17c478bd9Sstevel@tonic-gate /*
27c64d375Smp153739 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
37c478bd9Sstevel@tonic-gate * Use is subject to license terms.
47c478bd9Sstevel@tonic-gate */
57c478bd9Sstevel@tonic-gate
67c478bd9Sstevel@tonic-gate
77c478bd9Sstevel@tonic-gate /*
87c478bd9Sstevel@tonic-gate * kdc/main.c
97c478bd9Sstevel@tonic-gate *
107c478bd9Sstevel@tonic-gate * Copyright 1990,2001 by the Massachusetts Institute of Technology.
117c478bd9Sstevel@tonic-gate *
127c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may
137c478bd9Sstevel@tonic-gate * require a specific license from the United States Government.
147c478bd9Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating
157c478bd9Sstevel@tonic-gate * export to obtain such a license before exporting.
167c478bd9Sstevel@tonic-gate *
177c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
187c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and
197c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright
207c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and
217c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that
227c478bd9Sstevel@tonic-gate * the name of M.I.T. not be used in advertising or publicity pertaining
237c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior
247c478bd9Sstevel@tonic-gate * permission. Furthermore if you modify this software you must label
257c478bd9Sstevel@tonic-gate * your software as modified software and not distribute it in such a
267c478bd9Sstevel@tonic-gate * fashion that it might be confused with the original M.I.T. software.
277c478bd9Sstevel@tonic-gate * M.I.T. makes no representations about the suitability of
287c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express
297c478bd9Sstevel@tonic-gate * or implied warranty.
307c478bd9Sstevel@tonic-gate *
317c478bd9Sstevel@tonic-gate *
327c478bd9Sstevel@tonic-gate * Main procedure body for the KDC server process.
337c478bd9Sstevel@tonic-gate */
347c478bd9Sstevel@tonic-gate
357c478bd9Sstevel@tonic-gate #include <stdio.h>
367c478bd9Sstevel@tonic-gate #include <syslog.h>
377c478bd9Sstevel@tonic-gate #include <signal.h>
387c478bd9Sstevel@tonic-gate #include <errno.h>
397c478bd9Sstevel@tonic-gate #include <netdb.h>
407c478bd9Sstevel@tonic-gate
417c478bd9Sstevel@tonic-gate #include "k5-int.h"
427c478bd9Sstevel@tonic-gate #include "com_err.h"
437c478bd9Sstevel@tonic-gate #include "adm.h"
447c478bd9Sstevel@tonic-gate #include "adm_proto.h"
457c478bd9Sstevel@tonic-gate #include "kdc_util.h"
467c478bd9Sstevel@tonic-gate #include "extern.h"
477c478bd9Sstevel@tonic-gate #include "kdc5_err.h"
487c478bd9Sstevel@tonic-gate #include <libintl.h>
497c478bd9Sstevel@tonic-gate #include <locale.h>
507c478bd9Sstevel@tonic-gate
517c478bd9Sstevel@tonic-gate #ifdef HAVE_NETINET_IN_H
527c478bd9Sstevel@tonic-gate #include <netinet/in.h>
537c478bd9Sstevel@tonic-gate #endif
547c478bd9Sstevel@tonic-gate
5556a424ccSmp153739 #ifdef KRB5_KRB4_COMPAT
5656a424ccSmp153739 #include <des.h>
5756a424ccSmp153739 #endif
5856a424ccSmp153739
5956a424ccSmp153739 #if defined(NEED_DAEMON_PROTO)
6056a424ccSmp153739 extern int daemon(int, int);
6156a424ccSmp153739 #endif
627c478bd9Sstevel@tonic-gate
63505d05c7Sgtb void usage (char *);
647c478bd9Sstevel@tonic-gate
65505d05c7Sgtb krb5_sigtype request_exit (int);
66505d05c7Sgtb krb5_sigtype request_hup (int);
677c478bd9Sstevel@tonic-gate
68505d05c7Sgtb void setup_signal_handlers (void);
697c478bd9Sstevel@tonic-gate
70505d05c7Sgtb krb5_error_code setup_sam (void);
717c478bd9Sstevel@tonic-gate
72505d05c7Sgtb void initialize_realms (krb5_context, int, char **);
737c478bd9Sstevel@tonic-gate
74505d05c7Sgtb void finish_realms (char *);
757c478bd9Sstevel@tonic-gate
767c478bd9Sstevel@tonic-gate static int nofork = 0;
777c478bd9Sstevel@tonic-gate static int rkey_init_done = 0;
787c478bd9Sstevel@tonic-gate
797c478bd9Sstevel@tonic-gate /* Solaris Kerberos: global here that other functions access */
807c478bd9Sstevel@tonic-gate int max_tcp_data_connections;
817c478bd9Sstevel@tonic-gate
827c478bd9Sstevel@tonic-gate #ifdef POSIX_SIGNALS
837c478bd9Sstevel@tonic-gate static struct sigaction s_action;
847c478bd9Sstevel@tonic-gate #endif /* POSIX_SIGNALS */
857c478bd9Sstevel@tonic-gate
867c478bd9Sstevel@tonic-gate #define KRB5_KDC_MAX_REALMS 32
877c478bd9Sstevel@tonic-gate
887c478bd9Sstevel@tonic-gate /*
897c478bd9Sstevel@tonic-gate * Find the realm entry for a given realm.
907c478bd9Sstevel@tonic-gate */
917c478bd9Sstevel@tonic-gate kdc_realm_t *
find_realm_data(char * rname,krb5_ui_4 rsize)9256a424ccSmp153739 find_realm_data(char *rname, krb5_ui_4 rsize)
937c478bd9Sstevel@tonic-gate {
947c478bd9Sstevel@tonic-gate int i;
957c478bd9Sstevel@tonic-gate for (i=0; i<kdc_numrealms; i++) {
967c478bd9Sstevel@tonic-gate if ((rsize == strlen(kdc_realmlist[i]->realm_name)) &&
977c478bd9Sstevel@tonic-gate !strncmp(rname, kdc_realmlist[i]->realm_name, rsize))
987c478bd9Sstevel@tonic-gate return(kdc_realmlist[i]);
997c478bd9Sstevel@tonic-gate }
1007c478bd9Sstevel@tonic-gate return((kdc_realm_t *) NULL);
1017c478bd9Sstevel@tonic-gate }
1027c478bd9Sstevel@tonic-gate
1037c478bd9Sstevel@tonic-gate krb5_error_code
setup_server_realm(krb5_principal sprinc)10456a424ccSmp153739 setup_server_realm(krb5_principal sprinc)
1057c478bd9Sstevel@tonic-gate {
1067c478bd9Sstevel@tonic-gate krb5_error_code kret;
1077c478bd9Sstevel@tonic-gate kdc_realm_t *newrealm;
1087c478bd9Sstevel@tonic-gate
1097c478bd9Sstevel@tonic-gate kret = 0;
1107c478bd9Sstevel@tonic-gate if (kdc_numrealms > 1) {
1117c478bd9Sstevel@tonic-gate if (!(newrealm = find_realm_data(sprinc->realm.data,
1127c478bd9Sstevel@tonic-gate (krb5_ui_4) sprinc->realm.length)))
1137c478bd9Sstevel@tonic-gate kret = ENOENT;
1147c478bd9Sstevel@tonic-gate else
1157c478bd9Sstevel@tonic-gate kdc_active_realm = newrealm;
1167c478bd9Sstevel@tonic-gate }
1177c478bd9Sstevel@tonic-gate else
1187c478bd9Sstevel@tonic-gate kdc_active_realm = kdc_realmlist[0];
1197c478bd9Sstevel@tonic-gate return(kret);
1207c478bd9Sstevel@tonic-gate }
1217c478bd9Sstevel@tonic-gate
1227c478bd9Sstevel@tonic-gate static void
finish_realm(kdc_realm_t * rdp)12356a424ccSmp153739 finish_realm(kdc_realm_t *rdp)
1247c478bd9Sstevel@tonic-gate {
1257c478bd9Sstevel@tonic-gate if (rdp->realm_dbname)
1267c478bd9Sstevel@tonic-gate free(rdp->realm_dbname);
1277c478bd9Sstevel@tonic-gate if (rdp->realm_mpname)
1287c478bd9Sstevel@tonic-gate free(rdp->realm_mpname);
