Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/heimdal/kdc/hpropd.c
34869 views
1
/*

2
 * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan

3
 * (Royal Institute of Technology, Stockholm, Sweden).

4
 * All rights reserved.

5
 *

6
 * Redistribution and use in source and binary forms, with or without

7
 * modification, are permitted provided that the following conditions

8
 * are met:

9
 *

10
 * 1. Redistributions of source code must retain the above copyright

11
 *    notice, this list of conditions and the following disclaimer.

12
 *

13
 * 2. Redistributions in binary form must reproduce the above copyright

14
 *    notice, this list of conditions and the following disclaimer in the

15
 *    documentation and/or other materials provided with the distribution.

16
 *

17
 * 3. Neither the name of the Institute nor the names of its contributors

18
 *    may be used to endorse or promote products derived from this software

19
 *    without specific prior written permission.

20
 *

21
 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND

22
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

23
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

24
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE

25
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

26
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

27
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

28
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

29
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

30
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

31
 * SUCH DAMAGE.

32
 */

33


34
#include "hprop.h"

35


36
static int inetd_flag = -1;

37
static int help_flag;

38
static int version_flag;

39
static int print_dump;

40
static const char *database;

41
static int from_stdin;

42
static char *local_realm;

43
static char *ktname = NULL;

44


45
struct getargs args[] = {

46
    { "database", 'd', arg_string, rk_UNCONST(&database), "database", "file" },

47
    { "stdin",    'n', arg_flag, &from_stdin, "read from stdin", NULL },

48
    { "print",	    0, arg_flag, &print_dump, "print dump to stdout", NULL },

49
#ifdef SUPPORT_INETD

50
    { "inetd",	   'i',	arg_negative_flag,	&inetd_flag,

51
      "Not started from inetd", NULL },

52
#endif

53
    { "keytab",   'k',	arg_string, &ktname,	"keytab to use for authentication", "keytab" },

54
    { "realm",   'r',	arg_string, &local_realm, "realm to use", NULL },

55
    { "version",    0, arg_flag, &version_flag, NULL, NULL },

56
    { "help",    'h',  arg_flag, &help_flag, NULL, NULL}

57
};

58


59
static int num_args = sizeof(args) / sizeof(args[0]);

60
static char unparseable_name[] = "unparseable name";

61


62
static void

63
usage(int ret)

64
{

65
    arg_printusage (args, num_args, NULL, "");

66
    exit (ret);

67
}

68


69
int

70
main(int argc, char **argv)

71
{

72
    krb5_error_code ret;

73
    krb5_context context;

74
    krb5_auth_context ac = NULL;

75
    krb5_principal c1, c2;

76
    krb5_authenticator authent;

77
    krb5_keytab keytab;

78
    krb5_socket_t sock = rk_INVALID_SOCKET;

79
    HDB *db = NULL;

80
    int optidx = 0;

81
    char *tmp_db;

82
    krb5_log_facility *fac;

83
    int nprincs;

84


85
    setprogname(argv[0]);

86


87
    ret = krb5_init_context(&context);

88
    if(ret)

89
	exit(1);

90


91
    ret = krb5_openlog(context, "hpropd", &fac);

92
    if(ret)

93
	errx(1, "krb5_openlog");

94
    krb5_set_warn_dest(context, fac);

95


96
    if(getarg(args, num_args, argc, argv, &optidx))

97
	usage(1);

98


99
    if(local_realm != NULL)

100
	krb5_set_default_realm(context, local_realm);

101


102
    if(help_flag)

103
	usage(0);

104
    if(version_flag) {

105
	print_version(NULL);

106
	exit(0);

107
    }

108


109
    argc -= optidx;

110
#ifndef __clang_analyzer__

111
    argv += optidx;

112
#endif

113


114
    if (argc != 0)

115
	usage(1);

116


117
    if (database == NULL)

118
	database = hdb_default_db(context);

119


120
    if(from_stdin) {

121
	sock = STDIN_FILENO;

122
    } else {

123
	struct sockaddr_storage ss;

124
	struct sockaddr *sa = (struct sockaddr *)&ss;

125
	socklen_t sin_len = sizeof(ss);

126
	char addr_name[256];

127
	krb5_ticket *ticket;

128
	char *server;

129


130
        memset(&ss, 0, sizeof(ss));

131
	sock = STDIN_FILENO;

132
#ifdef SUPPORT_INETD

133
	if (inetd_flag == -1) {

134
	    if (getpeername (sock, sa, &sin_len) < 0) {

135
		inetd_flag = 0;

136
	    } else {

137
		inetd_flag = 1;

138
	    }

139
	}

140
#else

141
	inetd_flag = 0;

142
#endif

143
	if (!inetd_flag) {

144
	    mini_inetd (krb5_getportbyname (context, "hprop", "tcp",

145
					    HPROP_PORT), &sock);

146
	}

147
	sin_len = sizeof(ss);

148
	if(getpeername(sock, sa, &sin_len) < 0)

149
	    krb5_err(context, 1, errno, "getpeername");

150


151
	if (inet_ntop(sa->sa_family,

152
		      socket_get_address (sa),

153
		      addr_name,

154
		      sizeof(addr_name)) == NULL)

155
	    strlcpy (addr_name, "unknown address",

156
		     sizeof(addr_name));

