xref: /onnv-gate/usr/src/cmd/krb5/slave/kpropd.c (revision 9033:9ae57594b26c)

/*
 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 *
 * All rights reserved.
 *
 * Export of this software from the United States of America may require
 * a specific license from the United States Government.  It is the
 * responsibility of any person or organization contemplating export to
 * obtain such a license before exporting.
 *
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
 * distribute this software and its documentation for any purpose and
 * without fee is hereby granted, provided that the above copyright
 * notice appear in all copies and that both that copyright notice and
 * this permission notice appear in supporting documentation, and that
 * the name of FundsXpress. not be used in advertising or publicity pertaining
 * to distribution of the software without specific, written prior
 * permission.  FundsXpress makes no representations about the suitability of
 * this software for any purpose.  It is provided "as is" without express
 * or implied warranty.
 *
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 */

/*
 * slave/kpropd.c
 *
 * Copyright 1990,1991 by the Massachusetts Institute of Technology.
 * All Rights Reserved.
 *
 * Export of this software from the United States of America may
 *   require a specific license from the United States Government.
 *   It is the responsibility of any person or organization contemplating
 *   export to obtain such a license before exporting.
 *
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
 * distribute this software and its documentation for any purpose and
 * without fee is hereby granted, provided that the above copyright
 * notice appear in all copies and that both that copyright notice and
 * this permission notice appear in supporting documentation, and that
 * the name of M.I.T. not be used in advertising or publicity pertaining
 * to distribution of the software without specific, written prior
 * permission.  Furthermore if you modify this software you must label
 * your software as modified software and not distribute it in such a
 * fashion that it might be confused with the original M.I.T. software.
 * M.I.T. makes no representations about the suitability of
 * this software for any purpose.  It is provided "as is" without express
 * or implied warranty.
 *
 *
 * XXX We need to modify the protocol so that an acknowledge is set
 * after each block, instead after the entire series is sent over.
 * The reason for this is so that error packets can get interpreted
 * right away.  If you don't do this, the sender may never get the
 * error packet, because it will die an EPIPE trying to complete the
 * write...
 */


#include <stdio.h>
#include <ctype.h>
#include <sys/file.h>
#include <signal.h>
#include <string.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/stat.h>
#include <sys/socket.h>
#include <sys/wait.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/param.h>
#include <netdb.h>
#include <syslog.h>
#include <libintl.h>
#include <locale.h>
#include <k5-int.h>
#include <socket-utils.h>
#include "com_err.h"
#include <errno.h>

#include "kprop.h"
#include <iprop_hdr.h>
#include "iprop.h"
#include <kadm5/admin.h>
#include <kdb/kdb_log.h>

/* Solaris Kerberos */
#include <libgen.h>

#define SYSLOG_CLASS LOG_DAEMON
#define	INITIAL_TIMER 10

char *poll_time = NULL;
char *def_realm = NULL;
boolean_t runonce = B_FALSE;

/*
 * Global fd to close upon alarm time-out.
 */
volatile int gfd = -1;

/*
 * This struct simulates the use of _kadm5_server_handle_t
 */
typedef struct _kadm5_iprop_handle_t {
	krb5_ui_4	magic_number;
	krb5_ui_4	struct_version;
	krb5_ui_4	api_version;
	char 		*cache_name;
	int		destroy_cache;
	CLIENT		*clnt;
	krb5_context	context;
	kadm5_config_params params;
	struct _kadm5_iprop_handle_t *lhandle;
} *kadm5_iprop_handle_t;

static char *kprop_version = KPROP_PROT_VERSION;

char	*progname;
int     debug = 0;
char	*srvtab = 0;
int	standalone = 0;

krb5_principal	server;		/* This is our server principal name */
krb5_principal	client;		/* This is who we're talking to */
krb5_context kpropd_context;
krb5_auth_context auth_context;
char	*realm = NULL;		/* Our realm */
char	*file = KPROPD_DEFAULT_FILE;
char	*temp_file_name;
char	*kdb5_util = KPROPD_DEFAULT_KDB5_UTIL;
char	*kerb_database = NULL;
char	*acl_file_name = KPROPD_ACL_FILE;

krb5_address	sender_addr;
krb5_address	receiver_addr;
short 		port = 0;

void	PRS
	 (int, char**);
int	do_standalone
	 (iprop_role iproprole);
void	doit
	(int);
krb5_error_code	do_iprop(kdb_log_context *log_ctx);

/* Solaris Kerberos */
void	kerberos_authenticate
	(krb5_context,
		   int,
		   krb5_principal *,
		   krb5_enctype *,
		   struct sockaddr_storage *);
krb5_boolean authorized_principal
	(krb5_context,
    		   krb5_principal,
		   krb5_enctype);
void	recv_database
	(krb5_context,
		   int,
		   int,
		   krb5_data *);
void	load_database
	(krb5_context,
    		   char *,
    		   char *);
void	send_error
	(krb5_context,
    		   int,
		   krb5_error_code,
    		   char	*);
void	recv_error
	(krb5_context,
    		   krb5_data *);
int	convert_polltime
	(char *);
unsigned int	backoff_from_master
	(int *);

static void usage()
{
	fprintf(stderr,
		gettext("\nUsage: %s\n"), /* progname may be a long pathname */
		progname);

	fprintf(stderr,
		gettext("\t[-r realm] [-s srvtab] [-dS] [-f slave_file]\n"));

	fprintf(stderr,
		gettext("\t[-F kerberos_db_file ] [-p kdb5_util_pathname]\n"));

	fprintf(stderr, gettext("\t[-P port] [-a acl_file]\n"));

	exit(1);
}

int
main(argc, argv)
	int	argc;
	char	**argv;
{
	krb5_error_code retval;
	int ret = 0;
	kdb_log_context	*log_ctx;
	int iprop_supported;
	krb5_boolean is_master = FALSE;

	PRS(argc, argv);

	log_ctx = kpropd_context->kdblog_context;

	if (log_ctx && (log_ctx->iproprole == IPROP_SLAVE)) {
		/*
		 * We wanna do iprop !
		 */
		retval = krb5_db_supports_iprop(kpropd_context,
		    &iprop_supported);
		if (retval) {
			/* Solaris Kerberos: Keep error messages consistent */
			com_err(progname, retval,
				gettext("while determining if dbmodule plugin "
					    "supports iprop"));
			exit(1);
		}
		if (!iprop_supported) {
			/* Solaris Kerberos: Keep error messages consistent */
			com_err(progname, 0,
				gettext("Current dbmodule plugin does not support "
				    "iprop"));
			exit(1);
		}

