KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_krbhst_init_flags(krb5_context context,
const char *realm,
unsigned int type,
int flags,
krb5_krbhst_handle *handle)
{
struct krb5_krbhst_data *kd;
krb5_error_code (*next)(krb5_context, struct krb5_krbhst_data *,
krb5_krbhst_info **);
int def_port;
const char *service;
switch(type) {
case KRB5_KRBHST_KDC:
next = kdc_get_next;
def_port = ntohs(krb5_getportbyname (context, "kerberos", "udp", 88));
service = "kdc";
break;
case KRB5_KRBHST_ADMIN:
next = admin_get_next;
def_port = ntohs(krb5_getportbyname (context, "kerberos-adm",
"tcp", 749));
service = "admin";
break;
case KRB5_KRBHST_CHANGEPW:
next = kpasswd_get_next;
def_port = ntohs(krb5_getportbyname (context, "kpasswd", "udp",
KPASSWD_PORT));
service = "change_password";
break;
case KRB5_KRBHST_KRB524:
next = krb524_get_next;
def_port = ntohs(krb5_getportbyname (context, "krb524", "udp", 4444));
service = "524";
break;
default:
krb5_set_error_message(context, ENOTTY,
N_("unknown krbhst type (%u)", ""), type);
return ENOTTY;
}
if((kd = common_init(context, service, realm, flags)) == NULL)
return ENOMEM;
kd->get_next = next;
kd->def_port = def_port;
*handle = kd;
return 0;
}
static int
common_setup(krb5_context *context, int *argc, char **argv,
void (*usage)(int, struct getargs*, int))
{
int port = 0;
*argc = krb5_program_setup(context, *argc, argv, args, num_args, usage);
if(help_flag)
(*usage)(0, args, num_args);
if(version_flag) {
print_version(NULL);
exit(0);
}
if(port_str){
struct servent *s = roken_getservbyname(port_str, "tcp");
if(s)
port = s->s_port;
else {
char *ptr;
port = (int)strtol (port_str, &ptr, 10);
if (port == 0 && ptr == port_str)
errx (1, "Bad port `%s'", port_str);
port = htons(port);
}
}
if (port == 0)
port = krb5_getportbyname (*context, PORT, "tcp", 4711);
return port;
}
static struct krb5_krbhst_info*
parse_hostspec(krb5_context context, struct krb5_krbhst_data *kd,
const char *spec, int def_port, int port)
{
const char *p = spec, *q;
struct krb5_krbhst_info *hi;
hi = calloc(1, sizeof(*hi) + strlen(spec));
if(hi == NULL)
return NULL;
hi->proto = krbhst_get_default_proto(kd);
if(strncmp(p, "http://", 7) == 0){
hi->proto = KRB5_KRBHST_HTTP;
p += 7;
} else if(strncmp(p, "http/", 5) == 0) {
hi->proto = KRB5_KRBHST_HTTP;
p += 5;
def_port = ntohs(krb5_getportbyname (context, "http", "tcp", 80));
}else if(strncmp(p, "tcp/", 4) == 0){
hi->proto = KRB5_KRBHST_TCP;
p += 4;
} else if(strncmp(p, "udp/", 4) == 0) {
hi->proto = KRB5_KRBHST_UDP;
p += 4;
}
if (p[0] == '[' && (q = strchr(p, ']')) != NULL) {
/* if address looks like [foo:bar] or [foo:bar]: its a ipv6
adress, strip of [] */
memcpy(hi->hostname, &p[1], q - p - 1);
hi->hostname[q - p - 1] = '\0';
p = q + 1;
/* get trailing : */
if (p[0] == ':')
p++;
} else if(strsep_copy(&p, ":", hi->hostname, strlen(spec) + 1) < 0) {
/* copy everything before : */
free(hi);
return NULL;
}
/* get rid of trailing /, and convert to lower case */
hi->hostname[strcspn(hi->hostname, "/")] = '\0';
strlwr(hi->hostname);
hi->port = hi->def_port = def_port;
if(p != NULL && p[0]) {
char *end;
hi->port = strtol(p, &end, 0);
if(end == p) {
free(hi);
return NULL;
}
}
if (port)
hi->port = port;
return hi;
}
int
main(int argc, char **argv)
{
int port = 0;
int ret = 1;
int optind = 0;
setprogname(argv[0]);
if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
&optind))
usage (1);
argc -= optind;
argv += optind;
if (do_help)
usage (0);
if (do_version) {
print_version (NULL);
return 0;
}
if (argc < 1)
usage (1);
if (port_str) {
struct servent *s = roken_getservbyname (port_str, "tcp");
if (s)
port = s->s_port;
else {
char *ptr;
port = strtol (port_str, &ptr, 10);
if (port == 0 && ptr == port_str)
errx (1, "Bad port `%s'", port_str);
port = htons(port);
}
}
if (port == 0) {
#ifdef KRB5
port = krb5_getportbyname (NULL, "kpop", "tcp", 1109);
#else
#error must define KRB5
#endif
}
#ifdef KRB5
if (ret && use_v5) {
ret = doit_v5 (argv[0], port);
}
#endif
return ret;
}
static int
client_setup(krb5_context *ctx, int *argc, char **argv)
{
int optidx = 0;
int port = 0;
int status;
setprogname (argv[0]);
status = krb5_init_context (ctx);
if (status)
errx(1, "krb5_init_context failed: %d", status);
forwardable = krb5_config_get_bool (*ctx, NULL,
"libdefaults",
"forwardable",
NULL);
if (getarg (args, num_args, *argc, argv, &optidx))
usage(1, args, num_args);
if(help_flag)
usage (0, args, num_args);
if(version_flag) {
print_version(NULL);
exit(0);
}
if(port_str) {
