This commit was generated by cvs2svn to compensate for changes in r72445,

which included commits to RCS files with non-trunk default branches.

1 files changed, 164 insertions, 44 deletions

diff --git a/crypto/heimdal/lib/kadm5/ipropd_slave.c b/crypto/heimdal/lib/kadm5/ipropd_slave.c
index 76884eb..8d8bf25 100644
--- a/crypto/heimdal/lib/kadm5/ipropd_slave.c
+++ b/crypto/heimdal/lib/kadm5/ipropd_slave.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,9 @@
 
 #include "iprop.h"
 
-RCSID("$Id: ipropd_slave.c,v 1.10 1999/12/02 17:05:06 joda Exp $");
+RCSID("$Id: ipropd_slave.c,v 1.21 2000/08/06 02:06:19 assar Exp $");
+
+static krb5_log_facility *log_facility;
 
 static int
 connect_to_master (krb5_context context, const char *master)
@@ -47,7 +49,8 @@ connect_to_master (krb5_context context, const char *master)
 	krb5_err (context, 1, errno, "socket AF_INET");
     memset (&addr, 0, sizeof(addr));
     addr.sin_family = AF_INET;
-    addr.sin_port   = htons(4711);
+    addr.sin_port   = krb5_getportbyname (context,
+					  IPROP_SERVICE, "tcp", IPROP_PORT);
     he = roken_gethostbyname (master);
     if (he == NULL)
 	krb5_errx (context, 1, "gethostbyname: %s", hstrerror(h_errno));
@@ -58,31 +61,37 @@ connect_to_master (krb5_context context, const char *master)
 }
 
 static void
-get_creds(krb5_context context, krb5_ccache *cache, const char *host)
+get_creds(krb5_context context, const char *keytab_str,
+	  krb5_ccache *cache, const char *host)
 {
     krb5_keytab keytab;
     krb5_principal client;
     krb5_error_code ret;
     krb5_get_init_creds_opt init_opts;
-#if 0
-    krb5_preauthtype preauth = KRB5_PADATA_ENC_TIMESTAMP;
-#endif
     krb5_creds creds;
-    char my_hostname[128];
     char *server;
+    char keytab_buf[256];
     
-    ret = krb5_kt_default(context, &keytab);
-    if(ret) krb5_err(context, 1, ret, "krb5_kt_default");
+    ret = krb5_kt_register(context, &hdb_kt_ops);
+    if(ret)
+	krb5_err(context, 1, ret, "krb5_kt_register");
 
-    gethostname (my_hostname, sizeof(my_hostname));
-    ret = krb5_sname_to_principal (context, my_hostname, IPROP_NAME,
+    if (keytab_str == NULL) {
+	ret = krb5_kt_default_name (context, keytab_buf, sizeof(keytab_buf));
+	if (ret)
+	    krb5_err (context, 1, ret, "krb5_kt_default_name");
+	keytab_str = keytab_buf;
+    }
+
+    ret = krb5_kt_resolve(context, keytab_str, &keytab);
+    if(ret)
+	krb5_err(context, 1, ret, "%s", keytab_str);
+    
+    ret = krb5_sname_to_principal (context, NULL, IPROP_NAME,
 				   KRB5_NT_SRV_HST, &client);
     if (ret) krb5_err(context, 1, ret, "krb5_sname_to_principal");
 
     krb5_get_init_creds_opt_init(&init_opts);
-#if 0
-    krb5_get_init_creds_opt_set_preauth_list(&init_opts, &preauth, 1);
-#endif
 
     asprintf (&server, "%s/%s", IPROP_NAME, host);
     if (server == NULL)
@@ -134,21 +143,15 @@ ihave (krb5_context context, krb5_auth_context auth_context,
 }
 
 static void
-receive (krb5_context context,
-	 krb5_storage *sp,
-	 kadm5_server_context *server_context)
+receive_loop (krb5_context context,
+	      krb5_storage *sp,
+	      kadm5_server_context *server_context)
 {
     int ret;
     off_t left, right;
     void *buf;
     int32_t vers;
 
