diff options
Diffstat (limited to 'crypto/heimdal/appl/kf/kfd.c')
-rw-r--r-- | crypto/heimdal/appl/kf/kfd.c | 189 |
1 files changed, 85 insertions, 104 deletions
diff --git a/crypto/heimdal/appl/kf/kfd.c b/crypto/heimdal/appl/kf/kfd.c index 6dc2666..7f6ea28 100644 --- a/crypto/heimdal/appl/kf/kfd.c +++ b/crypto/heimdal/appl/kf/kfd.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "kf_locl.h" -RCSID("$Id: kfd.c,v 1.9 2001/02/20 01:44:44 assar Exp $"); +RCSID("$Id: kfd.c,v 1.10 2002/09/04 20:31:48 joda Exp $"); krb5_context context; char krb5_tkfile[MAXPATHLEN]; @@ -40,7 +40,7 @@ char krb5_tkfile[MAXPATHLEN]; static int help_flag; static int version_flag; static char *port_str; -char *service = SERVICE; +char *service = KF_SERVICE; int do_inetd = 0; static char *regpag_str=NULL; @@ -92,7 +92,7 @@ server_setup(krb5_context *context, int argc, char **argv) } if (port == 0) - port = krb5_getportbyname (*context, PORT, "tcp", PORT_NUM); + port = krb5_getportbyname (*context, KF_PORT_NAME, "tcp", KF_PORT_NUM); if(argv[local_argc] != NULL) usage(1, args, num_args); @@ -100,26 +100,23 @@ server_setup(krb5_context *context, int argc, char **argv) return port; } -static void -syslog_and_die (const char *m, ...) -{ - va_list args; +static int protocol_version; - va_start(args, m); - vsyslog (LOG_ERR, m, args); - va_end(args); - exit (1); -} - -static void -syslog_and_cont (const char *m, ...) +static krb5_boolean +kfd_match_version(const void *arg, const char *version) { - va_list args; - - va_start(args, m); - vsyslog (LOG_ERR, m, args); - va_end(args); - return; + if(strcmp(version, KF_VERSION_1) == 0) { + protocol_version = 1; + return TRUE; + } else if (strlen(version) == 4 && + version[0] == '0' && + version[1] == '.' && + (version[2] == '4' || version[2] == '3') && + islower(version[3])) { + protocol_version = 0; + return TRUE; + } + return FALSE; } static int @@ -132,31 +129,25 @@ proto (int sock, const char *service) char *name; char ret_string[10]; char hostname[MAXHOSTNAMELEN]; - krb5_data packet; krb5_data data; krb5_data remotename; krb5_data tk_file; - - u_int32_t len, net_len; krb5_ccache ccache; char ccname[MAXPATHLEN]; struct passwd *pwd; - ssize_t n; status = krb5_auth_con_init (context, &auth_context); if (status) - syslog_and_die("krb5_auth_con_init: %s", - krb5_get_err_text(context, status)); + krb5_err(context, 1, status, "krb5_auth_con_init"); status = krb5_auth_con_setaddrs_from_fd (context, auth_context, &sock); if (status) - syslog_and_die("krb5_auth_con_setaddr: %s", - krb5_get_err_text(context, status)); + krb5_err(context, 1, status, "krb5_auth_con_setaddr"); if(gethostname (hostname, sizeof(hostname)) < 0) - syslog_and_die("gethostname: %s",strerror(errno)); + krb5_err(context, 1, errno, "gethostname"); status = krb5_sname_to_principal (context, hostname, @@ -164,88 +155,80 @@ proto (int sock, const char *service) KRB5_NT_SRV_HST, &server); if (status) - syslog_and_die("krb5_sname_to_principal: %s", - krb5_get_err_text(context, status)); - - status = krb5_recvauth (context, - &auth_context, - &sock, - VERSION, - server, - 0, - NULL, - &ticket); + krb5_err(context, 1, status, "krb5_sname_to_principal"); + + status = krb5_recvauth_match_version (context, + &auth_context, + &sock, + kfd_match_version, + NULL, + server, + 0, + NULL, + &ticket); if (status) - syslog_and_die("krb5_recvauth: %s", - krb5_get_err_text(context, status)); + krb5_err(context, 1, status, "krb5_recvauth"); status = krb5_unparse_name (context, ticket->client, &name); if (status) - syslog_and_die("krb5_unparse_name: %s", - krb5_get_err_text(context, status)); - - status=krb5_read_message (context, &sock, &remotename); - if (status) { - syslog_and_die("krb5_read_message: %s", - krb5_get_err_text(context, status)); - } - status=krb5_read_message (context, &sock, &tk_file); - if (status) { - syslog_and_die("krb5_read_message: %s", - krb5_get_err_text(context, status)); + krb5_err(context, 1, status, "krb5_unparse_name"); + + if(protocol_version == 0) { + data.data = "old clnt"; /* XXX old clients only had room for + 10 bytes of message, and also + didn't show it to the user */ + data.length = strlen(data.data) + 1; + krb5_write_message(context, &sock, &data); + sleep(2); /* XXX