krb5_error_code
krb5_db_get_mkey(krb5_context kcontext, krb5_keyblock ** key)
{
krb5_error_code status = 0;
kdb5_dal_handle *dal_handle;
if (kcontext->db_context == NULL) {
status = kdb_setup_lib_handle(kcontext);
if (status) {
goto clean_n_exit;
}
}
dal_handle = (kdb5_dal_handle *) kcontext->db_context;
status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
if (status) {
goto clean_n_exit;
}
/* Lets use temp key and copy it later to avoid memory problems
when freed by the caller. */
status = dal_handle->lib_handle->vftabl.get_master_key(kcontext, key);
get_errmsg(kcontext, status);
kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE);
clean_n_exit:
return status;
}
krb5_error_code
krb5_db_free_principal(krb5_context kcontext, krb5_db_entry * entry, int count)
{
krb5_error_code status = 0;
kdb5_dal_handle *dal_handle;
if (kcontext->db_context == NULL) {
status = kdb_setup_lib_handle(kcontext);
if (status) {
goto clean_n_exit;
}
}
dal_handle = (kdb5_dal_handle *) kcontext->db_context;
status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
if (status) {
goto clean_n_exit;
}
status =
dal_handle->lib_handle->vftabl.db_free_principal(kcontext, entry,
count);
get_errmsg(kcontext, status);
kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE);
clean_n_exit:
return status;
}
krb5_error_code
krb5_free_supported_realms(krb5_context kcontext, char **realms)
{
krb5_error_code status = 0;
kdb5_dal_handle *dal_handle;
if (kcontext->db_context == NULL) {
status = kdb_setup_lib_handle(kcontext);
if (status) {
goto clean_n_exit;
}
}
dal_handle = (kdb5_dal_handle *) kcontext->db_context;
status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
if (status) {
goto clean_n_exit;
}
status =
dal_handle->lib_handle->vftabl.db_free_supported_realms(kcontext,
realms);
get_errmsg(kcontext, status);
kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE);
clean_n_exit:
return status;
}
krb5_error_code
krb5_db_fini(krb5_context kcontext)
{
krb5_error_code status = 0;
kdb5_dal_handle *dal_handle;
if (kcontext->db_context == NULL) {
/* module not loaded. So nothing to be done */
goto clean_n_exit;
}
dal_handle = (kdb5_dal_handle *) kcontext->db_context;
status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
if (status) {
goto clean_n_exit;
}
status = dal_handle->lib_handle->vftabl.fini_module(kcontext);
get_errmsg(kcontext, status);
kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE);
if (status) {
goto clean_n_exit;
}
status = kdb_free_lib_handle(kcontext);
clean_n_exit:
return status;
}
krb5_error_code
krb5_db_verify_master_key(krb5_context kcontext,
krb5_principal mprinc, krb5_keyblock * mkey)
{
krb5_error_code status = 0;
kdb5_dal_handle *dal_handle;
if (kcontext->db_context == NULL) {
status = kdb_setup_lib_handle(kcontext);
if (status) {
goto clean_n_exit;
}
}
dal_handle = (kdb5_dal_handle *) kcontext->db_context;
status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
if (status) {
goto clean_n_exit;
}
status = dal_handle->lib_handle->vftabl.verify_master_key(kcontext,
mprinc, mkey);
get_errmsg(kcontext, status);
kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE);
clean_n_exit:
return status;
}
krb5_error_code
krb5_db_store_master_key(krb5_context kcontext,
char *db_arg,
krb5_principal mname,
krb5_keyblock * key, char *master_pwd)
{
krb5_error_code status = 0;
kdb5_dal_handle *dal_handle;
if (kcontext->db_context == NULL) {
status = kdb_setup_lib_handle(kcontext);
if (status) {
goto clean_n_exit;
}
}
dal_handle = (kdb5_dal_handle *) kcontext->db_context;
status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
if (status) {
goto clean_n_exit;
}
status = dal_handle->lib_handle->vftabl.store_master_key(kcontext,
db_arg,
mname,
key, master_pwd);
get_errmsg(kcontext, status);
kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE);
clean_n_exit:
return status;
}
krb5_error_code
krb5_db_set_option(krb5_context kcontext, int option, void *value)
{
krb5_error_code status = 0;
