10Sstevel@tonic-gate /*
2*11208SPeter.Shoults@Sun.COM * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
30Sstevel@tonic-gate * Use is subject to license terms.
40Sstevel@tonic-gate */
50Sstevel@tonic-gate
60Sstevel@tonic-gate #include <stdio.h>
70Sstevel@tonic-gate #include <stdlib.h> /* getenv, exit */
80Sstevel@tonic-gate #include <signal.h>
90Sstevel@tonic-gate #include <sys/types.h>
100Sstevel@tonic-gate #include <memory.h>
110Sstevel@tonic-gate #include <stropts.h>
120Sstevel@tonic-gate #include <netconfig.h>
130Sstevel@tonic-gate #include <sys/resource.h> /* rlimit */
140Sstevel@tonic-gate #include <syslog.h>
150Sstevel@tonic-gate
160Sstevel@tonic-gate #include <kadm5/admin.h>
170Sstevel@tonic-gate #include <kadm5/kadm_rpc.h>
180Sstevel@tonic-gate #include <kadm5/server_internal.h>
190Sstevel@tonic-gate #include <server_acl.h>
200Sstevel@tonic-gate #include <krb5/adm_proto.h>
210Sstevel@tonic-gate #include <string.h>
220Sstevel@tonic-gate #include <gssapi_krb5.h>
230Sstevel@tonic-gate #include <sys/socket.h>
240Sstevel@tonic-gate #include <netinet/in.h>
250Sstevel@tonic-gate #include <arpa/inet.h>
260Sstevel@tonic-gate #include <netdb.h>
270Sstevel@tonic-gate #include <libintl.h>
280Sstevel@tonic-gate #include <kdb/kdb_log.h>
290Sstevel@tonic-gate #include "misc.h"
300Sstevel@tonic-gate
310Sstevel@tonic-gate extern int setup_gss_names(struct svc_req *, char **, char **);
320Sstevel@tonic-gate extern gss_name_t get_clnt_name(struct svc_req *);
330Sstevel@tonic-gate extern char *client_addr(struct svc_req *, char *);
340Sstevel@tonic-gate extern void *global_server_handle;
350Sstevel@tonic-gate extern int nofork;
360Sstevel@tonic-gate extern short l_port;
370Sstevel@tonic-gate static char abuf[33];
380Sstevel@tonic-gate
390Sstevel@tonic-gate static char *reply_ok_str = "UPDATE_OK";
400Sstevel@tonic-gate static char *reply_err_str = "UPDATE_ERROR";
410Sstevel@tonic-gate static char *reply_fr_str = "UPDATE_FULL_RESYNC_NEEDED";
420Sstevel@tonic-gate static char *reply_busy_str = "UPDATE_BUSY";
430Sstevel@tonic-gate static char *reply_nil_str = "UPDATE_NIL";
440Sstevel@tonic-gate static char *reply_perm_str = "UPDATE_PERM_DENIED";
450Sstevel@tonic-gate static char *reply_unknown_str = "<UNKNOWN_CODE>";
460Sstevel@tonic-gate
470Sstevel@tonic-gate #define LOG_UNAUTH gettext("Unauthorized request: %s, %s, " \
480Sstevel@tonic-gate "client=%s, service=%s, addr=%s")
490Sstevel@tonic-gate #define LOG_DONE gettext("Request: %s, %s, %s, client=%s, " \
500Sstevel@tonic-gate "service=%s, addr=%s")
510Sstevel@tonic-gate
520Sstevel@tonic-gate #define KDB5_UTIL_DUMP_STR "/usr/sbin/kdb5_util dump -i "
530Sstevel@tonic-gate
540Sstevel@tonic-gate #ifdef DPRINT
550Sstevel@tonic-gate #undef DPRINT
560Sstevel@tonic-gate #endif
570Sstevel@tonic-gate #define DPRINT(i) if (nofork) printf i
580Sstevel@tonic-gate
59*11208SPeter.Shoults@Sun.COM #ifdef POSIX_SIGNALS
60*11208SPeter.Shoults@Sun.COM static struct sigaction s_action;
61*11208SPeter.Shoults@Sun.COM #endif /* POSIX_SIGNALS */
620Sstevel@tonic-gate
630Sstevel@tonic-gate static void
debprret(char * w,update_status_t ret,kdb_sno_t sno)640Sstevel@tonic-gate debprret(char *w, update_status_t ret, kdb_sno_t sno)