157


158
	krb5_log(context, fac, 0, "Connection from %s", addr_name);

159


160
	ret = krb5_kt_register(context, &hdb_kt_ops);

161
	if(ret)

162
	    krb5_err(context, 1, ret, "krb5_kt_register");

163


164
	if (ktname != NULL) {

165
	    ret = krb5_kt_resolve(context, ktname, &keytab);

166
	    if (ret)

167
		krb5_err (context, 1, ret, "krb5_kt_resolve %s", ktname);

168
	} else {

169
	    ret = krb5_kt_default (context, &keytab);

170
	    if (ret)

171
		krb5_err (context, 1, ret, "krb5_kt_default");

172
	}

173


174
	ret = krb5_recvauth(context, &ac, &sock, HPROP_VERSION, NULL,

175
			    0, keytab, &ticket);

176
	if(ret)

177
	    krb5_err(context, 1, ret, "krb5_recvauth");

178


179
	ret = krb5_unparse_name(context, ticket->server, &server);

180
	if (ret)

181
	    krb5_err(context, 1, ret, "krb5_unparse_name");

182
	if (strncmp(server, "hprop/", 5) != 0)

183
	    krb5_errx(context, 1, "ticket not for hprop (%s)", server);

184


185
	free(server);

186
	krb5_free_ticket (context, ticket);

187


188
	ret = krb5_auth_con_getauthenticator(context, ac, &authent);

189
	if(ret)

190
	    krb5_err(context, 1, ret, "krb5_auth_con_getauthenticator");

191


192
	ret = krb5_make_principal(context, &c1, NULL, "kadmin", "hprop", NULL);

193
	if(ret)

194
	    krb5_err(context, 1, ret, "krb5_make_principal");

195
	_krb5_principalname2krb5_principal(context, &c2,

196
					   authent->cname, authent->crealm);

197
	if(!krb5_principal_compare(context, c1, c2)) {

198
	    char *s;

199
	    ret = krb5_unparse_name(context, c2, &s);

200
	    if (ret)

201
		s = unparseable_name;

202
	    krb5_errx(context, 1, "Unauthorized connection from %s", s);

203
	}

204
	krb5_free_principal(context, c1);

205
	krb5_free_principal(context, c2);

206


207
	ret = krb5_kt_close(context, keytab);

208
	if(ret)

209
	    krb5_err(context, 1, ret, "krb5_kt_close");

210
    }

211


212
    if(!print_dump) {

213
	asprintf(&tmp_db, "%s~", database);

214


215
	ret = hdb_create(context, &db, tmp_db);

216
	if(ret)

217
	    krb5_err(context, 1, ret, "hdb_create(%s)", tmp_db);

218
	ret = db->hdb_open(context, db, O_RDWR | O_CREAT | O_TRUNC, 0600);

219
	if(ret)

220
	    krb5_err(context, 1, ret, "hdb_open(%s)", tmp_db);

221
    }

222


223
    nprincs = 0;

224
    while(1){

225
	krb5_data data;

226
	hdb_entry_ex entry;

227


228
	if(from_stdin) {

229
	    ret = krb5_read_message(context, &sock, &data);

230
	    if(ret != 0 && ret != HEIM_ERR_EOF)

231
		krb5_err(context, 1, ret, "krb5_read_message");

232
	} else {

233
	    ret = krb5_read_priv_message(context, ac, &sock, &data);

234
	    if(ret)

235
		krb5_err(context, 1, ret, "krb5_read_priv_message");

236
	}

237


238
	if(ret == HEIM_ERR_EOF || data.length == 0) {

239
	    if(!from_stdin) {

240
		data.data = NULL;

241
		data.length = 0;

242
		krb5_write_priv_message(context, ac, &sock, &data);

243
	    }

244
	    if(!print_dump) {

245
		ret = db->hdb_close(context, db);

246
		if(ret)

247
		    krb5_err(context, 1, ret, "db_close");

248
		ret = db->hdb_rename(context, db, database);

249
		if(ret)

250
		    krb5_err(context, 1, ret, "db_rename");

251
	    }

252
	    break;

253
	}

254
	memset(&entry, 0, sizeof(entry));

255
	ret = hdb_value2entry(context, &data, &entry.entry);

256
	krb5_data_free(&data);

257
	if(ret)

258
	    krb5_err(context, 1, ret, "hdb_value2entry");

259
	if(print_dump)

260
	    hdb_print_entry(context, db, &entry, stdout);

261
	else {

262
	    ret = db->hdb_store(context, db, 0, &entry);

263
	    if(ret == HDB_ERR_EXISTS) {

264
		char *s;

265
		ret = krb5_unparse_name(context, entry.entry.principal, &s);

266
		if (ret)

267
		    s = strdup(unparseable_name);

268
		krb5_warnx(context, "Entry exists: %s", s);

269
		free(s);

270
	    } else if(ret)

271
		krb5_err(context, 1, ret, "db_store");

272
	    else

273
		nprincs++;

274
	}

275
	hdb_free_entry(context, &entry);

276
    }

277
    if (!print_dump)

278
	krb5_log(context, fac, 0, "Received %d principals", nprincs);

279


280
    if (inetd_flag == 0)

281
	rk_closesocket(sock);

282


283
    exit(0);

284
}

285


286