1178825Sdfr/*
2233294Sstas * Copyright (c) 2007 Kungliga Tekniska H��gskolan
3233294Sstas * (Royal Institute of Technology, Stockholm, Sweden).
4233294Sstas * All rights reserved.
5178825Sdfr *
6233294Sstas * Redistribution and use in source and binary forms, with or without
7233294Sstas * modification, are permitted provided that the following conditions
8233294Sstas * are met:
9178825Sdfr *
10233294Sstas * 1. Redistributions of source code must retain the above copyright
11233294Sstas *    notice, this list of conditions and the following disclaimer.
12178825Sdfr *
13233294Sstas * 2. Redistributions in binary form must reproduce the above copyright
14233294Sstas *    notice, this list of conditions and the following disclaimer in the
15233294Sstas *    documentation and/or other materials provided with the distribution.
16178825Sdfr *
17233294Sstas * 3. Neither the name of the Institute nor the names of its contributors
18233294Sstas *    may be used to endorse or promote products derived from this software
19233294Sstas *    without specific prior written permission.
20178825Sdfr *
21233294Sstas * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22233294Sstas * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23233294Sstas * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24233294Sstas * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25233294Sstas * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26233294Sstas * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27233294Sstas * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28233294Sstas * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29233294Sstas * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30233294Sstas * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31233294Sstas * SUCH DAMAGE.
32178825Sdfr */
33178825Sdfr
34178825Sdfr#include "kdc_locl.h"
35178825Sdfr
36178825Sdfrstatic int version_flag;
37178825Sdfrstatic int help_flag;
38178825Sdfr
39178825Sdfrstruct getargs args[] = {
40178825Sdfr    { "version",   0,	arg_flag, &version_flag },
41178825Sdfr    { "help",     'h',	arg_flag, &help_flag }
42178825Sdfr};
43178825Sdfr
44178825Sdfrconst static int num_args = sizeof(args) / sizeof(args[0]);
45178825Sdfr
46178825Sdfrstatic void
47178825Sdfrusage(int ret)
48178825Sdfr{
49178825Sdfr    arg_printusage (args, num_args, NULL, "kdc-request-log-file");
50178825Sdfr    exit (ret);
51178825Sdfr}
52178825Sdfr
53178825Sdfrint
54178825Sdfrmain(int argc, char **argv)
55178825Sdfr{
56178825Sdfr    krb5_error_code ret;
57178825Sdfr    krb5_context context;
58178825Sdfr    krb5_kdc_configuration *config;
59178825Sdfr    krb5_storage *sp;
60178825Sdfr    int fd, optidx = 0;
61178825Sdfr
62178825Sdfr    setprogname(argv[0]);
63233294Sstas
64178825Sdfr    if(getarg(args, num_args, argc, argv, &optidx))
65178825Sdfr	usage(1);
66178825Sdfr
67178825Sdfr    if(help_flag)
68178825Sdfr	usage(0);
69233294Sstas
70178825Sdfr    if(version_flag){
71178825Sdfr	print_version(NULL);
72178825Sdfr	exit(0);
73178825Sdfr    }
74178825Sdfr
75178825Sdfr    ret = krb5_init_context(&context);
76178825Sdfr    if (ret)
77178825Sdfr	errx (1, "krb5_init_context failed to parse configuration file");
78178825Sdfr
79178825Sdfr    ret = krb5_kdc_get_config(context, &config);
80178825Sdfr    if (ret)
81178825Sdfr	krb5_err(context, 1, ret, "krb5_kdc_default_config");
82178825Sdfr
83233294Sstas    kdc_openlog(context, "kdc-replay", config);
84178825Sdfr
85178825Sdfr    ret = krb5_kdc_set_dbinfo(context, config);
86178825Sdfr    if (ret)
87178825Sdfr	krb5_err(context, 1, ret, "krb5_kdc_set_dbinfo");
88178825Sdfr
89233294Sstas#ifdef PKINIT
90233294Sstas    if (config->enable_pkinit) {
91233294Sstas	if (config->pkinit_kdc_identity == NULL)
92233294Sstas	    krb5_errx(context, 1, "pkinit enabled but no identity");
93233294Sstas
94233294Sstas	if (config->pkinit_kdc_anchors == NULL)
95233294Sstas	    krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
96233294Sstas
97233294Sstas	krb5_kdc_pk_initialize(context, config,
98233294Sstas			       config->pkinit_kdc_identity,
99233294Sstas			       config->pkinit_kdc_anchors,