kdb5_dal_handle *dal_handle;
if (kcontext->db_context == NULL) {
status = kdb_setup_lib_handle(kcontext);
if (status) {
goto clean_n_exit;
}
}
dal_handle = (kdb5_dal_handle *) kcontext->db_context;
status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
if (status) {
goto clean_n_exit;
}
status =
dal_handle->lib_handle->vftabl.db_set_option(kcontext, option, value);
get_errmsg(kcontext, status);
kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE);
clean_n_exit:
return status;
}
krb5_error_code
krb5_db_set_master_key_ext(krb5_context kcontext,
char *pwd, krb5_keyblock * key)
{
krb5_error_code status = 0;
kdb5_dal_handle *dal_handle;
if (kcontext->db_context == NULL) {
status = kdb_setup_lib_handle(kcontext);
if (status) {
goto clean_n_exit;
}
}
dal_handle = (kdb5_dal_handle *) kcontext->db_context;
status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
if (status) {
goto clean_n_exit;
}
status = dal_handle->lib_handle->vftabl.set_master_key(kcontext, pwd, key);
get_errmsg(kcontext, status);
kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE);
clean_n_exit:
return status;
}
krb5_error_code
krb5_db_lock(krb5_context kcontext, int lock_mode)
{
krb5_error_code status = 0;
kdb5_dal_handle *dal_handle;
if (kcontext->db_context == NULL) {
status = kdb_setup_lib_handle(kcontext);
if (status) {
goto clean_n_exit;
}
}
dal_handle = (kdb5_dal_handle *) kcontext->db_context;
/* acquire an exclusive lock, ensures no other thread uses this context */
status = kdb_lock_lib_lock(dal_handle->lib_handle, TRUE);
if (status) {
goto clean_n_exit;
}
status = dal_handle->lib_handle->vftabl.db_lock(kcontext, lock_mode);
get_errmsg(kcontext, status);
/* exclusive lock is still held, so no other thread could use this context */
kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE);
clean_n_exit:
return status;
}
krb5_error_code
krb5_db_unlock(krb5_context kcontext)
{
krb5_error_code status = 0;
kdb5_dal_handle *dal_handle;
if (kcontext->db_context == NULL) {
status = kdb_setup_lib_handle(kcontext);
if (status) {
goto clean_n_exit;
}
}
dal_handle = (kdb5_dal_handle *) kcontext->db_context;
/* normal lock acquired and exclusive lock released */
status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
if (status) {
goto clean_n_exit;
}
status = dal_handle->lib_handle->vftabl.db_unlock(kcontext);
get_errmsg(kcontext, status);
kdb_unlock_lib_lock(dal_handle->lib_handle, TRUE);
clean_n_exit:
return status;
}
krb5_error_code
krb5_db_iterate(krb5_context kcontext,
char *match_entry,
int (*func) (krb5_pointer, krb5_db_entry *),
krb5_pointer func_arg)
{
krb5_error_code status = 0;
kdb5_dal_handle *dal_handle;
if (kcontext->db_context == NULL) {
status = kdb_setup_lib_handle(kcontext);
if (status) {
goto clean_n_exit;
}
}
dal_handle = (kdb5_dal_handle *) kcontext->db_context;
status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
if (status) {
goto clean_n_exit;
}
status = dal_handle->lib_handle->vftabl.db_iterate(kcontext,
match_entry,
func, func_arg);
get_errmsg(kcontext, status);
kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE);
clean_n_exit:
return status;
}
krb5_error_code
krb5_db_get_age(krb5_context kcontext, char *db_name, time_t * t)
{
krb5_error_code status = 0;
kdb5_dal_handle *dal_handle;
if (kcontext->db_context == NULL) {
status = kdb_setup_lib_handle(kcontext);
if (status) {
goto clean_n_exit;
}
}
dal_handle = (kdb5_dal_handle *) kcontext->db_context;
status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
if (status) {
goto clean_n_exit;
}
status = dal_handle->lib_handle->vftabl.db_get_age(kcontext, db_name, t);
get_errmsg(kcontext, status);
kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE);
clean_n_exit:
return status;
}
/*
* Set selection string and optionally scan it
* returns false on error in string
* returns true if OK
*/
bool sellist::set_string(char *string, bool scan=true)
{
/*
* Copy string, because we write into it,
* then scan through it once to find any
* errors.
