1 /* $NetBSD: kadm_conn.c,v 1.1.1.2 2014/04/24 12:45:27 pettai Exp $ */
2
3 /*
4 * Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan
5 * (Royal Institute of Technology, Stockholm, Sweden).
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 #include "kadmin_locl.h"
37 #ifdef HAVE_SYS_WAIT_H
38 #include <sys/wait.h>
39 #endif
40
41 struct kadm_port {
42 char *port;
43 unsigned short def_port;
44 struct kadm_port *next;
45 } *kadm_ports;
46
47 static void
add_kadm_port(krb5_context contextp,const char * service,unsigned int port)48 add_kadm_port(krb5_context contextp, const char *service, unsigned int port)
49 {
50 struct kadm_port *p;
51 p = malloc(sizeof(*p));
52 if(p == NULL) {
53 krb5_warnx(contextp, "failed to allocate %lu bytes\n",
54 (unsigned long)sizeof(*p));
55 return;
56 }
57
58 p->port = strdup(service);
59 p->def_port = port;
60
61 p->next = kadm_ports;
62 kadm_ports = p;
63 }
64
65 static void
add_standard_ports(krb5_context contextp)66 add_standard_ports (krb5_context contextp)
67 {
68 add_kadm_port(contextp, "kerberos-adm", 749);
69 }
70
71 /*
72 * parse the set of space-delimited ports in `str' and add them.
73 * "+" => all the standard ones
74 * otherwise it's port|service[/protocol]
75 */
76
77 void
parse_ports(krb5_context contextp,const char * str)78 parse_ports(krb5_context contextp, const char *str)
79 {
80 char p[128];
81
82 while(strsep_copy(&str, " \t", p, sizeof(p)) != -1) {
83 if(strcmp(p, "+") == 0)
84 add_standard_ports(contextp);
85 else
86 add_kadm_port(contextp, p, 0);
87 }
88 }
89
90 static pid_t pgrp;
91 sig_atomic_t term_flag, doing_useful_work;
92
93 static RETSIGTYPE
sigchld(int sig)94 sigchld(int sig)
95 {
96 int status;
97 /*
98 * waitpid() is async safe. will return -1 or 0 on no more zombie
99 * children
100 */
101 while ((waitpid(-1, &status, WNOHANG)) > 0)
102 ;
103 SIGRETURN(0);
104 }
105
106 static RETSIGTYPE
terminate(int sig)107 terminate(int sig)
108 {
109 if(getpid() == pgrp) {
110 /* parent */
111 term_flag = 1;
112 signal(sig, SIG_IGN);
113 killpg(pgrp, sig);
114 } else {
115 /* child */
116 if(doing_useful_work)
117 term_flag = 1;
118 else
119 exit(0);
120 }
121 SIGRETURN(0);
122 }
123
124 static int
spawn_child(krb5_context contextp,int * socks,unsigned int num_socks,int this_sock)125 spawn_child(krb5_context contextp, int *socks,
126 unsigned int num_socks, int this_sock)
127 {
128 int e;
129 size_t i;
130 struct sockaddr_storage __ss;
131 struct sockaddr *sa = (struct sockaddr *)&__ss;
132 socklen_t sa_size = sizeof(__ss);
133 krb5_socket_t s;
134 pid_t pid;
135 krb5_address addr;
136 char buf[128];
137 size_t buf_len;
138
139 s = accept(socks[this_sock], sa, &sa_size);
140 if(rk_IS_BAD_SOCKET(s)) {
141 krb5_warn(contextp, rk_SOCK_ERRNO, "accept");
142 return 1;
143 }
144 e = krb5_sockaddr2address(contextp, sa, &addr);
145 if(e)
146 krb5_warn(contextp, e, "krb5_sockaddr2address");
147 else {
148 e = krb5_print_address (&addr, buf, sizeof(buf),
149 &buf_len);
150 if(e)
151 krb5_warn(contextp, e, "krb5_print_address");
152 else
153 krb5_warnx(contextp, "connection from %s", buf);
154 krb5_free_address(contextp, &addr);
155 }
156
157 pid = fork();
158 if(pid == 0) {
159 for(i = 0; i < num_socks; i++)
160 rk_closesocket(socks[i]);
161 dup2(s, STDIN_FILENO);
162 dup2(s, STDOUT_FILENO);
163 if(s != STDIN_FILENO && s != STDOUT_FILENO)
164 rk_closesocket(s);
