diff --git a/kdc/connect.c b/kdc/connect.c index c9b0ec538..d55415e41 100644 --- a/kdc/connect.c +++ b/kdc/connect.c @@ -217,7 +217,7 @@ parse_ports(krb5_context context, */ struct descr { - int s; + SOCKET s; int type; int port; unsigned char *buf; @@ -235,7 +235,7 @@ init_descr(struct descr *d) { memset(d, 0, sizeof(*d)); d->sa = (struct sockaddr *)&d->__ss; - d->s = -1; + d->s = INVALID_SOCKET; } /* @@ -270,8 +270,8 @@ init_socket(krb5_context context, ret = krb5_addr2sockaddr (context, a, sa, &sa_size, port); if (ret) { krb5_warn(context, ret, "krb5_addr2sockaddr"); - close(d->s); - d->s = -1; + closesocket(d->s); + d->s = INVALID_SOCKET; return; } @@ -279,9 +279,9 @@ init_socket(krb5_context context, return; d->s = socket(family, type, 0); - if(d->s < 0){ + if(IS_BAD_SOCKET(d->s)){ krb5_warn(context, errno, "socket(%d, %d, 0)", family, type); - d->s = -1; + d->s = INVALID_SOCKET; return; } #if defined(HAVE_SETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_REUSEADDR) @@ -293,24 +293,24 @@ init_socket(krb5_context context, d->type = type; d->port = port; - if(bind(d->s, sa, sa_size) < 0){ + if(IS_SOCKET_ERROR(bind(d->s, sa, sa_size))){ char a_str[256]; size_t len; krb5_print_address (a, a_str, sizeof(a_str), &len); krb5_warn(context, errno, "bind %s/%d", a_str, ntohs(port)); - close(d->s); - d->s = -1; + closesocket(d->s); + d->s = INVALID_SOCKET; return; } - if(type == SOCK_STREAM && listen(d->s, SOMAXCONN) < 0){ + if(type == SOCK_STREAM && IS_SOCKET_ERROR(listen(d->s, SOMAXCONN))){ char a_str[256]; size_t len; krb5_print_address (a, a_str, sizeof(a_str), &len); krb5_warn(context, errno, "listen %s/%d", a_str, ntohs(port)); - close(d->s); - d->s = -1; + closesocket(d->s); + d->s = INVALID_SOCKET; return; } } @@ -348,7 +348,7 @@ init_sockets(krb5_context context, for (j = 0; j < addresses.len; ++j) { init_socket(context, config, &d[num], &addresses.val[j], ports[i].family, ports[i].type, ports[i].port); - if(d[num].s != -1){ + if(d[num].s != INVALID_SOCKET){ char a_str[80]; size_t len; @@ -423,15 +423,15 @@ send_reply(krb5_context context, l[1] = (reply->length >> 16) & 0xff; l[2] = (reply->length >> 8) & 0xff; l[3] = reply->length & 0xff; - if(sendto(d->s, l, sizeof(l), 0, d->sa, d->sock_len) < 0) { + if(IS_SOCKET_ERROR(sendto(d->s, l, sizeof(l), 0, d->sa, d->sock_len))) { kdc_log (context, config, - 0, "sendto(%s): %s", d->addr_string, strerror(errno)); + 0, "sendto(%s): %s", d->addr_string, strerror(SOCK_ERRNO)); return; } } - if(sendto(d->s, reply->data, reply->length, 0, d->sa, d->sock_len) < 0) { + if(IS_SOCKET_ERROR(sendto(d->s, reply->data, reply->length, 0, d->sa, d->sock_len))) { kdc_log (context, config, - 0, "sendto(%s): %s", d->addr_string, strerror(errno)); + 0, "sendto(%s): %s", d->addr_string, strerror(SOCK_ERRNO)); return; } } @@ -488,10 +488,10 @@ handle_udp(krb5_context context, } d->sock_len = sizeof(d->__ss); - n = recvfrom(d->s, buf, max_request_udp, 0, d->sa, &d->sock_len); - if(n < 0) { - krb5_warn(context, errno, "recvfrom"); - } else { + n = recvfrom(d->s, buf, max_request, 0, d->sa, &d->sock_len); + if(IS_SOCKET_ERROR(n)) + krb5_warn(context, SOCK_ERRNO, "recvfrom"); + else { addr_to_string (context, d->sa, d->sock_len, d->addr_string, sizeof(d->addr_string)); if (n == max_request_udp) { @@ -523,9 +523,9 @@ clear_descr(struct descr *d) if(d->buf) memset(d->buf, 0, d->size); d->len = 0; - if(d->s != -1) - close(d->s); - d->s = -1; + if(d->s != INVALID_SOCKET) + closesocket(d->s); + d->s = INVALID_SOCKET; } @@ -559,23 +559,25 @@ add_new_tcp (krb5_context context, krb5_kdc_configuration *config, struct descr *d, int parent, int child) { - int s; + SOCKET s; if (child == -1) return; d[child].sock_len = sizeof(d[child].