int
main(int argc, char **argv)
{
krb5_error_code ret;
krb5_context context;
krb5_principal p;
const char *s;
krb5_data pw_data;
krb5_program_setup(&context, argc, argv, args, num_args, NULL);
if(help_flag)
krb5_std_usage(0, args, num_args);
if(version_flag) {
print_version(NULL);
exit(0);
}
if (principal == NULL)
krb5_errx(context, 1, "no principal given");
if (password == NULL)
krb5_errx(context, 1, "no password given");
ret = krb5_parse_name(context, principal, &p);
if (ret)
krb5_errx(context, 1, "krb5_parse_name: %s", principal);
pw_data.data = password;
pw_data.length = strlen(password);
kadm5_setup_passwd_quality_check (context, NULL, NULL);
ret = kadm5_add_passwd_quality_verifier(context, NULL);
if (ret)
krb5_errx(context, 1, "kadm5_add_passwd_quality_verifier");
s = kadm5_check_password_quality (context, p, &pw_data);
if (s)
krb5_errx(context, 1, "kadm5_check_password_quality:\n%s", s);
krb5_free_principal(context, p);
krb5_free_context(context);
return 0;
}
int
main(int argc, char **argv)
{
krb5_error_code ret;
char **files;
int optidx = 0;
int i;
krb5_log_facility *logfacility;
krb5_keytab keytab;
krb5_socket_t sfd = rk_INVALID_SOCKET;
setprogname(argv[0]);
ret = krb5_init_context(&context);
if (ret)
errx (1, "krb5_init_context failed: %d", ret);
if (getarg(args, num_args, argc, argv, &optidx)) {
warnx("error at argument `%s'", argv[optidx]);
usage(1);
}
if (help_flag)
usage (0);
if (version_flag) {
print_version(NULL);
exit(0);
}
argc -= optidx;
argv += optidx;
if (config_file == NULL) {
asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
if (config_file == NULL)
errx(1, "out of memory");
}
ret = krb5_prepend_config_files_default(config_file, &files);
if (ret)
krb5_err(context, 1, ret, "getting configuration files");
ret = krb5_set_config_files(context, files);
krb5_free_config_files(files);
if(ret)
krb5_err(context, 1, ret, "reading configuration files");
ret = krb5_openlog(context, "kadmind", &logfacility);
if (ret)
krb5_err(context, 1, ret, "krb5_openlog");
ret = krb5_set_warn_dest(context, logfacility);
if (ret)
krb5_err(context, 1, ret, "krb5_set_warn_dest");
ret = krb5_kt_register(context, &hdb_kt_ops);
if(ret)
krb5_err(context, 1, ret, "krb5_kt_register");
ret = krb5_kt_resolve(context, keytab_str, &keytab);
if(ret)
krb5_err(context, 1, ret, "krb5_kt_resolve");
kadm5_setup_passwd_quality_check (context, check_library, check_function);
for (i = 0; i < policy_libraries.num_strings; i++) {
ret = kadm5_add_passwd_quality_verifier(context,
policy_libraries.strings[i]);
if (ret)
krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
}
ret = kadm5_add_passwd_quality_verifier(context, NULL);
if (ret)
krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
if(debug_flag) {
int debug_port;
if(port_str == NULL)
debug_port = krb5_getportbyname (context, "kerberos-adm",
"tcp", 749);
else
debug_port = htons(atoi(port_str));
mini_inetd(debug_port, &sfd);
} else {
#ifdef _WIN32
pidfile(NULL);
start_server(context, port_str);
#else
struct sockaddr_storage __ss;
struct sockaddr *sa = (struct sockaddr *)&__ss;
socklen_t sa_size = sizeof(__ss);
/*
* Check if we are running inside inetd or not, if not, start
* our own server.
