static void *
create_master_db(void)
{
hobbes_id_t enclave_id = HOBBES_INVALID_ID;
hobbes_master_db = hdb_create(HDB_MASTER_DB_SIZE);
/* Initialize Master DB State */
hdb_init_master_db(hobbes_master_db);
/* Create Master enclave */
enclave_id = hdb_create_enclave(hobbes_master_db, "master", 0, MASTER_ENCLAVE, HOBBES_INVALID_ID);
if (enclave_id == HOBBES_INVALID_ID) {
ERROR("Could not register master enclave\n");
return NULL;
}
printf("Master Enclave id = %d\n", enclave_id);
printf("Master enclave name=%s\n", hdb_get_enclave_name(hobbes_master_db, enclave_id));
hdb_set_enclave_state(hobbes_master_db, enclave_id, ENCLAVE_RUNNING);
return hobbes_master_db;
}
static kadm5_ret_t
kadm5_s_init_with_context(krb5_context context,
const char *client_name,
const char *service_name,
kadm5_config_params *realm_params,
unsigned long struct_version,
unsigned long api_version,
void **server_handle)
{
kadm5_ret_t ret;
kadm5_server_context *ctx;
ret = _kadm5_s_init_context(&ctx, realm_params, context);
if(ret)
return ret;
assert(ctx->config.dbname != NULL);
assert(ctx->config.stash_file != NULL);
assert(ctx->config.acl_file != NULL);
assert(ctx->log_context.log_file != NULL);
#ifndef NO_UNIX_SOCKETS
assert(ctx->log_context.socket_name.sun_path[0] != '\0');
#else
assert(ctx->log_context.socket_info != NULL);
#endif
ret = hdb_create(ctx->context, &ctx->db, ctx->config.dbname);
if(ret)
return ret;
ret = hdb_set_master_keyfile (ctx->context,
ctx->db, ctx->config.stash_file);
if(ret)
return ret;
ctx->log_context.log_fd = -1;
#ifndef NO_UNIX_SOCKETS
ctx->log_context.socket_fd = socket (AF_UNIX, SOCK_DGRAM, 0);
#else
ctx->log_context.socket_fd = socket (ctx->log_context.socket_info->ai_family,
ctx->log_context.socket_info->ai_socktype,
ctx->log_context.socket_info->ai_protocol);
#endif
ret = krb5_parse_name(ctx->context, client_name, &ctx->caller);
if(ret)
return ret;
ret = _kadm5_acl_init(ctx);
if(ret)
return ret;
*server_handle = ctx;
return 0;
}
static krb5_error_code KRB5_CALLCONV
hdb_start_seq_get(krb5_context context,
krb5_keytab id,
krb5_kt_cursor *cursor)
{
krb5_error_code ret;
struct hdb_cursor *c;
struct hdb_data *d = id->data;
const char *dbname = d->dbname;
const char *mkey = d->mkey;
HDB *db;
if (dbname == NULL) {
/*
* We don't support enumerating without being told what
* backend to enumerate on
*/
ret = KRB5_KT_NOTFOUND;
return ret;
}
ret = hdb_create (context, &db, dbname);
if (ret)
return ret;
ret = hdb_set_master_keyfile (context, db, mkey);
if (ret) {
(*db->hdb_destroy)(context, db);
return ret;
}
ret = (*db->hdb_open)(context, db, O_RDONLY, 0);
if (ret) {
(*db->hdb_destroy)(context, db);
return ret;
}
cursor->data = c = malloc (sizeof(*c));
if(c == NULL){
(*db->hdb_close)(context, db);
(*db->hdb_destroy)(context, db);
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
c->db = db;
c->first = TRUE;
c->next = TRUE;
c->key_idx = 0;
cursor->data = c;
return ret;
}
static krb5_error_code KRB5_CALLCONV
hdb_get_entry(krb5_context context,
krb5_keytab id,
krb5_const_principal principal,
krb5_kvno kvno,
krb5_enctype enctype,
krb5_keytab_entry *entry)
{
hdb_entry_ex ent;
krb5_error_code ret;
struct hdb_data *d = id->data;
const char *dbname = d->dbname;
