OpenSolaris_b135/cmd/krb5/slave/kpropd.c
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*
* All rights reserved.
*
* Export of this software from the United States of America may require
* a specific license from the United States Government. It is the
* responsibility of any person or organization contemplating export to
* obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of FundsXpress. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. FundsXpress makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
/*
* slave/kpropd.c
*
* Copyright 1990,1991 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
*
* XXX We need to modify the protocol so that an acknowledge is set
* after each block, instead after the entire series is sent over.
* The reason for this is so that error packets can get interpreted
* right away. If you don't do this, the sender may never get the
* error packet, because it will die an EPIPE trying to complete the
* write...
*/
#include <stdio.h>
#include <ctype.h>
#include <sys/file.h>
#include <signal.h>
#include <string.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/stat.h>
#include <sys/socket.h>
#include <sys/wait.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/param.h>
#include <netdb.h>
#include <syslog.h>
#include <libintl.h>
#include <locale.h>
#include <k5-int.h>
#include <socket-utils.h>
#include "com_err.h"
#include <errno.h>
#include "kprop.h"
#include <iprop_hdr.h>
#include "iprop.h"
#include <kadm5/admin.h>
#include <kdb/kdb_log.h>
/* Solaris Kerberos */
#include <libgen.h>
#define SYSLOG_CLASS LOG_DAEMON
#define INITIAL_TIMER 10
char *poll_time = NULL;
char *def_realm = NULL;
boolean_t runonce = B_FALSE;
/*
* Global fd to close upon alarm time-out.
*/
volatile int gfd = -1;
/*
* This struct simulates the use of _kadm5_server_handle_t
*/
typedef struct _kadm5_iprop_handle_t {
krb5_ui_4 magic_number;
krb5_ui_4 struct_version;
krb5_ui_4 api_version;
char *cache_name;
int destroy_cache;
CLIENT *clnt;
krb5_context context;
kadm5_config_params params;
struct _kadm5_iprop_handle_t *lhandle;
} *kadm5_iprop_handle_t;
static char *kprop_version = KPROP_PROT_VERSION;
char *progname;
int debug = 0;
char *srvtab = 0;
int standalone = 0;
krb5_principal server; /* This is our server principal name */
krb5_principal client; /* This is who we're talking to */
krb5_context kpropd_context;
krb5_auth_context auth_context;
char *realm = NULL; /* Our realm */
char *file = KPROPD_DEFAULT_FILE;
char *temp_file_name;
char *kdb5_util = KPROPD_DEFAULT_KDB5_UTIL;
char *kerb_database = NULL;
char *acl_file_name = KPROPD_ACL_FILE;
krb5_address sender_addr;
krb5_address receiver_addr;
short port = 0;
void PRS
(int, char**);
int do_standalone
(iprop_role iproprole);
void doit
(int);
krb5_error_code do_iprop(kdb_log_context *log_ctx);
/* Solaris Kerberos */
void kerberos_authenticate
(krb5_context,
int,
krb5_principal *,
krb5_enctype *,
struct sockaddr_storage *);
krb5_boolean authorized_principal
(krb5_context,
krb5_principal,
krb5_enctype);
void recv_database
(krb5_context,
int,
int,
krb5_data *);
void load_database
(krb5_context,
char *,
char *);
void send_error
(krb5_context,
int,
krb5_error_code,
char *);
void recv_error
(krb5_context,
krb5_data *);
int convert_polltime
(char *);
unsigned int backoff_from_master
(int *);
static void usage()
{
fprintf(stderr,
gettext("\nUsage: %s\n"), /* progname may be a long pathname */
progname);
fprintf(stderr,
gettext("\t[-r realm] [-s srvtab] [-dS] [-f slave_file]\n"));
fprintf(stderr,
gettext("\t[-F kerberos_db_file ] [-p kdb5_util_pathname]\n"));
fprintf(stderr, gettext("\t[-P port] [-a acl_file]\n"));
exit(1);
}
int
main(argc, argv)
int argc;
char **argv;
{
krb5_error_code retval;
int ret = 0;
kdb_log_context *log_ctx;
int iprop_supported;
krb5_boolean is_master = FALSE;
PRS(argc, argv);
log_ctx = kpropd_context->kdblog_context;
if (log_ctx && (log_ctx->iproprole == IPROP_SLAVE)) {
/*
* We wanna do iprop !
*/
retval = krb5_db_supports_iprop(kpropd_context,
&iprop_supported);
if (retval) {
/* Solaris Kerberos: Keep error messages consistent */
com_err(progname, retval,
gettext("while determining if dbmodule plugin "
"supports iprop"));
exit(1);
}
if (!iprop_supported) {
/* Solaris Kerberos: Keep error messages consistent */
com_err(progname, 0,
gettext("Current dbmodule plugin does not support "
"iprop"));
exit(1);
}
/*
* Solaris Kerberos:
* Ensure that kpropd is only run on a slave
*/
if (retval = kadm5_is_master(kpropd_context, def_realm,
&is_master)) {
com_err(progname, retval,
gettext("while trying to determine whether host is "
"master KDC for realm %s"), def_realm);
exit(1);
}
if (is_master == TRUE) {
char *master = NULL;
kadm5_get_master(kpropd_context, def_realm, &master);
com_err(progname, 0,
gettext("%s is the master KDC for the realm %s. "
"%s can only be run on a slave KDC"),
master ? master : "unknown", def_realm, progname);
exit(1);
}
retval = do_iprop(log_ctx);
if (retval) {
/* Solaris Kerberos: Keep error messages consistent */
com_err(progname, retval,
gettext("while doing iprop"));
exit(1);
}
} else {
/*
* Solaris Kerberos:
* Ensure that the kpropd.acl file exists and contains at least
* 1 entry.