__ss); s = accept(d[parent].s, d[child].sa, &d[child].sock_len); - if(s < 0) { - krb5_warn(context, errno, "accept"); + if(IS_BAD_SOCKET(s)) { + krb5_warn(context, SOCK_ERRNO, "accept"); return; } - + +#ifndef NO_LIMIT_FD_SETSIZE if (s >= FD_SETSIZE) { krb5_warnx(context, "socket FD too large"); - close (s); + closesocket (s); return; } +#endif d[child].s = s; d[child].timeout = time(NULL) + TCP_TIMEOUT; @@ -718,14 +720,14 @@ handle_http_tcp (krb5_context context, kdc_log(context, config, 0, "HTTP request from %s is non KDC request", d->addr_string); kdc_log(context, config, 5, "HTTP request: %s", t); free(data); - if (write(d->s, proto, strlen(proto)) < 0) { + if (IS_SOCKET_ERROR(send(d->s, proto, strlen(proto), 0))) { kdc_log(context, config, 0, "HTTP write failed: %s: %s", - d->addr_string, strerror(errno)); + d->addr_string, strerror(SOCK_ERRNO)); return -1; } - if (write(d->s, msg, strlen(msg)) < 0) { + if (IS_SOCKET_ERROR(send(d->s, msg, strlen(msg), 0))) { kdc_log(context, config, 0, "HTTP write failed: %s: %s", - d->addr_string, strerror(errno)); + d->addr_string, strerror(SOCK_ERRNO)); return -1; } return -1; @@ -738,16 +740,16 @@ handle_http_tcp (krb5_context context, "Pragma: no-cache\r\n" "Content-type: application/octet-stream\r\n" "Content-transfer-encoding: binary\r\n\r\n"; - if (write(d->s, proto, strlen(proto)) < 0) { + if (IS_SOCKET_ERROR(send(d->s, proto, strlen(proto), 0))) { free(data); kdc_log(context, config, 0, "HTTP write failed: %s: %s", - d->addr_string, strerror(errno)); + d->addr_string, strerror(SOCK_ERRNO)); return -1; } - if (write(d->s, msg, strlen(msg)) < 0) { + if (IS_SOCKET_ERROR(send(d->s, msg, strlen(msg), 0))) { free(data); kdc_log(context, config, 0, "HTTP write failed: %s: %s", - d->addr_string, strerror(errno)); + d->addr_string, strerror(SOCK_ERRNO)); return -1; } } @@ -778,8 +780,8 @@ handle_tcp(krb5_context context, } n = recvfrom(d[idx].s, buf, sizeof(buf), 0, NULL, NULL); - if(n < 0){ - krb5_warn(context, errno, "recvfrom failed from %s to %s/%d", + if(IS_SOCKET_ERROR(n)){ + krb5_warn(context, SOCK_ERRNO, "recvfrom failed from %s to %s/%d", d[idx].addr_string, descr_type(d + idx), ntohs(d[idx].port)); return; @@ -865,7 +867,7 @@ loop(krb5_context context, FD_ZERO(&fds); for(i = 0; i < ndescr; i++) { - if(d[i].s >= 0){ + if(!IS_BAD_SOCKET(d[i].s)){ if(d[i].type == SOCK_STREAM && d[i].timeout && d[i].timeout < time(NULL)) { kdc_log(context, config, 1, @@ -874,10 +876,12 @@ loop(krb5_context context, clear_descr(&d[i]); continue; } +#ifndef NO_LIMIT_FD_SETSIZE if(max_fd < d[i].s) max_fd = d[i].s; if (max_fd >= FD_SETSIZE) krb5_errx(context, 1, "fd too large"); +#endif FD_SET(d[i].s, &fds); } else if(min_free < 0 || i < min_free) min_free = i; @@ -905,11 +909,11 @@ loop(krb5_context context, break; case -1: if (errno != EINTR) - krb5_warn(context, errno, "select"); + krb5_warn(context, SOCK_ERRNO, "select"); break; default: for(i = 0; i < ndescr; i++) - if(d[i].s >= 0 && FD_ISSET(d[i].s, &fds)) { + if(!IS_BAD_SOCKET(d[i].s) && FD_ISSET(d[i].s, &fds)) { if(d[i].type == SOCK_DGRAM) handle_udp(context, config, &d[i]); else if(d[i].type == SOCK_STREAM) @@ -917,8 +921,11 @@ loop(krb5_context context, } } } - if(exit_flag == SIGXCPU) + if (0); +#ifndef NO_SIGXCPU + else if(exit_flag == SIGXCPU) kdc_log(context, config, 0, "CPU time limit exceeded"); +#endif else if(exit_flag == SIGINT || exit_flag == SIGTERM) kdc_log(context, config, 