const char *mkey = d->mkey;
char *fdbname = NULL, *fmkey = NULL;
HDB *db;
int i;
memset(&ent, 0, sizeof(ent));
if (dbname == NULL) {
ret = find_db(context, &fdbname, &fmkey, principal);
if (ret)
return ret;
dbname = fdbname;
mkey = fmkey;
}
ret = hdb_create (context, &db, dbname);
if (ret)
goto out2;
ret = hdb_set_master_keyfile (context, db, mkey);
if (ret) {
(*db->hdb_destroy)(context, db);
goto out2;
}
ret = (*db->hdb_open)(context, db, O_RDONLY, 0);
if (ret) {
(*db->hdb_destroy)(context, db);
goto out2;
}
ret = (*db->hdb_fetch_kvno)(context, db, principal,
HDB_F_DECRYPT|HDB_F_KVNO_SPECIFIED|
HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
kvno, &ent);
if(ret == HDB_ERR_NOENTRY) {
ret = KRB5_KT_NOTFOUND;
goto out;
}else if(ret)
goto out;
if(kvno && ent.entry.kvno != kvno) {
hdb_free_entry(context, &ent);
ret = KRB5_KT_NOTFOUND;
goto out;
}
if(enctype == 0)
if(ent.entry.keys.len > 0)
enctype = ent.entry.keys.val[0].key.keytype;
ret = KRB5_KT_NOTFOUND;
for(i = 0; i < ent.entry.keys.len; i++) {
if(ent.entry.keys.val[i].key.keytype == enctype) {
krb5_copy_principal(context, principal, &entry->principal);
entry->vno = ent.entry.kvno;
krb5_copy_keyblock_contents(context,
&ent.entry.keys.val[i].key,
&entry->keyblock);
ret = 0;
break;
}
}
hdb_free_entry(context, &ent);
out:
(*db->hdb_close)(context, db);
(*db->hdb_destroy)(context, db);
out2:
free(fdbname);
free(fmkey);
return ret;
}
static int
send_complete (krb5_context context, slave *s,
const char *database, u_int32_t current_version)
{
krb5_error_code ret;
krb5_storage *sp;
HDB *db;
krb5_data data;
char buf[8];
ret = hdb_create (context, &db, database);
if (ret)
krb5_err (context, 1, ret, "hdb_create: %s", database);
ret = db->hdb_open (context, db, O_RDONLY, 0);
if (ret)
krb5_err (context, 1, ret, "db->open");
sp = krb5_storage_from_mem (buf, 4);
if (sp == NULL)
krb5_errx (context, 1, "krb5_storage_from_mem");
krb5_store_int32 (sp, TELL_YOU_EVERYTHING);
krb5_storage_free (sp);
data.data = buf;
data.length = 4;
ret = krb5_write_priv_message(context, s->ac, &s->fd, &data);
if (ret) {
krb5_warn (context, ret, "krb5_write_priv_message");
slave_dead(s);
return ret;
}
ret = hdb_foreach (context, db, 0, prop_one, s);
if (ret) {
krb5_warn (context, ret, "hdb_foreach");
slave_dead(s);
return ret;
}
(*db->hdb_close)(context, db);
(*db->hdb_destroy)(context, db);
sp = krb5_storage_from_mem (buf, 8);
if (sp == NULL)
krb5_errx (context, 1, "krb5_storage_from_mem");
krb5_store_int32 (sp, NOW_YOU_HAVE);
krb5_store_int32 (sp, current_version);
krb5_storage_free (sp);
data.length = 8;
s->version = current_version;
ret = krb5_write_priv_message(context, s->ac, &s->fd, &data);
if (ret) {
slave_dead(s);
krb5_warn (context, ret, "krb5_write_priv_message");
return ret;
}
slave_seen(s);
return 0;
}
int
main(int argc, char **argv)
{
krb5_error_code ret;
krb5_context context;
krb5_auth_context ac = NULL;
krb5_principal c1, c2;
krb5_authenticator authent;
krb5_keytab keytab;
krb5_socket_t sock = rk_INVALID_SOCKET;
HDB *db = NULL;
int optidx = 0;
char *tmp_db;
krb5_log_facility *fac;
int nprincs;
setprogname(argv[0]);
ret = krb5_init_context(&context);
if(ret)
exit(1);
ret = krb5_openlog(context, "hpropd", &fac);
if(ret)
errx(1, "krb5_openlog");
