summaryrefslogtreecommitdiffstats
path: root/third_party/heimdal/kdc/connect.c
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/heimdal/kdc/connect.c')
-rw-r--r--third_party/heimdal/kdc/connect.c1319
1 files changed, 1319 insertions, 0 deletions
diff --git a/third_party/heimdal/kdc/connect.c b/third_party/heimdal/kdc/connect.c
new file mode 100644
index 0000000..ba8c8ad
--- /dev/null
+++ b/third_party/heimdal/kdc/connect.c
@@ -0,0 +1,1319 @@
+/*
+ * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kdc_locl.h"
+
+/*
+ * a tuple describing on what to listen
+ */
+
+struct port_desc{
+ int family;
+ int type;
+ int port;
+};
+
+/* the current ones */
+
+static struct port_desc *ports;
+static size_t num_ports;
+static pid_t bonjour_pid = -1;
+
+/*
+ * add `family, port, protocol' to the list with duplicate suppresion.
+ */
+
+static void
+add_port(krb5_context context,
+ int family, int port, const char *protocol)
+{
+ int type;
+ size_t i;
+
+ if(strcmp(protocol, "udp") == 0)
+ type = SOCK_DGRAM;
+ else if(strcmp(protocol, "tcp") == 0)
+ type = SOCK_STREAM;
+ else
+ return;
+ for(i = 0; i < num_ports; i++){
+ if(ports[i].type == type
+ && ports[i].port == port
+ && ports[i].family == family)
+ return;
+ }
+ ports = realloc(ports, (num_ports + 1) * sizeof(*ports));
+ if (ports == NULL)
+ krb5_err (context, 1, errno, "realloc");
+ ports[num_ports].family = family;
+ ports[num_ports].type = type;
+ ports[num_ports].port = port;
+ num_ports++;
+}
+
+/*
+ * add a triple but with service -> port lookup
+ * (this prints warnings for stuff that does not exist)
+ */
+
+static void
+add_port_service(krb5_context context,
+ int family, const char *service, int port,
+ const char *protocol)
+{
+ port = krb5_getportbyname (context, service, protocol, port);
+ add_port (context, family, port, protocol);
+}
+
+/*
+ * add the port with service -> port lookup or string -> number
+ * (no warning is printed)
+ */
+
+static void
+add_port_string (krb5_context context,
+ int family, const char *str, const char *protocol)
+{
+ struct servent *sp;
+ int port;
+
+ sp = roken_getservbyname (str, protocol);
+ if (sp != NULL) {
+ port = sp->s_port;
+ } else {
+ char *end;
+
+ port = htons(strtol(str, &end, 0));
+ if (end == str)
+ return;
+ }
+ add_port (context, family, port, protocol);
+}
+
+/*
+ * add the standard collection of ports for `family'
+ */
+
+static void
+add_standard_ports (krb5_context context,
+ krb5_kdc_configuration *config,
+ int family)
+{
+ add_port_service(context, family, "kerberos", 88, "udp");
+ add_port_service(context, family, "kerberos", 88, "tcp");
+ add_port_service(context, family, "kerberos-sec", 88, "udp");
+ add_port_service(context, family, "kerberos-sec", 88, "tcp");
+ if(enable_http)
+ add_port_service(context, family, "http", 80, "tcp");
+ if(config->enable_kx509) {
+ add_port_service(context, family, "kca_service", 9878, "udp");
+ add_port_service(context, family, "kca_service", 9878, "tcp");
+ }
+
+}
+
+/*
+ * parse the set of space-delimited ports in `str' and add them.
+ * "+" => all the standard ones
+ * otherwise it's port|service[/protocol]
+ */
+
+static void
+parse_ports(krb5_context context,
+ krb5_kdc_configuration *config,
+ const char *str)
+{
+ char *pos = NULL;
+ char *p;
+ char *str_copy = strdup (str);
+
+ p = strtok_r(str_copy, " \t", &pos);
+ while(p != NULL) {
+ if(strcmp(p, "+") == 0) {
+#ifdef HAVE_IPV6
+ add_standard_ports(context, config, AF_INET6);
+#endif
+ add_standard_ports(context, config, AF_INET);
+ } else {
+ char *q = strchr(p, '/');
+ if(q){
+ *q++ = 0;
+#ifdef HAVE_IPV6
+ add_port_string(context, AF_INET6, p, q);
+#endif
+ add_port_string(context, AF_INET, p, q);
+ }else {
+#ifdef HAVE_IPV6
+ add_port_string(context, AF_INET6, p, "udp");
+ add_port_string(context, AF_INET6, p, "tcp");
+#endif
+ add_port_string(context, AF_INET, p, "udp");
+ add_port_string(context, AF_INET, p, "tcp");
+ }
+ }
+
+ p = strtok_r(NULL, " \t", &pos);
+ }
+ free (str_copy);
+}
+
+/*
+ * every socket we listen on
+ */
+
+struct descr {
+ krb5_socket_t s;
+ int type;
+ int port;
+ unsigned char *buf;
+ size_t size;
+ size_t len;
+ time_t timeout;
+ struct sockaddr_storage __ss;
+ struct sockaddr *sa;
+ socklen_t sock_len;
+ char addr_string[128];
+};
+
+static void
+init_descr(struct descr *d)
+{
+ memset(d, 0, sizeof(*d));
+ d->sa = (struct sockaddr *)&d->__ss;
+ d->s = rk_INVALID_SOCKET;
+}
+
+/*
+ * re-initialize all `n' ->sa in `d'.