0, "Terminated"); else diff --git a/kdc/hpropd.c b/kdc/hpropd.c index 73dc85d18..1f86257db 100644 --- a/kdc/hpropd.c +++ b/kdc/hpropd.c @@ -35,7 +35,9 @@ RCSID("$Id$"); +#ifndef NO_INETD static int inetd_flag = -1; +#endif static int help_flag; static int version_flag; static int print_dump; @@ -48,8 +50,10 @@ struct getargs args[] = { { "database", 'd', arg_string, &database, "database", "file" }, { "stdin", 'n', arg_flag, &from_stdin, "read from stdin" }, { "print", 0, arg_flag, &print_dump, "print dump to stdout" }, +#ifndef NO_INETD { "inetd", 'i', arg_negative_flag, &inetd_flag, "Not started from inetd" }, +#endif { "keytab", 'k', arg_string, &ktname, "keytab to use for authentication", "keytab" }, { "realm", 'r', arg_string, &local_realm, "realm to use" }, { "version", 0, arg_flag, &version_flag, NULL, NULL }, @@ -74,7 +78,8 @@ main(int argc, char **argv) krb5_principal c1, c2; krb5_authenticator authent; krb5_keytab keytab; - int fd; + SOCKET sock = INVALID_SOCKET; + int close_socket = 0; HDB *db = NULL; int optidx = 0; char *tmp_db; @@ -114,9 +119,9 @@ main(int argc, char **argv) if (database == NULL) database = hdb_default_db(context); - if(from_stdin) - fd = STDIN_FILENO; - else { + if(from_stdin) { + sock = STDIN_FILENO; + } else { struct sockaddr_storage ss; struct sockaddr *sa = (struct sockaddr *)&ss; socklen_t sin_len = sizeof(ss); @@ -124,19 +129,27 @@ main(int argc, char **argv) krb5_ticket *ticket; char *server; - fd = STDIN_FILENO; + sock = STDIN_FILENO; +#ifndef NO_INETD if (inetd_flag == -1) { - if (getpeername (fd, sa, &sin_len) < 0) + if (getpeername (sock, sa, &sin_len) < 0) { inetd_flag = 0; - else + close_socket = 0; + } else { inetd_flag = 1; + close_socket = 0; + } } if (!inetd_flag) { +#endif mini_inetd (krb5_getportbyname (context, "hprop", "tcp", - HPROP_PORT)); + HPROP_PORT), &sock); + close_socket = 1; +#ifndef NO_INETD } +#endif sin_len = sizeof(ss); - if(getpeername(fd, sa, &sin_len) < 0) + if(getpeername(sock, sa, &sin_len) < 0) krb5_err(context, 1, errno, "getpeername"); if (inet_ntop(sa->sa_family, @@ -162,7 +175,7 @@ main(int argc, char **argv) krb5_err (context, 1, ret, "krb5_kt_default"); } - ret = krb5_recvauth(context, &ac, &fd, HPROP_VERSION, NULL, + ret = krb5_recvauth(context, &ac, &sock, HPROP_VERSION, NULL, 0, keytab, &ticket); if(ret) krb5_err(context, 1, ret, "krb5_recvauth"); @@ -179,7 +192,7 @@ main(int argc, char **argv) ret = krb5_auth_con_getauthenticator(context, ac, &authent); if(ret) krb5_err(context, 1, ret, "krb5_auth_con_getauthenticator"); - + ret = krb5_make_principal(context, &c1, NULL, "kadmin", "hprop", NULL); if(ret) krb5_err(context, 1, ret, "krb5_make_principal"); @@ -217,11 +230,11 @@ main(int argc, char **argv) hdb_entry_ex entry; if(from_stdin) { - ret = krb5_read_message(context, &fd, &data); + ret = krb5_read_message(context, &sock, &data); if(ret != 0 && ret != HEIM_ERR_EOF) krb5_err(context, 1, ret, "krb5_read_message"); } else { - ret = krb5_read_priv_message(context, ac, &fd, &data); + ret = krb5_read_priv_message(context, ac, &sock, &data); if(ret) krb5_err(context, 1, ret, "krb5_read_priv_message"); } @@ -230,7 +243,7 @@ main(int argc, char **argv) if(!from_stdin) { data.data = NULL; data.length = 0; - krb5_write_priv_message(context, ac, &fd, &data); + krb5_write_priv_message(context, ac, &sock, &data); } if(!print_dump) { ret = db->hdb_rename(context, db, database); @@ -267,5 +280,9 @@ main(int argc, char **argv) } if (!print_dump) krb5_log(context, fac, 0, "Received %d principals", nprincs); + + if (close_socket) + closesocket(sock); + exit(0); }