krb5_set_warn_dest(context, fac);
if(getarg(args, num_args, argc, argv, &optidx))
usage(1);
if(local_realm != NULL)
krb5_set_default_realm(context, local_realm);
if(help_flag)
usage(0);
if(version_flag) {
print_version(NULL);
exit(0);
}
argc -= optidx;
argv += optidx;
if (argc != 0)
usage(1);
if (database == NULL)
database = hdb_default_db(context);
if(from_stdin) {
sock = STDIN_FILENO;
} else {
struct sockaddr_storage ss;
struct sockaddr *sa = (struct sockaddr *)&ss;
socklen_t sin_len = sizeof(ss);
char addr_name[256];
krb5_ticket *ticket;
char *server;
sock = STDIN_FILENO;
#ifdef SUPPORT_INETD
if (inetd_flag == -1) {
if (getpeername (sock, sa, &sin_len) < 0) {
inetd_flag = 0;
} else {
inetd_flag = 1;
}
}
#else
inetd_flag = 0;
#endif
if (!inetd_flag) {
mini_inetd (krb5_getportbyname (context, "hprop", "tcp",
HPROP_PORT), &sock);
}
sin_len = sizeof(ss);
if(getpeername(sock, sa, &sin_len) < 0)
krb5_err(context, 1, errno, "getpeername");
if (inet_ntop(sa->sa_family,
socket_get_address (sa),
addr_name,
sizeof(addr_name)) == NULL)
strlcpy (addr_name, "unknown address",
sizeof(addr_name));
krb5_log(context, fac, 0, "Connection from %s", addr_name);
ret = krb5_kt_register(context, &hdb_kt_ops);
if(ret)
krb5_err(context, 1, ret, "krb5_kt_register");
if (ktname != NULL) {
ret = krb5_kt_resolve(context, ktname, &keytab);
if (ret)
krb5_err (context, 1, ret, "krb5_kt_resolve %s", ktname);
} else {
ret = krb5_kt_default (context, &keytab);
if (ret)
krb5_err (context, 1, ret, "krb5_kt_default");
}
ret = krb5_recvauth(context, &ac, &sock, HPROP_VERSION, NULL,
0, keytab, &ticket);
if(ret)
krb5_err(context, 1, ret, "krb5_recvauth");
ret = krb5_unparse_name(context, ticket->server, &server);
if (ret)
krb5_err(context, 1, ret, "krb5_unparse_name");
if (strncmp(server, "hprop/", 5) != 0)
krb5_errx(context, 1, "ticket not for hprop (%s)", server);
free(server);
krb5_free_ticket (context, ticket);
ret = krb5_auth_con_getauthenticator(context, ac, &authent);
if(ret)
krb5_err(context, 1, ret, "krb5_auth_con_getauthenticator");
ret = krb5_make_principal(context, &c1, NULL, "kadmin", "hprop", NULL);
if(ret)
krb5_err(context, 1, ret, "krb5_make_principal");
_krb5_principalname2krb5_principal(context, &c2,
authent->cname, authent->crealm);
if(!krb5_principal_compare(context, c1, c2)) {
char *s;
ret = krb5_unparse_name(context, c2, &s);
if (ret)
s = unparseable_name;
krb5_errx(context, 1, "Unauthorized connection from %s", s);
}
krb5_free_principal(context, c1);
krb5_free_principal(context, c2);
ret = krb5_kt_close(context, keytab);
if(ret)
krb5_err(context, 1, ret, "krb5_kt_close");
}
if(!print_dump) {
asprintf(&tmp_db, "%s~", database);
ret = hdb_create(context, &db, tmp_db);
if(ret)
krb5_err(context, 1, ret, "hdb_create(%s)", tmp_db);
ret = db->hdb_open(context, db, O_RDWR | O_CREAT | O_TRUNC, 0600);
if(ret)
krb5_err(context, 1, ret, "hdb_open(%s)", tmp_db);
}
nprincs = 0;
while(1){
krb5_data data;
hdb_entry_ex entry;
if(from_stdin) {
ret = krb5_read_message(context, &sock, &data);
if(ret != 0 && ret != HEIM_ERR_EOF)
krb5_err(context, 1, ret, "krb5_read_message");
} else {
ret = krb5_read_priv_message(context, ac, &sock, &data);
if(ret)
krb5_err(context, 1, ret, "krb5_read_priv_message");
