xref: /netbsd-src/crypto/external/bsd/heimdal/dist/lib/kadm5/init_s.c (revision 241bea01a19bbb306af27777a870b86d41cb3fda) 
1 /*	$NetBSD: init_s.c,v 1.3 2019/12/15 22:50:50 christos Exp $	*/
2 
3 /*
4  * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
5  * (Royal Institute of Technology, Stockholm, Sweden).
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * 3. Neither the name of the Institute nor the names of its contributors
20  *    may be used to endorse or promote products derived from this software
21  *    without specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33  * SUCH DAMAGE.
34  */
35 
36 #include "kadm5_locl.h"
37 #include <fcntl.h>
38 
39 
40 static kadm5_ret_t
kadm5_s_init_with_context(krb5_context context,const char * client_name,const char * service_name,kadm5_config_params * realm_params,unsigned long struct_version,unsigned long api_version,void ** server_handle)41 kadm5_s_init_with_context(krb5_context context,
42 			  const char *client_name,
43 			  const char *service_name,
44 			  kadm5_config_params *realm_params,
45 			  unsigned long struct_version,
46 			  unsigned long api_version,
47 			  void **server_handle)
48 {
49     kadm5_ret_t ret;
50     kadm5_server_context *ctx;
51     char *dbname;
52     char *stash_file;
53 
54     *server_handle = NULL;
55     ret = _kadm5_s_init_context(&ctx, realm_params, context);
56     if (ret)
57 	return ret;
58 
59     if (realm_params->mask & KADM5_CONFIG_DBNAME)
60 	dbname = realm_params->dbname;
61     else
62 	dbname = ctx->config.dbname;
63 
64     if (realm_params->mask & KADM5_CONFIG_STASH_FILE)
65 	stash_file = realm_params->stash_file;
66     else
67 	stash_file = ctx->config.stash_file;
68 
69     assert(dbname != NULL);
70     assert(stash_file != NULL);
71     assert(ctx->config.acl_file != NULL);
72     assert(ctx->log_context.log_file != NULL);
73 #ifndef NO_UNIX_SOCKETS
74     assert(ctx->log_context.socket_name.sun_path[0] != '\0');
75 #else
76     assert(ctx->log_context.socket_info != NULL);
77 #endif
78 
79     ret = hdb_create(ctx->context, &ctx->db, dbname);
80     if (ret == 0)
81         ret = hdb_set_master_keyfile(ctx->context,
82                                      ctx->db, stash_file);
83     if (ret) {
84         kadm5_s_destroy(ctx);
85 	return ret;
86     }
87 
88     ctx->log_context.log_fd = -1;
89 
90 #ifndef NO_UNIX_SOCKETS
91     ctx->log_context.socket_fd = socket(AF_UNIX, SOCK_DGRAM, 0);
92 #else
93     ctx->log_context.socket_fd = socket(ctx->log_context.socket_info->ai_family,
94 					ctx->log_context.socket_info->ai_socktype,
95 					ctx->log_context.socket_info->ai_protocol);
96 #endif
97 
98     if (ctx->log_context.socket_fd != rk_INVALID_SOCKET)
99         socket_set_nonblocking(ctx->log_context.socket_fd, 1);
100 
101     ret = krb5_parse_name(ctx->context, client_name, &ctx->caller);
102     if (ret == 0)
103         ret = _kadm5_acl_init(ctx);
104     if (ret)
105         kadm5_s_destroy(ctx);
106     else
107         *server_handle = ctx;
108     return ret;
109 }
110 
111 kadm5_ret_t
kadm5_s_init_with_password_ctx(krb5_context context,const char * client_name,const char * password,const char * service_name,kadm5_config_params * realm_params,unsigned long struct_version,unsigned long api_version,void ** server_handle)112 kadm5_s_init_with_password_ctx(krb5_context context,
113 			       const char *client_name,
114 			       const char *password,
115 			       const char *service_name,
116 			       kadm5_config_params *realm_params,
117 			       unsigned long struct_version,
118 			       unsigned long api_version,
119 			       void **server_handle)
120 {
121     return kadm5_s_init_with_context(context,
122 				     client_name,
123 				     service_name,
124 				     realm_params,
125 				     struct_version,
126 				     api_version,
127 				     server_handle);
128 }
129 
130 kadm5_ret_t
kadm5_s_init_with_password(const char * client_name,const char * password,const char * service_name,kadm5_config_params * realm_params,unsigned long struct_version,unsigned long api_version,void ** server_handle)131 kadm5_s_init_with_password(const char *client_name,
132 			   const char *password,
133 			   const char *service_name,
134 			   kadm5_config_params *realm_params,
135 			   unsigned long struct_version,
136 			   unsigned long api_version,