give client time to finish */ + krb5_errx(context, 1, "old client; exiting"); } + status=krb5_read_priv_message (context, auth_context, + &sock, &remotename); + if (status) + krb5_err(context, 1, status, "krb5_read_message"); + status=krb5_read_priv_message (context, auth_context, + &sock, &tk_file); + if (status) + krb5_err(context, 1, status, "krb5_read_message"); + krb5_data_zero (&data); - krb5_data_zero (&packet); - - n = krb5_net_read (context, &sock, &net_len, 4); - if (n < 0) - syslog_and_die("krb5_net_read: %s", strerror(errno)); - if (n == 0) - syslog_and_die("EOF in krb5_net_read"); - - len = ntohl(net_len); - krb5_data_alloc (&packet, len); - n = krb5_net_read (context, &sock, packet.data, len); - if (n < 0) - syslog_and_die("krb5_net_read: %s", strerror(errno)); - if (n == 0) - syslog_and_die("EOF in krb5_net_read"); - - status = krb5_rd_priv (context, - auth_context, - &packet, - &data, - NULL); + + if(((char*)remotename.data)[remotename.length-1] != '\0') + krb5_errx(context, 1, "unterminated received"); + if(((char*)tk_file.data)[tk_file.length-1] != '\0') + krb5_errx(context, 1, "unterminated received"); + + status = krb5_read_priv_message(context, auth_context, &sock, &data); + if (status) { - syslog_and_cont("krb5_rd_priv: %s", - krb5_get_err_text(context, status)); + krb5_err(context, 1, errno, "krb5_read_priv_message"); goto out; } pwd = getpwnam ((char *)(remotename.data)); if (pwd == NULL) { status=1; - syslog_and_cont("getpwnam: %s failed",(char *)(remotename.data)); + krb5_warnx(context, "getpwnam: %s failed",(char *)(remotename.data)); goto out; } if(!krb5_kuserok (context, - ticket->client, - (char *)(remotename.data))) { + ticket->client, + (char *)(remotename.data))) { status=1; - syslog_and_cont("krb5_kuserok: permission denied"); + krb5_warnx(context, "krb5_kuserok: permission denied"); goto out; } if (setgid(pwd->pw_gid) < 0) { - syslog_and_cont ("setgid: %s", strerror(errno)); + krb5_warn(context, errno, "setgid"); goto out; } if (setuid(pwd->pw_uid) < 0) { - syslog_and_cont ("setuid: %s", strerror(errno)); + krb5_warn(context, errno, "setuid"); goto out; } @@ -256,49 +239,41 @@ proto (int sock, const char *service) status = krb5_cc_resolve (context, ccname, &ccache); if (status) { - syslog_and_cont("krb5_cc_resolve: %s", - krb5_get_err_text(context, status)); + krb5_warn(context, status, "krb5_cc_resolve"); goto out; } status = krb5_cc_initialize (context, ccache, ticket->client); if (status) { - syslog_and_cont("krb5_cc_initialize: %s", - krb5_get_err_text(context, status)); + krb5_warn(context, status, "krb5_cc_initialize"); goto out; } status = krb5_rd_cred2 (context, auth_context, ccache, &data); krb5_cc_close (context, ccache); if (status) { - syslog_and_cont("krb5_rd_cred: %s", - krb5_get_err_text(context, status)); + krb5_warn(context, status, "krb5_rd_cred"); goto out; } strlcpy(krb5_tkfile,ccname,sizeof(krb5_tkfile)); - syslog_and_cont("%s forwarded ticket to %s,%s", - name, - (char *)(remotename.data),ccname); -out: + krb5_warnx(context, "%s forwarded ticket to %s,%s", + name, + (char *)(remotename.data),ccname); + out: if (status) { strcpy(ret_string, "no"); - syslog_and_cont("failed"); + krb5_warnx(context, "failed"); } else { strcpy(ret_string, "ok"); } krb5_data_free (&tk_file); krb5_data_free (&remotename); - krb5_data_free (&packet); krb5_data_free (&data); free(name); - len = strlen(ret_string) + 1; - net_len = htonl(len); - if (krb5_net_write (context, &sock, &net_len, 4) != 4) - return 1; - if (krb5_net_write (context, &sock, ret_string, len) != len) - return 1; - return status; + data.data = ret_string; + data.length = strlen(ret_string) + 1; + return krb5_write_priv_message(context, auth_context, &sock, &data); } static int @@ -314,10 +289,16 @@ main(int argc, char **argv) { int port; int ret; + krb5_log_facility *fac; setprogname (argv[0]); roken_openlog (argv[0], LOG_ODELAY | LOG_PID,LOG_AUTH); port = server_setup(&context, argc, argv); + ret = krb5_openlog(context, "kfd", &fac); + if(ret) krb5_err(context, 1, ret, "krb5_openlog"); + ret = krb5_set_warn_dest(context, fac); + if(ret) krb5_err(context, 1, ret, "krb5_set_warn_dest"); + ret = doit (port, service); closelog(); if (ret == 0 && regpag_str != NULL) |