2 * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 RCSID("$Id: ipropd_master.c,v 1.29 2003/03/19 11:56:38 lha Exp $");
39 static krb5_log_facility *log_facility;
41 const char *slave_stats_file = KADM5_SLAVE_STATS;
44 make_signal_socket (krb5_context context)
46 struct sockaddr_un addr;
49 fd = socket (AF_UNIX, SOCK_DGRAM, 0);
51 krb5_err (context, 1, errno, "socket AF_UNIX");
52 memset (&addr, 0, sizeof(addr));
53 addr.sun_family = AF_UNIX;
54 strlcpy (addr.sun_path, KADM5_LOG_SIGNAL, sizeof(addr.sun_path));
55 unlink (addr.sun_path);
56 if (bind (fd, (struct sockaddr *)&addr, sizeof(addr)) < 0)
57 krb5_err (context, 1, errno, "bind %s", addr.sun_path);
62 make_listen_socket (krb5_context context)
66 struct sockaddr_in addr;
68 fd = socket (AF_INET, SOCK_STREAM, 0);
70 krb5_err (context, 1, errno, "socket AF_INET");
71 setsockopt (fd, SOL_SOCKET, SO_REUSEADDR, (void *)&one, sizeof(one));
72 memset (&addr, 0, sizeof(addr));
73 addr.sin_family = AF_INET;
74 addr.sin_port = krb5_getportbyname (context,
75 IPROP_SERVICE, "tcp", IPROP_PORT);
76 if(bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0)
77 krb5_err (context, 1, errno, "bind");
78 if (listen(fd, SOMAXCONN) < 0)
79 krb5_err (context, 1, errno, "listen");
85 struct sockaddr_in addr;
91 #define SLAVE_F_DEAD 0x1
95 typedef struct slave slave;
98 check_acl (krb5_context context, const char *name)
104 fp = fopen (KADM5_SLAVE_ACL, "r");
107 while (fgets(buf, sizeof(buf), fp) != NULL) {
108 if (buf[strlen(buf) - 1 ] == '\n')
109 buf[strlen(buf) - 1 ] = '\0';
110 if (strcmp (buf, name) == 0) {
122 s->seen = time(NULL);
132 s->flags |= SLAVE_F_DEAD;
137 remove_slave (krb5_context context, slave *s, slave **root)
146 krb5_auth_con_free (context, s->ac);
148 for (p = root; *p; p = &(*p)->next)
157 add_slave (krb5_context context, krb5_keytab keytab, slave **root, int fd)
159 krb5_principal server;
163 krb5_ticket *ticket = NULL;
166 s = malloc(sizeof(*s));
168 krb5_warnx (context, "add_slave: no memory");
174 addr_len = sizeof(s->addr);
175 s->fd = accept (fd, (struct sockaddr *)&s->addr, &addr_len);
177 krb5_warn (context, errno, "accept");
180 gethostname(hostname, sizeof(hostname));
181 ret = krb5_sname_to_principal (context, hostname, IPROP_NAME,
182 KRB5_NT_SRV_HST, &server);
184 krb5_warn (context, ret, "krb5_sname_to_principal");
188 ret = krb5_recvauth (context, &s->ac, &s->fd,
189 IPROP_VERSION, server, 0, keytab, &ticket);
190 krb5_free_principal (context, server);
192 krb5_warn (context, ret, "krb5_recvauth");
195 ret = krb5_unparse_name (context, ticket->client, &s->name);
197 krb5_warn (context, ret, "krb5_unparse_name");
200 if (check_acl (context, s->name)) {
201 krb5_warnx (context, "%s not in acl", s->name);
204 krb5_free_ticket (context, ticket);
211 if (strcmp(l->name, s->name) == 0)
216 if (l->flags & SLAVE_F_DEAD) {
217 remove_slave(context, l, root);
219 krb5_warnx (context, "second connection from %s", s->name);
225 krb5_warnx (context, "connection from %s", s->name);
234 remove_slave(context, s, root);
237 struct prop_context {
238 krb5_auth_context auth_context;
243 prop_one (krb5_context context, HDB *db, hdb_entry *entry, void *v)
247 struct slave *slave = (struct slave *)v;
249 ret = hdb_entry2value (context, entry, &data);
252 ret = krb5_data_realloc (&data, data.length + 4);
254 krb5_data_free (&data);
257 memmove ((char *)data.data + 4, data.data, data.length - 4);
258 _krb5_put_int (data.data, ONE_PRINC, 4);
260 ret = krb5_write_priv_message (context, slave->ac, &slave->fd, &data);
261 krb5_data_free (&data);
266 send_complete (krb5_context context, slave *s,