*/
if (str) {
free(str);
}
e = str = bstrdup(string);
end = 0;
beg = 1;
num_items = 0;
if (scan) {
while (next() >= 0) {
num_items++;
}
if (get_errmsg()) {
return false;
}
e = str;
end = 0;
beg = 1;
}
return true;
}
krb5_error_code
krb5_db_get_principal(krb5_context kcontext,
krb5_const_principal search_for,
krb5_db_entry * entries,
int *nentries, krb5_boolean * more)
{
krb5_error_code status = 0;
kdb5_dal_handle *dal_handle;
if (kcontext->db_context == NULL) {
status = kdb_setup_lib_handle(kcontext);
if (status) {
goto clean_n_exit;
}
}
dal_handle = (kdb5_dal_handle *) kcontext->db_context;
status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
if (status) {
goto clean_n_exit;
}
status =
dal_handle->lib_handle->vftabl.db_get_principal(kcontext, search_for,
entries, nentries,
more);
get_errmsg(kcontext, status);
kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE);
clean_n_exit:
return status;
}
smart_device * smart_interface::get_smart_device(const char * name, const char * type)
{
clear_err();
// Call platform specific autodetection if no device type specified
smart_device * dev;
if (!type || !*type) {
dev = autodetect_smart_device(name);
if (!dev && !get_errno())
set_err(EINVAL, "Unable to detect device type");
return dev;
}
// First check for platform specific device types
dev = get_custom_smart_device(name, type);
if (dev || get_errno())
return dev;
if (!strcmp(type, "ata"))
dev = get_ata_device(name, type);
else if (!strcmp(type, "scsi"))
dev = get_scsi_device(name, type);
else if ( ((!strncmp(type, "sat", 3) && (!type[3] || strchr(",+", type[3])))
|| (!strncmp(type, "usb", 3)))) {
// Split "sat...+base..." -> ("sat...", "base...")
unsigned satlen = strcspn(type, "+");
std::string sattype(type, satlen);
const char * basetype = (type[satlen] ? type+satlen+1 : "");
// Recurse to allocate base device, default is standard SCSI
if (!*basetype)
basetype = "scsi";
smart_device_auto_ptr basedev( get_smart_device(name, basetype) );
if (!basedev) {
set_err(EINVAL, "Type '%s+...': %s", sattype.c_str(), get_errmsg());
return 0;
}
// Result must be SCSI
if (!basedev->is_scsi()) {
set_err(EINVAL, "Type '%s+...': Device type '%s' is not SCSI", sattype.c_str(), basetype);
return 0;
}
// Attach SAT tunnel
ata_device * satdev = get_sat_device(sattype.c_str(), basedev->to_scsi());
if (!satdev)
return 0;
basedev.release();
return satdev;
}
else {
set_err(EINVAL, "Unknown device type '%s'", type);
return 0;
}
if (!dev && !get_errno())
set_err(EINVAL, "Not a device of type '%s'", type);
return dev;
}
void
dumptab(char *filename)
{
int n;
struct host *hp;
FILE *fp;
time_t t;
/* Print symbols in alphabetical order for reader's convenience. */
static char legend[] = "#\n# Legend:\t(see bootptab.5)\n\
#\tfirst field -- hostname (not indented)\n\
#\tbf -- bootfile\n\
#\tbs -- bootfile size in 512-octet blocks\n\
#\tcs -- cookie servers\n\
#\tdf -- dump file name\n\
#\tdn -- domain name\n\
#\tds -- domain name servers\n\
#\tef -- extension file\n\
#\tex -- exec file (YORK_EX_OPTION)\n\
#\tgw -- gateways\n\
#\tha -- hardware address\n\
#\thd -- home directory for bootfiles\n\
#\thn -- host name set for client\n\
#\tht -- hardware type\n\
#\tim -- impress servers\n\
#\tip -- host IP address\n\
#\tlg -- log servers\n\
#\tlp -- LPR servers\n\
#\tms -- message size\n\
#\tmw -- min wait (secs)\n\
#\tns -- IEN-116 name servers\n\
#\tnt -- NTP servers (RFC 1129)\n\
#\tra -- reply address override\n\
#\trl -- resource location protocol servers\n\
#\trp -- root path\n\
#\tsa -- boot server address\n\
#\tsm -- subnet mask\n\
#\tsw -- swap server\n\
#\ttc -- template host (points to similar host entry)\n\
#\ttd -- TFTP directory\n\
#\tto -- time offset (seconds)\n\
#\tts -- time servers\n\
#\tvm -- vendor magic number\n\
#\tyd -- YP (NIS) domain\n\
#\tys -- YP (NIS) servers\n\
#\tTn -- generic option tag n\n\
\n";
/*
* Open bootpd.dump file.