1297c478bd9Sstevel@tonic-gate if (rdp->realm_stash)
1307c478bd9Sstevel@tonic-gate free(rdp->realm_stash);
1317c478bd9Sstevel@tonic-gate if (rdp->realm_ports)
1327c478bd9Sstevel@tonic-gate free(rdp->realm_ports);
1337c478bd9Sstevel@tonic-gate if (rdp->realm_tcp_ports)
1347c478bd9Sstevel@tonic-gate free(rdp->realm_tcp_ports);
1357c478bd9Sstevel@tonic-gate if (rdp->realm_keytab)
1367c478bd9Sstevel@tonic-gate krb5_kt_close(rdp->realm_context, rdp->realm_keytab);
1377c478bd9Sstevel@tonic-gate if (rdp->realm_context) {
1387c478bd9Sstevel@tonic-gate if (rdp->realm_mprinc)
1397c478bd9Sstevel@tonic-gate krb5_free_principal(rdp->realm_context, rdp->realm_mprinc);
1407c478bd9Sstevel@tonic-gate if (rdp->realm_mkey.length && rdp->realm_mkey.contents) {
1417c478bd9Sstevel@tonic-gate memset(rdp->realm_mkey.contents, 0, rdp->realm_mkey.length);
1427c478bd9Sstevel@tonic-gate free(rdp->realm_mkey.contents);
1437c478bd9Sstevel@tonic-gate }
1447c478bd9Sstevel@tonic-gate krb5_db_fini(rdp->realm_context);
1457c478bd9Sstevel@tonic-gate if (rdp->realm_tgsprinc)
1467c478bd9Sstevel@tonic-gate krb5_free_principal(rdp->realm_context, rdp->realm_tgsprinc);
1477c478bd9Sstevel@tonic-gate krb5_free_context(rdp->realm_context);
1487c478bd9Sstevel@tonic-gate }
14956a424ccSmp153739 memset((char *) rdp, 0, sizeof(*rdp));
1507c478bd9Sstevel@tonic-gate free(rdp);
1517c478bd9Sstevel@tonic-gate }
1527c478bd9Sstevel@tonic-gate
1537c478bd9Sstevel@tonic-gate /*
1547c478bd9Sstevel@tonic-gate * Initialize a realm control structure from the alternate profile or from
1557c478bd9Sstevel@tonic-gate * the specified defaults.
1567c478bd9Sstevel@tonic-gate *
1577c478bd9Sstevel@tonic-gate * After we're complete here, the essence of the realm is embodied in the
1587c478bd9Sstevel@tonic-gate * realm data and we should be all set to begin operation for that realm.
1597c478bd9Sstevel@tonic-gate */
1607c478bd9Sstevel@tonic-gate static krb5_error_code
init_realm(krb5_context kcontext,char * progname,kdc_realm_t * rdp,char * realm,char * def_mpname,krb5_enctype def_enctype,char * def_udp_ports,char * def_tcp_ports,krb5_boolean def_manual,char ** db_args)1617c64d375Smp153739 init_realm(krb5_context kcontext, char *progname, kdc_realm_t *rdp, char *realm,
16256a424ccSmp153739 char *def_mpname, krb5_enctype def_enctype, char *def_udp_ports,
16354925bf6Swillf char *def_tcp_ports, krb5_boolean def_manual, char **db_args)
1647c478bd9Sstevel@tonic-gate {
1657c478bd9Sstevel@tonic-gate krb5_error_code kret;
1667c478bd9Sstevel@tonic-gate krb5_boolean manual;
1677c478bd9Sstevel@tonic-gate krb5_realm_params *rparams;
1687c478bd9Sstevel@tonic-gate
1697c478bd9Sstevel@tonic-gate memset((char *) rdp, 0, sizeof(kdc_realm_t));
1707c478bd9Sstevel@tonic-gate if (!realm) {
1717c478bd9Sstevel@tonic-gate kret = EINVAL;
1727c478bd9Sstevel@tonic-gate goto whoops;
1737c478bd9Sstevel@tonic-gate }
1747c478bd9Sstevel@tonic-gate
1757c478bd9Sstevel@tonic-gate rdp->realm_name = realm;
17654925bf6Swillf kret = krb5int_init_context_kdc(&rdp->realm_context);
1777c478bd9Sstevel@tonic-gate if (kret) {
1787c478bd9Sstevel@tonic-gate com_err(progname, kret, gettext("while getting context for realm %s"),
1797c478bd9Sstevel@tonic-gate realm);
1807c478bd9Sstevel@tonic-gate goto whoops;
1817c478bd9Sstevel@tonic-gate }
1827c478bd9Sstevel@tonic-gate
1837c64d375Smp153739 /*
1847c64d375Smp153739 * Solaris Kerberos:
1857c64d375Smp153739 * Set the current context to that of the realm being init'ed
1867c64d375Smp153739 */
1877c64d375Smp153739 krb5_klog_set_context(rdp->realm_context);
1887c64d375Smp153739
1897c478bd9Sstevel@tonic-gate kret = krb5_read_realm_params(rdp->realm_context, rdp->realm_name,
190*159d09a2SMark Phalan &rparams);
1917c478bd9Sstevel@tonic-gate if (kret) {
1927c478bd9Sstevel@tonic-gate com_err(progname, kret, gettext("while reading realm parameters"));
1937c478bd9Sstevel@tonic-gate goto whoops;
1947c478bd9Sstevel@tonic-gate }
1957c478bd9Sstevel@tonic-gate
1967c478bd9Sstevel@tonic-gate /* Handle profile file name */
1977c478bd9Sstevel@tonic-gate if (rparams && rparams->realm_profile)
1987c478bd9Sstevel@tonic-gate rdp->realm_profile = strdup(rparams->realm_profile);
1997c478bd9Sstevel@tonic-gate
2007c478bd9Sstevel@tonic-gate /* Handle master key name */
2017c478bd9Sstevel@tonic-gate if (rparams && rparams->realm_mkey_name)
2027c478bd9Sstevel@tonic-gate rdp->realm_mpname = strdup(rparams->realm_mkey_name);
2037c478bd9Sstevel@tonic-gate else
2047c478bd9Sstevel@tonic-gate rdp->realm_mpname = (def_mpname) ? strdup(def_mpname) :
2057c478bd9Sstevel@tonic-gate strdup(KRB5_KDB_M_NAME);
2067c478bd9Sstevel@tonic-gate
2077c478bd9Sstevel@tonic-gate /* Handle KDC ports */
2087c478bd9Sstevel@tonic-gate if (rparams && rparams->realm_kdc_ports)
2097c478bd9Sstevel@tonic-gate rdp->realm_ports = strdup(rparams->realm_kdc_ports);
2107c478bd9Sstevel@tonic-gate else
2117c478bd9Sstevel@tonic-gate rdp->realm_ports = strdup(def_udp_ports);
2127c478bd9Sstevel@tonic-gate if (rparams && rparams->realm_kdc_tcp_ports)
2137c478bd9Sstevel@tonic-gate rdp->realm_tcp_ports = strdup(rparams->realm_kdc_tcp_ports);
2147c478bd9Sstevel@tonic-gate else
2157c478bd9Sstevel@tonic-gate rdp->realm_tcp_ports = strdup(def_tcp_ports);
2167c478bd9Sstevel@tonic-gate
2177c478bd9Sstevel@tonic-gate /* Handle stash file */
2187c478bd9Sstevel@tonic-gate if (rparams && rparams->realm_stash_file) {
2197c478bd9Sstevel@tonic-gate rdp->realm_stash = strdup(rparams->realm_stash_file);
2207c478bd9Sstevel@tonic-gate manual = FALSE;
2217c478bd9Sstevel@tonic-gate } else
2227c478bd9Sstevel@tonic-gate manual = def_manual;
2237c478bd9Sstevel@tonic-gate
2247c478bd9Sstevel@tonic-gate /* Handle master key type */
2257c478bd9Sstevel@tonic-gate if (rparams && rparams->realm_enctype_valid)
2267c478bd9Sstevel@tonic-gate rdp->realm_mkey.enctype = (krb5_enctype) rparams->realm_enctype;
2277c478bd9Sstevel@tonic-gate else
2287c478bd9Sstevel@tonic-gate rdp->realm_mkey.enctype = manual ? def_enctype : ENCTYPE_UNKNOWN;
22956a424ccSmp153739
23056a424ccSmp153739 /* Handle reject-bad-transit flag */
23156a424ccSmp153739 if (rparams && rparams->realm_reject_bad_transit_valid)
23256a424ccSmp153739 rdp->realm_reject_bad_transit = rparams->realm_reject_bad_transit;
23356a424ccSmp153739 else
23456a424ccSmp153739 rdp->realm_reject_bad_transit = 1;
2357c478bd9Sstevel@tonic-gate
2367c478bd9Sstevel@tonic-gate /* Handle ticket maximum life */
23756a424ccSmp153739 rdp->realm_maxlife = (rparams && rparams->realm_max_life_valid) ?