struct servent *s = roken_getservbyname(port_str, "tcp");
if(s)
port = s->s_port;
else {
char *ptr;
port = strtol (port_str, &ptr, 10);
if (port == 0 && ptr == port_str)
errx (1, "Bad port `%s'", port_str);
port = htons(port);
}
}
if (port == 0)
port = krb5_getportbyname (*ctx, KF_PORT_NAME, "tcp", KF_PORT_NUM);
if(*argc - optidx < 1)
usage(1, args, num_args);
*argc = optidx;
return port;
}
static int
make_listen_socket (krb5_context context, const char *port_str)
{
int fd;
int one = 1;
struct sockaddr_in addr;
fd = socket (AF_INET, SOCK_STREAM, 0);
if (fd < 0)
krb5_err (context, 1, errno, "socket AF_INET");
setsockopt (fd, SOL_SOCKET, SO_REUSEADDR, (void *)&one, sizeof(one));
memset (&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
if (port_str) {
addr.sin_port = krb5_getportbyname (context,
port_str, "tcp",
0);
if (addr.sin_port == 0) {
char *ptr;
long port;
port = strtol (port_str, &ptr, 10);
if (port == 0 && ptr == port_str)
krb5_errx (context, 1, "bad port `%s'", port_str);
addr.sin_port = htons(port);
}
} else {
addr.sin_port = krb5_getportbyname (context, IPROP_SERVICE,
"tcp", IPROP_PORT);
}
if(bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0)
krb5_err (context, 1, errno, "bind");
if (listen(fd, SOMAXCONN) < 0)
krb5_err (context, 1, errno, "listen");
return fd;
}
static struct krb5_krbhst_info*
parse_hostspec(krb5_context context, struct krb5_krbhst_data *kd,
const char *spec, int def_port, int port)
{
const char *p = spec;
struct krb5_krbhst_info *hi;
hi = calloc(1, sizeof(*hi) + strlen(spec));
if(hi == NULL)
return NULL;
hi->proto = krbhst_get_default_proto(kd);
if(strncmp(p, "http://", 7) == 0){
hi->proto = KRB5_KRBHST_HTTP;
p += 7;
} else if(strncmp(p, "http/", 5) == 0) {
hi->proto = KRB5_KRBHST_HTTP;
p += 5;
def_port = ntohs(krb5_getportbyname (context, "http", "tcp", 80));
}else if(strncmp(p, "tcp/", 4) == 0){
hi->proto = KRB5_KRBHST_TCP;
p += 4;
} else if(strncmp(p, "udp/", 4) == 0) {
p += 4;
}
if(strsep_copy(&p, ":", hi->hostname, strlen(spec) + 1) < 0) {
free(hi);
return NULL;
}
/* get rid of trailing /, and convert to lower case */
hi->hostname[strcspn(hi->hostname, "/")] = '\0';
strlwr(hi->hostname);
hi->port = hi->def_port = def_port;
if(p != NULL) {
char *end;
hi->port = strtol(p, &end, 0);
if(end == p) {
free(hi);
return NULL;
}
}
if (port)
hi->port = port;
return hi;
}
static int
server_setup(krb5_context *ctx, int argc, char **argv)
{
int port = 0;
int local_argc;
local_argc = krb5_program_setup(ctx, argc, argv, args, num_args, usage);
if(help_flag)
(*usage)(0, args, num_args);
if(version_flag) {
print_version(NULL);
exit(0);
}
if(port_str){
struct servent *s = roken_getservbyname(port_str, "tcp");
if(s)
port = s->s_port;
else {
char *ptr;
port = strtol (port_str, &ptr, 10);
if (port == 0 && ptr == port_str)
errx (1, "Bad port `%s'", port_str);
port = htons(port);
}
}
if (port == 0)
port = krb5_getportbyname (*ctx, KF_PORT_NAME, "tcp", KF_PORT_NUM);
if(argv[local_argc] != NULL)
usage(1, args, num_args);
return port;
}
int
main(int argc, char **argv)
{
krb5_error_code ret;
krb5_context context;
krb5_auth_context ac = NULL;
krb5_principal c1, c2;
krb5_authenticator authent;
krb5_keytab keytab;
krb5_socket_t sock = rk_INVALID_SOCKET;
HDB *db = NULL;
int optidx = 0;
char *tmp_db;
krb5_log_facility *fac;
int nprincs;
setprogname(argv[0]);
ret = krb5_init_context(&context);
if(ret)
exit(1);
ret = krb5_openlog(context, "hpropd", &fac);
if(ret)
errx(1, "krb5_openlog");
krb5_set_warn_dest(context, fac);
if(getarg(args, num_args, argc, argv, &optidx))
usage(1);
if(local_realm != NULL)
krb5_set_default_realm(context, local_realm);
if(help_flag)
usage(0);
if(version_flag) {
print_version(NULL);
exit(0);
}
argc -= optidx;
argv += optidx;
if (argc != 0)
usage(1);
if (database == NULL)
database = hdb_default_db(context);
if(from_stdin) {
sock = STDIN_FILENO;
} else {
struct sockaddr_storage ss;
struct sockaddr *sa = (struct sockaddr *)&ss;
socklen_t sin_len = sizeof(ss);
char addr_name[256];
krb5_ticket *ticket;
char *server;
sock = STDIN_FILENO;
#ifdef SUPPORT_INETD
if (inetd_flag == -1) {
if (getpeername (sock, sa, &sin_len) < 0) {
inetd_flag = 0;
} else {
inetd_flag = 1;
}
}
#else
inetd_flag = 0;
#endif
if (!inetd_flag) {
mini_inetd (krb5_getportbyname (context, "hprop", "tcp",
HPROP_PORT), &sock);
}
sin_len = sizeof(ss);
if(getpeername(sock, sa, &sin_len) < 0)
krb5_err(context, 1, errno, "getpeername");
if (inet_ntop(sa->sa_family,
socket_get_address (sa),
addr_name,
