1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* lib/apputils/net-server.c - Network code for krb5 servers (kdc, kadmind) */
4 * Copyright 1990,2000,2007,2008,2009,2010 by the Massachusetts Institute of Technology.
6 * Export of this software from the United States of America may
7 * require a specific license from the United States Government.
8 * It is the responsibility of any person or organization contemplating
9 * export to obtain such a license before exporting.
11 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12 * distribute this software and its documentation for any purpose and
13 * without fee is hereby granted, provided that the above copyright
14 * notice appear in all copies and that both that copyright notice and
15 * this permission notice appear in supporting documentation, and that
16 * the name of M.I.T. not be used in advertising or publicity pertaining
17 * to distribution of the software without specific, written prior
18 * permission. Furthermore if you modify this software you must label
19 * your software as modified software and not distribute it in such a
20 * fashion that it might be confused with the original M.I.T. software.
21 * M.I.T. makes no representations about the suitability of
22 * this software for any purpose. It is provided "as is" without express
23 * or implied warranty.
27 #include "adm_proto.h"
28 #include <sys/ioctl.h>
32 #include "port-sockets.h"
33 #include "socket-utils.h"
35 #include <gssrpc/rpc.h>
37 #ifdef HAVE_NETINET_IN_H
38 #include <sys/types.h>
39 #include <netinet/in.h>
40 #include <sys/socket.h>
41 #ifdef HAVE_SYS_SOCKIO_H
42 /* for SIOCGIFCONF, etc. */
43 #include <sys/sockio.h>
47 #include <sys/select.h>
49 #include <arpa/inet.h>
51 #ifndef ARPHRD_ETHER /* OpenBSD breaks on multiple inclusions */
55 #ifdef HAVE_SYS_FILIO_H
56 #include <sys/filio.h> /* FIONBIO */
59 #include "fake-addrinfo.h"
60 #include "net-server.h"
62 #include "verto-k5ev.h"
68 #define KDC5_NONET (-1779992062L)
70 static int tcp_or_rpc_data_counter;
71 static int max_tcp_or_rpc_data_connections = 45;
73 /* Misc utility routines. */
75 set_sa_port(struct sockaddr *addr, int port)
77 switch (addr->sa_family) {
79 sa2sin(addr)->sin_port = port;
83 sa2sin6(addr)->sin6_port = port;
95 static int result = -1;
98 s = socket(AF_INET6, SOCK_STREAM, 0);
112 setreuseaddr(int sock, int value)
114 return setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &value, sizeof(value));
117 #if defined(KRB5_USE_INET6) && defined(IPV6_V6ONLY)
119 setv6only(int sock, int value)
121 return setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &value, sizeof(value));
125 /* Use RFC 3542 API below, but fall back from IPV6_RECVPKTINFO to
126 IPV6_PKTINFO for RFC 2292 implementations. */
127 #ifndef IPV6_RECVPKTINFO
128 #define IPV6_RECVPKTINFO IPV6_PKTINFO
130 /* Parallel, though not standardized. */
131 #ifndef IP_RECVPKTINFO
132 #define IP_RECVPKTINFO IP_PKTINFO
136 set_pktinfo(int sock, int family)
139 int option = 0, proto = 0;
142 #if defined(IP_PKTINFO) && defined(HAVE_STRUCT_IN_PKTINFO)
145 option = IP_RECVPKTINFO;
148 #if defined(IPV6_PKTINFO) && defined(HAVE_STRUCT_IN6_PKTINFO)
150 proto = IPPROTO_IPV6;
151 option = IPV6_RECVPKTINFO;
157 if (setsockopt(sock, proto, option, &sockopt, sizeof(sockopt)))
164 paddr(struct sockaddr *sa)
166 static char buf[100];
168 if (getnameinfo(sa, socklen(sa),
169 buf, sizeof(buf), portbuf, sizeof(portbuf),
170 NI_NUMERICHOST|NI_NUMERICSERV))
171 strlcpy(buf, "<unprintable>", sizeof(buf));
173 unsigned int len = sizeof(buf) - strlen(buf);
174 char *p = buf + strlen(buf);
175 if (len > 2+strlen(portbuf)) {
178 strncpy(p, portbuf, len);
187 CONN_UDP, CONN_UDP_PKTINFO, CONN_TCP_LISTENER, CONN_TCP,
188 CONN_RPC_LISTENER, CONN_RPC,
192 /* Per-connection info. */
198 /* Connection fields (TCP or RPC) */
199 struct sockaddr_storage addr_s;
205 /* Incoming data (TCP) */
211 /* Outgoing data (TCP) */
213 unsigned char lenbuf[4];
218 /* Crude denial-of-service avoidance support (TCP or RPC) */
221 /* RPC-specific fields */
227 #define SET(TYPE) struct { TYPE *data; size_t n, max; }
229 /* Start at the top and work down -- this should allow for deletions
230 without disrupting the iteration, since we delete by overwriting
231 the element to be removed with the last element. */
232 #define FOREACH_ELT(set,idx,vvar) \
233 for (idx = set.n-1; idx >= 0 && (vvar = set.data[idx], 1); idx--)
235 #define GROW_SET(set, incr, tmpptr) \
236 ((set.max + incr < set.max \
237 || ((set.max + incr) * sizeof(set.data[0]) / sizeof(set.data[0]) \
238 != set.max + incr)) \
240 : ((tmpptr = realloc(set.data, \
241 (set.max + incr) * sizeof(set.data[0]))) \
242 ? (set.data = tmpptr, set.max += incr, 1) \
245 /* 1 = success, 0 = failure */
246 #define ADD(set, val, tmpptr) \
247 ((set.n < set.max || GROW_SET(set, 10, tmpptr)) \
248 ? (set.data[set.n++] = val, 1) \
251 #define DEL(set, idx) \
252 (set.data[idx] = set.data[--set.n], 0)
254 #define FREE_SET_DATA(set) \
255 (free(set.data), set.data = 0, set.max = 0, set.n = 0)
258 * N.B.: The Emacs cc-mode indentation code seems to get confused if
259 * the macro argument here is one word only. So use "unsigned short"
260 * instead of the "u_short" we were using before.