*/
if ((fp = fopen(filename, "w")) == NULL) {
report(LOG_ERR, "error opening \"%s\": %s",
filename, get_errmsg());
exit(1);
}
void fdb_opfinish(int ret, HDF *hdf, fdb_t *fdb,
char *target, char *url, bool header)
{
char msg[LEN_SM];
if (ret == RET_DBOP_OK) {
return;
}
get_errmsg(ret, msg);
mutil_redirect(msg, target, url, header);
if (fdb != NULL) {
fdb_free(&fdb);
}
/* TODO system resource need free*/
exit(ret);
}
void fdb_opfinish_json(int ret, HDF *hdf, fdb_t *fdb)
{
char msg[LEN_SM];
if (ret == RET_DBOP_OK) {
hdf_set_value(hdf, PRE_SUCCESS, "1");
return;
}
hdf_remove_tree(hdf, PRE_SUCCESS);
get_errmsg(ret, msg);
hdf_set_value(hdf, PRE_ERRMSG, msg);
mjson_output_hdf(hdf, 0);
if (fdb != NULL) {
fdb_free(&fdb);
}
/* TODO system resource need free*/
exit(ret);
}
/*
* External functions... DAL API
*/
krb5_error_code
krb5_db_open(krb5_context kcontext, char **db_args, int mode)
{
krb5_error_code status = 0;
char *section = NULL;
kdb5_dal_handle *dal_handle;
section = kdb_get_conf_section(kcontext);
if (section == NULL) {
status = KRB5_KDB_SERVER_INTERNAL_ERR;
krb5_set_error_message (kcontext, status,
"unable to determine configuration section for realm %s\n",
kcontext->default_realm ? kcontext->default_realm : "[UNSET]");
goto clean_n_exit;
}
if (kcontext->db_context == NULL) {
status = kdb_setup_lib_handle(kcontext);
if (status) {
goto clean_n_exit;
}
}
dal_handle = (kdb5_dal_handle *) kcontext->db_context;
status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
if (status) {
goto clean_n_exit;
}
status =
dal_handle->lib_handle->vftabl.init_module(kcontext, section, db_args,
mode);
get_errmsg(kcontext, status);
kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE);
clean_n_exit:
if (section)
free(section);
return status;
}
static int change_mode_r(const char *path, mode_t mode)
{
int ret = 0;
struct infinity_dirent dent;
int fd = open(path, O_RDONLY);
char buf[256];
int d = 0;
while(sys_readdir(fd, d++, &dent) == 0) {
if(path[0] == '/' && path[1] == 0)
sprintf(buf, "/%s", dent.d_name);
else
sprintf(buf, "%s/%s", path, dent.d_name);
if(dent.d_type == 0x02)
ret = change_mode_r(buf, mode);
int res = sys_chmod(buf, mode);
if(res != 0) {
printf("chmod: can not access %s : %s\n", buf, get_errmsg(res));
ret = res;
}
}
return ret;
}
static int change_mode(struct chmod_options *options)
{
if(options->path[0] == 0 || options->mode[0] == 0) {
printf("chmod: missing operand!\n");
return -1;
}
int mode = strtol(options->mode, NULL, 8);
if(options->recursive) {
if(change_mode_r(options->path, mode))
return -1;
}
int res = sys_chmod(options->path, mode);
if(res != 0) {
printf("chmod: can not access %s : %s\n", options->path, get_errmsg(res));
return -1;
}
return 0;
}
krb5_error_code
krb5_dbe_search_enctype(krb5_context kcontext,
krb5_db_entry * dbentp,
krb5_int32 * start,
krb5_int32 ktype,
krb5_int32 stype,
krb5_int32 kvno, krb5_key_data ** kdatap)
{
krb5_error_code status = 0;
kdb5_dal_handle *dal_handle;
if (kcontext->db_context == NULL) {
status = kdb_setup_lib_handle(kcontext);
if (status) {
goto clean_n_exit;
}
}
dal_handle = (kdb5_dal_handle *) kcontext->db_context;
status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
if (status) {
goto clean_n_exit;
}
status = dal_handle->lib_handle->vftabl.dbe_search_enctype(kcontext,
dbentp,
start,
ktype,
stype,
kvno, kdatap);
get_errmsg(kcontext, status);
kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE);
clean_n_exit:
return status;
}
/*
* Setup the arp cache so that IP address 'ia' will be temporarily
* bound to hardware address 'ha' of length 'len'.
