search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:heimdal A real fix for bug 6801
[heimdal.git] / kcm / connect.c
blob9c85d8fce2244abefa6a057250c97d814fbb9495
1 /*
2 * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kcm_locl.h"
35
36 RCSID("$Id$");
37
38 struct descr {
39 int s;
40 int type;
41 char *path;
42 unsigned char *buf;
43 size_t size;
44 size_t len;
45 time_t timeout;
46 struct sockaddr_storage __ss;
47 struct sockaddr *sa;
48 socklen_t sock_len;
49 kcm_client peercred;
50 };
51
52 static void
53 init_descr(struct descr *d)
54 {
55 memset(d, 0, sizeof(*d));
56 d->sa = (struct sockaddr *)&d->__ss;
57 d->s = -1;
58 }
59
60 /*
61 * re-initialize all `n' ->sa in `d'.
62 */
63
64 static void
65 reinit_descrs (struct descr *d, int n)
66 {
67 int i;
68
69 for (i = 0; i < n; ++i)
70 d[i].sa = (struct sockaddr *)&d[i].__ss;
71 }
72
73 /*
74 * Update peer credentials from socket.
75 *
76 * SCM_CREDS can only be updated the first time there is read data to
77 * read from the filedescriptor, so if we read do it before this
78 * point, the cred data might not be is not there yet.
79 */
80
81 static int
82 update_client_creds(int s, kcm_client *peer)
83 {
84 #ifdef GETPEERUCRED
85 /* Solaris 10 */
86 {
87 ucred_t *peercred;
88
89 if (getpeerucred(s, &peercred) != 0) {
90 peer->uid = ucred_geteuid(peercred);
91 peer->gid = ucred_getegid(peercred);
92 peer->pid = 0;
93 ucred_free(peercred);
94 return 0;
95 }
96 }
97 #endif
98 #ifdef GETPEEREID
99 /* FreeBSD, OpenBSD */
100 {
101 uid_t uid;
102 gid_t gid;
103
104 if (getpeereid(s, &uid, &gid) == 0) {
105 peer->uid = uid;
106 peer->gid = gid;
107 peer->pid = 0;
108 return 0;
109 }
110 }
111 #endif
112 #ifdef SO_PEERCRED
113 /* Linux */
114 {
115 struct ucred pc;
116 socklen_t pclen = sizeof(pc);
117
118 if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, (void *)&pc, &pclen) == 0) {
119 peer->uid = pc.uid;
120 peer->gid = pc.gid;
121 peer->pid = pc.pid;
122 return 0;
123 }
124 }
125 #endif
126 #if defined(LOCAL_PEERCRED) && defined(XUCRED_VERSION)
127 {
128 struct xucred peercred;
129 socklen_t peercredlen = sizeof(peercred);
130
131 if (getsockopt(s, LOCAL_PEERCRED, 1,
132 (void *)&peercred, &peercredlen) == 0
133 && peercred.cr_version == XUCRED_VERSION)
134 {
135 peer->uid = peercred.cr_uid;
136 peer->gid = peercred.cr_gid;
137 peer->pid = 0;
138 return 0;
139 }
140 }
141 #endif
142 #if defined(SOCKCREDSIZE) && defined(SCM_CREDS)
143 /* NetBSD */
144 if (peer->uid == -1) {
145 struct msghdr msg;
146 socklen_t crmsgsize;
147 void *crmsg;
148 struct cmsghdr *cmp;
149 struct sockcred *sc;
150
151 memset(&msg, 0, sizeof(msg));
152 crmsgsize = CMSG_SPACE(SOCKCREDSIZE(NGROUPS));
153 if (crmsgsize == 0)
154 return 1 ;
155
156 crmsg = malloc(crmsgsize);
157 if (crmsg == NULL)
158 goto failed_scm_creds;
159
160 memset(crmsg, 0, crmsgsize);
161
162 msg.msg_control = crmsg;