*/
FILE *tmp_acl_file;
int seen_file = 0;
char buf[1024];
tmp_acl_file = fopen(acl_file_name, "r");
if (!tmp_acl_file) {
com_err(progname, errno,
gettext("while opening acl file %s"),
acl_file_name);
exit(1);
}
while (!feof(tmp_acl_file) && !seen_file ) {
if (!fgets(buf, sizeof(buf), tmp_acl_file))
break;
if (buf[0] != '#' && !isspace(buf[0]))
seen_file = 1;
}
if (!seen_file) {
com_err(progname, 0,
gettext("No entries found in %s. Can't "
"authorize propagation requests"), acl_file_name);
exit(1);
}
fclose(tmp_acl_file);
if (standalone)
ret = do_standalone(IPROP_NULL);
else
doit(0);
}
exit(ret);
}
void resync_alarm(int sn)
{
close(gfd);
if (debug)
fprintf(stderr, gettext("resync_alarm: closing fd: %d\n"), gfd);
gfd = -1;
}
int do_standalone(iprop_role iproprole)
{
struct linger linger;
struct servent *sp;
int finet, fromlen, s;
int on = 1;
int ret, status = 0;
struct sockaddr_in6 sin6 = { AF_INET6 };
int sin6_size = sizeof (sin6);
/*
* Timer for accept/read calls, in case of network type errors.
*/
int backoff_timer = INITIAL_TIMER;
retry:
/* listen for either ipv4 or ipv6 */
finet = socket(AF_INET6, SOCK_STREAM, IPPROTO_TCP);
if (finet < 0 ) {
com_err(progname, errno, gettext("while obtaining socket"));
exit(1);
}
if(!port) {
sp = getservbyname(KPROP_SERVICE, "tcp");
if (sp == NULL) {
com_err(progname, 0, gettext("%s/tcp: unknown service"),
KPROP_SERVICE);
exit(1);
}
sin6.sin6_port = sp->s_port;
} else
sin6.sin6_port = port;
/*
* We need to close the socket immediately if iprop is enabled,
* since back-to-back full resyncs are possible, so we do not
* linger around for too long
*/
if (iproprole == IPROP_SLAVE) {
if (setsockopt(finet, SOL_SOCKET, SO_REUSEADDR,
(char *)&on, sizeof(on)) < 0)
com_err(progname, errno,
gettext("while setting socket option (SO_REUSEADDR)"));
linger.l_onoff = 1;
linger.l_linger = 2;
if (setsockopt(finet, SOL_SOCKET, SO_LINGER,
(void *)&linger, sizeof(linger)) < 0)
com_err(progname, errno,
gettext("while setting socket option (SO_LINGER)"));
/*
* We also want to set a timer so that the slave is not waiting
* until infinity for an update from the master.
*/
gfd = finet;
signal(SIGALRM, resync_alarm);
if (debug) {
fprintf(stderr, "do_standalone: setting resync alarm to %d\n",
backoff_timer);
}
if (alarm(backoff_timer) != 0) {
if (debug) {
fprintf(stderr,
gettext("%s: alarm already set\n"), progname);
}
}
backoff_timer *= 2;
}
if ((ret = bind(finet, (struct sockaddr *)&sin6, sizeof(sin6))) < 0) {
if (debug) {
on = 1;
fprintf(stderr,
gettext("%s: attempting to rebind socket "
"with SO_REUSEADDR\n"), progname);
if (setsockopt(finet, SOL_SOCKET, SO_REUSEADDR,
(char *)&on, sizeof(on)) < 0) {
com_err(progname, errno,
gettext("while setting socket option (SO_REUSEADDR)"));
}
ret = bind(finet, (struct sockaddr *) &sin6, sizeof(sin6));
}
if (ret < 0) {
/*
* Solaris Kerberos:
* com_err will print the err msg associated with errno
*/
#if 0
perror(gettext("bind"));
#endif
com_err(progname, errno,
gettext("while binding listener socket"));
exit(1);
}
}
if (!debug && (iproprole != IPROP_SLAVE)) {
/* Solaris Kerberos: Indicate where further messages will be sent */
fprintf(stderr,
gettext("%s: Logging to SYSLOG with LOG_DAEMON facility\n"),
progname);
if (daemon(1, 0)) {
com_err(progname, errno, gettext("while daemonizing"));
exit(1);
}
rem_default_com_err_hook();
}
#ifdef PID_FILE
if ((pidfile = fopen(PID_FILE, "w")) != NULL) {
fprintf(pidfile, gettext("%d\n"), getpid());
fclose(pidfile);
} else
com_err(progname, errno,
gettext("while opening pid file %s for writing"),
PID_FILE);
#endif
if (listen(finet, 5) < 0) {
/* Solaris Kerberos: Keep error messages consistent */
com_err(progname, errno, gettext("while listening on socket"));
exit(1);
}
while (1) {
int child_pid;
s = accept(finet, (struct sockaddr *) &sin6, &sin6_size);
if (s < 0) {
int e = errno;
if (e != EINTR) {
/*
* Solaris Kerberos: Keep error messages
* consistent
*/
com_err(progname, e,
gettext("while accepting connection"));
backoff_timer = INITIAL_TIMER;
}
/*
* If we got EBADF, an alarm signal handler closed
* the file descriptor on us.
*/
if (e != EBADF)
close(finet);
/*
* An alarm could have been set and the fd closed, we
* should retry in case of transient network error for
* up to a couple of minutes.
*/
if (backoff_timer > 120)
return (EINTR);
goto retry;
}
alarm(0);
gfd = -1;
if (debug && (iproprole != IPROP_SLAVE))
child_pid = 0;
else
child_pid = fork();
switch (child_pid) {
case -1:
com_err(progname, errno, gettext("while forking"));
exit(1);
/*NOTREACHED*/
case 0:
/* child */
(void) close(finet);
doit(s);
close(s);
_exit(0);
/*NOTREACHED*/
default:
/* parent */
/*
* Errors should not be considered fatal in the iprop case as we
* could have transient type errors, such as network outage, etc.
* Sleeping 3s for 2s linger interval.