23856a424ccSmp153739 rparams->realm_max_life : KRB5_KDB_MAX_LIFE;
2397c478bd9Sstevel@tonic-gate
2407c478bd9Sstevel@tonic-gate /* Handle ticket renewable maximum life */
24156a424ccSmp153739 rdp->realm_maxrlife = (rparams && rparams->realm_max_rlife_valid) ?
24256a424ccSmp153739 rparams->realm_max_rlife : KRB5_KDB_MAX_RLIFE;
2437c478bd9Sstevel@tonic-gate
2447c478bd9Sstevel@tonic-gate if (rparams)
2457c478bd9Sstevel@tonic-gate krb5_free_realm_params(rdp->realm_context, rparams);
2467c478bd9Sstevel@tonic-gate
2477c478bd9Sstevel@tonic-gate /*
2487c478bd9Sstevel@tonic-gate * We've got our parameters, now go and setup our realm context.
2497c478bd9Sstevel@tonic-gate */
2507c478bd9Sstevel@tonic-gate
2517c478bd9Sstevel@tonic-gate /* Set the default realm of this context */
2527c478bd9Sstevel@tonic-gate if ((kret = krb5_set_default_realm(rdp->realm_context, realm))) {
2537c478bd9Sstevel@tonic-gate com_err(progname, kret, gettext("while setting default realm to %s"),
2547c478bd9Sstevel@tonic-gate realm);
2557c478bd9Sstevel@tonic-gate goto whoops;
2567c478bd9Sstevel@tonic-gate }
2577c478bd9Sstevel@tonic-gate
25854925bf6Swillf /* first open the database before doing anything */
25954925bf6Swillf #ifdef KRBCONF_KDC_MODIFIES_KDB
26054925bf6Swillf if ((kret = krb5_db_open(rdp->realm_context, db_args,
26154925bf6Swillf KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_KDC))) {
26254925bf6Swillf #else
26354925bf6Swillf if ((kret = krb5_db_open(rdp->realm_context, db_args,
26454925bf6Swillf KRB5_KDB_OPEN_RO | KRB5_KDB_SRV_TYPE_KDC))) {
26554925bf6Swillf #endif
2667c64d375Smp153739 /*
2677c64d375Smp153739 * Solaris Kerberos:
2687c64d375Smp153739 * Make sure that error messages are printed using gettext
2697c64d375Smp153739 */
27054925bf6Swillf com_err(progname, kret,
2717c64d375Smp153739 gettext("while initializing database for realm %s"), realm);
27254925bf6Swillf goto whoops;
27354925bf6Swillf }
27454925bf6Swillf
2757c478bd9Sstevel@tonic-gate /* Assemble and parse the master key name */
2767c478bd9Sstevel@tonic-gate if ((kret = krb5_db_setup_mkey_name(rdp->realm_context, rdp->realm_mpname,
2777c478bd9Sstevel@tonic-gate rdp->realm_name, (char **) NULL,
2787c478bd9Sstevel@tonic-gate &rdp->realm_mprinc))) {
2797c478bd9Sstevel@tonic-gate com_err(progname, kret,
2807c478bd9Sstevel@tonic-gate gettext("while setting up master key name %s for realm %s"),
2817c478bd9Sstevel@tonic-gate rdp->realm_mpname, realm);
2827c478bd9Sstevel@tonic-gate goto whoops;
2837c478bd9Sstevel@tonic-gate }
2847c478bd9Sstevel@tonic-gate
2857c478bd9Sstevel@tonic-gate /*
2867c478bd9Sstevel@tonic-gate * Get the master key.
