oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Use SOCKET data type instead of ints for sockets in kdc

Browse Source
This commit is contained in:
Asanka Herath
2009-09-14 13:41:00 -04:00
committed by Love Hornquist Astrand
parent 4583cc514d
commit d47c01083b
2 changed files with 81 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

93
kdc/connect.c
View File

@@ -217,7 +217,7 @@ parse_ports(krb5_context context,
*/ */
struct descr { struct descr {
int s; SOCKET s;
int type; int type;
int port; int port;
unsigned char *buf; unsigned char *buf;
@@ -235,7 +235,7 @@ init_descr(struct descr *d)
{ {
memset(d, 0, sizeof(*d)); memset(d, 0, sizeof(*d));
d->sa = (struct sockaddr *)&d->__ss; d->sa = (struct sockaddr *)&d->__ss;
d->s = -1; d->s = INVALID_SOCKET;
} }
/* /*
@@ -270,8 +270,8 @@ init_socket(krb5_context context,
ret = krb5_addr2sockaddr (context, a, sa, &sa_size, port); ret = krb5_addr2sockaddr (context, a, sa, &sa_size, port);
if (ret) { if (ret) {
krb5_warn(context, ret, "krb5_addr2sockaddr"); krb5_warn(context, ret, "krb5_addr2sockaddr");
close(d->s); closesocket(d->s);
d->s = -1; d->s = INVALID_SOCKET;
return; return;
} }
@@ -279,9 +279,9 @@ init_socket(krb5_context context,
return; return;
d->s = socket(family, type, 0); d->s = socket(family, type, 0);
if(d->s < 0){ if(IS_BAD_SOCKET(d->s)){
krb5_warn(context, errno, "socket(%d, %d, 0)", family, type); krb5_warn(context, errno, "socket(%d, %d, 0)", family, type);
d->s = -1; d->s = INVALID_SOCKET;
return; return;
} }
#if defined(HAVE_SETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_REUSEADDR) #if defined(HAVE_SETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_REUSEADDR)
@@ -293,24 +293,24 @@ init_socket(krb5_context context,
d->type = type; d->type = type;
d->port = port; d->port = port;
if(bind(d->s, sa, sa_size) < 0){ if(IS_SOCKET_ERROR(bind(d->s, sa, sa_size))){
char a_str[256]; char a_str[256];
size_t len; size_t len;
krb5_print_address (a, a_str, sizeof(a_str), &len); krb5_print_address (a, a_str, sizeof(a_str), &len);
krb5_warn(context, errno, "bind %s/%d", a_str, ntohs(port)); krb5_warn(context, errno, "bind %s/%d", a_str, ntohs(port));
close(d->s); closesocket(d->s);
d->s = -1; d->s = INVALID_SOCKET;
return; return;
} }
if(type == SOCK_STREAM && listen(d->s, SOMAXCONN) < 0){ if(type == SOCK_STREAM && IS_SOCKET_ERROR(listen(d->s, SOMAXCONN))){
char a_str[256]; char a_str[256];
size_t len; size_t len;
krb5_print_address (a, a_str, sizeof(a_str), &len); krb5_print_address (a, a_str, sizeof(a_str), &len);
krb5_warn(context, errno, "listen %s/%d", a_str, ntohs(port)); krb5_warn(context, errno, "listen %s/%d", a_str, ntohs(port));
close(d->s); closesocket(d->s);
d->s = -1; d->s = INVALID_SOCKET;
return; return;
} }
} }
@@ -348,7 +348,7 @@ init_sockets(krb5_context context,
for (j = 0; j < addresses.len; ++j) { for (j = 0; j < addresses.len; ++j) {
init_socket(context, config, &d[num], &addresses.val[j], init_socket(context, config, &d[num], &addresses.val[j],
ports[i].family, ports[i].type, ports[i].port); ports[i].family, ports[i].type, ports[i].port);
if(d[num].s != -1){ if(d[num].s != INVALID_SOCKET){