*/
if (wait(&status) < 0) {
com_err(progname, errno,
gettext("while waiting to receive database"));
if (iproprole != IPROP_SLAVE)
exit(1);
sleep(3);
}
close(s);
if (iproprole == IPROP_SLAVE)
close(finet);
if ((ret = WEXITSTATUS(status)) != 0)
return (ret);
}
if (iproprole == IPROP_SLAVE)
break;
}
return (0);
}
void doit(fd)
int fd;
{
struct sockaddr_storage from;
socklen_t fromlen;
int on = 1;
struct hostent *hp;
krb5_error_code retval;
krb5_data confmsg;
int lock_fd;
mode_t omask;
krb5_enctype etype;
int database_fd;
char ntop[NI_MAXHOST] = "";
krb5_context doit_context;
kdb_log_context *log_ctx;
retval = krb5_init_context(&doit_context);
if (retval) {
com_err(progname, retval, gettext("while initializing krb5"));
exit(1);
}
log_ctx = kpropd_context->kdblog_context;
if (log_ctx && (log_ctx->iproprole == IPROP_SLAVE)) {
ulog_set_role(doit_context, IPROP_SLAVE);
/*
* We also want to set a timer so that the slave is not waiting
* until infinity for an update from the master.
*/
if (debug)
fprintf(stderr, "doit: setting resync alarm to %ds\n",
INITIAL_TIMER);
signal(SIGALRM, resync_alarm);
gfd = fd;
if (alarm(INITIAL_TIMER) != 0) {
if (debug) {
fprintf(stderr,
gettext("%s: alarm already set\n"), progname);
}
}
}
fromlen = (socklen_t)sizeof (from);
if (getpeername(fd, (struct sockaddr *) &from, &fromlen) < 0) {
fprintf(stderr, "%s: ", progname);
perror(gettext("getpeername"));
exit(1);
}
if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (caddr_t) &on,
sizeof (on)) < 0) {
com_err(progname, errno,
gettext("while attempting setsockopt (SO_KEEPALIVE)"));
}
if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop),
NULL, 0, NI_NUMERICHOST) != 0) {
/* getnameifo failed so use inet_ntop() to get printable addresses */
if (from.ss_family == AF_INET) {
inet_ntop(AF_INET,
(const void *)&ss2sin(&from)->sin_addr,
ntop, sizeof(ntop));
} else if (from.ss_family == AF_INET6 &&
! IN6_IS_ADDR_V4MAPPED(&ss2sin6(&from)->sin6_addr)) {
ipaddr_t v4addr;
inet_ntop(AF_INET6,
(const void *)&ss2sin6(&from)->sin6_addr, ntop,
sizeof(ntop));
}
/* ipv4 mapped ipv6 addrs handled later */
}
if (from.ss_family == AF_INET || from.ss_family == AF_INET6) {
if (from.ss_family == AF_INET6 &&
IN6_IS_ADDR_V4MAPPED(&ss2sin6(&from)->sin6_addr)) {
ipaddr_t v4addr;
/* coerce ipv4 mapped ipv6 addr to normal ipv4 addr */
IN6_V4MAPPED_TO_IPADDR(&(ss2sin6(&from)->sin6_addr),
v4addr);
inet_ntop(AF_INET, (const void *) &v4addr,
ntop, sizeof(ntop));
}
syslog(LOG_INFO, gettext("Connection from %s"), ntop);
if (debug)
printf("Connection from %s\n", ntop);
} else {
/* address family isn't either AF_INET || AF_INET6 */
syslog(LOG_INFO,
gettext("Connection from unknown address family:%d"),
from.ss_family);
if (debug) {
printf(gettext("Connection from unknown address family:%d"),
from.ss_family);
}
}
/*
* Now do the authentication
*/
/* Solaris Kerberos */
kerberos_authenticate(doit_context, fd, &client, &etype, &from);
/*
* Turn off alarm upon successful authentication from master.
*/
alarm(0);
gfd = -1;
if (!authorized_principal(doit_context, client, etype)) {
char *name;
retval = krb5_unparse_name(doit_context, client, &name);
if (retval) {
/* Solaris Kerberos: Keep error messages consistent */
com_err(progname, retval,
gettext("while unparsing client name"));
exit(1);
}
syslog(LOG_WARNING,
gettext("Rejected connection from unauthorized principal %s"),
name);
free(name);
exit(1);
}
omask = umask(077);
lock_fd = open(temp_file_name, O_RDWR|O_CREAT, 0600);
(void) umask(omask);
retval = krb5_lock_file(doit_context, lock_fd,
KRB5_LOCKMODE_EXCLUSIVE|KRB5_LOCKMODE_DONTBLOCK);
if (retval) {
com_err(progname, retval,
gettext("while trying to lock '%s'"),
temp_file_name);
exit(1);
}
if ((database_fd = open(temp_file_name,
O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) {
com_err(progname, errno,
gettext("while opening database file, '%s'"),
temp_file_name);
exit(1);
}
recv_database(doit_context, fd, database_fd, &confmsg);
if (rename(temp_file_name, file)) {
/* Solaris Kerberos: Keep error messages consistent */
com_err(progname, errno,
gettext("while renaming %s to %s"),
temp_file_name, file);
exit(1);
}
retval = krb5_lock_file(doit_context, lock_fd, KRB5_LOCKMODE_SHARED);
if (retval) {
com_err(progname, retval,
gettext("while downgrading lock on '%s'"),
temp_file_name);
exit(1);
}
load_database(doit_context, kdb5_util, file);
retval = krb5_lock_file(doit_context, lock_fd, KRB5_LOCKMODE_UNLOCK);
if (retval) {
com_err(progname, retval,
gettext("while unlocking '%s'"), temp_file_name);
exit(1);
}
(void)close(lock_fd);
/*
* Send the acknowledgement message generated in
* recv_database, then close the socket.