165 return 0;
166 } else {
167 rk_closesocket(s);
168 }
169 return 1;
170 }
171
172 static void
wait_for_connection(krb5_context contextp,krb5_socket_t * socks,unsigned int num_socks)173 wait_for_connection(krb5_context contextp,
174 krb5_socket_t *socks, unsigned int num_socks)
175 {
176 unsigned int i;
177 int e;
178 fd_set orig_read_set, read_set;
179 int status, max_fd = -1;
180
181 FD_ZERO(&orig_read_set);
182
183 for(i = 0; i < num_socks; i++) {
184 #ifdef FD_SETSIZE
185 if (socks[i] >= FD_SETSIZE)
186 errx (1, "fd too large");
187 #endif
188 FD_SET(socks[i], &orig_read_set);
189 max_fd = max(max_fd, socks[i]);
190 }
191
192 pgrp = getpid();
193
194 if(setpgid(0, pgrp) < 0)
195 err(1, "setpgid");
196
197 signal(SIGTERM, terminate);
198 signal(SIGINT, terminate);
199 signal(SIGCHLD, sigchld);
200
201 while (term_flag == 0) {
202 read_set = orig_read_set;
203 e = select(max_fd + 1, &read_set, NULL, NULL, NULL);
204 if(rk_IS_SOCKET_ERROR(e)) {
205 if(rk_SOCK_ERRNO != EINTR)
206 krb5_warn(contextp, rk_SOCK_ERRNO, "select");
207 } else if(e == 0)
208 krb5_warnx(contextp, "select returned 0");
209 else {
210 for(i = 0; i < num_socks; i++) {
211 if(FD_ISSET(socks[i], &read_set))
212 if(spawn_child(contextp, socks, num_socks, i) == 0)
213 return;
214 }
215 }
216 }
217 signal(SIGCHLD, SIG_IGN);
218
219 while ((waitpid(-1, &status, WNOHANG)) > 0)
220 ;
221
222 exit(0);
223 }
224
225
226 void
start_server(krb5_context contextp,const char * port_str)227 start_server(krb5_context contextp, const char *port_str)
228 {
229 int e;
230 struct kadm_port *p;
231
232 krb5_socket_t *socks = NULL, *tmp;
233 unsigned int num_socks = 0;
234 int i;
235
236 if (port_str == NULL)
237 port_str = "+";
238
239 parse_ports(contextp, port_str);
240
241 for(p = kadm_ports; p; p = p->next) {
242 struct addrinfo hints, *ai, *ap;
243 char portstr[32];
244 memset (&hints, 0, sizeof(hints));
245 hints.ai_flags = AI_PASSIVE;
246 hints.ai_socktype = SOCK_STREAM;
247
248 e = getaddrinfo(NULL, p->port, &hints, &ai);
249 if(e) {
250 snprintf(portstr, sizeof(portstr), "%u", p->def_port);
251 e = getaddrinfo(NULL, portstr, &hints, &ai);
252 }
253
254 if(e) {
255 krb5_warn(contextp, krb5_eai_to_heim_errno(e, errno),
256 "%s", portstr);
257 continue;
258 }
259 i = 0;
260 for(ap = ai; ap; ap = ap->ai_next)
261 i++;
262 tmp = realloc(socks, (num_socks + i) * sizeof(*socks));
263 if(tmp == NULL) {
264 krb5_warnx(contextp, "failed to reallocate %lu bytes",
265 (unsigned long)(num_socks + i) * sizeof(*socks));
266 continue;
267 }
268 socks = tmp;
269 for(ap = ai; ap; ap = ap->ai_next) {
270 krb5_socket_t s = socket(ap->ai_family, ap->ai_socktype, ap->ai_protocol);
271 if(rk_IS_BAD_SOCKET(s)) {
272 krb5_warn(contextp, rk_SOCK_ERRNO, "socket");
273 continue;
274 }
275
276 socket_set_reuseaddr(s, 1);
277 socket_set_ipv6only(s, 1);
278
279 if (rk_IS_SOCKET_ERROR(bind (s, ap->ai_addr, ap->ai_addrlen))) {
280 krb5_warn(contextp, rk_SOCK_ERRNO, "bind");
281 rk_closesocket(s);
282 continue;
283 }
284 if (rk_IS_SOCKET_ERROR(listen (s, SOMAXCONN))) {
285 krb5_warn(contextp, rk_SOCK_ERRNO, "listen");
286 rk_closesocket(s);
287 continue;
288 }
289 socks[num_socks++] = s;
290 }
291 freeaddrinfo (ai);
292 }
293 if(num_socks == 0)
294 krb5_errx(contextp, 1, "no sockets to listen to - exiting");
295
296 wait_for_connection(contextp, socks, num_socks);
297 }
298