1
/*
2
 * Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan
3
 * (Royal Institute of Technology, Stockholm, Sweden).
4
 * All rights reserved.
5
 *
6
 * Redistribution and use in source and binary forms, with or without
7
 * modification, are permitted provided that the following conditions
8
 * are met:
9
 *
10
 * 1. Redistributions of source code must retain the above copyright
11
 *    notice, this list of conditions and the following disclaimer.
12
 *
13
 * 2. Redistributions in binary form must reproduce the above copyright
14
 *    notice, this list of conditions and the following disclaimer in the
15
 *    documentation and/or other materials provided with the distribution.
16
 *
17
 * 3. Neither the name of the Institute nor the names of its contributors
18
 *    may be used to endorse or promote products derived from this software
19
 *    without specific prior written permission.
20
 *
21
 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31
 * SUCH DAMAGE.
32
 */
33

34
#include "kadmin_locl.h"
35
#ifdef HAVE_SYS_WAIT_H
36
#include <sys/wait.h>
37
#endif
38

39
struct kadm_port {
40
    char *port;
41
    unsigned short def_port;
42
    struct kadm_port *next;
43
} *kadm_ports;
44

45
static void
46
add_kadm_port(krb5_context contextp, const char *service, unsigned int port)
47
{
48
    struct kadm_port *p;
49
    p = malloc(sizeof(*p));
50
    if(p == NULL) {
51
	krb5_warnx(contextp, "failed to allocate %lu bytes\n",
52
		   (unsigned long)sizeof(*p));
53
	return;
54
    }
55

56
    p->port = strdup(service);
57
    p->def_port = port;
58

59
    p->next = kadm_ports;
60
    kadm_ports = p;
61
}
62

63
static void
64
add_standard_ports (krb5_context contextp)
65
{
66
    add_kadm_port(contextp, "kerberos-adm", 749);
67
}
68

69
/*
70
 * parse the set of space-delimited ports in `str' and add them.
71
 * "+" => all the standard ones
72
 * otherwise it's port|service[/protocol]
73
 */
74

75
void
76
parse_ports(krb5_context contextp, const char *str)
77
{
78
    char p[128];
79

80
    while(strsep_copy(&str, " \t", p, sizeof(p)) != -1) {
81
	if(strcmp(p, "+") == 0)
82
	    add_standard_ports(contextp);
83
	else
84
	    add_kadm_port(contextp, p, 0);
85
    }
86
}
87

88
static pid_t pgrp;
89
sig_atomic_t term_flag, doing_useful_work;
90

91
static RETSIGTYPE
92
sigchld(int sig)
93
{
94
    int status;
95
    /*
96
     * waitpid() is async safe. will return -1 or 0 on no more zombie
97
     * children
98
     */
99
    while ((waitpid(-1, &status, WNOHANG)) > 0)
100
	;
101
    SIGRETURN(0);
102
}
103

104
static RETSIGTYPE
105
terminate(int sig)
106
{
107
    if(getpid() == pgrp) {
108
	/* parent */
109
	term_flag = 1;
110
	signal(sig, SIG_IGN);
111
	killpg(pgrp, sig);
112
    } else {
113
	/* child */
114
	if(doing_useful_work)
115
	    term_flag = 1;
116
	else
117
	    exit(0);
118
    }
119
    SIGRETURN(0);
120
}
121

122
static int
123
spawn_child(krb5_context contextp, int *socks,
124
	    unsigned int num_socks, int this_sock)
125
{
126
    int e;
127
    size_t i;
128
    struct sockaddr_storage __ss;
129
    struct sockaddr *sa = (struct sockaddr *)&__ss;
130
    socklen_t sa_size = sizeof(__ss);
131
    krb5_socket_t s;
132
    pid_t pid;
133
    krb5_address addr;
134
    char buf[128];
135
    size_t buf_len;
136

137
    s = accept(socks[this_sock], sa, &sa_size);
138
    if(rk_IS_BAD_SOCKET(s)) {
139
	krb5_warn(contextp, rk_SOCK_ERRNO, "accept");
140
	return 1;
141
    }
142
    e = krb5_sockaddr2address(contextp, sa, &addr);
143
    if(e)
144
	krb5_warn(contextp, e, "krb5_sockaddr2address");
145
    else {
146
	e = krb5_print_address (&addr, buf, sizeof(buf),
147
				&buf_len);
148
	if(e)
149
	    krb5_warn(contextp, e, "krb5_print_address");
150
	else
151
	    krb5_warnx(contextp, "connection from %s", buf);
152
	krb5_free_address(contextp, &addr);
153
    }
154

155
    pid = fork();
156
    if(pid == 0) {
157
	for(i = 0; i < num_socks; i++)
158
	    rk_closesocket(socks[i]);
159
	dup2(s, STDIN_FILENO);
160
	dup2(s, STDOUT_FILENO);
161
	if(s != STDIN_FILENO && s != STDOUT_FILENO)
162
	    rk_closesocket(s);
163
	return 0;
164
    } else {
165
	rk_closesocket(s);
166
    }
167
    return 1;
168
}
169

