summaryrefslogtreecommitdiffstats
path: root/kerberosV/src/lib/kadm5/ipropd_slave.c
diff options
context:
space:
mode:
Diffstat (limited to 'kerberosV/src/lib/kadm5/ipropd_slave.c')
-rw-r--r--kerberosV/src/lib/kadm5/ipropd_slave.c177
1 files changed, 139 insertions, 38 deletions
diff --git a/kerberosV/src/lib/kadm5/ipropd_slave.c b/kerberosV/src/lib/kadm5/ipropd_slave.c
index f1c0c9f8031..9759c5ae9a1 100644
--- a/kerberosV/src/lib/kadm5/ipropd_slave.c
+++ b/kerberosV/src/lib/kadm5/ipropd_slave.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -34,12 +34,15 @@
#include "iprop.h"
#include <util.h>
-RCSID("$KTH: ipropd_slave.c,v 1.27.2.1 2003/08/15 16:45:15 lha Exp $");
+RCSID("$KTH: ipropd_slave.c,v 1.39 2005/05/23 17:39:35 lha Exp $");
static krb5_log_facility *log_facility;
+static char *server_time_lost = "5 min";
+static int time_before_lost;
static int
-connect_to_master (krb5_context context, const char *master)
+connect_to_master (krb5_context context, const char *master,
+ const char *port_str)
{
int fd;
struct sockaddr_in addr;
@@ -50,8 +53,23 @@ connect_to_master (krb5_context context, const char *master)
krb5_err (context, 1, errno, "socket AF_INET");
memset (&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
- addr.sin_port = krb5_getportbyname (context,
- IPROP_SERVICE, "tcp", IPROP_PORT);
+ if (port_str) {
+ addr.sin_port = krb5_getportbyname (context,
+ port_str, "tcp",
+ 0);
+ if (addr.sin_port == 0) {
+ char *ptr;
+ long port;
+
+ port = strtol (port_str, &ptr, 10);
+ if (port == 0 && ptr == port_str)
+ krb5_errx (context, 1, "bad port `%s'", port_str);
+ addr.sin_port = htons(port);
+ }
+ } else {
+ addr.sin_port = krb5_getportbyname (context, IPROP_SERVICE,
+ "tcp", IPROP_PORT);
+ }
he = roken_gethostbyname (master);
if (he == NULL)
krb5_errx (context, 1, "gethostbyname: %s", hstrerror(h_errno));
@@ -68,7 +86,7 @@ get_creds(krb5_context context, const char *keytab_str,
krb5_keytab keytab;
krb5_principal client;
krb5_error_code ret;
- krb5_get_init_creds_opt init_opts;
+ krb5_get_init_creds_opt *init_opts;
krb5_creds creds;
char *server;
char keytab_buf[256];
@@ -88,15 +106,17 @@ get_creds(krb5_context context, const char *keytab_str,
KRB5_NT_SRV_HST, &client);
if (ret) krb5_err(context, 1, ret, "krb5_sname_to_principal");
- krb5_get_init_creds_opt_init(&init_opts);
+ ret = krb5_get_init_creds_opt_alloc(context, &init_opts);
+ if (ret) krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc");
asprintf (&server, "%s/%s", IPROP_NAME, host);
if (server == NULL)
krb5_errx (context, 1, "malloc: no memory");
ret = krb5_get_init_creds_keytab(context, &creds, client, keytab,
- 0, server, &init_opts);
+ 0, server, init_opts);
free (server);
+ krb5_get_init_creds_opt_free(init_opts);
if(ret) krb5_err(context, 1, ret, "krb5_get_init_creds");
ret = krb5_kt_close(context, keytab);
@@ -119,7 +139,7 @@ ihave (krb5_context context, krb5_auth_context auth_context,
int ret;
u_char buf[8];
krb5_storage *sp;
- krb5_data data, priv_data;
+ krb5_data data;
sp = krb5_storage_from_mem (buf, 8);
krb5_store_int32 (sp, I_HAVE);
@@ -128,15 +148,9 @@ ihave (krb5_context context, krb5_auth_context auth_context,
data.length = 8;
data.data = buf;
- ret = krb5_mk_priv (context, auth_context, &data, &priv_data, NULL);
- if (ret)
- krb5_err (context, 1, ret, "krb_mk_priv");
-
- ret = krb5_write_message (context, &fd, &priv_data);
+ ret = krb5_write_priv_message(context, auth_context, &fd, &data);
if (ret)
- krb5_err (context, 1, ret, "krb5_write_message");
-
- krb5_data_free (&priv_data);
+ krb5_err (context, 1, ret, "krb5_write_priv_message");
}
static void
@@ -160,7 +174,7 @@ receive_loop (krb5_context context,
op = tmp;
krb5_ret_int32 (sp, &len);
if (vers <= server_context->log_context.version)