*/
retval = krb5_write_message(doit_context, (void *) &fd, &confmsg);
if (retval) {
krb5_free_data_contents(doit_context, &confmsg);
com_err(progname, retval,
gettext("while sending # of received bytes"));
exit(1);
}
krb5_free_data_contents(doit_context, &confmsg);
if (close(fd) < 0) {
com_err(progname, errno,
gettext("while trying to close database file"));
exit(1);
}
exit(0);
}
/*
* Routine to handle incremental update transfer(s) from master KDC
*/
krb5_error_code do_iprop(kdb_log_context *log_ctx) {
CLIENT *cl;
kadm5_ret_t retval;
kadm5_config_params params;
krb5_ccache cc;
krb5_principal iprop_svc_principal;
void *server_handle = NULL;
char *iprop_svc_princstr = NULL;
char *master_svc_princstr = NULL;
char *admin_server = NULL;
char *keytab_name = NULL;
unsigned int pollin, backoff_time;
int backoff_cnt = 0;
int reinit_cnt = 0;
int ret;
boolean_t frdone = B_FALSE;
kdb_incr_result_t *incr_ret;
static kdb_last_t mylast;
kdb_fullresync_result_t *full_ret;
char *full_resync_arg = NULL;
kadm5_iprop_handle_t handle;
kdb_hlog_t *ulog;
krb5_keytab kt;
krb5_keytab_entry entry;
char kt_name[MAX_KEYTAB_NAME_LEN];
/*
* Solaris Kerberos:
* Delay daemonizing until some basic configuration checks have been
* performed
*/
#if 0
if (!debug)
daemon(0, 0);
#endif
pollin = (unsigned int)0;
(void) memset((char *)¶ms, 0, sizeof (params));
ulog = log_ctx->ulog;
params.mask |= KADM5_CONFIG_REALM;
params.realm = def_realm;
if (master_svc_princstr == NULL) {
if (retval = kadm5_get_kiprop_host_srv_name(kpropd_context,
def_realm, &master_svc_princstr)) {
/* Solaris Kerberos: keep error messages consistent */
com_err(progname, retval,
gettext("while getting kiprop host based "
"service name for realm %s"), def_realm);
exit(1);
}
}
/*
* Set cc to the default credentials cache
*/
if (retval = krb5_cc_default(kpropd_context, &cc)) {
com_err(progname, retval,
gettext("while opening default "
"credentials cache"));
exit(1);
}
retval = krb5_sname_to_principal(kpropd_context, NULL, KIPROP_SVC_NAME,
KRB5_NT_SRV_HST, &iprop_svc_principal);
if (retval) {
com_err(progname, retval, gettext("while trying to construct "
"host service principal"));
exit(1);
}
/* Solaris Kerberos */
if (krb5_is_referral_realm(krb5_princ_realm(kpropd_context,
iprop_svc_principal))) {
krb5_data *r = krb5_princ_realm(kpropd_context,
iprop_svc_principal);
assert(def_realm != NULL);
r->length = strlen(def_realm);
r->data = strdup(def_realm);
if (r->data == NULL) {
com_err(progname, retval,
("while determining local service principal name"));
exit(1);
}
}
if (retval = krb5_unparse_name(kpropd_context, iprop_svc_principal,
&iprop_svc_princstr)) {
com_err(progname, retval,
gettext("while canonicalizing "
"principal name"));
krb5_free_principal(kpropd_context, iprop_svc_principal);
exit(1);
}
/*
* Solaris Kerberos:
* Check to see if kiprop/<fqdn>@REALM is in the keytab
*/
kt_name[0] = '\0';
if (retval = krb5_kt_default_name(kpropd_context, kt_name,
MAX_KEYTAB_NAME_LEN)){
com_err(progname, retval, gettext ("while resolving the "
"name of the default keytab"));
}
if (retval = krb5_kt_default(kpropd_context, &kt)) {
com_err(progname, retval, gettext ("while resolving default "
"keytab"));
krb5_free_principal(kpropd_context, iprop_svc_principal);
exit(1);
}
if (retval = krb5_kt_get_entry(kpropd_context, kt, iprop_svc_principal,
0, 0, &entry)) {
com_err(progname, retval, gettext("while retrieving entry %s "
"from %s"), iprop_svc_princstr,
kt_name[0] ? kt_name : "default keytab");
krb5_kt_close(kpropd_context,kt);
krb5_free_principal(kpropd_context, iprop_svc_principal);
exit(1);
}
krb5_kt_close(kpropd_context,kt);
krb5_free_principal(kpropd_context, iprop_svc_principal);
if (!debug) {
/* Solaris Kerberos: Indicate where further messages will be sent */
fprintf(stderr, gettext("%s: Logging to SYSLOG\n"), progname);
if (daemon(0, 0)) {
com_err(progname, errno, gettext("while daemonizing"));
exit(1);
}
rem_default_com_err_hook();
}
reinit:
/*
* Authentication, initialize rpcsec_gss handle etc.
*/
retval = kadm5_init_with_skey(iprop_svc_princstr, keytab_name,
master_svc_princstr,
¶ms,
KADM5_STRUCT_VERSION,
KADM5_API_VERSION_2,
NULL,
&server_handle);
if (retval) {
if (retval == KADM5_RPC_ERROR) {
reinit_cnt++;
if (server_handle)
kadm5_destroy((void *) server_handle);
server_handle = (void *)NULL;
handle = (kadm5_iprop_handle_t)NULL;
com_err(progname, retval, gettext(
"while attempting to connect"
" to master KDC ... retrying"));
backoff_time = backoff_from_master(&reinit_cnt);
(void) sleep(backoff_time);
goto reinit;
} else {
/* Solaris Kerberos: Be more verbose */
com_err(progname, retval,
gettext("while initializing %s interface for "
"%s"), progname, iprop_svc_princstr);
if (retval == KADM5_BAD_CLIENT_PARAMS ||
retval == KADM5_BAD_SERVER_PARAMS)
usage();
exit(1);
}
}
/*
* Reset re-initialization count to zero now.
*/
reinit_cnt = backoff_time = 0;
/*
* Reset the handle to the correct type for the RPC call
*/
handle = server_handle;
/*
* If we have reached this far, we have succesfully established
* a RPCSEC_GSS connection; we now start polling for updates
*/
if (poll_time == NULL) {
if ((poll_time = (char *)strdup("2m")) == NULL) {
/* Solaris Kerberos: Keep error messages consistent */
com_err(progname, ENOMEM,
gettext("while allocating poll_time"));
exit(1);
}
}
if (pollin == (unsigned int)0)
pollin = convert_polltime(poll_time);
for (;;) {
incr_ret = NULL;
full_ret = NULL;
/*
* Get the most recent ulog entry sno + ts, which
* we package in the request to the master KDC
*/
mylast.last_sno = ulog->kdb_last_sno;
mylast.last_time = ulog->kdb_last_time;
/*
* Loop continuously on an iprop_get_updates_1(),
* so that we can keep probing the master for updates
* or (if needed) do a full resync of the krb5 db.