}
if(ret == HEIM_ERR_EOF || data.length == 0) {
if(!from_stdin) {
data.data = NULL;
data.length = 0;
krb5_write_priv_message(context, ac, &sock, &data);
}
if(!print_dump) {
ret = db->hdb_close(context, db);
if(ret)
krb5_err(context, 1, ret, "db_close");
ret = db->hdb_rename(context, db, database);
if(ret)
krb5_err(context, 1, ret, "db_rename");
}
break;
}
memset(&entry, 0, sizeof(entry));
ret = hdb_value2entry(context, &data, &entry.entry);
krb5_data_free(&data);
if(ret)
krb5_err(context, 1, ret, "hdb_value2entry");
if(print_dump)
hdb_print_entry(context, db, &entry, stdout);
else {
ret = db->hdb_store(context, db, 0, &entry);
if(ret == HDB_ERR_EXISTS) {
char *s;
ret = krb5_unparse_name(context, entry.entry.principal, &s);
if (ret)
s = strdup(unparseable_name);
krb5_warnx(context, "Entry exists: %s", s);
free(s);
} else if(ret)
krb5_err(context, 1, ret, "db_store");
else
nprincs++;
}
hdb_free_entry(context, &entry);
}
if (!print_dump)
krb5_log(context, fac, 0, "Received %d principals", nprincs);
if (inetd_flag == 0)
rk_closesocket(sock);
exit(0);
}
int
main(int argc, char **argv)
{
krb5_error_code ret;
ret = krb5_init_context(&context);
if (ret == KRB5_CONFIG_BADFORMAT)
errx (1, "krb5_init_context failed to parse configuration file");
else if (ret)
errx (1, "krb5_init_context failed: %d", ret);
configure(argc, argv);
if(databases == NULL) {
db = malloc(sizeof(*db));
num_db = 1;
ret = hdb_create(context, &db[0], NULL);
if(ret)
krb5_err(context, 1, ret, "hdb_create %s", HDB_DEFAULT_DB);
ret = hdb_set_master_keyfile(context, db[0], NULL);
if (ret)
krb5_err(context, 1, ret, "hdb_set_master_keyfile");
} else {
struct dbinfo *d;
int i;
/* count databases */
for(d = databases, i = 0; d; d = d->next, i++);
db = malloc(i * sizeof(*db));
for(d = databases, num_db = 0; d; d = d->next, num_db++) {
ret = hdb_create(context, &db[num_db], d->dbname);
if(ret)
krb5_err(context, 1, ret, "hdb_create %s", d->dbname);
ret = hdb_set_master_keyfile(context, db[num_db], d->mkey_file);
if (ret)
krb5_err(context, 1, ret, "hdb_set_master_keyfile");
}
}
#ifdef HAVE_SIGACTION
{
struct sigaction sa;
sa.sa_flags = 0;
sa.sa_handler = sigterm;
sigemptyset(&sa.sa_mask);
sigaction(SIGINT, &sa, NULL);
sigaction(SIGTERM, &sa, NULL);
sigaction(SIGXCPU, &sa, NULL);
sa.sa_handler = SIG_IGN;
sigaction(SIGPIPE, &sa, NULL);
}
#else
signal(SIGINT, sigterm);
signal(SIGTERM, sigterm);
signal(SIGXCPU, sigterm);
signal(SIGPIPE, SIG_IGN);
#endif
if (detach_from_console)
daemon(0, 0);
pidfile(NULL);
loop();
krb5_free_context(context);
return 0;
}
static int
write_dump (krb5_context context, krb5_storage *dump,
const char *database, uint32_t current_version)
{
krb5_error_code ret;
krb5_storage *sp;
HDB *db;
krb5_data data;
char buf[8];
/* we assume that the caller has obtained an exclusive lock */
ret = krb5_storage_truncate(dump, 0);
if (ret)
return ret;
if (krb5_storage_seek(dump, 0, SEEK_SET) != 0)
return errno;
/*
* First we store zero as the HDB version, this will indicate to a
* later reader that the dumpfile is invalid. We later write the
* correct version in the file after we have written all of the
* messages. A dump with a zero version will not be considered
* to be valid.
