search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
drsuapi.idl: fix source_dsa spelling
[samba4-gss.git] / third_party / heimdal / kadmin / kadmind.c
blob4ea513e08d3510758b1e13a99f2daecbb1421529
1 /*
2 * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kadmin_locl.h"
35 #include "heim_threads.h"
36 #include "krb5-protos.h"
37
38 static char *check_library = NULL;
39 static char *check_function = NULL;
40 static getarg_strings policy_libraries = { 0, NULL };
41 static char *config_file;
42 static char sHDB[] = "HDBGET:";
43 static char *keytab_str = sHDB;
44 #ifndef WIN32
45 static char *fuzz_file;
46 static char *fuzz_client_name;
47 static char *fuzz_keytab_name;
48 static char *fuzz_service_name;
49 static char *fuzz_admin_server;
50 #endif
51 static int help_flag;
52 static int version_flag;
53 static int debug_flag;
54 static int readonly_flag;
55 static char *port_str;
56 char *realm;
57 int list_chunk_size = -1;
58
59 static int detach_from_console = -1;
60 int daemon_child = -1;
61
62 static struct getargs args[] = {
63 {
64 "config-file", 'c', arg_string, &config_file,
65 "location of config file", "file"
66 },
67 {
68 "keytab", 0, arg_string, &keytab_str,
69 "what keytab to use", "keytab"
70 },
71 { "realm", 'r', arg_string, &realm,
72 "realm to use", "realm"
73 },
74 #ifdef HAVE_DLOPEN
75 { "check-library", 0, arg_string, &check_library,
76 "library to load password check function from", "library" },
77 { "check-function", 0, arg_string, &check_function,
78 "password check function to load", "function" },
79 { "policy-libraries", 0, arg_strings, &policy_libraries,
80 "password check function to load", "function" },
81 #endif
82 { "debug", 'd', arg_flag, &debug_flag,
83 "enable debugging", NULL
84 },
85 { "list-chunk-size", 0, arg_integer,&list_chunk_size,
86 "set the LIST streaming count of names per chunk", "NUMBER"
87 },
88 {
89 "detach", 0 , arg_flag, &detach_from_console,
90 "detach from console", NULL
91 },
92 {
93 "daemon-child", 0 , arg_integer, &daemon_child,
94 "private argument, do not use", NULL
95 },
96 { "ports", 'p', arg_string, &port_str,
97 "ports to listen to", "port" },
98 { "read-only", 0, arg_flag, &readonly_flag,
99 "read-only operations", NULL },
100 #ifndef WIN32
101 { "fuzz-file", 0, arg_string, &fuzz_file,
102 "Kadmin RPC body for fuzzing", "FILE" },
103 { "fuzz-client", 0, arg_string, &fuzz_client_name,
104 "Client name for fuzzing", "PRINCIPAL" },
105 { "fuzz-keytab", 0, arg_string, &fuzz_keytab_name,
106 "Keytab for fuzzing", "KEYTAB" },
107 { "fuzz-server", 0, arg_string, &fuzz_admin_server,
108 "Name of kadmind self instance", "HOST:PORT" },
109 #endif
110 { "help", 'h', arg_flag, &help_flag, NULL, NULL },
111 { "version", 'v', arg_flag, &version_flag, NULL, NULL }
112 };
113
114 static int num_args = sizeof(args) / sizeof(args[0]);
115
116 krb5_context context;
117
118 static void
119 usage(int ret)
120 {
121 arg_printusage (args, num_args, NULL, "");
122 exit (ret);
123 }
124
125 static void *fuzz_thread(void *);
126
127 int
128 main(int argc, char **argv)
129 {
130 krb5_error_code ret;
131 char **files;
132 int optidx = 0;
133 int i;
134 krb5_log_facility *logfacility;
135 krb5_keytab keytab;
136 krb5_socket_t sfd = rk_INVALID_SOCKET;
137
138 setprogname(argv[0]);
139
140 if (getarg(args, num_args, argc, argv, &optidx)) {
141 warnx("error at argument `%s'", argv[optidx]);
142 usage(1);
143 }
144
145 if (help_flag)
146 usage (0);
147
148 if (version_flag) {
149 print_version(NULL);
150 exit(0);
151 }
152
153 if (detach_from_console > 0 && daemon_child == -1)
154 daemon_child = roken_detach_prep(argc, argv, "--daemon-child");
155
156 ret = krb5_init_context(&context);
157 if (ret)
158 errx (1, "krb5_init_context failed: %d", ret);
159
160 argc -= optidx;
161 argv += optidx;
162 if (argc != 0)
163 usage(1);
164
165 if (config_file == NULL) {
166 int aret;
167
168 aret = asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
169 if (aret == -1)
170 errx(1, "out of memory");
171 }
172
173 ret = krb5_prepend_config_files_default(config_file, &files);
174 if (ret)