2877c478bd9Sstevel@tonic-gate */
2887c478bd9Sstevel@tonic-gate if ((kret = krb5_db_fetch_mkey(rdp->realm_context, rdp->realm_mprinc,
2897c478bd9Sstevel@tonic-gate rdp->realm_mkey.enctype, manual,
2907c478bd9Sstevel@tonic-gate FALSE, rdp->realm_stash,
2917c478bd9Sstevel@tonic-gate 0, &rdp->realm_mkey))) {
2927c478bd9Sstevel@tonic-gate com_err(progname, kret,
2937c478bd9Sstevel@tonic-gate gettext("while fetching master key %s for realm %s"),
2947c478bd9Sstevel@tonic-gate rdp->realm_mpname, realm);
2957c478bd9Sstevel@tonic-gate goto whoops;
2967c478bd9Sstevel@tonic-gate }
2977c478bd9Sstevel@tonic-gate
2987c478bd9Sstevel@tonic-gate /* Verify the master key */
2997c478bd9Sstevel@tonic-gate if ((kret = krb5_db_verify_master_key(rdp->realm_context,
3007c478bd9Sstevel@tonic-gate rdp->realm_mprinc,
3017c478bd9Sstevel@tonic-gate &rdp->realm_mkey))) {
3027c478bd9Sstevel@tonic-gate com_err(progname, kret,
3037c478bd9Sstevel@tonic-gate gettext("while verifying master key for realm %s"),
3047c478bd9Sstevel@tonic-gate realm);
3057c478bd9Sstevel@tonic-gate goto whoops;
3067c478bd9Sstevel@tonic-gate }
3077c478bd9Sstevel@tonic-gate
3087c478bd9Sstevel@tonic-gate if ((kret = krb5_db_set_mkey(rdp->realm_context, &rdp->realm_mkey))) {
3097c478bd9Sstevel@tonic-gate com_err(progname, kret,
3107c478bd9Sstevel@tonic-gate gettext("while processing master key for realm %s"),
3117c478bd9Sstevel@tonic-gate realm);
3127c478bd9Sstevel@tonic-gate goto whoops;
3137c478bd9Sstevel@tonic-gate }
3147c478bd9Sstevel@tonic-gate
3157c478bd9Sstevel@tonic-gate /* Set up the keytab */
31656a424ccSmp153739 if ((kret = krb5_ktkdb_resolve(rdp->realm_context, NULL,
3177c478bd9Sstevel@tonic-gate &rdp->realm_keytab))) {
3187c478bd9Sstevel@tonic-gate com_err(progname, kret,
3197c478bd9Sstevel@tonic-gate gettext("while resolving kdb keytab for realm %s"),
3207c478bd9Sstevel@tonic-gate realm);
3217c478bd9Sstevel@tonic-gate goto whoops;
3227c478bd9Sstevel@tonic-gate }
3237c478bd9Sstevel@tonic-gate
3247c478bd9Sstevel@tonic-gate /* Preformat the TGS name */
3257c478bd9Sstevel@tonic-gate if ((kret = krb5_build_principal(rdp->realm_context, &rdp->realm_tgsprinc,
3267c478bd9Sstevel@tonic-gate strlen(realm), realm, KRB5_TGS_NAME,
3277c478bd9Sstevel@tonic-gate realm, (char *) NULL))) {
3287c478bd9Sstevel@tonic-gate com_err(progname, kret,
3297c478bd9Sstevel@tonic-gate gettext("while building TGS name for realm %s"),
3307c478bd9Sstevel@tonic-gate realm);
3317c478bd9Sstevel@tonic-gate goto whoops;
3327c478bd9Sstevel@tonic-gate }
3337c478bd9Sstevel@tonic-gate
3347c478bd9Sstevel@tonic-gate if (!rkey_init_done) {
3357c478bd9Sstevel@tonic-gate krb5_data seed;
3367c478bd9Sstevel@tonic-gate #ifdef KRB5_KRB4_COMPAT
3377c478bd9Sstevel@tonic-gate krb5_keyblock temp_key;
3387c478bd9Sstevel@tonic-gate #endif
3397c478bd9Sstevel@tonic-gate /*
3407c478bd9Sstevel@tonic-gate * If all that worked, then initialize the random key
3417c478bd9Sstevel@tonic-gate * generators.
3427c478bd9Sstevel@tonic-gate */
3437c478bd9Sstevel@tonic-gate
3447c478bd9Sstevel@tonic-gate seed.length = rdp->realm_mkey.length;
3457c478bd9Sstevel@tonic-gate seed.data = (char *)rdp->realm_mkey.contents;
34656a424ccSmp153739 /* SUNW14resync - XXX */
34756a424ccSmp153739 #if 0
34856a424ccSmp153739 if ((kret = krb5_c_random_add_entropy(rdp->realm_context,
34956a424ccSmp153739 KRB5_C_RANDSOURCE_TRUSTEDPARTY, &seed)))
3507c478bd9Sstevel@tonic-gate goto whoops;
35156a424ccSmp153739 #endif
3527c478bd9Sstevel@tonic-gate
3537c478bd9Sstevel@tonic-gate #ifdef KRB5_KRB4_COMPAT
3547c478bd9Sstevel@tonic-gate if ((kret = krb5_c_make_random_key(rdp->realm_context,
3557c478bd9Sstevel@tonic-gate ENCTYPE_DES_CBC_CRC, &temp_key))) {
3567c478bd9Sstevel@tonic-gate com_err(progname, kret,
3577c478bd9Sstevel@tonic-gate "while initializing V4 random key generator");
3587c478bd9Sstevel@tonic-gate goto whoops;
3597c478bd9Sstevel@tonic-gate }
3607c478bd9Sstevel@tonic-gate
3617c478bd9Sstevel@tonic-gate (void) des_init_random_number_generator(temp_key.contents);
3627c478bd9Sstevel@tonic-gate krb5_free_keyblock_contents(rdp->realm_context, &temp_key);
3637c478bd9Sstevel@tonic-gate #endif
3647c478bd9Sstevel@tonic-gate rkey_init_done = 1;
3657c478bd9Sstevel@tonic-gate }
3667c478bd9Sstevel@tonic-gate whoops:
3677c478bd9Sstevel@tonic-gate /*
3687c478bd9Sstevel@tonic-gate * If we choked, then clean up any dirt we may have dropped on the floor.
3697c478bd9Sstevel@tonic-gate */
3707c478bd9Sstevel@tonic-gate if (kret) {
37156a424ccSmp153739
3727c478bd9Sstevel@tonic-gate finish_realm(rdp);
3737c478bd9Sstevel@tonic-gate }
3747c64d375Smp153739
3757c64d375Smp153739 /*
3767c64d375Smp153739 * Solaris Kerberos:
3777c64d375Smp153739 * Set the current context back to the general context
3787c64d375Smp153739 */
3797c64d375Smp153739 krb5_klog_set_context(kcontext);
3807c64d375Smp153739
3817c478bd9Sstevel@tonic-gate return(kret);
3827c478bd9Sstevel@tonic-gate }
3837c478bd9Sstevel@tonic-gate
3847c478bd9Sstevel@tonic-gate krb5_sigtype
38556a424ccSmp153739 request_exit(int signo)
3867c478bd9Sstevel@tonic-gate {
3877c478bd9Sstevel@tonic-gate signal_requests_exit = 1;
3887c478bd9Sstevel@tonic-gate
3897c478bd9Sstevel@tonic-gate #ifdef POSIX_SIGTYPE
3907c478bd9Sstevel@tonic-gate return;
3917c478bd9Sstevel@tonic-gate #else
3927c478bd9Sstevel@tonic-gate return(0);
3937c478bd9Sstevel@tonic-gate #endif
3947c478bd9Sstevel@tonic-gate }
3957c478bd9Sstevel@tonic-gate
3967c478bd9Sstevel@tonic-gate krb5_sigtype
39756a424ccSmp153739 request_hup(int signo)
3987c478bd9Sstevel@tonic-gate {
3997c478bd9Sstevel@tonic-gate signal_requests_hup = 1;
4007c478bd9Sstevel@tonic-gate
4017c478bd9Sstevel@tonic-gate #ifdef POSIX_SIGTYPE
4027c478bd9Sstevel@tonic-gate return;
4037c478bd9Sstevel@tonic-gate #else
4047c478bd9Sstevel@tonic-gate return(0);
4057c478bd9Sstevel@tonic-gate #endif
