1 /* $NetBSD: send_to_kdc.c,v 1.1.1.1 2011/04/13 18:15:38 elric Exp $ */ 2 3 /* 4 * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include "krb5_locl.h" 37 #include "send_to_kdc_plugin.h" 38 39 struct send_to_kdc { 40 krb5_send_to_kdc_func func; 41 void *data; 42 }; 43 44 /* 45 * send the data in `req' on the socket `fd' (which is datagram iff udp) 46 * waiting `tmout' for a reply and returning the reply in `rep'. 47 * iff limit read up to this many bytes 48 * returns 0 and data in `rep' if succesful, otherwise -1 49 */ 50 51 static int 52 recv_loop (krb5_socket_t fd, 53 time_t tmout, 54 int udp, 55 size_t limit, 56 krb5_data *rep) 57 { 58 fd_set fdset; 59 struct timeval timeout; 60 int ret; 61 int nbytes; 62 63 #ifndef NO_LIMIT_FD_SETSIZE 64 if (fd >= FD_SETSIZE) { 65 return -1; 66 } 67 #endif 68 69 krb5_data_zero(rep); 70 do { 71 FD_ZERO(&fdset); 72 FD_SET(fd, &fdset); 73 timeout.tv_sec = tmout; 74 timeout.tv_usec = 0; 75 ret = select (fd + 1, &fdset, NULL, NULL, &timeout); 76 if (ret < 0) { 77 if (errno == EINTR) 78 continue; 79 return -1; 80 } else if (ret == 0) { 81 return 0; 82 } else { 83 void *tmp; 84 85 if (rk_SOCK_IOCTL (fd, FIONREAD, &nbytes) < 0) { 86 krb5_data_free (rep); 87 return -1; 88 } 89 if(nbytes <= 0) 90 return 0; 91 92 if (limit) 93 nbytes = min(nbytes, limit - rep->length); 94 95 tmp = realloc (rep->data, rep->length + nbytes); 96 if (tmp == NULL) { 97 krb5_data_free (rep); 98 return -1; 99 } 100 rep->data = tmp; 101 ret = recv (fd, (char*)tmp + rep->length, nbytes, 0); 102 if (ret < 0) { 103 krb5_data_free (rep); 104 return -1; 105 } 106 rep->length += ret; 107 } 108 } while(!udp && (limit == 0 || rep->length < limit)); 109 return 0; 110 } 111 112 /* 113 * Send kerberos requests and receive a reply on a udp or any other kind 114 * of a datagram socket. See `recv_loop'. 115 */ 116 117 static int 118 send_and_recv_udp(krb5_socket_t fd, 119 time_t tmout, 120 const krb5_data *req, 121 krb5_data *rep) 122 { 123 if (send (fd, req->data, req->length, 0) < 0) 124 return -1; 125 126 return recv_loop(fd, tmout, 1, 0, rep); 127 } 128 129 /* 130 * `send_and_recv' for a TCP (or any other stream) socket. 131 * Since there are no record limits on a stream socket the protocol here 132 * is to prepend the request with 4 bytes of its length and the reply 133 * is similarly encoded. 134 */ 135 136 static int 137 send_and_recv_tcp(krb5_socket_t fd, 138 time_t tmout, 139 const krb5_data *req, 140 krb5_data *rep) 141 { 142 unsigned char len[4]; 143 unsigned long rep_len; 144 krb5_data len_data; 145 146 _krb5_put_int(len, req->length, 4); 147 if(net_write (fd, len, sizeof(len)) < 0) 148 return -1; 149 if(net_write (fd, req->data, req->length) < 0) 150 return -1; 151 if (recv_loop (fd, tmout, 0, 4, &len_data) < 0) 152 return -1; 153 if (len_data.length != 4) { 154 krb5_data_free (&len_data); 155 return -1; 156 } 157 _krb5_get_int(len_data.data, &rep_len, 4); 158 krb5_data_free (&len_data); 159 if (recv_loop (fd, tmout, 0, rep_len, rep) < 0) 160 return -1; 161 if(rep->length != rep_len) { 162 krb5_data_free (rep); 163 return -1; 164 } 165 return 0; 166 } 167 168 int 169 _krb5_send_and_recv_tcp(krb5_socket_t fd, 170 time_t tmout, 171 const krb5_data *req, 172 krb5_data *rep) 173 { 174 return send_and_recv_tcp(fd, tmout, req, rep); 175 } 176 177 /* 178 * `send_and_recv' tailored for the HTTP protocol. 