Пример #1
0
int
main(int argc, char **argv)
{
	int			c;
	bool_t			verbose = FALSE;
	bool_t			headeronly = FALSE;
	uint32_t		entry = 0;
	krb5_context		context;
	kadm5_config_params	params;
	kdb_log_context		*log_ctx;
	kdb_hlog_t		*ulog = NULL;

	(void) setlocale(LC_ALL, "");

#if !defined(TEXT_DOMAIN)
#define	TEXT_DOMAIN "SYS_TEST"
#endif /* TEXT_DOMAIN */

	(void) textdomain(TEXT_DOMAIN);

	if (geteuid() != (uid_t)0) {
		(void) fprintf(stderr,
		    gettext("kproplog must be run as root\n\n"));
		exit(1);
	}

	progname = argv[0];

	while ((c = getopt(argc, argv, "vhe:")) != -1) {
		switch (c) {
			case 'h':
				headeronly = TRUE;
				break;
			case 'e':
				entry = atoi(optarg);
				break;
			case 'v':
				verbose = TRUE;
				break;
			default:
				usage();
		}
	}

	if (krb5_init_context(&context)) {
		(void) fprintf(stderr,
		    gettext("Unable to initialize Kerberos\n\n"));
		exit(1);
	}

	(void) memset((char *)&params, 0, sizeof (params));

	if (kadm5_get_config_params(context, NULL, NULL, &params, &params)) {
		(void) fprintf(stderr,
		    gettext("Couldn't read database_name\n\n"));
		exit(1);
	}

	(void) printf(gettext("\nKerberos update log (%s.ulog)\n"),
	    params.dbname);

	if (ulog_map(context, &params, FKPROPLOG)) {
		(void) fprintf(stderr, gettext("Unable to map log file "
		    "%s.ulog\n\n"), params.dbname);
		exit(1);
	}

	log_ctx = context->kdblog_context;
	if (log_ctx)
		ulog = log_ctx->ulog;
	else {
		(void) fprintf(stderr, gettext("Unable to map log file "
		    "%s.ulog\n\n"), params.dbname);
		exit(1);
	}

	if (ulog->kdb_hmagic != KDB_HMAGIC) {
		(void) fprintf(stderr,
		    gettext("Corrupt header log, exiting\n\n"));
		exit(1);
	}

	(void) printf(gettext("Update log dump :\n"));
	(void) printf(gettext("\tLog version # : %u\n"), ulog->db_version_num);
	(void) printf(gettext("\tLog state : "));
	switch (ulog->kdb_state) {
		case KDB_STABLE:
			(void) printf(gettext("Stable\n"));
			break;
		case KDB_UNSTABLE:
			(void) printf(gettext("Unstable\n"));
			break;
		case KDB_CORRUPT:
			(void) printf(gettext("Corrupt\n"));
			break;
		default:
			(void) printf(gettext("Unknown state: %d\n"),
			    ulog->kdb_state);
			break;
	}
	(void) printf(gettext("\tEntry block size : %u\n"), ulog->kdb_block);
	(void) printf(gettext("\tNumber of entries : %u\n"), ulog->kdb_num);

	if (ulog->kdb_last_sno == 0)
		(void) printf(gettext("\tLast serial # : None\n"));
	else {
		if (ulog->kdb_first_sno == 0)
			(void) printf(gettext("\tFirst serial # : None\n"));
		else {
			(void) printf(gettext("\tFirst serial # : "));
			(void) printf("%u\n", ulog->kdb_first_sno);
		}

		(void) printf(gettext("\tLast serial # : "));
		(void) printf("%u\n", ulog->kdb_last_sno);
	}

	if (ulog->kdb_last_time.seconds == 0L) {
		(void) printf(gettext("\tLast time stamp : None\n"));
	} else {
		if (ulog->kdb_first_time.seconds == 0L)
			(void) printf(gettext("\tFirst time stamp : None\n"));
		else {
			(void) printf(gettext("\tFirst time stamp : %s"),
			    ctime((time_t *)
			    &(ulog->kdb_first_time.seconds)));
		}