650Sstevel@tonic-gate {
660Sstevel@tonic-gate switch (ret) {
670Sstevel@tonic-gate case UPDATE_OK:
680Sstevel@tonic-gate printf("%s: end (OK, sno=%u)\n",
690Sstevel@tonic-gate w, sno);
700Sstevel@tonic-gate break;
710Sstevel@tonic-gate case UPDATE_ERROR:
720Sstevel@tonic-gate printf("%s: end (ERROR)\n", w);
730Sstevel@tonic-gate break;
740Sstevel@tonic-gate case UPDATE_FULL_RESYNC_NEEDED:
750Sstevel@tonic-gate printf("%s: end (FR NEEDED)\n", w);
760Sstevel@tonic-gate break;
770Sstevel@tonic-gate case UPDATE_BUSY:
780Sstevel@tonic-gate printf("%s: end (BUSY)\n", w);
790Sstevel@tonic-gate break;
800Sstevel@tonic-gate case UPDATE_NIL:
810Sstevel@tonic-gate printf("%s: end (NIL)\n", w);
820Sstevel@tonic-gate break;
830Sstevel@tonic-gate case UPDATE_PERM_DENIED:
840Sstevel@tonic-gate printf("%s: end (PERM)\n", w);
850Sstevel@tonic-gate break;
860Sstevel@tonic-gate default:
870Sstevel@tonic-gate printf("%s: end (UNKNOWN return code (%d))\n", w, ret);
880Sstevel@tonic-gate }
890Sstevel@tonic-gate }
900Sstevel@tonic-gate
910Sstevel@tonic-gate static char *
replystr(update_status_t ret)920Sstevel@tonic-gate replystr(update_status_t ret)
930Sstevel@tonic-gate {
940Sstevel@tonic-gate switch (ret) {
950Sstevel@tonic-gate case UPDATE_OK:
960Sstevel@tonic-gate return (reply_ok_str);
970Sstevel@tonic-gate case UPDATE_ERROR:
980Sstevel@tonic-gate return (reply_err_str);
990Sstevel@tonic-gate case UPDATE_FULL_RESYNC_NEEDED:
1000Sstevel@tonic-gate return (reply_fr_str);
1010Sstevel@tonic-gate case UPDATE_BUSY:
1020Sstevel@tonic-gate return (reply_busy_str);
1030Sstevel@tonic-gate case UPDATE_NIL:
1040Sstevel@tonic-gate return (reply_nil_str);
1050Sstevel@tonic-gate case UPDATE_PERM_DENIED:
1060Sstevel@tonic-gate return (reply_perm_str);
1070Sstevel@tonic-gate default:
1080Sstevel@tonic-gate return (reply_unknown_str);
1090Sstevel@tonic-gate }
1100Sstevel@tonic-gate }
1110Sstevel@tonic-gate
1120Sstevel@tonic-gate kdb_incr_result_t *
iprop_get_updates_1(kdb_last_t * arg,struct svc_req * rqstp)1130Sstevel@tonic-gate iprop_get_updates_1(kdb_last_t *arg, struct svc_req *rqstp)
1140Sstevel@tonic-gate {
1150Sstevel@tonic-gate static kdb_incr_result_t ret;
1160Sstevel@tonic-gate char *whoami = "iprop_get_updates_1";
1170Sstevel@tonic-gate int kret;
1180Sstevel@tonic-gate kadm5_server_handle_t handle = global_server_handle;
1190Sstevel@tonic-gate char *client_name = NULL, *service_name = NULL;
1200Sstevel@tonic-gate gss_name_t name = NULL;
1210Sstevel@tonic-gate OM_uint32 min_stat;
1220Sstevel@tonic-gate char obuf[256] = {0};
1230Sstevel@tonic-gate
1240Sstevel@tonic-gate /* default return code */
1250Sstevel@tonic-gate ret.ret = UPDATE_ERROR;
1260Sstevel@tonic-gate
1270Sstevel@tonic-gate DPRINT(("%s: start, last_sno=%u\n", whoami, (ulong_t)arg->last_sno));
1280Sstevel@tonic-gate
1290Sstevel@tonic-gate if (!handle) {
1300Sstevel@tonic-gate krb5_klog_syslog(LOG_ERR,
1310Sstevel@tonic-gate gettext("%s: server handle is NULL"),
1320Sstevel@tonic-gate whoami);
1330Sstevel@tonic-gate goto out;
1340Sstevel@tonic-gate }
1350Sstevel@tonic-gate
1360Sstevel@tonic-gate if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
