kadmin/kadm_conn.c

   1 /*
   2  * Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #include "kadmin_locl.h"
  35 #ifdef HAVE_SYS_WAIT_H
  36 #include <sys/wait.h>
  37 #endif
  38
  39 struct kadm_port {
  40     char *port;
  41     unsigned short def_port;
  42     struct kadm_port *next;
  43 } *kadm_ports;
  44
  45 static void
  46 add_kadm_port(krb5_context context, const char *service, unsigned int port)
  47 {
  48     struct kadm_port *p;
  49     p = malloc(sizeof(*p));
  50     if(p == NULL) {
  51         krb5_warnx(context, "failed to allocate %lu bytes\n",
  52                    (unsigned long)sizeof(*p));
  53         return;
  54     }
  55
  56     p->port = strdup(service);
  57     p->def_port = port;
  58
  59     p->next = kadm_ports;
  60     kadm_ports = p;
  61 }
  62
  63 static void
  64 add_standard_ports (krb5_context context)
  65 {
  66     add_kadm_port(context, "kerberos-adm", 749);
  67 }
  68
  69 /*
  70  * parse the set of space-delimited ports in `str' and add them.
  71  * "+" => all the standard ones
  72  * otherwise it's port|service[/protocol]
  73  */
  74
  75 void
  76 parse_ports(krb5_context context, const char *str)
  77 {
  78     char p[128];
  79
  80     while(strsep_copy(&str, " \t", p, sizeof(p)) != -1) {
  81         if(strcmp(p, "+") == 0)
  82             add_standard_ports(context);
  83         else
  84             add_kadm_port(context, p, 0);
  85     }
  86 }
  87
  88 static pid_t pgrp;
  89 sig_atomic_t term_flag, doing_useful_work;
  90
  91 static RETSIGTYPE
  92 sigchld(int sig)
  93 {
  94     int status;
  95     /*
  96      * waitpid() is async safe. will return -1 or 0 on no more zombie
  97      * children
  98      */
  99     while ((waitpid(-1, &status, WNOHANG)) > 0)
 100         ;
 101     SIGRETURN(0);
 102 }
 103
 104 static RETSIGTYPE
 105 terminate(int sig)
 106 {
 107     if(getpid() == pgrp) {
 108         /* parent */
 109         term_flag = 1;
 110         signal(sig, SIG_IGN);
 111         killpg(pgrp, sig);
 112     } else {
 113         /* child */
 114         if(doing_useful_work)
 115             term_flag = 1;
 116         else
 117             exit(0);
 118     }
 119     SIGRETURN(0);
 120 }
 121
 122 static int
 123 spawn_child(krb5_context context, int *socks,
 124             unsigned int num_socks, int this_sock)
 125 {
 126     int e, i;
 127     struct sockaddr_storage __ss;
 128     struct sockaddr *sa = (struct sockaddr *)&__ss;
 129     socklen_t sa_size = sizeof(__ss);
 130     krb5_socket_t s;
 131     pid_t pid;
 132     krb5_address addr;
 133     char buf[128];
 134     size_t buf_len;
 135
 136     s = accept(socks[this_sock], sa, &sa_size);
 137     if(rk_IS_BAD_SOCKET(s)) {
 138         krb5_warn(context, rk_SOCK_ERRNO, "accept");
 139         return 1;
 140     }
 141     e = krb5_sockaddr2address(context, sa, &addr);
 142     if(e)
 143         krb5_warn(context, e, "krb5_sockaddr2address");
 144     else {
 145         e = krb5_print_address (&addr, buf, sizeof(buf),
 146                                 &buf_len);
 147         if(e)
 148             krb5_warn(context, e, "krb5_print_address");
 149         else
 150             krb5_warnx(context, "connection from %s", buf);
 151         krb5_free_address(context, &addr);
 152     }
 153
 154     pid = fork();
 155     if(pid == 0) {
 156         for(i = 0; i < num_socks; i++)
 157             rk_closesocket(socks[i]);
 158         dup2(s, STDIN_FILENO);
 159         dup2(s, STDOUT_FILENO);
 160         if(s != STDIN_FILENO && s != STDOUT_FILENO)
 161             rk_closesocket(s);
 162         return 0;
 163     } else {
 164         rk_closesocket(s);
 165     }
 166     return 1;
 167 }
 168
 169 static void
 170 wait_for_connection(krb5_context context,
 171                     krb5_socket_t *socks, unsigned int num_socks)
 172 {
 173     unsigned int i;
 174     int e;
 175     fd_set orig_read_set, read_set;
