xref: /freebsd/crypto/heimdal/kadmin/kadm_conn.c (revision aa0a1e58) 
1 /*
2  * Copyright (c) 2000 - 2004 Kungliga Tekniska H�gskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "kadmin_locl.h"
35 #ifdef HAVE_SYS_WAIT_H
36 #include <sys/wait.h>
37 #endif
38 
39 RCSID("$Id: kadm_conn.c 16007 2005-09-01 18:49:57Z lha $");
40 
41 struct kadm_port {
42     char *port;
43     unsigned short def_port;
44     struct kadm_port *next;
45 } *kadm_ports;
46 
47 static void
48 add_kadm_port(krb5_context context, const char *service, unsigned int port)
49 {
50     struct kadm_port *p;
51     p = malloc(sizeof(*p));
52     if(p == NULL) {
53 	krb5_warnx(context, "failed to allocate %lu bytes\n",
54 		   (unsigned long)sizeof(*p));
55 	return;
56     }
57 
58     p->port = strdup(service);
59     p->def_port = port;
60 
61     p->next = kadm_ports;
62     kadm_ports = p;
63 }
64 
65 static void
66 add_standard_ports (krb5_context context)
67 {
68     add_kadm_port(context, "kerberos-adm", 749);
69 }
70 
71 /*
72  * parse the set of space-delimited ports in `str' and add them.
73  * "+" => all the standard ones
74  * otherwise it's port|service[/protocol]
75  */
76 
77 void
78 parse_ports(krb5_context context, const char *str)
79 {
80     char p[128];
81 
82     while(strsep_copy(&str, " \t", p, sizeof(p)) != -1) {
83 	if(strcmp(p, "+") == 0)
84 	    add_standard_ports(context);
85 	else
86 	    add_kadm_port(context, p, 0);
87     }
88 }
89 
90 static pid_t pgrp;
91 sig_atomic_t term_flag, doing_useful_work;
92 
93 static RETSIGTYPE
94 sigchld(int sig)
95 {
96     int status;
97     waitpid(-1, &status, 0);
98     SIGRETURN(0);
99 }
100 
101 static RETSIGTYPE
102 terminate(int sig)
103 {
104     if(getpid() == pgrp) {
105 	/* parent */
106 	term_flag = 1;
107 	signal(sig, SIG_IGN);
108 	killpg(pgrp, sig);
109     } else {
110 	/* child */
111 	if(doing_useful_work)
112 	    term_flag = 1;
113 	else
114 	    exit(0);
115     }
116     SIGRETURN(0);
117 }
118 
119 static int
120 spawn_child(krb5_context context, int *socks, int num_socks, int this_sock)
121 {
122     int e, i;
123     struct sockaddr_storage __ss;
124     struct sockaddr *sa = (struct sockaddr *)&__ss;
125     socklen_t sa_size = sizeof(__ss);
126     int s;
127     pid_t pid;
128     krb5_address addr;
129     char buf[128];
130     size_t buf_len;
131 
132     s = accept(socks[this_sock], sa, &sa_size);
133     if(s < 0) {
134 	krb5_warn(context, errno, "accept");
135 	return 1;
136     }
137     e = krb5_sockaddr2address(context, sa, &addr);
138     if(e)
139 	krb5_warn(context, e, "krb5_sockaddr2address");
140     else {
141 	e = krb5_print_address (&addr, buf, sizeof(buf),
142 				&buf_len);
143 	if(e)
144 	    krb5_warn(context, e, "krb5_print_address");
145 	else
146 	    krb5_warnx(context, "connection from %s", buf);
147 	krb5_free_address(context, &addr);
148     }
149 
150     pid = fork();
151     if(pid == 0) {
152 	for(i = 0; i < num_socks; i++)
153 	    close(socks[i]);
154 	dup2(s, STDIN_FILENO);
155 	dup2(s, STDOUT_FILENO);
156 	if(s != STDIN_FILENO && s != STDOUT_FILENO)
157 	    close(s);
158 	return 0;
159     } else {
160 	close(s);
161     }
162     return 1;
