1 /* $NetBSD: kadmind.c,v 1.1.1.1 2011/04/13 18:14:35 elric Exp $ */ 2 3 /* 4 * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include "kadmin_locl.h" 37 38 static char *check_library = NULL; 39 static char *check_function = NULL; 40 static getarg_strings policy_libraries = { 0, NULL }; 41 static char *config_file; 42 static char *keytab_str = "HDB:"; 43 static int help_flag; 44 static int version_flag; 45 static int debug_flag; 46 static char *port_str; 47 char *realm; 48 49 static struct getargs args[] = { 50 { 51 "config-file", 'c', arg_string, &config_file, 52 "location of config file", "file" 53 }, 54 { 55 "keytab", 0, arg_string, &keytab_str, 56 "what keytab to use", "keytab" 57 }, 58 { "realm", 'r', arg_string, &realm, 59 "realm to use", "realm" 60 }, 61 #ifdef HAVE_DLOPEN 62 { "check-library", 0, arg_string, &check_library, 63 "library to load password check function from", "library" }, 64 { "check-function", 0, arg_string, &check_function, 65 "password check function to load", "function" }, 66 { "policy-libraries", 0, arg_strings, &policy_libraries, 67 "password check function to load", "function" }, 68 #endif 69 { "debug", 'd', arg_flag, &debug_flag, 70 "enable debugging" 71 }, 72 { "ports", 'p', arg_string, &port_str, 73 "ports to listen to", "port" }, 74 { "help", 'h', arg_flag, &help_flag }, 75 { "version", 'v', arg_flag, &version_flag } 76 }; 77 78 static int num_args = sizeof(args) / sizeof(args[0]); 79 80 krb5_context context; 81 82 static void 83 usage(int ret) 84 { 85 arg_printusage (args, num_args, NULL, ""); 86 exit (ret); 87 } 88 89 int 90 main(int argc, char **argv) 91 { 92 krb5_error_code ret; 93 char **files; 94 int optidx = 0; 95 int i; 96 krb5_log_facility *logfacility; 97 krb5_keytab keytab; 98 krb5_socket_t sfd = rk_INVALID_SOCKET; 99 100 setprogname(argv[0]); 101 102 ret = krb5_init_context(&context); 103 if (ret) 104 errx (1, "krb5_init_context failed: %d", ret); 105 106 if (getarg(args, num_args, argc, argv, &optidx)) { 107 warnx("error at argument `%s'", argv[optidx]); 108 usage(1); 109 } 110 111 if (help_flag) 112 usage (0); 113 114 if (version_flag) { 115 print_version(NULL); 116 exit(0); 117 } 118 119 argc -= optidx; 120 argv += optidx; 121 122 if (config_file == NULL) { 123 asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context)); 124 if (config_file == NULL) 125 errx(1, "out of memory"); 126 } 127 128 ret = krb5_prepend_config_files_default(config_file, &files); 129 if (ret) 130 krb5_err(context, 1, ret, "getting configuration files"); 131 132 ret = krb5_set_config_files(context, files); 133 krb5_free_config_files(files); 134 if(ret) 135 krb5_err(context, 1, ret, "reading configuration files"); 136 137 ret = krb5_openlog(context, "kadmind", &logfacility); 138 if (ret) 139 krb5_err(context, 1, ret, "krb5_openlog"); 140 ret = krb5_set_warn_dest(context, logfacility); 141 if (ret) 142 krb5_err(context, 1, ret, "krb5_set_warn_dest"); 143 144 ret = krb5_kt_register(context, &hdb_kt_ops); 145 if(ret) 146 krb5_err(context, 1, ret, "krb5_kt_register"); 147 148 ret = krb5_kt_resolve(context, keytab_str, &keytab); 149 if(ret) 150 krb5_err(context, 1, ret, "krb5_kt_resolve"); 151 152 kadm5_setup_passwd_quality_check (context, check_library, check_function); 153 154 for (i = 0; i < policy_libraries.num_strings; i++) { 155 ret = kadm5_add_passwd_quality_verifier(context, 156 policy_libraries.strings[i]); 157 if (ret) 158 krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); 159 } 160 ret = kadm5_add_passwd_quality_verifier(context, NULL); 161 if (ret) 162 krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); 163 164 if(debug_flag) { 165 int debug_port; 166 167 if(port_str == NULL) 168 debug_port = krb5_getportbyname (context, "kerberos-adm", 169 "tcp", 749); 170 else 171 debug_port = htons(atoi(port_str)); 172 mini_inetd(debug_port, &sfd); 173 } else { 174 #ifdef _WIN32 175 pidfile(NULL); 176 start_server(context, port_str); 177 #else 178 struct sockaddr_storage __ss; 179 struct sockaddr *sa = (struct sockaddr *)&__ss; 180 socklen_t sa_size = sizeof(__ss); 181 182 /* 183 * Check if we are running inside inetd or not, if not, start 184 * our own server. 185 */ 186 187 if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 && 188 rk_SOCK_ERRNO == ENOTSOCK) { 189 pidfile(NULL); 190 start_server(context, port_str); 191 } 192 #endif /* _WIN32 */ 193 sfd = STDIN_FILENO; 194 } 195 196 if(realm) 197 krb5_set_default_realm(context, realm); /* XXX */ 198 199 kadmind_loop(context, keytab, sfd); 200 201 return 0; 202 } 203