4067c478bd9Sstevel@tonic-gate }
4077c478bd9Sstevel@tonic-gate
4087c478bd9Sstevel@tonic-gate void
40956a424ccSmp153739 setup_signal_handlers(void)
4107c478bd9Sstevel@tonic-gate {
4117c478bd9Sstevel@tonic-gate #ifdef POSIX_SIGNALS
4127c478bd9Sstevel@tonic-gate (void) sigemptyset(&s_action.sa_mask);
4137c478bd9Sstevel@tonic-gate s_action.sa_flags = 0;
4147c478bd9Sstevel@tonic-gate s_action.sa_handler = request_exit;
4157c478bd9Sstevel@tonic-gate (void) sigaction(SIGINT, &s_action, (struct sigaction *) NULL);
4167c478bd9Sstevel@tonic-gate (void) sigaction(SIGTERM, &s_action, (struct sigaction *) NULL);
4177c478bd9Sstevel@tonic-gate s_action.sa_handler = request_hup;
4187c478bd9Sstevel@tonic-gate (void) sigaction(SIGHUP, &s_action, (struct sigaction *) NULL);
41954925bf6Swillf s_action.sa_handler = SIG_IGN;
42054925bf6Swillf (void) sigaction(SIGPIPE, &s_action, (struct sigaction *) NULL);
4217c478bd9Sstevel@tonic-gate #else /* POSIX_SIGNALS */
4227c478bd9Sstevel@tonic-gate signal(SIGINT, request_exit);
4237c478bd9Sstevel@tonic-gate signal(SIGTERM, request_exit);
4247c478bd9Sstevel@tonic-gate signal(SIGHUP, request_hup);
42554925bf6Swillf signal(SIGPIPE, SIG_IGN);
4267c478bd9Sstevel@tonic-gate #endif /* POSIX_SIGNALS */
4277c478bd9Sstevel@tonic-gate
4287c478bd9Sstevel@tonic-gate return;
4297c478bd9Sstevel@tonic-gate }
4307c478bd9Sstevel@tonic-gate
4317c478bd9Sstevel@tonic-gate krb5_error_code
43256a424ccSmp153739 setup_sam(void)
4337c478bd9Sstevel@tonic-gate {
4347c478bd9Sstevel@tonic-gate return krb5_c_make_random_key(kdc_context, ENCTYPE_DES_CBC_MD5, &psr_key);
4357c478bd9Sstevel@tonic-gate }
4367c478bd9Sstevel@tonic-gate
4377c478bd9Sstevel@tonic-gate void
43856a424ccSmp153739 usage(char *name)
4397c478bd9Sstevel@tonic-gate {
4407c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("usage: %s [-d dbpathname] [-r dbrealmname] [-R replaycachename ]\n\t[-m] [-k masterenctype] [-M masterkeyname] [-p port] [-n]\n"), name);
44154925bf6Swillf fprintf(stderr, "usage: %s [-x db_args]* [-d dbpathname] [-r dbrealmname] [-R replaycachename ]\n\t[-m] [-k masterenctype] [-M masterkeyname] [-p port] [-X] [-n]\n"
44254925bf6Swillf "\nwhere,\n\t[-x db_args]* - any number of database specific arguments.\n"
44354925bf6Swillf "\t\t\tLook at each database documentation for supported arguments\n",
44454925bf6Swillf name);
4457c478bd9Sstevel@tonic-gate return;
4467c478bd9Sstevel@tonic-gate }
4477c478bd9Sstevel@tonic-gate
4487c478bd9Sstevel@tonic-gate void
44956a424ccSmp153739 initialize_realms(krb5_context kcontext, int argc, char **argv)
4507c478bd9Sstevel@tonic-gate {
4517c478bd9Sstevel@tonic-gate int c;
4527c478bd9Sstevel@tonic-gate char *db_name = (char *) NULL;
4537c478bd9Sstevel@tonic-gate char *mkey_name = (char *) NULL;
4547c478bd9Sstevel@tonic-gate char *rcname = KDCRCACHE;
4557c64d375Smp153739 char *lrealm = NULL;
4567c478bd9Sstevel@tonic-gate krb5_error_code retval;
4577c478bd9Sstevel@tonic-gate krb5_enctype menctype = ENCTYPE_UNKNOWN;
4587c478bd9Sstevel@tonic-gate kdc_realm_t *rdatap;
4597c478bd9Sstevel@tonic-gate krb5_boolean manual = FALSE;
4607c478bd9Sstevel@tonic-gate char *default_udp_ports = 0;
4617c478bd9Sstevel@tonic-gate char *default_tcp_ports = 0;
4627c478bd9Sstevel@tonic-gate krb5_pointer aprof;
4637c478bd9Sstevel@tonic-gate const char *hierarchy[3];
46454925bf6Swillf char **db_args = NULL;
46554925bf6Swillf int db_args_size = 0;
46654925bf6Swillf
4677c478bd9Sstevel@tonic-gate #ifdef KRB5_KRB4_COMPAT
4687c478bd9Sstevel@tonic-gate char *v4mode = 0;
4697c478bd9Sstevel@tonic-gate #endif
4707c478bd9Sstevel@tonic-gate extern char *optarg;
4717c478bd9Sstevel@tonic-gate
4727c478bd9Sstevel@tonic-gate if (!krb5_aprof_init(DEFAULT_KDC_PROFILE, KDC_PROFILE_ENV, &aprof)) {
4737c478bd9Sstevel@tonic-gate hierarchy[0] = "kdcdefaults";
4747c478bd9Sstevel@tonic-gate hierarchy[1] = "kdc_ports";
4757c478bd9Sstevel@tonic-gate hierarchy[2] = (char *) NULL;
4767c478bd9Sstevel@tonic-gate if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &default_udp_ports))
4777c478bd9Sstevel@tonic-gate default_udp_ports = 0;
4787c478bd9Sstevel@tonic-gate hierarchy[1] = "kdc_tcp_ports";
4797c478bd9Sstevel@tonic-gate if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &default_tcp_ports))
4807c478bd9Sstevel@tonic-gate default_tcp_ports = 0;
4817c478bd9Sstevel@tonic-gate hierarchy[1] = "kdc_max_tcp_connections";
4827c478bd9Sstevel@tonic-gate if (krb5_aprof_get_int32(aprof, hierarchy, TRUE,
4837c478bd9Sstevel@tonic-gate &max_tcp_data_connections)) {
4847c478bd9Sstevel@tonic-gate max_tcp_data_connections = DEFAULT_KDC_TCP_CONNECTIONS;
4857c478bd9Sstevel@tonic-gate } else if (max_tcp_data_connections < MIN_KDC_TCP_CONNECTIONS) {
4867c478bd9Sstevel@tonic-gate max_tcp_data_connections = DEFAULT_KDC_TCP_CONNECTIONS;
4877c478bd9Sstevel@tonic-gate }
4887c478bd9Sstevel@tonic-gate #ifdef KRB5_KRB4_COMPAT
4897c478bd9Sstevel@tonic-gate hierarchy[1] = "v4_mode";
4907c478bd9Sstevel@tonic-gate if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &v4mode))
4917c478bd9Sstevel@tonic-gate v4mode = 0;
4927c478bd9Sstevel@tonic-gate #endif
4937c478bd9Sstevel@tonic-gate /* aprof_init can return 0 with aprof == NULL */
4947c478bd9Sstevel@tonic-gate if (aprof)
4957c478bd9Sstevel@tonic-gate krb5_aprof_finish(aprof);
4967c478bd9Sstevel@tonic-gate }
4977c478bd9Sstevel@tonic-gate if (default_udp_ports == 0)
4987c478bd9Sstevel@tonic-gate default_udp_ports = strdup(DEFAULT_KDC_UDP_PORTLIST);
4997c478bd9Sstevel@tonic-gate if (default_tcp_ports == 0)
5007c478bd9Sstevel@tonic-gate default_tcp_ports = strdup(DEFAULT_KDC_TCP_PORTLIST);
5017c478bd9Sstevel@tonic-gate /*
5027c478bd9Sstevel@tonic-gate * Loop through the option list. Each time we encounter a realm name,
5037c478bd9Sstevel@tonic-gate * use the previously scanned options to fill in for defaults.