262 struct rpc_svc_data {
268 static SET(unsigned short) udp_port_data, tcp_port_data;
269 static SET(struct rpc_svc_data) rpc_svc_data;
270 static SET(verto_ev *) events;
273 loop_init(verto_ev_type types)
275 types |= VERTO_EV_TYPE_IO;
276 types |= VERTO_EV_TYPE_SIGNAL;
277 types |= VERTO_EV_TYPE_TIMEOUT;
279 #ifdef INTERNAL_VERTO
280 return verto_default_k5ev();
282 return verto_default(NULL, types);
287 do_break(verto_ctx *ctx, verto_ev *ev)
289 krb5_klog_syslog(LOG_DEBUG, _("Got signal to request exit"));
293 struct sighup_context {
299 do_reset(verto_ctx *ctx, verto_ev *ev)
301 struct sighup_context *sc = (struct sighup_context*) verto_get_private(ev);
303 krb5_klog_syslog(LOG_DEBUG, _("Got signal to reset"));
304 krb5_klog_reopen(get_context(sc->handle));
310 free_sighup_context(verto_ctx *ctx, verto_ev *ev)
312 free(verto_get_private(ev));
316 loop_setup_signals(verto_ctx *ctx, void *handle, void (*reset)())
318 struct sighup_context *sc;
321 if (!verto_add_signal(ctx, VERTO_EV_FLAG_PERSIST, do_break, SIGINT) ||
322 !verto_add_signal(ctx, VERTO_EV_FLAG_PERSIST, do_break, SIGTERM) ||
323 !verto_add_signal(ctx, VERTO_EV_FLAG_PERSIST, do_break, SIGQUIT) ||
324 !verto_add_signal(ctx, VERTO_EV_FLAG_PERSIST, VERTO_SIG_IGN, SIGPIPE))
327 ev = verto_add_signal(ctx, VERTO_EV_FLAG_PERSIST, do_reset, SIGHUP);
331 sc = malloc(sizeof(*sc));
337 verto_set_private(ev, sc, free_sighup_context);
342 loop_add_udp_port(int port)
347 u_short s_port = port;
352 FOREACH_ELT (udp_port_data, i, val)
355 if (!ADD(udp_port_data, s_port, tmp))
361 loop_add_tcp_port(int port)
366 u_short s_port = port;
371 FOREACH_ELT (tcp_port_data, i, val)
374 if (!ADD(tcp_port_data, s_port, tmp))
380 loop_add_rpc_service(int port, u_long prognum,
381 u_long versnum, void (*dispatchfn)())
385 struct rpc_svc_data svc, val;
388 if (svc.port != port)
390 svc.prognum = prognum;
391 svc.versnum = versnum;
392 svc.dispatch = dispatchfn;
394 FOREACH_ELT (rpc_svc_data, i, val) {
395 if (val.port == port)
398 if (!ADD(rpc_svc_data, svc, tmp))
404 #define USE_AF AF_INET
405 #define USE_TYPE SOCK_DGRAM
407 #define SOCKET_ERRNO errno
408 #include "foreachaddr.h"
414 krb5_error_code retval;
416 #define UDP_DO_IPV4 1
417 #define UDP_DO_IPV6 2
421 free_connection(struct connection *conn)
426 krb5_free_data(get_context(conn->handle), conn->response);
429 if (conn->type == CONN_RPC_LISTENER && conn->transp != NULL)
430 svc_destroy(conn->transp);
435 remove_event_from_set(verto_ev *ev)
440 /* Remove the event from the events. */
441 FOREACH_ELT(events, i, tmp)
449 free_socket(verto_ctx *ctx, verto_ev *ev)
451 struct connection *conn = NULL;
455 remove_event_from_set(ev);
457 fd = verto_get_fd(ev);
458 conn = verto_get_private(ev);
460 /* Close the file descriptor. */
461 krb5_klog_syslog(LOG_INFO, _("closing down fd %d"), fd);
462 if (fd >= 0 && (!conn || conn->type != CONN_RPC || conn->rpc_force_close))
465 /* Free the connection struct. */
467 switch (conn->type) {
469 if (conn->rpc_force_close) {
473 if (FD_ISSET(fd, &svc_fdset)) {
474 krb5_klog_syslog(LOG_ERR,
475 _("descriptor %d closed but still "
482 tcp_or_rpc_data_counter--;
488 free_connection(conn);
493 make_event(verto_ctx *ctx, verto_ev_flag flags, verto_callback callback,
494 int sock, struct connection *conn, int addevent)
499 ev = verto_add_io(ctx, flags, callback, sock);
501 com_err(conn->prog, ENOMEM, _("cannot create io event"));
506 if (!ADD(events, ev, tmp)) {
507 com_err(conn->prog, ENOMEM, _("cannot save event"));
513 verto_set_private(ev, conn, free_socket);
518 convert_event(verto_ctx *ctx, verto_ev *ev, verto_ev_flag flags,
519 verto_callback callback)
521 struct connection *conn;
525 conn = verto_get_private(ev);
526 sock = verto_get_fd(ev);
530 newev = make_event(ctx, flags, callback, sock, conn, 1);
532 /* Delete the read event without closing the socket
533 * or freeing the connection struct. */
535 verto_set_private(ev, NULL, NULL); /* Reset the destructor. */
536 remove_event_from_set(ev); /* Remove it from the set. */
544 add_fd(struct socksetup *data, int sock, enum conn_type conntype,
545 verto_ev_flag flags, verto_callback callback, int addevent)
547 struct connection *newconn;
550 if (sock >= FD_SETSIZE) {
551 data->retval = EMFILE; /* XXX */
552 com_err(data->prog, 0,
553 _("file descriptor number %d too high"), sock);
557 newconn = malloc(sizeof(*newconn));
558 if (newconn == NULL) {
559 data->retval = ENOMEM;
560 com_err(data->prog, ENOMEM,
561 _("cannot allocate storage for connection info"));
564 memset(newconn, 0, sizeof(*newconn));
565 newconn->handle = data->handle;
566 newconn->prog = data->prog;
567 newconn->type = conntype;
569 return make_event(data->ctx, flags, callback, sock, newconn, addevent);
572 static void process_packet(verto_ctx *ctx, verto_ev *ev);
573 static void accept_tcp_connection(verto_ctx *ctx, verto_ev *ev);
574 static void process_tcp_connection_read(verto_ctx *ctx, verto_ev *ev);
575 static void process_tcp_connection_write(verto_ctx *ctx, verto_ev *ev);
576 static void accept_rpc_connection(verto_ctx *ctx, verto_ev *ev);
577 static void process_rpc_connection(verto_ctx *ctx, verto_ev *ev);
580 add_udp_fd(struct socksetup *data, int sock, int pktinfo)
582 return add_fd(data, sock, pktinfo ? CONN_UDP_PKTINFO : CONN_UDP,
583 VERTO_EV_FLAG_IO_READ |
584 VERTO_EV_FLAG_PERSIST |
585 VERTO_EV_FLAG_REINITIABLE,
590 add_tcp_listener_fd(struct socksetup *data, int sock)
592 return add_fd(data, sock, CONN_TCP_LISTENER,
593 VERTO_EV_FLAG_IO_READ |
594 VERTO_EV_FLAG_PERSIST |
595 VERTO_EV_FLAG_REINITIABLE,
596 accept_tcp_connection, 1);
600 add_tcp_read_fd(struct socksetup *data, int sock)
602 return add_fd(data, sock, CONN_TCP,
603 VERTO_EV_FLAG_IO_READ | VERTO_EV_FLAG_PERSIST,
604 process_tcp_connection_read, 1);
608 * Create a socket and bind it to addr. Ensure the socket will work with
609 * select(). Set the socket cloexec, reuseaddr, and if applicable v6-only.