1370Sstevel@tonic-gate krb5_klog_syslog(LOG_ERR,
1380Sstevel@tonic-gate gettext("%s: setup_gss_names failed"),
1390Sstevel@tonic-gate whoami);
1400Sstevel@tonic-gate goto out;
1410Sstevel@tonic-gate }
1420Sstevel@tonic-gate
1430Sstevel@tonic-gate DPRINT(("%s: clprinc=`%s'\n\tsvcprinc=`%s'\n",
1440Sstevel@tonic-gate whoami, client_name, service_name));
1450Sstevel@tonic-gate
1460Sstevel@tonic-gate if (!(name = get_clnt_name(rqstp))) {
1470Sstevel@tonic-gate krb5_klog_syslog(LOG_ERR,
1480Sstevel@tonic-gate gettext("%s: Couldn't obtain client's name"),
1490Sstevel@tonic-gate whoami);
1500Sstevel@tonic-gate goto out;
1510Sstevel@tonic-gate }
1522881Smp153739 if (!kadm5int_acl_check(handle->context,
1530Sstevel@tonic-gate name,
1540Sstevel@tonic-gate ACL_IPROP,
1550Sstevel@tonic-gate NULL,
1560Sstevel@tonic-gate NULL)) {
1570Sstevel@tonic-gate ret.ret = UPDATE_PERM_DENIED;
1580Sstevel@tonic-gate
1590Sstevel@tonic-gate audit_kadmind_unauth(rqstp->rq_xprt, l_port,
1600Sstevel@tonic-gate whoami,
1610Sstevel@tonic-gate "<null>", client_name);
1620Sstevel@tonic-gate krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, whoami,
1630Sstevel@tonic-gate "<null>", client_name, service_name,
1640Sstevel@tonic-gate client_addr(rqstp, abuf));
1650Sstevel@tonic-gate goto out;
1660Sstevel@tonic-gate }
1670Sstevel@tonic-gate
1680Sstevel@tonic-gate kret = ulog_get_entries(handle->context, *arg, &ret);
1690Sstevel@tonic-gate
1700Sstevel@tonic-gate if (ret.ret == UPDATE_OK) {
1710Sstevel@tonic-gate (void) snprintf(obuf, sizeof (obuf),
1720Sstevel@tonic-gate gettext("%s; Incoming SerialNo=%u; Outgoing SerialNo=%u"),
1730Sstevel@tonic-gate replystr(ret.ret),
1740Sstevel@tonic-gate (ulong_t)arg->last_sno,
1750Sstevel@tonic-gate (ulong_t)ret.lastentry.last_sno);
1760Sstevel@tonic-gate } else {
1770Sstevel@tonic-gate (void) snprintf(obuf, sizeof (obuf),
1780Sstevel@tonic-gate gettext("%s; Incoming SerialNo=%u; Outgoing SerialNo=N/A"),
1790Sstevel@tonic-gate replystr(ret.ret),
1800Sstevel@tonic-gate (ulong_t)arg->last_sno);
1810Sstevel@tonic-gate }
1820Sstevel@tonic-gate
1830Sstevel@tonic-gate audit_kadmind_auth(rqstp->rq_xprt, l_port,
1840Sstevel@tonic-gate whoami,
1850Sstevel@tonic-gate obuf, client_name, kret);
1860Sstevel@tonic-gate
1870Sstevel@tonic-gate krb5_klog_syslog(LOG_NOTICE, LOG_DONE, whoami,
1880Sstevel@tonic-gate obuf,
1890Sstevel@tonic-gate ((kret == 0) ? "success" : error_message(kret)),
1900Sstevel@tonic-gate client_name, service_name,
1910Sstevel@tonic-gate client_addr(rqstp, abuf));
1920Sstevel@tonic-gate
1930Sstevel@tonic-gate out:
1940Sstevel@tonic-gate if (nofork)
1950Sstevel@tonic-gate debprret(whoami, ret.ret, ret.lastentry.last_sno);
1960Sstevel@tonic-gate if (client_name)
1970Sstevel@tonic-gate free(client_name);
1980Sstevel@tonic-gate if (service_name)
1990Sstevel@tonic-gate free(service_name);
2000Sstevel@tonic-gate if (name)
2010Sstevel@tonic-gate gss_release_name(&min_stat, &name);
2020Sstevel@tonic-gate return (&ret);
2030Sstevel@tonic-gate }
2040Sstevel@tonic-gate
2050Sstevel@tonic-gate
2060Sstevel@tonic-gate /*
2070Sstevel@tonic-gate * Given a client princ (foo/fqdn@R), copy (in arg cl) the fqdn substring.