*/
incr_ret = iprop_get_updates_1(&mylast, handle->clnt);
if (incr_ret == (kdb_incr_result_t *)NULL) {
clnt_perror(handle->clnt,
"iprop_get_updates call failed");
if (server_handle)
kadm5_destroy((void *)server_handle);
server_handle = (void *)NULL;
handle = (kadm5_iprop_handle_t)NULL;
goto reinit;
}
switch (incr_ret->ret) {
case UPDATE_FULL_RESYNC_NEEDED:
/*
* We dont do a full resync again, if the last
* X'fer was a resync and if the master sno is
* still "0", i.e. no updates so far.
*/
if ((frdone == B_TRUE) && (incr_ret->lastentry.last_sno
== 0)) {
break;
} else {
full_ret = iprop_full_resync_1((void *)
&full_resync_arg, handle->clnt);
if (full_ret == (kdb_fullresync_result_t *)
NULL) {
clnt_perror(handle->clnt,
"iprop_full_resync call failed");
if (server_handle)
kadm5_destroy((void *)
server_handle);
server_handle = (void *)NULL;
handle = (kadm5_iprop_handle_t)NULL;
goto reinit;
}
}
switch (full_ret->ret) {
case UPDATE_OK:
backoff_cnt = 0;
/*
* We now listen on the kprop port for
* the full dump
*/
ret = do_standalone(log_ctx->iproprole);
if (debug)
if (ret)
fprintf(stderr,
gettext("Full resync "
"was unsuccessful\n"));
else
fprintf(stderr,
gettext("Full resync "
"was successful\n"));
if (ret) {
syslog(LOG_WARNING,
gettext("kpropd: Full resync, "
"invalid return."));
/*
* Start backing-off immediately after
* failure.
*/
backoff_cnt++;
frdone = B_FALSE;
} else
frdone = B_TRUE;
break;
case UPDATE_BUSY:
/*
* Exponential backoff
*/
backoff_cnt++;
break;
case UPDATE_FULL_RESYNC_NEEDED:
case UPDATE_NIL:
default:
backoff_cnt = 0;
frdone = B_FALSE;
syslog(LOG_ERR, gettext("kpropd: Full resync,"
" invalid return from master KDC."));
break;
case UPDATE_PERM_DENIED:
syslog(LOG_ERR, gettext("kpropd: Full resync,"
" permission denied."));
goto error;
case UPDATE_ERROR:
syslog(LOG_ERR, gettext("kpropd: Full resync,"
" error returned from master KDC."));
goto error;
}
break;
case UPDATE_OK:
backoff_cnt = 0;
frdone = B_FALSE;
/*
* ulog_replay() will convert the ulog updates to db
* entries using the kdb conv api and will commit
* the entries to the slave kdc database
*/
retval = ulog_replay(kpropd_context, incr_ret);
if (retval) {
syslog(LOG_ERR, gettext("kpropd: ulog_replay"
" failed, updates not registered."));
break;
}
if (debug)
fprintf(stderr, gettext("Update transfer "
"from master was OK\n"));
break;
case UPDATE_PERM_DENIED:
syslog(LOG_ERR, gettext("kpropd: get_updates,"
" permission denied."));
goto error;
case UPDATE_ERROR:
syslog(LOG_ERR, gettext("kpropd: get_updates, error "
"returned from master KDC."));
goto error;
case UPDATE_BUSY:
/*
* Exponential backoff
*/
backoff_cnt++;
break;
case UPDATE_NIL:
/*
* Master-slave are in sync
*/
if (debug)
fprintf(stderr, gettext("Master, slave KDC's "
"are in-sync, no updates\n"));
backoff_cnt = 0;
frdone = B_FALSE;
break;
default:
backoff_cnt = 0;
syslog(LOG_ERR, gettext("kpropd: get_updates,"
" invalid return from master KDC."));
break;
}
if (runonce == B_TRUE)
goto done;
/*
* Sleep for the specified poll interval (Default is 2 mts),
* or do a binary exponential backoff if we get an
* UPDATE_BUSY signal
*/
if (backoff_cnt > 0) {
backoff_time = backoff_from_master(&backoff_cnt);
if (debug)
fprintf(stderr, gettext("Busy signal received "
"from master, backoff for %d secs\n"),
backoff_time);
(void) sleep(backoff_time);
}
else
(void) sleep(pollin);
}
error:
if (debug)
fprintf(stderr, gettext("ERROR returned by master, bailing\n"));
syslog(LOG_ERR, gettext("kpropd: ERROR returned by master KDC,"
" bailing.\n"));
done:
if (poll_time)
free(poll_time);
if(iprop_svc_princstr)
free(iprop_svc_princstr);
if (master_svc_princstr)
free(master_svc_princstr);
if (retval = krb5_cc_close(kpropd_context, cc)) {
com_err(progname, retval,
gettext("while closing default ccache"));
exit(1);
}
if (def_realm)
free(def_realm);
if (server_handle)
kadm5_destroy((void *)server_handle);
if (kpropd_context)
krb5_free_context(kpropd_context);
if (runonce == B_TRUE)
return (0);
else
exit(1);
}
/*
* Do exponential backoff, since master KDC is BUSY or down
*/
unsigned int backoff_from_master(int *cnt) {
unsigned int btime;
btime = (unsigned int)(2<<(*cnt));
if (btime > MAX_BACKOFF) {
btime = MAX_BACKOFF;
*cnt--;
}
return (btime);
}
/*
* Routine to convert the `pollstr' string to seconds
*/
int convert_polltime(char *pollstr) {
char *tokenptr = NULL;
int len, polltime;
len = polltime = 0;
if ((len = strcspn(pollstr, "s")) < strlen(pollstr)) {
tokenptr = malloc((len + 1) * sizeof(char));
(void) strlcpy(tokenptr, pollstr, len + 1);
polltime = atoi(tokenptr);
}
if ((len = strcspn(pollstr, "m")) < strlen(pollstr)) {
tokenptr = malloc((len + 1) * sizeof(char));
(void) strlcpy(tokenptr, pollstr, len + 1);
polltime = atoi(tokenptr) * 60;
}
if ((len = strcspn(pollstr, "h")) < strlen(pollstr)) {
tokenptr = malloc((len + 1) * sizeof(char));
(void) strlcpy(tokenptr, pollstr, len + 1);
polltime = atoi(tokenptr) * 3600;
}
if (tokenptr != NULL)
free(tokenptr);
/*
* If we have a bogus pollstr value, set polltime to the
* default of 2 mts (120 seconds).