		(void) printf(gettext("\tLast time stamp : %s\n"),
		    ctime((time_t *)&(ulog->kdb_last_time.seconds)));
	}

	if ((!headeronly) && ulog->kdb_num) {
		print_update(ulog, entry, verbose);
	}

	(void) printf("\n");

	return (0);
}
Пример #2
0
int
main(int argc, char *argv[])
{
    OM_uint32 minor_status;
    gss_buffer_desc in_buf;
    gss_OID nt_krb5_name_oid = (gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME;
    auth_gssapi_name names[4];
    kadm5_config_params params;
    verto_ctx *vctx;
    const char *pid_file = NULL;
    char **db_args = NULL, **tmpargs;
    int ret, i, db_args_size = 0, strong_random = 1, proponly = 0;

    setlocale(LC_ALL, "");
    setvbuf(stderr, NULL, _IONBF, 0);

    names[0].name = names[1].name = names[2].name = names[3].name = NULL;
    names[0].type = names[1].type = names[2].type = names[3].type =
        nt_krb5_name_oid;

    progname = (strrchr(argv[0], '/') != NULL) ? strrchr(argv[0], '/') + 1 :
        argv[0];

    memset(&params, 0, sizeof(params));

    argc--, argv++;
    while (argc) {
        if (strcmp(*argv, "-x") == 0) {
            argc--, argv++;
            if (!argc)
                usage();
            db_args_size++;
            tmpargs = realloc(db_args, sizeof(char *) * (db_args_size + 1));
            if (tmpargs == NULL) {
                fprintf(stderr, _("%s: cannot initialize. Not enough "
                                  "memory\n"), progname);
                exit(1);
            }
            db_args = tmpargs;
            db_args[db_args_size - 1] = *argv;
            db_args[db_args_size] = NULL;
        } else if (strcmp(*argv, "-r") == 0) {
            argc--, argv++;
            if (!argc)
                usage();
            params.realm = *argv;
            params.mask |= KADM5_CONFIG_REALM;
            argc--, argv++;
            continue;
        } else if (strcmp(*argv, "-m") == 0) {
            params.mkey_from_kbd = 1;
            params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
        } else if (strcmp(*argv, "-nofork") == 0) {
            nofork = 1;
#ifdef USE_PASSWORD_SERVER
        } else if (strcmp(*argv, "-passwordserver") == 0) {
            kadm5_set_use_password_server();
#endif
#ifndef DISABLE_IPROP
        } else if (strcmp(*argv, "-proponly") == 0) {
            proponly = 1;
#endif
        } else if (strcmp(*argv, "-port") == 0) {
            argc--, argv++;
            if (!argc)
                usage();
            params.kadmind_port = atoi(*argv);
            params.mask |= KADM5_CONFIG_KADMIND_PORT;
        } else if (strcmp(*argv, "-P") == 0) {
            argc--, argv++;
            if (!argc)
                usage();
            pid_file = *argv;
        } else if (strcmp(*argv, "-W") == 0) {
            strong_random = 0;
        } else if (strcmp(*argv, "-p") == 0) {
            argc--, argv++;
            if (!argc)
                usage();
            kdb5_util = *argv;
        } else if (strcmp(*argv, "-F") == 0) {
            argc--, argv++;
            if (!argc)
                usage();
            dump_file = *argv;
        } else if (strcmp(*argv, "-K") == 0) {
            argc--, argv++;
            if (!argc)
                usage();
            kprop = *argv;
        } else if (strcmp(*argv, "-k") == 0) {
            argc--, argv++;
            if (!argc)
                usage();
            kprop_port = *argv;
        } else {
            break;
        }
        argc--, argv++;
    }

    if (argc != 0)
        usage();

    ret = kadm5_init_krb5_context(&context);
    if (ret) {
        fprintf(stderr, _("%s: %s while initializing context, aborting\n"),
                progname, error_message(ret));
        exit(1);
    }

    krb5_klog_init(context, "admin_server", progname, 1);

    ret = kadm5_init(context, "kadmind", NULL, NULL, &params,
                     KADM5_STRUCT_VERSION, KADM5_API_VERSION_4, db_args,
                     &global_server_handle);
    if (ret)
        fail_to_start(ret, _("initializing"));

