { "policy-libraries", 0, arg_strings, &policy_libraries,
  66       "password check function to load", "function" },
  67 #endif
  68     {   "debug",        'd',    arg_flag,   &debug_flag,
  69         "enable debugging", NULL
  70     },
  71     {   "ports",        'p',    arg_string, &port_str,
  72         "ports to listen to", "port" },
  73     {   "help",         'h',    arg_flag,   &help_flag, NULL, NULL },
  74     {   "version",      'v',    arg_flag,   &version_flag, NULL, NULL }
  75 };
  76
  77 static int num_args = sizeof(args) / sizeof(args[0]);
  78
  79 krb5_context context;
  80
  81 static void
  82 usage(int ret)
  83 {
  84     arg_printusage (args, num_args, NULL, "");
  85     exit (ret);
  86 }
  87
  88 int
  89 main(int argc, char **argv)
  90 {
  91     krb5_error_code ret;
  92     char **files;
  93     int optidx = 0;
  94     int i;
  95     krb5_log_facility *logfacility;
  96     krb5_keytab keytab;
  97     krb5_socket_t sfd = rk_INVALID_SOCKET;
  98
  99     setprogname(argv[0]);
 100
 101     ret = krb5_init_context(&context);
 102     if (ret)
 103         errx (1, "krb5_init_context failed: %d", ret);
 104
 105     if (getarg(args, num_args, argc, argv, &optidx)) {
 106         warnx("error at argument `%s'", argv[optidx]);
 107         usage(1);
 108     }
 109
 110     if (help_flag)
 111         usage (0);
 112
 113     if (version_flag) {
 114         print_version(NULL);
 115         exit(0);
 116     }
 117
 118     argc -= optidx;
 119     argv += optidx;
 120
 121     if (config_file == NULL) {
 122         int aret;
 123
 124         aret = asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
 125         if (aret == -1)
 126             errx(1, "out of memory");
 127     }
 128
 129     ret = krb5_prepend_config_files_default(config_file, &files);
 130     if (ret)
 131         krb5_err(context, 1, ret, "getting configuration files");
 132
 133     ret = krb5_set_config_files(context, files);
 134     krb5_free_config_files(files);
 135     if(ret)
 136         krb5_err(context, 1, ret, "reading configuration files");
 137
 138     ret = krb5_openlog(context, "kadmind", &logfacility);
 139     if (ret)
 140         krb5_err(context, 1, ret, "krb5_openlog");
 141     ret = krb5_set_warn_dest(context, logfacility);
 142     if (ret)
 143         krb5_err(context, 1, ret, "krb5_set_warn_dest");
 144
 145     ret = krb5_kt_register(context, &hdb_kt_ops);
 146     if(ret)
 147         krb5_err(context, 1, ret, "krb5_kt_register");
 148
 149     ret = krb5_kt_resolve(context, keytab_str, &keytab);
 150     if(ret)
 151         krb5_err(context, 1, ret, "krb5_kt_resolve");
 152
 153     kadm5_setup_passwd_quality_check (context, check_library, check_function);
 154
 155     for (i = 0; i < policy_libraries.num_strings; i++) {
 156         ret = kadm5_add_passwd_quality_verifier(context,
 157                                                 policy_libraries.strings[i]);
 158         if (ret)
 159             krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
 160     }
 161     ret = kadm5_add_passwd_quality_verifier(context, NULL);
 162     if (ret)
 163         krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
 164
 165     if(debug_flag) {
 166         int debug_port;
 167
 168         if(port_str == NULL)
 169             debug_port = krb5_getportbyname (context, "kerberos-adm",
 170                                              "tcp", 749);
 171         else
 172             debug_port = htons(atoi(port_str));
 173         mini_inetd(debug_port, &sfd);
 174     } else {
 175 #ifdef _WIN32
 176         pidfile(NULL);
 177         start_server(context, port_str);
 178 #else
 179         struct sockaddr_storage __ss;
 180         struct sockaddr *sa = (struct sockaddr *)&__ss;
 181         socklen_t sa_size = sizeof(__ss);
 182
 183         /*
 184          * Check if we are running inside inetd or not, if not, start
 185          * our own server.
 186          */
 187
 188         if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 &&
 189            rk_SOCK_ERRNO == ENOTSOCK) {
 190             pidfile(NULL);
 191             start_server(context, port_str);
 192         }
 193 #endif /* _WIN32 */
 194         sfd = STDIN_FILENO;
 195     }
 196
 197     if(realm)
 198         krb5_set_default_realm(context, realm); /* XXX */
 199
 200     kadmind_loop(context, keytab, sfd);
 201
 202     return 0;
 203 }