137 			   void **server_handle)
138 {
139     krb5_context context;
140     kadm5_ret_t ret;
141     kadm5_server_context *ctx;
142 
143     ret = krb5_init_context(&context);
144     if (ret)
145 	return ret;
146     ret = kadm5_s_init_with_password_ctx(context,
147 					 client_name,
148 					 password,
149 					 service_name,
150 					 realm_params,
151 					 struct_version,
152 					 api_version,
153 					 server_handle);
154     if(ret){
155 	krb5_free_context(context);
156 	return ret;
157     }
158     ctx = *server_handle;
159     ctx->my_context = 1;
160     return 0;
161 }
162 
163 kadm5_ret_t
kadm5_s_init_with_skey_ctx(krb5_context context,const char * client_name,const char * keytab,const char * service_name,kadm5_config_params * realm_params,unsigned long struct_version,unsigned long api_version,void ** server_handle)164 kadm5_s_init_with_skey_ctx(krb5_context context,
165 			   const char *client_name,
166 			   const char *keytab,
167 			   const char *service_name,
168 			   kadm5_config_params *realm_params,
169 			   unsigned long struct_version,
170 			   unsigned long api_version,
171 			   void **server_handle)
172 {
173     return kadm5_s_init_with_context(context,
174 				     client_name,
175 				     service_name,
176 				     realm_params,
177 				     struct_version,
178 				     api_version,
179 				     server_handle);
180 }
181 
182 kadm5_ret_t
kadm5_s_init_with_skey(const char * client_name,const char * keytab,const char * service_name,kadm5_config_params * realm_params,unsigned long struct_version,unsigned long api_version,void ** server_handle)183 kadm5_s_init_with_skey(const char *client_name,
184 		       const char *keytab,
185 		       const char *service_name,
186 		       kadm5_config_params *realm_params,
187 		       unsigned long struct_version,
188 		       unsigned long api_version,
189 		       void **server_handle)
190 {
191     krb5_context context;
192     kadm5_ret_t ret;
193     kadm5_server_context *ctx;
194 
195     ret = krb5_init_context(&context);
196     if (ret)
197 	return ret;
198     ret = kadm5_s_init_with_skey_ctx(context,
199 				     client_name,
200 				     keytab,
201 				     service_name,
202 				     realm_params,
203 				     struct_version,
204 				     api_version,
205 				     server_handle);
206     if(ret){
207 	krb5_free_context(context);
208 	return ret;
209     }
210     ctx = *server_handle;
211     ctx->my_context = 1;
212     return 0;
213 }
214 
215 kadm5_ret_t
kadm5_s_init_with_creds_ctx(krb5_context context,const char * client_name,krb5_ccache ccache,const char * service_name,kadm5_config_params * realm_params,unsigned long struct_version,unsigned long api_version,void ** server_handle)216 kadm5_s_init_with_creds_ctx(krb5_context context,
217 			    const char *client_name,
218 			    krb5_ccache ccache,
219 			    const char *service_name,
220 			    kadm5_config_params *realm_params,
221 			    unsigned long struct_version,
222 			    unsigned long api_version,
223 			    void **server_handle)
224 {
225     return kadm5_s_init_with_context(context,
226 				     client_name,
227 				     service_name,
228 				     realm_params,
229 				     struct_version,
230 				     api_version,
231 				     server_handle);
232 }
233 
234 kadm5_ret_t
kadm5_s_init_with_creds(const char * client_name,krb5_ccache ccache,const char * service_name,kadm5_config_params * realm_params,unsigned long struct_version,unsigned long api_version,void ** server_handle)235 kadm5_s_init_with_creds(const char *client_name,
236 			krb5_ccache ccache,
237 			const char *service_name,
238 			kadm5_config_params *realm_params,
239 			unsigned long struct_version,
240 			unsigned long api_version,
241 			void **server_handle)
242 {
243     krb5_context context;
244     kadm5_ret_t ret;
245     kadm5_server_context *ctx;
246 
247     ret = krb5_init_context(&context);
248     if (ret)
249 	return ret;
250     ret = kadm5_s_init_with_creds_ctx(context,
251 				      client_name,
252 				      ccache,
253 				      service_name,
254 				      realm_params,
255 				      struct_version,
256 				      api_version,
257 				      server_handle);
258     if(ret){
259 	krb5_free_context(context);
260 	return ret;
261     }
262     ctx = *server_handle;
263     ctx->my_context = 1;
264     return 0;
265 }
266