610 * Does not call listen(). Returns -1 on failure after logging an error.
613 create_server_socket(struct socksetup *data, struct sockaddr *addr, int type)
617 sock = socket(addr->sa_family, type, 0);
619 data->retval = errno;
620 com_err(data->prog, errno, _("Cannot create TCP server socket on %s"),
624 set_cloexec_fd(sock);
626 #ifndef _WIN32 /* Windows FD_SETSIZE is a count. */
627 if (sock >= FD_SETSIZE) {
629 com_err(data->prog, 0, _("TCP socket fd number %d (for %s) too high"),
635 if (setreuseaddr(sock, 1) < 0) {
636 com_err(data->prog, errno,
637 _("Cannot enable SO_REUSEADDR on fd %d"), sock);
640 #ifdef KRB5_USE_INET6
641 if (addr->sa_family == AF_INET6) {
643 if (setv6only(sock, 1))
644 com_err(data->prog, errno,
645 _("setsockopt(%d,IPV6_V6ONLY,1) failed"), sock);
647 com_err(data->prog, 0, _("setsockopt(%d,IPV6_V6ONLY,1) worked"),
650 krb5_klog_syslog(LOG_INFO, _("no IPV6_V6ONLY socket option support"));
651 #endif /* IPV6_V6ONLY */
653 #endif /* KRB5_USE_INET6 */
655 if (bind(sock, addr, socklen(addr)) == -1) {
656 data->retval = errno;
657 com_err(data->prog, errno, _("Cannot bind server socket on %s"),
667 add_rpc_listener_fd(struct socksetup *data, struct rpc_svc_data *svc, int sock)
669 struct connection *conn;
672 ev = add_fd(data, sock, CONN_RPC_LISTENER,
673 VERTO_EV_FLAG_IO_READ |
674 VERTO_EV_FLAG_PERSIST |
675 VERTO_EV_FLAG_REINITIABLE,
676 accept_rpc_connection, 1);
680 conn = verto_get_private(ev);
681 conn->transp = svctcp_create(sock, 0, 0);
682 if (conn->transp == NULL) {
683 krb5_klog_syslog(LOG_ERR,
684 _("Cannot create RPC service: %s; continuing"),
690 if (!svc_register(conn->transp, svc->prognum, svc->versnum,
692 krb5_klog_syslog(LOG_ERR,
693 _("Cannot register RPC service: %s; continuing"),
703 add_rpc_data_fd(struct socksetup *data, int sock)
705 return add_fd(data, sock, CONN_RPC,
706 VERTO_EV_FLAG_IO_READ | VERTO_EV_FLAG_PERSIST,
707 process_rpc_connection, 1);
710 static const int one = 1;
715 return ioctlsocket(sock, FIONBIO, (const void *)&one);
719 setkeepalive(int sock)
721 return setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one));
727 static const struct linger ling = { 0, 0 };
728 return setsockopt(s, SOL_SOCKET, SO_LINGER, &ling, sizeof(ling));
731 /* Returns -1 or socket fd. */
733 setup_a_tcp_listener(struct socksetup *data, struct sockaddr *addr)
737 sock = create_server_socket(data, addr, SOCK_STREAM);
740 if (listen(sock, 5) < 0) {
741 com_err(data->prog, errno,
742 _("Cannot listen on TCP server socket on %s"), paddr(addr));
747 com_err(data->prog, errno,
748 _("cannot set listening tcp socket on %s non-blocking"),
753 if (setnolinger(sock)) {
754 com_err(data->prog, errno,
755 _("disabling SO_LINGER on TCP socket on %s"), paddr(addr));
763 setup_tcp_listener_ports(struct socksetup *data)
765 struct sockaddr_in sin4;
766 #ifdef KRB5_USE_INET6
767 struct sockaddr_in6 sin6;
771 memset(&sin4, 0, sizeof(sin4));
772 sin4.sin_family = AF_INET;
774 sin4.sin_len = sizeof(sin4);
776 sin4.sin_addr.s_addr = INADDR_ANY;
778 #ifdef KRB5_USE_INET6
779 memset(&sin6, 0, sizeof(sin6));
780 sin6.sin6_family = AF_INET6;
782 sin6.sin6_len = sizeof(sin6);
784 sin6.sin6_addr = in6addr_any;
787 FOREACH_ELT (tcp_port_data, i, port) {
790 set_sa_port((struct sockaddr *)&sin4, htons(port));
791 if (!ipv6_enabled()) {
792 s4 = setup_a_tcp_listener(data, (struct sockaddr *)&sin4);
797 #ifndef KRB5_USE_INET6
802 set_sa_port((struct sockaddr *)&sin6, htons(port));
804 s6 = setup_a_tcp_listener(data, (struct sockaddr *)&sin6);
808 s4 = setup_a_tcp_listener(data, (struct sockaddr *)&sin4);
809 #endif /* KRB5_USE_INET6 */
812 /* Sockets are created, prepare to listen on them. */
814 if (add_tcp_listener_fd(data, s4) == NULL)
817 krb5_klog_syslog(LOG_INFO, _("listening on fd %d: tcp %s"),
818 s4, paddr((struct sockaddr *)&sin4));
821 #ifdef KRB5_USE_INET6
823 if (add_tcp_listener_fd(data, s6) == NULL) {
827 krb5_klog_syslog(LOG_INFO, _("listening on fd %d: tcp %s"),
828 s6, paddr((struct sockaddr *)&sin6));
831 krb5_klog_syslog(LOG_INFO,
832 _("assuming IPv6 socket accepts IPv4"));
840 setup_rpc_listener_ports(struct socksetup *data)
842 struct sockaddr_in sin4;
843 #ifdef KRB5_USE_INET6
844 struct sockaddr_in6 sin6;
847 struct rpc_svc_data svc;
849 memset(&sin4, 0, sizeof(sin4));
850 sin4.sin_family = AF_INET;
852 sin4.sin_len = sizeof(sin4);
854 sin4.sin_addr.s_addr = INADDR_ANY;
856 #ifdef KRB5_USE_INET6
857 memset(&sin6, 0, sizeof(sin6));
858 sin6.sin6_family = AF_INET6;
860 sin6.sin6_len = sizeof(sin6);
862 sin6.sin6_addr = in6addr_any;
865 FOREACH_ELT (rpc_svc_data, i, svc) {
867 #ifdef KRB5_USE_INET6
871 set_sa_port((struct sockaddr *)&sin4, htons(svc.port));
872 s4 = create_server_socket(data, (struct sockaddr *)&sin4, SOCK_STREAM);
876 if (add_rpc_listener_fd(data, &svc, s4) == NULL)
879 krb5_klog_syslog(LOG_INFO, _("listening on fd %d: rpc %s"),