char a_str[80]; char a_str[80];
size_t len; size_t len;
@@ -423,15 +423,15 @@ send_reply(krb5_context context,
l[1] = (reply->length >> 16) & 0xff; l[1] = (reply->length >> 16) & 0xff;
l[2] = (reply->length >> 8) & 0xff; l[2] = (reply->length >> 8) & 0xff;
l[3] = reply->length & 0xff; l[3] = reply->length & 0xff;
if(sendto(d->s, l, sizeof(l), 0, d->sa, d->sock_len) < 0) { if(IS_SOCKET_ERROR(sendto(d->s, l, sizeof(l), 0, d->sa, d->sock_len))) {
kdc_log (context, config, kdc_log (context, config,
0, "sendto(%s): %s", d->addr_string, strerror(errno)); 0, "sendto(%s): %s", d->addr_string, strerror(SOCK_ERRNO));
return; return;
} }
} }
if(sendto(d->s, reply->data, reply->length, 0, d->sa, d->sock_len) < 0) { if(IS_SOCKET_ERROR(sendto(d->s, reply->data, reply->length, 0, d->sa, d->sock_len))) {
kdc_log (context, config, kdc_log (context, config,
0, "sendto(%s): %s", d->addr_string, strerror(errno)); 0, "sendto(%s): %s", d->addr_string, strerror(SOCK_ERRNO));
return; return;
} }
} }
@@ -488,10 +488,10 @@ handle_udp(krb5_context context,
} }
d->sock_len = sizeof(d->__ss); d->sock_len = sizeof(d->__ss);
n = recvfrom(d->s, buf, max_request_udp, 0, d->sa, &d->sock_len); n = recvfrom(d->s, buf, max_request, 0, d->sa, &d->sock_len);
if(n < 0) { if(IS_SOCKET_ERROR(n))
krb5_warn(context, errno, "recvfrom"); krb5_warn(context, SOCK_ERRNO, "recvfrom");
} else { else {
addr_to_string (context, d->sa, d->sock_len, addr_to_string (context, d->sa, d->sock_len,
d->addr_string, sizeof(d->addr_string)); d->addr_string, sizeof(d->addr_string));
if (n == max_request_udp) { if (n == max_request_udp) {
@@ -523,9 +523,9 @@ clear_descr(struct descr *d)
if(d->buf) if(d->buf)
memset(d->buf, 0, d->size); memset(d->buf, 0, d->size);
d->len = 0; d->len = 0;
if(d->s != -1) if(d->s != INVALID_SOCKET)
close(d->s); closesocket(d->s);
d->s = -1; d->s = INVALID_SOCKET;
} }
@@ -559,23 +559,25 @@ add_new_tcp (krb5_context context,
krb5_kdc_configuration *config, krb5_kdc_configuration *config,
struct descr *d, int parent, int child) struct descr *d, int parent, int child)
{ {
int s; SOCKET s;
if (child == -1) if (child == -1)
return; return;
d[child].sock_len = sizeof(d[child].__ss); d[child].sock_len = sizeof(d[child].__ss);
s = accept(d[parent].s, d[child].sa, &d[child].sock_len); s = accept(d[parent].s, d[child].sa, &d[child].sock_len);
if(s < 0) { if(IS_BAD_SOCKET(s)) {
krb5_warn(context, errno, "accept"); krb5_warn(context, SOCK_ERRNO, "accept");
return; return;
} }
#ifndef NO_LIMIT_FD_SETSIZE
if (s >= FD_SETSIZE) { if (s >= FD_SETSIZE) {
krb5_warnx(context, "socket FD too large"); krb5_warnx(context, "socket FD too large");
close (s); closesocket (s);
return; return;
} }
#endif
d[child].s = s; d[child].s = s;
d[child].timeout = time(NULL) + TCP_TIMEOUT; d[child].timeout = time(NULL) + TCP_TIMEOUT;
@@ -718,14 +720,14 @@ handle_http_tcp (krb5_context context,
kdc_log(context, config, 0, "HTTP request from %s is non KDC request", d->addr_string); kdc_log(context, config, 0, "HTTP request from %s is non KDC request", d->addr_string);
kdc_log(context, config, 5, "HTTP request: %s", t); kdc_log(context, config, 5, "HTTP request: %s", t);