2080Sstevel@tonic-gate * Return arg cl str ptr on success, else NULL.
2090Sstevel@tonic-gate */
2100Sstevel@tonic-gate static char *
getclhoststr(char * clprinc,char * cl,int len)2110Sstevel@tonic-gate getclhoststr(char *clprinc, char *cl, int len)
2120Sstevel@tonic-gate {
2130Sstevel@tonic-gate char *s;
2140Sstevel@tonic-gate if (s = strchr(clprinc, '/')) {
2150Sstevel@tonic-gate if (!++s || strlcpy(cl, s, len) >= len) {
2160Sstevel@tonic-gate return (NULL);
2170Sstevel@tonic-gate }
2180Sstevel@tonic-gate if (s = strchr(cl, '@')) {
2190Sstevel@tonic-gate *s = '\0';
2200Sstevel@tonic-gate return (cl); /* success */
2210Sstevel@tonic-gate }
2220Sstevel@tonic-gate }
2230Sstevel@tonic-gate
2240Sstevel@tonic-gate return (NULL);
2250Sstevel@tonic-gate }
2260Sstevel@tonic-gate
2270Sstevel@tonic-gate kdb_fullresync_result_t *
iprop_full_resync_1(void * argp,struct svc_req * rqstp)2280Sstevel@tonic-gate iprop_full_resync_1(
2290Sstevel@tonic-gate /* LINTED */
2300Sstevel@tonic-gate void *argp,
2310Sstevel@tonic-gate struct svc_req *rqstp)
2320Sstevel@tonic-gate {
2330Sstevel@tonic-gate static kdb_fullresync_result_t ret;
2340Sstevel@tonic-gate char tmpf[MAX_FILENAME] = {0};
2350Sstevel@tonic-gate char ubuf[MAX_FILENAME + sizeof (KDB5_UTIL_DUMP_STR)] = {0};
2360Sstevel@tonic-gate char clhost[MAXHOSTNAMELEN] = {0};
2370Sstevel@tonic-gate int pret, fret;
2380Sstevel@tonic-gate kadm5_server_handle_t handle = global_server_handle;
2390Sstevel@tonic-gate OM_uint32 min_stat;
2400Sstevel@tonic-gate gss_name_t name = NULL;
2410Sstevel@tonic-gate char *client_name = NULL, *service_name = NULL;
2420Sstevel@tonic-gate char *whoami = "iprop_full_resync_1";
2430Sstevel@tonic-gate
2440Sstevel@tonic-gate /* default return code */
2450Sstevel@tonic-gate ret.ret = UPDATE_ERROR;
2460Sstevel@tonic-gate
2470Sstevel@tonic-gate if (!handle) {
2480Sstevel@tonic-gate krb5_klog_syslog(LOG_ERR,
2490Sstevel@tonic-gate gettext("%s: server handle is NULL"),
2500Sstevel@tonic-gate whoami);
2510Sstevel@tonic-gate goto out;
2520Sstevel@tonic-gate }
2530Sstevel@tonic-gate
2540Sstevel@tonic-gate DPRINT(("%s: start\n", whoami));
2550Sstevel@tonic-gate
2560Sstevel@tonic-gate if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
2570Sstevel@tonic-gate krb5_klog_syslog(LOG_ERR,
2580Sstevel@tonic-gate gettext("%s: setup_gss_names failed"),
2590Sstevel@tonic-gate whoami);
2600Sstevel@tonic-gate goto out;
2610Sstevel@tonic-gate }
2620Sstevel@tonic-gate
2630Sstevel@tonic-gate DPRINT(("%s: clprinc=`%s'\n\tsvcprinc=`%s'\n",
2640Sstevel@tonic-gate whoami, client_name, service_name));
2650Sstevel@tonic-gate
2660Sstevel@tonic-gate if (!(name = get_clnt_name(rqstp))) {