- krb5_storage_seek(sp, len, SEEK_CUR);
+ krb5_storage_seek(sp, len + 8, SEEK_CUR);
} while(vers <= server_context->log_context.version);
left = krb5_storage_seek (sp, -16, SEEK_CUR);
@@ -192,7 +206,7 @@ receive_loop (krb5_context context,
ret = kadm5_log_replay (server_context,
op, vers, len, sp);
if (ret)
- krb5_warn (context, ret, "kadm5_log_replay");
+ krb5_warn (context, ret, "kadm5_log_replay: %d", (int)vers);
else
server_context->log_context.version = vers;
krb5_storage_seek (sp, 8, SEEK_CUR);
@@ -206,20 +220,45 @@ receive (krb5_context context,
{
int ret;
- ret = server_context->db->open(context,
- server_context->db,
- O_RDWR | O_CREAT, 0600);
+ ret = server_context->db->hdb_open(context,
+ server_context->db,
+ O_RDWR | O_CREAT, 0600);
if (ret)
krb5_err (context, 1, ret, "db->open");
receive_loop (context, sp, server_context);
- ret = server_context->db->close (context, server_context->db);
+ ret = server_context->db->hdb_close (context, server_context->db);
if (ret)
krb5_err (context, 1, ret, "db->close");
}
static void
+send_im_here (krb5_context context, int fd,
+ krb5_auth_context auth_context)
+{
+ krb5_storage *sp;
+ krb5_data data;
+ int ret;
+
+ ret = krb5_data_alloc (&data, 4);
+ if (ret)
+ krb5_err (context, 1, ret, "send_im_here");
+
+ sp = krb5_storage_from_data (&data);
+ if (sp == NULL)
+ krb5_errx (context, 1, "krb5_storage_from_data");
+ krb5_store_int32(sp, I_AM_HERE);
+ krb5_storage_free(sp);
+
+ ret = krb5_write_priv_message(context, auth_context, &fd, &data);
+ krb5_data_free(&data);
+
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_write_priv_message");
+}
+
+static void
receive_everything (krb5_context context, int fd,
kadm5_server_context *server_context,
krb5_auth_context auth_context)
@@ -228,12 +267,12 @@ receive_everything (krb5_context context, int fd,
krb5_data data;
int32_t vno;
int32_t opcode;
- unsigned long tmp;
+ krb5_storage *sp;
char *dbname;
HDB *mydb;
- asprintf(&dbname, "%s-NEW", server_context->db->name);
+ asprintf(&dbname, "%s-NEW", server_context->db->hdb_name);
ret = hdb_create(context, &mydb, dbname);
if(ret)
krb5_err(context,1, ret, "hdb_create");
@@ -246,47 +285,53 @@ receive_everything (krb5_context context, int fd,
/* I really want to use O_EXCL here, but given that I can't easily clean
up on error, I won't */
- ret = mydb->open(context, mydb, O_RDWR | O_CREAT | O_TRUNC, 0600);
+ ret = mydb->hdb_open(context, mydb, O_RDWR | O_CREAT | O_TRUNC, 0600);
if (ret)
krb5_err (context, 1, ret, "db->open");
+ sp = NULL;
do {
- krb5_storage *sp;
-
ret = krb5_read_priv_message(context, auth_context, &fd, &data);
if (ret)
krb5_err (context, 1, ret, "krb5_read_priv_message");
sp = krb5_storage_from_data (&data);
+ if (sp == NULL)
+ krb5_errx (context, 1, "krb5_storage_from_data");
krb5_ret_int32 (sp, &opcode);
if (opcode == ONE_PRINC) {
krb5_data fake_data;
hdb_entry entry;
+ krb5_storage_free(sp);
+
fake_data.data = (char *)data.data + 4;
fake_data.length = data.length - 4;
ret = hdb_value2entry (context, &fake_data, &entry);
if (ret)
krb5_err (context, 1, ret, "hdb_value2entry");
- ret = mydb->store(server_context->context,
- mydb,
- 0, &entry);
+ ret = mydb->hdb_store(server_context->context,
+ mydb,
+ 0, &entry);
if (ret)
krb5_err (context, 1, ret, "hdb_store");
hdb_free_entry (context, &entry);
krb5_data_free (&data);
- }
+ } else if (opcode == NOW_YOU_HAVE)
+ ;
+ else
+ krb5_errx (context, 1, "strange opcode %d", opcode);
} while (opcode == ONE_PRINC);
if (opcode != NOW_YOU_HAVE)
krb5_errx (context, 1, "receive_everything: strange %d", opcode);
- _krb5_get_int ((char *)data.data + 4, &tmp, 4);
- vno = tmp;
+ krb5_ret_int32 (sp, &vno);
+ krb5_storage_free(sp);
ret = kadm5_log_reinit (server_context);
if (ret)
