1 /* $NetBSD: init_s.c,v 1.3 2019/12/15 22:50:50 christos Exp $ */ 2 3 /* 4 * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include "kadm5_locl.h" 37 #include <fcntl.h> 38 39 40 static kadm5_ret_t 41 kadm5_s_init_with_context(krb5_context context, 42 const char *client_name, 43 const char *service_name, 44 kadm5_config_params *realm_params, 45 unsigned long struct_version, 46 unsigned long api_version, 47 void **server_handle) 48 { 49 kadm5_ret_t ret; 50 kadm5_server_context *ctx; 51 char *dbname; 52 char *stash_file; 53 54 *server_handle = NULL; 55 ret = _kadm5_s_init_context(&ctx, realm_params, context); 56 if (ret) 57 return ret; 58 59 if (realm_params->mask & KADM5_CONFIG_DBNAME) 60 dbname = realm_params->dbname; 61 else 62 dbname = ctx->config.dbname; 63 64 if (realm_params->mask & KADM5_CONFIG_STASH_FILE) 65 stash_file = realm_params->stash_file; 66 else 67 stash_file = ctx->config.stash_file; 68 69 assert(dbname != NULL); 70 assert(stash_file != NULL); 71 assert(ctx->config.acl_file != NULL); 72 assert(ctx->log_context.log_file != NULL); 73 #ifndef NO_UNIX_SOCKETS 74 assert(ctx->log_context.socket_name.sun_path[0] != '\0'); 75 #else 76 assert(ctx->log_context.socket_info != NULL); 77 #endif 78 79 ret = hdb_create(ctx->context, &ctx->db, dbname); 80 if (ret == 0) 81 ret = hdb_set_master_keyfile(ctx->context, 82 ctx->db, stash_file); 83 if (ret) { 84 kadm5_s_destroy(ctx); 85 return ret; 86 } 87 88 ctx->log_context.log_fd = -1; 89 90 #ifndef NO_UNIX_SOCKETS 91 ctx->log_context.socket_fd = socket(AF_UNIX, SOCK_DGRAM, 0); 92 #else 93 ctx->log_context.socket_fd = socket(ctx->log_context.socket_info->ai_family, 94 ctx->log_context.socket_info->ai_socktype, 95 ctx->log_context.socket_info->ai_protocol); 96 #endif 97 98 if (ctx->log_context.socket_fd != rk_INVALID_SOCKET) 99 socket_set_nonblocking(ctx->log_context.socket_fd, 1); 100 101 ret = krb5_parse_name(ctx->context, client_name, &ctx->caller); 102 if (ret == 0) 103 ret = _kadm5_acl_init(ctx); 104 if (ret) 105 kadm5_s_destroy(ctx); 106 else 107 *server_handle = ctx; 108 return ret; 109 } 110 111 kadm5_ret_t 112 kadm5_s_init_with_password_ctx(krb5_context context, 113 const char *client_name, 114 const char *password, 115 const char *service_name, 116 kadm5_config_params *realm_params, 117 unsigned long struct_version, 118 unsigned long api_version, 119 void **server_handle) 120 { 121 return kadm5_s_init_with_context(context, 122 client_name, 123 service_name, 124 realm_params, 125 struct_version, 126 api_version, 127 server_handle); 128 } 129 130 kadm5_ret_t 131 kadm5_s_init_with_password(const char *client_name, 132 const char *password, 133 const char *service_name, 134 kadm5_config_params *realm_params, 135 unsigned long struct_version, 136 unsigned long api_version, 137 void **server_handle) 138 { 139 krb5_context context; 140 kadm5_ret_t ret; 141 kadm5_server_context *ctx; 142 143 ret = krb5_init_context(&context); 144 if (ret) 145 return ret; 146 ret = kadm5_s_init_with_password_ctx(context, 147 client_name, 148 password, 149 service_name, 150 realm_params, 151 struct_version, 152 api_version, 153 server_handle); 154 if(ret){ 155 krb5_free_context(context); 156 return ret; 157 } 158 ctx = *server_handle; 159 ctx->my_context = 1; 160 return 0; 161 } 162 163 kadm5_ret_t 164 kadm5_s_init_with_skey_ctx(krb5_context context, 165 const char *client_name, 166 const char *keytab, 167 const char *service_name, 168 kadm5_config_params *realm_params, 169 unsigned long struct_version, 170 unsigned long api_version, 171 void **server_handle) 172 { 173 return kadm5_s_init_with_context(context, 174 client_name, 175 service_name, 176 realm_params, 177 struct_version, 178 api_version, 179 server_handle); 180 } 181 182 kadm5_ret_t 183 kadm5_s_init_with_skey(const char *client_name, 184 const char *keytab, 185 const char *service_name, 186 kadm5_config_params *realm_params, 187 unsigned long struct_version, 188 unsigned long api_version, 189 void **server_handle) 190 { 191 krb5_context context; 192 kadm5_ret_t ret; 193 kadm5_server_context *ctx; 194 195 ret = krb5_init_context(&context); 196 if (ret) 197 return ret; 198 ret = kadm5_s_init_with_skey_ctx(context, 199 client_name, 200 keytab, 201 service_name, 202 realm_params, 203 struct_version, 204 api_version, 205 server_handle); 206 if(ret){ 207 krb5_free_context(context); 208 return ret; 209 } 210 ctx = *server_handle; 211 ctx->my_context = 1; 212 return 0; 213 } 214 215 kadm5_ret_t 216 kadm5_s_init_with_creds_ctx(krb5_context context, 217 const char *client_name, 218 krb5_ccache ccache, 219 const char *service_name, 220 kadm5_config_params *realm_params, 221 unsigned long struct_version, 222 unsigned long api_version, 223 void **server_handle) 224 { 225 return kadm5_s_init_with_context(context, 226 client_name, 227 service_name, 228 realm_params, 229 struct_version, 230 api_version, 231 server_handle); 232 } 233 234 kadm5_ret_t 235 kadm5_s_init_with_creds(const char *client_name, 236 krb5_ccache ccache, 237 const char *service_name, 238 kadm5_config_params *realm_params, 239 unsigned long struct_version, 240 unsigned long api_version, 241 void **server_handle) 242 { 243 krb5_context context; 244 kadm5_ret_t ret; 245 kadm5_server_context *ctx; 246 247 ret = krb5_init_context(&context); 248 if (ret) 249 return ret; 250 ret = kadm5_s_init_with_creds_ctx(context, 251 client_name, 252 ccache, 253 service_name, 254 realm_params, 255 struct_version, 256 api_version, 257 server_handle); 258 if(ret){ 259 krb5_free_context(context); 260 return ret; 261 } 262 ctx = *server_handle; 263 ctx->my_context = 1; 264 return 0; 265 } 266