2670Sstevel@tonic-gate krb5_klog_syslog(LOG_ERR,
2680Sstevel@tonic-gate gettext("%s: Couldn't obtain client's name"),
2690Sstevel@tonic-gate whoami);
2700Sstevel@tonic-gate goto out;
2710Sstevel@tonic-gate }
2722881Smp153739 if (!kadm5int_acl_check(handle->context,
2730Sstevel@tonic-gate name,
2740Sstevel@tonic-gate ACL_IPROP,
2750Sstevel@tonic-gate NULL,
2760Sstevel@tonic-gate NULL)) {
2770Sstevel@tonic-gate ret.ret = UPDATE_PERM_DENIED;
2780Sstevel@tonic-gate
2790Sstevel@tonic-gate audit_kadmind_unauth(rqstp->rq_xprt, l_port,
2800Sstevel@tonic-gate whoami,
2810Sstevel@tonic-gate "<null>", client_name);
2820Sstevel@tonic-gate krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, whoami,
2830Sstevel@tonic-gate "<null>", client_name, service_name,
2840Sstevel@tonic-gate client_addr(rqstp, abuf));
2850Sstevel@tonic-gate goto out;
2860Sstevel@tonic-gate }
2870Sstevel@tonic-gate
2880Sstevel@tonic-gate if (!getclhoststr(client_name, clhost, sizeof (clhost))) {
2890Sstevel@tonic-gate krb5_klog_syslog(LOG_ERR,
2900Sstevel@tonic-gate gettext("%s: getclhoststr failed"),
2910Sstevel@tonic-gate whoami);
2920Sstevel@tonic-gate goto out;
2930Sstevel@tonic-gate }
2940Sstevel@tonic-gate
2950Sstevel@tonic-gate /*
2960Sstevel@tonic-gate * construct db dump file name; kprop style name + clnt fqdn
2970Sstevel@tonic-gate */
2980Sstevel@tonic-gate (void) strcpy(tmpf, "/var/krb5/slave_datatrans_");
2990Sstevel@tonic-gate if (strlcat(tmpf, clhost, sizeof (tmpf)) >= sizeof (tmpf)) {
3000Sstevel@tonic-gate krb5_klog_syslog(LOG_ERR,
3010Sstevel@tonic-gate gettext("%s: db dump file name too long; max length=%d"),
3020Sstevel@tonic-gate whoami,
3030Sstevel@tonic-gate (sizeof (tmpf) - 1));
3040Sstevel@tonic-gate goto out;
3050Sstevel@tonic-gate }
3060Sstevel@tonic-gate
3070Sstevel@tonic-gate /*
3080Sstevel@tonic-gate * note the -i; modified version of kdb5_util dump format
3090Sstevel@tonic-gate * to include sno (serial number)
3100Sstevel@tonic-gate */
3110Sstevel@tonic-gate if (strlcpy(ubuf, KDB5_UTIL_DUMP_STR, sizeof (ubuf)) >=
3120Sstevel@tonic-gate sizeof (ubuf)) {
3130Sstevel@tonic-gate goto out;
3140Sstevel@tonic-gate }
3150Sstevel@tonic-gate if (strlcat(ubuf, tmpf, sizeof (ubuf)) >= sizeof (ubuf)) {
3160Sstevel@tonic-gate krb5_klog_syslog(LOG_ERR,
3170Sstevel@tonic-gate gettext("%s: kdb5 util dump string too long; max length=%d"),
3180Sstevel@tonic-gate whoami,
3190Sstevel@tonic-gate (sizeof (ubuf) - 1));
3200Sstevel@tonic-gate goto out;
3210Sstevel@tonic-gate }
3220Sstevel@tonic-gate
3230Sstevel@tonic-gate /*
3240Sstevel@tonic-gate * Fork to dump the db and xfer it to the slave.