*/
if (polltime == 0)
polltime = 120;
return (polltime);
}
static void
kpropd_com_err_proc(whoami, code, fmt, args)
const char *whoami;
long code;
const char *fmt;
va_list args;
{
char error_buf[8096];
error_buf[0] = '\0';
if (fmt)
vsprintf(error_buf, fmt, args);
syslog(LOG_ERR, "%s%s%s%s%s", whoami ? whoami : "", whoami ? ": " : "",
code ? error_message(code) : "", code ? " " : "", error_buf);
}
void PRS(argc,argv)
int argc;
char **argv;
{
register char *word, ch;
char *cp;
int c;
struct hostent *hp;
char my_host_name[MAXHOSTNAMELEN], buf[BUFSIZ];
krb5_error_code retval;
static const char tmp[] = ".temp";
kadm5_config_params params;
(void) setlocale(LC_ALL, "");
#if !defined(TEXT_DOMAIN) /* Should be defined by cc -D */
#define TEXT_DOMAIN "KPROPD_TEST" /* Use this only if it weren't */
#endif
(void) textdomain(TEXT_DOMAIN);
(void) memset((char *) ¶ms, 0, sizeof (params));
retval = krb5_init_context(&kpropd_context);
if (retval) {
com_err(argv[0], retval,
gettext("while initializing krb5"));
exit(1);
}
/* Solaris Kerberos: Sanitize progname */
progname = basename(argv[0]);
while ((c = getopt(argc, argv, "dtf:F:p:P:r:s:Sa:")) != EOF){
switch (c) {
case 'd':
debug++;
break;
case 't':
/*
* Undocumented option - for testing only.
*
* Option to run the kpropd server exactly
* once (this is true only if iprop is enabled).
*/
runonce = B_TRUE;
break;
case 'f':
file = optarg;
if (!file)
usage();
break;
case 'F':
kerb_database = optarg;
if (!kerb_database)
usage();
break;
case 'p':
kdb5_util = optarg;
if (!kdb5_util)
usage();
break;
case 'P':
port = htons(atoi(optarg));
if (!port)
usage();
break;
case 'r':
realm = optarg;
if (!realm)
usage();
params.realm = realm;
params.mask |= KADM5_CONFIG_REALM;
break;
case 's':
srvtab = optarg;
if (!srvtab)
usage();
break;
case 'S':
standalone++;
break;
case 'a':
acl_file_name = optarg;
if (!acl_file_name)
usage();
break;
case '?':
default:
usage();
}
}
/*
* If not in debug mode, switch com_err reporting to syslog
*/
if (! debug) {
openlog("kpropd", LOG_PID | LOG_ODELAY, SYSLOG_CLASS);
/*
* Solaris Kerberos:
* Don't replace default logging. Add a new logging channel.
* Stop logging to stderr when daemonizing
*/
add_com_err_hook(kpropd_com_err_proc);
}
/*
* Get my hostname, so we can construct my service name
*/
retval = krb5_sname_to_principal(kpropd_context,
NULL, KPROP_SERVICE_NAME,
KRB5_NT_SRV_HST, &server);
if (retval) {
/* Solaris Kerberos: Keep error messages consistent */
com_err(progname, retval,
gettext("while trying to construct my service name"));
exit(1);
}
if (realm) {
retval = krb5_set_principal_realm(kpropd_context, server, realm);
if (retval) {
com_err(progname, errno,
gettext("while constructing my service realm"));
exit(1);
}
}
/*
* Construct the name of the temporary file.
*/
if ((temp_file_name = (char *) malloc(strlen(file) +
strlen(tmp) + 1)) == NULL) {
com_err(progname, ENOMEM,
gettext("while allocating filename for temp file"));
exit(1);
}
strcpy(temp_file_name, file);
strcat(temp_file_name, tmp);
retval = kadm5_get_config_params(kpropd_context, 1, NULL, ¶ms,
¶ms);
if (retval) {
com_err(progname, retval, gettext("while initializing"));
exit(1);
}
if (params.iprop_enabled == TRUE) {
ulog_set_role(kpropd_context, IPROP_SLAVE);
poll_time = params.iprop_polltime;
if (ulog_map(kpropd_context, ¶ms, FKPROPD)) {
/* Solaris Kerberos: Keep error messages consistent */
com_err(progname, errno,
gettext("while mapping log"));
exit(1);
}
}
/*
* Grab the realm info and check if iprop is enabled.
*/
if (def_realm == NULL) {
retval = krb5_get_default_realm(kpropd_context, &def_realm);
if (retval) {
/* Solaris Kerberos: Keep error messages consistent */
com_err(progname, retval,
gettext("while retrieving default realm"));
exit(1);
}
}
}
/*
* Figure out who's calling on the other end of the connection....
