diff options
Diffstat (limited to 'crypto/kerberosIV/slave/kpropd.c')
-rw-r--r-- | crypto/kerberosIV/slave/kpropd.c | 318 |
1 files changed, 0 insertions, 318 deletions
diff --git a/crypto/kerberosIV/slave/kpropd.c b/crypto/kerberosIV/slave/kpropd.c deleted file mode 100644 index db74509..0000000 --- a/crypto/kerberosIV/slave/kpropd.c +++ /dev/null @@ -1,318 +0,0 @@ -/* - * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "slav_locl.h" - -#include "kprop.h" - -RCSID("$Id: kpropd.c,v 2.32 1999/12/02 16:58:56 joda Exp $"); - -#ifndef SBINDIR -#define SBINDIR "/usr/athena/sbin" -#endif - -struct sockaddr_in master, slave; - -char *database = DBM_FILE; - -char *lockfile = DB_DIR "/slave_propagation"; - -char *logfile = K_LOGFIL; - -char *kdb_util = SBINDIR "/kdb_util"; - -char *kdb_util_command = "load"; - -char *srvtab = ""; - -char realm[REALM_SZ]; - -static -int -copy_data(int from, int to, des_cblock *session, des_key_schedule schedule) -{ - unsigned char tmp[4]; - char buf[KPROP_BUFSIZ + 26]; - u_int32_t length; - int n; - - int kerr; - MSG_DAT m; - - while(1){ - n = krb_net_read(from, tmp, 4); - if(n == 0) - break; - if(n < 0){ - klog(L_KRB_PERR, "krb_net_read: %s", strerror(errno)); - return -1; - } - if(n != 4){ - klog(L_KRB_PERR, "Premature end of data"); - return -1; - } - length = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3]; - if(length > sizeof(buf)){ - klog(L_KRB_PERR, "Giant packet received: %d", length); - return -1; - } - if(krb_net_read(from, buf, length) != length){ - klog(L_KRB_PERR, "Premature end of data"); - return -1; - } - kerr = krb_rd_priv (buf, length, schedule, session, - &master, &slave, &m); - if(kerr != KSUCCESS){ - klog(L_KRB_PERR, "Kerberos error: %s", krb_get_err_text(kerr)); - return -1; - } - write(to, m.app_data, m.app_length); - } - return 0; -} - - -static -int -kprop(int s) -{ - char buf[128]; - int n; - KTEXT_ST ticket; - AUTH_DAT ad; - char sinst[INST_SZ]; - des_key_schedule schedule; - int mode; - int kerr; - int lock; - - n = sizeof(master); - if(getpeername(s, (struct sockaddr*)&master, &n) < 0){ - klog(L_KRB_PERR, "getpeername: %s", strerror(errno)); - return 1; - } - - n = sizeof(slave); - if(getsockname(s, (struct sockaddr*)&slave, &n) < 0){ - klog(L_KRB_PERR, "getsockname: %s", strerror(errno)); - return 1; - } - - klog(L_KRB_PERR, "Connection from %s", inet_ntoa(master.sin_addr)); - - n = krb_net_read(s, buf, KPROP_PROT_VERSION_LEN + 2); - if(n < KPROP_PROT_VERSION_LEN + 2){ - klog(L_KRB_PERR, "Premature end of data"); - return 1; - } - if(memcmp(buf, KPROP_PROT_VERSION, KPROP_PROT_VERSION_LEN) != 0){ - klog(L_KRB_PERR, "Bad protocol version string received"); - return 1; - } - mode = (buf[n-2] << 8) | buf[n-1]; - if(mode != KPROP_TRANSFER_PRIVATE){ - klog(L_KRB_PERR, "Bad transfer mode received: %d", mode); - return 1; - } - k_getsockinst(s, sinst, sizeof(sinst)); - kerr = krb_recvauth(KOPT_DO_MUTUAL, s, &ticket, - KPROP_SERVICE_NAME, sinst, - &master, &slave, - &ad, srvtab, schedule, - buf); - if(kerr != KSUCCESS){ - klog(L_KRB_PERR, "Kerberos error: %s", krb_get_err_text(kerr)); - return 1; - } - - if(strcmp(ad.pname, KPROP_SERVICE_NAME) || -#if 