+ */
+
+static void
+reinit_descrs (struct descr *d, int n)
+{
+ int i;
+
+ for (i = 0; i < n; ++i)
+ d[i].sa = (struct sockaddr *)&d[i].__ss;
+}
+
+/*
+ * Create the socket (family, type, port) in `d'
+ */
+
+static void
+init_socket(krb5_context context,
+ krb5_kdc_configuration *config,
+ struct descr *d, krb5_address *a, int family, int type, int port)
+{
+ krb5_error_code ret;
+ struct sockaddr_storage __ss;
+ struct sockaddr *sa = (struct sockaddr *)&__ss;
+ krb5_socklen_t sa_size = sizeof(__ss);
+
+ init_descr (d);
+
+ ret = krb5_addr2sockaddr (context, a, sa, &sa_size, port);
+ if (ret) {
+ krb5_warn(context, ret, "krb5_addr2sockaddr");
+ rk_closesocket(d->s);
+ d->s = rk_INVALID_SOCKET;
+ return;
+ }
+
+ if (sa->sa_family != family)
+ return;
+
+ d->s = socket(family, type, 0);
+ if(rk_IS_BAD_SOCKET(d->s)){
+ krb5_warn(context, errno, "socket(%d, %d, 0)", family, type);
+ d->s = rk_INVALID_SOCKET;
+ return;
+ }
+ rk_cloexec(d->s);
+#if defined(HAVE_SETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_REUSEADDR)
+ {
+ int one = 1;
+ (void) setsockopt(d->s, SOL_SOCKET, SO_REUSEADDR, (void *)&one,
+ sizeof(one));
+ }
+#endif
+ d->type = type;
+ d->port = port;
+
+ socket_set_nonblocking(d->s, 1);
+
+ if(rk_IS_SOCKET_ERROR(bind(d->s, sa, sa_size))){
+ char a_str[256];
+ size_t len;
+
+ krb5_print_address (a, a_str, sizeof(a_str), &len);
+ krb5_warn(context, errno, "bind %s/%d", a_str, ntohs(port));
+ rk_closesocket(d->s);
+ d->s = rk_INVALID_SOCKET;
+ return;
+ }
+ if(type == SOCK_STREAM && rk_IS_SOCKET_ERROR(listen(d->s, SOMAXCONN))){
+ char a_str[256];
+ size_t len;
+
+ krb5_print_address (a, a_str, sizeof(a_str), &len);
+ krb5_warn(context, errno, "listen %s/%d", a_str, ntohs(port));
+ rk_closesocket(d->s);
+ d->s = rk_INVALID_SOCKET;
+ return;
+ }
+ socket_set_keepalive(d->s, 1);
+}
+
+/*
+ * Allocate descriptors for all the sockets that we should listen on
+ * and return the number of them.
+ */
+
+static int
+init_sockets(krb5_context context,
+ krb5_kdc_configuration *config,
+ struct descr **desc)
+{
+ krb5_error_code ret;
+ size_t i, j;
+ struct descr *d;
+ int num = 0;
+ krb5_addresses addresses;
+
+ if (explicit_addresses.len) {
+ addresses = explicit_addresses;
+ } else {
+ ret = krb5_get_all_server_addrs (context, &addresses);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_get_all_server_addrs");
+ }
+ parse_ports(context, config, port_str);
+ d = malloc(addresses.len * num_ports * sizeof(*d));
+ if (d == NULL)
+ krb5_errx(context, 1, "malloc(%lu) failed",
+ (unsigned long)num_ports * sizeof(*d));
+
+ for (i = 0; i < num_ports; i++){
+ for (j = 0; j < addresses.len; ++j) {
+ init_socket(context, config, &d[num], &addresses.val[j],
+ ports[i].family, ports[i].type, ports[i].port);
+ if(d[num].s != rk_INVALID_SOCKET){
+ char a_str[80];
+ size_t len;
+
+ krb5_print_address (&addresses.val[j], a_str,
+ sizeof(a_str), &len);
+
+ kdc_log(context, config, 3, "listening on %s port %u/%s",
+ a_str,
+ ntohs(ports[i].port),
+ (ports[i].type == SOCK_STREAM) ? "tcp" : "udp");
+ /* XXX */
+ num++;
+ }
+ }
+ }
+ krb5_free_addresses (context, &addresses);
+ d = realloc(d, num * sizeof(*d));
+ if (d == NULL && num != 0)
+ krb5_errx(context, 1, "realloc(%lu) failed",
+ (unsigned long)num * sizeof(*d));
+ reinit_descrs (d, num);
+ *desc = d;
+ return num;
+}
+
+/*
+ *
+ */
+
+static const char *
+descr_type(struct descr *d)
+{
+ if (d->type == SOCK_DGRAM)
+ return "udp";
+ else if (d->type == SOCK_STREAM)
+ return "tcp";
+ return "unknown";
+}
+
+static void
+addr_to_string(krb5_context context,
+ struct sockaddr *addr, size_t addr_len, char *str, size_t len)
+{
+ krb5_address a;
+ if(krb5_sockaddr2address(context, addr, &a) == 0) {
+ if(krb5_print_address(&a, str, len, &len) == 0) {
+ krb5_free_address(context, &a);
+ return;
+ }
+ krb5_free_address(context, &a);
+ }
+ snprintf(str, len, "<family=%d>", addr->sa_family);
+}
+
+/*
+ *
+ */
+
+static void
+send_reply(krb5_context context,
+ krb5_kdc_configuration *config,
+ krb5_boolean prependlength,
+ struct descr *d,
+ krb5_data *reply)
+{
+ kdc_log(context, config, 4,