163 }
164 
165 static int
166 wait_for_connection(krb5_context context,
167 		    int *socks, int num_socks)
168 {
169     int i, e;
170     fd_set orig_read_set, read_set;
171     int max_fd = -1;
172 
173     FD_ZERO(&orig_read_set);
174 
175     for(i = 0; i < num_socks; i++) {
176 	if (socks[i] >= FD_SETSIZE)
177 	    errx (1, "fd too large");
178 	FD_SET(socks[i], &orig_read_set);
179 	max_fd = max(max_fd, socks[i]);
180     }
181 
182     pgrp = getpid();
183 
184     if(setpgid(0, pgrp) < 0)
185 	err(1, "setpgid");
186 
187     signal(SIGTERM, terminate);
188     signal(SIGINT, terminate);
189     signal(SIGCHLD, sigchld);
190 
191     while (term_flag == 0) {
192 	read_set = orig_read_set;
193 	e = select(max_fd + 1, &read_set, NULL, NULL, NULL);
194 	if(e < 0) {
195 	    if(errno != EINTR)
196 		krb5_warn(context, errno, "select");
197 	} else if(e == 0)
198 	    krb5_warnx(context, "select returned 0");
199 	else {
200 	    for(i = 0; i < num_socks; i++) {
201 		if(FD_ISSET(socks[i], &read_set))
202 		    if(spawn_child(context, socks, num_socks, i) == 0)
203 			return 0;
204 	    }
205 	}
206     }
207     signal(SIGCHLD, SIG_IGN);
208     while(1) {
209 	int status;
210 	pid_t pid;
211 	pid = waitpid(-1, &status, 0);
212 	if(pid == -1 && errno == ECHILD)
213 	    break;
214     }
215     exit(0);
216 }
217 
218 
219 int
220 start_server(krb5_context context)
221 {
222     int e;
223     struct kadm_port *p;
224 
225     int *socks = NULL, *tmp;
226     int num_socks = 0;
227     int i;
228 
229     for(p = kadm_ports; p; p = p->next) {
230 	struct addrinfo hints, *ai, *ap;
231 	char portstr[32];
232 	memset (&hints, 0, sizeof(hints));
233 	hints.ai_flags    = AI_PASSIVE;
234 	hints.ai_socktype = SOCK_STREAM;
235 
236 	e = getaddrinfo(NULL, p->port, &hints, &ai);
237 	if(e) {
238 	    snprintf(portstr, sizeof(portstr), "%u", p->def_port);
239 	    e = getaddrinfo(NULL, portstr, &hints, &ai);
240 	}
241 
242 	if(e) {
243 	    krb5_warn(context, krb5_eai_to_heim_errno(e, errno),
244 		      "%s", portstr);
245 	    continue;
246 	}
247 	i = 0;
248 	for(ap = ai; ap; ap = ap->ai_next)
249 	    i++;
250 	tmp = realloc(socks, (num_socks + i) * sizeof(*socks));
251 	if(tmp == NULL) {
252 	    krb5_warnx(context, "failed to reallocate %lu bytes",
253 		       (unsigned long)(num_socks + i) * sizeof(*socks));
254 	    continue;
255 	}
256 	socks = tmp;
257 	for(ap = ai; ap; ap = ap->ai_next) {
258 	    int s = socket(ap->ai_family, ap->ai_socktype, ap->ai_protocol);
259 	    if(s < 0) {
260 		krb5_warn(context, errno, "socket");
261 		continue;
262 	    }
263 
264 	    socket_set_reuseaddr(s, 1);
265 	    socket_set_ipv6only(s, 1);
266 
267 	    if (bind (s, ap->ai_addr, ap->ai_addrlen) < 0) {
268 		krb5_warn(context, errno, "bind");
269 		close(s);
270 		continue;
271 	    }
272 	    if (listen (s, SOMAXCONN) < 0) {
273 		krb5_warn(context, errno, "listen");
274 		close(s);
275 		continue;
276 	    }
277 	    socks[num_socks++] = s;
278 	}
279 	freeaddrinfo (ai);
280     }
281     if(num_socks == 0)
282 	krb5_errx(context, 1, "no sockets to listen to - exiting");
283     return wait_for_connection(context, socks, num_socks);
284 }
285