1 /* $FreeBSD: src/crypto/kerberosIV/appl/kip/kipd.c,v 1.1.1.3.2.2 2001/03/04 12:52:43 markm Exp $ */
2 /* $DragonFly: src/crypto/kerberosIV/appl/kip/Attic/kipd.c,v 1.2 2003/06/17 04:24:36 dillon Exp $ */
5 * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
6 * (Royal Institute of Technology, Stockholm, Sweden).
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the Institute nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
24 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39 RCSID("$Id: kipd.c,v 1.16.2.3 2000/10/18 20:46:45 assar Exp $");
42 recv_conn (int sock, des_cblock *key, des_key_schedule schedule,
43 struct sockaddr_in *retaddr, char *user, size_t len)
48 char instance[INST_SZ];
49 struct sockaddr_in thisaddr, thataddr;
51 char version[KRB_SENDAUTH_VLEN + 1];
53 struct passwd *passwd;
55 addrlen = sizeof(thisaddr);
56 if (getsockname (sock, (struct sockaddr *)&thisaddr, &addrlen) < 0 ||
57 addrlen != sizeof(thisaddr)) {
60 addrlen = sizeof(thataddr);
61 if (getpeername (sock, (struct sockaddr *)&thataddr, &addrlen) < 0 ||
62 addrlen != sizeof(thataddr)) {
66 k_getsockinst (sock, instance, sizeof(instance));
67 status = krb_recvauth (KOPT_DO_MUTUAL, sock, &ticket, "rcmd", instance,
68 &thataddr, &thisaddr, &auth, "", schedule,
70 if (status != KSUCCESS ||
71 strncmp(version, KIP_VERSION, KRB_SENDAUTH_VLEN) != 0) {
74 passwd = k_getpwnam ("root");
76 fatal (sock, "Cannot find root", schedule, &auth.session);
79 if (kuserok(&auth, "root") != 0) {
80 fatal (sock, "Permission denied", schedule, &auth.session);
83 if (write (sock, &ok, sizeof(ok)) != sizeof(ok))
86 snprintf (user, len, "%s%s%s@%s", auth.pname,
87 auth.pinst[0] != '\0' ? "." : "",
88 auth.pinst, auth.prealm);
90 memcpy(key, &auth.session, sizeof(des_cblock));
100 char tun_if_name[64];
101 char user[MAX_K_NAME_SZ];
102 struct sockaddr_in thataddr;
103 des_key_schedule schedule;
109 if (recv_conn (sock, &key, schedule, &thataddr, user, sizeof(user)))
111 this = tunnel_open (tun_if_name, sizeof(tun_if_name));
113 fatal (sock, "Cannot open " _PATH_DEV TUNDEV, schedule, &key);
115 strlcpy(cmd, LIBEXECDIR "/kipd-control", sizeof(cmd));
117 ret = kip_exec (cmd, msg, sizeof(msg), "kipd-control",
118 "up", tun_if_name, inet_ntoa(thataddr.sin_addr), user,
121 fatal (sock, msg, schedule, &key);
125 ret = copy_packets (this, sock, TUNMTU, &key, schedule);
127 ret2 = kip_exec (cmd, msg, sizeof(msg), "kipd-control",
128 "down", tun_if_name, user, NULL);
130 syslog(LOG_ERR, "%s", msg);
134 static char *port_str = NULL;
135 static int inetd_flag = 1;
136 static int version_flag = 0;
137 static int help_flag = 0;
139 struct getargs args[] = {
140 { "inetd", 'i', arg_negative_flag, &inetd_flag,
141 "Not started from inetd" },
142 { "port", 'p', arg_string, &port_str, "Use this port",
144 { "version", 0, arg_flag, &version_flag },
145 { "help", 0, arg_flag, &help_flag }
151 arg_printusage (args,
152 sizeof(args) / sizeof(args[0]),
159 * kipd - receive forwarded IP
163 main (int argc, char **argv)
168 set_progname (argv[0]);
169 roken_openlog(__progname, LOG_PID|LOG_CONS, LOG_DAEMON);
171 if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
179 print_version (NULL);
184 struct servent *s = roken_getservbyname (port_str, "tcp");
191 port = strtol (port_str, &ptr, 10);
192 if (port == 0 && ptr == port_str)
193 errx (1, "bad port `%s'", port_str);
197 port = k_getportbyname ("kip", "tcp", htons(KIPPORT));
203 signal (SIGCHLD, childhandler);
204 return doit(STDIN_FILENO);