diff options
Diffstat (limited to 'kerberosV/src/lib/kadm5/ipropd_slave.c')
-rw-r--r-- | kerberosV/src/lib/kadm5/ipropd_slave.c | 177 |
1 files changed, 139 insertions, 38 deletions
diff --git a/kerberosV/src/lib/kadm5/ipropd_slave.c b/kerberosV/src/lib/kadm5/ipropd_slave.c index f1c0c9f8031..9759c5ae9a1 100644 --- a/kerberosV/src/lib/kadm5/ipropd_slave.c +++ b/kerberosV/src/lib/kadm5/ipropd_slave.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,12 +34,15 @@ #include "iprop.h" #include <util.h> -RCSID("$KTH: ipropd_slave.c,v 1.27.2.1 2003/08/15 16:45:15 lha Exp $"); +RCSID("$KTH: ipropd_slave.c,v 1.39 2005/05/23 17:39:35 lha Exp $"); static krb5_log_facility *log_facility; +static char *server_time_lost = "5 min"; +static int time_before_lost; static int -connect_to_master (krb5_context context, const char *master) +connect_to_master (krb5_context context, const char *master, + const char *port_str) { int fd; struct sockaddr_in addr; @@ -50,8 +53,23 @@ connect_to_master (krb5_context context, const char *master) krb5_err (context, 1, errno, "socket AF_INET"); memset (&addr, 0, sizeof(addr)); addr.sin_family = AF_INET; - addr.sin_port = krb5_getportbyname (context, - IPROP_SERVICE, "tcp", IPROP_PORT); + if (port_str) { + addr.sin_port = krb5_getportbyname (context, + port_str, "tcp", + 0); + if (addr.sin_port == 0) { + char *ptr; + long port; + + port = strtol (port_str, &ptr, 10); + if (port == 0 && ptr == port_str) + krb5_errx (context, 1, "bad port `%s'", port_str); + addr.sin_port = htons(port); + } + } else { + addr.sin_port = krb5_getportbyname (context, IPROP_SERVICE, + "tcp", IPROP_PORT); + } he = roken_gethostbyname (master); if (he == NULL) krb5_errx (context, 1, "gethostbyname: %s", hstrerror(h_errno)); @@ -68,7 +86,7 @@ get_creds(krb5_context context, const char *keytab_str, krb5_keytab keytab; krb5_principal client; krb5_error_code ret; - krb5_get_init_creds_opt init_opts; + krb5_get_init_creds_opt *init_opts; krb5_creds creds; char *server; char keytab_buf[256]; @@ -88,15 +106,17 @@ get_creds(krb5_context context, const char *keytab_str, KRB5_NT_SRV_HST, &client); if (ret) krb5_err(context, 1, ret, "krb5_sname_to_principal"); - krb5_get_init_creds_opt_init(&init_opts); + ret = krb5_get_init_creds_opt_alloc(context, &init_opts); + if (ret) krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc"); asprintf (&server, "%s/%s", IPROP_NAME, host); if (server == NULL) krb5_errx (context, 1, "malloc: no memory"); ret = krb5_get_init_creds_keytab(context, &creds, client, keytab, - 0, server, &init_opts); + 0, server, init_opts); free (server); + krb5_get_init_creds_opt_free(init_opts); if(ret) krb5_err(context, 1, ret, "krb5_get_init_creds"); ret = krb5_kt_close(context, keytab); @@ -119,7 +139,7 @@ ihave (krb5_context context, krb5_auth_context auth_context, int ret; u_char buf[8]; krb5_storage *sp; - krb5_data data, priv_data; + krb5_data data; sp = krb5_storage_from_mem (buf, 8); krb5_store_int32 (sp, I_HAVE); @@ -128,15 +148,9 @@ ihave (krb5_context context, krb5_auth_context auth_context, data.length = 8; data.data = buf; - ret = krb5_mk_priv (context, auth_context, &data, &priv_data, NULL); - if (ret) - krb5_err (context, 1, ret, "krb_mk_priv"); - - ret = krb5_write_message (context, &fd, &priv_data); + ret = krb5_write_priv_message(context, auth_context, &fd, &data); if (ret) - krb5_err (context, 1, ret, "krb5_write_message"); - - krb5_data_free (&priv_data); + krb5_err (context, 1, ret, "krb5_write_priv_message"); } static void @@ -160,7 +174,7 @@ receive_loop (krb5_context context, op = tmp; krb5_ret_int32 (sp, &len); if (vers <= server_context->log_context.version) - krb5_storage_seek(sp, len, SEEK_CUR); + krb5_storage_seek(sp, len + 8, SEEK_CUR); } while(vers <= server_context->log_context.version); left = krb5_storage_seek (sp, -16, SEEK_CUR); @@ -192,7 +206,7 @@ receive_loop (krb5_context context, ret = kadm5_log_replay (server_context, op, vers, len, sp); if (ret) - krb5_warn (context, ret, "kadm5_log_replay"); + krb5_warn (context, ret, "kadm5_log_replay: %d", (int)vers); else server_context->log_context.version = vers; krb5_storage_seek (sp, 8, SEEK_CUR); @@ -206,20 +220,45 @@ receive (krb5_context context, { int ret; - ret = server_context->db->open(context, - server_context->db, - O_RDWR | O_CREAT, 0600); + ret = server_context->db->hdb_open(context, + server_context->db, + O_RDWR | O_CREAT, 0600); if (ret) krb5_err (context, 1, ret, "db->open"); receive_loop (context, sp, server_context); - ret = server_context->db->close (context, server_context->db); + ret = server_context->db->hdb_close (context, server_context->db); if (ret) krb5_err (context, 1, ret, "db->close"); } static void +send_im_here (krb5_context context, int fd, + krb5_auth_context auth_context) +{ + krb5_storage *sp; + krb5_data data; + int ret; + + ret = krb5_data_alloc (&data, 4); + if (ret) + krb5_err (context, 1, ret, "send_im_here"); + + sp = krb5_storage_from_data (&data); + if (sp == NULL) + krb5_errx (context, 1, "krb5_storage_from_data"); + krb5_store_int32(sp, I_AM_HERE); + krb5_storage_free(sp); + + ret = krb5_write_priv_message(context, auth_context, &fd, &data); + krb5_data_free(&data); + + if (ret) + krb5_err (context, 1, ret, "krb5_write_priv_message"); +} + +static void receive_everything (krb5_context context, int fd, kadm5_server_context *server_context, krb5_auth_context auth_context) @@ -228,12 +267,12 @@ receive_everything (krb5_context context, int fd, krb5_data data; int32_t vno; int32_t opcode; - unsigned long tmp; + krb5_storage *sp; char *dbname; HDB *mydb; - asprintf(&dbname, "%s-NEW", server_context->db->name); + asprintf(&dbname, "%s-NEW", server_context->db->hdb_name); ret = hdb_create(context, &mydb, dbname); if(ret) krb5_err(context,1, ret, "hdb_create"); @@ -246,47 +285,53 @@ receive_everything (krb5_context context, int fd, /* I really want to use O_EXCL here, but given that I can't easily clean up on error, I won't */ - ret = mydb->open(context, mydb, O_RDWR | O_CREAT | O_TRUNC, 0600); + ret = mydb->hdb_open(context, mydb, O_RDWR | O_CREAT | O_TRUNC, 0600); if (ret) krb5_err (context, 1, ret, "db->open"); + sp = NULL; do { - krb5_storage *sp; - ret = krb5_read_priv_message(context, auth_context, &fd, &data); if (ret) krb5_err (context, 1, ret, "krb5_read_priv_message"); sp = krb5_storage_from_data (&data); + if (sp == NULL) + krb5_errx (context, 1, "krb5_storage_from_data"); krb5_ret_int32 (sp, &opcode); if (opcode == ONE_PRINC) { krb5_data fake_data; hdb_entry entry; + krb5_storage_free(sp); + fake_data.data = (char *)data.data + 4; fake_data.length = data.length - 4; ret = hdb_value2entry (context, &fake_data, &entry); if (ret) krb5_err (context, 1, ret, "hdb_value2entry"); - ret = mydb->store(server_context->context, - mydb, - 0, &entry); + ret = mydb->hdb_store(server_context->context, + mydb, + 0, &entry); if (ret) krb5_err (context, 1, ret, "hdb_store"); hdb_free_entry (context, &entry); krb5_data_free (&data); - } + } else if (opcode == NOW_YOU_HAVE) + ; + else + krb5_errx (context, 1, "strange opcode %d", opcode); } while (opcode == ONE_PRINC); if (opcode != NOW_YOU_HAVE) krb5_errx (context, 1, "receive_everything: strange %d", opcode); - _krb5_get_int ((char *)data.data + 4, &tmp, 4); - vno = tmp; + krb5_ret_int32 (sp, &vno); + krb5_storage_free(sp); ret = kadm5_log_reinit (server_context); if (ret) @@ -302,28 +347,38 @@ receive_everything (krb5_context