880 s4, paddr((struct sockaddr *)&sin4));
882 #ifdef KRB5_USE_INET6
883 if (ipv6_enabled()) {
884 set_sa_port((struct sockaddr *)&sin6, htons(svc.port));
885 s6 = create_server_socket(data, (struct sockaddr *)&sin6,
890 if (add_rpc_listener_fd(data, &svc, s6) == NULL)
893 krb5_klog_syslog(LOG_INFO, _("listening on fd %d: rpc %s"),
894 s6, paddr((struct sockaddr *)&sin6));
902 #if defined(CMSG_SPACE) && defined(HAVE_STRUCT_CMSGHDR) && \
903 (defined(IP_PKTINFO) || defined(IPV6_PKTINFO))
905 #ifdef HAVE_STRUCT_IN6_PKTINFO
906 struct in6_pktinfo pi6;
908 #ifdef HAVE_STRUCT_IN_PKTINFO
909 struct in_pktinfo pi4;
915 setup_udp_port_1(struct socksetup *data, struct sockaddr *addr,
916 char *haddrbuf, int pktinfo);
919 setup_udp_pktinfo_ports(struct socksetup *data)
923 struct sockaddr_in sa;
926 memset(&sa, 0, sizeof(sa));
927 sa.sin_family = AF_INET;
929 sa.sin_len = sizeof(sa);
931 r = setup_udp_port_1(data, (struct sockaddr *) &sa, "0.0.0.0", 4);
933 data->udp_flags &= ~UDP_DO_IPV4;
938 struct sockaddr_in6 sa;
941 memset(&sa, 0, sizeof(sa));
942 sa.sin6_family = AF_INET6;
944 sa.sin6_len = sizeof(sa);
946 r = setup_udp_port_1(data, (struct sockaddr *) &sa, "::", 6);
948 data->udp_flags &= ~UDP_DO_IPV6;
952 #else /* no pktinfo compile-time support */
954 setup_udp_pktinfo_ports(struct socksetup *data)
960 setup_udp_port_1(struct socksetup *data, struct sockaddr *addr,
961 char *haddrbuf, int pktinfo)
966 FOREACH_ELT (udp_port_data, i, port) {
967 set_sa_port(addr, htons(port));
968 sock = create_server_socket(data, addr, SOCK_DGRAM);
973 #if !(defined(CMSG_SPACE) && defined(HAVE_STRUCT_CMSGHDR) && \
974 (defined(IP_PKTINFO) || defined(IPV6_PKTINFO)))
975 assert(pktinfo == 0);
978 r = set_pktinfo(sock, addr->sa_family);
980 com_err(data->prog, r,
981 _("Cannot request packet info for udp socket address "
982 "%s port %d"), haddrbuf, port);
987 krb5_klog_syslog(LOG_INFO, _("listening on fd %d: udp %s%s"), sock,
988 paddr((struct sockaddr *)addr),
989 pktinfo ? " (pktinfo)" : "");
990 if (add_udp_fd (data, sock, pktinfo) == 0) {
999 setup_udp_port(void *P_data, struct sockaddr *addr)
1001 struct socksetup *data = P_data;
1002 char haddrbuf[NI_MAXHOST];
1005 if (addr->sa_family == AF_INET && !(data->udp_flags & UDP_DO_IPV4))
1008 if (addr->sa_family == AF_INET6 && !(data->udp_flags & UDP_DO_IPV6))
1011 err = getnameinfo(addr, socklen(addr), haddrbuf, sizeof(haddrbuf),
1012 0, 0, NI_NUMERICHOST);
1014 strlcpy(haddrbuf, "<unprintable>", sizeof(haddrbuf));
1016 switch (addr->sa_family) {
1021 #ifdef KRB5_USE_INET6
1025 static int first = 1;
1027 krb5_klog_syslog(LOG_INFO, _("skipping local ipv6 addresses"));
1034 #ifdef AF_LINK /* some BSD systems, AIX */
1038 #ifdef AF_DLI /* Direct Link Interface - DEC Ultrix/OSF1 link layer? */
1047 krb5_klog_syslog(LOG_INFO,
1048 _("skipping unrecognized local address family %d"),
1052 return setup_udp_port_1(data, addr, haddrbuf, 0);
1057 klog_handler(const void *data, size_t len)
1059 static char buf[BUFSIZ];
1060 static int bufoffset;
1063 #define flush_buf() \
1065 ? (((buf[0] == 0 || buf[0] == '\n') \
1066 ? (fork()==0?abort():(void)0) \
1068 krb5_klog_syslog(LOG_INFO, "%s", buf), \
1069 memset(buf, 0, sizeof(buf)), \
1073 p = memchr(data, 0, len);
1075 len = (const char *)p - (const char *)data;
1079 p = memchr(data, '\n', len);
1082 klog_handler(data, (size_t)((const char *)p - (const char *)data));
1084 len -= ((const char *)p - (const char *)data) + 1;
1085 data = 1 + (const char *)p;
1086 goto scan_for_newlines;
1087 } else if (len > sizeof(buf) - 1 || len + bufoffset > sizeof(buf) - 1) {
1088 size_t x = sizeof(buf) - len - 1;
1089 klog_handler(data, x);
1092 data = (const char *)data + x;
1093 goto scan_for_newlines;
1095 memcpy(buf + bufoffset, data, len);
1101 #ifdef HAVE_STRUCT_RT_MSGHDR
1102 #include <net/route.h>
1105 rtm_type_name(int type)
1108 case RTM_ADD: return "RTM_ADD";
1109 case RTM_DELETE: return "RTM_DELETE";
1110 case RTM_NEWADDR: return "RTM_NEWADDR";
1111 case RTM_DELADDR: return "RTM_DELADDR";
1112 case RTM_IFINFO: return "RTM_IFINFO";
1113 case RTM_OLDADD: return "RTM_OLDADD";
1114 case RTM_OLDDEL: return "RTM_OLDDEL";
1115 case RTM_RESOLVE: return "RTM_RESOLVE";
1117 case RTM_NEWMADDR: return "RTM_NEWMADDR";
1118 case RTM_DELMADDR: return "RTM_DELMADDR";
1120 case RTM_MISS: return "RTM_MISS";
1121 case RTM_REDIRECT: return "RTM_REDIRECT";
1122 case RTM_LOSING: return "RTM_LOSING";
1123 case RTM_GET: return "RTM_GET";
1124 default: return "?";
1129 do_network_reconfig(verto_ctx *ctx, verto_ev *ev)
1131 struct connection *conn = verto_get_private(ev);
1132 assert(loop_setup_network(ctx, conn->handle, conn->prog) == 0);
1136 routing_update_needed(struct rt_msghdr *rtm)
1138 switch (rtm->rtm_type) {
1147 * Some flags indicate routing table updates that don't
1148 * indicate local address changes. They may come from
1149 * redirects, or ARP, etc.