267 const char *database, u_int32_t current_version)
274 ret = hdb_create (context, &db, database);
276 krb5_err (context, 1, ret, "hdb_create: %s", database);
277 ret = db->open (context, db, O_RDONLY, 0);
279 krb5_err (context, 1, ret, "db->open");
281 _krb5_put_int(buf, TELL_YOU_EVERYTHING, 4);
286 ret = krb5_write_priv_message(context, s->ac, &s->fd, &data);
289 krb5_warn (context, ret, "krb5_write_priv_message");
294 ret = hdb_foreach (context, db, 0, prop_one, s);
296 krb5_warn (context, ret, "hdb_foreach");
301 _krb5_put_int (buf, NOW_YOU_HAVE, 4);
302 _krb5_put_int (buf + 4, current_version, 4);
305 s->version = current_version;
307 ret = krb5_write_priv_message(context, s->ac, &s->fd, &data);
310 krb5_warn (context, ret, "krb5_write_priv_message");
320 send_diffs (krb5_context context, slave *s, int log_fd,
321 const char *database, u_int32_t current_version)
332 if (s->version == current_version)
335 if (s->flags & SLAVE_F_DEAD)
338 sp = kadm5_log_goto_end (log_fd);
339 right = krb5_storage_seek(sp, 0, SEEK_CUR);
341 if (kadm5_log_previous (sp, &ver, ×tamp, &op, &len))
343 left = krb5_storage_seek(sp, -16, SEEK_CUR);
344 if (ver == s->version)
346 if (ver == s->version + 1)
349 return send_complete (context, s, database, current_version);
351 krb5_data_alloc (&data, right - left + 4);
352 krb5_storage_read (sp, (char *)data.data + 4, data.length - 4);
353 krb5_storage_free(sp);
355 _krb5_put_int(data.data, FOR_YOU, 4);
357 ret = krb5_write_priv_message(context, s->ac, &s->fd, &data);
358 krb5_data_free(&data);
361 krb5_warn (context, ret, "krb5_write_priv_message");
371 process_msg (krb5_context context, slave *s, int log_fd,
372 const char *database, u_int32_t current_version)
379 ret = krb5_read_priv_message(context, s->ac, &s->fd, &out);
381 krb5_warn (context, ret, "error reading message from %s", s->name);
385 sp = krb5_storage_from_mem (out.data, out.length);
386 krb5_ret_int32 (sp, &tmp);
389 krb5_ret_int32 (sp, &tmp);
391 ret = send_diffs (context, s, log_fd, database, current_version);
395 krb5_warnx (context, "Ignoring command %d", tmp);
399 krb5_data_free (&out);
406 #define SLAVE_NAME "Name"
407 #define SLAVE_ADDRESS "Address"
408 #define SLAVE_VERSION "Version"
409 #define SLAVE_STATUS "Status"
410 #define SLAVE_SEEN "Last Seen"
413 write_stats(krb5_context context, slave *slaves, u_int32_t current_version)
417 time_t t = time(NULL);
420 fp = fopen(slave_stats_file, "w");
424 strftime(str, sizeof(str), "%Y-%m-%d %H:%M:%S",
426 fprintf(fp, "Status for slaves, last updated: %s\n\n", str);
428 fprintf(fp, "Master version: %lu\n\n", (unsigned long)current_version);
436 rtbl_add_column(tbl, SLAVE_NAME, 0);
437 rtbl_add_column(tbl, SLAVE_ADDRESS, 0);
438 rtbl_add_column(tbl, SLAVE_VERSION, RTBL_ALIGN_RIGHT);
439 rtbl_add_column(tbl, SLAVE_STATUS, 0);
440 rtbl_add_column(tbl, SLAVE_SEEN, 0);
442 rtbl_set_prefix(tbl, " ");
443 rtbl_set_column_prefix(tbl, SLAVE_NAME, "");
448 rtbl_add_column_entry(tbl, SLAVE_NAME, slaves->name);
449 ret = krb5_sockaddr2address (context,
450 (struct sockaddr*)&slaves->addr, &addr);
452 krb5_print_address(&addr, str, sizeof(str), NULL);
453 krb5_free_address(context, &addr);
454 rtbl_add_column_entry(tbl, SLAVE_ADDRESS, str);
456 rtbl_add_column_entry(tbl, SLAVE_ADDRESS, "<unknown>");
458 snprintf(str, sizeof(str), "%u", (unsigned)slaves->version);
459 rtbl_add_column_entry(tbl, SLAVE_VERSION, str);
461 if (slaves->flags & SLAVE_F_DEAD)
462 rtbl_add_column_entry(tbl, SLAVE_STATUS, "Down");
464 rtbl_add_column_entry(tbl, SLAVE_STATUS, "Up");
466 if (strftime(str, sizeof(str), "%Y-%m-%d %H:%M:%S %Z",