sizeof(addr_name)) == NULL)
strlcpy (addr_name, "unknown address",
sizeof(addr_name));
krb5_log(context, fac, 0, "Connection from %s", addr_name);
ret = krb5_kt_register(context, &hdb_kt_ops);
if(ret)
krb5_err(context, 1, ret, "krb5_kt_register");
if (ktname != NULL) {
ret = krb5_kt_resolve(context, ktname, &keytab);
if (ret)
krb5_err (context, 1, ret, "krb5_kt_resolve %s", ktname);
} else {
ret = krb5_kt_default (context, &keytab);
if (ret)
krb5_err (context, 1, ret, "krb5_kt_default");
}
ret = krb5_recvauth(context, &ac, &sock, HPROP_VERSION, NULL,
0, keytab, &ticket);
if(ret)
krb5_err(context, 1, ret, "krb5_recvauth");
ret = krb5_unparse_name(context, ticket->server, &server);
if (ret)
krb5_err(context, 1, ret, "krb5_unparse_name");
if (strncmp(server, "hprop/", 5) != 0)
krb5_errx(context, 1, "ticket not for hprop (%s)", server);
free(server);
krb5_free_ticket (context, ticket);
ret = krb5_auth_con_getauthenticator(context, ac, &authent);
if(ret)
krb5_err(context, 1, ret, "krb5_auth_con_getauthenticator");
ret = krb5_make_principal(context, &c1, NULL, "kadmin", "hprop", NULL);
if(ret)
krb5_err(context, 1, ret, "krb5_make_principal");
_krb5_principalname2krb5_principal(context, &c2,
authent->cname, authent->crealm);
if(!krb5_principal_compare(context, c1, c2)) {
char *s;
ret = krb5_unparse_name(context, c2, &s);
if (ret)
s = unparseable_name;
krb5_errx(context, 1, "Unauthorized connection from %s", s);
}
krb5_free_principal(context, c1);
krb5_free_principal(context, c2);
ret = krb5_kt_close(context, keytab);
if(ret)
krb5_err(context, 1, ret, "krb5_kt_close");
}
if(!print_dump) {
asprintf(&tmp_db, "%s~", database);
ret = hdb_create(context, &db, tmp_db);
if(ret)
krb5_err(context, 1, ret, "hdb_create(%s)", tmp_db);
ret = db->hdb_open(context, db, O_RDWR | O_CREAT | O_TRUNC, 0600);
if(ret)
krb5_err(context, 1, ret, "hdb_open(%s)", tmp_db);
}
nprincs = 0;
while(1){
krb5_data data;
hdb_entry_ex entry;
if(from_stdin) {
ret = krb5_read_message(context, &sock, &data);
if(ret != 0 && ret != HEIM_ERR_EOF)
krb5_err(context, 1, ret, "krb5_read_message");
} else {
ret = krb5_read_priv_message(context, ac, &sock, &data);
if(ret)
krb5_err(context, 1, ret, "krb5_read_priv_message");
}
if(ret == HEIM_ERR_EOF || data.length == 0) {
if(!from_stdin) {
data.data = NULL;
data.length = 0;
krb5_write_priv_message(context, ac, &sock, &data);
}
if(!print_dump) {
ret = db->hdb_close(context, db);
if(ret)
krb5_err(context, 1, ret, "db_close");
ret = db->hdb_rename(context, db, database);
if(ret)
krb5_err(context, 1, ret, "db_rename");
}
break;
}
memset(&entry, 0, sizeof(entry));
ret = hdb_value2entry(context, &data, &entry.entry);
krb5_data_free(&data);
if(ret)
krb5_err(context, 1, ret, "hdb_value2entry");
if(print_dump)
hdb_print_entry(context, db, &entry, stdout);
else {
ret = db->hdb_store(context, db, 0, &entry);
if(ret == HDB_ERR_EXISTS) {
char *s;
ret = krb5_unparse_name(context, entry.entry.principal, &s);
if (ret)
s = strdup(unparseable_name);
krb5_warnx(context, "Entry exists: %s", s);
free(s);
} else if(ret)
krb5_err(context, 1, ret, "db_store");
else
nprincs++;
}
hdb_free_entry(context, &entry);
}
if (!print_dump)
krb5_log(context, fac, 0, "Received %d principals", nprincs);
if (inetd_flag == 0)
rk_closesocket(sock);
exit(0);
}
kadm5_ret_t
_kadm5_c_init_context(kadm5_client_context **ctx,
kadm5_config_params *params,
krb5_context context)
{
krb5_error_code ret;
char *colon;
*ctx = malloc(sizeof(**ctx));
if(*ctx == NULL)
return ENOMEM;
memset(*ctx, 0, sizeof(**ctx));
krb5_add_et_list (context, initialize_kadm5_error_table_r);
set_funcs(*ctx);
(*ctx)->context = context;
if(params->mask & KADM5_CONFIG_REALM) {
ret = 0;
(*ctx)->realm = strdup(params->realm);
if ((*ctx)->realm == NULL)
ret = ENOMEM;
} else
ret = krb5_get_default_realm((*ctx)->context, &(*ctx)->realm);
if (ret) {
free(*ctx);
return ret;
}
if(params->mask & KADM5_CONFIG_ADMIN_SERVER)
(*ctx)->admin_server = strdup(params->admin_server);
else {
char **hostlist;
ret = krb5_get_krb_admin_hst (context, &(*ctx)->realm, &hostlist);
if (ret) {
free((*ctx)->realm);
free(*ctx);
return ret;
}
(*ctx)->admin_server = strdup(*hostlist);
krb5_free_krbhst (context, hostlist);
}
if ((*ctx)->admin_server == NULL) {
free((*ctx)->realm);
free(*ctx);
return ENOMEM;
}
colon = strchr ((*ctx)->admin_server, ':');
if (colon != NULL)
*colon++ = '\0';
(*ctx)->kadmind_port = 0;
if(params->mask & KADM5_CONFIG_KADMIND_PORT)
(*ctx)->kadmind_port = params->kadmind_port;
else if (colon != NULL) {