1151 * This set of symbols is just an initial guess based on
1152 * some messages observed in real life; working out which
1153 * other flags also indicate messages we should ignore,
1154 * and which flags are portable to all system and thus
1155 * don't need to be conditionalized, is left as a future
1159 if (rtm->rtm_flags & RTF_DYNAMIC)
1163 if (rtm->rtm_flags & RTF_CLONED)
1167 if (rtm->rtm_flags & RTF_LLINFO)
1171 krb5_klog_syslog(LOG_DEBUG,
1172 "network reconfiguration message (%s) received",
1173 rtm_type_name(rtm->rtm_type));
1185 /* Not interesting. */
1187 krb5_klog_syslog(LOG_DEBUG, "routing msg not interesting");
1191 krb5_klog_syslog(LOG_INFO,
1192 _("unhandled routing message type %d, "
1193 "will reconfigure just for the fun of it"),
1202 process_routing_update(verto_ctx *ctx, verto_ev *ev)
1205 struct rt_msghdr rtm;
1206 struct connection *conn;
1208 fd = verto_get_fd(ev);
1209 conn = verto_get_private(ev);
1210 while ((n_read = read(fd, &rtm, sizeof(rtm))) > 0) {
1211 if (n_read < sizeof(rtm)) {
1212 /* Quick hack to figure out if the interesting
1213 fields are present in a short read.
1215 A short read seems to be normal for some message types.
1216 Only complain if we don't have the critical initial
1218 #define RS(FIELD) (offsetof(struct rt_msghdr, FIELD) + sizeof(rtm.FIELD))
1219 if (n_read < RS(rtm_type) ||
1220 n_read < RS(rtm_version) ||
1221 n_read < RS(rtm_msglen)) {
1222 krb5_klog_syslog(LOG_ERR,
1223 _("short read (%d/%d) from routing socket"),
1224 n_read, (int) sizeof(rtm));
1229 krb5_klog_syslog(LOG_INFO,
1230 _("got routing msg type %d(%s) v%d"),
1231 rtm.rtm_type, rtm_type_name(rtm.rtm_type),
1234 if (rtm.rtm_msglen > sizeof(rtm)) {
1235 /* It appears we get a partial message and the rest is
1237 } else if (rtm.rtm_msglen != n_read) {
1238 krb5_klog_syslog(LOG_ERR,
1239 _("read %d from routing socket but msglen is %d"),
1240 n_read, rtm.rtm_msglen);
1243 if (routing_update_needed(&rtm)) {
1244 /* Ideally we would use idle here instead of timeout. However, idle
1245 * is not universally supported yet in all backends. So let's just
1246 * use timeout for now to avoid locking into a loop. */
1247 ev = verto_add_timeout(ctx, VERTO_EV_FLAG_NONE,
1248 do_network_reconfig, 0);
1249 verto_set_private(ev, conn, NULL);
1257 loop_setup_routing_socket(verto_ctx *ctx, void *handle, const char *progname)
1259 #ifdef HAVE_STRUCT_RT_MSGHDR
1260 struct socksetup data;
1264 data.handle = handle;
1265 data.prog = progname;
1268 sock = socket(PF_ROUTE, SOCK_RAW, 0);
1271 krb5_klog_syslog(LOG_INFO, _("couldn't set up routing socket: %s"),
1274 krb5_klog_syslog(LOG_INFO, _("routing socket is fd %d"), sock);
1276 add_fd(&data, sock, CONN_ROUTING,
1277 VERTO_EV_FLAG_IO_READ | VERTO_EV_FLAG_PERSIST,
1278 process_routing_update, 0);
1285 extern void (*krb5int_sendtokdc_debug_handler)(const void*, size_t);
1288 loop_setup_network(verto_ctx *ctx, void *handle, const char *prog)
1290 struct socksetup setup_data;
1294 krb5int_sendtokdc_debug_handler = klog_handler;
1296 /* Close any open connections. */
1297 FOREACH_ELT(events, i, ev)
1301 setup_data.ctx = ctx;
1302 setup_data.handle = handle;
1303 setup_data.prog = prog;
1304 setup_data.retval = 0;
1305 krb5_klog_syslog(LOG_INFO, _("setting up network..."));
1308 * To do: Use RFC 2292 interface (or follow-on) and IPV6_PKTINFO,
1309 * so we might need only one UDP socket; fall back to binding
1310 * sockets on each address only if IPV6_PKTINFO isn't
1313 setup_data.udp_flags = UDP_DO_IPV4 | UDP_DO_IPV6;
1314 setup_udp_pktinfo_ports(&setup_data);
1315 if (setup_data.udp_flags) {
1316 if (foreach_localaddr (&setup_data, setup_udp_port, 0, 0)) {
1317 return setup_data.retval;
1320 setup_tcp_listener_ports(&setup_data);
1321 setup_rpc_listener_ports(&setup_data);
1322 krb5_klog_syslog (LOG_INFO, _("set up %d sockets"), (int) events.n);
1323 if (events.n == 0) {
1324 com_err(prog, 0, _("no sockets set up?"));
1332 init_addr(krb5_fulladdr *faddr, struct sockaddr *sa)
1334 switch (sa->sa_family) {
1336 faddr->address->addrtype = ADDRTYPE_INET;
1337 faddr->address->length = 4;
1338 faddr->address->contents = (krb5_octet *) &sa2sin(sa)->sin_addr;
1339 faddr->port = ntohs(sa2sin(sa)->sin_port);
1341 #ifdef KRB5_USE_INET6
1343 if (IN6_IS_ADDR_V4MAPPED(&sa2sin6(sa)->sin6_addr)) {
1344 faddr->address->addrtype = ADDRTYPE_INET;
1345 faddr->address->length = 4;
1346 faddr->address->contents = 12 + (krb5_octet *) &sa2sin6(sa)->sin6_addr;
1348 faddr->address->addrtype = ADDRTYPE_INET6;
1349 faddr->address->length = 16;
1350 faddr->address->contents = (krb5_octet *) &sa2sin6(sa)->sin6_addr;
1352 faddr->port = ntohs(sa2sin6(sa)->sin6_port);
1356 faddr->address->addrtype = -1;
1357 faddr->address->length = 0;
1358 faddr->address->contents = 0;
1365 * This holds whatever additional information might be needed to
1366 * properly send back to the client from the correct local address.