+ "sending %lu bytes to %s", (unsigned long)reply->length,
+ d->addr_string);
+ if(prependlength){
+ unsigned char l[4];
+ l[0] = (reply->length >> 24) & 0xff;
+ l[1] = (reply->length >> 16) & 0xff;
+ l[2] = (reply->length >> 8) & 0xff;
+ l[3] = reply->length & 0xff;
+ if(rk_IS_SOCKET_ERROR(sendto(d->s, l, sizeof(l), 0, d->sa, d->sock_len))) {
+ kdc_log (context, config,
+ 1, "sendto(%s): %s", d->addr_string,
+ strerror(rk_SOCK_ERRNO));
+ return;
+ }
+ }
+ if(rk_IS_SOCKET_ERROR(sendto(d->s, reply->data, reply->length, 0, d->sa, d->sock_len))) {
+ kdc_log (context, config, 1, "sendto(%s): %s", d->addr_string,
+ strerror(rk_SOCK_ERRNO));
+ return;
+ }
+}
+
+/*
+ * Handle the request in `buf, len' to socket `d'
+ */
+
+static void
+do_request(krb5_context context,
+ krb5_kdc_configuration *config,
+ void *buf, size_t len, krb5_boolean prependlength,
+ struct descr *d)
+{
+ krb5_error_code ret;
+ krb5_data reply;
+ int datagram_reply = (d->type == SOCK_DGRAM);
+
+ krb5_kdc_update_time(NULL);
+
+ krb5_data_zero(&reply);
+ ret = krb5_kdc_process_request(context, config,
+ buf, len, &reply, &prependlength,
+ d->addr_string, d->sa,
+ datagram_reply);
+ if(request_log)
+ krb5_kdc_save_request(context, request_log, buf, len, &reply, d->sa);
+ if(reply.length){
+ send_reply(context, config, prependlength, d, &reply);
+ krb5_data_free(&reply);
+ }
+ if(ret)
+ kdc_log(context, config, 1,
+ "Failed processing %lu byte request from %s",
+ (unsigned long)len, d->addr_string);
+}
+
+/*
+ * Handle incoming data to the UDP socket in `d'
+ */
+
+static void
+handle_udp(krb5_context context,
+ krb5_kdc_configuration *config,
+ struct descr *d)
+{
+ unsigned char *buf;
+ ssize_t n;
+
+ buf = malloc(max_request_udp);
+ if (buf == NULL){
+ kdc_log(context, config, 1, "Failed to allocate %lu bytes",
+ (unsigned long)max_request_udp);
+ return;
+ }
+
+ d->sock_len = sizeof(d->__ss);
+ n = recvfrom(d->s, buf, max_request_udp, 0, d->sa, &d->sock_len);
+ if (rk_IS_SOCKET_ERROR(n)) {
+ if (rk_SOCK_ERRNO != EAGAIN && rk_SOCK_ERRNO != EINTR)
+ krb5_warn(context, rk_SOCK_ERRNO, "recvfrom");
+ } else {
+ addr_to_string (context, d->sa, d->sock_len,
+ d->addr_string, sizeof(d->addr_string));
+ if ((size_t)n == max_request_udp) {
+ krb5_data data;
+ krb5_warn(context, errno,
+ "recvfrom: truncated packet from %s, asking for TCP",
+ d->addr_string);
+ krb5_mk_error(context,
+ KRB5KRB_ERR_RESPONSE_TOO_BIG,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ &data);
+ send_reply(context, config, FALSE, d, &data);
+ krb5_data_free(&data);
+ } else {
+ do_request(context, config, buf, n, FALSE, d);
+ }
+ }
+ free (buf);
+}
+
+static void
+clear_descr(struct descr *d)
+{
+ if(d->buf)
+ memset(d->buf, 0, d->size);
+ d->len = 0;
+ if(d->s != rk_INVALID_SOCKET)
+ rk_closesocket(d->s);
+ d->s = rk_INVALID_SOCKET;
+}
+
+
+/* remove HTTP %-quoting from buf */
+static int
+de_http(char *buf)
+{
+ unsigned char *p, *q;
+ unsigned int x;
+
+ for (p = q = (unsigned char *)buf; *p; p++, q++) {
+ if (*p == '%') {
+ if (!(isxdigit(p[1]) && isxdigit(p[2])))
+ return -1;
+
+ if (sscanf((char *)p + 1, "%2x", &x) != 1)
+ return -1;
+
+ *q = x;
+ p += 2;
+ } else {
+ *q = *p;
+ }
+ }
+ *q = '\0';
+ return 0;
+}
+
+#define TCP_TIMEOUT 4
+
+/*
+ * accept a new TCP connection on `d[parent]' and store it in `d[child]'
+ */
+
+static void
+add_new_tcp (krb5_context context,
+ krb5_kdc_configuration *config,
+ struct descr *d, int parent, int child)
+{
+ krb5_socket_t s;
+
+ if (child == -1)
+ return;
+
+ d[child].sock_len = sizeof(d[child].__ss);
+ s = accept(d[parent].s, d[child].sa, &d[child].sock_len);
+ if(rk_IS_BAD_SOCKET(s)) {
+ if (rk_SOCK_ERRNO != EAGAIN && rk_SOCK_ERRNO != EINTR)
+ krb5_warn(context, rk_SOCK_ERRNO, "accept");
+ return;
+ }
+
+#ifdef FD_SETSIZE
+ if (s >= FD_SETSIZE) {
+ krb5_warnx(context, "socket FD too large");
+ rk_closesocket (s);
+ return;
+ }
+#endif
+
+ d[child].s = s;
+ d[child].timeout = time(NULL) + TCP_TIMEOUT;
+ d[child].type = SOCK_STREAM;
+ addr_to_string (context,
+ d[child].sa, d[child].sock_len,
+ d[child].addr_string, sizeof(d[child].addr_string));
+}
+
+/*
+ * Grow `d' to handle at least `n'.
