search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
This commit was manufactured by cvs2svn to create tag
[heimdal.git] / lib / kadm5 / ipropd_slave.c
bloba3ec74782c653e2e1ecf1b2a7a96375f699c947d
1 /*
2 * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "iprop.h"
35
36 RCSID("$Id$");
37
38 static krb5_log_facility *log_facility;
39
40 static int
41 connect_to_master (krb5_context context, const char *master)
42 {
43 int fd;
44 struct sockaddr_in addr;
45 struct hostent *he;
46
47 fd = socket (AF_INET, SOCK_STREAM, 0);
48 if (fd < 0)
49 krb5_err (context, 1, errno, "socket AF_INET");
50 memset (&addr, 0, sizeof(addr));
51 addr.sin_family = AF_INET;
52 addr.sin_port = krb5_getportbyname (context,
53 IPROP_SERVICE, "tcp", IPROP_PORT);
54 he = roken_gethostbyname (master);
55 if (he == NULL)
56 krb5_errx (context, 1, "gethostbyname: %s", hstrerror(h_errno));
57 memcpy (&addr.sin_addr, he->h_addr, sizeof(addr.sin_addr));
58 if(connect(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0)
59 krb5_err (context, 1, errno, "connect");
60 return fd;
61 }
62
63 static void
64 get_creds(krb5_context context, const char *keytab_str,
65 krb5_ccache *cache, const char *host)
66 {
67 krb5_keytab keytab;
68 krb5_principal client;
69 krb5_error_code ret;
70 krb5_get_init_creds_opt init_opts;
71 krb5_creds creds;
72 char *server;
73 char keytab_buf[256];
74
75 if (keytab_str == NULL) {
76 ret = krb5_kt_default_name (context, keytab_buf, sizeof(keytab_buf));
77 if (ret)
78 krb5_err (context, 1, ret, "krb5_kt_default_name");
79 keytab_str = keytab_buf;
80 }
81
82 ret = krb5_kt_resolve(context, keytab_str, &keytab);
83 if(ret)
84 krb5_err(context, 1, ret, "%s", keytab_str);
85
86 ret = krb5_sname_to_principal (context, NULL, IPROP_NAME,
87 KRB5_NT_SRV_HST, &client);
88 if (ret) krb5_err(context, 1, ret, "krb5_sname_to_principal");
89
90 krb5_get_init_creds_opt_init(&init_opts);
91
92 asprintf (&server, "%s/%s", IPROP_NAME, host);
93 if (server == NULL)
94 krb5_errx (context, 1, "malloc: no memory");
95
96 ret = krb5_get_init_creds_keytab(context, &creds, client, keytab,
97 0, server, &init_opts);
98 free (server);
99 if(ret) krb5_err(context, 1, ret, "krb5_get_init_creds");
100
101 ret = krb5_kt_close(context, keytab);
102 if(ret) krb5_err(context, 1, ret, "krb5_kt_close");
103
104 ret = krb5_cc_gen_new(context, &krb5_mcc_ops, cache);
105 if(ret) krb5_err(context, 1, ret, "krb5_cc_gen_new");
106
107 ret = krb5_cc_initialize(context, *cache, client);
108 if(ret) krb5_err(context, 1, ret, "krb5_cc_initialize");
109
110 ret = krb5_cc_store_cred(context, *cache, &creds);
111 if(ret) krb5_err(context, 1, ret, "krb5_cc_store_cred");
112 }
113
114 static void
115 ihave (krb5_context context, krb5_auth_context auth_context,
116 int fd, u_int32_t version)
117 {
118 int ret;
119 u_char buf[8];
120 krb5_storage *sp;
121 krb5_data data, priv_data;
122
123 sp = krb5_storage_from_mem (buf, 8);
124 krb5_store_int32 (sp, I_HAVE);
125 krb5_store_int32 (sp, version);
126 krb5_storage_free (sp);
127 data.length = 8;
128 data.data = buf;
129
130 ret = krb5_mk_priv (context, auth_context, &data, &priv_data, NULL);
131 if (ret)
132 krb5_err (context, 1, ret, "krb_mk_priv");
133
134 ret = krb5_write_message (context, &fd, &priv_data);
135 if (ret)
136 krb5_err (context, 1, ret, "krb5_write_message");
137
138 krb5_data_free (&priv_data);
139 }
140
141 static void
142 receive_loop (krb5_context context,
143 krb5_storage *sp,
144 kadm5_server_context *server_context)
145 {
146 int ret;
147 off_t left, right;
148 void *buf;
149 int32_t vers;
150
151 do {
152 int32_t len, timestamp, tmp;
153 enum kadm_ops op;
154
155 if(krb5_ret_int32 (sp, &vers) != 0)
156 return;
157 krb5_ret_int32 (sp, &timestamp);
158 krb5_ret_int32 (sp, &tmp);
159 op = tmp;
160 krb5_ret_int32 (sp, &len);
161 if (vers <= server_context->log_context.version)