*
* s socket fd
* ia protocol address
* hafamily HW address family
* halen HW address data
*/
void
setarp(int s, struct in_addr *ia, int hafamily, u_char *haddr, int halen)
{
#ifdef SIOCSARP
#ifdef WIN_TCP
/* This is an SVR4 with different networking code from
* Wollongong WIN-TCP. Not quite like the Lachman code.
* Code from: [email protected] (Andrew B. Sudell)
*/
#undef SIOCSARP
#define SIOCSARP ARP_ADD
struct arptab arpreq; /* Arp table entry */
bzero((caddr_t) &arpreq, sizeof(arpreq));
arpreq.at_flags = ATF_COM;
/* Set up IP address */
arpreq.at_in = ia->s_addr;
/* Set up Hardware Address */
bcopy(haddr, arpreq.at_enaddr, halen);
/* Set the Date Link type. */
/* XXX - Translate (hafamily) to dltype somehow? */
arpreq.at_dltype = DL_ETHER;
#else /* WIN_TCP */
/* Good old Berkeley way. */
struct arpreq arpreq; /* Arp request ioctl block */
struct sockaddr_in *si;
char *p;
bzero((caddr_t) &arpreq, sizeof(arpreq));
arpreq.arp_flags = ATF_INUSE | ATF_COM;
/* Set up the protocol address. */
arpreq.arp_pa.sa_family = AF_INET;
si = (struct sockaddr_in *) &arpreq.arp_pa;
si->sin_addr = *ia;
/* Set up the hardware address. */
#ifdef __linux__ /* XXX - Do others need this? -gwr */
/*
* Linux requires the sa_family field set.
* [email protected] (Al Longyear)
*/
arpreq.arp_ha.sa_family = hafamily;
#endif /* linux */
/* This variable is just to help catch type mismatches. */
p = arpreq.arp_ha.sa_data;
bcopy(haddr, p, halen);
#endif /* WIN_TCP */
#ifdef SVR4
/*
* And now the stuff for System V Rel 4.x which does not
* appear to allow SIOCxxx ioctls on a socket descriptor.
* Thanks to several people: (all sent the same fix)
* Barney Wolff <*****@*****.**>,
* [email protected] (Bj|rn Sj|holm),
* Michael Kuschke <*****@*****.**>,
*/
{
int fd;
struct strioctl iocb;
if ((fd=open("/dev/arp", O_RDWR)) < 0) {
report(LOG_ERR, "open /dev/arp: %s\n", get_errmsg());
}
iocb.ic_cmd = SIOCSARP;
iocb.ic_timout = 0;
iocb.ic_dp = (char *)&arpreq;
iocb.ic_len = sizeof(arpreq);
if (ioctl(fd, I_STR, (caddr_t)&iocb) < 0) {
report(LOG_ERR, "ioctl I_STR: %s\n", get_errmsg());
}
close (fd);
}
#else /* SVR4 */
/*
* On SunOS, the ioctl sometimes returns ENXIO, and it
* appears to happen when the ARP cache entry you tried
* to add is already in the cache. (Sigh...)
* XXX - Should this error simply be ignored? -gwr
*/
if (ioctl(s, SIOCSARP, (caddr_t) &arpreq) < 0) {
report(LOG_ERR, "ioctl SIOCSARP: %s", get_errmsg());
}
#endif /* SVR4 */
#else /* SIOCSARP */
#if defined(BSD) && (BSD >= 199306)
bsd_arp_set(ia, haddr, halen);
#else
/*
* Oh well, SIOCSARP is not defined. Just run arp(8).
* Need to delete partial entry first on some systems.
* XXX - Gag!