163 msg.msg_controllen = crmsgsize;
164
165 if (recvmsg(s, &msg, 0) < 0) {
166 free(crmsg);
167 goto failed_scm_creds;
168 }
169
170 if (msg.msg_controllen == 0 || (msg.msg_flags & MSG_CTRUNC) != 0) {
171 free(crmsg);
172 goto failed_scm_creds;
173 }
174
175 cmp = CMSG_FIRSTHDR(&msg);
176 if (cmp->cmsg_level != SOL_SOCKET || cmp->cmsg_type != SCM_CREDS) {
177 free(crmsg);
178 goto failed_scm_creds;
179 }
180
181 sc = (struct sockcred *)(void *)CMSG_DATA(cmp);
182
183 peer->uid = sc->sc_euid;
184 peer->gid = sc->sc_egid;
185 peer->pid = 0;
186
187 free(crmsg);
188 return 0;
189 } else {
190 /* we already got the cred, just return it */
191 return 0;
192 }
193 failed_scm_creds:
194 #endif
195 krb5_warn(kcm_context, errno, "failed to determine peer identity");
196 return 1;
197 }
198
199
200 /*
201 * Create the socket (family, type, port) in `d'
202 */
203
204 static void
205 init_socket(struct descr *d)
206 {
207 struct sockaddr_un un;
208 struct sockaddr *sa = (struct sockaddr *)&un;
209 krb5_socklen_t sa_size = sizeof(un);
210
211 init_descr (d);
212
213 un.sun_family = AF_UNIX;
214
215 if (socket_path != NULL)
216 d->path = socket_path;
217 else
218 d->path = _PATH_KCM_SOCKET;
219
220 strlcpy(un.sun_path, d->path, sizeof(un.sun_path));
221
222 d->s = socket(AF_UNIX, SOCK_STREAM, 0);
223 if (d->s < 0){
224 krb5_warn(kcm_context, errno, "socket(%d, %d, 0)", AF_UNIX, SOCK_STREAM);
225 d->s = -1;
226 return;
227 }
228 #if defined(HAVE_SETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_REUSEADDR)
229 {
230 int one = 1;
231 setsockopt(d->s, SOL_SOCKET, SO_REUSEADDR, (void *)&one, sizeof(one));
232 }
233 #endif
234 #ifdef LOCAL_CREDS
235 {
236 int one = 1;
237 setsockopt(d->s, 0, LOCAL_CREDS, (void *)&one, sizeof(one));
238 }
239 #endif
240
241 d->type = SOCK_STREAM;
242
243 unlink(d->path);
244
245 if (bind(d->s, sa, sa_size) < 0) {
246 krb5_warn(kcm_context, errno, "bind %s", un.sun_path);
247 close(d->s);
248 d->s = -1;
249 return;
250 }
251
252 if (listen(d->s, SOMAXCONN) < 0) {
253 krb5_warn(kcm_context, errno, "listen %s", un.sun_path);
254 close(d->s);
255 d->s = -1;
256 return;
257 }
258
259 chmod(d->path, 0777);
260
261 return;
262 }
263
264 /*
265 * Allocate descriptors for all the sockets that we should listen on
266 * and return the number of them.
267 */
268
269 static int
270 init_sockets(struct descr **desc)
271 {
272 struct descr *d;
273 size_t num = 0;
274
275 d = (struct descr *)malloc(sizeof(*d));
276 if (d == NULL) {
277 krb5_errx(kcm_context, 1, "malloc failed");
278 }
279
280 init_socket(d);
281 if (d->s != -1) {
282 kcm_log(5, "listening on domain socket %s", d->path);
283 num++;
284 }
285
286 reinit_descrs (d, num);
287 *desc = d;
288
289 return num;
290 }
291
292 /*
293 * handle the request in `buf, len', from `addr' (or `from' as a string),
294 * sending a reply in `reply'.