100233294Sstas			       config->pkinit_kdc_cert_pool,
101233294Sstas			       config->pkinit_kdc_revoke);
102233294Sstas
103233294Sstas    }
104233294Sstas#endif /* PKINIT */
105233294Sstas
106178825Sdfr    if (argc != 2)
107178825Sdfr	errx(1, "argc != 2");
108178825Sdfr
109178825Sdfr    printf("kdc replay\n");
110178825Sdfr
111178825Sdfr    fd = open(argv[1], O_RDONLY);
112178825Sdfr    if (fd < 0)
113178825Sdfr	err(1, "open: %s", argv[1]);
114178825Sdfr
115178825Sdfr    sp = krb5_storage_from_fd(fd);
116178825Sdfr    if (sp == NULL)
117178825Sdfr	krb5_errx(context, 1, "krb5_storage_from_fd");
118178825Sdfr
119178825Sdfr    while(1) {
120178825Sdfr	struct sockaddr_storage sa;
121178825Sdfr	krb5_socklen_t salen = sizeof(sa);
122178825Sdfr	struct timeval tv;
123178825Sdfr	krb5_address a;
124178825Sdfr	krb5_data d, r;
125178825Sdfr	uint32_t t, clty, tag;
126178825Sdfr	char astr[80];
127178825Sdfr
128178825Sdfr	ret = krb5_ret_uint32(sp, &t);
129178825Sdfr	if (ret == HEIM_ERR_EOF)
130178825Sdfr	    break;
131178825Sdfr	else if (ret)
132178825Sdfr	    krb5_errx(context, 1, "krb5_ret_uint32(version)");
133178825Sdfr	if (t != 1)
134178825Sdfr	    krb5_errx(context, 1, "version not 1");
135178825Sdfr	ret = krb5_ret_uint32(sp, &t);
136178825Sdfr	if (ret)
137178825Sdfr	    krb5_errx(context, 1, "krb5_ret_uint32(time)");
138178825Sdfr	ret = krb5_ret_address(sp, &a);
139178825Sdfr	if (ret)
140178825Sdfr	    krb5_errx(context, 1, "krb5_ret_address");
141178825Sdfr	ret = krb5_ret_data(sp, &d);
142178825Sdfr	if (ret)
143178825Sdfr	    krb5_errx(context, 1, "krb5_ret_data");
144178825Sdfr	ret = krb5_ret_uint32(sp, &clty);
145178825Sdfr	if (ret)
146178825Sdfr	    krb5_errx(context, 1, "krb5_ret_uint32(class|type)");
147178825Sdfr	ret = krb5_ret_uint32(sp, &tag);
148178825Sdfr	if (ret)
149178825Sdfr	    krb5_errx(context, 1, "krb5_ret_uint32(tag)");
150178825Sdfr
151178825Sdfr
152178825Sdfr	ret = krb5_addr2sockaddr (context, &a, (struct sockaddr *)&sa,
153178825Sdfr				  &salen, 88);
154178825Sdfr	if (ret == KRB5_PROG_ATYPE_NOSUPP)
155178825Sdfr	    goto out;
156178825Sdfr	else if (ret)
157178825Sdfr	    krb5_err(context, 1, ret, "krb5_addr2sockaddr");
158178825Sdfr
159178825Sdfr	ret = krb5_print_address(&a, astr, sizeof(astr), NULL);
160178825Sdfr	if (ret)
161178825Sdfr	    krb5_err(context, 1, ret, "krb5_print_address");
162178825Sdfr
163233294Sstas	printf("processing request from %s, %lu bytes\n",
164178825Sdfr	       astr, (unsigned long)d.length);
165178825Sdfr
166178825Sdfr	r.length = 0;
167178825Sdfr	r.data = NULL;
168178825Sdfr
169178825Sdfr	tv.tv_sec = t;
170178825Sdfr	tv.tv_usec = 0;
171178825Sdfr
172178825Sdfr	krb5_kdc_update_time(&tv);
173178825Sdfr	krb5_set_real_time(context, tv.tv_sec, 0);
174178825Sdfr
175178825Sdfr	ret = krb5_kdc_process_request(context, config, d.data, d.length,
176178825Sdfr				       &r, NULL, astr,
177178825Sdfr				       (struct sockaddr *)&sa, 0);
178178825Sdfr	if (ret)
179178825Sdfr	    krb5_err(context, 1, ret, "krb5_kdc_process_request");
180178825Sdfr
181178825Sdfr	if (r.length) {
182178825Sdfr	    Der_class cl;
183178825Sdfr	    Der_type ty;
184178825Sdfr	    unsigned int tag2;
185178825Sdfr	    ret = der_get_tag (r.data, r.length,
186178825Sdfr			       &cl, &ty, &tag2, NULL);
187178825Sdfr	    if (MAKE_TAG(cl, ty, 0) != clty)
188178825Sdfr		krb5_errx(context, 1, "class|type mismatch: %d != %d",
189178825Sdfr			  (int)MAKE_TAG(cl, ty, 0), (int)clty);
190178825Sdfr	    if (tag != tag2)
191178825Sdfr		krb5_errx(context, 1, "tag mismatch");
192178825Sdfr
193178825Sdfr	    krb5_data_free(&r);
194178825Sdfr	} else {
195178825Sdfr	    if (clty != 0xffffffff)
196178825Sdfr		krb5_errx(context, 1, "clty not invalid");
197178825Sdfr	    if (tag != 0xffffffff)
198178825Sdfr		krb5_errx(context, 1, "tag not invalid");
199178825Sdfr	}
200178825Sdfr
201178825Sdfr    out:
202178825Sdfr	krb5_data_free(&d);
203178825Sdfr	krb5_free_address(context, &a);
204178825Sdfr    }
205178825Sdfr
206178825Sdfr    krb5_storage_free(sp);
207178825Sdfr    krb5_free_context(context);
208178825Sdfr
209178825Sdfr    printf("done\n");
210178825Sdfr
211178825Sdfr    return 0;
212178825Sdfr}
213