+ * Return != 0 if fails
+ */
+
+static int
+grow_descr (krb5_context context,
+ krb5_kdc_configuration *config,
+ struct descr *d, size_t n)
+{
+ if (d->size - d->len < n) {
+ unsigned char *tmp;
+ size_t grow;
+
+ grow = max(1024, d->len + n);
+ if (d->size + grow > max_request_tcp) {
+ kdc_log(context, config, 2, "Request exceeds max request size (%lu bytes).",
+ (unsigned long)d->size + grow);
+ clear_descr(d);
+ return -1;
+ }
+ tmp = realloc (d->buf, d->size + grow);
+ if (tmp == NULL) {
+ kdc_log(context, config, 1, "Failed to re-allocate %lu bytes.",
+ (unsigned long)d->size + grow);
+ clear_descr(d);
+ return -1;
+ }
+ d->size += grow;
+ d->buf = tmp;
+ }
+ return 0;
+}
+
+/*
+ * Try to handle the TCP data at `d->buf, d->len'.
+ * Return -1 if failed, 0 if succesful, and 1 if data is complete.
+ */
+
+static int
+handle_vanilla_tcp (krb5_context context,
+ krb5_kdc_configuration *config,
+ struct descr *d)
+{
+ krb5_error_code ret;
+ krb5_storage *sp;
+ uint32_t len;
+
+ if (d->len < 4)
+ return 0;
+ sp = krb5_storage_from_mem(d->buf, d->len);
+ if (sp == NULL) {
+ kdc_log (context, config, 1, "krb5_storage_from_mem failed");
+ return -1;
+ }
+ ret = krb5_ret_uint32(sp, &len);
+ if (ret) {
+ kdc_log(context, config, 4, "failed to read request length");
+ return -1;
+ }
+ krb5_storage_free(sp);
+ if(d->len - 4 >= len) {
+ memmove(d->buf, d->buf + 4, d->len - 4);
+ d->len -= 4;
+ return 1;
+ }
+ return 0;
+}
+
+/*
+ * Try to handle the TCP/HTTP data at `d->buf, d->len'.
+ * Return -1 if failed, 0 if succesful, and 1 if data is complete.
+ */
+
+static int
+handle_http_tcp (krb5_context context,
+ krb5_kdc_configuration *config,
+ struct descr *d)
+{
+ char *s, *p, *t;
+ void *data;
+ char *proto;
+ int len;
+
+ s = (char *)d->buf;
+
+ /* If its a multi line query, truncate off the first line */
+ p = strstr(s, "\r\n");
+ if (p)
+ *p = 0;
+
+ p = NULL;
+ t = strtok_r(s, " \t", &p);
+ if (t == NULL) {
+ kdc_log(context, config, 2,
+ "Missing HTTP operand (GET) request from %s", d->addr_string);
+ return -1;
+ }
+
+ t = strtok_r(NULL, " \t", &p);
+ if(t == NULL) {
+ kdc_log(context, config, 2,
+ "Missing HTTP GET data in request from %s", d->addr_string);
+ return -1;
+ }
+
+ data = malloc(strlen(t));
+ if (data == NULL) {
+ kdc_log(context, config, 1, "Failed to allocate %lu bytes",
+ (unsigned long)strlen(t));
+ return -1;
+ }
+ if(*t == '/')
+ t++;
+ if(de_http(t) != 0) {
+ kdc_log(context, config, 2, "Malformed HTTP request from %s", d->addr_string);
+ kdc_log(context, config, 4, "HTTP request: %s", t);
+ free(data);
+ return -1;
+ }
+ proto = strtok_r(NULL, " \t", &p);
+ if (proto == NULL) {
+ kdc_log(context, config, 2, "Malformed HTTP request from %s", d->addr_string);