*/
int status;
char buf[256];
char *a;
extern char *inet_ntoa();
a = inet_ntoa(*ia);
snprintf(buf, sizeof(buf), "arp -d %s; arp -s %s %s temp",
a, a, haddrtoa(haddr, halen));
if (debug > 2)
report(LOG_INFO, "%s", buf);
status = system(buf);
if (status)
report(LOG_ERR, "arp failed, exit code=0x%x", status);
return;
#endif /* ! 4.4 BSD */
#endif /* SIOCSARP */
}
krb5_error_code
krb5_db_put_principal(krb5_context kcontext,
krb5_db_entry * entries, int *nentries)
{
krb5_error_code status = 0;
kdb5_dal_handle *dal_handle;
char **db_args = NULL;
krb5_tl_data *prev, *curr, *next;
int db_args_size = 0;
if (kcontext->db_context == NULL) {
status = kdb_setup_lib_handle(kcontext);
if (status) {
goto clean_n_exit;
}
}
/* Giving db_args as part of tl data causes, db2 to store the
tl_data as such. To prevent this, tl_data is collated and
passed as a sepearte argument. Currently supports only one
principal. but passing it as a seperate argument makes it
difficult for kadmin remote to pass arguments to server. */
prev = NULL, curr = entries->tl_data;
while (curr) {
if (curr->tl_data_type == KRB5_TL_DB_ARGS) {
char **t;
/* Since this is expected to be NULL terminated string and
this could come from any client, do a check before
passing it to db. */
if (((char *) curr->tl_data_contents)[curr->tl_data_length - 1] !=
'\0') {
/* not null terminated. Dangerous input */
status = EINVAL;
goto clean_n_exit;
}
db_args_size++;
t = realloc(db_args, sizeof(char *) * (db_args_size + 1)); /* 1 for NULL */
if (t == NULL) {
status = ENOMEM;
goto clean_n_exit;
}
db_args = t;
db_args[db_args_size - 1] = (char *) curr->tl_data_contents;
db_args[db_args_size] = NULL;
next = curr->tl_data_next;
if (prev == NULL) {
/* current node is the first in the linked list. remove it */
entries->tl_data = curr->tl_data_next;
} else {
prev->tl_data_next = curr->tl_data_next;
}
entries->n_tl_data--;
krb5_db_free(kcontext, curr);
/* previous does not change */
curr = next;
} else {
prev = curr;
curr = curr->tl_data_next;
}
}
dal_handle = (kdb5_dal_handle *) kcontext->db_context;
status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
if (status) {
goto clean_n_exit;
}
status = dal_handle->lib_handle->vftabl.db_put_principal(kcontext, entries,
nentries,
db_args);
get_errmsg(kcontext, status);
kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE);
clean_n_exit:
while (db_args_size) {
if (db_args[db_args_size - 1])
krb5_db_free(kcontext, db_args[db_args_size - 1]);
db_args_size--;
}
if (db_args)
free(db_args);
return status;
}
krb5_error_code
krb5_db_fetch_mkey(krb5_context context,
krb5_principal mname,
krb5_enctype etype,
krb5_boolean fromkeyboard,
krb5_boolean twice,
char *db_args, krb5_data * salt, krb5_keyblock * key)
{
krb5_error_code retval;
char password[BUFSIZ];
krb5_data pwd;
unsigned int size = sizeof(password);
int kvno;
krb5_keyblock tmp_key;
memset(&tmp_key, 0, sizeof(tmp_key));
if (fromkeyboard) {
krb5_data scratch;
if ((retval = krb5_read_password(context, krb5_mkey_pwd_prompt1,
twice ? krb5_mkey_pwd_prompt2 : 0,
password, &size))) {
goto clean_n_exit;
}
pwd.data = password;
pwd.length = size;
if (!salt) {
retval = krb5_principal2salt(context, mname, &scratch);
if (retval)
goto clean_n_exit;
}
retval =
krb5_c_string_to_key(context, etype, &pwd, salt ? salt : &scratch,
key);
if (!salt)
krb5_xfree(scratch.data);
memset(password, 0, sizeof(password)); /* erase it */
} else {
kdb5_dal_handle *dal_handle;
if (context->db_context == NULL) {
retval = kdb_setup_lib_handle(context);
if (retval) {
goto clean_n_exit;
}
}
dal_handle = (kdb5_dal_handle *) context->db_context;
retval = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
if (retval) {
goto clean_n_exit;
}
tmp_key.enctype = key->enctype;
retval = dal_handle->lib_handle->vftabl.fetch_master_key(context,
mname,
&tmp_key,
&kvno,
db_args);
get_errmsg(context, retval);
kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE);
if (retval) {
goto clean_n_exit;
}
key->contents = malloc(tmp_key.length);
if (key->contents == NULL) {
retval = ENOMEM;
goto clean_n_exit;
}
key->magic = tmp_key.magic;
key->enctype = tmp_key.enctype;
key->length = tmp_key.length;
memcpy(key->contents, tmp_key.contents, tmp_key.length);
}
clean_n_exit:
if (tmp_key.contents) {
memset(tmp_key.contents, 0, tmp_key.length);
krb5_db_free(context, tmp_key.contents);
}
return retval;
}
confighandlerexception::confighandlerexception(action_handler_status e) {
msg = get_errmsg(e);
}
int
main(int argc, char **argv)
{
int timeout;
struct bootp *bp;
struct servent *servp;
struct hostent *hep;
char *stmp;
socklen_t ba_len, ra_len;
int n;
int nfound;
struct pollfd set[1];
int standalone;
progname = strrchr(argv[0], '/');
if (progname) progname++;
else progname = argv[0];
/*
* Initialize logging.
