2 * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "slav_locl.h"
38 RCSID("$Id: kpropd.c,v 2.32 1999/12/02 16:58:56 joda Exp $");
41 #define SBINDIR "/usr/athena/sbin"
44 struct sockaddr_in master, slave;
46 char *database = DBM_FILE;
48 char *lockfile = DB_DIR "/slave_propagation";
50 char *logfile = K_LOGFIL;
52 char *kdb_util = SBINDIR "/kdb_util";
54 char *kdb_util_command = "load";
62 copy_data(int from, int to, des_cblock *session, des_key_schedule schedule)
65 char buf[KPROP_BUFSIZ + 26];
73 n = krb_net_read(from, tmp, 4);
77 klog(L_KRB_PERR, "krb_net_read: %s", strerror(errno));
81 klog(L_KRB_PERR, "Premature end of data");
84 length = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3];
85 if(length > sizeof(buf)){
86 klog(L_KRB_PERR, "Giant packet received: %d", length);
89 if(krb_net_read(from, buf, length) != length){
90 klog(L_KRB_PERR, "Premature end of data");
93 kerr = krb_rd_priv (buf, length, schedule, session,
96 klog(L_KRB_PERR, "Kerberos error: %s", krb_get_err_text(kerr));
99 write(to, m.app_data, m.app_length);
114 des_key_schedule schedule;
120 if(getpeername(s, (struct sockaddr*)&master, &n) < 0){
121 klog(L_KRB_PERR, "getpeername: %s", strerror(errno));
126 if(getsockname(s, (struct sockaddr*)&slave, &n) < 0){
127 klog(L_KRB_PERR, "getsockname: %s", strerror(errno));
131 klog(L_KRB_PERR, "Connection from %s", inet_ntoa(master.sin_addr));
133 n = krb_net_read(s, buf, KPROP_PROT_VERSION_LEN + 2);
134 if(n < KPROP_PROT_VERSION_LEN + 2){
135 klog(L_KRB_PERR, "Premature end of data");
138 if(memcmp(buf, KPROP_PROT_VERSION, KPROP_PROT_VERSION_LEN) != 0){
139 klog(L_KRB_PERR, "Bad protocol version string received");
142 mode = (buf[n-2] << 8) | buf[n-1];
143 if(mode != KPROP_TRANSFER_PRIVATE){
144 klog(L_KRB_PERR, "Bad transfer mode received: %d", mode);
147 k_getsockinst(s, sinst, sizeof(sinst));
148 kerr = krb_recvauth(KOPT_DO_MUTUAL, s, &ticket,
149 KPROP_SERVICE_NAME, sinst,
151 &ad, srvtab, schedule,
153 if(kerr != KSUCCESS){
154 klog(L_KRB_PERR, "Kerberos error: %s", krb_get_err_text(kerr));
158 if(strcmp(ad.pname, KPROP_SERVICE_NAME) ||
160 strcmp(ad.pinst, /* XXX remote host */) ||
162 strcmp(ad.pinst, KRB_MASTER) ||
164 strcmp(ad.prealm, realm)){
165 klog(L_KRB_PERR, "Connection from unauthorized client: %s",
166 krb_unparse_name_long(ad.pname, ad.pinst, ad.prealm));
170 des_set_key(&ad.session, schedule);
172 lock = open(lockfile, O_WRONLY|O_CREAT, 0600);
174 klog(L_KRB_PERR, "Failed to open file: %s", strerror(errno));
177 if(flock(lock, LOCK_EX | LOCK_NB)){
179 klog(L_KRB_PERR, "Failed to lock file: %s", strerror(errno));
183 if(ftruncate(lock, 0) < 0){
185 klog(L_KRB_PERR, "Failed to lock file: %s", strerror(errno));
189 if(copy_data(s, lock, &ad.session, schedule)){
195 if(simple_execlp(kdb_util, "kdb_util", kdb_util_command,
196 lockfile, database, NULL) != 0) {
197 klog(L_KRB_PERR, "*** Propagation failed ***");
200 klog(L_KRB_PERR, "Propagation finished successfully");
212 doit_interactive(void)
214 struct sockaddr_in sa;
219 s = socket(AF_INET, SOCK_STREAM, 0);
221 klog(L_KRB_PERR, "socket: %s", strerror(errno));
224 memset(&sa, 0, sizeof(sa));
225 sa.sin_family = AF_INET;
226 sa.sin_port = k_getportbyname ("krb_prop", "tcp", htons(KPROP_PORT));
227 ret = bind(s, (struct sockaddr*)&sa, sizeof(sa));
229 klog(L_KRB_PERR, "bind: %s", strerror(errno));
232 ret = listen(s, SOMAXCONN);
234 klog(L_KRB_PERR, "listen: %s", strerror(errno));
239 s2 = accept(s, (struct sockaddr*)&sa, &salen);
242 klog(L_KRB_PERR, "fork: %s", strerror(errno));
261 "Usage: kpropd [-i] [-d database] [-l log] [-m] [-[p|P] program]"
262 " [-r realm] [-s srvtab]\n");
267 main(int argc, char **argv)
272 krb_get_lrealm(realm, 1);
274 while((opt = getopt(argc, argv, ":d:l:mp:P:r:s:i")) >= 0){
283 kdb_util_command = "merge";
290 strlcpy(realm, optarg, REALM_SZ);
299 klog(L_KRB_PERR, "Bad option: -%c", optopt);
305 /* Use logfile as stderr so we don't lose error messages. */
306 int fd = open(logfile, O_CREAT | O_WRONLY | O_APPEND, 0600);
308 klog(L_KRB_PERR, "Can't open logfile %s: %s", logfile,strerror(errno));
313 kset_logfile(logfile);
315 return doit_interactive ();