		/*
		 * Solaris Kerberos:
		 * Ensure that kpropd is only run on a slave
		 */
		if (retval = kadm5_is_master(kpropd_context, def_realm,
		    &is_master)) {
			com_err(progname, retval,
			    gettext("while trying to determine whether host is "
			    "master KDC for realm %s"), def_realm);
			exit(1);
		}

		if (is_master == TRUE) {
			char *master = NULL;
			kadm5_get_master(kpropd_context, def_realm, &master);

			com_err(progname, 0,
			    gettext("%s is the master KDC for the realm %s. "
			    "%s can only be run on a slave KDC"),
			    master ? master : "unknown", def_realm, progname);
			exit(1);
		}

		retval = do_iprop(log_ctx);
		if (retval) {
			/* Solaris Kerberos: Keep error messages consistent */
			com_err(progname, retval,
			    gettext("while doing iprop"));
			exit(1);
		}

	} else {

		/*
		 * Solaris Kerberos:
		 * Ensure that the kpropd.acl file exists and contains at least
		 * 1 entry.
		 */
		FILE *tmp_acl_file;
		int seen_file = 0;
		char buf[1024];

		tmp_acl_file = fopen(acl_file_name, "r");
		if (!tmp_acl_file) {
			com_err(progname, errno,
			    gettext("while opening acl file %s"),
			    acl_file_name);
			exit(1);
		}

		while (!feof(tmp_acl_file) && !seen_file ) {
			if (!fgets(buf, sizeof(buf), tmp_acl_file))
				break;

			if (buf[0] != '#' && !isspace(buf[0]))
				seen_file = 1;
		}
		if (!seen_file) {
			com_err(progname, 0,
			    gettext("No entries found in %s. Can't "
			    "authorize propagation requests"), acl_file_name);
			exit(1);
		}
		fclose(tmp_acl_file);

		if (standalone)
			ret = do_standalone(IPROP_NULL);
		else
			doit(0);
	}

	exit(ret);
}

void resync_alarm(int sn)
{
	close(gfd);
	if (debug)
		fprintf(stderr, gettext("resync_alarm: closing fd: %d\n"), gfd);
	gfd = -1;
}

int do_standalone(iprop_role iproprole)
{
    struct	linger linger;
    struct	servent *sp;
    int	finet, fromlen, s;
    int	on = 1;
    int	ret, status = 0;
    struct	sockaddr_in6 sin6 = { AF_INET6 };
    int sin6_size = sizeof (sin6);
    /*
     * Timer for accept/read calls, in case of network type errors.
     */
    int backoff_timer = INITIAL_TIMER;

retry:

    /* listen for either ipv4 or ipv6 */
    finet = socket(AF_INET6, SOCK_STREAM, IPPROTO_TCP);
    if (finet < 0 ) {
	com_err(progname, errno, gettext("while obtaining socket"));
	exit(1);
    }

    if(!port) {
	sp = getservbyname(KPROP_SERVICE, "tcp");
	if (sp == NULL) {
	    com_err(progname, 0, gettext("%s/tcp: unknown service"),
		    KPROP_SERVICE);
	    exit(1);
	}
	sin6.sin6_port = sp->s_port;
    } else
	sin6.sin6_port = port;

    /*
     * We need to close the socket immediately if iprop is enabled,
     * since back-to-back full resyncs are possible, so we do not
     * linger around for too long
     */
    if (iproprole == IPROP_SLAVE) {
	    if (setsockopt(finet, SOL_SOCKET, SO_REUSEADDR,
			(char *)&on, sizeof(on)) < 0)
		    com_err(progname, errno,
			    gettext("while setting socket option (SO_REUSEADDR)"));
	    linger.l_onoff = 1;
	    linger.l_linger = 2;
	    if (setsockopt(finet, SOL_SOCKET, SO_LINGER,
			(void *)&linger, sizeof(linger)) < 0)
		    com_err(progname, errno,
			    gettext("while setting socket option (SO_LINGER)"));
	    /*
	     * We also want to set a timer so that the slave is not waiting
	     * until infinity for an update from the master.
	     */
	    gfd = finet;
	    signal(SIGALRM, resync_alarm);
	    if (debug) {
		fprintf(stderr, "do_standalone: setting resync alarm to %d\n",
		    backoff_timer);
	    }
	    if (alarm(backoff_timer) != 0) {
		if (debug) {
		    fprintf(stderr,
			gettext("%s: alarm already set\n"), progname);
		}
	    }
	    backoff_timer *= 2;
    }
    if ((ret = bind(finet, (struct sockaddr *)&sin6, sizeof(sin6))) < 0) {
	if (debug) {
	    on = 1;
	    fprintf(stderr,
		    gettext("%s: attempting to rebind socket "
		    "with SO_REUSEADDR\n"), progname);
	    if (setsockopt(finet, SOL_SOCKET, SO_REUSEADDR,
			(char *)&on, sizeof(on)) < 0) {
		com_err(progname, errno,
			gettext("while setting socket option (SO_REUSEADDR)"));
	    }
	    ret = bind(finet, (struct sockaddr *) &sin6, sizeof(sin6));
	    }

	    if (ret < 0) {
	/*
	 * Solaris Kerberos:
	 * com_err will print the err msg associated with errno
	 */
#if 0
		perror(gettext("bind"));
#endif
		com_err(progname, errno,
		    gettext("while binding listener socket"));
		exit(1);
	    }
	}
	if (!debug && (iproprole != IPROP_SLAVE)) {
	/* Solaris Kerberos: Indicate where further messages will be sent */
		fprintf(stderr,
		    gettext("%s: Logging to SYSLOG with LOG_DAEMON facility\n"),
		    progname);
		if (daemon(1, 0)) {
			com_err(progname, errno, gettext("while daemonizing"));
			exit(1);
		}
		rem_default_com_err_hook();
	}

#ifdef PID_FILE
	if ((pidfile = fopen(PID_FILE, "w")) != NULL) {
		fprintf(pidfile, gettext("%d\n"), getpid());
		fclose(pidfile);
	} else
		com_err(progname, errno,
		gettext("while opening pid file %s for writing"),
		PID_FILE);
#endif
	if (listen(finet, 5) < 0) {
		/* Solaris Kerberos: Keep error messages consistent */
		com_err(progname, errno, gettext("while listening on socket"));
		exit(1);
	}
	while (1) {
		int child_pid;

		s = accept(finet, (struct sockaddr *) &sin6, &sin6_size);

		if (s < 0) {
			int e = errno;
			if (e != EINTR) {
				/*
				 * Solaris Kerberos: Keep error messages
				 * consistent
				 */
				com_err(progname, e,
				    gettext("while accepting connection"));
				backoff_timer = INITIAL_TIMER;
			}
			/*
			 * If we got EBADF, an alarm signal handler closed
			 * the file descriptor on us.
			 */
			if (e != EBADF)
				close(finet);
			/*
			 * An alarm could have been set and the fd closed, we
			 * should retry in case of transient network error for
			 * up to a couple of minutes.
			 */
			if (backoff_timer > 120)
				return (EINTR);
			goto retry;
		}
		alarm(0);
		gfd = -1;
		if (debug && (iproprole != IPROP_SLAVE))
			child_pid = 0;
		else
			child_pid = fork();
		switch (child_pid) {
		case -1:
			com_err(progname, errno, gettext("while forking"));
			exit(1);
	    /*NOTREACHED*/
		case 0:
	    /* child */
			(void) close(finet);