@@ -302,28 +347,38 @@ receive_everything (krb5_context context, int fd,
krb5_data_free (&data);
- ret = mydb->rename (context, mydb, server_context->db->name);
+ ret = mydb->hdb_rename (context, mydb, server_context->db->hdb_name);
if (ret)
krb5_err (context, 1, ret, "db->rename");
- ret = mydb->close (context, mydb);
+ ret = mydb->hdb_close (context, mydb);
if (ret)
krb5_err (context, 1, ret, "db->close");
- ret = mydb->destroy (context, mydb);
+ ret = mydb->hdb_destroy (context, mydb);
if (ret)
krb5_err (context, 1, ret, "db->destroy");
}
+static char *config_file;
static char *realm;
static int version_flag;
static int help_flag;
static char *keytab_str;
+static char *port_str;
+static int detach_from_console = 0;
static struct getargs args[] = {
+ { "config-file", 'c', arg_string, &config_file },
{ "realm", 'r', arg_string, &realm },
{ "keytab", 'k', arg_string, &keytab_str,
"keytab to get authentication from", "kspec" },
+ { "time-lost", 0, arg_string, &server_time_lost,
+ "time before server is considered lost", "time" },
+ { "port", 0, arg_string, &port_str,
+ "port ipropd-slave will connect to", "port"},
+ { "detach", 0, arg_flag, &detach_from_console,
+ "detach from console" },
{ "version", 0, arg_flag, &version_flag },
{ "help", 0, arg_flag, &help_flag }
};
@@ -349,6 +404,7 @@ main(int argc, char **argv)
int master_fd;
krb5_ccache ccache;
krb5_principal server;
+ char **files;
int optind;
const char *master;
@@ -362,6 +418,18 @@ main(int argc, char **argv)
exit(0);
}
+ if (config_file == NULL)
+ config_file = HDB_DB_DIR "/kdc.conf";
+
+ ret = krb5_prepend_config_files_default(config_file, &files);
+ if (ret)
+ krb5_err(context, 1, ret, "getting configuration files");
+
+ ret = krb5_set_config_files(context, files);
+ krb5_free_config_files(files);
+ if (ret)
+ krb5_err(context, 1, ret, "reading configuration files");
+
argc -= optind;
argv += optind;
@@ -370,6 +438,8 @@ main(int argc, char **argv)
master = argv[0];
+ if (detach_from_console)
+ daemon(0, 0);
pidfile (NULL);
krb5_openlog (context, "ipropd-slave", &log_facility);
krb5_set_warn_dest(context, log_facility);
@@ -378,6 +448,10 @@ main(int argc, char **argv)
if(ret)
krb5_err(context, 1, ret, "krb5_kt_register");
+ time_before_lost = parse_time (server_time_lost, "s");
+ if (time_before_lost < 0)
+ krb5_errx (context, 1, "couldn't parse time: %s", server_time_lost);
+
memset(&conf, 0, sizeof(conf));
if(realm) {
conf.mask |= KADM5_CONFIG_REALM;
@@ -400,7 +474,7 @@ main(int argc, char **argv)
get_creds(context, keytab_str, &ccache, master);
- master_fd = connect_to_master (context, master);
+ master_fd = connect_to_master (context, master, port_str);
ret = krb5_sname_to_principal (context, master, IPROP_NAME,
KRB5_NT_SRV_HST, &server);
@@ -423,6 +497,29 @@ main(int argc, char **argv)
krb5_data out;
krb5_storage *sp;
int32_t tmp;
+ fd_set readset;
+ struct timeval to;
+
+ if (master_fd >= FD_SETSIZE)
+ krb5_errx (context, 1, "fd too large");
+
+ FD_ZERO(&readset);
+ FD_SET(master_fd, &readset);
+
+ to.tv_sec = time_before_lost;
+ to.tv_usec = 0;
+
+ ret = select (master_fd + 1,
+ &readset, NULL, NULL, &to);
+ if (ret < 0) {
+ if (errno == EINTR)
+ continue;
+ else
+ krb5_err (context, 1, errno, "select");
+ }
+ if (ret == 0)
+ krb5_errx (context, 1, "server didn't send a message "
+ "in %d seconds", time_before_lost);
ret = krb5_read_priv_message(context, auth_context, &master_fd, &out);
@@ -441,9 +538,13 @@ main(int argc, char **argv)
receive_everything (context, master_fd, server_context,
auth_context);
break;
+ case ARE_YOU_THERE :
+ send_im_here (context, master_fd, auth_context);
+ break;
case NOW_YOU_HAVE :
case I_HAVE :
case ONE_PRINC :
+ case I_AM_HERE :
default :
krb5_warnx (context, "Ignoring command %d", tmp);
break;