char *end;
(*ctx)->kadmind_port = htons(strtol (colon, &end, 0));
}
if ((*ctx)->kadmind_port == 0)
(*ctx)->kadmind_port = krb5_getportbyname (context, "kerberos-adm",
"tcp", 749);
return 0;
}
static int
propagate_database (krb5_context context, int type,
const char *database_name,
HDB *db, krb5_ccache ccache,
int optidx, int argc, char **argv)
{
krb5_principal server;
krb5_error_code ret;
int i, failed = 0;
for(i = optidx; i < argc; i++){
krb5_auth_context auth_context;
int fd;
struct prop_data pd;
krb5_data data;
char *port, portstr[NI_MAXSERV];
char *host = argv[i];
port = strchr(host, ':');
if(port == NULL) {
snprintf(portstr, sizeof(portstr), "%u",
ntohs(krb5_getportbyname (context, "hprop", "tcp",
HPROP_PORT)));
port = portstr;
} else
*port++ = '\0';
fd = open_socket(context, host, port);
if(fd < 0) {
failed++;
krb5_warn (context, errno, "connect %s", host);
continue;
}
ret = krb5_sname_to_principal(context, argv[i],
HPROP_NAME, KRB5_NT_SRV_HST, &server);
if(ret) {
failed++;
krb5_warn(context, ret, "krb5_sname_to_principal(%s)", host);
close(fd);
continue;
}
if (local_realm) {
krb5_realm my_realm;
krb5_get_default_realm(context,&my_realm);
krb5_principal_set_realm(context,server,my_realm);
krb5_xfree(my_realm);
}
auth_context = NULL;
ret = krb5_sendauth(context,
&auth_context,
&fd,
HPROP_VERSION,
NULL,
server,
AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
NULL, /* in_data */
NULL, /* in_creds */
ccache,
NULL,
NULL,
NULL);
krb5_free_principal(context, server);
if(ret) {
failed++;
krb5_warn(context, ret, "krb5_sendauth (%s)", host);
close(fd);
goto next_host;
}
pd.context = context;
pd.auth_context = auth_context;
pd.sock = fd;
ret = iterate (context, database_name, db, type, &pd);
if (ret) {
krb5_warnx(context, "iterate to host %s failed", host);
failed++;
goto next_host;
}
krb5_data_zero (&data);
ret = krb5_write_priv_message(context, auth_context, &fd, &data);
if(ret) {
krb5_warn(context, ret, "krb5_write_priv_message");
failed++;
goto next_host;
}
ret = krb5_read_priv_message(context, auth_context, &fd, &data);
if(ret) {
krb5_warn(context, ret, "krb5_read_priv_message: %s", host);
failed++;
goto next_host;
} else
krb5_data_free (&data);
next_host:
krb5_auth_con_free(context, auth_context);
close(fd);
}
if (failed)
return 1;
return 0;
}
int
main(int argc, char **argv)
{
krb5_error_code ret;
char **files;
int optidx = 0;
int e, i;
krb5_log_facility *logfacility;
krb5_keytab keytab;
setprogname(argv[0]);
ret = krb5_init_context(&context);
if (ret)
errx (1, "krb5_init_context failed: %d", ret);
while((e = getarg(args, num_args, argc, argv, &optidx)))
warnx("error at argument `%s'", argv[optidx]);
if (help_flag)
usage (0);
if (version_flag) {
print_version(NULL);
exit(0);
}
argc -= optidx;
argv += optidx;
if (config_file == NULL) {
asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
if (config_file == NULL)
errx(1, "out of memory");
}
ret = krb5_prepend_config_files_default(config_file, &files);
if (ret)
krb5_err(context, 1, ret, "getting configuration files");
ret = krb5_set_config_files(context, files);
krb5_free_config_files(files);
if(ret)
krb5_err(context, 1, ret, "reading configuration files");
ret = krb5_openlog(context, "kadmind", &logfacility);
if (ret)
krb5_err(context, 1, ret, "krb5_openlog");
ret = krb5_set_warn_dest(context, logfacility);
if (ret)
krb5_err(context, 1, ret, "krb5_set_warn_dest");
ret = krb5_kt_register(context, &hdb_kt_ops);
if(ret)
krb5_err(context, 1, ret, "krb5_kt_register");
ret = krb5_kt_resolve(context, keytab_str, &keytab);
if(ret)
krb5_err(context, 1, ret, "krb5_kt_resolve");
kadm5_setup_passwd_quality_check (context, check_library, check_function);
for (i = 0; i < policy_libraries.num_strings; i++) {
ret = kadm5_add_passwd_quality_verifier(context,
policy_libraries.strings[i]);
if (ret)
krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
}
ret = kadm5_add_passwd_quality_verifier(context, NULL);
if (ret)
krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
{
int fd = 0;
struct sockaddr_storage __ss;
struct sockaddr *sa = (struct sockaddr *)&__ss;
socklen_t sa_size = sizeof(__ss);
krb5_auth_context ac = NULL;
int debug_port;
if(debug_flag) {
if(port_str == NULL)
debug_port = krb5_getportbyname (context, "kerberos-adm",
"tcp", 749);
else
debug_port = htons(atoi(port_str));
mini_inetd(debug_port);
} else if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 &&
errno == ENOTSOCK) {
parse_ports(context, port_str ? port_str : "+");
pidfile(NULL);