			doit(s);
			close(s);
			_exit(0);
	    /*NOTREACHED*/
		default:
	    /* parent */
	    /*
	     * Errors should not be considered fatal in the iprop case as we
	     * could have transient type errors, such as network outage, etc.
	     * Sleeping 3s for 2s linger interval.
	     */
	    if (wait(&status) < 0) {
		com_err(progname, errno,
		    gettext("while waiting to receive database"));
		if (iproprole != IPROP_SLAVE)
		    exit(1);
		sleep(3);
	    }

	    close(s);
	    if (iproprole == IPROP_SLAVE)
		close(finet);

	    if ((ret = WEXITSTATUS(status)) != 0)
		return (ret);
	}

	if (iproprole == IPROP_SLAVE)
	    break;
    }

    return (0);
}

void doit(fd)
	int	fd;
{
	struct sockaddr_storage from;
	socklen_t fromlen;
	int on = 1;
	struct hostent	*hp;
	krb5_error_code	retval;
	krb5_data confmsg;
	int lock_fd;
	mode_t omask;
	krb5_enctype etype;
	int database_fd;
	char ntop[NI_MAXHOST] = "";
	krb5_context doit_context;
	kdb_log_context *log_ctx;

	retval = krb5_init_context(&doit_context);
	if (retval) {
		com_err(progname, retval, gettext("while initializing krb5"));
		exit(1);
	}
	log_ctx = kpropd_context->kdblog_context;
	if (log_ctx && (log_ctx->iproprole == IPROP_SLAVE)) {
		ulog_set_role(doit_context, IPROP_SLAVE);
		/*
		 * We also want to set a timer so that the slave is not waiting
		 * until infinity for an update from the master.
		 */
		if (debug)
			fprintf(stderr, "doit: setting resync alarm to %ds\n",
			    INITIAL_TIMER);
		signal(SIGALRM, resync_alarm);
		gfd = fd;
		if (alarm(INITIAL_TIMER) != 0) {
			if (debug) {
				fprintf(stderr,
				    gettext("%s: alarm already set\n"), progname);
			}
		}
	}

	fromlen = (socklen_t)sizeof (from);
	if (getpeername(fd, (struct sockaddr *) &from, &fromlen) < 0) {
		fprintf(stderr, "%s: ", progname);
		perror(gettext("getpeername"));
		exit(1);
	}
	if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (caddr_t) &on,
		       sizeof (on)) < 0) {
		com_err(progname, errno,
		gettext("while attempting setsockopt (SO_KEEPALIVE)"));
	}

	if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop),
		NULL, 0, NI_NUMERICHOST) != 0) {

		/* getnameifo failed so use inet_ntop() to get printable addresses */
		if (from.ss_family == AF_INET) {

			inet_ntop(AF_INET,
			    (const void *)&ss2sin(&from)->sin_addr,
			    ntop, sizeof(ntop));

		} else if (from.ss_family == AF_INET6 &&
			! IN6_IS_ADDR_V4MAPPED(&ss2sin6(&from)->sin6_addr)) {

			ipaddr_t v4addr;

			inet_ntop(AF_INET6,
				(const void *)&ss2sin6(&from)->sin6_addr, ntop,
				sizeof(ntop));
		}
		/* ipv4 mapped ipv6 addrs handled later */
	}

	if (from.ss_family == AF_INET || from.ss_family == AF_INET6) {

		if (from.ss_family == AF_INET6 &&
			IN6_IS_ADDR_V4MAPPED(&ss2sin6(&from)->sin6_addr)) {

			ipaddr_t v4addr;

			/* coerce ipv4 mapped ipv6 addr to normal ipv4 addr */
			IN6_V4MAPPED_TO_IPADDR(&(ss2sin6(&from)->sin6_addr),
				v4addr);

			inet_ntop(AF_INET, (const void *) &v4addr,
				ntop, sizeof(ntop));
		}

		syslog(LOG_INFO, gettext("Connection from %s"), ntop);

		if (debug)
			printf("Connection from %s\n", ntop);

	} else {
		/* address family isn't either AF_INET || AF_INET6 */
		syslog(LOG_INFO,
		    gettext("Connection from unknown address family:%d"),
		    from.ss_family);

		if (debug) {
			printf(gettext("Connection from unknown address family:%d"),
			    from.ss_family);
		}
	}

	/*
	 * Now do the authentication
	 */
	/* Solaris Kerberos */
	kerberos_authenticate(doit_context, fd, &client, &etype, &from);

	/*
	 * Turn off alarm upon successful authentication from master.
	 */
	alarm(0);
	gfd = -1;

	if (!authorized_principal(doit_context, client, etype)) {
		char	*name;

		retval = krb5_unparse_name(doit_context, client, &name);
		if (retval) {
			/* Solaris Kerberos: Keep error messages consistent */
			com_err(progname, retval,
		    gettext("while unparsing client name"));
			exit(1);
		}
		syslog(LOG_WARNING,
		gettext("Rejected connection from unauthorized principal %s"),
		       name);
		free(name);
		exit(1);
	}
	omask = umask(077);
	lock_fd = open(temp_file_name, O_RDWR|O_CREAT, 0600);
	(void) umask(omask);
	retval = krb5_lock_file(doit_context, lock_fd,
				KRB5_LOCKMODE_EXCLUSIVE|KRB5_LOCKMODE_DONTBLOCK);
	if (retval) {
	    com_err(progname, retval,
			gettext("while trying to lock '%s'"),
		    temp_file_name);
	    exit(1);
	}
	if ((database_fd = open(temp_file_name,
				O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) {
		com_err(progname, errno,
			gettext("while opening database file, '%s'"),
			temp_file_name);
		exit(1);
	}
	recv_database(doit_context, fd, database_fd, &confmsg);
	if (rename(temp_file_name, file)) {
		/* Solaris Kerberos: Keep error messages consistent */
		com_err(progname, errno,
			gettext("while renaming %s to %s"),
			temp_file_name, file);
		exit(1);
	}
	retval = krb5_lock_file(doit_context, lock_fd, KRB5_LOCKMODE_SHARED);
	if (retval) {
	    com_err(progname, retval,
			gettext("while downgrading lock on '%s'"),
		    temp_file_name);
	    exit(1);
	}
	load_database(doit_context, kdb5_util, file);
	retval = krb5_lock_file(doit_context, lock_fd, KRB5_LOCKMODE_UNLOCK);
	if (retval) {
	    com_err(progname, retval,
		gettext("while unlocking '%s'"), temp_file_name);
	    exit(1);
	}
	(void)close(lock_fd);