context, int fd, krb5_data_free (&data); - ret = mydb->rename (context, mydb, server_context->db->name); + ret = mydb->hdb_rename (context, mydb, server_context->db->hdb_name); if (ret) krb5_err (context, 1, ret, "db->rename"); - ret = mydb->close (context, mydb); + ret = mydb->hdb_close (context, mydb); if (ret) krb5_err (context, 1, ret, "db->close"); - ret = mydb->destroy (context, mydb); + ret = mydb->hdb_destroy (context, mydb); if (ret) krb5_err (context, 1, ret, "db->destroy"); } +static char *config_file; static char *realm; static int version_flag; static int help_flag; static char *keytab_str; +static char *port_str; +static int detach_from_console = 0; static struct getargs args[] = { + { "config-file", 'c', arg_string, &config_file }, { "realm", 'r', arg_string, &realm }, { "keytab", 'k', arg_string, &keytab_str, "keytab to get authentication from", "kspec" }, + { "time-lost", 0, arg_string, &server_time_lost, + "time before server is considered lost", "time" }, + { "port", 0, arg_string, &port_str, + "port ipropd-slave will connect to", "port"}, + { "detach", 0, arg_flag, &detach_from_console, + "detach from console" }, { "version", 0, arg_flag, &version_flag }, { "help", 0, arg_flag, &help_flag } }; @@ -349,6 +404,7 @@ main(int argc, char **argv) int master_fd; krb5_ccache ccache; krb5_principal server; + char **files; int optind; const char *master; @@ -362,6 +418,18 @@ main(int argc, char **argv) exit(0); } + if (config_file == NULL) + config_file = HDB_DB_DIR "/kdc.conf"; + + ret = krb5_prepend_config_files_default(config_file, &files); + if (ret) + krb5_err(context, 1, ret, "getting configuration files"); + + ret = krb5_set_config_files(context, files); + krb5_free_config_files(files); + if (ret) + krb5_err(context, 1, ret, "reading configuration files"); + argc -= optind; argv += optind; @@ -370,6 +438,8 @@ main(int argc, char **argv) master = argv[0]; + if (detach_from_console) + daemon(0, 0); pidfile (NULL); krb5_openlog (context, "ipropd-slave", &log_facility); krb5_set_warn_dest(context, log_facility); @@ -378,6 +448,10 @@ main(int argc, char **argv) if(ret) krb5_err(context, 1, ret, "krb5_kt_register"); + time_before_lost = parse_time (server_time_lost, "s"); + if (time_before_lost < 0) + krb5_errx (context, 1, "couldn't parse time: %s", server_time_lost); + memset(&conf, 0, sizeof(conf)); if(realm) { conf.mask |= KADM5_CONFIG_REALM; @@ -400,7 +474,7 @@ main(int argc, char **argv) get_creds(context, keytab_str, &ccache, master); - master_fd = connect_to_master (context, master); + master_fd = connect_to_master (context, master, port_str); ret = krb5_sname_to_principal (context, master, IPROP_NAME, KRB5_NT_SRV_HST, &server); @@ -423,6 +497,29 @@ main(int argc, char **argv) krb5_data out; krb5_storage *sp; int32_t tmp; + fd_set readset; + struct timeval to; + + if (master_fd >= FD_SETSIZE) + krb5_errx (context, 1, "fd too large"); + + FD_ZERO(&readset); + FD_SET(master_fd, &readset); + + to.tv_sec = time_before_lost; + to.tv_usec = 0; + + ret = select (master_fd + 1, + &readset, NULL, NULL, &to); + if (ret < 0) { + if (errno == EINTR) + continue; + else + krb5_err (context, 1, errno, "select"); + } + if (ret == 0) + krb5_errx (context, 1, "server didn't send a message " + "in %d seconds", time_before_lost); ret = krb5_read_priv_message(context, auth_context, &master_fd, &out); @@ -441,9 +538,13 @@ main(int argc, char **argv) receive_everything (context, master_fd, server_context, auth_context); break; + case ARE_YOU_THERE : + send_im_here (context, master_fd, auth_context); + break; case NOW_YOU_HAVE : case I_HAVE : case ONE_PRINC : + case I_AM_HERE : default : krb5_warnx (context, "Ignoring command %d", tmp); break; |