1368 * In this case, we only need one datum so far: On Mac OS X, the
1369 * kernel doesn't seem to like sending from link-local addresses
1370 * unless we specify the correct interface.
1373 union aux_addressing_info {
1378 recv_from_to(int s, void *buf, size_t len, int flags,
1379 struct sockaddr *from, socklen_t *fromlen,
1380 struct sockaddr *to, socklen_t *tolen,
1381 union aux_addressing_info *auxaddr)
1383 #if (!defined(IP_PKTINFO) && !defined(IPV6_PKTINFO)) || !defined(CMSG_SPACE)
1385 /* Clobber with something recognizeable in case we try to use
1387 memset(to, 0x40, *tolen);
1391 return recvfrom(s, buf, len, flags, from, fromlen);
1395 char cmsg[CMSG_SPACE(sizeof(union pktinfo))];
1396 struct cmsghdr *cmsgptr;
1400 return recvfrom(s, buf, len, flags, from, fromlen);
1402 /* Clobber with something recognizeable in case we can't extract
1403 the address but try to use it anyways. */
1404 memset(to, 0x40, *tolen);
1408 memset(&msg, 0, sizeof(msg));
1409 msg.msg_name = from;
1410 msg.msg_namelen = *fromlen;
1413 msg.msg_control = cmsg;
1414 msg.msg_controllen = sizeof(cmsg);
1416 r = recvmsg(s, &msg, flags);
1419 *fromlen = msg.msg_namelen;
1421 /* On Darwin (and presumably all *BSD with KAME stacks),
1422 CMSG_FIRSTHDR doesn't check for a non-zero controllen. RFC
1423 3542 recommends making this check, even though the (new) spec
1424 for CMSG_FIRSTHDR says it's supposed to do the check. */
1425 if (msg.msg_controllen) {
1426 cmsgptr = CMSG_FIRSTHDR(&msg);
1429 if (cmsgptr->cmsg_level == IPPROTO_IP
1430 && cmsgptr->cmsg_type == IP_PKTINFO
1431 && *tolen >= sizeof(struct sockaddr_in)) {
1432 struct in_pktinfo *pktinfo;
1433 memset(to, 0, sizeof(struct sockaddr_in));
1434 pktinfo = (struct in_pktinfo *)CMSG_DATA(cmsgptr);
1435 ((struct sockaddr_in *)to)->sin_addr = pktinfo->ipi_addr;
1436 ((struct sockaddr_in *)to)->sin_family = AF_INET;
1437 *tolen = sizeof(struct sockaddr_in);
1441 #if defined(KRB5_USE_INET6) && defined(IPV6_PKTINFO) && \
1442 defined(HAVE_STRUCT_IN6_PKTINFO)
1443 if (cmsgptr->cmsg_level == IPPROTO_IPV6
1444 && cmsgptr->cmsg_type == IPV6_PKTINFO
1445 && *tolen >= sizeof(struct sockaddr_in6)) {
1446 struct in6_pktinfo *pktinfo;
1447 memset(to, 0, sizeof(struct sockaddr_in6));
1448 pktinfo = (struct in6_pktinfo *)CMSG_DATA(cmsgptr);
1449 ((struct sockaddr_in6 *)to)->sin6_addr = pktinfo->ipi6_addr;
1450 ((struct sockaddr_in6 *)to)->sin6_family = AF_INET6;
1451 *tolen = sizeof(struct sockaddr_in6);
1452 auxaddr->ipv6_ifindex = pktinfo->ipi6_ifindex;
1456 cmsgptr = CMSG_NXTHDR(&msg, cmsgptr);
1459 /* No info about destination addr was available. */
1466 send_to_from(int s, void *buf, size_t len, int flags,
1467 const struct sockaddr *to, socklen_t tolen,
1468 const struct sockaddr *from, socklen_t fromlen,
1469 union aux_addressing_info *auxaddr)
1471 #if (!defined(IP_PKTINFO) && !defined(IPV6_PKTINFO)) || !defined(CMSG_SPACE)
1472 return sendto(s, buf, len, flags, to, tolen);
1476 struct cmsghdr *cmsgptr;
1477 char cbuf[CMSG_SPACE(sizeof(union pktinfo))];
1479 if (from == 0 || fromlen == 0 || from->sa_family != to->sa_family) {
1481 return sendto(s, buf, len, flags, to, tolen);
1487 if (iov.iov_len != len)
1489 memset(cbuf, 0, sizeof(cbuf));
1490 memset(&msg, 0, sizeof(msg));
1491 msg.msg_name = (void *) to;
1492 msg.msg_namelen = tolen;
1495 msg.msg_control = cbuf;
1496 /* CMSG_FIRSTHDR needs a non-zero controllen, or it'll return NULL
1498 msg.msg_controllen = sizeof(cbuf);
1499 cmsgptr = CMSG_FIRSTHDR(&msg);
1500 msg.msg_controllen = 0;
1502 switch (from->sa_family) {
1503 #if defined(IP_PKTINFO)
1505 if (fromlen != sizeof(struct sockaddr_in))
1507 cmsgptr->cmsg_level = IPPROTO_IP;
1508 cmsgptr->cmsg_type = IP_PKTINFO;
1509 cmsgptr->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
1511 struct in_pktinfo *p = (struct in_pktinfo *)CMSG_DATA(cmsgptr);
1512 const struct sockaddr_in *from4 = (const struct sockaddr_in *)from;
1513 p->ipi_spec_dst = from4->sin_addr;
1515 msg.msg_controllen = CMSG_SPACE(sizeof(struct in_pktinfo));
1518 #if defined(KRB5_USE_INET6) && defined(IPV6_PKTINFO) && \
1519 defined(HAVE_STRUCT_IN6_PKTINFO)
1521 if (fromlen != sizeof(struct sockaddr_in6))
1523 cmsgptr->cmsg_level = IPPROTO_IPV6;
1524 cmsgptr->cmsg_type = IPV6_PKTINFO;
1525 cmsgptr->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
1527 struct in6_pktinfo *p = (struct in6_pktinfo *)CMSG_DATA(cmsgptr);
1528 const struct sockaddr_in6 *from6 =
1529 (const struct sockaddr_in6 *)from;
1530 p->ipi6_addr = from6->sin6_addr;