179 */ 180 181 static int 182 send_and_recv_http(krb5_socket_t fd, 183 time_t tmout, 184 const char *prefix, 185 const krb5_data *req, 186 krb5_data *rep) 187 { 188 char *request = NULL; 189 char *str; 190 int ret; 191 int len = base64_encode(req->data, req->length, &str); 192 193 if(len < 0) 194 return -1; 195 ret = asprintf(&request, "GET %s%s HTTP/1.0\r\n\r\n", prefix, str); 196 free(str); 197 if (ret < 0 || request == NULL) 198 return -1; 199 ret = net_write (fd, request, strlen(request)); 200 free (request); 201 if (ret < 0) 202 return ret; 203 ret = recv_loop(fd, tmout, 0, 0, rep); 204 if(ret) 205 return ret; 206 { 207 unsigned long rep_len; 208 char *s, *p; 209 210 s = realloc(rep->data, rep->length + 1); 211 if (s == NULL) { 212 krb5_data_free (rep); 213 return -1; 214 } 215 s[rep->length] = 0; 216 p = strstr(s, "\r\n\r\n"); 217 if(p == NULL) { 218 krb5_data_zero(rep); 219 free(s); 220 return -1; 221 } 222 p += 4; 223 rep->data = s; 224 rep->length -= p - s; 225 if(rep->length < 4) { /* remove length */ 226 krb5_data_zero(rep); 227 free(s); 228 return -1; 229 } 230 rep->length -= 4; 231 _krb5_get_int(p, &rep_len, 4); 232 if (rep_len != rep->length) { 233 krb5_data_zero(rep); 234 free(s); 235 return -1; 236 } 237 memmove(rep->data, p + 4, rep->length); 238 } 239 return 0; 240 } 241 242 static int 243 init_port(const char *s, int fallback) 244 { 245 if (s) { 246 int tmp; 247 248 sscanf (s, "%d", &tmp); 249 return htons(tmp); 250 } else 251 return fallback; 252 } 253 254 /* 255 * Return 0 if succesful, otherwise 1 256 */ 257 258 static int 259 send_via_proxy (krb5_context context, 260 const krb5_krbhst_info *hi, 261 const krb5_data *send_data, 262 krb5_data *receive) 263 { 264 char *proxy2 = strdup(context->http_proxy); 265 char *proxy = proxy2; 266 char *prefix = NULL; 267 char *colon; 268 struct addrinfo hints; 269 struct addrinfo *ai, *a; 270 int ret; 271 krb5_socket_t s = rk_INVALID_SOCKET; 272 char portstr[NI_MAXSERV]; 273 274 if (proxy == NULL) 275 return ENOMEM; 276 if (strncmp (proxy, "http://", 7) == 0) 277 proxy += 7; 278 279 colon = strchr(proxy, ':'); 280 if(colon != NULL) 281 *colon++ = '\0'; 282 memset (&hints, 0, sizeof(hints)); 283 hints.ai_family = PF_UNSPEC; 284 hints.ai_socktype = SOCK_STREAM; 285 snprintf (portstr, sizeof(portstr), "%d", 286 ntohs(init_port (colon, htons(80)))); 287 ret = getaddrinfo (proxy, portstr, &hints, &ai); 288 free (proxy2); 289 if (ret) 290 return krb5_eai_to_heim_errno(ret, errno); 291 292 for (a = ai; a != NULL; a = a->ai_next) { 293 s = socket (a->ai_family, a->ai_socktype | SOCK_CLOEXEC, a->ai_protocol); 294 if (s < 0) 295 continue; 296 rk_cloexec(s); 297 if (connect (s, a->ai_addr, a->ai_addrlen) < 0) { 298 rk_closesocket (s); 299 continue; 300 } 301 break; 302 } 303 if (a == NULL) { 304 freeaddrinfo (ai); 305 return 1; 306 } 307 freeaddrinfo (ai); 308 309 ret = asprintf(&prefix, "http://%s/", hi->hostname); 310 if(ret < 0 || prefix == NULL) { 311 close(s); 312 return 1; 313 } 314 ret = send_and_recv_http(s, context->kdc_timeout, 315 prefix, send_data, receive); 316 rk_closesocket (s); 317 free(prefix); 318 if(ret == 0 && receive->length != 0) 319 return 0; 320 return 1; 321 } 322 323 static krb5_error_code 324 send_via_plugin(krb5_context context, 325 krb5_krbhst_info *hi, 326 time_t timeout, 327 const krb5_data *send_data, 328 krb5_data *receive) 329 { 330 struct krb5_plugin *list = NULL, *e; 331 krb5_error_code ret; 332 333 ret = _krb5_plugin_find(context, PLUGIN_TYPE_DATA, KRB5_PLUGIN_SEND_TO_KDC, &list); 334 if(ret != 0 || list == NULL) 335 return KRB5_PLUGIN_NO_HANDLE; 336 337 for (e = list; e != NULL; e = _krb5_plugin_get_next(e)) { 338 krb5plugin_send_to_kdc_ftable *service; 339 void *ctx; 340 341 service = _krb5_plugin_get_symbol(e); 342 if (service->minor_version != 0) 343 continue; 344 345 (*service->init)(context, &ctx); 346 ret = (*service->send_to_kdc)(context, ctx, hi, 347 timeout, send_data, receive); 348 (*service->fini)(ctx); 349 if (ret == 0) 350 break; 351 if (ret != KRB5_PLUGIN_NO_HANDLE) { 352 krb5_set_error_message(context, ret, 353 N_("Plugin send_to_kdc failed to " 354 "lookup with error: %d", ""), ret); 355 break; 356 } 357 } 358 _krb5_plugin_free(list); 359 return KRB5_PLUGIN_NO_HANDLE; 360 } 361 362 363 /* 364 * Send the data `send' to one host from `handle` and get back the reply 365 * in `receive'. 366 */ 367 368 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 369 krb5_sendto (krb5_context context, 370 const krb5_data *send_data, 371 krb5_krbhst_handle handle, 372 krb5_data *receive) 373 { 374 krb5_error_code ret; 375 krb5_socket_t fd; 376 int i; 377 378 krb5_data_zero(receive); 379 380 for (i = 0; i < context->max_retries; ++i) { 381 krb5_krbhst_info *hi; 382 383 while (krb5_krbhst_next(context, handle, &hi) == 0) { 384 struct addrinfo *ai, *a; 385 386 _krb5_debug(context, 2, 387 "trying to communicate with host %s in realm %s", 388 hi->hostname, _krb5_krbhst_get_realm(handle)); 389 390 if (context->send_to_kdc) { 391 struct send_to_kdc *s = context->send_to_kdc; 392 393 ret = (*s->func)(context, s->data, hi, 394 context->kdc_timeout, send_data, receive); 395 if (ret == 0 && receive->length != 0) 396 goto out; 397 continue; 398 } 399 400 ret = send_via_plugin(context, hi, context->kdc_timeout, 401 send_data, receive); 402 if (ret == 0 && receive->length != 0) 403 goto out; 404 else if (ret != KRB5_PLUGIN_NO_HANDLE) 405 continue; 406 407 if(hi->proto == KRB5_KRBHST_HTTP && context->http_proxy) { 408 if (send_via_proxy (context, hi, send_data, receive) == 0) { 409 ret = 0; 410 goto out; 411 } 412 continue; 413 } 414 415 ret = krb5_krbhst_get_addrinfo(context, hi, &ai); 416 if (ret) 417 continue; 418 419 for (a = ai; a != NULL; a = a->ai_next) { 420 fd = socket (a->ai_family, a->ai_socktype | SOCK_CLOEXEC, a->ai_protocol); 421 if (rk_IS_BAD_SOCKET(fd)) 422 continue; 423 rk_cloexec(fd); 424 if (connect (fd, a->ai_addr, a->ai_addrlen) < 0) { 425 rk_closesocket (fd); 426 continue; 427 } 428 switch (hi->proto) { 429 case KRB5_KRBHST_HTTP : 430 ret = send_and_recv_http(fd, context->kdc_timeout, 431 "", send_data, receive); 432 break; 433 case KRB5_KRBHST_TCP : 434 ret = send_and_recv_tcp (fd, context->kdc_timeout, 435 send_data, receive); 436 break; 437 case KRB5_KRBHST_UDP : 438 ret = send_and_recv_udp (fd, context->kdc_timeout, 439 send_data, receive); 440 break; 441 } 442 rk_closesocket (fd); 443 if(ret == 0 && receive->length != 0) 444 goto out; 445 } 446 } 447 krb5_krbhst_reset(context, handle); 448 } 449 krb5_clear_error_message (context); 450 ret = KRB5_KDC_UNREACH; 451 out: 452 _krb5_debug(context, 2, 453 "result of trying to talk to realm %s = %d", 454 _krb5_krbhst_get_realm(handle), ret); 455 return ret; 456 } 457 458 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 459 krb5_sendto_kdc(krb5_context context, 460 const krb5_data *send_data, 461 const krb5_realm *realm, 462 krb5_data *receive) 463 { 464 return krb5_sendto_kdc_flags(context, send_data, realm, receive, 0); 465 } 466 467 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 468 krb5_sendto_kdc_flags(krb5_context context, 469 const krb5_data *send_data, 470 const krb5_realm *realm, 471 krb5_data *receive, 472 int flags) 473 { 474 krb5_error_code ret; 475 krb5_sendto_ctx ctx; 476 477 ret = krb5_sendto_ctx_alloc(context, &ctx); 478 if (ret) 479 return ret; 480 krb5_sendto_ctx_add_flags(ctx, flags); 481 krb5_sendto_ctx_set_func(ctx, _krb5_kdc_retry, NULL); 482 483 ret = krb5_sendto_context(context, ctx, send_data, *realm, receive); 484 krb5_sendto_ctx_free(context, ctx); 485 return ret; 486 } 487 488 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 489 krb5_set_send_to_kdc_func(krb5_context context, 490 krb5_send_to_kdc_func func, 491 void *data) 492 { 493 free(context->send_to_kdc); 494 if (func == NULL) { 495 context->send_to_kdc = NULL; 496 return 0; 497 } 498 499 context->send_to_kdc = malloc(sizeof(*context->send_to_kdc)); 500 if (context->send_to_kdc == NULL) { 501 krb5_set_error_message(context, ENOMEM, 502 N_("malloc: out of memory", "")); 503 return ENOMEM; 504 } 505 506 context->send_to_kdc->func = func; 507 context->send_to_kdc->data = data; 508 return 0; 509 } 510 511 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 512 _krb5_copy_send_to_kdc_func(krb5_context context, krb5_context to) 513 { 514 if (context->send_to_kdc) 515 return krb5_set_send_to_kdc_func(to, 516 context->send_to_kdc->func, 517 context->send_to_kdc->data); 518 else 519 return krb5_set_send_to_kdc_func(to, NULL, NULL); 520 } 521 522 523 524 struct krb5_sendto_ctx_data { 525 int flags; 526 int type; 527 krb5_sendto_ctx_func func; 528 void *data; 529 }; 530 531 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 532 krb5_sendto_ctx_alloc(krb5_context context, krb5_sendto_ctx *ctx) 533 { 534 *ctx = calloc(1, sizeof(**ctx)); 535 if (*ctx == NULL) { 536 krb5_set_error_message(context, ENOMEM, 537 N_("malloc: out of memory", "")); 538 return ENOMEM; 539 } 540 return 0; 541 } 542 543 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 544 krb5_sendto_ctx_add_flags(krb5_sendto_ctx ctx, int flags) 545 { 546 ctx->flags |= flags; 547 } 548 549 KRB5_LIB_FUNCTION int KRB5_LIB_CALL 550 krb5_sendto_ctx_get_flags(krb5_sendto_ctx ctx) 551 { 