*/
ret = krb5_store_uint32(dump, 0);
ret = hdb_create (context, &db, database);
if (ret)
krb5_err (context, IPROPD_RESTART, ret, "hdb_create: %s", database);
ret = db->hdb_open (context, db, O_RDONLY, 0);
if (ret)
krb5_err (context, IPROPD_RESTART, ret, "db->open");
sp = krb5_storage_from_mem (buf, 4);
if (sp == NULL)
krb5_errx (context, IPROPD_RESTART, "krb5_storage_from_mem");
krb5_store_uint32 (sp, TELL_YOU_EVERYTHING);
krb5_storage_free (sp);
data.data = buf;
data.length = 4;
ret = krb5_store_data(dump, data);
if (ret) {
krb5_warn (context, ret, "write_dump");
return ret;
}
ret = hdb_foreach (context, db, HDB_F_ADMIN_DATA, dump_one, dump);
if (ret) {
krb5_warn (context, ret, "write_dump: hdb_foreach");
return ret;
}
(*db->hdb_close)(context, db);
(*db->hdb_destroy)(context, db);
sp = krb5_storage_from_mem (buf, 8);
if (sp == NULL)
krb5_errx (context, IPROPD_RESTART, "krb5_storage_from_mem");
ret = krb5_store_uint32(sp, NOW_YOU_HAVE);
if (ret == 0)
krb5_store_uint32(sp, current_version);
krb5_storage_free (sp);
data.length = 8;
if (ret == 0)
ret = krb5_store_data(dump, data);
/*
* We must ensure that the entire valid dump is written to disk
* before we write the current version at the front thus making
* it a valid dump file. If we crash around here, this can be
* important upon reboot.
*/
if (ret == 0)
ret = krb5_storage_fsync(dump);
if (ret == 0 && krb5_storage_seek(dump, 0, SEEK_SET) == -1)
ret = errno;
/* Write current version at the front making the dump valid */
if (ret == 0)
ret = krb5_store_uint32(dump, current_version);
/*
* We don't need to fsync(2) after the real version is written as
* it is not a disaster if it doesn't make it to disk if we crash.
* After all, we'll just create a new dumpfile.
*/
if (ret == 0)
krb5_warnx(context, "wrote new dumpfile (version %u)",
current_version);
else
krb5_warn(context, ret, "failed to write new dumpfile (version %u)",
current_version);
return ret;
}
static krb5_error_code
receive_everything (krb5_context context, int fd,
kadm5_server_context *server_context,
krb5_auth_context auth_context)
{
int ret;
krb5_data data;
int32_t vno = 0;
int32_t opcode;
krb5_storage *sp;
char *dbname;
HDB *mydb;
krb5_warnx(context, "receive complete database");
asprintf(&dbname, "%s-NEW", server_context->db->hdb_name);
ret = hdb_create(context, &mydb, dbname);
if(ret)
krb5_err(context,1, ret, "hdb_create");
free(dbname);
ret = hdb_set_master_keyfile (context,
mydb, server_context->config.stash_file);
if(ret)
krb5_err(context,1, ret, "hdb_set_master_keyfile");
/* I really want to use O_EXCL here, but given that I can't easily clean
up on error, I won't */
ret = mydb->hdb_open(context, mydb, O_RDWR | O_CREAT | O_TRUNC, 0600);
if (ret)
krb5_err (context, 1, ret, "db->open");
sp = NULL;
do {
ret = krb5_read_priv_message(context, auth_context, &fd, &data);
if (ret) {
krb5_warn (context, ret, "krb5_read_priv_message");
goto cleanup;
}
sp = krb5_storage_from_data (&data);
if (sp == NULL)
krb5_errx (context, 1, "krb5_storage_from_data");
krb5_ret_int32 (sp, &opcode);
if (opcode == ONE_PRINC) {
krb5_data fake_data;
hdb_entry_ex entry;
krb5_storage_free(sp);
fake_data.data = (char *)data.data + 4;
fake_data.length = data.length - 4;
memset(&entry, 0, sizeof(entry));
ret = hdb_value2entry (context, &fake_data, &entry.entry);
if (ret)
krb5_err (context, 1, ret, "hdb_value2entry");
ret = mydb->hdb_store(server_context->context,
mydb,
0, &entry);
if (ret)
krb5_err (context, 1, ret, "hdb_store");
hdb_free_entry (context, &entry);