295 */
296
297 static int
298 process_request(unsigned char *buf,
299 size_t len,
300 krb5_data *reply,
301 kcm_client *client)
302 {
303 krb5_data request;
304
305 if (len < 4) {
306 kcm_log(1, "malformed request from process %d (too short)",
307 client->pid);
308 return -1;
309 }
310
311 if (buf[0] != KCM_PROTOCOL_VERSION_MAJOR ||
312 buf[1] != KCM_PROTOCOL_VERSION_MINOR) {
313 kcm_log(1, "incorrect protocol version %d.%d from process %d",
314 buf[0], buf[1], client->pid);
315 return -1;
316 }
317
318 buf += 2;
319 len -= 2;
320
321 /* buf is now pointing at opcode */
322
323 request.data = buf;
324 request.length = len;
325
326 return kcm_dispatch(kcm_context, client, &request, reply);
327 }
328
329 /*
330 * Handle the request in `buf, len' to socket `d'
331 */
332
333 static void
334 do_request(void *buf, size_t len, struct descr *d)
335 {
336 krb5_error_code ret;
337 krb5_data reply;
338
339 reply.length = 0;
340
341 ret = process_request(buf, len, &reply, &d->peercred);
342 if (reply.length != 0) {
343 unsigned char len[4];
344 struct msghdr msghdr;
345 struct iovec iov[2];
346
347 kcm_log(5, "sending %lu bytes to process %d",
348 (unsigned long)reply.length,
349 (int)d->peercred.pid);
350
351 memset (&msghdr, 0, sizeof(msghdr));
352 msghdr.msg_name = NULL;
353 msghdr.msg_namelen = 0;
354 msghdr.msg_iov = iov;
355 msghdr.msg_iovlen = sizeof(iov)/sizeof(*iov);
356 #if 0
357 msghdr.msg_control = NULL;
358 msghdr.msg_controllen = 0;
359 #endif
360
361 len[0] = (reply.length >> 24) & 0xff;
362 len[1] = (reply.length >> 16) & 0xff;
363 len[2] = (reply.length >> 8) & 0xff;
364 len[3] = reply.length & 0xff;
365
366 iov[0].iov_base = (void*)len;
367 iov[0].iov_len = 4;
368 iov[1].iov_base = reply.data;
369 iov[1].iov_len = reply.length;
370
371 if (sendmsg (d->s, &msghdr, 0) < 0) {
372 kcm_log (0, "sendmsg(%d): %d %s", (int)d->peercred.pid,
373 errno, strerror(errno));
374 krb5_data_free(&reply);
375 return;
376 }
377
378 krb5_data_free(&reply);
379 }
380
381 if (ret) {
382 kcm_log(0, "Failed processing %lu byte request from process %d",
383 (unsigned long)len, d->peercred.pid);
384 }
385 }
386
387 static void
388 clear_descr(struct descr *d)
389 {
390 if(d->buf)
391 memset(d->buf, 0, d->size);
392 d->len = 0;
393 if(d->s != -1)
394 close(d->s);
395 d->s = -1;
396 }
397
398 #define STREAM_TIMEOUT 4
399
400 /*
401 * accept a new stream connection on `d[parent]' and store it in `d[child]'
402 */
403
404 static void
405 add_new_stream (struct descr *d, int parent, int child)
406 {
407 int s;
408
409 if (child == -1)
410 return;
411
412 d[child].peercred.pid = -1;
413 d[child].peercred.uid = -1;
414 d[child].peercred.gid = -1;
415
416 d[child].sock_len = sizeof(d[child].__ss);
417 s = accept(d[parent].s, d[child].sa, &d[child].sock_len);
418 if(s < 0) {
419 krb5_warn(kcm_context, errno, "accept");
420 return;
421 }
422
423 if (s >= FD_SETSIZE) {
424 krb5_warnx(kcm_context, "socket FD too large");
425 close (s);
426 return;
427 }
428
429 d[child].s = s;
430 d[child].timeout = time(NULL) + STREAM_TIMEOUT;
431 d[child].type = SOCK_STREAM;
432 }
433
434 /*
435 * Grow `d' to handle at least `n'.