start_server(context);
}
if(realm)
krb5_set_default_realm(context, realm); /* XXX */
kadmind_loop(context, ac, keytab, fd);
}
return 0;
}
int
main (int argc, char **argv)
{
krb5_keytab keytab;
krb5_error_code ret;
char **files;
int port, i;
krb5_program_setup(&context, argc, argv, args, num_args, NULL);
if(help_flag)
krb5_std_usage(0, args, num_args);
if(version_flag) {
print_version(NULL);
exit(0);
}
if (config_file == NULL) {
asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
if (config_file == NULL)
errx(1, "out of memory");
}
ret = krb5_prepend_config_files_default(config_file, &files);
if (ret)
krb5_err(context, 1, ret, "getting configuration files");
ret = krb5_set_config_files(context, files);
krb5_free_config_files(files);
if (ret)
krb5_err(context, 1, ret, "reading configuration files");
if(realm_str)
krb5_set_default_realm(context, realm_str);
krb5_openlog (context, "kpasswdd", &log_facility);
krb5_set_warn_dest(context, log_facility);
if (port_str != NULL) {
struct servent *s = roken_getservbyname (port_str, "udp");
if (s != NULL)
port = s->s_port;
else {
char *ptr;
port = strtol (port_str, &ptr, 10);
if (port == 0 && ptr == port_str)
krb5_errx (context, 1, "bad port `%s'", port_str);
port = htons(port);
}
} else
port = krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT);
ret = krb5_kt_register(context, &hdb_kt_ops);
if(ret)
krb5_err(context, 1, ret, "krb5_kt_register");
ret = krb5_kt_resolve(context, keytab_str, &keytab);
if(ret)
krb5_err(context, 1, ret, "%s", keytab_str);
kadm5_setup_passwd_quality_check (context, check_library, check_function);
for (i = 0; i < policy_libraries.num_strings; i++) {
ret = kadm5_add_passwd_quality_verifier(context,
policy_libraries.strings[i]);
if (ret)
krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
}
ret = kadm5_add_passwd_quality_verifier(context, NULL);
if (ret)
krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
explicit_addresses.len = 0;
if (addresses_str.num_strings) {
int j;
for (j = 0; j < addresses_str.num_strings; ++j)
add_one_address (addresses_str.strings[j], j == 0);
free_getarg_strings (&addresses_str);
} else {
char **foo = krb5_config_get_strings (context, NULL,
"kdc", "addresses", NULL);
if (foo != NULL) {
add_one_address (*foo++, TRUE);
while (*foo)
add_one_address (*foo++, FALSE);
}
}
#ifdef HAVE_SIGACTION
{
struct sigaction sa;
sa.sa_flags = 0;
sa.sa_handler = sigterm;
sigemptyset(&sa.sa_mask);
sigaction(SIGINT, &sa, NULL);
sigaction(SIGTERM, &sa, NULL);
}
#else
signal(SIGINT, sigterm);
signal(SIGTERM, sigterm);
#endif
pidfile(NULL);
return doit (keytab, port);
}
int
main(int argc, char **argv)
{
krb5_error_code ret;
int optidx = 0;
int i;
krb5_keytab keytab;
krb5_socket_t sfd = rk_INVALID_SOCKET;
setprogname(argv[0]);
ret = krb5_init_context(&context);
if (ret)
errx (1, "krb5_init_context failed: %d", ret);
if (getarg(args, num_args, argc, argv, &optidx)) {
warnx("error at argument `%s'", argv[optidx]);
usage(1);
}
if (help_flag)
usage (0);
if (version_flag) {
print_version(NULL);
exit(0);
}
setup_context(context);
/*
* Now, do the same for the gssapi thread we are going to be running in
*/
{
krb5_context gssctx;
ret = _gsskrb5_init(&gssctx);
if (ret)
errx(1, "failed to setup gssapi context");
setup_context(gssctx);
krb5_gss_register_acceptor_identity("HDB:");
}
ret = krb5_kt_resolve(context, keytab_str, &keytab);
if(ret)
krb5_err(context, 1, ret, "krb5_kt_resolve");
kadm5_setup_passwd_quality_check (context, check_library, check_function);
for (i = 0; i < policy_libraries.num_strings; i++) {
ret = kadm5_add_passwd_quality_verifier(context,
policy_libraries.strings[i]);
if (ret)
krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
}
ret = kadm5_add_passwd_quality_verifier(context, NULL);
if (ret)
krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
#ifdef ___APPLE__
if (sandbox_flag) {
char *errorstring;
ret = sandbox_init("kadmind", SANDBOX_NAMED, &errorstring);
if (ret)
errx(1, "sandbox_init failed: %d: %s", ret, errorstring);
}
#endif
if(debug_flag) {
int debug_port;
if(port_str == NULL)
debug_port = krb5_getportbyname (context, "kerberos-adm",
"tcp", 749);
else
debug_port = htons(atoi(port_str));
mini_inetd(debug_port, &sfd);
} else {
#ifdef _WIN32
pidfile(NULL);
start_server(context, port_str);
#else
struct sockaddr_storage __ss;
struct sockaddr *sa = (struct sockaddr *)&__ss;
socklen_t sa_size = sizeof(__ss);
/*
* Check if we are running inside inetd or not, if not, start
* our own server.
