1 /* 2 * Copyright (c) 1997-2006 Kungliga Tekniska H�gskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #include "hprop.h" 35 36 RCSID("$Id: hpropd.c 22245 2007-12-08 23:48:52Z lha $"); 37 38 static int inetd_flag = -1; 39 static int help_flag; 40 static int version_flag; 41 static int print_dump; 42 static const char *database; 43 static int from_stdin; 44 static char *local_realm; 45 static char *ktname = NULL; 46 47 struct getargs args[] = { 48 { "database", 'd', arg_string, &database, "database", "file" }, 49 { "stdin", 'n', arg_flag, &from_stdin, "read from stdin" }, 50 { "print", 0, arg_flag, &print_dump, "print dump to stdout" }, 51 { "inetd", 'i', arg_negative_flag, &inetd_flag, 52 "Not started from inetd" }, 53 { "keytab", 'k', arg_string, &ktname, "keytab to use for authentication", "keytab" }, 54 { "realm", 'r', arg_string, &local_realm, "realm to use" }, 55 { "version", 0, arg_flag, &version_flag, NULL, NULL }, 56 { "help", 'h', arg_flag, &help_flag, NULL, NULL} 57 }; 58 59 static int num_args = sizeof(args) / sizeof(args[0]); 60 61 static void 62 usage(int ret) 63 { 64 arg_printusage (args, num_args, NULL, ""); 65 exit (ret); 66 } 67 68 int 69 main(int argc, char **argv) 70 { 71 krb5_error_code ret; 72 krb5_context context; 73 krb5_auth_context ac = NULL; 74 krb5_principal c1, c2; 75 krb5_authenticator authent; 76 krb5_keytab keytab; 77 int fd; 78 HDB *db; 79 int optidx = 0; 80 char *tmp_db; 81 krb5_log_facility *fac; 82 int nprincs; 83 84 setprogname(argv[0]); 85 86 ret = krb5_init_context(&context); 87 if(ret) 88 exit(1); 89 90 ret = krb5_openlog(context, "hpropd", &fac); 91 if(ret) 92 ; 93 krb5_set_warn_dest(context, fac); 94 95 if(getarg(args, num_args, argc, argv, &optidx)) 96 usage(1); 97 98 if(local_realm != NULL) 99 krb5_set_default_realm(context, local_realm); 100 101 if(help_flag) 102 usage(0); 103 if(version_flag) { 104 print_version(NULL); 105 exit(0); 106 } 107 108 argc -= optidx; 109 argv += optidx; 110 111 if (argc != 0) 112 usage(1); 113 114 if (database == NULL) 115 database = hdb_default_db(context); 116 117 if(from_stdin) 118 fd = STDIN_FILENO; 119 else { 120 struct sockaddr_storage ss; 121 struct sockaddr *sa = (struct sockaddr *)&ss; 122 socklen_t sin_len = sizeof(ss); 123 char addr_name[256]; 124 krb5_ticket *ticket; 125 char *server; 126 127 fd = STDIN_FILENO; 128 if (inetd_flag == -1) { 129 if (getpeername (fd, sa, &sin_len) < 0) 130 inetd_flag = 0; 131 else 132 inetd_flag = 1; 133 } 134 if (!inetd_flag) { 135 mini_inetd (krb5_getportbyname (context, "hprop", "tcp", 136 HPROP_PORT)); 137 } 138 sin_len = sizeof(ss); 139 if(getpeername(fd, sa, &sin_len) < 0) 140 krb5_err(context, 1, errno, "getpeername"); 141 142 if (inet_ntop(sa->sa_family, 143 socket_get_address (sa), 144 addr_name, 145 sizeof(addr_name)) == NULL) 146 strlcpy (addr_name, "unknown address", 147 sizeof(addr_name)); 148 149 krb5_log(context, fac, 0, "Connection from %s", addr_name); 150 151 ret = krb5_kt_register(context, &hdb_kt_ops); 152 if(ret) 153 krb5_err(context, 1, ret, "krb5_kt_register"); 154 155 if (ktname != NULL) { 156 ret = krb5_kt_resolve(context, ktname, &keytab); 157 if (ret) 158 krb5_err (context, 1, ret, "krb5_kt_resolve %s", ktname); 159 } else { 160 ret = krb5_kt_default (context, &keytab); 161 if (ret) 162 krb5_err (context, 1, ret, "krb5_kt_default"); 163 } 164 165 ret = krb5_recvauth(context, &ac, &fd, HPROP_VERSION, NULL, 166 0, keytab, &ticket); 167 if(ret) 168 krb5_err(context, 1, ret, "krb5_recvauth"); 169 170 ret = krb5_unparse_name(context, ticket->server, &server); 171 if (ret) 172 krb5_err(context, 1, ret, "krb5_unparse_name"); 173 if (strncmp(server, "hprop/", 5) != 0) 174 krb5_errx(context, 1, "ticket not for hprop (%s)", server); 175 176 free(server); 177 krb5_free_ticket (context, ticket); 178 179 ret = krb5_auth_con_getauthenticator(context, ac, &authent); 180 if(ret) 181 krb5_err(context, 1, ret, "krb5_auth_con_getauthenticator"); 182 183 ret = krb5_make_principal(context, &c1, NULL, "kadmin", "hprop", NULL); 184 if(ret) 185 krb5_err(context, 1, ret, "krb5_make_principal"); 186 _krb5_principalname2krb5_principal(context, &c2, 187 authent->cname, authent->crealm); 188 if(!krb5_principal_compare(context, c1, c2)) { 189 char *s; 190 ret = krb5_unparse_name(context, c2, &s); 191 if (ret) 192 s = "unparseable name"; 193 krb5_errx(context, 1, "Unauthorized connection from %s", s); 194 } 195 krb5_free_principal(context, c1); 196 krb5_free_principal(context, c2); 197 198 ret = krb5_kt_close(context, keytab); 199 if(ret) 200 krb5_err(context, 1, ret, "krb5_kt_close"); 201 } 202 203 if(!print_dump) { 204 asprintf(&tmp_db, "%s~", database); 205 206 ret = hdb_create(context, &db, tmp_db); 207 if(ret) 208 krb5_err(context, 1, ret, "hdb_create(%s)", tmp_db); 209 ret = db->hdb_open(context, db, O_RDWR | O_CREAT | O_TRUNC, 0600); 210 if(ret) 211 krb5_err(context, 1, ret, "hdb_open(%s)", tmp_db); 212 } 213 214 nprincs = 0; 215 while(1){ 216 krb5_data data; 217 hdb_entry_ex entry; 218 219 if(from_stdin) { 220 ret = krb5_read_message(context, &fd, &data); 221 if(ret != 0 && ret != HEIM_ERR_EOF) 222 krb5_err(context, 1, ret, "krb5_read_message"); 223 } else { 224 ret = krb5_read_priv_message(context, ac, &fd, &data); 225 if(ret) 226 krb5_err(context, 1, ret, "krb5_read_priv_message"); 227 } 228 229 if(ret == HEIM_ERR_EOF || data.length == 0) { 230 if(!from_stdin) { 231 data.data = NULL; 232 data.length = 0; 233 krb5_write_priv_message(context, ac, &fd, &data); 234 } 235 if(!print_dump) { 236 ret = db->hdb_rename(context, db, database); 237 if(ret) 238 krb5_err(context, 1, ret, "db_rename"); 239 ret = db->hdb_close(context, db); 240 if(ret) 241 krb5_err(context, 1, ret, "db_close"); 242 } 243 break; 244 } 245 memset(&entry, 0, sizeof(entry)); 246 ret = hdb_value2entry(context, &data, &entry.entry); 247 krb5_data_free(&data); 248 if(ret) 249 krb5_err(context, 1, ret, "hdb_value2entry"); 250 if(print_dump) 251 hdb_print_entry(context, db, &entry, stdout); 252 else { 253 ret = db->hdb_store(context, db, 0, &entry); 254 if(ret == HDB_ERR_EXISTS) { 255 char *s; 256 ret = krb5_unparse_name(context, entry.entry.principal, &s); 257 if (ret) 258 s = strdup("unparseable name"); 259 krb5_warnx(context, "Entry exists: %s", s); 260 free(s); 261 } else if(ret) 262 krb5_err(context, 1, ret, "db_store"); 263 else 264 nprincs++; 265 } 266 hdb_free_entry(context, &entry); 267 } 268 if (!print_dump) 269 krb5_log(context, fac, 0, "Received %d principals", nprincs); 270 exit(0); 271 } 272