1 /* 2 * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #include "krb5_locl.h" 35 #include <getarg.h> 36 #include <parse_bytes.h> 37 #include <err.h> 38 RCSID("$Id: verify_krb5_conf.c,v 1.7 2001/09/03 05:42:35 assar Exp $"); 39 40 /* verify krb5.conf */ 41 42 static int version_flag = 0; 43 static int help_flag = 0; 44 45 static struct getargs args[] = { 46 {"version", 0, arg_flag, &version_flag, 47 "print version", NULL }, 48 {"help", 0, arg_flag, &help_flag, 49 NULL, NULL } 50 }; 51 52 static void 53 usage (int ret) 54 { 55 arg_printusage (args, 56 sizeof(args)/sizeof(*args), 57 NULL, 58 "[config-file]"); 59 exit (ret); 60 } 61 62 static int 63 check_bytes(krb5_context context, const char *path, char *data) 64 { 65 if(parse_bytes(data, NULL) == -1) { 66 krb5_warnx(context, "%s: failed to parse \"%s\" as size", path, data); 67 return 1; 68 } 69 return 0; 70 } 71 72 static int 73 check_time(krb5_context context, const char *path, char *data) 74 { 75 if(parse_time(data, NULL) == -1) { 76 krb5_warnx(context, "%s: failed to parse \"%s\" as time", path, data); 77 return 1; 78 } 79 return 0; 80 } 81 82 static int 83 check_numeric(krb5_context context, const char *path, char *data) 84 { 85 long int v; 86 char *end; 87 v = strtol(data, &end, 0); 88 if(*end != '\0') { 89 krb5_warnx(context, "%s: failed to parse \"%s\" as a number", 90 path, data); 91 return 1; 92 } 93 return 0; 94 } 95 96 static int 97 check_boolean(krb5_context context, const char *path, char *data) 98 { 99 long int v; 100 char *end; 101 if(strcasecmp(data, "yes") == 0 || 102 strcasecmp(data, "true") == 0 || 103 strcasecmp(data, "no") == 0 || 104 strcasecmp(data, "false") == 0) 105 return 0; 106 v = strtol(data, &end, 0); 107 if(*end != '\0') { 108 krb5_warnx(context, "%s: failed to parse \"%s\" as a boolean", 109 path, data); 110 return 1; 111 } 112 return 0; 113 } 114 115 static int 116 check_host(krb5_context context, const char *path, char *data) 117 { 118 int ret; 119 char hostname[128]; 120 const char *p = data; 121 struct addrinfo *ai; 122 /* XXX data could be a list of hosts that this code can't handle */ 123 /* XXX copied from krbhst.c */ 124 if(strncmp(p, "http://", 7) == 0){ 125 p += 7; 126 } else if(strncmp(p, "http/", 5) == 0) { 127 p += 5; 128 }else if(strncmp(p, "tcp/", 4) == 0){ 129 p += 4; 130 } else if(strncmp(p, "udp/", 4) == 0) { 131 p += 4; 132 } 133 if(strsep_copy(&p, ":", hostname, sizeof(hostname)) < 0) { 134 return 1; 135 } 136 hostname[strcspn(hostname, "/")] = '\0'; 137 ret = getaddrinfo(hostname, "telnet" /* XXX */, NULL, &ai); 138 if(ret != 0) { 139 if(ret == EAI_NODATA) 140 krb5_warnx(context, "%s: host not found (%s)", path, hostname); 141 else 142 krb5_warnx(context, "%s: %s (%s)", path, gai_strerror(ret), hostname); 143 return 1; 144 } 145 return 0; 146 } 147 148 typedef int (*check_func_t)(krb5_context, const char*, char*); 149 struct entry { 150 const char *name; 151 int type; 152 void *check_data; 153 }; 154 155 struct entry all_strings[] = { 156 { "", krb5_config_string, NULL }, 157 { NULL } 158 }; 159 160 struct entry v4_name_convert_entries[] = { 161 { "host", krb5_config_list, all_strings }, 162 { "plain", krb5_config_list, all_strings }, 163 { NULL } 164 }; 165 166 struct entry libdefaults_entries[] = { 167 { "accept_null_addresses", krb5_config_string, check_boolean }, 168 { "capath", krb5_config_list, all_strings }, 169 { "clockskew", krb5_config_string, check_time }, 170 { "date_format", krb5_config_string, NULL }, 171 { "default_etypes", krb5_config_string, NULL }, 172 { "default_etypes_des", krb5_config_string, NULL }, 173 { "default_keytab_modify_name", krb5_config_string, NULL }, 174 { "default_keytab_name", krb5_config_string, NULL }, 175 { "default_realm", krb5_config_string, NULL }, 176 { "dns_proxy", krb5_config_string, NULL }, 177 { "egd_socket", krb5_config_string, NULL }, 178 { "encrypt", krb5_config_string, check_boolean }, 179 { "extra_addresses", krb5_config_string, NULL }, 180 { "fcache_version", krb5_config_string, check_numeric }, 181 { "forward", krb5_config_string, check_boolean }, 182 { "forwardable", krb5_config_string, check_boolean }, 183 { "http_proxy", krb5_config_string, check_host /* XXX */ }, 184 { "ignore_addresses", krb5_config_string, NULL }, 185 { "kdc_timeout", krb5_config_string, check_time }, 186 { "kdc_timesync", krb5_config_string, check_boolean }, 187 { "krb4_get_tickets", krb5_config_string, check_boolean }, 188 { "log_utc", krb5_config_string, check_boolean }, 189 { "maxretries", krb5_config_string, check_numeric }, 190 { "scan_interfaces", krb5_config_string, check_boolean }, 191 { "srv_lookup", krb5_config_string, check_boolean }, 192 { "srv_try_txt", krb5_config_string, check_boolean }, 193 { "ticket_lifetime", krb5_config_string, check_time }, 194 { "time_format", krb5_config_string, NULL }, 195 { "transited_realms_reject", krb5_config_string, NULL }, 196 { "v4_instance_resolve", krb5_config_string, check_boolean }, 197 { "v4_name_convert", krb5_config_list, v4_name_convert_entries }, 198 { "verify_ap_req_nofail", krb5_config_string, check_boolean }, 199 { NULL } 200 }; 201 202 struct entry appdefaults_entries[] = { 203 { "forwardable", krb5_config_string, check_boolean }, 204 { "proxiable", krb5_config_string, check_boolean }, 205 { "ticket_lifetime", krb5_config_string, check_time }, 206 { "renew_lifetime", krb5_config_string, check_time }, 207 { "no-addresses", krb5_config_string, check_boolean }, 208 #if 0 209 { "anonymous", krb5_config_string, check_boolean }, 210 #endif 211 { "", krb5_config_list, appdefaults_entries }, 212 { NULL } 213 }; 214 215 struct entry realms_entries[] = { 216 { "forwardable", krb5_config_string, check_boolean }, 217 { "proxiable", krb5_config_string, check_boolean }, 218 { "ticket_lifetime", krb5_config_string, check_time }, 219 { "renew_lifetime", krb5_config_string, check_time }, 220 { "warn_pwexpire", krb5_config_string, check_time }, 221 { "kdc", krb5_config_string, check_host }, 222 { "admin_server", krb5_config_string, check_host }, 223 { "kpasswd_server", krb5_config_string, check_host }, 224 { "krb524_server", krb5_config_string, check_host }, 225 { "v4_name_convert", krb5_config_list, v4_name_convert_entries }, 226 { "v4_instance_convert", krb5_config_list, all_strings }, 227 { "v4_domains", krb5_config_string, NULL }, 228 { "default_domain", krb5_config_string, NULL }, 229 { NULL } 230 }; 231 232 struct entry realms_foobar[] = { 233 { "", krb5_config_list, realms_entries }, 234 { NULL } 235 }; 236 237 238 struct entry kdc_database_entries[] = { 239 { "realm", krb5_config_string, NULL }, 240 { "dbname", krb5_config_string, NULL }, 241 { "mkey_file", krb5_config_string, NULL }, 242 { NULL } 243 }; 244 245 struct entry kdc_entries[] = { 246 { "database", krb5_config_list, kdc_database_entries }, 247 { "key-file", krb5_config_string, NULL }, 248 { "logging", krb5_config_string, NULL }, 249 { "max-request", krb5_config_string, check_bytes }, 250 { "require-preauth", krb5_config_string, check_boolean }, 251 { "ports", krb5_config_string, NULL }, 252 { "addresses", krb5_config_string, NULL }, 253 { "enable-kerberos4", krb5_config_string, check_boolean }, 254 { "enable-524", krb5_config_string, check_boolean }, 255 { "enable-http", krb5_config_string, check_boolean }, 256 { "check_ticket-addresses", krb5_config_string, check_boolean }, 257 { "allow-null-addresses", krb5_config_string, check_boolean }, 258 { "allow-anonymous", krb5_config_string, check_boolean }, 259 { "v4_realm", krb5_config_string, NULL }, 260 { "enable-kaserver", krb5_config_string, check_boolean }, 261 { "encode_as_rep_as_tgs_rep", krb5_config_string, check_boolean }, 262 { "kdc_warn_pwexpire", krb5_config_string, check_time }, 263 { NULL } 264 }; 265 266 struct entry kadmin_entries[] = { 267 { "password_lifetime", krb5_config_string, check_time }, 268 { "default_keys", krb5_config_string, NULL }, 269 { "use_v4_salt", krb5_config_string, NULL }, 270 { NULL } 271 }; 272 struct entry toplevel_sections[] = { 273 { "libdefaults" , krb5_config_list, libdefaults_entries }, 274 { "realms", krb5_config_list, realms_foobar }, 275 { "domain_realm", krb5_config_list, all_strings }, 276 { "logging", krb5_config_list, all_strings }, 277 { "kdc", krb5_config_list, kdc_entries }, 278 { "kadmin", krb5_config_list, kadmin_entries }, 279 { "appdefaults", krb5_config_list, appdefaults_entries }, 280 { NULL } 281 }; 282 283 284 static int 285 check_section(krb5_context context, const char *path, krb5_config_section *cf, 286 struct entry *entries) 287 { 288 int error = 0; 289 krb5_config_section *p; 290 struct entry *e; 291 292 char *local; 293 294 for(p = cf; p != NULL; p = p->next) { 295 asprintf(&local, "%s/%s", path, p->name); 296 for(e = entries; e->name != NULL; e++) { 297 if(*e->name == '\0' || strcmp(e->name, p->name) == 0) { 298 if(e->type != p->type) { 299 krb5_warnx(context, "%s: unknown or wrong type", local); 300 error |= 1; 301 } else if(p->type == krb5_config_string && e->check_data != NULL) { 302 error |= (*(check_func_t)e->check_data)(context, local, p->u.string); 303 } else if(p->type == krb5_config_list && e->check_data != NULL) { 304 error |= check_section(context, local, p->u.list, e->check_data); 305 } 306 break; 307 } 308 } 309 if(e->name == NULL) { 310 krb5_warnx(context, "%s: unknown entry", local); 311 error |= 1; 312 } 313 free(local); 314 } 315 return error; 316 } 317 318 319 int 320 main(int argc, char **argv) 321 { 322 krb5_context context; 323 const char *config_file = NULL; 324 krb5_error_code ret; 325 krb5_config_section *tmp_cf; 326 int optind = 0; 327 328 setprogname (argv[0]); 329 330 ret = krb5_init_context(&context); 331 if (ret) 332 errx (1, "krb5_init_context failed"); 333 334 if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) 335 usage(1); 336 337 if (help_flag) 338 usage (0); 339 340 if(version_flag){ 341 print_version(NULL); 342 exit(0); 343 } 344 345 argc -= optind; 346 argv += optind; 347 348 if (argc == 0) { 349 config_file = getenv("KRB5_CONFIG"); 350 if (config_file == NULL) 351 config_file = krb5_config_file; 352 } else if (argc == 1) { 353 config_file = argv[0]; 354 } else { 355 usage (1); 356 } 357 358 ret = krb5_config_parse_file (context, config_file, &tmp_cf); 359 if (ret != 0) { 360 krb5_warn (context, ret, "krb5_config_parse_file"); 361 return 1; 362 } 363 364 return check_section(context, "", tmp_cf, toplevel_sections); 365 } 366