heimdal: added verbose logging of hemimdal crypto errors
[heimdal.git] / kadmin / kadm_conn.c
blob2d45a1aa596380137b1369fa90d8db51b53a4cda
1 /*
2 * Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
34 #include "kadmin_locl.h"
35 #ifdef HAVE_SYS_WAIT_H
36 #include <sys/wait.h>
37 #endif
39 struct kadm_port {
40 char *port;
41 unsigned short def_port;
42 struct kadm_port *next;
43 } *kadm_ports;
45 static void
46 add_kadm_port(krb5_context context, const char *service, unsigned int port)
48 struct kadm_port *p;
49 p = malloc(sizeof(*p));
50 if(p == NULL) {
51 krb5_warnx(context, "failed to allocate %lu bytes\n",
52 (unsigned long)sizeof(*p));
53 return;
56 p->port = strdup(service);
57 p->def_port = port;
59 p->next = kadm_ports;
60 kadm_ports = p;
63 static void
64 add_standard_ports (krb5_context context)
66 add_kadm_port(context, "kerberos-adm", 749);
70 * parse the set of space-delimited ports in `str' and add them.
71 * "+" => all the standard ones
72 * otherwise it's port|service[/protocol]
75 void
76 parse_ports(krb5_context context, const char *str)
78 char p[128];
80 while(strsep_copy(&str, " \t", p, sizeof(p)) != -1) {
81 if(strcmp(p, "+") == 0)
82 add_standard_ports(context);
83 else
84 add_kadm_port(context, p, 0);
88 static pid_t pgrp;
89 sig_atomic_t term_flag, doing_useful_work;
91 static RETSIGTYPE
92 sigchld(int sig)
94 int status;
95 waitpid(-1, &status, 0);
96 SIGRETURN(0);
99 static RETSIGTYPE
100 terminate(int sig)
102 if(getpid() == pgrp) {
103 /* parent */
104 term_flag = 1;
105 signal(sig, SIG_IGN);
106 killpg(pgrp, sig);
107 } else {
108 /* child */
109 if(doing_useful_work)
110 term_flag = 1;
111 else
112 exit(0);
114 SIGRETURN(0);
117 static int
118 spawn_child(krb5_context context, int *socks,
119 unsigned int num_socks, int this_sock)
121 int e, i;
122 struct sockaddr_storage __ss;
123 struct sockaddr *sa = (struct sockaddr *)&__ss;
124 socklen_t sa_size = sizeof(__ss);
125 krb5_socket_t s;
126 pid_t pid;
127 krb5_address addr;
128 char buf[128];
129 size_t buf_len;
131 s = accept(socks[this_sock], sa, &sa_size);
132 if(rk_IS_BAD_SOCKET(s)) {
133 krb5_warn(context, rk_SOCK_ERRNO, "accept");
134 return 1;
136 e = krb5_sockaddr2address(context, sa, &addr);
137 if(e)
138 krb5_warn(context, e, "krb5_sockaddr2address");
139 else {
140 e = krb5_print_address (&addr, buf, sizeof(buf),
141 &buf_len);
142 if(e)
143 krb5_warn(context, e, "krb5_print_address");
144 else
145 krb5_warnx(context, "connection from %s", buf);
146 krb5_free_address(context, &addr);
149 pid = fork();
150 if(pid == 0) {
151 for(i = 0; i < num_socks; i++)
152 rk_closesocket(socks[i]);
153 dup2(s, STDIN_FILENO);
154 dup2(s, STDOUT_FILENO);
155 if(s != STDIN_FILENO && s != STDOUT_FILENO)
156 rk_closesocket(s);
157 return 0;
158 } else {
159 rk_closesocket(s);
161 return 1;
164 static int
165 wait_for_connection(krb5_context context,
166 krb5_socket_t *socks, unsigned int num_socks)