1532 * Because of the possibility of asymmetric routing, we
1533 * normally don't want to specify an interface. However,
1534 * Mac OS X doesn't like sending from a link-local address
1535 * (which can come up in testing at least, if you wind up
1536 * with a "foo.local" name) unless we do specify the
1539 if (IN6_IS_ADDR_LINKLOCAL(&from6->sin6_addr))
1540 p->ipi6_ifindex = auxaddr->ipv6_ifindex;
1541 /* otherwise, already zero */
1543 msg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo));
1549 return sendmsg(s, &msg, flags);
1554 process_packet(verto_ctx *ctx, verto_ev *ev)
1557 socklen_t saddr_len, daddr_len;
1558 krb5_fulladdr faddr;
1559 krb5_error_code retval;
1560 struct sockaddr_storage saddr, daddr;
1563 krb5_data *response;
1564 char pktbuf[MAX_DGRAM_SIZE];
1566 union aux_addressing_info auxaddr;
1567 struct connection *conn;
1569 port_fd = verto_get_fd(ev);
1570 conn = verto_get_private(ev);
1571 assert(port_fd >= 0);
1574 saddr_len = sizeof(saddr);
1575 daddr_len = sizeof(daddr);
1576 memset(&auxaddr, 0, sizeof(auxaddr));
1577 cc = recv_from_to(port_fd, pktbuf, sizeof(pktbuf), 0,
1578 (struct sockaddr *)&saddr, &saddr_len,
1579 (struct sockaddr *)&daddr, &daddr_len,
1582 if (errno != EINTR && errno != EAGAIN
1584 * This is how Linux indicates that a previous transmission was
1585 * refused, e.g., if the client timed out before getting the
1588 && errno != ECONNREFUSED
1590 com_err(conn->prog, errno, _("while receiving from network"));
1594 return; /* zero-length packet? */
1597 if (daddr_len > 0) {
1599 if (getnameinfo(ss2sa(&daddr), daddr_len, addrbuf, sizeof(addrbuf),
1600 0, 0, NI_NUMERICHOST))
1601 strlcpy(addrbuf, "?", sizeof(addrbuf));
1602 com_err(conn->prog, 0, _("pktinfo says local addr is %s"), addrbuf);
1606 if (daddr_len == 0 && conn->type == CONN_UDP) {
1608 * If the PKTINFO option isn't set, this socket should be bound to a
1609 * specific local address. This info probably should've been saved in
1610 * our socket data structure at setup time.
1612 daddr_len = sizeof(daddr);
1613 if (getsockname(port_fd, (struct sockaddr *)&daddr, &daddr_len) != 0)
1615 /* On failure, keep going anyways. */
1618 request.length = cc;
1619 request.data = pktbuf;
1620 faddr.address = &addr;
1621 init_addr(&faddr, ss2sa(&saddr));
1622 /* This address is in net order. */
1623 retval = dispatch(conn->handle, ss2sa(&daddr),
1624 &faddr, &request, &response, 0);
1626 com_err(conn->prog, retval, _("while dispatching (udp)"));
1629 if (response == NULL)
1631 cc = send_to_from(port_fd, response->data, (socklen_t) response->length, 0,
1632 (struct sockaddr *)&saddr, saddr_len,
1633 (struct sockaddr *)&daddr, daddr_len,
1636 /* Note that the local address (daddr*) has no port number
1637 * info associated with it. */
1638 char saddrbuf[NI_MAXHOST], sportbuf[NI_MAXSERV];
1639 char daddrbuf[NI_MAXHOST];
1641 krb5_free_data(get_context(conn->handle), response);
1642 if (getnameinfo((struct sockaddr *)&daddr, daddr_len,
1643 daddrbuf, sizeof(daddrbuf), 0, 0,
1644 NI_NUMERICHOST) != 0) {
1645 strlcpy(daddrbuf, "?", sizeof(daddrbuf));
1647 if (getnameinfo((struct sockaddr *)&saddr, saddr_len,
1648 saddrbuf, sizeof(saddrbuf), sportbuf, sizeof(sportbuf),
1649 NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
1650 strlcpy(saddrbuf, "?", sizeof(saddrbuf));
1651 strlcpy(sportbuf, "?", sizeof(sportbuf));
1653 com_err(conn->prog, e, _("while sending reply to %s/%s from %s"),
1654 saddrbuf, sportbuf, daddrbuf);
1657 if ((size_t)cc != response->length) {
1658 com_err(conn->prog, 0, _("short reply write %d vs %d\n"),
1659 response->length, cc);
1661 krb5_free_data(get_context(conn->handle), response);
1666 kill_lru_tcp_or_rpc_connection(void *handle, verto_ev *newev)
1668 struct connection *c = NULL, *oldest_c = NULL;
1669 verto_ev *ev, *oldest_ev = NULL;
1672 krb5_klog_syslog(LOG_INFO, _("too many connections"));
1674 FOREACH_ELT (events, i, ev) {
1678 c = verto_get_private(ev);
1681 if (c->type != CONN_TCP && c->type != CONN_RPC)
1684 krb5_klog_syslog(LOG_INFO, "fd %d started at %ld",
1685 verto_get_fd(oldest_ev),
1688 if (oldest_c == NULL
1689 || oldest_c->start_time > c->start_time) {
1694 if (oldest_c != NULL) {
1695 krb5_klog_syslog(LOG_INFO, _("dropping %s fd %d from %s"),
1696 c->type == CONN_RPC ? "rpc" : "tcp",
1697 verto_get_fd(oldest_ev), oldest_c->addrbuf);
1698 if (oldest_c->type == CONN_RPC)
1699 oldest_c->rpc_force_close = 1;
1700 verto_del(oldest_ev);
1706 accept_tcp_connection(verto_ctx *ctx, verto_ev *ev)
1709 struct sockaddr_storage addr_s;