552 return ctx->flags; 553 } 554 555 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 556 krb5_sendto_ctx_set_type(krb5_sendto_ctx ctx, int type) 557 { 558 ctx->type = type; 559 } 560 561 562 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 563 krb5_sendto_ctx_set_func(krb5_sendto_ctx ctx, 564 krb5_sendto_ctx_func func, 565 void *data) 566 { 567 ctx->func = func; 568 ctx->data = data; 569 } 570 571 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 572 krb5_sendto_ctx_free(krb5_context context, krb5_sendto_ctx ctx) 573 { 574 memset(ctx, 0, sizeof(*ctx)); 575 free(ctx); 576 } 577 578 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 579 krb5_sendto_context(krb5_context context, 580 krb5_sendto_ctx ctx, 581 const krb5_data *send_data, 582 const krb5_realm realm, 583 krb5_data *receive) 584 { 585 krb5_error_code ret; 586 krb5_krbhst_handle handle = NULL; 587 int type, freectx = 0; 588 int action; 589 590 krb5_data_zero(receive); 591 592 if (ctx == NULL) { 593 freectx = 1; 594 ret = krb5_sendto_ctx_alloc(context, &ctx); 595 if (ret) 596 return ret; 597 } 598 599 type = ctx->type; 600 if (type == 0) { 601 if ((ctx->flags & KRB5_KRBHST_FLAGS_MASTER) || context->use_admin_kdc) 602 type = KRB5_KRBHST_ADMIN; 603 else 604 type = KRB5_KRBHST_KDC; 605 } 606 607 if (send_data->length > context->large_msg_size) 608 ctx->flags |= KRB5_KRBHST_FLAGS_LARGE_MSG; 609 610 /* loop until we get back a appropriate response */ 611 612 do { 613 action = KRB5_SENDTO_DONE; 614 615 krb5_data_free(receive); 616 617 if (handle == NULL) { 618 ret = krb5_krbhst_init_flags(context, realm, type, 619 ctx->flags, &handle); 620 if (ret) { 621 if (freectx) 622 krb5_sendto_ctx_free(context, ctx); 623 return ret; 624 } 625 } 626 627 ret = krb5_sendto(context, send_data, handle, receive); 628 if (ret) 629 break; 630 if (ctx->func) { 631 ret = (*ctx->func)(context, ctx, ctx->data, receive, &action); 632 if (ret) 633 break; 634 } 635 if (action != KRB5_SENDTO_CONTINUE) { 636 krb5_krbhst_free(context, handle); 637 handle = NULL; 638 } 639 } while (action != KRB5_SENDTO_DONE); 640 if (handle) 641 krb5_krbhst_free(context, handle); 642 if (ret == KRB5_KDC_UNREACH) 643 krb5_set_error_message(context, ret, 644 N_("unable to reach any KDC in realm %s", ""), 645 realm); 646 if (ret) 647 krb5_data_free(receive); 648 if (freectx) 649 krb5_sendto_ctx_free(context, ctx); 650 return ret; 651 } 652 653 krb5_error_code KRB5_CALLCONV 654 _krb5_kdc_retry(krb5_context context, krb5_sendto_ctx ctx, void *data, 655 const krb5_data *reply, int *action) 656 { 657 krb5_error_code ret; 658 KRB_ERROR error; 659 660 if(krb5_rd_error(context, reply, &error)) 661 return 0; 662 663 ret = krb5_error_from_rd_error(context, &error, NULL); 664 krb5_free_error_contents(context, &error); 665 666 switch(ret) { 667 case KRB5KRB_ERR_RESPONSE_TOO_BIG: { 668 if (krb5_sendto_ctx_get_flags(ctx) & KRB5_KRBHST_FLAGS_LARGE_MSG) 669 break; 670 krb5_sendto_ctx_add_flags(ctx, KRB5_KRBHST_FLAGS_LARGE_MSG); 671 *action = KRB5_SENDTO_RESTART; 672 break; 673 } 674 case KRB5KDC_ERR_SVC_UNAVAILABLE: 675 *action = KRB5_SENDTO_CONTINUE; 676 break; 677 } 678 return 0; 679 } 680