*/
if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 &&
rk_SOCK_ERRNO == ENOTSOCK) {
pidfile(NULL);
start_server(context, port_str);
}
#endif /* _WIN32 */
sfd = STDIN_FILENO;
}
if(realm)
krb5_set_default_realm(context, realm); /* XXX */
kadmind_loop(context, keytab, sfd);
return 0;
}
int
main(int argc, char **argv)
{
krb5_error_code ret;
char **files;
kadm5_config_params conf;
int optidx = 0;
int exit_status = 0;
setprogname(argv[0]);
ret = krb5_init_context(&context);
if (ret)
errx (1, "krb5_init_context failed: %d", ret);
if(getarg(args, num_args, argc, argv, &optidx))
usage(1);
if (help_flag)
usage (0);
if (version_flag) {
print_version(NULL);
exit(0);
}
argc -= optidx;
argv += optidx;
if (config_file == NULL) {
asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
if (config_file == NULL)
errx(1, "out of memory");
}
ret = krb5_prepend_config_files_default(config_file, &files);
if (ret)
krb5_err(context, 1, ret, "getting configuration files");
ret = krb5_set_config_files(context, files);
krb5_free_config_files(files);
if(ret)
krb5_err(context, 1, ret, "reading configuration files");
memset(&conf, 0, sizeof(conf));
if(realm) {
krb5_set_default_realm(context, realm); /* XXX should be fixed
some other way */
conf.realm = realm;
conf.mask |= KADM5_CONFIG_REALM;
}
if (admin_server) {
conf.admin_server = admin_server;
conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
}
if (server_port) {
conf.kadmind_port = htons(server_port);
conf.mask |= KADM5_CONFIG_KADMIND_PORT;
}
if (keyfile) {
conf.stash_file = keyfile;
conf.mask |= KADM5_CONFIG_STASH_FILE;
}
if(local_flag) {
int i;
kadm5_setup_passwd_quality_check (context,
check_library, check_function);
for (i = 0; i < policy_libraries.num_strings; i++) {
ret = kadm5_add_passwd_quality_verifier(context,
policy_libraries.strings[i]);
if (ret)
krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
}
ret = kadm5_add_passwd_quality_verifier(context, NULL);
if (ret)
krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
ret = kadm5_s_init_with_password_ctx(context,
KADM5_ADMIN_SERVICE,
NULL,
KADM5_ADMIN_SERVICE,
&conf, 0, 0,
&kadm_handle);
} else if (mit_flag) {
ret = kadm5_mit_init_with_password_ctx(context,
client_name,
NULL,
&conf, 0, 0,
&kadm_handle);
} else if (ad_flag) {
if (client_name == NULL)
krb5_errx(context, 1, "keytab mode require principal name");
ret = kadm5_ad_init_with_password_ctx(context,
client_name,
NULL,
KADM5_ADMIN_SERVICE,
&conf, 0, 0,
&kadm_handle);
} else if (keytab) {
if (client_name == NULL)
krb5_errx(context, 1, "keytab mode require principal name");
ret = kadm5_c_init_with_skey_ctx(context,
client_name,
keytab,
KADM5_ADMIN_SERVICE,
&conf, 0, 0,
&kadm_handle);
} else
ret = kadm5_c_init_with_password_ctx(context,
client_name,
NULL,
KADM5_ADMIN_SERVICE,
&conf, 0, 0,
&kadm_handle);
if(ret)
krb5_err(context, 1, ret, "kadm5_init_with_password");
signal(SIGINT, SIG_IGN); /* ignore signals for now, the sl command
parser will handle SIGINT its own way;
we should really take care of this in
each function, f.i `get' might be
interruptable, but not `create' */
if (argc != 0) {
ret = sl_command (commands, argc, argv);
if(ret == -1)
krb5_warnx (context, "unrecognized command: %s", argv[0]);
else if (ret == -2)
ret = 0;
if(ret != 0)
exit_status = 1;
} else {
while(!exit_seen) {
ret = sl_command_loop(commands, "kadmin> ", NULL);
if (ret == -2)
exit_seen = 1;
else if (ret != 0)
exit_status = 1;
}
}
kadm5_destroy(kadm_handle);
krb5_free_context(context);