168 unsigned int i;
169 int e;
170 fd_set orig_read_set, read_set;
171 int max_fd = -1;
173 FD_ZERO(&orig_read_set);
175 for(i = 0; i < num_socks; i++) {
176 #ifdef FD_SETSIZE
177 if (socks[i] >= FD_SETSIZE)
178 errx (1, "fd too large");
179 #endif
180 FD_SET(socks[i], &orig_read_set);
181 max_fd = max(max_fd, socks[i]);
184 pgrp = getpid();
186 if(setpgid(0, pgrp) < 0)
187 err(1, "setpgid");
189 signal(SIGTERM, terminate);
190 signal(SIGINT, terminate);
191 signal(SIGCHLD, sigchld);
193 while (term_flag == 0) {
194 read_set = orig_read_set;
195 e = select(max_fd + 1, &read_set, NULL, NULL, NULL);
196 if(rk_IS_SOCKET_ERROR(e)) {
197 if(rk_SOCK_ERRNO != EINTR)
198 krb5_warn(context, rk_SOCK_ERRNO, "select");
199 } else if(e == 0)
200 krb5_warnx(context, "select returned 0");
201 else {
202 for(i = 0; i < num_socks; i++) {
203 if(FD_ISSET(socks[i], &read_set))
204 if(spawn_child(context, socks, num_socks, i) == 0)
205 return 0;
209 signal(SIGCHLD, SIG_IGN);
210 while(1) {
211 int status;
212 pid_t pid;
213 pid = waitpid(-1, &status, 0);
214 if(pid == -1 && errno == ECHILD)
215 break;
217 exit(0);
222 start_server(krb5_context context, const char *port_str)
224 int e;
225 struct kadm_port *p;
227 krb5_socket_t *socks = NULL, *tmp;
228 unsigned int num_socks = 0;
229 int i;
231 if (port_str == NULL)
232 port_str = "+";
234 parse_ports(context, port_str);
236 for(p = kadm_ports; p; p = p->next) {
237 struct addrinfo hints, *ai, *ap;
238 char portstr[32];
239 memset (&hints, 0, sizeof(hints));
240 hints.ai_flags = AI_PASSIVE;
241 hints.ai_socktype = SOCK_STREAM;
243 e = getaddrinfo(NULL, p->port, &hints, &ai);
244 if(e) {
245 snprintf(portstr, sizeof(portstr), "%u", p->def_port);
246 e = getaddrinfo(NULL, portstr, &hints, &ai);
249 if(e) {
250 krb5_warn(context, krb5_eai_to_heim_errno(e, errno),
251 "%s", portstr);
252 continue;
254 i = 0;
255 for(ap = ai; ap; ap = ap->ai_next)
256 i++;
257 tmp = realloc(socks, (num_socks + i) * sizeof(*socks));
258 if(tmp == NULL) {
259 krb5_warnx(context, "failed to reallocate %lu bytes",
260 (unsigned long)(num_socks + i) * sizeof(*socks));
261 continue;
263 socks = tmp;
264 for(ap = ai; ap; ap = ap->ai_next) {
265 krb5_socket_t s = socket(ap->ai_family, ap->ai_socktype, ap->ai_protocol);
266 if(rk_IS_BAD_SOCKET(s)) {
267 krb5_warn(context, rk_SOCK_ERRNO, "socket");
268 continue;
271 socket_set_reuseaddr(s, 1);
272 socket_set_ipv6only(s, 1);
274 if (rk_IS_SOCKET_ERROR(bind (s, ap->ai_addr, ap->ai_addrlen))) {
275 krb5_warn(context, rk_SOCK_ERRNO, "bind");
276 rk_closesocket(s);
277 continue;
279 if (rk_IS_SOCKET_ERROR(listen (s, SOMAXCONN))) {
280 krb5_warn(context, rk_SOCK_ERRNO, "listen");
281 rk_closesocket(s);
282 continue;
284 socks[num_socks++] = s;
286 freeaddrinfo (ai);
288 if(num_socks == 0)
289 krb5_errx(context, 1, "no sockets to listen to - exiting");
291 return wait_for_connection(context, socks, num_socks);