	/*
	 * Send the acknowledgement message generated in
	 * recv_database, then close the socket.
	 */
	retval = krb5_write_message(doit_context, (void *) &fd, &confmsg);
	if (retval) {
		krb5_free_data_contents(doit_context, &confmsg);
		com_err(progname, retval,
			gettext("while sending # of received bytes"));
		exit(1);
	}
	krb5_free_data_contents(doit_context, &confmsg);
	if (close(fd) < 0) {
		com_err(progname, errno,
			gettext("while trying to close database file"));
		exit(1);
	}

	exit(0);
}


/*
 * Routine to handle incremental update transfer(s) from master KDC
 */
krb5_error_code do_iprop(kdb_log_context *log_ctx) {
	CLIENT *cl;
	kadm5_ret_t retval;
	kadm5_config_params params;
	krb5_ccache cc;
	krb5_principal iprop_svc_principal;
	void *server_handle = NULL;
	char *iprop_svc_princstr = NULL;
	char *master_svc_princstr = NULL;
	char *admin_server = NULL;
	char *keytab_name = NULL;
	unsigned int pollin, backoff_time;
	int backoff_cnt = 0;
	int reinit_cnt = 0;
	int ret;
	boolean_t frdone = B_FALSE;

	kdb_incr_result_t *incr_ret;
	static kdb_last_t mylast;

	kdb_fullresync_result_t *full_ret;
	char *full_resync_arg = NULL;

	kadm5_iprop_handle_t handle;
	kdb_hlog_t *ulog;

	krb5_keytab kt;
	krb5_keytab_entry entry;
	char kt_name[MAX_KEYTAB_NAME_LEN];

	/*
	 * Solaris Kerberos:
	 * Delay daemonizing until some basic configuration checks have been
	 * performed
	 */
#if 0
	if (!debug)
		daemon(0, 0);
#endif
	pollin = (unsigned int)0;
	(void) memset((char *)&params, 0, sizeof (params));
	ulog = log_ctx->ulog;

	params.mask |= KADM5_CONFIG_REALM;
	params.realm = def_realm;

	if (master_svc_princstr == NULL) {
		if (retval = kadm5_get_kiprop_host_srv_name(kpropd_context,
					def_realm, &master_svc_princstr)) {
			/* Solaris Kerberos: keep error messages consistent */
			com_err(progname, retval,
				gettext("while getting kiprop host based "
					"service name for realm %s"), def_realm);
			exit(1);
		}
	}

	/*
	 * Set cc to the default credentials cache
	 */
	if (retval = krb5_cc_default(kpropd_context, &cc)) {
		com_err(progname, retval,
			gettext("while opening default "
				"credentials cache"));
		exit(1);
	}

	retval = krb5_sname_to_principal(kpropd_context, NULL, KIPROP_SVC_NAME,
				KRB5_NT_SRV_HST, &iprop_svc_principal);
	if (retval) {
		com_err(progname, retval, gettext("while trying to construct "
						"host service principal"));
		exit(1);
	}

	/* Solaris Kerberos */
	if (krb5_is_referral_realm(krb5_princ_realm(kpropd_context,
	    iprop_svc_principal))) {
		krb5_data *r = krb5_princ_realm(kpropd_context,
		    iprop_svc_principal);
		assert(def_realm != NULL);
		r->length = strlen(def_realm);
		r->data = strdup(def_realm);
		if (r->data == NULL) {
			com_err(progname, retval,
			    ("while determining local service principal name"));
			exit(1);
		}
	}

	if (retval = krb5_unparse_name(kpropd_context, iprop_svc_principal,
				&iprop_svc_princstr)) {
		com_err(progname, retval,
			gettext("while canonicalizing "
				"principal name"));
		krb5_free_principal(kpropd_context, iprop_svc_principal);
		exit(1);
	}

	/*
	 * Solaris Kerberos:
	 * Check to see if kiprop/<fqdn>@REALM is in the keytab
	 */
	kt_name[0] = '\0';
	if (retval = krb5_kt_default_name(kpropd_context, kt_name,
	    MAX_KEYTAB_NAME_LEN)){
		com_err(progname, retval, gettext ("while resolving the "
		    "name of the default keytab"));
	}

	if (retval = krb5_kt_default(kpropd_context, &kt)) {
		com_err(progname, retval, gettext ("while resolving default "
		    "keytab"));
		krb5_free_principal(kpropd_context, iprop_svc_principal);
		exit(1);
	}

	if (retval = krb5_kt_get_entry(kpropd_context, kt, iprop_svc_principal,
	    0, 0, &entry)) {
		com_err(progname, retval, gettext("while retrieving entry %s "
		    "from %s"), iprop_svc_princstr,
		    kt_name[0] ? kt_name : "default keytab");
		krb5_kt_close(kpropd_context,kt);
		krb5_free_principal(kpropd_context, iprop_svc_principal);
		exit(1);
	}

	krb5_kt_close(kpropd_context,kt);
	krb5_free_principal(kpropd_context, iprop_svc_principal);

	if (!debug) {
	/* Solaris Kerberos: Indicate where further messages will be sent */
		fprintf(stderr, gettext("%s: Logging to SYSLOG\n"), progname);
		if (daemon(0, 0)) {
			com_err(progname, errno, gettext("while daemonizing"));
			exit(1);
		}
		rem_default_com_err_hook();
	}

reinit:
	/*
	 * Authentication, initialize rpcsec_gss handle etc.
	 */
	retval = kadm5_init_with_skey(iprop_svc_princstr, keytab_name,
				    master_svc_princstr,
				    &params,
				    KADM5_STRUCT_VERSION,
				    KADM5_API_VERSION_2,
				    NULL,
 				    &server_handle);

	if (retval) {
		if (retval == KADM5_RPC_ERROR) {
			reinit_cnt++;
			if (server_handle)
				kadm5_destroy((void *) server_handle);
			server_handle = (void *)NULL;
			handle = (kadm5_iprop_handle_t)NULL;

			com_err(progname, retval, gettext(
					"while attempting to connect"
					" to master KDC ... retrying"));
			backoff_time = backoff_from_master(&reinit_cnt);
			(void) sleep(backoff_time);
			goto reinit;
		} else {
			/* Solaris Kerberos: Be more verbose */
			com_err(progname, retval,
                                gettext("while initializing %s interface for "
				    "%s"), progname, iprop_svc_princstr);
			if (retval == KADM5_BAD_CLIENT_PARAMS ||
			    retval == KADM5_BAD_SERVER_PARAMS)
				usage();
			exit(1);
                }
	}

	/*
	 * Reset re-initialization count to zero now.
	 */
	reinit_cnt = backoff_time = 0;

	/*
	 * Reset the handle to the correct type for the RPC call
	 */
	handle = server_handle;