175 krb5_err(context, 1, ret, "getting configuration files");
176
177 ret = krb5_set_config_files(context, files);
178 krb5_free_config_files(files);
179 if(ret)
180 krb5_err(context, 1, ret, "reading configuration files");
181
182 ret = krb5_openlog(context, "kadmind", &logfacility);
183 if (ret)
184 krb5_err(context, 1, ret, "krb5_openlog");
185 ret = krb5_set_warn_dest(context, logfacility);
186 if (ret)
187 krb5_err(context, 1, ret, "krb5_set_warn_dest");
188
189 ret = krb5_kt_register(context, &hdb_get_kt_ops);
190 if(ret)
191 krb5_err(context, 1, ret, "krb5_kt_register");
192
193 ret = krb5_kt_resolve(context, keytab_str, &keytab);
194 if(ret)
195 krb5_err(context, 1, ret, "krb5_kt_resolve");
196
197 kadm5_setup_passwd_quality_check (context, check_library, check_function);
198
199 for (i = 0; i < policy_libraries.num_strings; i++) {
200 ret = kadm5_add_passwd_quality_verifier(context,
201 policy_libraries.strings[i]);
202 if (ret)
203 krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
204 }
205 ret = kadm5_add_passwd_quality_verifier(context, NULL);
206 if (ret)
207 krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
208
209 if(debug_flag) {
210 int debug_port;
211
212 if(port_str == NULL)
213 debug_port = krb5_getportbyname (context, "kerberos-adm",
214 "tcp", 749);
215 else
216 debug_port = htons(atoi(port_str));
217 mini_inetd(debug_port, &sfd);
218 } else {
219 #ifdef _WIN32
220 start_server(context, port_str);
221 #else
222 struct sockaddr_storage __ss;
223 struct sockaddr *sa = (struct sockaddr *)&__ss;
224 socklen_t sa_size = sizeof(__ss);
225
226 /*
227 * Check if we are running inside inetd or not, if not, start
228 * our own server.
229 */
230
231 if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 &&
232 rk_SOCK_ERRNO == ENOTSOCK) {
233 start_server(context, port_str);
234 }
235 #endif /* _WIN32 */
236 sfd = STDIN_FILENO;
237
238 socket_set_keepalive(sfd, 1);
239 }
240
241 if(realm)
242 krb5_set_default_realm(context, realm); /* XXX */
243
244 #ifndef WIN32
245 if (fuzz_file) {
246 HEIMDAL_THREAD_ID tid;
247
248 if (fuzz_admin_server == NULL)
249 errx(1, "If --fuzz-file is given then --fuzz-server must be too");
250 HEIMDAL_THREAD_create(&tid, fuzz_thread, NULL);
251 }
252 #endif
253
254 kadmind_loop(context, keytab, sfd, readonly_flag);
255
256 return 0;
257 }
258
259 #ifndef WIN32
260 static void *
261 fuzz_thread(void *arg)
262 {
263 kadm5_config_params conf;
264 krb5_error_code ret;
265 krb5_context context2;
266 krb5_storage *sp;
267 krb5_data reply;
268 void *server_handle = NULL;
269 int fd;
270
271 memset(&conf, 0, sizeof(conf));
272 conf.admin_server = fuzz_admin_server;
273
274 fd = open(fuzz_file, O_RDONLY);
275 if (fd < 0)
276 err(1, "Could not open fuzz file %s", fuzz_file);
277 sp = krb5_storage_from_fd(fd);
278 if (sp == NULL)
279 err(1, "Could not read fuzz file %s", fuzz_file);
280 (void) close(fd);
281
282 ret = krb5_init_context(&context2);
283 if (ret)
284 errx(1, "Fuzzing failed: krb5_init_context failed: %d", ret);
285 ret = kadm5_c_init_with_skey_ctx(context2,
286 fuzz_client_name,
287 fuzz_keytab_name,
288 fuzz_service_name ?
289 fuzz_service_name :
290 KADM5_ADMIN_SERVICE,
291 &conf,
292 0, /* struct_version */
293 0, /* api_version */
294 &server_handle);
295 if (ret)
296 errx(1, "Fuzzing failed: kadm5_c_init_with_skey_ctx failed: %d", ret);
297
298 ret = _kadm5_connect(server_handle, 1 /* want_write */);
299 if (ret)
300 errx(1, "Fuzzing failed: Could not connect to self (%s): "
301 "_kadm5_connect failed: %d", fuzz_admin_server, ret);
302 ret = _kadm5_client_send(server_handle, sp);
303 if (ret)
304 errx(1, "Fuzzing failed: Could not send request to self (%s): "
305 "_kadm5_client_send failed: %d", fuzz_admin_server, ret);
306 krb5_data_zero(&reply);
307 ret = _kadm5_client_recv(server_handle, &reply);
308 if (ret)
309 errx(1, "Fuzzing failed: Could not read reply from self (%s): "
310 "_kadm5_client_recv failed: %d", fuzz_admin_server, ret);
311 krb5_storage_free(sp);
312 krb5_data_free(&reply);
313 fprintf(stderr, "Fuzzed with %s", fuzz_file);
314 exit(0);
315
316 return NULL;
317 }
318 #endif
GSS-enabled samba4