3250Sstevel@tonic-gate * (the fork allows parent to return quickly and the child
3260Sstevel@tonic-gate * acts like a callback to the slave).
3270Sstevel@tonic-gate */
3280Sstevel@tonic-gate fret = fork();
3290Sstevel@tonic-gate DPRINT(("%s: fork=%d (%d)\n", whoami, fret, getpid()));
3300Sstevel@tonic-gate
3310Sstevel@tonic-gate switch (fret) {
3320Sstevel@tonic-gate case -1: /* error */
3330Sstevel@tonic-gate if (nofork) {
3340Sstevel@tonic-gate perror(whoami);
3350Sstevel@tonic-gate }
3360Sstevel@tonic-gate krb5_klog_syslog(LOG_ERR,
3370Sstevel@tonic-gate gettext("%s: fork failed: %s"),
3380Sstevel@tonic-gate whoami,
3390Sstevel@tonic-gate error_message(errno));
3400Sstevel@tonic-gate goto out;
3410Sstevel@tonic-gate
3420Sstevel@tonic-gate case 0: /* child */
3430Sstevel@tonic-gate DPRINT(("%s: run `%s' ...\n", whoami, ubuf));
344*11208SPeter.Shoults@Sun.COM #ifdef POSIX_SIGNALS
345*11208SPeter.Shoults@Sun.COM (void) sigemptyset(&s_action.sa_mask);
346*11208SPeter.Shoults@Sun.COM s_action.sa_handler = SIG_DFL;
347*11208SPeter.Shoults@Sun.COM (void) sigaction(SIGCHLD, &s_action, (struct sigaction *) NULL);
348*11208SPeter.Shoults@Sun.COM #else
3490Sstevel@tonic-gate (void) signal(SIGCHLD, SIG_DFL);
350*11208SPeter.Shoults@Sun.COM #endif /* POSIX_SIGNALS */
3510Sstevel@tonic-gate /* run kdb5_util(1M) dump for IProp */
3520Sstevel@tonic-gate pret = pclose(popen(ubuf, "w"));
3530Sstevel@tonic-gate DPRINT(("%s: pclose=%d\n", whoami, pret));
3540Sstevel@tonic-gate if (pret == -1) {
3550Sstevel@tonic-gate if (nofork) {
3560Sstevel@tonic-gate perror(whoami);
3570Sstevel@tonic-gate }
3580Sstevel@tonic-gate krb5_klog_syslog(LOG_ERR,
3590Sstevel@tonic-gate gettext("%s: pclose(popen) failed: %s"),
3600Sstevel@tonic-gate whoami,
3610Sstevel@tonic-gate error_message(errno));
3620Sstevel@tonic-gate goto out;
3630Sstevel@tonic-gate }
3640Sstevel@tonic-gate
3650Sstevel@tonic-gate DPRINT(("%s: exec `kprop -f %s %s' ...\n",
3660Sstevel@tonic-gate whoami, tmpf, clhost));
3670Sstevel@tonic-gate pret = execl("/usr/lib/krb5/kprop", "kprop", "-f", tmpf,
3680Sstevel@tonic-gate clhost, NULL);
3690Sstevel@tonic-gate if (pret == -1) {
3700Sstevel@tonic-gate if (nofork) {
3710Sstevel@tonic-gate perror(whoami);
3720Sstevel@tonic-gate }
3730Sstevel@tonic-gate krb5_klog_syslog(LOG_ERR,
3740Sstevel@tonic-gate gettext("%s: exec failed: %s"),
3750Sstevel@tonic-gate whoami,
3760Sstevel@tonic-gate error_message(errno));
3770Sstevel@tonic-gate goto out;
3780Sstevel@tonic-gate }
3790Sstevel@tonic-gate
3800Sstevel@tonic-gate default: /* parent */
3810Sstevel@tonic-gate ret.ret = UPDATE_OK;
3820Sstevel@tonic-gate /* not used by slave (sno is retrieved from kdb5_util dump) */
3830Sstevel@tonic-gate ret.lastentry.last_sno = 0;
3840Sstevel@tonic-gate ret.lastentry.last_time.seconds = 0;
3850Sstevel@tonic-gate ret.lastentry.last_time.useconds = 0;
3860Sstevel@tonic-gate