-    ret = server_context->db->open(context,
-				   server_context->db,
-				   O_RDWR | O_CREAT, 0);
-    if (ret)
-	krb5_err (context, 1, ret, "db->open");
-
     do {
 	int32_t len, timestamp, tmp;
 	enum kadm_ops op;
@@ -166,7 +169,7 @@ receive (krb5_context context,
     left  = sp->seek (sp, -16, SEEK_CUR);
     right = sp->seek (sp, 0, SEEK_END);
     buf = malloc (right - left);
-    if (buf == NULL) {
+    if (buf == NULL && (right - left) != 0) {
 	krb5_warnx (context, "malloc: no memory");
 	return;
     }
@@ -197,21 +200,120 @@ receive (krb5_context context,
 	    server_context->log_context.version = vers;
 	sp->seek (sp, 8, SEEK_CUR);
     }
+}
+
+static void
+receive (krb5_context context,
+	 krb5_storage *sp,
+	 kadm5_server_context *server_context)
+{
+    int ret;
+
+    ret = server_context->db->open(context,
+				   server_context->db,
+				   O_RDWR | O_CREAT, 0600);
+    if (ret)
+	krb5_err (context, 1, ret, "db->open");
+
+    receive_loop (context, sp, server_context);
+
+    ret = server_context->db->close (context, server_context->db);
+    if (ret)
+	krb5_err (context, 1, ret, "db->close");
+}
+
+static void
+receive_everything (krb5_context context, int fd,
+		    kadm5_server_context *server_context,
+		    krb5_auth_context auth_context)
+{
+    int ret;
+    krb5_data data;
+    int32_t vno;
+    int32_t opcode;
+
+    ret = server_context->db->open(context,
+				   server_context->db,
+				   O_RDWR | O_CREAT | O_TRUNC, 0600);
+    if (ret)
+	krb5_err (context, 1, ret, "db->open");
+
+    do {
+	krb5_storage *sp;
+
+	ret = krb5_read_priv_message(context, auth_context, &fd, &data);
+
+	if (ret)
+	    krb5_err (context, 1, ret, "krb5_read_priv_message");
+
+	sp = krb5_storage_from_data (&data);
+	krb5_ret_int32 (sp, &opcode);
+	if (opcode == ONE_PRINC) {
+	    krb5_data fake_data;
+	    hdb_entry entry;
+
+	    fake_data.data   = (char *)data.data + 4;
+	    fake_data.length = data.length - 4;
+
+	    ret = hdb_value2entry (context, &fake_data, &entry);
+	    if (ret)
+		krb5_err (context, 1, ret, "hdb_value2entry");
+	    ret = server_context->db->store(server_context->context,
+					    server_context->db,
+					    0, &entry);
+	    if (ret)
+		krb5_err (context, 1, ret, "hdb_store");
+
+	    hdb_free_entry (context, &entry);
+	    krb5_data_free (&data);
+	}
+    } while (opcode == ONE_PRINC);
+
+    if (opcode != NOW_YOU_HAVE)
+	krb5_errx (context, 1, "receive_everything: strange %d", opcode);
+
+    _krb5_get_int ((char *)data.data + 4, &vno, 4);
+
+    ret = kadm5_log_reinit (server_context);
+    if (ret)
+	krb5_err(context, 1, ret, "kadm5_log_reinit");
+
+    ret = kadm5_log_set_version (server_context, vno - 1);
+    if (ret)
+	krb5_err (context, 1, ret, "kadm5_log_set_version");
+
+    ret = kadm5_log_nop (server_context);
+    if (ret)
+	krb5_err (context, 1, ret, "kadm5_log_nop");
+
+    krb5_data_free (&data);
 
     ret = server_context->db->close (context, server_context->db);
     if (ret)
 	krb5_err (context, 1, ret, "db->close");
 }
 