436 * Return != 0 if fails
437 */
438
439 static int
440 grow_descr (struct descr *d, size_t n)
441 {
442 if (d->size - d->len < n) {
443 unsigned char *tmp;
444 size_t grow;
445
446 grow = max(1024, d->len + n);
447 if (d->size + grow > max_request) {
448 kcm_log(0, "Request exceeds max request size (%lu bytes).",
449 (unsigned long)d->size + grow);
450 clear_descr(d);
451 return -1;
452 }
453 tmp = realloc (d->buf, d->size + grow);
454 if (tmp == NULL) {
455 kcm_log(0, "Failed to re-allocate %lu bytes.",
456 (unsigned long)d->size + grow);
457 clear_descr(d);
458 return -1;
459 }
460 d->size += grow;
461 d->buf = tmp;
462 }
463 return 0;
464 }
465
466 /*
467 * Handle incoming data to the stream socket in `d[index]'
468 */
469
470 static void
471 handle_stream(struct descr *d, int index, int min_free)
472 {
473 unsigned char buf[1024];
474 int n;
475 int ret = 0;
476
477 if (d[index].timeout == 0) {
478 add_new_stream (d, index, min_free);
479 return;
480 }
481
482 if (update_client_creds(d[index].s, &d[index].peercred)) {
483 krb5_warnx(kcm_context, "failed to update peer identity");
484 clear_descr(d + index);
485 return;
486 }
487
488 if (d[index].peercred.uid == -1) {
489 krb5_warnx(kcm_context, "failed to determine peer identity");
490 clear_descr (d + index);
491 return;
492 }
493
494 n = recvfrom(d[index].s, buf, sizeof(buf), 0, NULL, NULL);
495 if (n < 0) {
496 krb5_warn(kcm_context, errno, "recvfrom");
497 return;
498 } else if (n == 0) {
499 krb5_warnx(kcm_context, "connection closed before end of data "
500 "after %lu bytes from process %ld",
501 (unsigned long) d[index].len, (long) d[index].peercred.pid);
502 clear_descr (d + index);
503 return;
504 }
505 if (grow_descr (&d[index], n))
506 return;
507 memcpy(d[index].buf + d[index].len, buf, n);
508 d[index].len += n;
509 if (d[index].len > 4) {
510 krb5_storage *sp;
511 int32_t len;
512
513 sp = krb5_storage_from_mem(d[index].buf, d[index].len);
514 if (sp == NULL) {
515 kcm_log (0, "krb5_storage_from_mem failed");
516 ret = -1;
517 } else {
518 krb5_ret_int32(sp, &len);
519 krb5_storage_free(sp);
520 if (d[index].len - 4 >= len) {
521 memmove(d[index].buf, d[index].buf + 4, d[index].len - 4);
522 ret = 1;
523 } else
524 ret = 0;
525 }
526 }
527 if (ret < 0)
528 return;
529 else if (ret == 1) {
530 do_request(d[index].buf, d[index].len, &d[index]);
531 clear_descr(d + index);
532 }
533 }
534
535 #ifdef HAVE_DOOR_CREATE
536
537 static void
538 kcm_door_server(void *cookie, char *argp, size_t arg_size,
539 door_desc_t *dp, uint_t n_desc)
540 {
541 kcm_client peercred;
542 door_cred_t cred;
543 krb5_error_code ret;
544 krb5_data reply;
545 size_t length;
546 char *p;
547
548 reply.length = 0;
549
550 p = NULL;
551 length = 0;
552
553 if (door_cred(&cred) != 0) {
554 kcm_log(0, "door_cred failed with %s", strerror(errno));
555 goto out;
556 }
557
558 peercred.uid = cred.dc_euid;
559 peercred.gid = cred.dc_egid;