	/*
	 * If we have reached this far, we have succesfully established
	 * a RPCSEC_GSS connection; we now start polling for updates
	 */
	if (poll_time == NULL) {
		if ((poll_time = (char *)strdup("2m")) == NULL) {
			/* Solaris Kerberos: Keep error messages consistent */
			com_err(progname, ENOMEM,
				gettext("while allocating poll_time"));
			exit(1);
		}
	}

	if (pollin == (unsigned int)0)
		pollin = convert_polltime(poll_time);

	for (;;) {
		incr_ret = NULL;
		full_ret = NULL;

		/*
		 * Get the most recent ulog entry sno + ts, which
		 * we package in the request to the master KDC
		 */
		mylast.last_sno = ulog->kdb_last_sno;
		mylast.last_time = ulog->kdb_last_time;

		/*
		 * Loop continuously on an iprop_get_updates_1(),
		 * so that we can keep probing the master for updates
		 * or (if needed) do a full resync of the krb5 db.
		 */

		incr_ret = iprop_get_updates_1(&mylast, handle->clnt);
		if (incr_ret == (kdb_incr_result_t *)NULL) {
			clnt_perror(handle->clnt,
				    "iprop_get_updates call failed");
			if (server_handle)
				kadm5_destroy((void *)server_handle);
			server_handle = (void *)NULL;
			handle = (kadm5_iprop_handle_t)NULL;
			goto reinit;
		}

		switch (incr_ret->ret) {

		case UPDATE_FULL_RESYNC_NEEDED:
			/*
			 * We dont do a full resync again, if the last
			 * X'fer was a resync and if the master sno is
			 * still "0", i.e. no updates so far.
			 */
			if ((frdone == B_TRUE) && (incr_ret->lastentry.last_sno
						== 0)) {
				break;
			} else {

				full_ret = iprop_full_resync_1((void *)
						&full_resync_arg, handle->clnt);

				if (full_ret == (kdb_fullresync_result_t *)
							NULL) {
					clnt_perror(handle->clnt,
					    "iprop_full_resync call failed");
					if (server_handle)
						kadm5_destroy((void *)
							server_handle);
					server_handle = (void *)NULL;
					handle = (kadm5_iprop_handle_t)NULL;
					goto reinit;
				}
			}

			switch (full_ret->ret) {
			case UPDATE_OK:
				backoff_cnt = 0;
				/*
				 * We now listen on the kprop port for
				 * the full dump
				 */
				ret = do_standalone(log_ctx->iproprole);
				if (debug)
					if (ret)
						fprintf(stderr,
						    gettext("Full resync "
						    "was unsuccessful\n"));
					else
						fprintf(stderr,
						    gettext("Full resync "
						    "was successful\n"));
				if (ret) {
					syslog(LOG_WARNING,
					    gettext("kpropd: Full resync, "
					    "invalid return."));
					/*
					 * Start backing-off immediately after
					 * failure.
					 */
					backoff_cnt++;
					frdone = B_FALSE;
				} else
					frdone = B_TRUE;
				break;

			case UPDATE_BUSY:
				/*
				 * Exponential backoff
				 */
				backoff_cnt++;
				break;

			case UPDATE_FULL_RESYNC_NEEDED:
			case UPDATE_NIL:
			default:
				backoff_cnt = 0;
				frdone = B_FALSE;
				syslog(LOG_ERR, gettext("kpropd: Full resync,"
					" invalid return from master KDC."));
				break;

			case UPDATE_PERM_DENIED:
				syslog(LOG_ERR, gettext("kpropd: Full resync,"
					" permission denied."));
				goto error;

			case UPDATE_ERROR:
				syslog(LOG_ERR, gettext("kpropd: Full resync,"
					" error returned from master KDC."));
				goto error;
			}
			break;

		case UPDATE_OK:
			backoff_cnt = 0;
			frdone = B_FALSE;

			/*
			 * ulog_replay() will convert the ulog updates to db
			 * entries using the kdb conv api and will commit
			 * the entries to the slave kdc database
			 */
			retval = ulog_replay(kpropd_context, incr_ret);

			if (retval) {
				syslog(LOG_ERR, gettext("kpropd: ulog_replay"
					" failed, updates not registered."));
				break;
			}

			if (debug)
				fprintf(stderr, gettext("Update transfer "
					"from master was OK\n"));
			break;

		case UPDATE_PERM_DENIED:
			syslog(LOG_ERR, gettext("kpropd: get_updates,"
						" permission denied."));
			goto error;

		case UPDATE_ERROR:
			syslog(LOG_ERR, gettext("kpropd: get_updates, error "
						"returned from master KDC."));
			goto error;

		case UPDATE_BUSY:
			/*
			 * Exponential backoff
			 */
			backoff_cnt++;
			break;

		case UPDATE_NIL:
			/*
			 * Master-slave are in sync
			 */
			if (debug)
				fprintf(stderr, gettext("Master, slave KDC's "
					"are in-sync, no updates\n"));
			backoff_cnt = 0;
			frdone = B_FALSE;
			break;

		default:
			backoff_cnt = 0;
			syslog(LOG_ERR, gettext("kpropd: get_updates,"
					" invalid return from master KDC."));
			break;
		}

		if (runonce == B_TRUE)
			goto done;

		/*
		 * Sleep for the specified poll interval (Default is 2 mts),
		 * or do a binary exponential backoff if we get an
		 * UPDATE_BUSY signal
		 */
		if (backoff_cnt > 0) {
			backoff_time = backoff_from_master(&backoff_cnt);
			if (debug)
				fprintf(stderr, gettext("Busy signal received "
					"from master, backoff for %d secs\n"),
					backoff_time);
			(void) sleep(backoff_time);
		}
		else
			(void) sleep(pollin);

	}


error:
	if (debug)
		fprintf(stderr, gettext("ERROR returned by master, bailing\n"));
	syslog(LOG_ERR, gettext("kpropd: ERROR returned by master KDC,"
			" bailing.\n"));
done:
	if (poll_time)
		free(poll_time);
	if(iprop_svc_princstr)
		free(iprop_svc_princstr);
	if (master_svc_princstr)
		free(master_svc_princstr);
	if (retval = krb5_cc_close(kpropd_context, cc)) {
		com_err(progname, retval,
			gettext("while closing default ccache"));
		exit(1);
	}
	if (def_realm)
		free(def_realm);
	if (server_handle)
		kadm5_destroy((void *)server_handle);
	if (kpropd_context)
		krb5_free_context(kpropd_context);

	if (runonce == B_TRUE)
		return (0);
	else
		exit(1);
}


/*
 * Do exponential backoff, since master KDC is BUSY or down
 */
unsigned int backoff_from_master(int *cnt) {
	unsigned int btime;

	btime = (unsigned int)(2<<(*cnt));
	if (btime > MAX_BACKOFF) {
		btime = MAX_BACKOFF;
		*cnt--;
	}