+ free(data);
+ return -1;
+ }
+ len = rk_base64_decode(t, data);
+ if(len <= 0){
+ const char *msg =
+ " 404 Not found\r\n"
+ "Server: Heimdal/" VERSION "\r\n"
+ "Cache-Control: no-cache\r\n"
+ "Pragma: no-cache\r\n"
+ "Content-type: text/html\r\n"
+ "Content-transfer-encoding: 8bit\r\n\r\n"
+ "<TITLE>404 Not found</TITLE>\r\n"
+ "<H1>404 Not found</H1>\r\n"
+ "That page doesn't exist, maybe you are looking for "
+ "<A HREF=\"http://www.h5l.org/\">Heimdal</A>?\r\n";
+ kdc_log(context, config, 2, "HTTP request from %s is non KDC request", d->addr_string);
+ kdc_log(context, config, 4, "HTTP request: %s", t);
+ free(data);
+ if (rk_IS_SOCKET_ERROR(send(d->s, proto, strlen(proto), 0))) {
+ kdc_log(context, config, 1, "HTTP write failed: %s: %s",
+ d->addr_string, strerror(rk_SOCK_ERRNO));
+ return -1;
+ }
+ if (rk_IS_SOCKET_ERROR(send(d->s, msg, strlen(msg), 0))) {
+ kdc_log(context, config, 1, "HTTP write failed: %s: %s",
+ d->addr_string, strerror(rk_SOCK_ERRNO));
+ return -1;
+ }
+ return -1;
+ }
+ {
+ const char *msg =
+ " 200 OK\r\n"
+ "Server: Heimdal/" VERSION "\r\n"
+ "Cache-Control: no-cache\r\n"
+ "Pragma: no-cache\r\n"
+ "Content-type: application/octet-stream\r\n"
+ "Content-transfer-encoding: binary\r\n\r\n";
+ if (rk_IS_SOCKET_ERROR(send(d->s, proto, strlen(proto), 0))) {
+ free(data);
+ kdc_log(context, config, 1, "HTTP write failed: %s: %s",
+ d->addr_string, strerror(rk_SOCK_ERRNO));
+ return -1;
+ }
+ if (rk_IS_SOCKET_ERROR(send(d->s, msg, strlen(msg), 0))) {
+ free(data);
+ kdc_log(context, config, 1, "HTTP write failed: %s: %s",
+ d->addr_string, strerror(rk_SOCK_ERRNO));
+ return -1;
+ }
+ }
+ if ((size_t)len > d->len)
+ len = d->len;
+ memcpy(d->buf, data, len);
+ d->len = len;
+ free(data);
+ return 1;
+}
+
+static int
+http1_request_taste(const unsigned char *req, size_t len)
+{
+ return !!((len >= sizeof("GET ") - 1 &&
+ memcmp(req, "GET ", sizeof("GET ") - 1) == 0) ||
+ (len >= sizeof("HEAD ") - 1 &&
+ memcmp(req, "HEAD ", sizeof("HEAD ") - 1) == 0));
+}
+
+static int
+http1_request_is_complete(const unsigned char *req, size_t len)
+{
+
+ return http1_request_taste(req, len) &&
+ memmem(req, len, "\r\n\r\n", sizeof("\r\n\r\n") - 4) != NULL;
+
+ /*
+ * For POST (the MSFT variant of this protocol) we'll need something like
+ * this (plus check for Content-Length/Transfer-Encoding):
+ *
+ * const unsigned char *body;
+ * if ((body = memmem(req, len, "\r\n\r\n", sizeof("\r\n\r\n") - 4)) == NULL)
+ * return 0;
+ * body += sizeof("\r\n\r\n") - 4;
+ * len -= (body - req);
+ * return memmem(body, len, "\r\n\r\n", sizeof("\r\n\r\n") - 4) != NULL;
+ *
+ * Since the POST-based variant runs over HTTPS, we'll probably implement
+ * that in a proxy instead of here.
