1 /* 2 * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #include "kadmin_locl.h" 35 36 static char *check_library = NULL; 37 static char *check_function = NULL; 38 static getarg_strings policy_libraries = { 0, NULL }; 39 static char *config_file; 40 static char sHDB[] = "HDB:"; 41 static char *keytab_str = sHDB; 42 static int help_flag; 43 static int version_flag; 44 static int debug_flag; 45 static char *port_str; 46 char *realm; 47 48 static struct getargs args[] = { 49 { 50 "config-file", 'c', arg_string, &config_file, 51 "location of config file", "file" 52 }, 53 { 54 "keytab", 0, arg_string, &keytab_str, 55 "what keytab to use", "keytab" 56 }, 57 { "realm", 'r', arg_string, &realm, 58 "realm to use", "realm" 59 }, 60 #ifdef HAVE_DLOPEN 61 { "check-library", 0, arg_string, &check_library, 62 "library to load password check function from", "library" }, 63 { "check-function", 0, arg_string, &check_function, 64 "password check function to load", "function" }, 65 { "policy-libraries", 0, arg_strings, &policy_libraries, 66 "password check function to load", "function" }, 67 #endif 68 { "debug", 'd', arg_flag, &debug_flag, 69 "enable debugging", NULL 70 }, 71 { "ports", 'p', arg_string, &port_str, 72 "ports to listen to", "port" }, 73 { "help", 'h', arg_flag, &help_flag, NULL, NULL }, 74 { "version", 'v', arg_flag, &version_flag, NULL, NULL } 75 }; 76 77 static int num_args = sizeof(args) / sizeof(args[0]); 78 79 krb5_context context; 80 81 static void 82 usage(int ret) 83 { 84 arg_printusage (args, num_args, NULL, ""); 85 exit (ret); 86 } 87 88 int 89 main(int argc, char **argv) 90 { 91 krb5_error_code ret; 92 char **files; 93 int optidx = 0; 94 int i; 95 krb5_log_facility *logfacility; 96 krb5_keytab keytab; 97 krb5_socket_t sfd = rk_INVALID_SOCKET; 98 99 setprogname(argv[0]); 100 101 ret = krb5_init_context(&context); 102 if (ret) 103 errx (1, "krb5_init_context failed: %d", ret); 104 105 if (getarg(args, num_args, argc, argv, &optidx)) { 106 warnx("error at argument `%s'", argv[optidx]); 107 usage(1); 108 } 109 110 if (help_flag) 111 usage (0); 112 113 if (version_flag) { 114 print_version(NULL); 115 exit(0); 116 } 117 118 argc -= optidx; 119 argv += optidx; 120 121 if (config_file == NULL) { 122 asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context)); 123 if (config_file == NULL) 124 errx(1, "out of memory"); 125 } 126 127 ret = krb5_prepend_config_files_default(config_file, &files); 128 if (ret) 129 krb5_err(context, 1, ret, "getting configuration files"); 130 131 ret = krb5_set_config_files(context, files); 132 krb5_free_config_files(files); 133 if(ret) 134 krb5_err(context, 1, ret, "reading configuration files"); 135 136 ret = krb5_openlog(context, "kadmind", &logfacility); 137 if (ret) 138 krb5_err(context, 1, ret, "krb5_openlog"); 139 ret = krb5_set_warn_dest(context, logfacility); 140 if (ret) 141 krb5_err(context, 1, ret, "krb5_set_warn_dest"); 142 143 ret = krb5_kt_register(context, &hdb_kt_ops); 144 if(ret) 145 krb5_err(context, 1, ret, "krb5_kt_register"); 146 147 ret = krb5_kt_resolve(context, keytab_str, &keytab); 148 if(ret) 149 krb5_err(context, 1, ret, "krb5_kt_resolve"); 150 151 kadm5_setup_passwd_quality_check (context, check_library, check_function); 152 153 for (i = 0; i < policy_libraries.num_strings; i++) { 154 ret = kadm5_add_passwd_quality_verifier(context, 155 policy_libraries.strings[i]); 156 if (ret) 157 krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); 158 } 159 ret = kadm5_add_passwd_quality_verifier(context, NULL); 160 if (ret) 161 krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); 162 163 if(debug_flag) { 164 int debug_port; 165 166 if(port_str == NULL) 167 debug_port = krb5_getportbyname (context, "kerberos-adm", 168 "tcp", 749); 169 else 170 debug_port = htons(atoi(port_str)); 171 mini_inetd(debug_port, &sfd); 172 } else { 173 #ifdef _WIN32 174 pidfile(NULL); 175 start_server(context, port_str); 176 #else 177 struct sockaddr_storage __ss; 178 struct sockaddr *sa = (struct sockaddr *)&__ss; 179 socklen_t sa_size = sizeof(__ss); 180 181 /* 182 * Check if we are running inside inetd or not, if not, start 183 * our own server. 184 */ 185 186 if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 && 187 rk_SOCK_ERRNO == ENOTSOCK) { 188 pidfile(NULL); 189 start_server(context, port_str); 190 } 191 #endif /* _WIN32 */ 192 sfd = STDIN_FILENO; 193 } 194 195 if(realm) 196 krb5_set_default_realm(context, realm); /* XXX */ 197 198 kadmind_loop(context, keytab, sfd); 199 200 return 0; 201 } 202