kadmin/kadmind.c

   1 /*
   2  * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #include "kadmin_locl.h"
  35
  36 static char *check_library  = NULL;
  37 static char *check_function = NULL;
  38 static getarg_strings policy_libraries = { 0, NULL };
  39 static char *config_file;
  40 static char sHDB[] = "HDBGET:";
  41 static char *keytab_str = sHDB;
  42 static int help_flag;
  43 static int version_flag;
  44 static int debug_flag;
  45 static int readonly_flag;
  46 static char *port_str;
  47 char *realm;
  48
  49 static int detach_from_console = -1;
  50 int daemon_child = -1;
  51
  52 static struct getargs args[] = {
  53     {
  54         "config-file",  'c',    arg_string,     &config_file,
  55         "location of config file",      "file"
  56     },
  57     {
  58         "keytab",       0,      arg_string, &keytab_str,
  59         "what keytab to use", "keytab"
  60     },
  61     {   "realm",        'r',    arg_string,   &realm,
  62         "realm to use", "realm"
  63     },
  64 #ifdef HAVE_DLOPEN
  65     { "check-library", 0, arg_string, &check_library,
  66       "library to load password check function from", "library" },
  67     { "check-function", 0, arg_string, &check_function,
  68       "password check function to load", "function" },
  69     { "policy-libraries", 0, arg_strings, &policy_libraries,
  70       "password check function to load", "function" },
  71 #endif
  72     {   "debug",        'd',    arg_flag,   &debug_flag,
  73         "enable debugging", NULL
  74     },
  75     {
  76         "detach",       0 ,      arg_flag, &detach_from_console,
  77         "detach from console", NULL
  78     },
  79     {
  80         "daemon-child",       0 ,      arg_integer, &daemon_child,
  81         "private argument, do not use", NULL
  82     },
  83     {   "ports",        'p',    arg_string, &port_str,
  84         "ports to listen to", "port" },
  85     {   "read-only",    0,      arg_flag,   &readonly_flag,
  86         "read-only operations", NULL },
  87     {   "help",         'h',    arg_flag,   &help_flag, NULL, NULL },
  88     {   "version",      'v',    arg_flag,   &version_flag, NULL, NULL }
  89 };
  90
  91 static int num_args = sizeof(args) / sizeof(args[0]);
  92
  93 krb5_context context;
  94
  95 static void
  96 usage(int ret)
  97 {
  98     arg_printusage (args, num_args, NULL, "");
  99     exit (ret);
 100 }
 101
 102 int
 103 main(int argc, char **argv)
 104 {
 105     krb5_error_code ret;
 106     char **files;
 107     int optidx = 0;
 108     int i;
 109     krb5_log_facility *logfacility;
 110     krb5_keytab keytab;
 111     krb5_socket_t sfd = rk_INVALID_SOCKET;
 112
 113     setprogname(argv[0]);
 114
 115     if (getarg(args, num_args, argc, argv, &optidx)) {
 116         warnx("error at argument `%s'", argv[optidx]);
 117         usage(1);
 118     }
 119
 120     if (help_flag)
 121         usage (0);
 122
 123     if (version_flag) {
 124         print_version(NULL);
 125         exit(0);
 126     }
 127
 128     if (detach_from_console > 0 && daemon_child == -1)
 129         daemon_child = roken_detach_prep(argc, argv, "--daemon-child");
 130
 131     ret = krb5_init_context(&context);
 132     if (ret)
 133         errx (1, "krb5_init_context failed: %d", ret);
 134
 135     argc -= optidx;
 136     argv += optidx;
 137
 138     if (config_file == NULL) {
 139         int aret;
 140
 141         aret = asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
 142         if (aret == -1)
 143             errx(1, "out of memory");
 144     }
 145
 146     ret = krb5_prepend_config_files_default(config_file, &files);
 147     if (ret)
 148         krb5_err(context, 1, ret, "getting configuration files");
 149
 150     ret = krb5_set_config_files(context, files);
 151     krb5_free_config_files(files);
 152     if(ret)
 153         krb5_err(context, 1, ret, "reading configuration files");
 154
 155     ret = krb5_openlog(context, "kadmind", &logfacility);
 156     if (ret)
 157         krb5_err(context, 1, ret, "krb5_openlog");
 158     ret = krb5_set_warn_dest(context, logfacility);
 159     if (ret)
 160         krb5_err(context, 1, ret, "krb5_set_warn_dest");
 161
 162     ret = krb5_kt_register(context, &hdb_get_kt_ops);
 163     if(ret)
 164         krb5_err(context, 1, ret, "krb5_kt_register");
 165
 166     ret = krb5_kt_resolve(context, keytab_str, &keytab);
 167     if(ret)
 168         krb5_err(context, 1, ret, "krb5_kt_resolve");
 169
 170     kadm5_setup_passwd_quality_check (context, check_library, check_function);
 171
 172     for (i = 0; i < policy_libraries.num_strings; i++) {
 173         ret = kadm5_add_passwd_quality_verifier(context,
 174                                                 policy_libraries.strings[i]);
 175         if (ret)
 176             krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
 177     }
 178     ret = kadm5_add_passwd_quality_verifier(context, NULL);
 179     if (ret)
 180         krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
 181
 182     if(debug_flag) {
 183         int debug_port;
 184
 185         if(port_str == NULL)
 186             debug_port = krb5_getportbyname (context, "kerberos-adm",
 187                                              "tcp", 749);
 188         else
 189             debug_port = htons(atoi(port_str));
 190         mini_inetd(debug_port, &sfd);
 191     } else {
 192 #ifdef _WIN32
 193         start_server(context, port_str);
 194 #else
 195         struct sockaddr_storage __ss;
 196         struct sockaddr *sa = (struct sockaddr *)&__ss;
 197         socklen_t sa_size = sizeof(__ss);
 198
 199         /*
 200          * Check if we are running inside inetd or not, if not, start
 201          * our own server.
 202          */
 203
 204         if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 &&
 205            rk_SOCK_ERRNO == ENOTSOCK) {
 206             start_server(context, port_str);
 207         }
 208 #endif /* _WIN32 */
 209         sfd = STDIN_FILENO;
 210
 211         socket_set_keepalive(sfd, 1);
 212     }
 213
 214     if(realm)
 215         krb5_set_default_realm(context, realm); /* XXX */
 216
 217     kadmind_loop(context, keytab, sfd, readonly_flag);
 218
 219     return 0;
 220 }