krb5_data_free (&data);
} else if (opcode == NOW_YOU_HAVE)
;
else
krb5_errx (context, 1, "strange opcode %d", opcode);
} while (opcode == ONE_PRINC);
if (opcode != NOW_YOU_HAVE)
krb5_errx (context, 1, "receive_everything: strange %d", opcode);
krb5_ret_int32 (sp, &vno);
krb5_storage_free(sp);
ret = kadm5_log_reinit (server_context);
if (ret)
krb5_err(context, 1, ret, "kadm5_log_reinit");
ret = kadm5_log_set_version (server_context, vno - 1);
if (ret)
krb5_err (context, 1, ret, "kadm5_log_set_version");
ret = kadm5_log_nop (server_context);
if (ret)
krb5_err (context, 1, ret, "kadm5_log_nop");
ret = mydb->hdb_rename (context, mydb, server_context->db->hdb_name);
if (ret)
krb5_err (context, 1, ret, "db->rename");
cleanup:
krb5_data_free (&data);
ret = mydb->hdb_close (context, mydb);
if (ret)
krb5_err (context, 1, ret, "db->close");
ret = mydb->hdb_destroy (context, mydb);
if (ret)
krb5_err (context, 1, ret, "db->destroy");
krb5_warnx(context, "receive complete database, version %ld", (long)vno);
return ret;
}
int
main(int argc, char **argv)
{
krb5_error_code ret;
krb5_context context;
krb5_ccache ccache = NULL;
HDB *db = NULL;
int optidx = 0;
int type, exit_code;
setprogname(argv[0]);
if(getarg(args, num_args, argc, argv, &optidx))
usage(1);
if(help_flag)
usage(0);
if(version_flag){
print_version(NULL);
exit(0);
}
ret = krb5_init_context(&context);
if(ret)
exit(1);
/* We may be reading an old database encrypted with a DES master key. */
ret = krb5_allow_weak_crypto(context, 1);
if(ret)
krb5_err(context, 1, ret, "krb5_allow_weak_crypto");
if(local_realm)
krb5_set_default_realm(context, local_realm);
if(encrypt_flag && decrypt_flag)
krb5_errx(context, 1,
"only one of `--encrypt' and `--decrypt' is meaningful");
if(source_type != NULL) {
type = parse_source_type(source_type);
if(type == 0)
krb5_errx(context, 1, "unknown source type `%s'", source_type);
} else
type = HPROP_HEIMDAL;
if(!to_stdout)
get_creds(context, &ccache);
if(decrypt_flag || encrypt_flag) {
ret = hdb_read_master_key(context, mkeyfile, &mkey5);
if(ret && ret != ENOENT)
krb5_err(context, 1, ret, "hdb_read_master_key");
if(ret)
krb5_errx(context, 1, "No master key file found");
}
switch(type) {
case HPROP_MIT_DUMP:
if (database == NULL)
krb5_errx(context, 1, "no dump file specified");
break;
case HPROP_HEIMDAL:
ret = hdb_create (context, &db, database);
if(ret)
krb5_err(context, 1, ret, "hdb_create: %s", database);
ret = db->hdb_open(context, db, O_RDONLY, 0);
if(ret)
krb5_err(context, 1, ret, "db->hdb_open");
break;
default:
krb5_errx(context, 1, "unknown dump type `%d'", type);
break;
}
if (to_stdout)
exit_code = dump_database (context, type, database, db);
else
exit_code = propagate_database (context, type, database,
db, ccache, optidx, argc, argv);
if(ccache != NULL)
krb5_cc_destroy(context, ccache);
if(db != NULL)
(*db->hdb_destroy)(context, db);
krb5_free_context(context);
return exit_code;
}
int
main(int argc, char **argv)
{
krb5_error_code ret;
krb5_context context;
krb5_ccache ccache = NULL;
HDB *db = NULL;
int optidx = 0;
int type, exit_code;
setprogname(argv[0]);
if(getarg(args, num_args, argc, argv, &optidx))
usage(1);
if(help_flag)
usage(0);
if(version_flag){
print_version(NULL);
exit(0);
}
ret = krb5_init_context(&context);
if(ret)
exit(1);
if(local_realm)
krb5_set_default_realm(context, local_realm);
if(v4_realm == NULL) {
ret = krb5_get_default_realm(context, &v4_realm);
if(ret)
krb5_err(context, 1, ret, "krb5_get_default_realm");
}
if(afs_cell == NULL) {