	return (btime);
}


/*
 * Routine to convert the `pollstr' string to seconds
 */
int convert_polltime(char *pollstr) {
	char *tokenptr = NULL;
	int len, polltime;

	len = polltime = 0;

	if ((len = strcspn(pollstr, "s")) < strlen(pollstr)) {
		tokenptr = malloc((len + 1) * sizeof(char));
		(void) strlcpy(tokenptr, pollstr, len + 1);
		polltime = atoi(tokenptr);
	}

	if ((len = strcspn(pollstr, "m")) < strlen(pollstr)) {
		tokenptr = malloc((len + 1) * sizeof(char));
		(void) strlcpy(tokenptr, pollstr, len + 1);
		polltime = atoi(tokenptr) * 60;
	}

	if ((len = strcspn(pollstr, "h")) < strlen(pollstr)) {
		tokenptr = malloc((len + 1) * sizeof(char));
		(void) strlcpy(tokenptr, pollstr, len + 1);
		polltime = atoi(tokenptr) * 3600;
	}

	if (tokenptr != NULL)
		free(tokenptr);
	/*
	 * If we have a bogus pollstr value, set polltime to the
	 * default of 2 mts (120 seconds).
	 */
	if (polltime == 0)
		polltime = 120;
	return (polltime);
}

static void
kpropd_com_err_proc(whoami, code, fmt, args)
	const char	*whoami;
	long		code;
	const char	*fmt;
	va_list		args;
{
	char	error_buf[8096];

	error_buf[0] = '\0';
	if (fmt)
		vsprintf(error_buf, fmt, args);
	syslog(LOG_ERR, "%s%s%s%s%s", whoami ? whoami : "", whoami ? ": " : "",
	       code ? error_message(code) : "", code ? " " : "", error_buf);
}

void PRS(argc,argv)
	int	argc;
	char	**argv;
{
	register char	*word, ch;
	char	*cp;
	int c;
	struct hostent *hp;
	char	my_host_name[MAXHOSTNAMELEN], buf[BUFSIZ];
	krb5_error_code	retval;
	static const char	tmp[] = ".temp";
	kadm5_config_params	params;

	(void) setlocale(LC_ALL, "");

#if !defined(TEXT_DOMAIN)		/* Should be defined by cc -D */
#define	TEXT_DOMAIN	"KPROPD_TEST"	/* Use this only if it weren't */
#endif

	(void) textdomain(TEXT_DOMAIN);

	(void) memset((char *) &params, 0, sizeof (params));

	retval = krb5_init_context(&kpropd_context);
	if (retval) {
		com_err(argv[0], retval,
			gettext("while initializing krb5"));
		exit(1);
	}

	/* Solaris Kerberos: Sanitize progname */
	progname = basename(argv[0]);

	while ((c = getopt(argc, argv, "dtf:F:p:P:r:s:Sa:")) != EOF){
		switch (c) {
		case 'd':
			debug++;
			break;
		case 't':
			/*
			 * Undocumented option - for testing only.
			 *
			 * Option to run the kpropd server exactly
			 * once (this is true only if iprop is enabled).
			 */
			runonce = B_TRUE;
			break;

		case 'f':
			file = optarg;
			if (!file)
				usage();
			break;
		case 'F':
			kerb_database = optarg;
			if (!kerb_database)
				usage();
			break;
		case 'p':
			kdb5_util = optarg;
			if (!kdb5_util)
				usage();
			break;
		case 'P':
			port = htons(atoi(optarg));
			if (!port)
				usage();
			break;
		case 'r':
			realm = optarg;
			if (!realm)
				usage();
			params.realm = realm;
			params.mask |= KADM5_CONFIG_REALM;
			break;
		case 's':
			srvtab = optarg;
			if (!srvtab)
				usage();
			break;
		case 'S':
			standalone++;
			break;
		case 'a':
			acl_file_name = optarg;
			if (!acl_file_name)
				usage();
			break;
		case '?':
				default:
					usage();
				}

			}
	/*
	 * If not in debug mode, switch com_err reporting to syslog
	 */
	if (! debug) {
	    openlog("kpropd", LOG_PID | LOG_ODELAY, SYSLOG_CLASS);
	    /*
	     * Solaris Kerberos:
	     * Don't replace default logging. Add a new logging channel.
	     * Stop logging to stderr when daemonizing
	     */
	    add_com_err_hook(kpropd_com_err_proc);
	}
	/*
	 * Get my hostname, so we can construct my service name
	 */
	retval = krb5_sname_to_principal(kpropd_context,
					 NULL, KPROP_SERVICE_NAME,
					 KRB5_NT_SRV_HST, &server);
	if (retval) {
		/* Solaris Kerberos: Keep error messages consistent */
		com_err(progname, retval,
			gettext("while trying to construct my service name"));
		exit(1);
	}
	if (realm) {
	    retval = krb5_set_principal_realm(kpropd_context, server, realm);
	    if (retval) {
	        com_err(progname, errno,
			gettext("while constructing my service realm"));
		exit(1);
	    }
	}
	/*
	 * Construct the name of the temporary file.
	 */
	if ((temp_file_name = (char *) malloc(strlen(file) +
					       strlen(tmp) + 1)) == NULL) {
		com_err(progname, ENOMEM,
			gettext("while allocating filename for temp file"));
		exit(1);
	}
	strcpy(temp_file_name, file);
	strcat(temp_file_name, tmp);

	retval = kadm5_get_config_params(kpropd_context, 1, NULL, &params,
	    &params);
	if (retval) {
		com_err(progname, retval, gettext("while initializing"));
		exit(1);
	}
	if (params.iprop_enabled == TRUE) {
		ulog_set_role(kpropd_context, IPROP_SLAVE);
		poll_time = params.iprop_polltime;

		if (ulog_map(kpropd_context, &params, FKPROPD)) {
		/* Solaris Kerberos: Keep error messages consistent */
 			com_err(progname, errno,
			    gettext("while mapping log"));
			exit(1);
		}
	}

	/*
	 * Grab the realm info and check if iprop is enabled.
	 */
	if (def_realm == NULL) {
		retval = krb5_get_default_realm(kpropd_context, &def_realm);
		if (retval) {
			/* Solaris Kerberos: Keep error messages consistent */
			com_err(progname, retval,
				gettext("while retrieving default realm"));
			exit(1);
		}
	}
}

/*
 * Figure out who's calling on the other end of the connection....
 */
/* Solaris Kerberos */
void
kerberos_authenticate(context, fd, clientp, etype, ss)
    krb5_context 	  context;
    int		 	  fd;
    krb5_principal	* clientp;
    krb5_enctype	* etype;
    struct sockaddr_storage	* ss;
{
    krb5_error_code	  retval;
    krb5_ticket		* ticket;
    struct sockaddr_storage	  r_ss;
    int			  ss_length;
    krb5_keytab		  keytab = NULL;