*/
/* Solaris Kerberos */
void
kerberos_authenticate(context, fd, clientp, etype, ss)
krb5_context context;
int fd;
krb5_principal * clientp;
krb5_enctype * etype;
struct sockaddr_storage * ss;
{
krb5_error_code retval;
krb5_ticket * ticket;
struct sockaddr_storage r_ss;
int ss_length;
krb5_keytab keytab = NULL;
/*
* Set recv_addr and send_addr
*/
/* Solaris Kerberos */
if (cvtkaddr(ss, &sender_addr) == NULL) {
com_err(progname, errno,
gettext("while converting socket address"));
exit(1);
}
ss_length = sizeof (r_ss);
if (getsockname(fd, (struct sockaddr *) &r_ss, &ss_length)) {
com_err(progname, errno,
gettext("while getting local socket address"));
exit(1);
}
if (cvtkaddr(&r_ss, &receiver_addr) == NULL) {
com_err(progname, errno,
gettext("while converting socket address"));
exit(1);
}
if (debug) {
char *name;
retval = krb5_unparse_name(context, server, &name);
if (retval) {
/* Solaris Kerberos: Keep error messages consistent */
com_err(progname, retval, gettext("while unparsing server name"));
exit(1);
}
printf(gettext("krb5_recvauth(%d, %s, %s, ...)\n"), fd, kprop_version,
name);
free(name);
}
retval = krb5_auth_con_init(context, &auth_context);
if (retval) {
syslog(LOG_ERR, gettext("Error in krb5_auth_con_init: %s"),
error_message(retval));
exit(1);
}
retval = krb5_auth_con_setflags(context, auth_context,
KRB5_AUTH_CONTEXT_DO_SEQUENCE);
if (retval) {
syslog(LOG_ERR, gettext("Error in krb5_auth_con_setflags: %s"),
error_message(retval));
exit(1);
}
retval = krb5_auth_con_setaddrs(context, auth_context, &receiver_addr,
&sender_addr);
if (retval) {
syslog(LOG_ERR, gettext("Error in krb5_auth_con_setaddrs: %s"),
error_message(retval));
exit(1);
}
if (srvtab) {
retval = krb5_kt_resolve(context, srvtab, &keytab);
if (retval) {
syslog(LOG_ERR, gettext("Error in krb5_kt_resolve: %s"), error_message(retval));
exit(1);
}
}
retval = krb5_recvauth(context, &auth_context, (void *) &fd,
kprop_version, server, 0, keytab, &ticket);
if (retval) {
syslog(LOG_ERR, gettext("Error in krb5_recvauth: %s"), error_message(retval));
exit(1);
}
retval = krb5_copy_principal(context, ticket->enc_part2->client, clientp);
if (retval) {
syslog(LOG_ERR, gettext("Error in krb5_copy_prinicpal: %s"),
error_message(retval));
exit(1);
}
*etype = ticket->enc_part.enctype;
if (debug) {
char * name;
char etypebuf[100];
retval = krb5_unparse_name(context, *clientp, &name);
if (retval) {
/* Solaris Kerberos: Keep error messages consistent */
com_err(progname, retval,
gettext("while unparsing client name"));
exit(1);
}
retval = krb5_enctype_to_string(*etype, etypebuf, sizeof(etypebuf));
if (retval) {
/* Solaris Kerberos: Keep error messages consistent */
com_err(progname, retval, gettext("while unparsing ticket etype"));
exit(1);
}
printf("authenticated client: %s (etype == %s)\n", name, etypebuf);
free(name);
}
krb5_free_ticket(context, ticket);
}
krb5_boolean
authorized_principal(context, p, auth_etype)
krb5_context context;
krb5_principal p;
krb5_enctype auth_etype;
{
char *name, *ptr;
char buf[1024];
krb5_error_code retval;
FILE *acl_file;
int end;
krb5_enctype acl_etype;
retval = krb5_unparse_name(context, p, &name);
if (retval)
return FALSE;
acl_file = fopen(acl_file_name, "r");
if (!acl_file)
return FALSE;
while (!feof(acl_file)) {
if (!fgets(buf, sizeof(buf), acl_file))
break;
end = strlen(buf) - 1;
if (buf[end] == '\n')
buf[end] = '\0';
if (!strncmp(name, buf, strlen(name))) {
ptr = buf+strlen(name);
/* if the next character is not whitespace or nul, then
the match is only partial. continue on to new lines. */
if (*ptr && !isspace((int) *ptr))
continue;
/* otherwise, skip trailing whitespace */
for (; *ptr && isspace((int) *ptr); ptr++) ;
/* now, look for an etype string. if there isn't one,
return true. if there is an invalid string, continue.
If there is a valid string, return true only if it
matches the etype passed in, otherwise continue */
if ((*ptr) &&
((retval = krb5_string_to_enctype(ptr, &acl_etype)) ||
(acl_etype != auth_etype)))
continue;
free(name);
fclose(acl_file);
return TRUE;
}
}
free(name);
fclose(acl_file);
return FALSE;
}
void
recv_database(context, fd, database_fd, confmsg)
krb5_context context;
int fd;
int database_fd;
krb5_data *confmsg;
{
krb5_ui_4 database_size; /* This must be 4 bytes */
int received_size, n;
char buf[1024];
krb5_data inbuf, outbuf;
krb5_error_code retval;
/*
* Receive and decode size from client
*/
retval = krb5_read_message(context, (void *) &fd, &inbuf);
if (retval) {
send_error(context, fd, retval, gettext("while reading database size"));
com_err(progname, retval,
gettext("while reading size of database from client"));
exit(1);
}
if (krb5_is_krb_error(&inbuf))
recv_error(context, &inbuf);
retval = krb5_rd_safe(context,auth_context,&inbuf,&outbuf,NULL);
if (retval) {
send_error(context, fd, retval, gettext(
"while decoding database size"));
krb5_free_data_contents(context, &inbuf);
com_err(progname, retval,
gettext("while decoding database size from client"));
exit(1);
}
memcpy((char *) &database_size, outbuf.data, sizeof(database_size));
krb5_free_data_contents(context, &inbuf);
krb5_free_data_contents(context, &outbuf);
database_size = ntohl(database_size);
/*
* Initialize the initial vector.