free(data); free(data);
if (write(d->s, proto, strlen(proto)) < 0) { if (IS_SOCKET_ERROR(send(d->s, proto, strlen(proto), 0))) {
kdc_log(context, config, 0, "HTTP write failed: %s: %s", kdc_log(context, config, 0, "HTTP write failed: %s: %s",
d->addr_string, strerror(errno)); d->addr_string, strerror(SOCK_ERRNO));
return -1; return -1;
} }
if (write(d->s, msg, strlen(msg)) < 0) { if (IS_SOCKET_ERROR(send(d->s, msg, strlen(msg), 0))) {
kdc_log(context, config, 0, "HTTP write failed: %s: %s", kdc_log(context, config, 0, "HTTP write failed: %s: %s",
d->addr_string, strerror(errno)); d->addr_string, strerror(SOCK_ERRNO));
return -1; return -1;
} }
return -1; return -1;
@@ -738,16 +740,16 @@ handle_http_tcp (krb5_context context,
"Pragma: no-cache\r\n" "Pragma: no-cache\r\n"
"Content-type: application/octet-stream\r\n" "Content-type: application/octet-stream\r\n"
"Content-transfer-encoding: binary\r\n\r\n"; "Content-transfer-encoding: binary\r\n\r\n";
if (write(d->s, proto, strlen(proto)) < 0) { if (IS_SOCKET_ERROR(send(d->s, proto, strlen(proto), 0))) {
free(data); free(data);
kdc_log(context, config, 0, "HTTP write failed: %s: %s", kdc_log(context, config, 0, "HTTP write failed: %s: %s",
d->addr_string, strerror(errno)); d->addr_string, strerror(SOCK_ERRNO));
return -1; return -1;
} }
if (write(d->s, msg, strlen(msg)) < 0) { if (IS_SOCKET_ERROR(send(d->s, msg, strlen(msg), 0))) {
free(data); free(data);
kdc_log(context, config, 0, "HTTP write failed: %s: %s", kdc_log(context, config, 0, "HTTP write failed: %s: %s",
d->addr_string, strerror(errno)); d->addr_string, strerror(SOCK_ERRNO));
return -1; return -1;
} }
} }
@@ -778,8 +780,8 @@ handle_tcp(krb5_context context,
} }
n = recvfrom(d[idx].s, buf, sizeof(buf), 0, NULL, NULL); n = recvfrom(d[idx].s, buf, sizeof(buf), 0, NULL, NULL);
if(n < 0){ if(IS_SOCKET_ERROR(n)){
krb5_warn(context, errno, "recvfrom failed from %s to %s/%d", krb5_warn(context, SOCK_ERRNO, "recvfrom failed from %s to %s/%d",
d[idx].addr_string, descr_type(d + idx), d[idx].addr_string, descr_type(d + idx),
ntohs(d[idx].port)); ntohs(d[idx].port));
return; return;
@@ -865,7 +867,7 @@ loop(krb5_context context,
FD_ZERO(&fds); FD_ZERO(&fds);
for(i = 0; i < ndescr; i++) { for(i = 0; i < ndescr; i++) {
if(d[i].s >= 0){ if(!IS_BAD_SOCKET(d[i].s)){
if(d[i].type == SOCK_STREAM && if(d[i].type == SOCK_STREAM &&
d[i].timeout && d[i].timeout < time(NULL)) { d[i].timeout && d[i].timeout < time(NULL)) {
kdc_log(context, config, 1, kdc_log(context, config, 1,
@@ -874,10 +876,12 @@ loop(krb5_context context,
clear_descr(&d[i]); clear_descr(&d[i]);
continue; continue;
} }
#ifndef NO_LIMIT_FD_SETSIZE
if(max_fd < d[i].s) if(max_fd < d[i].s)
max_fd = d[i].s; max_fd = d[i].s;
if (max_fd >= FD_SETSIZE) if (max_fd >= FD_SETSIZE)
krb5_errx(context, 1, "fd too large"); krb5_errx(context, 1, "fd too large");
#endif
FD_SET(d[i].s, &fds); FD_SET(d[i].s, &fds);
} else if(min_free < 0 || i < min_free) } else if(min_free < 0 || i < min_free)
min_free = i; min_free = i;
@@ -905,11 +909,11 @@ loop(krb5_context context,
break; break;
case -1: case -1:
if (errno != EINTR) if (errno != EINTR)
krb5_warn(context, errno, "select"); krb5_warn(context, SOCK_ERRNO, "select");
break; break;
default: default:
for(i = 0; i < ndescr; i++) for(i = 0; i < ndescr; i++)
if(d[i].s >= 0 && FD_ISSET(d[i].s, &fds)) { if(!IS_BAD_SOCKET(d[i].s) && FD_ISSET(d[i].s, &fds)) {
if(d[i].type == SOCK_DGRAM) if(d[i].type == SOCK_DGRAM)
handle_udp(context, config, &d[i]); handle_udp(context, config, &d[i]);
else if(d[i].type == SOCK_STREAM) else if(d[i].type == SOCK_STREAM)
@@ -917,8 +921,11 @@ loop(krb5_context context,
} }
} }
} }
if(exit_flag == SIGXCPU) if (0);
#ifndef NO_SIGXCPU
else if(exit_flag == SIGXCPU)
kdc_log(context, config, 0, "CPU time limit exceeded"); kdc_log(context, config, 0, "CPU time limit exceeded");
#endif
else if(exit_flag == SIGINT || exit_flag == SIGTERM) else if(exit_flag == SIGINT || exit_flag == SIGTERM)
kdc_log(context, config, 0, "Terminated"); kdc_log(context, config, 0, "Terminated");
else else

45
kdc/hpropd.c
View File

@@ -35,7 +35,9 @@
RCSID("$Id$"); RCSID("$Id$");
#ifndef NO_INETD
static int inetd_flag = -1; static int inetd_flag = -1;
#endif
static int help_flag; static int help_flag;
static int version_flag; static int version_flag;
static int print_dump; static int print_dump;
@@ -48,8 +50,10 @@ struct getargs args[] = {
{ "database", 'd', arg_string, &database, "database", "file" }, { "database", 'd', arg_string, &database, "database", "file" },
{ "stdin", 'n', arg_flag, &from_stdin, "read from stdin" }, { "stdin", 'n', arg_flag, &from_stdin, "read from stdin" },
{ "print", 0, arg_flag, &print_dump, "print dump to stdout" }, { "print", 0, arg_flag, &print_dump, "print dump to stdout" },
#ifndef NO_INETD
{ "inetd", 'i', arg_negative_flag, &inetd_flag, { "inetd", 'i', arg_negative_flag, &inetd_flag,
"Not started from inetd" }, "Not started from inetd" },
#endif
{ "keytab", 'k', arg_string, &ktname, "keytab to use for authentication", "keytab" }, { "keytab", 'k', arg_string, &ktname, "keytab to use for authentication", "keytab" },
{ "realm", 'r', arg_string, &local_realm, "realm to use" }, { "realm", 'r', arg_string, &local_realm, "realm to use" },
{ "version", 0, arg_flag, &version_flag, NULL, NULL }, { "version", 0, arg_flag, &version_flag, NULL, NULL },
@@ -74,7 +78,8 @@ main(int argc, char **argv)
krb5_principal c1, c2; krb5_principal c1, c2;
krb5_authenticator authent; krb5_authenticator authent;
krb5_keytab keytab; krb5_keytab keytab;
int fd; SOCKET sock = INVALID_SOCKET;
int close_socket = 0;
HDB *db = NULL; HDB *db = NULL;
int optidx = 0; int optidx = 0;
char *tmp_db; char *tmp_db;
@@ -114,9 +119,9 @@ main(int argc, char **argv)
if (database == NULL) if (database == NULL)
database = hdb_default_db(context); database = hdb_default_db(context);
if(from_stdin) if(from_stdin) {
fd = STDIN_FILENO; sock = STDIN_FILENO;
else { } else {
struct sockaddr_storage ss; struct sockaddr_storage ss;
struct sockaddr *sa = (struct sockaddr *)&ss; struct sockaddr *sa = (struct sockaddr *)&ss;
socklen_t sin_len = sizeof(ss); socklen_t sin_len = sizeof(ss);
@@ -124,19 +129,27 @@ main(int argc, char **argv)
krb5_ticket *ticket; krb5_ticket *ticket;