162 krb5_storage_seek(sp, len, SEEK_CUR);
163 } while(vers <= server_context->log_context.version);
164
165 left = krb5_storage_seek (sp, -16, SEEK_CUR);
166 right = krb5_storage_seek (sp, 0, SEEK_END);
167 buf = malloc (right - left);
168 if (buf == NULL && (right - left) != 0) {
169 krb5_warnx (context, "malloc: no memory");
170 return;
171 }
172 krb5_storage_seek (sp, left, SEEK_SET);
173 krb5_storage_read (sp, buf, right - left);
174 write (server_context->log_context.log_fd, buf, right-left);
175 fsync (server_context->log_context.log_fd);
176 free (buf);
177
178 krb5_storage_seek (sp, left, SEEK_SET);
179
180 for(;;) {
181 int32_t len, timestamp, tmp;
182 enum kadm_ops op;
183
184 if(krb5_ret_int32 (sp, &vers) != 0)
185 break;
186 krb5_ret_int32 (sp, &timestamp);
187 krb5_ret_int32 (sp, &tmp);
188 op = tmp;
189 krb5_ret_int32 (sp, &len);
190
191 ret = kadm5_log_replay (server_context,
192 op, vers, len, sp);
193 if (ret)
194 krb5_warn (context, ret, "kadm5_log_replay");
195 else
196 server_context->log_context.version = vers;
197 krb5_storage_seek (sp, 8, SEEK_CUR);
198 }
199 }
200
201 static void
202 receive (krb5_context context,
203 krb5_storage *sp,
204 kadm5_server_context *server_context)
205 {
206 int ret;
207
208 ret = server_context->db->open(context,
209 server_context->db,
210 O_RDWR | O_CREAT, 0600);
211 if (ret)
212 krb5_err (context, 1, ret, "db->open");
213
214 receive_loop (context, sp, server_context);
215
216 ret = server_context->db->close (context, server_context->db);
217 if (ret)
218 krb5_err (context, 1, ret, "db->close");
219 }
220
221 static void
222 receive_everything (krb5_context context, int fd,
223 kadm5_server_context *server_context,
224 krb5_auth_context auth_context)
225 {
226 int ret;
227 krb5_data data;
228 int32_t vno;
229 int32_t opcode;
230 unsigned long tmp;
231
232 char *dbname;
233 HDB *mydb;
234
235 asprintf(&dbname, "%s-NEW", server_context->db->name);
236 ret = hdb_create(context, &mydb, dbname);
237 if(ret)
238 krb5_err(context,1, ret, "hdb_create");
239 free(dbname);
240
241 ret = hdb_set_master_keyfile (context,
242 mydb, server_context->config.stash_file);
243 if(ret)
244 krb5_err(context,1, ret, "hdb_set_master_keyfile");
245
246 /* I really want to use O_EXCL here, but given that I can't easily clean
247 up on error, I won't */
248 ret = mydb->open(context, mydb, O_RDWR | O_CREAT | O_TRUNC, 0600);
249
250 if (ret)
251 krb5_err (context, 1, ret, "db->open");
252
253 do {
254 krb5_storage *sp;
255
256 ret = krb5_read_priv_message(context, auth_context, &fd, &data);
257
258 if (ret)
259 krb5_err (context, 1, ret, "krb5_read_priv_message");
260
261 sp = krb5_storage_from_data (&data);
262 krb5_ret_int32 (sp, &opcode);
263 if (opcode == ONE_PRINC) {
264 krb5_data fake_data;
265 hdb_entry entry;
266
267 fake_data.data = (char *)data.data + 4;
268 fake_data.length = data.length - 4;
269
270 ret = hdb_value2entry (context, &fake_data, &entry);
271 if (ret)
272 krb5_err (context, 1, ret, "hdb_value2entry");
273 ret = mydb->store(server_context->context,
274 mydb,
275 0, &entry);
276 if (ret)
277 krb5_err (context, 1, ret, "hdb_store");
278
279 hdb_free_entry (context, &entry);
280 krb5_data_free (&data);
281 }
282 } while (opcode == ONE_PRINC);
283
284 if (opcode != NOW_YOU_HAVE)
285 krb5_errx (context, 1, "receive_everything: strange %d", opcode);
286
287 _krb5_get_int ((char *)data.data + 4, &tmp, 4);
288 vno = tmp;
289
290 ret = kadm5_log_reinit (server_context);
291 if (ret)
292 krb5_err(context, 1, ret, "kadm5_log_reinit");
293
294 ret = kadm5_log_set_version (server_context, vno - 1);
295 if (ret)
296 krb5_err (context, 1, ret, "kadm5_log_set_version");
297
298 ret = kadm5_log_nop (server_context);
299 if (ret)
300 krb5_err (context, 1, ret, "kadm5_log_nop");
301
302 krb5_data_free (&data);
303
304 ret = mydb->close (context, mydb);