*/
if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 &&
rk_SOCK_ERRNO == ENOTSOCK) {
pidfile(NULL);
start_server(context, port_str);
}
#endif /* _WIN32 */
sfd = STDIN_FILENO;
}
if(realm)
krb5_set_default_realm(context, realm); /* XXX */
kadmind_loop(context, keytab, sfd);
return 0;
}
int
main(int argc, char **argv)
{
int port = 0;
int optind = 0;
int ret = 1;
const char *host, *user, *filename = NULL;
char *pobox = NULL;
setprogname (argv[0]);
#ifdef KRB5
{
krb5_error_code ret;
ret = krb5_init_context (&context);
if (ret)
errx (1, "krb5_init_context failed: %d", ret);
}
#endif
if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
&optind))
usage (1);
argc -= optind;
argv += optind;
if (do_help)
usage (0);
if (do_version) {
print_version(NULL);
return 0;
}
if (do_from && header_str == NULL)
header_str = "From:";
else if (header_str != NULL)
do_from = 1;
if (do_from) {
if (argc == 0)
pobox = NULL;
else if (argc == 1)
pobox = argv[0];
else
usage (1);
} else {
if (argc == 1) {
filename = argv[0];
pobox = NULL;
} else if (argc == 2) {
filename = argv[1];
pobox = argv[0];
} else
usage (1);
}
if (port_str) {
struct servent *s = roken_getservbyname (port_str, "tcp");
if (s)
port = s->s_port;
else {
char *ptr;
port = strtol (port_str, &ptr, 10);
if (port == 0 && ptr == port_str)
errx (1, "Bad port `%s'", port_str);
port = htons(port);
}
}
if (port == 0) {
#ifdef KRB5
port = krb5_getportbyname (context, "kpop", "tcp", 1109);
#else
#error must define KRB5
#endif
}
parse_pobox (pobox, &host, &user);
#ifdef KRB5
if (ret && use_v5) {
ret = do_v5 (host, port, user, filename, header_str,
do_leave, verbose_level, do_fork);
}
#endif
return ret;
}
static krb5_error_code
srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count,
const char *realm, const char *dns_type,
const char *proto, const char *service, int port)
{
char domain[1024];
struct dns_reply *r;
struct resource_record *rr;
int num_srv;
int proto_num;
int def_port;
*res = NULL;
*count = 0;
proto_num = string_to_proto(proto);
if(proto_num < 0) {
krb5_set_error_string(context, "unknown protocol `%s'", proto);
return EINVAL;
}
if(proto_num == KRB5_KRBHST_HTTP)
def_port = ntohs(krb5_getportbyname (context, "http", "tcp", 80));
else if(port == 0)
def_port = ntohs(krb5_getportbyname (context, service, proto, 88));
else
def_port = port;
snprintf(domain, sizeof(domain), "_%s._%s.%s.", service, proto, realm);
r = dns_lookup(domain, dns_type);
if(r == NULL)
return KRB5_KDC_UNREACH;
for(num_srv = 0, rr = r->head; rr; rr = rr->next)
if(rr->type == T_SRV)
num_srv++;
*res = malloc(num_srv * sizeof(**res));
if(*res == NULL) {
dns_free_data(r);
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
dns_srv_order(r);
for(num_srv = 0, rr = r->head; rr; rr = rr->next)
if(rr->type == T_SRV) {
krb5_krbhst_info *hi;
size_t len = strlen(rr->u.srv->target);
hi = calloc(1, sizeof(*hi) + len);
if(hi == NULL) {
dns_free_data(r);
while(--num_srv >= 0)
free((*res)[num_srv]);
free(*res);
*res = NULL;
return ENOMEM;
}
(*res)[num_srv++] = hi;
hi->proto = proto_num;
hi->def_port = def_port;
if (port != 0)
hi->port = port;
else
hi->port = rr->u.srv->port;
strlcpy(hi->hostname, rr->u.srv->target, len + 1);
}
*count = num_srv;
dns_free_data(r);
return 0;
}
int
main(int argc, char **argv)
{
int port = 0;
int optidx = 0;
int ret = 1;
char *host = NULL;
setprogname (argv[0]);
if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
&optidx))
usage (1);
if (help_flag)
usage (0);
if (version_flag) {
print_version (NULL);
return 0;
}
if (optidx != argc - 1)
usage (1);
host = argv[optidx];
if (port_str) {
struct servent *s = roken_getservbyname (port_str, "tcp");
if (s)
port = s->s_port;
else {
char *ptr;
port = strtol (port_str, &ptr, 10);
if (port == 0 && ptr == port_str)
errx (1, "Bad port `%s'", port_str);
port = htons(port);
}
}
if (user == NULL) {
user = get_default_username ();
if (user == NULL)
errx (1, "who are you?");
}
if (!passive_flag)
passive_flag = check_for_passive (getenv("DISPLAY"));
#if defined(HAVE_KERNEL_ENABLE_DEBUG)
if (krb_debug_flag)
krb_enable_debug ();
#endif
#ifdef KRB5
if (ret && use_v5) {
if (port == 0)
port = krb5_getportbyname(NULL, "kx", "tcp", KX_PORT);
ret = doit_v5 (host, port, user,
passive_flag, debug_flag, keepalive_flag, tcp_flag);
}
#endif
return ret;
}
int
main(int argc, char **argv)
{
krb5_error_code ret;
char **files;
int optidx = 0;
int i;
krb5_log_facility *logfacility;
krb5_keytab keytab;
krb5_socket_t sfd = rk_INVALID_SOCKET;
setprogname(argv[0]);
ret = krb5_init_context(&context);
if (ret)
errx (1, "krb5_init_context failed: %d", ret);
if (getarg(args, num_args, argc, argv, &optidx)) {
warnx("error at argument `%s'", argv[optidx]);
