xref: /netbsd-src/crypto/external/bsd/heimdal/dist/kdc/main.c (revision 413d532bcc3f62d122e56d92e13ac64825a40baf) 
1 /*	$NetBSD: main.c,v 1.1.1.2 2014/04/24 12:45:27 pettai Exp $	*/
2 
3 /*
4  * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
5  * (Royal Institute of Technology, Stockholm, Sweden).
6  * All rights reserved.
7  *
8  * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  *
14  * 1. Redistributions of source code must retain the above copyright
15  *    notice, this list of conditions and the following disclaimer.
16  *
17  * 2. Redistributions in binary form must reproduce the above copyright
18  *    notice, this list of conditions and the following disclaimer in the
19  *    documentation and/or other materials provided with the distribution.
20  *
21  * 3. Neither the name of the Institute nor the names of its contributors
22  *    may be used to endorse or promote products derived from this software
23  *    without specific prior written permission.
24  *
25  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
26  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
29  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35  * SUCH DAMAGE.
36  */
37 
38 #include "kdc_locl.h"
39 #ifdef HAVE_UTIL_H
40 #include <util.h>
41 #endif
42 
43 #ifdef HAVE_CAPNG
44 #include <cap-ng.h>
45 #endif
46 
47 sig_atomic_t exit_flag = 0;
48 
49 #ifdef SUPPORT_DETACH
50 int detach_from_console = -1;
51 #endif
52 
53 static RETSIGTYPE
54 sigterm(int sig)
55 {
56     exit_flag = sig;
57 }
58 
59 /*
60  * Allow dropping root bit, since heimdal reopens the database all the
61  * time the database needs to be owned by the user you are switched
62  * too. A better solution is to split the kdc in to more processes and
63  * run the network facing part with very low privilege.
64  */
65 
66 static void
67 switch_environment(void)
68 {
69 #ifdef HAVE_GETEUID
70     if ((runas_string || chroot_string) && geteuid() != 0)
71 	errx(1, "no running as root, can't switch user/chroot");
72 
73     if (chroot_string) {
74 	if (chroot(chroot_string))
75 	    err(1, "chroot(%s) failed", chroot_string);
76 	if (chdir("/"))
77 	    err(1, "chdir(/) after chroot failed");
78     }
79 
80     if (runas_string) {
81 	struct passwd *pw;
82 
83 	pw = getpwnam(runas_string);
84 	if (pw == NULL)
85 	    errx(1, "unknown user %s", runas_string);
86 
87 	if (initgroups(pw->pw_name, pw->pw_gid) < 0)
88 	    err(1, "initgroups failed");
89 
90 #ifndef HAVE_CAPNG
91 	if (setgid(pw->pw_gid) < 0)
92 	    err(1, "setgid(%s) failed", runas_string);
93 
94 	if (setuid(pw->pw_uid) < 0)
95 	    err(1, "setuid(%s)", runas_string);
96 #else
97 	capng_clear (CAPNG_EFFECTIVE | CAPNG_PERMITTED);
98 	if (capng_updatev (CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED,
99 	                   CAP_NET_BIND_SERVICE, CAP_SETPCAP, -1) < 0)
100 	    err(1, "capng_updateev");
101 
102 	if (capng_change_id(pw->pw_uid, pw->pw_gid,
103 	                    CAPNG_CLEAR_BOUNDING) < 0)
104 	    err(1, "capng_change_id(%s)", runas_string);
105 #endif
106     }
107 #endif
108 }
109 
110 
111 int
112 main(int argc, char **argv)
113 {
114     krb5_error_code ret;
115     krb5_context context;
116     krb5_kdc_configuration *config;
117 
118     setprogname(argv[0]);
119 
120     ret = krb5_init_context(&context);
121     if (ret == KRB5_CONFIG_BADFORMAT)
122 	errx (1, "krb5_init_context failed to parse configuration file");
123     else if (ret)
124 	errx (1, "krb5_init_context failed: %d", ret);
125 
126     ret = krb5_kt_register(context, &hdb_kt_ops);
127     if (ret)
128 	errx (1, "krb5_kt_register(HDB) failed: %d", ret);
129 
130     config = configure(context, argc, argv);
131 
132 #ifdef HAVE_SIGACTION
133     {
134 	struct sigaction sa;
135 
136 	sa.sa_flags = 0;
137 	sa.sa_handler = sigterm;
138 	sigemptyset(&sa.sa_mask);
139 
140 	sigaction(SIGINT, &sa, NULL);
141 	sigaction(SIGTERM, &sa, NULL);
142 #ifdef SIGXCPU
143 	sigaction(SIGXCPU, &sa, NULL);
144 #endif
145 
146 	sa.sa_handler = SIG_IGN;
147 #ifdef SIGPIPE
148 	sigaction(SIGPIPE, &sa, NULL);
149 #endif
150     }
151 #else
152     signal(SIGINT, sigterm);
153     signal(SIGTERM, sigterm);
154 #ifdef SIGXCPU
155     signal(SIGXCPU, sigterm);
156 #endif
157 #ifdef SIGPIPE
158     signal(SIGPIPE, SIG_IGN);
159 #endif
160 #endif
161 #ifdef SUPPORT_DETACH
162     if (detach_from_console)
163 	daemon(0, 0);
164 #endif
165 #ifdef __APPLE__
166     bonjour_announce(context, config);
167 #endif
168     pidfile(NULL);
169 
170     switch_environment();
171 
172     loop(context, config);
173     krb5_free_context(context);
174     return 0;
175 }
176