char *server; char *server;
fd = STDIN_FILENO; sock = STDIN_FILENO;
#ifndef NO_INETD
if (inetd_flag == -1) { if (inetd_flag == -1) {
if (getpeername (fd, sa, &sin_len) < 0) if (getpeername (sock, sa, &sin_len) < 0) {
inetd_flag = 0; inetd_flag = 0;
else close_socket = 0;
} else {
inetd_flag = 1; inetd_flag = 1;
close_socket = 0;
}
} }
if (!inetd_flag) { if (!inetd_flag) {
#endif
mini_inetd (krb5_getportbyname (context, "hprop", "tcp", mini_inetd (krb5_getportbyname (context, "hprop", "tcp",
HPROP_PORT)); HPROP_PORT), &sock);
close_socket = 1;
#ifndef NO_INETD
} }
#endif
sin_len = sizeof(ss); sin_len = sizeof(ss);
if(getpeername(fd, sa, &sin_len) < 0) if(getpeername(sock, sa, &sin_len) < 0)
krb5_err(context, 1, errno, "getpeername"); krb5_err(context, 1, errno, "getpeername");
if (inet_ntop(sa->sa_family, if (inet_ntop(sa->sa_family,
@@ -162,7 +175,7 @@ main(int argc, char **argv)
krb5_err (context, 1, ret, "krb5_kt_default"); krb5_err (context, 1, ret, "krb5_kt_default");
} }
ret = krb5_recvauth(context, &ac, &fd, HPROP_VERSION, NULL, ret = krb5_recvauth(context, &ac, &sock, HPROP_VERSION, NULL,
0, keytab, &ticket); 0, keytab, &ticket);
if(ret) if(ret)
krb5_err(context, 1, ret, "krb5_recvauth"); krb5_err(context, 1, ret, "krb5_recvauth");
@@ -179,7 +192,7 @@ main(int argc, char **argv)
ret = krb5_auth_con_getauthenticator(context, ac, &authent); ret = krb5_auth_con_getauthenticator(context, ac, &authent);
if(ret) if(ret)
krb5_err(context, 1, ret, "krb5_auth_con_getauthenticator"); krb5_err(context, 1, ret, "krb5_auth_con_getauthenticator");
ret = krb5_make_principal(context, &c1, NULL, "kadmin", "hprop", NULL); ret = krb5_make_principal(context, &c1, NULL, "kadmin", "hprop", NULL);
if(ret) if(ret)
krb5_err(context, 1, ret, "krb5_make_principal"); krb5_err(context, 1, ret, "krb5_make_principal");
@@ -217,11 +230,11 @@ main(int argc, char **argv)
hdb_entry_ex entry; hdb_entry_ex entry;
if(from_stdin) { if(from_stdin) {
ret = krb5_read_message(context, &fd, &data); ret = krb5_read_message(context, &sock, &data);
if(ret != 0 && ret != HEIM_ERR_EOF) if(ret != 0 && ret != HEIM_ERR_EOF)
krb5_err(context, 1, ret, "krb5_read_message"); krb5_err(context, 1, ret, "krb5_read_message");
} else { } else {
ret = krb5_read_priv_message(context, ac, &fd, &data); ret = krb5_read_priv_message(context, ac, &sock, &data);
if(ret) if(ret)
krb5_err(context, 1, ret, "krb5_read_priv_message"); krb5_err(context, 1, ret, "krb5_read_priv_message");
} }
@@ -230,7 +243,7 @@ main(int argc, char **argv)
if(!from_stdin) { if(!from_stdin) {
data.data = NULL; data.data = NULL;
data.length = 0; data.length = 0;
krb5_write_priv_message(context, ac, &fd, &data); krb5_write_priv_message(context, ac, &sock, &data);
} }
if(!print_dump) { if(!print_dump) {
ret = db->hdb_rename(context, db, database); ret = db->hdb_rename(context, db, database);
@@ -267,5 +280,9 @@ main(int argc, char **argv)
} }
if (!print_dump) if (!print_dump)
krb5_log(context, fac, 0, "Received %d principals", nprincs); krb5_log(context, fac, 0, "Received %d principals", nprincs);
if (close_socket)
closesocket(sock);
exit(0); exit(0);
} }