usage(1);
}
if (help_flag)
usage (0);
if (version_flag) {
print_version(NULL);
exit(0);
}
argc -= optidx;
argv += optidx;
if (config_file == NULL) {
asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
if (config_file == NULL)
errx(1, "out of memory");
}
ret = krb5_prepend_config_files_default(config_file, &files);
if (ret)
krb5_err(context, 1, ret, "getting configuration files");
ret = krb5_set_config_files(context, files);
krb5_free_config_files(files);
if(ret)
krb5_err(context, 1, ret, "reading configuration files");
ret = krb5_openlog(context, "kadmind", &logfacility);
if (ret)
krb5_err(context, 1, ret, "krb5_openlog");
ret = krb5_set_warn_dest(context, logfacility);
if (ret)
krb5_err(context, 1, ret, "krb5_set_warn_dest");
ret = krb5_kt_register(context, &hdb_kt_ops);
if(ret)
krb5_err(context, 1, ret, "krb5_kt_register");
ret = krb5_kt_resolve(context, keytab_str, &keytab);
if(ret)
krb5_err(context, 1, ret, "krb5_kt_resolve");
kadm5_setup_passwd_quality_check (context, check_library, check_function);
for (i = 0; i < policy_libraries.num_strings; i++) {
ret = kadm5_add_passwd_quality_verifier(context,
policy_libraries.strings[i]);
if (ret)
krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
}
ret = kadm5_add_passwd_quality_verifier(context, NULL);
if (ret)
krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
if(debug_flag) {
int debug_port;
if(port_str == NULL)
debug_port = krb5_getportbyname (context, "kerberos-adm",
"tcp", 749);
else
debug_port = htons(atoi(port_str));
mini_inetd(debug_port, &sfd);
} else {
#ifdef _WIN32
pidfile(NULL);
start_server(context, port_str);
#else
struct sockaddr_storage __ss;
struct sockaddr *sa = (struct sockaddr *)&__ss;
socklen_t sa_size = sizeof(__ss);
/*
* Check if we are running inside inetd or not, if not, start
* our own server.
*/
if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 &&
rk_SOCK_ERRNO == ENOTSOCK) {
pidfile(NULL);
start_server(context, port_str);
}
#endif /* _WIN32 */
sfd = STDIN_FILENO;
}
if(realm)
krb5_set_default_realm(context, realm); /* XXX */
kadmind_loop(context, keytab, sfd);
return 0;
}
int
main(int argc, char **argv)
{
struct sockaddr_storage __ss;
struct sockaddr *sa = (struct sockaddr *)&__ss;
int on = 1;
socklen_t sa_size;
int ch;
#if defined(IPPROTO_IP) && defined(IP_TOS)
int tos = -1;
#endif
#ifdef ENCRYPTION
des_check_key = 1; /* Kludge for Mac NCSA telnet 2.6 /bg */
#endif
pfrontp = pbackp = ptyobuf;
netip = netibuf;
nfrontp = nbackp = netobuf;
#ifdef __SYMBIAN32__
if( getConnectionUp() < 0) exit(1);
#endif
setprogname(argv[0]);
progname = *argv;
#ifdef ENCRYPTION
nclearto = 0;
#endif
#ifdef _CRAY
/*
* Get number of pty's before trying to process options,
* which may include changing pty range.
*/
highpty = getnpty();
#endif /* CRAY */
if (argc == 2 && strcmp(argv[1], "--version") == 0) {
#ifndef __SYMBIAN32__
print_version(NULL);
#endif //__SYMBIAN32__
exit(0);
}
while ((ch = getopt(argc, argv, valid_opts)) != -1) {
switch(ch) {
#ifdef AUTHENTICATION
case 'a':
/*
* Check for required authentication level
*/
if (strcmp(optarg, "debug") == 0) {
auth_debug_mode = 1;
} else if (strcasecmp(optarg, "none") == 0) {
auth_level = 0;
} else if (strcasecmp(optarg, "otp") == 0) {
auth_level = 0;
require_otp = 1;
} else if (strcasecmp(optarg, "other") == 0) {
auth_level = AUTH_OTHER;
} else if (strcasecmp(optarg, "user") == 0) {
auth_level = AUTH_USER;
} else if (strcasecmp(optarg, "valid") == 0) {
auth_level = AUTH_VALID;
} else if (strcasecmp(optarg, "off") == 0) {
/*
* This hack turns off authentication
*/
auth_level = -1;
} else {
fprintf(stderr,
"telnetd: unknown authorization level for -a\n");
}
break;
#endif /* AUTHENTICATION */
case 'B': /* BFTP mode is not supported any more */
break;
case 'd':
if (strcmp(optarg, "ebug") == 0) {
debug++;
break;
}
usage();
/* NOTREACHED */
break;
#ifdef DIAGNOSTICS
case 'D':
/*
* Check for desired diagnostics capabilities.
*/
if (!strcmp(optarg, "report")) {
diagnostic |= TD_REPORT|TD_OPTIONS;
} else if (!strcmp(optarg, "exercise")) {
diagnostic |= TD_EXERCISE;
} else if (!strcmp(optarg, "netdata")) {
diagnostic |= TD_NETDATA;
} else if (!strcmp(optarg, "ptydata")) {
diagnostic |= TD_PTYDATA;
} else if (!strcmp(optarg, "options")) {
diagnostic |= TD_OPTIONS;
} else {
usage();
/* NOT REACHED */
}
break;
#endif /* DIAGNOSTICS */
case 'h':
hostinfo = 0;
break;
case 'k': /* Linemode is not supported any more */
case 'l':
break;
case 'n':
keepalive = 0;
break;
#ifdef _CRAY
case 'r':
{
char *strchr();
char *c;
/*
* Allow the specification of alterations
* to the pty search range. It is legal to
* specify only one, and not change the
* other from its default.