467 localtime(&slaves->seen)) == 0)
468 strlcpy(str, "Unknown time", sizeof(str));
469 rtbl_add_column_entry(tbl, SLAVE_SEEN, str);
471 slaves = slaves->next;
474 rtbl_format(tbl, fp);
482 static int version_flag;
483 static int help_flag;
484 static char *keytab_str = "HDB:";
485 static char *database;
487 static struct getargs args[] = {
488 { "realm", 'r', arg_string, &realm },
489 { "keytab", 'k', arg_string, &keytab_str,
490 "keytab to get authentication from", "kspec" },
491 { "database", 'd', arg_string, &database, "database", "file"},
492 { "slave-stats-file", 0, arg_string, &slave_stats_file, "file"},
493 { "version", 0, arg_flag, &version_flag },
494 { "help", 0, arg_flag, &help_flag }
496 static int num_args = sizeof(args) / sizeof(args[0]);
499 main(int argc, char **argv)
502 krb5_context context;
504 kadm5_server_context *server_context;
505 kadm5_config_params conf;
506 int signal_fd, listen_fd;
508 slave *slaves = NULL;
509 u_int32_t current_version, old_version = 0;
513 optind = krb5_program_setup(&context, argc, argv, args, num_args, NULL);
516 krb5_std_usage(0, args, num_args);
523 krb5_openlog (context, "ipropd-master", &log_facility);
524 krb5_set_warn_dest(context, log_facility);
526 ret = krb5_kt_register(context, &hdb_kt_ops);
528 krb5_err(context, 1, ret, "krb5_kt_register");
530 ret = krb5_kt_resolve(context, keytab_str, &keytab);
532 krb5_err(context, 1, ret, "krb5_kt_resolve: %s", keytab_str);
534 memset(&conf, 0, sizeof(conf));
536 conf.mask |= KADM5_CONFIG_REALM;
539 ret = kadm5_init_with_skey_ctx (context,
546 krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
548 server_context = (kadm5_server_context *)kadm_handle;
550 log_fd = open (server_context->log_context.log_file, O_RDONLY, 0);
552 krb5_err (context, 1, errno, "open %s",
553 server_context->log_context.log_file);
555 signal_fd = make_signal_socket (context);
556 listen_fd = make_listen_socket (context);
558 signal (SIGPIPE, SIG_IGN);
564 struct timeval to = {30, 0};
567 if (signal_fd >= FD_SETSIZE || listen_fd >= FD_SETSIZE)
568 krb5_errx (context, 1, "fd too large");
571 FD_SET(signal_fd, &readset);
572 max_fd = max(max_fd, signal_fd);
573 FD_SET(listen_fd, &readset);
574 max_fd = max(max_fd, listen_fd);
576 for (p = slaves; p != NULL; p = p->next) {
577 if (p->flags & SLAVE_F_DEAD)
579 FD_SET(p->fd, &readset);
580 max_fd = max(max_fd, p->fd);
583 ret = select (max_fd + 1,
584 &readset, NULL, NULL, &to);
589 krb5_err (context, 1, errno, "select");
593 old_version = current_version;
594 kadm5_log_get_version_fd (log_fd, ¤t_version);
596 if (current_version > old_version)
597 for (p = slaves; p != NULL; p = p->next) {
598 if (p->flags & SLAVE_F_DEAD)
600 send_diffs (context, p, log_fd, database, current_version);
604 if (ret && FD_ISSET(signal_fd, &readset)) {
605 struct sockaddr_un peer_addr;
606 socklen_t peer_len = sizeof(peer_addr);
608 if(recvfrom(signal_fd, (void *)&vers, sizeof(vers), 0,
609 (struct sockaddr *)&peer_addr, &peer_len) < 0) {
610 krb5_warn (context, errno, "recvfrom");
614 old_version = current_version;
615 kadm5_log_get_version_fd (log_fd, ¤t_version);
616 for (p = slaves; p != NULL; p = p->next)
617 send_diffs (context, p, log_fd, database, current_version);
620 for(p = slaves; ret && p != NULL; p = p->next) {
621 if (p->flags & SLAVE_F_DEAD)
623 if (FD_ISSET(p->fd, &readset)) {
625 if(process_msg (context, p, log_fd, database, current_version))
630 if (ret && FD_ISSET(listen_fd, &readset)) {
631 add_slave (context, keytab, &slaves, listen_fd);
634 write_stats(context, slaves, current_version);
projects / dragonfly.git / blob