3870Sstevel@tonic-gate audit_kadmind_auth(rqstp->rq_xprt, l_port,
3880Sstevel@tonic-gate whoami,
3890Sstevel@tonic-gate "<null>", client_name, 0);
3900Sstevel@tonic-gate
3910Sstevel@tonic-gate krb5_klog_syslog(LOG_NOTICE, LOG_DONE, whoami,
3920Sstevel@tonic-gate "<null>",
3930Sstevel@tonic-gate "success",
3940Sstevel@tonic-gate client_name, service_name,
3950Sstevel@tonic-gate client_addr(rqstp, abuf));
3960Sstevel@tonic-gate
3970Sstevel@tonic-gate goto out;
3980Sstevel@tonic-gate }
3990Sstevel@tonic-gate
4000Sstevel@tonic-gate out:
4010Sstevel@tonic-gate if (nofork)
4020Sstevel@tonic-gate debprret(whoami, ret.ret, 0);
4030Sstevel@tonic-gate if (client_name)
4040Sstevel@tonic-gate free(client_name);
4050Sstevel@tonic-gate if (service_name)
4060Sstevel@tonic-gate free(service_name);
4070Sstevel@tonic-gate if (name)
4080Sstevel@tonic-gate gss_release_name(&min_stat, &name);
4090Sstevel@tonic-gate return (&ret);
4100Sstevel@tonic-gate }
4110Sstevel@tonic-gate
4120Sstevel@tonic-gate void
krb5_iprop_prog_1(struct svc_req * rqstp,register SVCXPRT * transp)4130Sstevel@tonic-gate krb5_iprop_prog_1(
4140Sstevel@tonic-gate struct svc_req *rqstp,
4150Sstevel@tonic-gate register SVCXPRT *transp)
4160Sstevel@tonic-gate {
4170Sstevel@tonic-gate union {
4180Sstevel@tonic-gate kdb_last_t iprop_get_updates_1_arg;
4190Sstevel@tonic-gate } argument;
4200Sstevel@tonic-gate char *result;
4210Sstevel@tonic-gate bool_t (*_xdr_argument)(), (*_xdr_result)();
4220Sstevel@tonic-gate char *(*local)();
4230Sstevel@tonic-gate char *whoami = "krb5_iprop_prog_1";
4240Sstevel@tonic-gate
4250Sstevel@tonic-gate switch (rqstp->rq_proc) {
4260Sstevel@tonic-gate case NULLPROC:
4270Sstevel@tonic-gate (void) svc_sendreply(transp, xdr_void,
4280Sstevel@tonic-gate (char *)NULL);
4290Sstevel@tonic-gate return;
4300Sstevel@tonic-gate
4310Sstevel@tonic-gate case IPROP_GET_UPDATES:
4320Sstevel@tonic-gate _xdr_argument = xdr_kdb_last_t;
4330Sstevel@tonic-gate _xdr_result = xdr_kdb_incr_result_t;
4340Sstevel@tonic-gate local = (char *(*)()) iprop_get_updates_1;
4350Sstevel@tonic-gate break;
4360Sstevel@tonic-gate
4370Sstevel@tonic-gate case IPROP_FULL_RESYNC:
4380Sstevel@tonic-gate _xdr_argument = xdr_void;
4390Sstevel@tonic-gate _xdr_result = xdr_kdb_fullresync_result_t;
4400Sstevel@tonic-gate local = (char *(*)()) iprop_full_resync_1;
4410Sstevel@tonic-gate break;
4420Sstevel@tonic-gate
4430Sstevel@tonic-gate default:
4440Sstevel@tonic-gate krb5_klog_syslog(LOG_ERR,
4450Sstevel@tonic-gate gettext("RPC unknown request: %d (%s)"),
4460Sstevel@tonic-gate rqstp->rq_proc, whoami);
4470Sstevel@tonic-gate svcerr_noproc(transp);
4480Sstevel@tonic-gate return;
4490Sstevel@tonic-gate }
4500Sstevel@tonic-gate (void) memset((char *)&argument, 0, sizeof (argument));
4510Sstevel@tonic-gate if (!svc_getargs(transp, _xdr_argument, (caddr_t)&argument)) {
4520Sstevel@tonic-gate krb5_klog_syslog(LOG_ERR,