    ret = kadm5_get_config_params(context, 1, &params, &params);
    if (ret)
        fail_to_start(ret, _("getting config parameters"));
    if (!(params.mask & KADM5_CONFIG_REALM))
        fail_to_start(0, _("Missing required realm configuration"));
    if (!(params.mask & KADM5_CONFIG_ACL_FILE))
        fail_to_start(0, _("Missing required ACL file configuration"));

    ret = setup_loop(proponly, &vctx);
    if (ret)
        fail_to_start(ret, _("initializing network"));

    names[0].name = build_princ_name(KADM5_ADMIN_SERVICE, params.realm);
    names[1].name = build_princ_name(KADM5_CHANGEPW_SERVICE, params.realm);
    if (names[0].name == NULL || names[1].name == NULL)
        fail_to_start(0, _("Cannot build GSSAPI auth names"));

    ret = setup_kdb_keytab();
    if (ret)
        fail_to_start(0, _("Cannot set up KDB keytab"));

    if (svcauth_gssapi_set_names(names, 2) == FALSE)
        fail_to_start(0, _("Cannot set GSSAPI authentication names"));

    /* if set_names succeeded, this will too */
    in_buf.value = names[1].name;
    in_buf.length = strlen(names[1].name) + 1;
    (void)gss_import_name(&minor_status, &in_buf, nt_krb5_name_oid,
                          &gss_changepw_name);

    svcauth_gssapi_set_log_badauth2_func(log_badauth, NULL);
    svcauth_gssapi_set_log_badverf_func(log_badverf, NULL);
    svcauth_gssapi_set_log_miscerr_func(log_miscerr, NULL);

    svcauth_gss_set_log_badauth2_func(log_badauth, NULL);
    svcauth_gss_set_log_badverf_func(log_badverf, NULL);
    svcauth_gss_set_log_miscerr_func(log_miscerr, NULL);

    if (svcauth_gss_set_svc_name(GSS_C_NO_NAME) != TRUE)
        fail_to_start(0, _("Cannot initialize GSSAPI service name"));

    ret = acl_init(context, params.acl_file);
    if (ret)
        fail_to_start(ret, _("initializing ACL file"));

    if (!nofork && daemon(0, 0) != 0)
        fail_to_start(errno, _("spawning daemon process"));
    if (pid_file != NULL) {
        ret = write_pid_file(pid_file);
        if (ret)
            fail_to_start(ret, _("creating PID file"));
    }

    krb5_klog_syslog(LOG_INFO, _("Seeding random number generator"));
    ret = krb5_c_random_os_entropy(context, strong_random, NULL);
    if (ret)
        fail_to_start(ret, _("getting random seed"));

    if (params.iprop_enabled == TRUE) {
        ulog_set_role(context, IPROP_MASTER);

        ret = ulog_map(context, params.iprop_logfile, params.iprop_ulogsize);
        if (ret)
            fail_to_start(ret, _("mapping update log"));

        if (nofork) {
            fprintf(stderr,
                    _("%s: create IPROP svc (PROG=%d, VERS=%d)\n"),
                    progname, KRB5_IPROP_PROG, KRB5_IPROP_VERS);
        }
    }

    if (kprop_port == NULL)
        kprop_port = getenv("KPROP_PORT");

    krb5_klog_syslog(LOG_INFO, _("starting"));
    if (nofork)
        fprintf(stderr, _("%s: starting...\n"), progname);

    verto_run(vctx);
    krb5_klog_syslog(LOG_INFO, _("finished, exiting"));

    /* Clean up memory, etc */
    svcauth_gssapi_unset_names();
    kadm5_destroy(global_server_handle);
    loop_free(vctx);
    acl_finish(context);
    (void)gss_release_name(&minor_status, &gss_changepw_name);
    (void)gss_release_name(&minor_status, &gss_oldchangepw_name);
    for (i = 0; i < 4; i++)
        free(names[i].name);

    krb5_klog_close(context);
    krb5_free_context(context);
    exit(2);
}