    /*
     * Set recv_addr and send_addr
     */
    /* Solaris Kerberos */
    if (cvtkaddr(ss, &sender_addr) == NULL) {
	com_err(progname, errno,
		gettext("while converting socket address"));
	exit(1);
    }

    ss_length = sizeof (r_ss);
    if (getsockname(fd, (struct sockaddr *) &r_ss, &ss_length)) {
	com_err(progname, errno,
		gettext("while getting local socket address"));
	exit(1);
    }

    if (cvtkaddr(&r_ss, &receiver_addr) == NULL) {
	com_err(progname, errno,
		gettext("while converting socket address"));
	exit(1);
    }

    if (debug) {
	char *name;

	retval = krb5_unparse_name(context, server, &name);
	if (retval) {
	    /* Solaris Kerberos: Keep error messages consistent */
	    com_err(progname, retval, gettext("while unparsing server name"));
	    exit(1);
	}
	printf(gettext("krb5_recvauth(%d, %s, %s, ...)\n"), fd, kprop_version,
	    name);
	free(name);
    }

    retval = krb5_auth_con_init(context, &auth_context);
    if (retval) {
	syslog(LOG_ERR, gettext("Error in krb5_auth_con_init: %s"),
	       error_message(retval));
    	exit(1);
    }

    retval = krb5_auth_con_setflags(context, auth_context,
				    KRB5_AUTH_CONTEXT_DO_SEQUENCE);
    if (retval) {
	syslog(LOG_ERR, gettext("Error in krb5_auth_con_setflags: %s"),
	       error_message(retval));
	exit(1);
    }

    retval = krb5_auth_con_setaddrs(context, auth_context, &receiver_addr,
				    &sender_addr);
    if (retval) {
	syslog(LOG_ERR, gettext("Error in krb5_auth_con_setaddrs: %s"),
	       error_message(retval));
	exit(1);
    }

    if (srvtab) {
        retval = krb5_kt_resolve(context, srvtab, &keytab);
	if (retval) {
	  syslog(LOG_ERR, gettext("Error in krb5_kt_resolve: %s"), error_message(retval));
	  exit(1);
	}
    }

    retval = krb5_recvauth(context, &auth_context, (void *) &fd,
			   kprop_version, server, 0, keytab, &ticket);
    if (retval) {
	syslog(LOG_ERR, gettext("Error in krb5_recvauth: %s"), error_message(retval));
	exit(1);
    }

    retval = krb5_copy_principal(context, ticket->enc_part2->client, clientp);
    if (retval) {
	syslog(LOG_ERR, gettext("Error in krb5_copy_prinicpal: %s"),
	       error_message(retval));
	exit(1);
    }

    *etype = ticket->enc_part.enctype;

    if (debug) {
	char * name;
	char etypebuf[100];

	retval = krb5_unparse_name(context, *clientp, &name);
	if (retval) {
	    /* Solaris Kerberos: Keep error messages consistent */
	    com_err(progname, retval,
		gettext("while unparsing client name"));
	    exit(1);
	}

	retval = krb5_enctype_to_string(*etype, etypebuf, sizeof(etypebuf));
	if (retval) {
	    /* Solaris Kerberos: Keep error messages consistent */
	    com_err(progname, retval, gettext("while unparsing ticket etype"));
	    exit(1);
	}

	printf("authenticated client: %s (etype == %s)\n", name, etypebuf);
	free(name);
    }

    krb5_free_ticket(context, ticket);
}

krb5_boolean
authorized_principal(context, p, auth_etype)
    krb5_context context;
    krb5_principal p;
    krb5_enctype auth_etype;
{
    char		*name, *ptr;
    char		buf[1024];
    krb5_error_code	retval;
    FILE		*acl_file;
    int			end;
    krb5_enctype	acl_etype;

    retval = krb5_unparse_name(context, p, &name);
    if (retval)
	return FALSE;

    acl_file = fopen(acl_file_name, "r");
    if (!acl_file)
	return FALSE;

    while (!feof(acl_file)) {
	if (!fgets(buf, sizeof(buf), acl_file))
	    break;
	end = strlen(buf) - 1;
	if (buf[end] == '\n')
	    buf[end] = '\0';
	if (!strncmp(name, buf, strlen(name))) {
	    ptr = buf+strlen(name);

	    /* if the next character is not whitespace or nul, then
	       the match is only partial.  continue on to new lines. */
	    if (*ptr && !isspace((int) *ptr))
		continue;

	    /* otherwise, skip trailing whitespace */
	    for (; *ptr && isspace((int) *ptr); ptr++) ;

	    /* now, look for an etype string. if there isn't one,
	       return true.  if there is an invalid string, continue.
	       If there is a valid string, return true only if it
	       matches the etype passed in, otherwise continue */

	    if ((*ptr) &&
		((retval = krb5_string_to_enctype(ptr, &acl_etype)) ||
		 (acl_etype != auth_etype)))
		continue;

	    free(name);
	    fclose(acl_file);
	    return TRUE;
	}
    }
    free(name);
    fclose(acl_file);
    return FALSE;
}

void
recv_database(context, fd, database_fd, confmsg)
    krb5_context context;
    int	fd;
    int	database_fd;
    krb5_data *confmsg;
{
	krb5_ui_4	database_size; /* This must be 4 bytes */
	int	received_size, n;
	char		buf[1024];
	krb5_data	inbuf, outbuf;
	krb5_error_code	retval;

	/*
	 * Receive and decode size from client
	 */
	retval = krb5_read_message(context, (void *) &fd, &inbuf);
	if (retval) {
		send_error(context, fd, retval, gettext("while reading database size"));
		com_err(progname, retval,
			gettext("while reading size of database from client"));
		exit(1);
	}
	if (krb5_is_krb_error(&inbuf))
		recv_error(context, &inbuf);
	retval = krb5_rd_safe(context,auth_context,&inbuf,&outbuf,NULL);
	if (retval) {
		send_error(context, fd, retval, gettext(
			   "while decoding database size"));
		krb5_free_data_contents(context, &inbuf);
		com_err(progname, retval,
			gettext("while decoding database size from client"));
		exit(1);
	}
	memcpy((char *) &database_size, outbuf.data, sizeof(database_size));
	krb5_free_data_contents(context, &inbuf);
	krb5_free_data_contents(context, &outbuf);
	database_size = ntohl(database_size);

	/*
	 * Initialize the initial vector.
	 */
	retval = krb5_auth_con_initivector(context, auth_context);
	if (retval) {
	  send_error(context, fd, retval, gettext(
		     "failed while initializing i_vector"));
	  com_err(progname, retval, gettext("while initializing i_vector"));
	  exit(1);
	}