4530Sstevel@tonic-gate gettext("RPC svc_getargs failed (%s)"),
4540Sstevel@tonic-gate whoami);
4550Sstevel@tonic-gate svcerr_decode(transp);
4560Sstevel@tonic-gate return;
4570Sstevel@tonic-gate }
4580Sstevel@tonic-gate result = (*local)(&argument, rqstp);
4590Sstevel@tonic-gate
4600Sstevel@tonic-gate if (_xdr_result && result != NULL &&
4610Sstevel@tonic-gate !svc_sendreply(transp, _xdr_result, result)) {
4620Sstevel@tonic-gate krb5_klog_syslog(LOG_ERR,
4630Sstevel@tonic-gate gettext("RPC svc_sendreply failed (%s)"),
4640Sstevel@tonic-gate whoami);
4650Sstevel@tonic-gate svcerr_systemerr(transp);
4660Sstevel@tonic-gate }
4670Sstevel@tonic-gate if (!svc_freeargs(transp, _xdr_argument, (caddr_t)&argument)) {
4680Sstevel@tonic-gate krb5_klog_syslog(LOG_ERR,
4690Sstevel@tonic-gate gettext("RPC svc_freeargs failed (%s)"),
4700Sstevel@tonic-gate whoami);
4710Sstevel@tonic-gate
4720Sstevel@tonic-gate exit(1);
4730Sstevel@tonic-gate }
4740Sstevel@tonic-gate
4750Sstevel@tonic-gate if (rqstp->rq_proc == IPROP_GET_UPDATES) {
4760Sstevel@tonic-gate /* LINTED */
4770Sstevel@tonic-gate kdb_incr_result_t *r = (kdb_incr_result_t *)result;
4780Sstevel@tonic-gate
4790Sstevel@tonic-gate if (r->ret == UPDATE_OK) {
4800Sstevel@tonic-gate ulog_free_entries(r->updates.kdb_ulog_t_val,
4810Sstevel@tonic-gate r->updates.kdb_ulog_t_len);
4820Sstevel@tonic-gate r->updates.kdb_ulog_t_val = NULL;
4830Sstevel@tonic-gate r->updates.kdb_ulog_t_len = 0;
4840Sstevel@tonic-gate }
4850Sstevel@tonic-gate }
4860Sstevel@tonic-gate
4870Sstevel@tonic-gate }
4880Sstevel@tonic-gate
4890Sstevel@tonic-gate /*
4900Sstevel@tonic-gate * Get the host base service name for the kiprop principal. Returns
4910Sstevel@tonic-gate * KADM5_OK on success. Caller must free the storage allocated for
4920Sstevel@tonic-gate * host_service_name.
4930Sstevel@tonic-gate */
4940Sstevel@tonic-gate kadm5_ret_t
kiprop_get_adm_host_srv_name(krb5_context context,const char * realm,char ** host_service_name)4950Sstevel@tonic-gate kiprop_get_adm_host_srv_name(
4960Sstevel@tonic-gate krb5_context context,
4970Sstevel@tonic-gate const char *realm,
4980Sstevel@tonic-gate char **host_service_name)
4990Sstevel@tonic-gate {
5000Sstevel@tonic-gate kadm5_ret_t ret;
5010Sstevel@tonic-gate char *name;
5020Sstevel@tonic-gate char *host;
5030Sstevel@tonic-gate
5040Sstevel@tonic-gate if (ret = kadm5_get_master(context, realm, &host))
5050Sstevel@tonic-gate return (ret);
5060Sstevel@tonic-gate
5070Sstevel@tonic-gate name = malloc(strlen(KIPROP_SVC_NAME)+ strlen(host) + 2);
5080Sstevel@tonic-gate if (name == NULL) {
5090Sstevel@tonic-gate free(host);
5100Sstevel@tonic-gate return (ENOMEM);
5110Sstevel@tonic-gate }
5120Sstevel@tonic-gate (void) sprintf(name, "%s@%s", KIPROP_SVC_NAME, host);
5130Sstevel@tonic-gate free(host);
5140Sstevel@tonic-gate *host_service_name = name;
5150Sstevel@tonic-gate
5160Sstevel@tonic-gate return (KADM5_OK);
5170Sstevel@tonic-gate }
518