summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/lib/kadm5/ipropd_slave.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/lib/kadm5/ipropd_slave.c')
-rw-r--r--crypto/heimdal/lib/kadm5/ipropd_slave.c208
1 files changed, 164 insertions, 44 deletions
diff --git a/crypto/heimdal/lib/kadm5/ipropd_slave.c b/crypto/heimdal/lib/kadm5/ipropd_slave.c
index 76884eb..8d8bf25 100644
--- a/crypto/heimdal/lib/kadm5/ipropd_slave.c
+++ b/crypto/heimdal/lib/kadm5/ipropd_slave.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,9 @@
#include "iprop.h"
-RCSID("$Id: ipropd_slave.c,v 1.10 1999/12/02 17:05:06 joda Exp $");
+RCSID("$Id: ipropd_slave.c,v 1.21 2000/08/06 02:06:19 assar Exp $");
+
+static krb5_log_facility *log_facility;
static int
connect_to_master (krb5_context context, const char *master)
@@ -47,7 +49,8 @@ connect_to_master (krb5_context context, const char *master)
krb5_err (context, 1, errno, "socket AF_INET");
memset (&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
- addr.sin_port = htons(4711);
+ addr.sin_port = krb5_getportbyname (context,
+ IPROP_SERVICE, "tcp", IPROP_PORT);
he = roken_gethostbyname (master);
if (he == NULL)
krb5_errx (context, 1, "gethostbyname: %s", hstrerror(h_errno));
@@ -58,31 +61,37 @@ connect_to_master (krb5_context context, const char *master)
}
static void
-get_creds(krb5_context context, krb5_ccache *cache, const char *host)
+get_creds(krb5_context context, const char *keytab_str,
+ krb5_ccache *cache, const char *host)
{
krb5_keytab keytab;
krb5_principal client;
krb5_error_code ret;
krb5_get_init_creds_opt init_opts;
-#if 0
- krb5_preauthtype preauth = KRB5_PADATA_ENC_TIMESTAMP;
-#endif
krb5_creds creds;
- char my_hostname[128];
char *server;
+ char keytab_buf[256];
- ret = krb5_kt_default(context, &keytab);
- if(ret) krb5_err(context, 1, ret, "krb5_kt_default");
+ ret = krb5_kt_register(context, &hdb_kt_ops);
+ if(ret)
+ krb5_err(context, 1, ret, "krb5_kt_register");
- gethostname (my_hostname, sizeof(my_hostname));
- ret = krb5_sname_to_principal (context, my_hostname, IPROP_NAME,
+ if (keytab_str == NULL) {
+ ret = krb5_kt_default_name (context, keytab_buf, sizeof(keytab_buf));
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_kt_default_name");
+ keytab_str = keytab_buf;
+ }
+
+ ret = krb5_kt_resolve(context, keytab_str, &keytab);
+ if(ret)
+ krb5_err(context, 1, ret, "%s", keytab_str);
+
+ ret = krb5_sname_to_principal (context, NULL, IPROP_NAME,
KRB5_NT_SRV_HST, &client);
if (ret) krb5_err(context, 1, ret, "krb5_sname_to_principal");
krb5_get_init_creds_opt_init(&init_opts);
-#if 0
- krb5_get_init_creds_opt_set_preauth_list(&init_opts, &preauth, 1);
-#endif
asprintf (&server, "%s/%s", IPROP_NAME, host);
if (server == NULL)
@@ -134,21 +143,15 @@ ihave (krb5_context context, krb5_auth_context auth_context,
}
static void
-receive (krb5_context context,
- krb5_storage *sp,
- kadm5_server_context *server_context)
+receive_loop (krb5_context context,
+ krb5_storage *sp,
+ kadm5_server_context *server_context)
{
int ret;
off_t left, right;
void *buf;
int32_t vers;
- ret = server_context->db->open(context,
- server_context->db,
- O_RDWR | O_CREAT, 0);
- if (ret)
- krb5_err (context, 1, ret, "db->open");
-
do {
int32_t len, timestamp, tmp;
enum kadm_ops op;
@@ -166,7 +169,7 @@ receive (krb5_context context,
left = sp->seek (sp, -16, SEEK_CUR);
right = sp->seek (sp, 0, SEEK_END);
buf = malloc (right - left);
- if (buf == NULL) {
+ if (buf == NULL && (right - left) != 0) {
krb5_warnx (context, "malloc: no memory");
return;
}
@@ -197,21 +200,120 @@ receive (krb5_context context,
server_context->log_context.version = vers;
sp->seek (sp, 8, SEEK_CUR);
}
+}
+
+static void
+receive (krb5_context context,
+ krb5_storage *sp,
+ kadm5_server_context *server_context)
+{
+ int ret;
+
+ ret = server_context->db->open(context,
+ server_context->db,
+ O_RDWR | O_CREAT, 0600);
+ if (ret)
+ krb5_err (context, 1, ret, "db->open");
+
+ receive_loop (context, sp, server_context);
+
+ ret = server_context->db->close (context, server_context->db);
+ if (ret)
+ krb5_err (context, 1, ret, "db->close");
+}
+
+static void
+receive_everything (krb5_context context, int fd,
+ kadm5_server_context *server_context,
+ krb5_auth_context auth_context)
+{
+ int ret;
+ krb5_data data;
+ int32_t vno;
+ int32_t opcode;
+
+ ret = server_context->db->open(context,
+ server_context->db,
+ O_RDWR | O_CREAT | O_TRUNC, 0600);
+ if (ret)
+ krb5_err (context, 1, ret, "db->open");
+
+ do {