	/*
	 * Now start receiving the database from the net
	 */
	received_size = 0;
	while (received_size < database_size) {
	        retval = krb5_read_message(context, (void *) &fd, &inbuf);
		if (retval) {
			snprintf(buf, sizeof (buf),
			gettext("while reading database block starting at offset %d"),
				received_size);
			com_err(progname, retval, buf);
			send_error(context, fd, retval, buf);
			exit(1);
		}
		if (krb5_is_krb_error(&inbuf))
			recv_error(context, &inbuf);
		retval = krb5_rd_priv(context, auth_context, &inbuf,
				      &outbuf, NULL);
		if (retval) {
			snprintf(buf, sizeof (buf),
		gettext("while decoding database block starting at offset %d"),
				received_size);
			com_err(progname, retval, buf);
			send_error(context, fd, retval, buf);
			krb5_free_data_contents(context, &inbuf);
			exit(1);
		}
		n = write(database_fd, outbuf.data, outbuf.length);
		if (n < 0) {
			snprintf(buf, sizeof (buf),
				gettext(
"while writing database block starting at offset %d"),
				received_size);
			send_error(context, fd, errno, buf);
		} else if (n != outbuf.length) {
			snprintf(buf, sizeof (buf),
				gettext(
"incomplete write while writing database block starting at\n"
"offset %d (%d written, %d expected)"),
				received_size, n, outbuf.length);
			send_error(context, fd, KRB5KRB_ERR_GENERIC, buf);
		}
		received_size += outbuf.length;
		/* SUNWresync121: our krb5...contents sets length to 0 */
		krb5_free_data_contents(context, &inbuf);
		krb5_free_data_contents(context, &outbuf);

	}
	/*
	 * OK, we've seen the entire file.  Did we get too many bytes?
	 */
	if (received_size > database_size) {
		snprintf(buf, sizeof (buf),
		gettext("Received %d bytes, expected %d bytes for database file"),
			received_size, database_size);
		send_error(context, fd, KRB5KRB_ERR_GENERIC, buf);
	}
	/*
	 * Create message acknowledging number of bytes received, but
	 * don't send it until kdb5_util returns successfully.
	 */
	database_size = htonl(database_size);
	inbuf.data = (char *) &database_size;
	inbuf.length = sizeof(database_size);
	retval = krb5_mk_safe(context,auth_context,&inbuf,confmsg,NULL);
	if (retval) {
		com_err(progname, retval,
			gettext("while encoding # of receieved bytes"));
		send_error(context, fd, retval,
			   gettext("while encoding # of received bytes"));
		exit(1);
	}
}


void
send_error(context, fd, err_code, err_text)
    krb5_context context;
    int	fd;
    krb5_error_code	err_code;
    char	*err_text;
{
	krb5_error	error;
	const char	*text;
	krb5_data	outbuf;
	char		buf[1024];

	memset((char *)&error, 0, sizeof(error));
	krb5_us_timeofday(context, &error.stime, &error.susec);
	error.server = server;
	error.client = client;

	if (err_text)
		text = err_text;
	else
		text = error_message(err_code);

	error.error = err_code - ERROR_TABLE_BASE_krb5;
	if (error.error > 127) {
		error.error = KRB_ERR_GENERIC;
		if (err_text) {
			sprintf(buf, "%s %s", error_message(err_code),
				err_text);
			text = buf;
		}
	}
	error.text.length = strlen(text) + 1;
	error.text.data = malloc(error.text.length);
	if (error.text.data) {
		strcpy(error.text.data, text);
		if (!krb5_mk_error(context, &error, &outbuf)) {
			(void) krb5_write_message(context, (void *)&fd,&outbuf);
			krb5_free_data_contents(context, &outbuf);
		}
		free(error.text.data);
	}
}

void
recv_error(context, inbuf)
    krb5_context context;
    krb5_data	*inbuf;
{
	krb5_error	*error;
	krb5_error_code	retval;

	retval = krb5_rd_error(context, inbuf, &error);
	if (retval) {
		com_err(progname, retval,
			gettext("while decoding error packet from client"));
		exit(1);
	}
	if (error->error == KRB_ERR_GENERIC) {
		if (error->text.data)
			fprintf(stderr,
				gettext("Generic remote error: %s\n"),
				error->text.data);
	} else if (error->error) {
		com_err(progname, error->error + ERROR_TABLE_BASE_krb5,
			gettext("signaled from server"));
		if (error->text.data)
			fprintf(stderr,
				gettext("Error text from client: %s\n"),
				error->text.data);
	}
	krb5_free_error(context, error);
	exit(1);
}

void
load_database(context, kdb_util, database_file_name)
    krb5_context context;
    char *kdb_util;
    char *database_file_name;
{
	static char	*edit_av[10];
	int	error_ret, save_stderr = -1;
	int	child_pid;
	int 	count;

	/* <sys/param.h> has been included, so BSD will be defined on
	   BSD systems */
#if BSD > 0 && BSD <= 43
#ifndef WEXITSTATUS
#define	WEXITSTATUS(w) (w).w_retcode
#endif
	union wait	waitb;
#else
	int	waitb;
#endif
	krb5_error_code	retval;
	kdb_log_context	*log_ctx;

	if (debug)
		printf(gettext("calling kdb_util to load database\n"));

	log_ctx = context->kdblog_context;

	edit_av[0] = kdb_util;
	count = 1;
	if (realm) {
		edit_av[count++] = "-r";
		edit_av[count++] = realm;
	}
	edit_av[count++] = "load";
	if (kerb_database) {
		edit_av[count++] = "-d";
		edit_av[count++] = kerb_database;
	}

	if (log_ctx && (log_ctx->iproprole == IPROP_SLAVE)) {
		edit_av[count++] = "-i";
	}
	edit_av[count++] = database_file_name;
	edit_av[count++] = NULL;

	switch(child_pid = fork()) {
	case -1:
		com_err(progname, errno, gettext("while trying to fork %s"),
			kdb_util);
		exit(1);
		/*NOTREACHED*/
	case 0:
		if (!debug) {
			save_stderr = dup(2);
			close(0);
			close(1);
			close(2);
			open("/dev/null", O_RDWR);
			dup(0);
			dup(0);
		}

		execv(kdb_util, edit_av);
		retval = errno;
		if (!debug)
			dup2(save_stderr, 2);
		com_err(progname, retval, gettext("while trying to exec %s"),
			kdb_util);
		_exit(1);
		/*NOTREACHED*/
	default:
		if (debug)
		    printf(gettext("Child PID is %d\n"), child_pid);
		if (wait(&waitb) < 0) {
			com_err(progname, errno, gettext("while waiting for %s"),
				kdb_util);
			exit(1);
		}
	}

	error_ret = WEXITSTATUS(waitb);
	if (error_ret) {
		com_err(progname, 0,
		    gettext("%s returned a bad exit status (%d)"),
			kdb_util, error_ret);
		exit(1);
	}
	return;
}