/* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ /* * Top-level loop of the kerberos Administration server */ /* admin_server.c this holds the main loop and initialization and cleanup code for the server */ #include "kadm_locl.h" RCSID("$Id: admin_server.c,v 1.49.2.2 2000/10/18 20:24:57 assar Exp $"); /* Almost all procs and such need this, so it is global */ admin_params prm; /* The command line parameters struct */ /* GLOBAL */ char *acldir = DEFAULT_ACL_DIR; static char krbrlm[REALM_SZ]; #define MAXCHILDREN 100 struct child { pid_t pid; int pipe_fd; int authenticated; }; static unsigned nchildren = 0; static struct child children[MAXCHILDREN]; static int exit_now = 0; static RETSIGTYPE doexit(int sig) { exit_now = 1; SIGRETURN(0); } static sig_atomic_t do_wait; static RETSIGTYPE do_child(int sig) { do_wait = 1; SIGRETURN(0); } static void kill_children(void) { int i; for (i = 0; i < nchildren; i++) { kill(children[i].pid, SIGINT); close (children[i].pipe_fd); krb_log("killing child %d", children[i].pid); } } /* close the system log file */ static void close_syslog(void) { krb_log("Shutting down admin server"); } static void byebye(void) /* say goodnight gracie */ { printf("Admin Server (kadm server) has completed operation.\n"); } static void clear_secrets(void) { memset(server_parm.master_key, 0, sizeof(server_parm.master_key)); memset(server_parm.master_key_schedule, 0, sizeof(server_parm.master_key_schedule)); server_parm.master_key_version = 0L; } static void cleanexit(int val) { kerb_fini(); clear_secrets(); exit(val); } static RETSIGTYPE sigalrm(int sig) { cleanexit(1); } /* * handle the client on the socket `fd' from `who' * `signal_fd' is a pipe on which to signal when the user has been * authenticated */ static void process_client(int fd, struct sockaddr_in *who, int signal_fd) { u_char *dat; int dat_len; u_short dlen; int retval; Principal service; des_cblock skey; int more; int status; int authenticated = 0; /* make this connection time-out after 1 second if the user has not managed one transaction succesfully in kadm_ser_in */ signal(SIGALRM, sigalrm); alarm(2); #if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT) { int on = 1; if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, sizeof(on)) < 0) krb_log("setsockopt keepalive: %d",errno); } #endif server_parm.recv_addr = *who; if (kerb_init()) { /* Open as client */ krb_log("can't open krb db"); cleanexit(1); } /* need to set service key to changepw.KRB_MASTER */ status = kerb_get_principal(server_parm.sname, server_parm.sinst, &service, 1, &more); if (status == -1) { /* db locked */ char *pdat; dat_len = KADM_VERSIZE + 4; dat = (u_char *) malloc(dat_len); if (dat == NULL) { krb_log("malloc failed"); cleanexit(4); } pdat = (char *) dat; memcpy(pdat, KADM_ULOSE, KADM_VERSIZE); krb_put_int (KADM_DB_INUSE, pdat + KADM_VERSIZE, 4, 4); goto out; } else if (!status) { krb_log("no service %s.%s",server_parm.sname, server_parm.sinst); cleanexit(2); } copy_to_key(&service.key_low, &service.key_high, skey); memset(&service, 0, sizeof(service)); kdb_encrypt_key (&skey, &skey, &server_parm.master_key, server_parm.master_key_schedule, DES_DECRYPT); krb_set_key(skey, 0); /* if error, will show up when rd_req fails */ memset(skey, 0, sizeof(skey)); while (1) { void *errpkt; errpkt = malloc(KADM_VERSIZE + 4); if (errpkt == NULL) { krb_log("malloc: no memory"); close(fd); cleanexit(4); } if ((retval = krb_net_read(fd, &dlen, sizeof(u_short))) != sizeof(u_short)) { if (retval < 0) krb_log("dlen read: %s",error_message(errno)); else if (retval) krb_log("short dlen read: %d",retval); close(fd); cleanexit(retval ? 