+ */
+}
+
+/*
+ * Handle incoming data to the TCP socket in `d[index]'
+ */
+
+static void
+handle_tcp(krb5_context context,
+ krb5_kdc_configuration *config,
+ struct descr *d, int idx, int min_free)
+{
+ unsigned char buf[1024];
+ int n;
+ int ret = 0;
+
+ if (d[idx].timeout == 0) {
+ add_new_tcp (context, config, d, idx, min_free);
+ return;
+ }
+
+ n = recvfrom(d[idx].s, buf, sizeof(buf), 0, NULL, NULL);
+ if(rk_IS_SOCKET_ERROR(n)){
+ krb5_warn(context, rk_SOCK_ERRNO, "recvfrom failed from %s to %s/%d",
+ d[idx].addr_string, descr_type(d + idx),
+ ntohs(d[idx].port));
+ return;
+ } else if (n == 0) {
+ krb5_warnx(context, "connection closed before end of data after %lu "
+ "bytes from %s to %s/%d", (unsigned long)d[idx].len,
+ d[idx].addr_string, descr_type(d + idx),
+ ntohs(d[idx].port));
+ clear_descr (d + idx);
+ return;
+ }
+ if (grow_descr (context, config, &d[idx], n))
+ return;
+ memcpy(d[idx].buf + d[idx].len, buf, n);
+ d[idx].len += n;
+ if(d[idx].len > 4 && d[idx].buf[0] == 0) {
+ ret = handle_vanilla_tcp (context, config, &d[idx]);
+ } else if (enable_http &&
+ http1_request_taste(d[idx].buf, d[idx].len)) {
+
+ if (http1_request_is_complete(d[idx].buf, d[idx].len)) {
+ /* NUL-terminate at the request header ending \r\n\r\n */
+ d[idx].buf[d[idx].len - 4] = '\0';
+ ret = handle_http_tcp (context, config, &d[idx]);
+ }
+ } else if (d[idx].len > 4) {
+ kdc_log (context, config,
+ 2, "TCP data of strange type from %s to %s/%d",
+ d[idx].addr_string, descr_type(d + idx),
+ ntohs(d[idx].port));
+ if (d[idx].buf[0] & 0x80) {
+ krb5_data reply;
+
+ kdc_log (context, config, 2, "TCP extension not supported");
+
+ ret = krb5_mk_error(context,
+ KRB5KRB_ERR_FIELD_TOOLONG,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ &reply);
+ if (ret == 0) {
+ send_reply(context, config, TRUE, d + idx, &reply);
+ krb5_data_free(&reply);
+ }
+ }
+ clear_descr(d + idx);
+ return;
+ }
+
+ /*
+ * ret == 0 -> not enough of request buffered -> wait for more
+ * ret == 1 -> go ahead and perform the request
+ * ret != 0 (really, < 0) -> error, probably ENOMEM, close connection
+ */
+ if (ret == 1)
+ do_request(context, config,
+ d[idx].buf, d[idx].len, TRUE, &d[idx]);
+
+ /*
+ * Note: this means we don't keep the connection open even where we
+ * the protocol permits it.
+ */
+ if (ret != 0)
+ clear_descr(d + idx);
+}
+
+#ifdef HAVE_FORK
+static void
+handle_islive(int fd)
+{
+ char buf;
+ int ret;
+
+ ret = read(fd, &buf, 1);
+ if (ret != 1)
+ exit_flag = -1;
+}
+#endif
+
+static krb5_boolean
+realloc_descrs(struct descr **d, unsigned int *ndescr)
+{
+ struct descr *tmp;
+ size_t i;
+
+ tmp = realloc(*d, (*ndescr + 4) * sizeof(**d));
+ if(tmp == NULL)
+ return FALSE;
+
+ *d = tmp;
+ reinit_descrs (*d, *ndescr);
+ memset(*d + *ndescr, 0, 4 * sizeof(**d));
+ for(i = *ndescr; i < *ndescr + 4; i++)
+ init_descr (*d + i);
+
+ *ndescr += 4;
+
+ return TRUE;
+}
+
+static int
+next_min_free(krb5_context context, struct descr **d, unsigned int *ndescr)
+{
+ size_t i;
+ int min_free;
+
+ for(i = 0; i < *ndescr; i++) {
+ int s = (*d + i)->s;
+ if(rk_IS_BAD_SOCKET(s))
+ return i;
+ }
+
+ min_free = *ndescr;
+ if(!realloc_descrs(d, ndescr)) {
+ min_free = -1;
+ krb5_warnx(context, "No memory");
+ }
+
+ return min_free;
+}
+
+static void
+loop(krb5_context context, krb5_kdc_configuration *config,
+ struct descr **dp, unsigned int *ndescrp, int islive)
+{
+ struct descr *d = *dp;
+ unsigned int ndescr = *ndescrp;
+
+ while (exit_flag == 0) {
+ struct timeval tmout;
+ fd_set fds;
+ int min_free = -1;
+ int max_fd = 0;
+ size_t i;
+
+ FD_ZERO(&fds);
+ if (islive > -1) {
+ FD_SET(islive, &fds);
+ max_fd = islive;
+ }
+ for (i = 0; i < ndescr; i++) {
+ if (!rk_IS_BAD_SOCKET(d[i].s)) {
+ if (d[i].type == SOCK_STREAM &&
+ d[i].timeout && d[i].timeout < time(NULL)) {
+ kdc_log(context, config, 2,
+ "TCP-connection from %s expired after %lu bytes",
+ d[i].addr_string, (unsigned long)d[i].len);
+ clear_descr(&d[i]);
+ continue;
+ }
+#ifndef NO_LIMIT_FD_SETSIZE
+ if (max_fd < d[i].s)
+ max_fd = d[i].s;
+#ifdef FD_SETSIZE
+ if (max_fd >= FD_SETSIZE)
+ krb5_errx(context, 1, "fd too large");
+#endif
+#endif
+ FD_SET(d[i].s, &fds);
+ }
+ }
+
+ tmout.tv_sec = TCP_TIMEOUT;