return exit_status;
}
int
main(int argc, char **argv)
{
krb5_error_code ret;
char **files;
int optidx = 0;
int e, i;
krb5_log_facility *logfacility;
krb5_keytab keytab;
setprogname(argv[0]);
ret = krb5_init_context(&context);
if (ret)
errx (1, "krb5_init_context failed: %d", ret);
while((e = getarg(args, num_args, argc, argv, &optidx)))
warnx("error at argument `%s'", argv[optidx]);
if (help_flag)
usage (0);
if (version_flag) {
print_version(NULL);
exit(0);
}
argc -= optidx;
argv += optidx;
if (config_file == NULL) {
asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
if (config_file == NULL)
errx(1, "out of memory");
}
ret = krb5_prepend_config_files_default(config_file, &files);
if (ret)
krb5_err(context, 1, ret, "getting configuration files");
ret = krb5_set_config_files(context, files);
krb5_free_config_files(files);
if(ret)
krb5_err(context, 1, ret, "reading configuration files");
ret = krb5_openlog(context, "kadmind", &logfacility);
if (ret)
krb5_err(context, 1, ret, "krb5_openlog");
ret = krb5_set_warn_dest(context, logfacility);
if (ret)
krb5_err(context, 1, ret, "krb5_set_warn_dest");
ret = krb5_kt_register(context, &hdb_kt_ops);
if(ret)
krb5_err(context, 1, ret, "krb5_kt_register");
ret = krb5_kt_resolve(context, keytab_str, &keytab);
if(ret)
krb5_err(context, 1, ret, "krb5_kt_resolve");
kadm5_setup_passwd_quality_check (context, check_library, check_function);
for (i = 0; i < policy_libraries.num_strings; i++) {
ret = kadm5_add_passwd_quality_verifier(context,
policy_libraries.strings[i]);
if (ret)
krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
}
ret = kadm5_add_passwd_quality_verifier(context, NULL);
if (ret)
krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
{
int fd = 0;
struct sockaddr_storage __ss;
struct sockaddr *sa = (struct sockaddr *)&__ss;
socklen_t sa_size = sizeof(__ss);
krb5_auth_context ac = NULL;
int debug_port;
if(debug_flag) {
if(port_str == NULL)
debug_port = krb5_getportbyname (context, "kerberos-adm",
"tcp", 749);
else
debug_port = htons(atoi(port_str));
mini_inetd(debug_port);
} else if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 &&
errno == ENOTSOCK) {
parse_ports(context, port_str ? port_str : "+");
pidfile(NULL);
start_server(context);
}
if(realm)
krb5_set_default_realm(context, realm); /* XXX */
kadmind_loop(context, ac, keytab, fd);
}
return 0;
}
int
main (int argc, char **argv)
{
krb5_keytab keytab;
krb5_error_code ret;
char **files;
int port, i;
krb5_program_setup(&context, argc, argv, args, num_args, NULL);
if(help_flag)
krb5_std_usage(0, args, num_args);
if(version_flag) {
print_version(NULL);
exit(0);
}
if (config_file == NULL) {
asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
if (config_file == NULL)
errx(1, "out of memory");
}
ret = krb5_prepend_config_files_default(config_file, &files);
if (ret)
krb5_err(context, 1, ret, "getting configuration files");
ret = krb5_set_config_files(context, files);
krb5_free_config_files(files);
if (ret)
krb5_err(context, 1, ret, "reading configuration files");
if(realm_str)
krb5_set_default_realm(context, realm_str);
krb5_openlog (context, "kpasswdd", &log_facility);
krb5_set_warn_dest(context, log_facility);
if (port_str != NULL) {
struct servent *s = roken_getservbyname (port_str, "udp");
if (s != NULL)
port = s->s_port;
else {
char *ptr;
port = strtol (port_str, &ptr, 10);
if (port == 0 && ptr == port_str)
krb5_errx (context, 1, "bad port `%s'", port_str);
port = htons(port);
}
} else
port = krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT);
ret = krb5_kt_register(context, &hdb_kt_ops);
if(ret)
krb5_err(context, 1, ret, "krb5_kt_register");
ret = krb5_kt_resolve(context, keytab_str, &keytab);
if(ret)
krb5_err(context, 1, ret, "%s", keytab_str);
kadm5_setup_passwd_quality_check (context, check_library, check_function);
for (i = 0; i < policy_libraries.num_strings; i++) {
ret = kadm5_add_passwd_quality_verifier(context,
policy_libraries.strings[i]);
if (ret)
krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
}
ret = kadm5_add_passwd_quality_verifier(context, NULL);
if (ret)
krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
explicit_addresses.len = 0;
if (addresses_str.num_strings) {
int j;
for (j = 0; j < addresses_str.num_strings; ++j)
add_one_address (addresses_str.strings[j], j == 0);
free_getarg_strings (&addresses_str);
} else {
char **foo = krb5_config_get_strings (context, NULL,
"kdc", "addresses", NULL);
if (foo != NULL) {
add_one_address (*foo++, TRUE);
while (*foo)
add_one_address (*foo++, FALSE);
}
}
#ifdef HAVE_SIGACTION
{
struct sigaction sa;
sa.sa_flags = 0;
sa.sa_handler = sigterm;
sigemptyset(&sa.sa_mask);
sigaction(SIGINT, &sa, NULL);
sigaction(SIGTERM, &sa, NULL);
}
#else
signal(SIGINT, sigterm);
signal(SIGTERM, sigterm);
#endif
pidfile(NULL);
return doit (keytab, port);
}
int
main(int argc, char **argv)
{
krb5_error_code ret;
int optidx = 0;
int i;
krb5_keytab keytab;
krb5_socket_t sfd = rk_INVALID_SOCKET;
setprogname(argv[0]);
ret = krb5_init_context(&context);
if (ret)
errx (1, "krb5_init_context failed: %d", ret);
if (getarg(args, num_args, argc, argv, &optidx)) {
warnx("error at argument `%s'", argv[optidx]);
usage(1);
}
if (help_flag)
usage (0);
if (version_flag) {
print_version(NULL);
exit(0);
}
setup_context(context);
/*
* Now, do the same for the gssapi thread we are going to be running in
*/
{
krb5_context gssctx;
ret = _gsskrb5_init(&gssctx);
if (ret)
errx(1, "failed to setup gssapi context");
setup_context(gssctx);
krb5_gss_register_acceptor_identity("HDB:");
}
ret = krb5_kt_resolve(context, keytab_str, &keytab);
if(ret)
krb5_err(context, 1, ret, "krb5_kt_resolve");
kadm5_setup_passwd_quality_check (context, check_library, check_function);
for (i = 0; i < policy_libraries.num_strings; i++) {
ret = kadm5_add_passwd_quality_verifier(context,
policy_libraries.strings[i]);
if (ret)
krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
}
ret = kadm5_add_passwd_quality_verifier(context, NULL);
if (ret)
krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
#ifdef ___APPLE__
if (sandbox_flag) {
char *errorstring;
ret = sandbox_init("kadmind", SANDBOX_NAMED, &errorstring);
if (ret)
errx(1, "sandbox_init failed: %d: %s", ret, errorstring);
}
#endif
if(debug_flag) {
int debug_port;
if(port_str == NULL)
debug_port = krb5_getportbyname (context, "kerberos-adm",
"tcp", 749);
else
debug_port = htons(atoi(port_str));
mini_inetd(debug_port, &sfd);
} else {
#ifdef _WIN32
pidfile(NULL);
start_server(context, port_str);
#else
struct sockaddr_storage __ss;
struct sockaddr *sa = (struct sockaddr *)&__ss;
socklen_t sa_size = sizeof(__ss);
/*
* Check if we are running inside inetd or not, if not, start
* our own server.
*/
if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 &&
rk_SOCK_ERRNO == ENOTSOCK) {
pidfile(NULL);
start_server(context, port_str);
}
#endif /* _WIN32 */
sfd = STDIN_FILENO;
}
if(realm)
krb5_set_default_realm(context, realm); /* XXX */
kadmind_loop(context, keytab, sfd);
return 0;
}