3 : 0); } if (exit_now) { cleanexit(0); } dat_len = ntohs(dlen); dat = (u_char *) malloc(dat_len); if (dat == NULL) { krb_log("malloc: No memory"); close(fd); cleanexit(4); } if ((retval = krb_net_read(fd, dat, dat_len)) != dat_len) { if (retval < 0) krb_log("data read: %s",error_message(errno)); else krb_log("short read: %d vs. %d", dat_len, retval); close(fd); cleanexit(5); } if (exit_now) { cleanexit(0); } retval = kadm_ser_in(&dat, &dat_len, errpkt); if (retval == KADM_SUCCESS) { if (!authenticated) { unsigned char one = 1; authenticated = 1; alarm (0); write (signal_fd, &one, 1); } } else { krb_log("processing request: %s", error_message(retval)); } /* kadm_ser_in did the processing and returned stuff in dat & dat_len , return the appropriate data */ out: dlen = htons(dat_len); if (krb_net_write(fd, &dlen, sizeof(u_short)) < 0) { krb_log("writing dlen to client: %s",error_message(errno)); close(fd); cleanexit(6); } if (krb_net_write(fd, dat, dat_len) < 0) { krb_log("writing to client: %s", error_message(errno)); close(fd); cleanexit(7); } free(dat); } /*NOTREACHED*/ } static void accept_client (int admin_fd) { int pipe_fd[2]; int addrlen; struct sockaddr_in peer; pid_t pid; int peer_fd; /* using up the maximum number of children, try to get rid of one unauthenticated one */ if (nchildren >= MAXCHILDREN) { int i, nunauth = 0; int victim; for (;;) { for (i = 0; i < nchildren; ++i) if (children[i].authenticated == 0) ++nunauth; if (nunauth == 0) return; victim = rand() % nchildren; if (children[victim].authenticated == 0) { kill(children[victim].pid, SIGINT); close(children[victim].pipe_fd); for (i = victim; i < nchildren; ++i) children[i] = children[i + 1]; --nchildren; break; } } } /* accept the conn */ addrlen = sizeof(peer); peer_fd = accept(admin_fd, (struct sockaddr *)&peer, &addrlen); if (peer_fd < 0) { krb_log("accept: %s",error_message(errno)); return; } if (pipe (pipe_fd) < 0) { krb_log ("pipe: %s", error_message(errno)); return; } if (pipe_fd[0] >= FD_SETSIZE || pipe_fd[1] >= FD_SETSIZE) { krb_log ("pipe fds too large"); close (pipe_fd[0]); close (pipe_fd[1]); return; } pid = fork (); if (pid < 0) { krb_log ("fork: %s", error_message(errno)); close (pipe_fd[0]); close (pipe_fd[1]); return; } if (pid != 0) { /* parent */ /* fork succeded: keep tabs on child */ close(peer_fd); children[nchildren].pid = pid; children[nchildren].pipe_fd = pipe_fd[0]; children[nchildren].authenticated = 0; ++nchildren; close (pipe_fd[1]); } else { int i; /* child */ close(admin_fd); close(pipe_fd[0]); for (i = 0; i < nchildren; ++i) close (children[i].pipe_fd); /* * If we are multihomed we need to figure out which * local address that is used this time since it is * used in "direction" comparison. */ getsockname(peer_fd, (struct sockaddr *)&server_parm.admin_addr, &addrlen); /* do stuff */ process_client (peer_fd, &peer, pipe_fd[1]); } } /* * handle data signaled from child `child' kadmind */ static void handle_child_signal (int child) { int ret; unsigned char data[1]; ret = read (children[child].pipe_fd, data, 1); if (ret < 0) { if (errno != EINTR) krb_log ("read from child %d: %s", child, error_message(errno)); return; } if (ret == 0) { close (children[child].pipe_fd); children[child].pipe_fd = -1; return; } if (data) children[child].authenticated = 1; } /* * handle dead children */ static void handle_sigchld (void) { pid_t pid; int status; int i, j; for (;;) { int found = 0; pid = waitpid(-1, &status, WNOHANG|WUNTRACED); if (pid == 0 || (pid < 0 && errno == ECHILD)) break; if (pid < 0) { krb_log("waitpid: %s", error_message(errno)); break; } for (i = 0; i < nchildren; i++) if (children[i].pid == pid) { /* found it */ close(children[i].pipe_fd); for (j = i; j < nchildren; j++) /* copy others down */ children[j] = children[j+1]; --nchildren; #if 0 if ((WIFEXITED(status) && WEXITSTATUS(status) != 0) || WIFSIGNALED(status)) krb_log("child %d: termsig %d, retcode %d", pid, WTERMSIG(status), WEXITSTATUS(status)); #endif found = 1; } #if 0 if (!found) krb_log("child %d not in list: termsig %d, retcode %d", pid, WTERMSIG(status), WEXITSTATUS(status)); #endif } do_wait = 0; } /* kadm_listen listen on the admin servers port