afs_cell = strdup(v4_realm);
if(afs_cell == NULL)
krb5_errx(context, 1, "out of memory");
strlwr(afs_cell);
}
if(encrypt_flag && decrypt_flag)
krb5_errx(context, 1,
"only one of `--encrypt' and `--decrypt' is meaningful");
if(source_type != NULL) {
type = parse_source_type(source_type);
if(type == 0)
krb5_errx(context, 1, "unknown source type `%s'", source_type);
} else
type = HPROP_HEIMDAL;
if(!to_stdout)
get_creds(context, &ccache);
if(decrypt_flag || encrypt_flag) {
ret = hdb_read_master_key(context, mkeyfile, &mkey5);
if(ret && ret != ENOENT)
krb5_err(context, 1, ret, "hdb_read_master_key");
if(ret)
krb5_errx(context, 1, "No master key file found");
}
if (IS_TYPE_V4(type) && v4_realm == NULL)
krb5_errx(context, 1, "Its a Kerberos 4 database "
"but no realm configured");
switch(type) {
case HPROP_KASERVER:
if (database == NULL)
database = DEFAULT_DATABASE;
ka_use_null_salt = krb5_config_get_bool_default(context, NULL, FALSE,
"hprop",
"afs_uses_null_salt",
NULL);
break;
case HPROP_KRB4_DUMP:
if (database == NULL)
krb5_errx(context, 1, "no dump file specified");
break;
case HPROP_MIT_DUMP:
if (database == NULL)
krb5_errx(context, 1, "no dump file specified");
break;
case HPROP_HEIMDAL:
ret = hdb_create (context, &db, database);
if(ret)
krb5_err(context, 1, ret, "hdb_create: %s", database);
ret = db->hdb_open(context, db, O_RDONLY, 0);
if(ret)
krb5_err(context, 1, ret, "db->hdb_open");
break;
default:
krb5_errx(context, 1, "unknown dump type `%d'", type);
break;
}
if (to_stdout)
exit_code = dump_database (context, type, database, db);
else
exit_code = propagate_database (context, type, database,
db, ccache, optidx, argc, argv);
if(ccache != NULL)
krb5_cc_destroy(context, ccache);
if(db != NULL)
(*db->hdb_destroy)(context, db);
krb5_free_context(context);
return exit_code;
}
static kadm5_ret_t
kadm5_s_init_with_context(krb5_context context,
const char *client_name,
const char *service_name,
kadm5_config_params *realm_params,
unsigned long struct_version,
unsigned long api_version,
void **server_handle)
{
kadm5_ret_t ret;
kadm5_server_context *ctx;
char *dbname;
char *stash_file;
*server_handle = NULL;
ret = _kadm5_s_init_context(&ctx, realm_params, context);
if (ret)
return ret;
if (realm_params->mask & KADM5_CONFIG_DBNAME)
dbname = realm_params->dbname;
else
dbname = ctx->config.dbname;
if (realm_params->mask & KADM5_CONFIG_STASH_FILE)
stash_file = realm_params->stash_file;
else
stash_file = ctx->config.stash_file;
assert(dbname != NULL);
assert(stash_file != NULL);
assert(ctx->config.acl_file != NULL);
assert(ctx->log_context.log_file != NULL);
#ifndef NO_UNIX_SOCKETS
assert(ctx->log_context.socket_name.sun_path[0] != '\0');
#else
assert(ctx->log_context.socket_info != NULL);
#endif
ret = hdb_create(ctx->context, &ctx->db, dbname);
if (ret == 0)
ret = hdb_set_master_keyfile(ctx->context,
ctx->db, stash_file);
if (ret) {
kadm5_s_destroy(ctx);
return ret;
}
ctx->log_context.log_fd = -1;
#ifndef NO_UNIX_SOCKETS
ctx->log_context.socket_fd = socket(AF_UNIX, SOCK_DGRAM, 0);
#else
ctx->log_context.socket_fd = socket(ctx->log_context.socket_info->ai_family,
ctx->log_context.socket_info->ai_socktype,
ctx->log_context.socket_info->ai_protocol);
#endif
if (ctx->log_context.socket_fd != rk_INVALID_SOCKET)
socket_set_nonblocking(ctx->log_context.socket_fd, 1);
ret = krb5_parse_name(ctx->context, client_name, &ctx->caller);
if (ret == 0)
ret = _kadm5_acl_init(ctx);
if (ret)
kadm5_s_destroy(ctx);
else
*server_handle = ctx;
return ret;
}