+ krb5_storage *sp;
+
+ ret = krb5_read_priv_message(context, auth_context, &fd, &data);
+
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_read_priv_message");
+
+ sp = krb5_storage_from_data (&data);
+ krb5_ret_int32 (sp, &opcode);
+ if (opcode == ONE_PRINC) {
+ krb5_data fake_data;
+ hdb_entry entry;
+
+ fake_data.data = (char *)data.data + 4;
+ fake_data.length = data.length - 4;
+
+ ret = hdb_value2entry (context, &fake_data, &entry);
+ if (ret)
+ krb5_err (context, 1, ret, "hdb_value2entry");
+ ret = server_context->db->store(server_context->context,
+ server_context->db,
+ 0, &entry);
+ if (ret)
+ krb5_err (context, 1, ret, "hdb_store");
+
+ hdb_free_entry (context, &entry);
+ krb5_data_free (&data);
+ }
+ } while (opcode == ONE_PRINC);
+
+ if (opcode != NOW_YOU_HAVE)
+ krb5_errx (context, 1, "receive_everything: strange %d", opcode);
+
+ _krb5_get_int ((char *)data.data + 4, &vno, 4);
+
+ ret = kadm5_log_reinit (server_context);
+ if (ret)
+ krb5_err(context, 1, ret, "kadm5_log_reinit");
+
+ ret = kadm5_log_set_version (server_context, vno - 1);
+ if (ret)
+ krb5_err (context, 1, ret, "kadm5_log_set_version");
+
+ ret = kadm5_log_nop (server_context);
+ if (ret)
+ krb5_err (context, 1, ret, "kadm5_log_nop");
+
+ krb5_data_free (&data);
ret = server_context->db->close (context, server_context->db);
if (ret)
krb5_err (context, 1, ret, "db->close");
}
-char *realm;
-int version_flag;
-int help_flag;
-struct getargs args[] = {
+static char *realm;
+static int version_flag;
+static int help_flag;
+static char *keytab_str;
+
+static struct getargs args[] = {
{ "realm", 'r', arg_string, &realm },
+ { "keytab", 'k', arg_string, &keytab_str,
+ "keytab to get authentication from", "kspec" },
{ "version", 0, arg_flag, &version_flag },
{ "help", 0, arg_flag, &help_flag }
};
-int num_args = sizeof(args) / sizeof(args[0]);
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage (int code, struct getargs *args, int num_args)
+{
+ arg_printusage (args, num_args, NULL, "master");
+ exit (code);
+}
int
main(int argc, char **argv)
@@ -227,16 +329,32 @@ main(int argc, char **argv)
krb5_principal server;
int optind;
+ const char *master;
- optind = krb5_program_setup(&context, argc, argv, args, num_args, NULL);
+ optind = krb5_program_setup(&context, argc, argv, args, num_args, usage);
if(help_flag)
- krb5_std_usage(0, args, num_args);
+ usage (0, args, num_args);
if(version_flag) {
print_version(NULL);
exit(0);
}
+ argc -= optind;
+ argv += optind;
+
+ if (argc != 1)
+ usage (1, args, num_args);
+
+ master = argv[0];
+
+ krb5_openlog (context, "ipropd-master", &log_facility);
+ krb5_set_warn_dest(context, log_facility);
+
+ ret = krb5_kt_register(context, &hdb_kt_ops);
+ if(ret)
+ krb5_err(context, 1, ret, "krb5_kt_register");
+
memset(&conf, 0, sizeof(conf));
if(realm) {
conf.mask |= KADM5_CONFIG_REALM;
@@ -257,11 +375,11 @@ main(int argc, char **argv)
if (ret)
krb5_err (context, 1, ret, "kadm5_log_init");
- get_creds(context, &ccache, argv[1]);
+ get_creds(context, keytab_str, &ccache, master);
- master_fd = connect_to_master (context, argv[1]);
+ master_fd = connect_to_master (context, master);
- ret = krb5_sname_to_principal (context, argv[1], IPROP_NAME,
+ ret = krb5_sname_to_principal (context, master, IPROP_NAME,
KRB5_NT_SRV_HST, &server);
if (ret)
krb5_err (context, 1, ret, "krb5_sname_to_principal");
@@ -279,18 +397,14 @@ main(int argc, char **argv)
for (;;) {
int ret;
- krb5_data data, out;
+ krb5_data out;
krb5_storage *sp;
int32_t tmp;
- ret = krb5_read_message (context, &master_fd, &data);
- if (ret)
- krb5_err (context, 1, ret, "krb5_read_message");
+ ret = krb5_read_priv_message(context, auth_context, &master_fd, &out);
- ret = krb5_rd_priv (context, auth_context, &data, &out, NULL);
- krb5_data_free (&data);
if (ret)
- krb5_err (context, 1, ret, "krb5_rd_priv");
+ krb5_err (context, 1, ret, "krb5_read_priv_message");
sp = krb5_storage_from_mem (out.data, out.length);
krb5_ret_int32 (sp, &tmp);
@@ -300,7 +414,13 @@ main(int argc, char **argv)
ihave (context, auth_context, master_fd,
server_context->log_context.version);
break;
+ case TELL_YOU_EVERYTHING :
+ receive_everything (context, master_fd, server_context,
+ auth_context);
+ break;
+ case NOW_YOU_HAVE :
case I_HAVE :
+ case ONE_PRINC :
default :
krb5_warnx (context, "Ignoring command %d", tmp);
break;
@@ -308,6 +428,6 @@ main(int argc, char **argv)
krb5_storage_free (sp);
krb5_data_free (&out);
}
-
+
return 0;
-}
+ }
OpenPOWER on IntegriCloud