*/
report_init(0); /* uses progname */
/*
* Log startup
*/
report(LOG_INFO, "version %s.%d", VERSION, PATCHLEVEL);
/* Debugging for compilers with struct padding. */
assert(sizeof(struct bootp) == BP_MINPKTSZ);
/* Get space for receiving packets and composing replies. */
pktbuf = malloc(MAX_MSG_SIZE);
if (!pktbuf) {
report(LOG_ERR, "malloc failed");
exit(1);
}
bp = (struct bootp *) pktbuf;
/*
* Check to see if a socket was passed to us from inetd.
*
* Use getsockname() to determine if descriptor 0 is indeed a socket
* (and thus we are probably a child of inetd) or if it is instead
* something else and we are running standalone.
*/
s = 0;
ba_len = sizeof(bind_addr);
bzero((char *) &bind_addr, ba_len);
errno = 0;
standalone = TRUE;
if (getsockname(s, (struct sockaddr *) &bind_addr, &ba_len) == 0) {
/*
* Descriptor 0 is a socket. Assume we are a child of inetd.
*/
if (bind_addr.sin_family == AF_INET) {
standalone = FALSE;
bootps_port = ntohs(bind_addr.sin_port);
} else {
/* Some other type of socket? */
report(LOG_INFO, "getsockname: not an INET socket");
}
}
/*
* Set defaults that might be changed by option switches.
*/
stmp = NULL;
timeout = actualtimeout;
gethostname(myhostname, sizeof(myhostname));
myhostname[sizeof(myhostname) - 1] = '\0';
hep = gethostbyname(myhostname);
if (!hep) {
printf("Can not get my IP address\n");
exit(1);
}
bcopy(hep->h_addr, (char *)&my_ip_addr, sizeof(my_ip_addr));
/*
* Read switches.
*/
for (argc--, argv++; argc > 0; argc--, argv++) {
if (argv[0][0] != '-')
break;
switch (argv[0][1]) {
case 'd': /* debug level */
if (argv[0][2]) {
stmp = &(argv[0][2]);
} else if (argv[1] && argv[1][0] == '-') {
/*
* Backwards-compatible behavior:
* no parameter, so just increment the debug flag.
*/
debug++;
break;
} else {
argc--;
argv++;
stmp = argv[0];
}
if (!stmp || (sscanf(stmp, "%d", &n) != 1) || (n < 0)) {
fprintf(stderr,
"%s: invalid debug level\n", progname);
break;
}
debug = n;
break;
case 'h': /* hop count limit */
if (argv[0][2]) {
stmp = &(argv[0][2]);
} else {
argc--;
argv++;
stmp = argv[0];
}
if (!stmp || (sscanf(stmp, "%d", &n) != 1) ||
(n < 0) || (n > 16))
{
fprintf(stderr,
"bootpgw: invalid hop count limit\n");
break;
}
maxhops = (u_int)n;
break;
case 'i': /* inetd mode */
standalone = FALSE;
break;
case 's': /* standalone mode */
standalone = TRUE;
break;
case 't': /* timeout */
if (argv[0][2]) {
stmp = &(argv[0][2]);
} else {
argc--;
argv++;
stmp = argv[0];
}
if (!stmp || (sscanf(stmp, "%d", &n) != 1) || (n < 0)) {
fprintf(stderr,
"%s: invalid timeout specification\n", progname);
break;
}
actualtimeout = n * 60000;
/*
* If the actual timeout is zero, pass INFTIM
* to poll so it blocks indefinitely, otherwise,
* use the actual timeout value.