*/
c = strchr(optarg, '-');
if (c) {
*c++ = '\0';
highpty = atoi(c);
}
if (*optarg != '\0')
lowpty = atoi(optarg);
if ((lowpty > highpty) || (lowpty < 0) ||
(highpty > 32767)) {
usage();
/* NOT REACHED */
}
break;
}
#endif /* CRAY */
case 'S':
#ifdef HAVE_PARSETOS
if ((tos = parsetos(optarg, "tcp")) < 0)
fprintf(stderr, "%s%s%s\n",
"telnetd: Bad TOS argument '", optarg,
"'; will try to use default TOS");
#else
fprintf(stderr, "%s%s\n", "TOS option unavailable; ",
"-S flag not supported\n");
#endif
break;
case 'u': {
char *eptr;
utmp_len = strtol(optarg, &eptr, 0);
if (optarg == eptr)
fprintf(stderr, "telnetd: unknown utmp len (%s)\n", optarg);
break;
}
case 'U':
registerd_host_only = 1;
break;
#ifdef AUTHENTICATION
case 'X':
/*
* Check for invalid authentication types
*/
auth_disable_name(optarg);
break;
#endif
case 'y':
no_warn = 1;
break;
#ifdef AUTHENTICATION
case 'z':
log_unauth = 1;
break;
#endif /* AUTHENTICATION */
case 'L':
new_login = optarg;
break;
default:
fprintf(stderr, "telnetd: %c: unknown option\n", ch);
/* FALLTHROUGH */
case '?':
usage();
/* NOTREACHED */
}
}
argc -= optind;
argv += optind;
if (debug) {
int port = 0;
struct servent *sp;
if (argc > 1) {
usage ();
} else if (argc == 1) {
sp = (struct servent*)roken_getservbyname (*argv, "tcp");
if (sp)
port = sp->s_port;
else
port = htons(atoi(*argv));
} else {
#ifdef __SYMBIAN32__
port = htons(atoi("23"));
#else
#ifdef KRB5
port = krb5_getportbyname (NULL, "telnet", "tcp", 23);
#else
port = k_getportbyname("telnet", "tcp", htons(23));
#endif
#endif //__SYMBIAN32__
}
mini_inetd (port);
} else if (argc > 0) {
usage();
/* NOT REACHED */
}
#ifdef _SC_CRAY_SECURE_SYS
secflag = sysconf(_SC_CRAY_SECURE_SYS);
/*
* Get socket's security label
*/
if (secflag) {
socklen_t szss = sizeof(ss);
int sock_multi;
socklen_t szi = sizeof(int);
memset(&dv, 0, sizeof(dv));
if (getsysv(&sysv, sizeof(struct sysv)) != 0)
fatalperror(net, "getsysv");
/*
* Get socket security label and set device values
* {security label to be set on ttyp device}
*/
#ifdef SO_SEC_MULTI /* 8.0 code */
if ((getsockopt(0, SOL_SOCKET, SO_SECURITY,
(void *)&ss, &szss) < 0) ||
(getsockopt(0, SOL_SOCKET, SO_SEC_MULTI,
(void *)&sock_multi, &szi) < 0))
fatalperror(net, "getsockopt");
else {
dv.dv_actlvl = ss.ss_actlabel.lt_level;
dv.dv_actcmp = ss.ss_actlabel.lt_compart;
if (!sock_multi) {
dv.dv_minlvl = dv.dv_maxlvl = dv.dv_actlvl;
dv.dv_valcmp = dv.dv_actcmp;
} else {
dv.dv_minlvl = ss.ss_minlabel.lt_level;
dv.dv_maxlvl = ss.ss_maxlabel.lt_level;
dv.dv_valcmp = ss.ss_maxlabel.lt_compart;
}
dv.dv_devflg = 0;
}
#else /* SO_SEC_MULTI */ /* 7.0 code */
if (getsockopt(0, SOL_SOCKET, SO_SECURITY,
(void *)&ss, &szss) >= 0) {
dv.dv_actlvl = ss.ss_slevel;
dv.dv_actcmp = ss.ss_compart;
dv.dv_minlvl = ss.ss_minlvl;
dv.dv_maxlvl = ss.ss_maxlvl;
dv.dv_valcmp = ss.ss_maxcmp;
}
#endif /* SO_SEC_MULTI */
}
#endif /* _SC_CRAY_SECURE_SYS */
roken_openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
sa_size = sizeof (__ss);
if (getpeername(STDIN_FILENO, sa, &sa_size) < 0) {
fprintf(stderr, "%s: ", progname);
perror("getpeername");
_exit(1);
}
if (keepalive &&
setsockopt(STDIN_FILENO, SOL_SOCKET, SO_KEEPALIVE,
(void *)&on, sizeof (on)) < 0) {
#ifndef __SYMBIAN32__
syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
#endif
;
}
#if defined(IPPROTO_IP) && defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
{
# ifdef HAVE_GETTOSBYNAME
struct tosent *tp;
if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
tos = tp->t_tos;
# endif
if (tos < 0)
tos = 020; /* Low Delay bit */
if (tos
&& sa->sa_family == AF_INET
&& (setsockopt(STDIN_FILENO, IPPROTO_IP, IP_TOS,
(void *)&tos, sizeof(tos)) < 0)
&& (errno != ENOPROTOOPT) )
syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
}
#endif /* defined(IPPROTO_IP) && defined(IP_TOS) */
net = STDIN_FILENO;
doit(sa, sa_size);
/* NOTREACHED */
return 0;
} /* end of main */