 176     int status, max_fd = -1;
 177
 178     FD_ZERO(&orig_read_set);
 179
 180     for(i = 0; i < num_socks; i++) {
 181 #ifdef FD_SETSIZE
 182         if (socks[i] >= FD_SETSIZE)
 183             errx (1, "fd too large");
 184 #endif
 185         FD_SET(socks[i], &orig_read_set);
 186         max_fd = max(max_fd, socks[i]);
 187     }
 188
 189     pgrp = getpid();
 190
 191     if(setpgid(0, pgrp) < 0)
 192         err(1, "setpgid");
 193
 194     signal(SIGTERM, terminate);
 195     signal(SIGINT, terminate);
 196     signal(SIGCHLD, sigchld);
 197
 198     while (term_flag == 0) {
 199         read_set = orig_read_set;
 200         e = select(max_fd + 1, &read_set, NULL, NULL, NULL);
 201         if(rk_IS_SOCKET_ERROR(e)) {
 202             if(rk_SOCK_ERRNO != EINTR)
 203                 krb5_warn(context, rk_SOCK_ERRNO, "select");
 204         } else if(e == 0)
 205             krb5_warnx(context, "select returned 0");
 206         else {
 207             for(i = 0; i < num_socks; i++) {
 208                 if(FD_ISSET(socks[i], &read_set))
 209                     if(spawn_child(context, socks, num_socks, i) == 0)
 210                         return;
 211             }
 212         }
 213     }
 214     signal(SIGCHLD, SIG_IGN);
 215
 216     while ((waitpid(-1, &status, WNOHANG)) > 0)
 217         ;
 218
 219     exit(0);
 220 }
 221
 222
 223 void
 224 start_server(krb5_context context, const char *port_str)
 225 {
 226     int e;
 227     struct kadm_port *p;
 228
 229     krb5_socket_t *socks = NULL, *tmp;
 230     unsigned int num_socks = 0;
 231     int i;
 232
 233     if (port_str == NULL)
 234         port_str = "+";
 235
 236     parse_ports(context, port_str);
 237
 238     for(p = kadm_ports; p; p = p->next) {
 239         struct addrinfo hints, *ai, *ap;
 240         char portstr[32];
 241         memset (&hints, 0, sizeof(hints));
 242         hints.ai_flags    = AI_PASSIVE;
 243         hints.ai_socktype = SOCK_STREAM;
 244
 245         e = getaddrinfo(NULL, p->port, &hints, &ai);
 246         if(e) {
 247             snprintf(portstr, sizeof(portstr), "%u", p->def_port);
 248             e = getaddrinfo(NULL, portstr, &hints, &ai);
 249         }
 250
 251         if(e) {
 252             krb5_warn(context, krb5_eai_to_heim_errno(e, errno),
 253                       "%s", portstr);
 254             continue;
 255         }
 256         i = 0;
 257         for(ap = ai; ap; ap = ap->ai_next)
 258             i++;
 259         tmp = realloc(socks, (num_socks + i) * sizeof(*socks));
 260         if(tmp == NULL) {
 261             krb5_warnx(context, "failed to reallocate %lu bytes",
 262                        (unsigned long)(num_socks + i) * sizeof(*socks));
 263             continue;
 264         }
 265         socks = tmp;
 266         for(ap = ai; ap; ap = ap->ai_next) {
 267             krb5_socket_t s = socket(ap->ai_family, ap->ai_socktype, ap->ai_protocol);
 268             if(rk_IS_BAD_SOCKET(s)) {
 269                 krb5_warn(context, rk_SOCK_ERRNO, "socket");
 270                 continue;
 271             }
 272
 273             socket_set_reuseaddr(s, 1);
 274             socket_set_ipv6only(s, 1);
 275
 276             if (rk_IS_SOCKET_ERROR(bind (s, ap->ai_addr, ap->ai_addrlen))) {
 277                 krb5_warn(context, rk_SOCK_ERRNO, "bind");
 278                 rk_closesocket(s);
 279                 continue;
 280             }
 281             if (rk_IS_SOCKET_ERROR(listen (s, SOMAXCONN))) {
 282                 krb5_warn(context, rk_SOCK_ERRNO, "listen");
 283                 rk_closesocket(s);
 284                 continue;
 285             }
 286             socks[num_socks++] = s;
 287         }
 288         freeaddrinfo (ai);
 289     }
 290     if(num_socks == 0)
 291         krb5_errx(context, 1, "no sockets to listen to - exiting");
 292
 293     wait_for_connection(context, socks, num_socks);
 294 }