-char *realm;
-int version_flag;
-int help_flag;
-struct getargs args[] = {
+static char *realm;
+static int version_flag;
+static int help_flag;
+static char *keytab_str;
+
+static struct getargs args[] = {
     { "realm", 'r', arg_string, &realm },
+    { "keytab", 'k', arg_string, &keytab_str,
+      "keytab to get authentication from", "kspec" },
     { "version", 0, arg_flag, &version_flag },
     { "help", 0, arg_flag, &help_flag }
 };
-int num_args = sizeof(args) / sizeof(args[0]);
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage (int code, struct getargs *args, int num_args)
+{
+    arg_printusage (args, num_args, NULL, "master");
+    exit (code);
+}
 
 int
 main(int argc, char **argv)
@@ -227,16 +329,32 @@ main(int argc, char **argv)
     krb5_principal server;
 
     int optind;
+    const char *master;
     
-    optind = krb5_program_setup(&context, argc, argv, args, num_args, NULL);
+    optind = krb5_program_setup(&context, argc, argv, args, num_args, usage);
     
     if(help_flag)
-	krb5_std_usage(0, args, num_args);
+	usage (0, args, num_args);
     if(version_flag) {
 	print_version(NULL);
 	exit(0);
     }
 
+    argc -= optind;
+    argv += optind;
+
+    if (argc != 1)
+	usage (1, args, num_args);
+
+    master = argv[0];
+
+    krb5_openlog (context, "ipropd-master", &log_facility);
+    krb5_set_warn_dest(context, log_facility);
+
+    ret = krb5_kt_register(context, &hdb_kt_ops);
+    if(ret)
+	krb5_err(context, 1, ret, "krb5_kt_register");
+
     memset(&conf, 0, sizeof(conf));
     if(realm) {
 	conf.mask |= KADM5_CONFIG_REALM;
@@ -257,11 +375,11 @@ main(int argc, char **argv)
     if (ret)
 	krb5_err (context, 1, ret, "kadm5_log_init");
 
-    get_creds(context, &ccache, argv[1]);
+    get_creds(context, keytab_str, &ccache, master);
 
-    master_fd = connect_to_master (context, argv[1]);
+    master_fd = connect_to_master (context, master);
 
-    ret = krb5_sname_to_principal (context, argv[1], IPROP_NAME,
+    ret = krb5_sname_to_principal (context, master, IPROP_NAME,
 				   KRB5_NT_SRV_HST, &server);
     if (ret)
 	krb5_err (context, 1, ret, "krb5_sname_to_principal");
@@ -279,18 +397,14 @@ main(int argc, char **argv)
 
     for (;;) {
 	int ret;
-	krb5_data data, out;
+	krb5_data out;
 	krb5_storage *sp;
 	int32_t tmp;
 
-	ret = krb5_read_message (context, &master_fd, &data);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_read_message");
+	ret = krb5_read_priv_message(context, auth_context, &master_fd, &out);
 
-	ret = krb5_rd_priv (context, auth_context,  &data, &out, NULL);
-	krb5_data_free (&data);
 	if (ret)
-	    krb5_err (context, 1, ret, "krb5_rd_priv");
+	    krb5_err (context, 1, ret, "krb5_read_priv_message");
 
 	sp = krb5_storage_from_mem (out.data, out.length);
 	krb5_ret_int32 (sp, &tmp);
@@ -300,7 +414,13 @@ main(int argc, char **argv)
 	    ihave (context, auth_context, master_fd,
 		   server_context->log_context.version);
 	    break;
+	case TELL_YOU_EVERYTHING :
+	    receive_everything (context, master_fd, server_context,
+				auth_context);
+	    break;
+	case NOW_YOU_HAVE :
 	case I_HAVE :
+	case ONE_PRINC :
 	default :
 	    krb5_warnx (context, "Ignoring command %d", tmp);
 	    break;
@@ -308,6 +428,6 @@ main(int argc, char **argv)
 	krb5_storage_free (sp);
 	krb5_data_free (&out);
     }
-
+    
     return 0;
-}
+    }