305 if (ret)
306 krb5_err (context, 1, ret, "db->close");
307 ret = mydb->rename (context, mydb, server_context->db->name);
308 if (ret)
309 krb5_err (context, 1, ret, "db->rename");
310 ret = mydb->destroy (context, mydb);
311 if (ret)
312 krb5_err (context, 1, ret, "db->destroy");
313 }
314
315 static char *realm;
316 static int version_flag;
317 static int help_flag;
318 static char *keytab_str;
319
320 static struct getargs args[] = {
321 { "realm", 'r', arg_string, &realm },
322 { "keytab", 'k', arg_string, &keytab_str,
323 "keytab to get authentication from", "kspec" },
324 { "version", 0, arg_flag, &version_flag },
325 { "help", 0, arg_flag, &help_flag }
326 };
327
328 static int num_args = sizeof(args) / sizeof(args[0]);
329
330 static void
331 usage (int code, struct getargs *args, int num_args)
332 {
333 arg_printusage (args, num_args, NULL, "master");
334 exit (code);
335 }
336
337 int
338 main(int argc, char **argv)
339 {
340 krb5_error_code ret;
341 krb5_context context;
342 krb5_auth_context auth_context;
343 void *kadm_handle;
344 kadm5_server_context *server_context;
345 kadm5_config_params conf;
346 int master_fd;
347 krb5_ccache ccache;
348 krb5_principal server;
349
350 int optind;
351 const char *master;
352
353 optind = krb5_program_setup(&context, argc, argv, args, num_args, usage);
354
355 if(help_flag)
356 usage (0, args, num_args);
357 if(version_flag) {
358 print_version(NULL);
359 exit(0);
360 }
361
362 argc -= optind;
363 argv += optind;
364
365 if (argc != 1)
366 usage (1, args, num_args);
367
368 master = argv[0];
369
370 pidfile (NULL);
371 krb5_openlog (context, "ipropd-slave", &log_facility);
372 krb5_set_warn_dest(context, log_facility);
373
374 ret = krb5_kt_register(context, &hdb_kt_ops);
375 if(ret)
376 krb5_err(context, 1, ret, "krb5_kt_register");
377
378 memset(&conf, 0, sizeof(conf));
379 if(realm) {
380 conf.mask |= KADM5_CONFIG_REALM;
381 conf.realm = realm;
382 }
383 ret = kadm5_init_with_password_ctx (context,
384 KADM5_ADMIN_SERVICE,
385 NULL,
386 KADM5_ADMIN_SERVICE,
387 &conf, 0, 0,
388 &kadm_handle);
389 if (ret)
390 krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
391
392 server_context = (kadm5_server_context *)kadm_handle;
393
394 ret = kadm5_log_init (server_context);
395 if (ret)
396 krb5_err (context, 1, ret, "kadm5_log_init");
397
398 get_creds(context, keytab_str, &ccache, master);
399
400 master_fd = connect_to_master (context, master);
401
402 ret = krb5_sname_to_principal (context, master, IPROP_NAME,
403 KRB5_NT_SRV_HST, &server);
404 if (ret)
405 krb5_err (context, 1, ret, "krb5_sname_to_principal");
406
407 auth_context = NULL;
408 ret = krb5_sendauth (context, &auth_context, &master_fd,
409 IPROP_VERSION, NULL, server,
410 AP_OPTS_MUTUAL_REQUIRED, NULL, NULL,
411 ccache, NULL, NULL, NULL);
412 if (ret)
413 krb5_err (context, 1, ret, "krb5_sendauth");
414
415 ihave (context, auth_context, master_fd,
416 server_context->log_context.version);
417
418 for (;;) {
419 int ret;
420 krb5_data out;
421 krb5_storage *sp;
422 int32_t tmp;
423
424 ret = krb5_read_priv_message(context, auth_context, &master_fd, &out);
425
426 if (ret)
427 krb5_err (context, 1, ret, "krb5_read_priv_message");
428
429 sp = krb5_storage_from_mem (out.data, out.length);
430 krb5_ret_int32 (sp, &tmp);
431 switch (tmp) {
432 case FOR_YOU :
433 receive (context, sp, server_context);
434 ihave (context, auth_context, master_fd,
435 server_context->log_context.version);
436 break;
437 case TELL_YOU_EVERYTHING :
438 receive_everything (context, master_fd, server_context,
439 auth_context);
440 break;
441 case NOW_YOU_HAVE :
442 case I_HAVE :
443 case ONE_PRINC :
444 default :
445 krb5_warnx (context, "Ignoring command %d", tmp);
446 break;
447 }
448 krb5_storage_free (sp);
449 krb5_data_free (&out);
450 }
451
452 return 0;
453 }
Heimdal