5047c478bd9Sstevel@tonic-gate */
50554925bf6Swillf while ((c = getopt(argc, argv, "x:r:d:mM:k:R:e:p:s:n4:X3")) != -1) {
5067c478bd9Sstevel@tonic-gate switch(c) {
50754925bf6Swillf case 'x':
50854925bf6Swillf db_args_size++;
50954925bf6Swillf {
51054925bf6Swillf char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */
51154925bf6Swillf if( temp == NULL )
51254925bf6Swillf {
5137c64d375Smp153739 /* Solaris Kerberos: Keep error messages consistent */
5147c64d375Smp153739 com_err(argv[0], errno, gettext("while initializing KDC"));
51554925bf6Swillf exit(1);
51654925bf6Swillf }
51754925bf6Swillf
51854925bf6Swillf db_args = temp;
51954925bf6Swillf }
52054925bf6Swillf db_args[db_args_size-1] = optarg;
52154925bf6Swillf db_args[db_args_size] = NULL;
52254925bf6Swillf break;
52354925bf6Swillf
5247c478bd9Sstevel@tonic-gate case 'r': /* realm name for db */
5257c478bd9Sstevel@tonic-gate if (!find_realm_data(optarg, (krb5_ui_4) strlen(optarg))) {
5267c478bd9Sstevel@tonic-gate if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) {
5277c64d375Smp153739 if ((retval = init_realm(kcontext, argv[0], rdatap, optarg,
5287c478bd9Sstevel@tonic-gate mkey_name, menctype,
5297c478bd9Sstevel@tonic-gate default_udp_ports,
53054925bf6Swillf default_tcp_ports, manual, db_args))) {
5317c64d375Smp153739 /* Solaris Kerberos: Keep error messages consistent */
5327c64d375Smp153739 com_err(argv[0], retval, gettext("while initializing realm %s"), optarg);
5337c478bd9Sstevel@tonic-gate exit(1);
5347c478bd9Sstevel@tonic-gate }
5357c478bd9Sstevel@tonic-gate kdc_realmlist[kdc_numrealms] = rdatap;
5367c478bd9Sstevel@tonic-gate kdc_numrealms++;
53754925bf6Swillf free(db_args), db_args=NULL, db_args_size = 0;
53854925bf6Swillf }
53954925bf6Swillf else
54054925bf6Swillf {
5417c64d375Smp153739 /* Solaris Kerberos: Keep error messages consistent */
5427c64d375Smp153739 com_err(argv[0], errno, gettext("while initializing realm %s"), optarg);
54354925bf6Swillf exit(1);
5447c478bd9Sstevel@tonic-gate }
5457c478bd9Sstevel@tonic-gate }
5467c478bd9Sstevel@tonic-gate break;
5477c478bd9Sstevel@tonic-gate case 'd': /* pathname for db */
54854925bf6Swillf /* now db_name is not a seperate argument. It has to be passed as part of the db_args */
54954925bf6Swillf if( db_name == NULL )
55054925bf6Swillf {
55154925bf6Swillf db_name = malloc(sizeof("dbname=") + strlen(optarg));
55254925bf6Swillf if( db_name == NULL )
55354925bf6Swillf {
5547c64d375Smp153739 /* Solaris Kerberos: Keep error messages consistent */
5557c64d375Smp153739 com_err(argv[0], errno, gettext("while initializing KDC"));
55654925bf6Swillf exit(1);
55754925bf6Swillf }
55854925bf6Swillf
55954925bf6Swillf sprintf( db_name, "dbname=%s", optarg);
56054925bf6Swillf }
56154925bf6Swillf
56254925bf6Swillf db_args_size++;
56354925bf6Swillf {
56454925bf6Swillf char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */
56554925bf6Swillf if( temp == NULL )
56654925bf6Swillf {
5677c64d375Smp153739 /* Solaris Kerberos: Keep error messages consistent */
5687c64d375Smp153739 com_err(argv[0], errno, gettext("while initializing KDC"));
56954925bf6Swillf exit(1);
57054925bf6Swillf }
57154925bf6Swillf
57254925bf6Swillf db_args = temp;
57354925bf6Swillf }
57454925bf6Swillf db_args[db_args_size-1] = db_name;
57554925bf6Swillf db_args[db_args_size] = NULL;
5767c478bd9Sstevel@tonic-gate break;
5777c478bd9Sstevel@tonic-gate case 'm': /* manual type-in of master key */
5787c478bd9Sstevel@tonic-gate manual = TRUE;
5797c478bd9Sstevel@tonic-gate if (menctype == ENCTYPE_UNKNOWN)
5807c478bd9Sstevel@tonic-gate menctype = ENCTYPE_DES_CBC_CRC;
5817c478bd9Sstevel@tonic-gate break;
5827c478bd9Sstevel@tonic-gate case 'M': /* master key name in DB */
5837c478bd9Sstevel@tonic-gate mkey_name = optarg;
5847c478bd9Sstevel@tonic-gate break;
5857c478bd9Sstevel@tonic-gate case 'n':
5867c478bd9Sstevel@tonic-gate nofork++; /* don't detach from terminal */
5877c478bd9Sstevel@tonic-gate break;
5887c478bd9Sstevel@tonic-gate case 'k': /* enctype for master key */
5897c64d375Smp153739 /* Solaris Kerberos: Keep error messages consistent */
5907c64d375Smp153739 if (retval = krb5_string_to_enctype(optarg, &menctype))
5917c64d375Smp153739 com_err(argv[0], retval,
5927c64d375Smp153739 gettext("while converting %s to an enctype"), optarg);
5937c478bd9Sstevel@tonic-gate break;
5947c478bd9Sstevel@tonic-gate case 'R':
5957c478bd9Sstevel@tonic-gate rcname = optarg;
5967c478bd9Sstevel@tonic-gate break;
5977c478bd9Sstevel@tonic-gate case 'p':
5987c478bd9Sstevel@tonic-gate if (default_udp_ports)
5997c478bd9Sstevel@tonic-gate free(default_udp_ports);
6007c478bd9Sstevel@tonic-gate default_udp_ports = strdup(optarg);
6017c478bd9Sstevel@tonic-gate
6027c478bd9Sstevel@tonic-gate if (default_tcp_ports)
6037c478bd9Sstevel@tonic-gate free(default_tcp_ports);
6047c478bd9Sstevel@tonic-gate default_tcp_ports = strdup(optarg);
6057c478bd9Sstevel@tonic-gate
6067c478bd9Sstevel@tonic-gate break;
6077c478bd9Sstevel@tonic-gate case '4':
6087c478bd9Sstevel@tonic-gate #ifdef KRB5_KRB4_COMPAT
6097c478bd9Sstevel@tonic-gate if (v4mode)
6107c478bd9Sstevel@tonic-gate free(v4mode);
6117c478bd9Sstevel@tonic-gate v4mode = strdup(optarg);
6127c478bd9Sstevel@tonic-gate #endif
6137c478bd9Sstevel@tonic-gate break;
61456a424ccSmp153739 case 'X':
61556a424ccSmp153739 #ifdef KRB5_KRB4_COMPAT
61656a424ccSmp153739 enable_v4_crossrealm(argv[0]);
6177c478bd9Sstevel@tonic-gate #endif
61856a424ccSmp153739 break;
6197c478bd9Sstevel@tonic-gate case '?':
6207c478bd9Sstevel@tonic-gate default:
6217c478bd9Sstevel@tonic-gate usage(argv[0]);
6227c478bd9Sstevel@tonic-gate exit(1);
6237c478bd9Sstevel@tonic-gate }
6247c478bd9Sstevel@tonic-gate }
6257c478bd9Sstevel@tonic-gate
6267c478bd9Sstevel@tonic-gate #ifdef KRB5_KRB4_COMPAT
6277c478bd9Sstevel@tonic-gate /*
6287c478bd9Sstevel@tonic-gate * Setup the v4 mode
6297c478bd9Sstevel@tonic-gate */
6307c478bd9Sstevel@tonic-gate process_v4_mode(argv[0], v4mode);
63154925bf6Swillf free(v4mode);
6327c478bd9Sstevel@tonic-gate #endif
6337c478bd9Sstevel@tonic-gate
6347c478bd9Sstevel@tonic-gate /*
6357c478bd9Sstevel@tonic-gate * Check to see if we processed any realms.