*/
timeout = (n > 0) ? actualtimeout : INFTIM;
break;
case 'w': /* wait time */
if (argv[0][2]) {
stmp = &(argv[0][2]);
} else {
argc--;
argv++;
stmp = argv[0];
}
if (!stmp || (sscanf(stmp, "%d", &n) != 1) ||
(n < 0) || (n > 60))
{
fprintf(stderr,
"bootpgw: invalid wait time\n");
break;
}
minwait = (u_int)n;
break;
default:
fprintf(stderr, "%s: unknown switch: -%c\n",
progname, argv[0][1]);
usage();
break;
} /* switch */
} /* for args */
/* Make sure server name argument is suplied. */
servername = argv[0];
if (!servername) {
fprintf(stderr, "bootpgw: missing server name\n");
usage();
}
/*
* Get address of real bootp server.
*/
if (inet_aton(servername, &serv_addr.sin_addr) == 0) {
hep = gethostbyname(servername);
if (!hep) {
fprintf(stderr, "bootpgw: can't get addr for %s\n", servername);
exit(1);
}
memcpy(&serv_addr.sin_addr, hep->h_addr,
sizeof(serv_addr.sin_addr));
}
if (standalone) {
/*
* Go into background and disassociate from controlling terminal.
* XXX - This is not the POSIX way (Should use setsid). -gwr
*/
if (debug < 3) {
if (fork())
exit(0);
#ifdef NO_SETSID
setpgrp(0,0);
#ifdef TIOCNOTTY
n = open("/dev/tty", O_RDWR);
if (n >= 0) {
ioctl(n, TIOCNOTTY, (char *) 0);
(void) close(n);
}
#endif /* TIOCNOTTY */
#else /* SETSID */
if (setsid() < 0)
perror("setsid");
#endif /* SETSID */
} /* if debug < 3 */
/*
* Nuke any timeout value
*/
timeout = INFTIM;
/*
* Here, bootpd would do:
* chdir
* tzone_init
* rdtab_init
* readtab
*/
/*
* Create a socket.
*/
if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
report(LOG_ERR, "socket: %s", get_network_errmsg());
exit(1);
}
/*
* Get server's listening port number
*/
servp = getservbyname("bootps", "udp");
if (servp) {
bootps_port = ntohs((u_short) servp->s_port);
} else {
bootps_port = (u_short) IPPORT_BOOTPS;
report(LOG_ERR,
"udp/bootps: unknown service -- assuming port %d",
bootps_port);
}
/*
* Bind socket to BOOTPS port.
*/
bind_addr.sin_family = AF_INET;
bind_addr.sin_port = htons(bootps_port);
bind_addr.sin_addr.s_addr = INADDR_ANY;
if (bind(s, (struct sockaddr *) &bind_addr,
sizeof(bind_addr)) < 0)
{
report(LOG_ERR, "bind: %s", get_network_errmsg());
exit(1);
}
} /* if standalone */
/*
* Get destination port number so we can reply to client
*/
servp = getservbyname("bootpc", "udp");
if (servp) {
bootpc_port = ntohs(servp->s_port);
} else {
report(LOG_ERR,
"udp/bootpc: unknown service -- assuming port %d",
IPPORT_BOOTPC);
bootpc_port = (u_short) IPPORT_BOOTPC;
}
/* no signal catchers */
/*
* Process incoming requests.
*/
set[0].fd = s;
set[0].events = POLLIN;
for (;;) {
nfound = poll(set, 1, timeout);
if (nfound < 0) {
if (errno != EINTR) {
report(LOG_ERR, "poll: %s", get_errmsg());
}
continue;
}
if (nfound == 0) {
report(LOG_INFO, "exiting after %d minute%s of inactivity",
actualtimeout / 60000,
actualtimeout == 60000 ? "" : "s");
exit(0);
}
ra_len = sizeof(clnt_addr);
n = recvfrom(s, pktbuf, MAX_MSG_SIZE, 0,
(struct sockaddr *) &clnt_addr, &ra_len);
if (n <= 0) {
continue;
}
if (debug > 3) {
report(LOG_INFO, "recvd pkt from IP addr %s",
inet_ntoa(clnt_addr.sin_addr));
}
if (n < (int)sizeof(struct bootp)) {
if (debug) {
report(LOG_INFO, "received short packet");
}
continue;
}
pktlen = n;
switch (bp->bp_op) {
case BOOTREQUEST:
handle_request();
break;
case BOOTREPLY:
handle_reply();
break;
}
}
}