search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
libtommath: Fix possible integer overflow CVE-2023-36328
[heimdal.git] / lib / kadm5 / init_s.c
blob35402d88a52782ce6e9d04447f266383990cbfa0
1 /*
2 * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kadm5_locl.h"
35 #include <fcntl.h>
36
37
38 static kadm5_ret_t
39 kadm5_s_init_with_context(krb5_context context,
40 const char *client_name,
41 const char *service_name,
42 kadm5_config_params *realm_params,
43 unsigned long struct_version,
44 unsigned long api_version,
45 void **server_handle)
46 {
47 kadm5_ret_t ret;
48 kadm5_server_context *ctx = NULL;
49 char *dbname;
50 char *stash_file;
51
52 *server_handle = NULL;
53 ret = _kadm5_s_init_context(&ctx, realm_params, context);
54 if (ret) {
55 kadm5_s_destroy(ctx);
56 return ret;
57 }
58
59 if (realm_params->mask & KADM5_CONFIG_DBNAME)
60 dbname = realm_params->dbname;
61 else
62 dbname = ctx->config.dbname;
63
64 if (realm_params->mask & KADM5_CONFIG_STASH_FILE)
65 stash_file = realm_params->stash_file;
66 else
67 stash_file = ctx->config.stash_file;
68
69 assert(dbname != NULL);
70 assert(stash_file != NULL);
71 assert(ctx->config.acl_file != NULL);
72 assert(ctx->log_context.log_file != NULL);
73 #ifndef NO_UNIX_SOCKETS
74 assert(ctx->log_context.socket_name.sun_path[0] != '\0');
75 #else
76 assert(ctx->log_context.socket_info != NULL);
77 #endif
78
79 ret = hdb_create(ctx->context, &ctx->db, dbname);
80 if (ret == 0)
81 ret = hdb_set_master_keyfile(ctx->context,
82 ctx->db, stash_file);
83 if (ret) {
84 kadm5_s_destroy(ctx);
85 return ret;
86 }
87
88 ctx->log_context.log_fd = -1;
89
90 #ifndef NO_UNIX_SOCKETS
91 ctx->log_context.socket_fd = socket(AF_UNIX, SOCK_DGRAM, 0);
92 #else
93 ctx->log_context.socket_fd = socket(ctx->log_context.socket_info->ai_family,
94 ctx->log_context.socket_info->ai_socktype,
95 ctx->log_context.socket_info->ai_protocol);
96 #endif
97
98 if (ctx->log_context.socket_fd != rk_INVALID_SOCKET)
99 socket_set_nonblocking(ctx->log_context.socket_fd, 1);
100
101 ret = krb5_parse_name(ctx->context, client_name, &ctx->caller);
102 if (ret == 0)
103 ret = _kadm5_acl_init(ctx);
104 if (ret)
105 kadm5_s_destroy(ctx);
106 else
107 *server_handle = ctx;
108 return ret;
109 }
110
111 kadm5_ret_t
112 kadm5_s_dup_context(void *vin, void **out)
113 {
114 kadm5_server_context *in = vin;
115 kadm5_ret_t ret;
116 char *p = NULL;
117
118 ret = krb5_unparse_name(in->context, in->caller, &p);
119 if (ret == 0)
120 ret = kadm5_s_init_with_context(in->context, p, NULL,
121 &in->config, 0, 0, out);
122 free(p);
123 return ret;
124 }
125
126 kadm5_ret_t
127 kadm5_s_init_with_password_ctx(krb5_context context,
128 const char *client_name,
129 const char *password,
130 const char *service_name,
131 kadm5_config_params *realm_params,
132 unsigned long struct_version,
133 unsigned long api_version,
134 void **server_handle)
135 {
136 return kadm5_s_init_with_context(context,
137 client_name,
138 service_name,
139 realm_params,
140 struct_version,
141 api_version,
142 server_handle);
143 }
144
145 kadm5_ret_t
146 kadm5_s_init_with_password(const char *client_name,
147 const char *password,
148 const char *service_name,
149 kadm5_config_params *realm_params,
150 unsigned long struct_version,
151 unsigned long api_version,
152 void **server_handle)
153 {
154 krb5_context context;
155 kadm5_ret_t ret;
156 kadm5_server_context *ctx;
157
158 ret = krb5_init_context(&context);
159 if (ret)
160 return ret;
161 ret = kadm5_s_init_with_password_ctx(context,
162 client_name,
163 password,
164 service_name,
165 realm_params,
166 struct_version,
167 api_version,
168 server_handle);
169 if(ret){
170 krb5_free_context(context);
171 return ret;
172 }
173 ctx = *server_handle;
174 ctx->my_context = 1;
175 return 0;
176 }
177
178 kadm5_ret_t
179 kadm5_s_init_with_skey_ctx(krb5_context context,
180 const char *client_name,
181 const char *keytab,
182 const char *service_name,
183 kadm5_config_params *realm_params,
184 unsigned long struct_version,
185 unsigned long api_version,
186 void **server_handle)
187 {
188 return kadm5_s_init_with_context(context,
189 client_name,
190 service_name,
191 realm_params,
192 struct_version,
193 api_version,
194 server_handle);
195 }
196
197 kadm5_ret_t
198 kadm5_s_init_with_skey(const char *client_name,
199 const char *keytab,
200 const char *service_name,
201 kadm5_config_params *realm_params,
202 unsigned long struct_version,
203 unsigned long api_version,
204 void **server_handle)
205 {
206 krb5_context context;
207 kadm5_ret_t ret;
208 kadm5_server_context *ctx;
209
210 ret = krb5_init_context(&context);
211 if (ret)
212 return ret;
213 ret = kadm5_s_init_with_skey_ctx(context,
214 client_name,
215 keytab,
216 service_name,
217 realm_params,
218 struct_version,
219 api_version,
220 server_handle);
221 if(ret){
222 krb5_free_context(context);
223 return ret;
224 }
225 ctx = *server_handle;
226 ctx->my_context = 1;
227 return 0;
228 }
229
230 kadm5_ret_t
231 kadm5_s_init_with_creds_ctx(krb5_context context,
232 const char *client_name,
233 krb5_ccache ccache,
234 const char *service_name,
235 kadm5_config_params *realm_params,
236 unsigned long struct_version,
237 unsigned long api_version,
238 void **server_handle)
239 {
240 return kadm5_s_init_with_context(context,
241 client_name,
242 service_name,
243 realm_params,
244 struct_version,
245 api_version,
246 server_handle);
247 }
248
249 kadm5_ret_t
250 kadm5_s_init_with_creds(const char *client_name,
251 krb5_ccache ccache,
252 const char *service_name,
253 kadm5_config_params *realm_params,
254 unsigned long struct_version,
255 unsigned long api_version,
256 void **server_handle)
257 {
258 krb5_context context;
259 kadm5_ret_t ret;
260 kadm5_server_context *ctx;
261
262 ret = krb5_init_context(&context);
263 if (ret)
264 return ret;
265 ret = kadm5_s_init_with_creds_ctx(context,
266 client_name,
267 ccache,
268 service_name,
269 realm_params,
270 struct_version,
271 api_version,
272 server_handle);
273 if(ret){
274 krb5_free_context(context);
275 return ret;
276 }
277 ctx = *server_handle;
278 ctx->my_context = 1;
279 return 0;
280 }
Heimdal