6367c478bd9Sstevel@tonic-gate */
6377c478bd9Sstevel@tonic-gate if (kdc_numrealms == 0) {
6387c478bd9Sstevel@tonic-gate /* no realm specified, use default realm */
6397c478bd9Sstevel@tonic-gate if ((retval = krb5_get_default_realm(kcontext, &lrealm))) {
6407c478bd9Sstevel@tonic-gate com_err(argv[0], retval,
6417c478bd9Sstevel@tonic-gate gettext("while attempting to retrieve default realm"));
6427c64d375Smp153739 /* Solaris Kerberos: avoid double logging */
6437c64d375Smp153739 #if 0
64456a424ccSmp153739 fprintf (stderr, "%s: %s, %s", argv[0], error_message (retval),
64556a424ccSmp153739 gettext("attempting to retrieve default realm\n"));
6467c64d375Smp153739 #endif
6477c478bd9Sstevel@tonic-gate exit(1);
6487c478bd9Sstevel@tonic-gate }
6497c478bd9Sstevel@tonic-gate if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) {
6507c64d375Smp153739 if ((retval = init_realm(kcontext, argv[0], rdatap, lrealm,
6517c478bd9Sstevel@tonic-gate mkey_name, menctype, default_udp_ports,
65254925bf6Swillf default_tcp_ports, manual, db_args))) {
6537c64d375Smp153739 /* Solaris Kerberos: Keep error messages consistent */
6547c64d375Smp153739 com_err(argv[0], retval, gettext("while initializing realm %s"), lrealm);
6557c478bd9Sstevel@tonic-gate exit(1);
6567c478bd9Sstevel@tonic-gate }
6577c478bd9Sstevel@tonic-gate kdc_realmlist[0] = rdatap;
6587c478bd9Sstevel@tonic-gate kdc_numrealms++;
659*159d09a2SMark Phalan } else {
660*159d09a2SMark Phalan if (lrealm)
661*159d09a2SMark Phalan free(lrealm);
6627c478bd9Sstevel@tonic-gate }
6637c478bd9Sstevel@tonic-gate }
6647c478bd9Sstevel@tonic-gate
6657c478bd9Sstevel@tonic-gate #ifdef USE_RCACHE
6667c478bd9Sstevel@tonic-gate /*
6677c478bd9Sstevel@tonic-gate * Now handle the replay cache.
6687c478bd9Sstevel@tonic-gate */
6697c478bd9Sstevel@tonic-gate if ((retval = kdc_initialize_rcache(kcontext, rcname))) {
67056a424ccSmp153739 com_err(argv[0], retval, gettext("while initializing KDC replay cache '%s'"),
67156a424ccSmp153739 rcname);
6727c478bd9Sstevel@tonic-gate exit(1);
6737c478bd9Sstevel@tonic-gate }
6747c478bd9Sstevel@tonic-gate #endif
6757c478bd9Sstevel@tonic-gate
6767c478bd9Sstevel@tonic-gate /* Ensure that this is set for our first request. */
6777c478bd9Sstevel@tonic-gate kdc_active_realm = kdc_realmlist[0];
678*159d09a2SMark Phalan
6797c478bd9Sstevel@tonic-gate if (default_udp_ports)
6807c478bd9Sstevel@tonic-gate free(default_udp_ports);
6817c478bd9Sstevel@tonic-gate if (default_tcp_ports)
6827c478bd9Sstevel@tonic-gate free(default_tcp_ports);
68354925bf6Swillf if (db_args)
68454925bf6Swillf free(db_args);
68554925bf6Swillf if (db_name)
68654925bf6Swillf free(db_name);
6877c478bd9Sstevel@tonic-gate
6887c478bd9Sstevel@tonic-gate return;
6897c478bd9Sstevel@tonic-gate }
6907c478bd9Sstevel@tonic-gate
6917c478bd9Sstevel@tonic-gate void
69256a424ccSmp153739 finish_realms(char *prog)
6937c478bd9Sstevel@tonic-gate {
6947c478bd9Sstevel@tonic-gate int i;
6957c478bd9Sstevel@tonic-gate
6967c478bd9Sstevel@tonic-gate for (i = 0; i < kdc_numrealms; i++) {
6977c478bd9Sstevel@tonic-gate finish_realm(kdc_realmlist[i]);
6987c478bd9Sstevel@tonic-gate kdc_realmlist[i] = 0;
6997c478bd9Sstevel@tonic-gate }
7007c478bd9Sstevel@tonic-gate }
7017c478bd9Sstevel@tonic-gate
7027c478bd9Sstevel@tonic-gate /*
7037c478bd9Sstevel@tonic-gate outline:
7047c478bd9Sstevel@tonic-gate
7057c478bd9Sstevel@tonic-gate process args & setup
7067c478bd9Sstevel@tonic-gate
7077c478bd9Sstevel@tonic-gate initialize database access (fetch master key, open DB)
7087c478bd9Sstevel@tonic-gate
7097c478bd9Sstevel@tonic-gate initialize network
7107c478bd9Sstevel@tonic-gate
7117c478bd9Sstevel@tonic-gate loop:
7127c478bd9Sstevel@tonic-gate listen for packet
7137c478bd9Sstevel@tonic-gate
7147c478bd9Sstevel@tonic-gate determine packet type, dispatch to handling routine
7157c478bd9Sstevel@tonic-gate (AS or TGS (or V4?))
7167c478bd9Sstevel@tonic-gate
7177c478bd9Sstevel@tonic-gate reflect response
7187c478bd9Sstevel@tonic-gate
7197c478bd9Sstevel@tonic-gate exit on signal
7207c478bd9Sstevel@tonic-gate
7217c478bd9Sstevel@tonic-gate clean up secrets, close db
7227c478bd9Sstevel@tonic-gate
7237c478bd9Sstevel@tonic-gate shut down network
7247c478bd9Sstevel@tonic-gate
7257c478bd9Sstevel@tonic-gate exit
7267c478bd9Sstevel@tonic-gate */
7277c478bd9Sstevel@tonic-gate
72856a424ccSmp153739 int main(int argc, char **argv)
7297c478bd9Sstevel@tonic-gate {
7307c478bd9Sstevel@tonic-gate krb5_error_code retval;
7317c478bd9Sstevel@tonic-gate krb5_context kcontext;
7327c478bd9Sstevel@tonic-gate int errout = 0;
7337c478bd9Sstevel@tonic-gate
7347c64d375Smp153739 krb5_boolean log_stderr_set;
7357c64d375Smp153739
7367c478bd9Sstevel@tonic-gate (void) setlocale(LC_ALL, "");
7377c478bd9Sstevel@tonic-gate
7387c478bd9Sstevel@tonic-gate #if !defined(TEXT_DOMAIN) /* Should be defined by cc -D */
7397c478bd9Sstevel@tonic-gate #define TEXT_DOMAIN "KRB5KDC_TEST" /* Use this only if it weren't */
7407c478bd9Sstevel@tonic-gate #endif
7417c478bd9Sstevel@tonic-gate
7427c478bd9Sstevel@tonic-gate (void) textdomain(TEXT_DOMAIN);
7437c478bd9Sstevel@tonic-gate
7447c478bd9Sstevel@tonic-gate if (strrchr(argv[0], '/'))
7457c478bd9Sstevel@tonic-gate argv[0] = strrchr(argv[0], '/')+1;
7467c478bd9Sstevel@tonic-gate
7477c478bd9Sstevel@tonic-gate if (!(kdc_realmlist = (kdc_realm_t **) malloc(sizeof(kdc_realm_t *) *
7487c478bd9Sstevel@tonic-gate KRB5_KDC_MAX_REALMS))) {
7497c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("%s: cannot get memory for realm list\n"), argv[0]);
7507c478bd9Sstevel@tonic-gate exit(1);
7517c478bd9Sstevel@tonic-gate }
7527c478bd9Sstevel@tonic-gate memset((char *) kdc_realmlist, 0,
7537c478bd9Sstevel@tonic-gate (size_t) (sizeof(kdc_realm_t *) * KRB5_KDC_MAX_REALMS));
7547c478bd9Sstevel@tonic-gate
7557c478bd9Sstevel@tonic-gate /*
7567c478bd9Sstevel@tonic-gate * A note about Kerberos contexts: This context, "kcontext", is used
7577c478bd9Sstevel@tonic-gate * for the KDC operations, i.e. setup, network connection and error
7587c478bd9Sstevel@tonic-gate * reporting. The per-realm operations use the "realm_context"
7597c478bd9Sstevel@tonic-gate * associated with each realm.