+ tmout.tv_usec = 0;
+ switch(select(max_fd + 1, &fds, 0, 0, &tmout)){
+ case 0:
+ break;
+ case -1:
+ if (errno != EINTR)
+ krb5_warn(context, rk_SOCK_ERRNO, "select");
+ break;
+ default:
+#ifdef HAVE_FORK
+ if (islive > -1 && FD_ISSET(islive, &fds))
+ handle_islive(islive);
+#endif
+ for (i = 0; i < ndescr; i++)
+ if (!rk_IS_BAD_SOCKET(d[i].s) && FD_ISSET(d[i].s, &fds)) {
+ min_free = next_min_free(context, dp, ndescrp);
+ ndescr = *ndescrp;
+ d = *dp;
+
+ if (d[i].type == SOCK_DGRAM)
+ handle_udp(context, config, &d[i]);
+ else if (d[i].type == SOCK_STREAM)
+ handle_tcp(context, config, d, i, min_free);
+ }
+ }
+ }
+
+ switch (exit_flag) {
+ case -1:
+ kdc_log(context, config, 0,
+ "KDC worker process exiting because KDC master exited.");
+ break;
+#ifdef SIGXCPU
+ case SIGXCPU:
+ kdc_log(context, config, 0, "CPU time limit exceeded");
+ break;
+#endif
+ case SIGINT:
+ case SIGTERM:
+ kdc_log(context, config, 0, "Terminated");
+ break;
+ default:
+ kdc_log(context, config, 0, "Unexpected exit reason: %d", exit_flag);
+ break;
+ }
+}
+
+#ifdef __APPLE__
+static void
+bonjour_kid(krb5_context context, krb5_kdc_configuration *config, const char *argv0, int *islive)
+{
+ char buf;
+
+ if (do_bonjour > 0) {
+ bonjour_announce(context, config);
+
+ while (read(0, &buf, 1) == 1)
+ continue;
+ _exit(0);
+ }
+
+ if ((bonjour_pid = fork()) != 0)
+ return;
+
+ close(islive[0]);
+ if (dup2(islive[1], 0) == -1)
+ err(1, "failed to announce with bonjour (dup)");
+ if (islive[1] != 0)
+ close(islive[1]);
+ execlp(argv0, "kdc", "--bonjour", NULL);
+ err(1, "failed to announce with bonjour (exec)");
+}
+#endif
+
+#ifdef HAVE_FORK
+static void
+kill_kids(pid_t *pids, int max_kids, int sig)
+{
+ int i;
+
+ for (i=0; i < max_kids; i++)
+ if (pids[i] > 0)
+ kill(sig, pids[i]);
+ if (bonjour_pid > 0)
+ kill(sig, bonjour_pid);
+}
+
+static int
+reap_kid(krb5_context context, krb5_kdc_configuration *config,
+ pid_t *pids, int max_kids, int options)
+{
+ pid_t pid;
+ char *what = "untracked";
+ int status;
+ int i = 0; /* quiet warnings */
+ int ret = 0;
+ int level = 3;
+ const char *sev = "info: ";
+
+ pid = waitpid(-1, &status, options);
+ if (pid <= 0)
+ return 0;
+
+ if (pid == bonjour_pid) {
+ bonjour_pid = (pid_t)-1;
+ what = "bonjour";
+ } else {
+ for (i=0; i < max_kids; i++) {
+ if (pids[i] == pid) {
+ pids[i] = (pid_t)-1;
+ what = "worker";
+ ret = 1;
+ break;
+ }
+ }
+
+ if (i == max_kids) {
+ /* should not happen */
+ sev = "warning: ";
+ level = 2;
+ }
+ }
+
+ if (WIFEXITED(status))
+ kdc_log(context, config, level,
+ "%sKDC reaped %s process: %d, exit status: %d",
+ sev, what, (int)pid, WEXITSTATUS(status));
+ else if (WIFSIGNALED(status))
+ kdc_log(context, config, level,
+ "%sKDC reaped %s process: %d, term signal %d%s",
+ sev, what, (int)pid, WTERMSIG(status),
+ WCOREDUMP(status) ? " (core dumped)" : "");
+ else
+ kdc_log(context, config, level, "%sKDC reaped %s process: %d",
+ sev, what, (int)pid);
+
+ return ret;
+}
+
+static int
+reap_kids(krb5_context context, krb5_kdc_configuration *config,
+ pid_t *pids, int max_kids)
+{
+ int reaped = 0;
+
+ for (;;) {
+ if (reap_kid(context, config, pids, max_kids, WNOHANG) == 0)
+ break;
+ reaped++;
+ }
+
+ return reaped;
+}
+
+static void
+select_sleep(int microseconds)
+{
+ struct timeval tv;
+
+ tv.tv_sec = microseconds / 1000000;
+ tv.tv_usec = microseconds % 1000000;
+ select(0, NULL, NULL, NULL, &tv);
+}
+#endif
+
+void
+start_kdc(krb5_context context,
+ krb5_kdc_configuration *config, const char *argv0)
+{
+ struct timeval tv1;
+ struct timeval tv2;
+ struct descr *d;
+ unsigned int ndescr;
+ pid_t pid = -1;
+#ifdef HAVE_FORK
+ pid_t *pids;
+ int max_kdcs = config->num_kdc_processes;
+ int num_kdcs = 0;
+ int i;
+ int islive[2];
+#endif
+
+#ifdef __APPLE__
+ if (!testing_flag && do_bonjour > 0)
+ bonjour_kid(context, config, argv0, NULL);
+#endif
+
+#ifdef HAVE_FORK
+#ifdef _SC_NPROCESSORS_ONLN
+ if (max_kdcs < 1)
+ max_kdcs = sysconf(_SC_NPROCESSORS_ONLN);
+#endif
+
+ if (max_kdcs < 1)
+ max_kdcs = 1;
+
+ pids = calloc(max_kdcs, sizeof(*pids));
+ if (pids == NULL)
+ krb5_err(context, 1, errno, "malloc");
+
+ /*
+ * We open a socketpair of which we hand one end to each of our kids.