for a request */ static int kadm_listen(void) { int found; int admin_fd; fd_set readfds; signal(SIGINT, doexit); signal(SIGTERM, doexit); signal(SIGHUP, doexit); signal(SIGQUIT, doexit); signal(SIGPIPE, SIG_IGN); /* get errors on write() */ signal(SIGALRM, doexit); signal(SIGCHLD, do_child); if (setsid() < 0) krb_log("setsid() failed"); if ((admin_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) return KADM_NO_SOCK; if (admin_fd >= FD_SETSIZE) { krb_log("admin_fd too big"); return KADM_NO_BIND; } #if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT) { int one = 1; setsockopt(admin_fd, SOL_SOCKET, SO_REUSEADDR, (void *)&one, sizeof(one)); } #endif if (bind(admin_fd, (struct sockaddr *)&server_parm.admin_addr, sizeof(struct sockaddr_in)) < 0) return KADM_NO_BIND; if (listen(admin_fd, SOMAXCONN) < 0) return KADM_NO_BIND; for (;;) { /* loop nearly forever */ int i; int maxfd = -1; if (exit_now) { clear_secrets(); kill_children(); return(0); } if (do_wait) handle_sigchld (); FD_ZERO(&readfds); FD_SET(admin_fd, &readfds); maxfd = max(maxfd, admin_fd); for (i = 0; i < nchildren; ++i) if (children[i].pipe_fd >= 0) { FD_SET(children[i].pipe_fd, &readfds); maxfd = max(maxfd, children[i].pipe_fd); } found = select(maxfd + 1, &readfds, NULL, NULL, NULL); if (found < 0) { if (errno != EINTR) krb_log("select: %s",error_message(errno)); continue; } if (FD_ISSET(admin_fd, &readfds)) accept_client (admin_fd); for (i = 0; i < nchildren; ++i) if (children[i].pipe_fd >= 0 && FD_ISSET(children[i].pipe_fd, &readfds)) { handle_child_signal (i); } } /*NOTREACHED*/ } /* ** Main does the logical thing, it sets up the database and RPC interface, ** as well as handling the creation and maintenance of the syslog file... */ int main(int argc, char **argv) /* admin_server main routine */ { int errval; int c; struct in_addr i_addr; set_progname (argv[0]); umask(077); /* Create protected files */ i_addr.s_addr = INADDR_ANY; /* initialize the admin_params structure */ prm.sysfile = KADM_SYSLOG; /* default file name */ prm.inter = 0; memset(krbrlm, 0, sizeof(krbrlm)); while ((c = getopt(argc, argv, "f:hmnd:a:r:i:")) != -1) switch(c) { case 'f': /* Syslog file name change */ prm.sysfile = optarg; break; case 'n': prm.inter = 0; break; case 'm': prm.inter = 1; break; case 'a': /* new acl directory */ acldir = optarg; break; case 'd': /* put code to deal with alt database place */ if ((errval = kerb_db_set_name(optarg))) errx (1, "opening database %s: %s", optarg, error_message(errval)); break; case 'r': strlcpy (krbrlm, optarg, sizeof(krbrlm)); break; case 'i': /* Only listen on this address */ if(inet_aton (optarg, &i_addr) == 0) { fprintf (stderr, "Bad address: %s\n", optarg); exit (1); } break; case 'h': /* get help on using admin_server */ default: errx(1, "Usage: kadmind [-h] [-n] [-m] [-r realm] [-d dbname] [-f filename] [-a acldir] [-i address_to_listen_on]"); } if (krbrlm[0] == 0) if (krb_get_lrealm(krbrlm, 1) != KSUCCESS) errx (1, "Unable to get local realm. Fix krb.conf or use -r."); printf("KADM Server %s initializing\n",KADM_VERSTR); printf("Please do not use 'kill -9' to kill this job, use a\n"); printf("regular kill instead\n\n"); kset_logfile(prm.sysfile); krb_log("Admin server starting"); kerb_db_set_lockmode(KERB_DBL_NONBLOCKING); errval = kerb_init(); /* Open the Kerberos database */ if (errval) { warnx ("error: kerb_init() failed"); close_syslog(); byebye(); } /* set up the server_parm struct */ if ((errval = kadm_ser_init(prm.inter, krbrlm, i_addr))==KADM_SUCCESS) { kerb_fini(); /* Close the Kerberos database-- will re-open later */ errval = kadm_listen(); /* listen for calls to server from clients */ } if (errval != KADM_SUCCESS) { warnx("error: %s",error_message(errval)); kerb_fini(); /* Close if error */ } close_syslog(); /* Close syslog file, print closing note */ byebye(); /* Say bye bye on the terminal in use */ exit(1); } /* procedure main */