7607c478bd9Sstevel@tonic-gate */
76154925bf6Swillf retval = krb5int_init_context_kdc(&kcontext);
7627c478bd9Sstevel@tonic-gate if (retval) {
7637c478bd9Sstevel@tonic-gate com_err(argv[0], retval, gettext("while initializing krb5"));
7647c478bd9Sstevel@tonic-gate exit(1);
7657c478bd9Sstevel@tonic-gate }
7667c478bd9Sstevel@tonic-gate krb5_klog_init(kcontext, "kdc", argv[0], 1);
7677c64d375Smp153739
7687c64d375Smp153739 /*
7697c64d375Smp153739 * Solaris Kerberos:
7707c64d375Smp153739 * In the early stages of krb5kdc it is desirable to log error messages
7717c64d375Smp153739 * to stderr as well as any other logging locations specified in config
7727c64d375Smp153739 * files.
7737c64d375Smp153739 */
7747c64d375Smp153739 log_stderr_set = krb5_klog_logging_to_stderr();
7757c64d375Smp153739 if (log_stderr_set != TRUE) {
7767c64d375Smp153739 krb5_klog_add_stderr();
7777c64d375Smp153739 }
7787c64d375Smp153739
7797c478bd9Sstevel@tonic-gate /* initialize_kdc5_error_table(); SUNWresync121 XXX */
7807c478bd9Sstevel@tonic-gate
7817c478bd9Sstevel@tonic-gate /*
7827c478bd9Sstevel@tonic-gate * Scan through the argument list
7837c478bd9Sstevel@tonic-gate */
7847c478bd9Sstevel@tonic-gate initialize_realms(kcontext, argc, argv);
7857c478bd9Sstevel@tonic-gate
7867c478bd9Sstevel@tonic-gate setup_signal_handlers();
7877c478bd9Sstevel@tonic-gate
788*159d09a2SMark Phalan load_preauth_plugins(kcontext);
789*159d09a2SMark Phalan
79056a424ccSmp153739 retval = setup_sam();
79156a424ccSmp153739 if (retval) {
7927c478bd9Sstevel@tonic-gate com_err(argv[0], retval, gettext("while initializing SAM"));
7937c478bd9Sstevel@tonic-gate finish_realms(argv[0]);
7947c478bd9Sstevel@tonic-gate return 1;
7957c478bd9Sstevel@tonic-gate }
7967c478bd9Sstevel@tonic-gate
7977c478bd9Sstevel@tonic-gate if ((retval = setup_network(argv[0]))) {
7987c478bd9Sstevel@tonic-gate com_err(argv[0], retval, gettext("while initializing network"));
7997c478bd9Sstevel@tonic-gate finish_realms(argv[0]);
8007c478bd9Sstevel@tonic-gate return 1;
8017c478bd9Sstevel@tonic-gate }
8027c64d375Smp153739
8037c64d375Smp153739 /* Solaris Kerberos: Remove the extra stderr logging */
8047c64d375Smp153739 if (log_stderr_set != TRUE)
8057c64d375Smp153739 krb5_klog_remove_stderr();
8067c64d375Smp153739
8077c64d375Smp153739 /*
8087c64d375Smp153739 * Solaris Kerberos:
8097c64d375Smp153739 * List the logs (FILE, STDERR, etc) which are currently being
8107c64d375Smp153739 * logged to and print that to stderr. Useful when trying to
8117c64d375Smp153739 * track down a failure via SMF.
8127c64d375Smp153739 */
8137c64d375Smp153739 if (retval = krb5_klog_list_logs(argv[0])) {
8147c64d375Smp153739 com_err(argv[0], retval, gettext("while listing logs"));
8157c64d375Smp153739 if (log_stderr_set != TRUE) {
8167c64d375Smp153739 fprintf(stderr, gettext("%s: %s while listing logs\n"),
8177c64d375Smp153739 argv[0], error_message(retval));
8187c64d375Smp153739 }
8197c64d375Smp153739 }
8207c64d375Smp153739
8217c478bd9Sstevel@tonic-gate if (!nofork && daemon(0, 0)) {
8227c478bd9Sstevel@tonic-gate com_err(argv[0], errno, gettext("while detaching from tty"));
8237c64d375Smp153739 if (log_stderr_set != TRUE) {
8247c64d375Smp153739 fprintf(stderr, gettext("%s: %s while detaching from tty\n"),
8257c64d375Smp153739 argv[0], strerror(errno));
8267c64d375Smp153739 }
8277c478bd9Sstevel@tonic-gate finish_realms(argv[0]);
8287c478bd9Sstevel@tonic-gate return 1;
8297c478bd9Sstevel@tonic-gate }
8307c478bd9Sstevel@tonic-gate if (retval = krb5_klog_syslog(LOG_INFO, "commencing operation")) {
8317c478bd9Sstevel@tonic-gate com_err(argv[0], retval, gettext("while logging message"));
8327c478bd9Sstevel@tonic-gate errout++;
8337c478bd9Sstevel@tonic-gate };
8347c478bd9Sstevel@tonic-gate
8357c478bd9Sstevel@tonic-gate if ((retval = listen_and_process(argv[0]))) {
8367c478bd9Sstevel@tonic-gate com_err(argv[0], retval, gettext("while processing network requests"));
8377c478bd9Sstevel@tonic-gate errout++;
8387c478bd9Sstevel@tonic-gate }
8397c478bd9Sstevel@tonic-gate if ((retval = closedown_network(argv[0]))) {
8407c478bd9Sstevel@tonic-gate com_err(argv[0], retval, gettext("while shutting down network"));
8417c478bd9Sstevel@tonic-gate errout++;
8427c478bd9Sstevel@tonic-gate }
8437c478bd9Sstevel@tonic-gate krb5_klog_syslog(LOG_INFO, "shutting down");
844*159d09a2SMark Phalan unload_preauth_plugins(kcontext);
8457c478bd9Sstevel@tonic-gate krb5_klog_close(kdc_context);
8467c478bd9Sstevel@tonic-gate finish_realms(argv[0]);
84756a424ccSmp153739 if (kdc_realmlist)
84856a424ccSmp153739 free(kdc_realmlist);
84956a424ccSmp153739 #ifdef USE_RCACHE
85056a424ccSmp153739 (void) krb5_rc_close(kcontext, kdc_rcache);
85156a424ccSmp153739 #endif
85256a424ccSmp153739 #ifndef NOCACHE
85356a424ccSmp153739 kdc_free_lookaside(kcontext);
85456a424ccSmp153739 #endif
8557c478bd9Sstevel@tonic-gate krb5_free_context(kcontext);
8567c478bd9Sstevel@tonic-gate return errout;
8577c478bd9Sstevel@tonic-gate }
85856a424ccSmp153739
85956a424ccSmp153739
86056a424ccSmp153739
86156a424ccSmp153739
862