*/
retval = krb5_auth_con_initivector(context, auth_context);
if (retval) {
send_error(context, fd, retval, gettext(
"failed while initializing i_vector"));
com_err(progname, retval, gettext("while initializing i_vector"));
exit(1);
}
/*
* Now start receiving the database from the net
*/
received_size = 0;
while (received_size < database_size) {
retval = krb5_read_message(context, (void *) &fd, &inbuf);
if (retval) {
snprintf(buf, sizeof (buf),
gettext("while reading database block starting at offset %d"),
received_size);
com_err(progname, retval, buf);
send_error(context, fd, retval, buf);
exit(1);
}
if (krb5_is_krb_error(&inbuf))
recv_error(context, &inbuf);
retval = krb5_rd_priv(context, auth_context, &inbuf,
&outbuf, NULL);
if (retval) {
snprintf(buf, sizeof (buf),
gettext("while decoding database block starting at offset %d"),
received_size);
com_err(progname, retval, buf);
send_error(context, fd, retval, buf);
krb5_free_data_contents(context, &inbuf);
exit(1);
}
n = write(database_fd, outbuf.data, outbuf.length);
if (n < 0) {
snprintf(buf, sizeof (buf),
gettext(
"while writing database block starting at offset %d"),
received_size);
send_error(context, fd, errno, buf);
} else if (n != outbuf.length) {
snprintf(buf, sizeof (buf),
gettext(
"incomplete write while writing database block starting at\n"
"offset %d (%d written, %d expected)"),
received_size, n, outbuf.length);
send_error(context, fd, KRB5KRB_ERR_GENERIC, buf);
}
received_size += outbuf.length;
/* SUNWresync121: our krb5...contents sets length to 0 */
krb5_free_data_contents(context, &inbuf);
krb5_free_data_contents(context, &outbuf);
}
/*
* OK, we've seen the entire file. Did we get too many bytes?
*/
if (received_size > database_size) {
snprintf(buf, sizeof (buf),
gettext("Received %d bytes, expected %d bytes for database file"),
received_size, database_size);
send_error(context, fd, KRB5KRB_ERR_GENERIC, buf);
}
/*
* Create message acknowledging number of bytes received, but
* don't send it until kdb5_util returns successfully.
*/
database_size = htonl(database_size);
inbuf.data = (char *) &database_size;
inbuf.length = sizeof(database_size);
retval = krb5_mk_safe(context,auth_context,&inbuf,confmsg,NULL);
if (retval) {
com_err(progname, retval,
gettext("while encoding # of receieved bytes"));
send_error(context, fd, retval,
gettext("while encoding # of received bytes"));
exit(1);
}
}
void
send_error(context, fd, err_code, err_text)
krb5_context context;
int fd;
krb5_error_code err_code;
char *err_text;
{
krb5_error error;
const char *text;
krb5_data outbuf;
char buf[1024];
memset((char *)&error, 0, sizeof(error));
krb5_us_timeofday(context, &error.stime, &error.susec);
error.server = server;
error.client = client;
if (err_text)
text = err_text;
else
text = error_message(err_code);
error.error = err_code - ERROR_TABLE_BASE_krb5;
if (error.error > 127) {
error.error = KRB_ERR_GENERIC;
if (err_text) {
sprintf(buf, "%s %s", error_message(err_code),
err_text);
text = buf;
}
}
error.text.length = strlen(text) + 1;
error.text.data = malloc(error.text.length);
if (error.text.data) {
strcpy(error.text.data, text);
if (!krb5_mk_error(context, &error, &outbuf)) {
(void) krb5_write_message(context, (void *)&fd,&outbuf);
krb5_free_data_contents(context, &outbuf);
}
free(error.text.data);
}
}
void
recv_error(context, inbuf)
krb5_context context;
krb5_data *inbuf;
{
krb5_error *error;
krb5_error_code retval;
retval = krb5_rd_error(context, inbuf, &error);
if (retval) {
com_err(progname, retval,
gettext("while decoding error packet from client"));
exit(1);
}
if (error->error == KRB_ERR_GENERIC) {
if (error->text.data)
fprintf(stderr,
gettext("Generic remote error: %s\n"),
error->text.data);
} else if (error->error) {
com_err(progname, error->error + ERROR_TABLE_BASE_krb5,
gettext("signaled from server"));
if (error->text.data)
fprintf(stderr,
gettext("Error text from client: %s\n"),
error->text.data);
}
krb5_free_error(context, error);
exit(1);
}
void
load_database(context, kdb_util, database_file_name)
krb5_context context;
char *kdb_util;
char *database_file_name;
{
static char *edit_av[10];
int error_ret, save_stderr = -1;
int child_pid;
int count;
/* <sys/param.h> has been included, so BSD will be defined on
BSD systems */
#if BSD > 0 && BSD <= 43
#ifndef WEXITSTATUS
#define WEXITSTATUS(w) (w).w_retcode
#endif
union wait waitb;
#else
int waitb;
#endif
krb5_error_code retval;
kdb_log_context *log_ctx;
if (debug)
printf(gettext("calling kdb_util to load database\n"));
log_ctx = context->kdblog_context;
edit_av[0] = kdb_util;
count = 1;
if (realm) {
edit_av[count++] = "-r";
edit_av[count++] = realm;
}
edit_av[count++] = "load";
if (kerb_database) {
edit_av[count++] = "-d";
edit_av[count++] = kerb_database;
}
if (log_ctx && (log_ctx->iproprole == IPROP_SLAVE)) {
edit_av[count++] = "-i";
}
edit_av[count++] = database_file_name;
edit_av[count++] = NULL;
switch(child_pid = fork()) {
case -1:
com_err(progname, errno, gettext("while trying to fork %s"),
kdb_util);
exit(1);
/*NOTREACHED*/
case 0:
if (!debug) {
save_stderr = dup(2);
close(0);
close(1);
close(2);
open("/dev/null", O_RDWR);
dup(0);
dup(0);
}
execv(kdb_util, edit_av);
retval = errno;
if (!debug)
dup2(save_stderr, 2);
com_err(progname, retval, gettext("while trying to exec %s"),
kdb_util);
_exit(1);
/*NOTREACHED*/
default:
if (debug)
printf(gettext("Child PID is %d\n"), child_pid);
if (wait(&waitb) < 0) {
com_err(progname, errno, gettext("while waiting for %s"),
kdb_util);
exit(1);
}
}
error_ret = WEXITSTATUS(waitb);
if (error_ret) {
com_err(progname, 0,
gettext("%s returned a bad exit status (%d)"),
kdb_util, error_ret);
exit(1);
}
return;
}