+ * When we exit, for whatever reason, the children will notice an EOF
+ * on their end and be able to cleanly exit.
+ */
+
+ if (socketpair(PF_UNIX, SOCK_STREAM, 0, islive) == -1)
+ krb5_errx(context, 1, "socketpair");
+ socket_set_nonblocking(islive[1], 1);
+#endif
+
+ ndescr = init_sockets(context, config, &d);
+ if(ndescr <= 0)
+ krb5_errx(context, 1, "No sockets!");
+
+#ifdef HAVE_FORK
+
+# ifdef __APPLE__
+ if (!testing_flag && do_bonjour < 0)
+ bonjour_kid(context, config, argv0, islive);
+# endif
+
+ kdc_log(context, config, 3, "KDC started master process pid=%d", getpid());
+#else
+ kdc_log(context, config, 3, "KDC started pid=%d", getpid());
+#endif
+
+ roken_detach_finish(NULL, daemon_child);
+
+#ifdef HAVE_FORK
+ if (!testing_flag) {
+ /* Note that we might never execute the body of this loop */
+ while (exit_flag == 0) {
+
+ if (num_kdcs >= max_kdcs) {
+ num_kdcs -= reap_kid(context, config, pids, max_kdcs, 0);
+ continue;
+ }
+
+ if (num_kdcs > 0)
+ num_kdcs -= reap_kids(context, config, pids, max_kdcs);
+
+ pid = fork();
+ switch (pid) {
+ case 0:
+ close(islive[0]);
+ loop(context, config, &d, &ndescr, islive[1]);
+ exit(0);
+ case -1:
+ /* XXXrcd: hmmm, do something useful?? */
+ kdc_log(context, config, 1,
+ "KDC master process could not fork worker process");
+ sleep(10);
+ break;
+ default:
+ for (i = 0; i < max_kdcs; i++) {
+ if (pids[i] <= 0) {
+ pids[i] = pid;
+ break;
+ }
+ }
+ if (i >= max_kdcs) {
+ /* This should not happen */
+ kdc_log(context, config, 1,
+ "warning: forked untracked child process: %d",
+ (int)pid);
+ }
+ kdc_log(context, config, 3, "KDC worker process started: %d",
+ pid);
+ num_kdcs++;
+ /* Slow down the creation of KDCs... */
+ select_sleep(12500);
+ break;
+ }
+ }
+
+ /* Closing these sockets should cause the kids to die... */
+
+ close(islive[0]);
+ close(islive[1]);
+
+ /* Close our listener sockets before terminating workers */
+ for (i = 0; i < ndescr; ++i)
+ clear_descr(&d[i]);
+
+ gettimeofday(&tv1, NULL);
+ tv2 = tv1;
+
+ /* Reap every 10ms, terminate stragglers once a second, give up after 10 */
+ for (;;) {
+ struct timeval tv3;
+ num_kdcs -= reap_kids(context, config, pids, max_kdcs);
+ if (num_kdcs == 0 && bonjour_pid <= 0)
+ goto end;
+ /*
+ * Using select to sleep will fail with EINTR if we receive a
+ * SIGCHLD. This is desirable.
+ */
+ select_sleep(10000);
+ gettimeofday(&tv3, NULL);
+ if (tv3.tv_sec - tv1.tv_sec > 10 ||
+ (tv3.tv_sec - tv1.tv_sec == 10 && tv3.tv_usec >= tv1.tv_usec))
+ break;
+ if (tv3.tv_sec - tv2.tv_sec > 1 ||
+ (tv3.tv_sec - tv2.tv_sec == 1 && tv3.tv_usec >= tv2.tv_usec)) {
+ kill_kids(pids, max_kdcs, SIGTERM);
+ tv2 = tv3;
+ }
+ }
+
+ /* Kill stragglers and reap every 200ms, give up after 15s */
+ for (;;) {
+ kill_kids(pids, max_kdcs, SIGKILL);
+ num_kdcs -= reap_kids(context, config, pids, max_kdcs);
+ if (num_kdcs == 0 && bonjour_pid <= 0)
+ break;
+ select_sleep(200000);
+ gettimeofday(&tv2, NULL);
+ if (tv2.tv_sec - tv1.tv_sec > 15 ||
+ (tv2.tv_sec - tv1.tv_sec == 15 && tv2.tv_usec >= tv1.tv_usec))
+ break;
+ }
+
+ end:
+ kdc_log(context, config, 3, "KDC master process exiting");
+ } else {
+ loop(context, config, &d, &ndescr, -1);
+ kdc_log(context, config, 3, "KDC exiting");
+ }
+ free(pids);
+#else
+ loop(context, config, &d, &ndescr, -1);
+ kdc_log(context, config, 3, "KDC exiting");
+#endif
+
+ free(d);
+}