0 - strcmp(ad.pinst, /* XXX remote host */) || -#else - strcmp(ad.pinst, KRB_MASTER) || -#endif - strcmp(ad.prealm, realm)){ - klog(L_KRB_PERR, "Connection from unauthorized client: %s", - krb_unparse_name_long(ad.pname, ad.pinst, ad.prealm)); - return 1; - } - - des_set_key(&ad.session, schedule); - - lock = open(lockfile, O_WRONLY|O_CREAT, 0600); - if(lock < 0){ - klog(L_KRB_PERR, "Failed to open file: %s", strerror(errno)); - return 1; - } - if(flock(lock, LOCK_EX | LOCK_NB)){ - close(lock); - klog(L_KRB_PERR, "Failed to lock file: %s", strerror(errno)); - return 1; - } - - if(ftruncate(lock, 0) < 0){ - close(lock); - klog(L_KRB_PERR, "Failed to lock file: %s", strerror(errno)); - return 1; - } - - if(copy_data(s, lock, &ad.session, schedule)){ - close(lock); - return 1; - } - close(lock); - - if(simple_execlp(kdb_util, "kdb_util", kdb_util_command, - lockfile, database, NULL) != 0) { - klog(L_KRB_PERR, "*** Propagation failed ***"); - return 1; - }else{ - klog(L_KRB_PERR, "Propagation finished successfully"); - return 0; - } -} - -static int -doit(void) -{ - return kprop(0); -} - -static int -doit_interactive(void) -{ - struct sockaddr_in sa; - int salen; - int s, s2; - int ret; - - s = socket(AF_INET, SOCK_STREAM, 0); - if(s < 0){ - klog(L_KRB_PERR, "socket: %s", strerror(errno)); - return 1; - } - memset(&sa, 0, sizeof(sa)); - sa.sin_family = AF_INET; - sa.sin_port = k_getportbyname ("krb_prop", "tcp", htons(KPROP_PORT)); - ret = bind(s, (struct sockaddr*)&sa, sizeof(sa)); - if (ret < 0) { - klog(L_KRB_PERR, "bind: %s", strerror(errno)); - return 1; - } - ret = listen(s, SOMAXCONN); - if (ret < 0) { - klog(L_KRB_PERR, "listen: %s", strerror(errno)); - return 1; - } - for(;;) { - salen = sizeof(sa); - s2 = accept(s, (struct sockaddr*)&sa, &salen); - switch(fork()){ - case -1: - klog(L_KRB_PERR, "fork: %s", strerror(errno)); - return 1; - case 0: - close(s); - kprop(s2); - return 1; - default: { - int status; - close(s2); - wait(&status); - } - } - } -} - -static void -usage (void) -{ - fprintf (stderr, - "Usage: kpropd [-i] [-d database] [-l log] [-m] [-[p|P] program]" - " [-r realm] [-s srvtab]\n"); - exit (1); -} - -int -main(int argc, char **argv) -{ - int opt; - int interactive = 0; - - krb_get_lrealm(realm, 1); - - while((opt = getopt(argc, argv, ":d:l:mp:P:r:s:i")) >= 0){ - switch(opt){ - case 'd': - database = optarg; - break; - case 'l': - logfile = optarg; - break; - case 'm': - kdb_util_command = "merge"; - break; - case 'p': - case 'P': - kdb_util = optarg; - break; - case 'r': - strlcpy(realm, optarg, REALM_SZ); - break; - case 's': - srvtab = optarg; - break; - case 'i': - interactive = 1; - break; - default: - klog(L_KRB_PERR, "Bad option: -%c", optopt); - usage (); - exit(1); - } - } - if (!interactive) { - /* Use logfile as stderr so we don't lose error messages. */ - int fd = open(logfile, O_CREAT | O_WRONLY | O_APPEND, 0600); - if (fd == -1) - klog(L_KRB_PERR, "Can't open logfile %s: %s", logfile,strerror(errno)); - else - dup2(fd, 2); - close(fd); - } - kset_logfile(logfile); - if (interactive) - return doit_interactive (); - else - return doit (); -} |