560 peercred.pid = cred.dc_pid;
561
562 ret = process_request((unsigned char*)argp, arg_size, &reply, &peercred);
563 if (reply.length != 0) {
564 p = alloca(reply.length); /* XXX don't use alloca */
565 if (p) {
566 memcpy(p, reply.data, reply.length);
567 length = reply.length;
568 }
569 krb5_data_free(&reply);
570 }
571
572 out:
573 door_return(p, length, NULL, 0);
574 }
575
576 static void
577 kcm_setup_door(void)
578 {
579 int fd, ret;
580 char *path;
581
582 fd = door_create(kcm_door_server, NULL, 0);
583 if (fd < 0)
584 krb5_err(kcm_context, 1, errno, "Failed to create door");
585
586 if (door_path != NULL)
587 path = door_path;
588 else
589 path = _PATH_KCM_DOOR;
590
591 unlink(path);
592 ret = open(path, O_RDWR | O_CREAT, 0666);
593 if (ret < 0)
594 krb5_err(kcm_context, 1, errno, "Failed to create/open door");
595 close(ret);
596
597 ret = fattach(fd, path);
598 if (ret < 0)
599 krb5_err(kcm_context, 1, errno, "Failed to attach door");
600
601 }
602 #endif /* HAVE_DOOR_CREATE */
603
604
605 void
606 kcm_loop(void)
607 {
608 struct descr *d;
609 unsigned int ndescr;
610
611 #ifdef HAVE_DOOR_CREATE
612 kcm_setup_door();
613 #endif
614
615 ndescr = init_sockets(&d);
616 if (ndescr <= 0) {
617 krb5_warnx(kcm_context, "No sockets!");
618 #ifndef HAVE_DOOR_CREATE
619 exit(1);
620 #endif
621 }
622 while (exit_flag == 0){
623 struct timeval tmout;
624 fd_set fds;
625 int min_free = -1;
626 int max_fd = 0;
627 int i;
628
629 FD_ZERO(&fds);
630 for(i = 0; i < ndescr; i++) {
631 if (d[i].s >= 0){
632 if(d[i].type == SOCK_STREAM &&
633 d[i].timeout && d[i].timeout < time(NULL)) {
634 kcm_log(1, "Stream connection from %d expired after %lu bytes",
635 d[i].peercred.pid, (unsigned long)d[i].len);
636 clear_descr(&d[i]);
637 continue;
638 }
639 if (max_fd < d[i].s)
640 max_fd = d[i].s;
641 if (max_fd >= FD_SETSIZE)
642 krb5_errx(kcm_context, 1, "fd too large");
643 FD_SET(d[i].s, &fds);
644 } else if (min_free < 0 || i < min_free)
645 min_free = i;
646 }
647 if (min_free == -1) {
648 struct descr *tmp;
649 tmp = realloc(d, (ndescr + 4) * sizeof(*d));
650 if(tmp == NULL)
651 krb5_warnx(kcm_context, "No memory");
652 else {
653 d = tmp;
654 reinit_descrs (d, ndescr);
655 memset(d + ndescr, 0, 4 * sizeof(*d));
656 for(i = ndescr; i < ndescr + 4; i++)
657 init_descr (&d[i]);
658 min_free = ndescr;
659 ndescr += 4;
660 }
661 }
662
663 tmout.tv_sec = STREAM_TIMEOUT;
664 tmout.tv_usec = 0;
665 switch (select(max_fd + 1, &fds, 0, 0, &tmout)){
666 case 0:
667 kcm_run_events(kcm_context, time(NULL));
668 break;
669 case -1:
670 if (errno != EINTR)
671 krb5_warn(kcm_context, errno, "select");
672 break;
673 default:
674 for(i = 0; i < ndescr; i++) {
675 if(d[i].s >= 0 && FD_ISSET(d[i].s, &fds)) {
676 if (d[i].type == SOCK_STREAM)
677 handle_stream(d, i, min_free);
678 }
679 }
680 kcm_run_events(kcm_context, time(NULL));
681 break;
682 }
683 }
684 if (d->path != NULL)
685 unlink(d->path);
686 free(d);
687 }
688
Heimdal