170
static void
171
wait_for_connection(krb5_context contextp,
172
		    krb5_socket_t *socks, unsigned int num_socks)
173
{
174
    unsigned int i;
175
    int e;
176
    fd_set orig_read_set, read_set;
177
    int status, max_fd = -1;
178

179
    FD_ZERO(&orig_read_set);
180

181
    for(i = 0; i < num_socks; i++) {
182
#ifdef FD_SETSIZE
183
	if (socks[i] >= FD_SETSIZE)
184
	    errx (1, "fd too large");
185
#endif
186
	FD_SET(socks[i], &orig_read_set);
187
	max_fd = max(max_fd, socks[i]);
188
    }
189

190
    pgrp = getpid();
191

192
    if(setpgid(0, pgrp) < 0)
193
	err(1, "setpgid");
194

195
    signal(SIGTERM, terminate);
196
    signal(SIGINT, terminate);
197
    signal(SIGCHLD, sigchld);
198

199
    while (term_flag == 0) {
200
	read_set = orig_read_set;
201
	e = select(max_fd + 1, &read_set, NULL, NULL, NULL);
202
	if(rk_IS_SOCKET_ERROR(e)) {
203
	    if(rk_SOCK_ERRNO != EINTR)
204
		krb5_warn(contextp, rk_SOCK_ERRNO, "select");
205
	} else if(e == 0)
206
	    krb5_warnx(contextp, "select returned 0");
207
	else {
208
	    for(i = 0; i < num_socks; i++) {
209
		if(FD_ISSET(socks[i], &read_set))
210
		    if(spawn_child(contextp, socks, num_socks, i) == 0)
211
			return;
212
	    }
213
	}
214
    }
215
    signal(SIGCHLD, SIG_IGN);
216

217
    while ((waitpid(-1, &status, WNOHANG)) > 0)
218
	;
219

220
    exit(0);
221
}
222

223

224
void
225
start_server(krb5_context contextp, const char *port_str)
226
{
227
    int e;
228
    struct kadm_port *p;
229

230
    krb5_socket_t *socks = NULL, *tmp;
231
    unsigned int num_socks = 0;
232
    int i;
233

234
    if (port_str == NULL)
235
	port_str = "+";
236

237
    parse_ports(contextp, port_str);
238

239
    for(p = kadm_ports; p; p = p->next) {
240
	struct addrinfo hints, *ai, *ap;
241
	char portstr[32];
242
	memset (&hints, 0, sizeof(hints));
243
	hints.ai_flags    = AI_PASSIVE;
244
	hints.ai_socktype = SOCK_STREAM;
245

246
	e = getaddrinfo(NULL, p->port, &hints, &ai);
247
	if(e) {
248
	    snprintf(portstr, sizeof(portstr), "%u", p->def_port);
249
	    e = getaddrinfo(NULL, portstr, &hints, &ai);
250
	}
251

252
	if(e) {
253
	    krb5_warn(contextp, krb5_eai_to_heim_errno(e, errno),
254
		      "%s", portstr);
255
	    continue;
256
	}
257
	i = 0;
258
	for(ap = ai; ap; ap = ap->ai_next)
259
	    i++;
260
	tmp = realloc(socks, (num_socks + i) * sizeof(*socks));
261
	if(tmp == NULL) {
262
	    krb5_warnx(contextp, "failed to reallocate %lu bytes",
263
		       (unsigned long)(num_socks + i) * sizeof(*socks));
264
	    continue;
265
	}
266
	socks = tmp;
267
	for(ap = ai; ap; ap = ap->ai_next) {
268
	    krb5_socket_t s = socket(ap->ai_family, ap->ai_socktype, ap->ai_protocol);
269
	    if(rk_IS_BAD_SOCKET(s)) {
270
		krb5_warn(contextp, rk_SOCK_ERRNO, "socket");
271
		continue;
272
	    }
273

274
	    socket_set_reuseaddr(s, 1);
275
	    socket_set_ipv6only(s, 1);
276

277
	    if (rk_IS_SOCKET_ERROR(bind (s, ap->ai_addr, ap->ai_addrlen))) {
278
		krb5_warn(contextp, rk_SOCK_ERRNO, "bind");
279
		rk_closesocket(s);
280
		continue;
281
	    }
282
	    if (rk_IS_SOCKET_ERROR(listen (s, SOMAXCONN))) {
283
		krb5_warn(contextp, rk_SOCK_ERRNO, "listen");
284
		rk_closesocket(s);
285
		continue;
286
	    }
287
	    socks[num_socks++] = s;
288
	}
289
	freeaddrinfo (ai);
290
    }
291
    if(num_socks == 0)
292
	krb5_errx(contextp, 1, "no sockets to listen to - exiting");
293

294
    wait_for_connection(contextp, socks, num_socks);
295
}
296

297