1710 struct sockaddr *addr = (struct sockaddr *)&addr_s;
1711 socklen_t addrlen = sizeof(addr_s);
1712 struct socksetup sockdata;
1713 struct connection *newconn, *conn;
1717 conn = verto_get_private(ev);
1718 s = accept(verto_get_fd(ev), addr, &addrlen);
1723 if (s >= FD_SETSIZE) {
1728 setnbio(s), setnolinger(s), setkeepalive(s);
1731 sockdata.handle = conn->handle;
1732 sockdata.prog = conn->prog;
1733 sockdata.retval = 0;
1735 newev = add_tcp_read_fd(&sockdata, s);
1736 if (newev == NULL) {
1740 newconn = verto_get_private(newev);
1742 if (getnameinfo((struct sockaddr *)&addr_s, addrlen,
1743 newconn->addrbuf, sizeof(newconn->addrbuf),
1744 tmpbuf, sizeof(tmpbuf),
1745 NI_NUMERICHOST | NI_NUMERICSERV))
1746 strlcpy(newconn->addrbuf, "???", sizeof(newconn->addrbuf));
1749 p = newconn->addrbuf;
1750 end = p + sizeof(newconn->addrbuf);
1752 if ((size_t)(end - p) > 2 + strlen(tmpbuf)) {
1754 strlcpy(p, tmpbuf, end - p);
1758 krb5_klog_syslog(LOG_INFO, "accepted TCP connection on socket %d from %s",
1759 s, newconn->addrbuf);
1762 newconn->addr_s = addr_s;
1763 newconn->addrlen = addrlen;
1764 newconn->bufsiz = 1024 * 1024;
1765 newconn->buffer = malloc(newconn->bufsiz);
1766 newconn->start_time = time(0);
1768 if (++tcp_or_rpc_data_counter > max_tcp_or_rpc_data_connections)
1769 kill_lru_tcp_or_rpc_connection(conn->handle, newev);
1771 if (newconn->buffer == 0) {
1772 com_err(conn->prog, errno,
1773 _("allocating buffer for new TCP session from %s"),
1778 newconn->offset = 0;
1779 newconn->faddr.address = &newconn->kaddr;
1780 init_addr(&newconn->faddr, ss2sa(&newconn->addr_s));
1781 SG_SET(&newconn->sgbuf[0], newconn->lenbuf, 4);
1782 SG_SET(&newconn->sgbuf[1], 0, 0);
1786 process_tcp_connection_read(verto_ctx *ctx, verto_ev *ev)
1788 struct connection *conn;
1793 conn = verto_get_private(ev);
1794 sock = verto_get_fd(ev);
1797 * Read message length and data into one big buffer, already allocated
1798 * at connect time. If we have a complete message, we stop reading, so
1799 * we should only be here if there is no data in the buffer, or only an
1800 * incomplete message.
1802 if (conn->offset < 4) {
1803 /* msglen has not been computed. XXX Doing at least two reads
1804 * here, letting the kernel worry about buffering. */
1805 len = 4 - conn->offset;
1806 nread = SOCKET_READ(sock,
1807 conn->buffer + conn->offset, len);
1808 if (nread < 0) /* error */
1809 goto kill_tcp_connection;
1810 if (nread == 0) /* eof */
1811 goto kill_tcp_connection;
1812 conn->offset += nread;
1813 if (conn->offset == 4) {
1814 unsigned char *p = (unsigned char *)conn->buffer;
1815 conn->msglen = load_32_be(p);
1816 if (conn->msglen > conn->bufsiz - 4) {
1817 krb5_error_code err;
1818 /* Message too big. */
1819 krb5_klog_syslog(LOG_ERR, _("TCP client %s wants %lu bytes, "
1820 "cap is %lu"), conn->addrbuf,
1821 (unsigned long) conn->msglen,
1822 (unsigned long) conn->bufsiz - 4);
1823 /* XXX Should return an error. */
1824 err = make_toolong_error (conn->handle,
1827 krb5_klog_syslog(LOG_ERR, _("error constructing "
1828 "KRB_ERR_FIELD_TOOLONG error! %s"),
1829 error_message(err));
1830 goto kill_tcp_connection;
1838 krb5_error_code err;
1839 struct sockaddr_storage local_saddr;
1840 socklen_t local_saddrlen = sizeof(local_saddr);
1841 struct sockaddr *local_saddrp = NULL;
1843 len = conn->msglen - (conn->offset - 4);
1844 nread = SOCKET_READ(sock,
1845 conn->buffer + conn->offset, len);
1846 if (nread < 0) /* error */
1847 goto kill_tcp_connection;
1848 if (nread == 0) /* eof */
1849 goto kill_tcp_connection;
1850 conn->offset += nread;
1851 if (conn->offset < conn->msglen + 4)
1853 /* Have a complete message, and exactly one message. */
1854 request.length = conn->msglen;
1855 request.data = conn->buffer + 4;
1857 if (getsockname(sock, ss2sa(&local_saddr),
1858 &local_saddrlen) == 0)
1859 local_saddrp = ss2sa(&local_saddr);
1861 err = dispatch(conn->handle, local_saddrp, &conn->faddr,
1862 &request, &conn->response, 1);
1864 com_err(conn->prog, err, _("while dispatching (tcp)"));
1865 goto kill_tcp_connection;
1867 if (conn->response == NULL)
1868 goto kill_tcp_connection;
1870 /* Queue outgoing response. */
1871 store_32_be(conn->response->length, conn->lenbuf);
1872 SG_SET(&conn->sgbuf[1], conn->response->data,
1873 conn->response->length);
1874 conn->sgp = conn->sgbuf;
1877 if (convert_event(ctx, ev,
1878 VERTO_EV_FLAG_IO_WRITE | VERTO_EV_FLAG_PERSIST,
1879 process_tcp_connection_write))
1885 kill_tcp_connection:
1890 process_tcp_connection_write(verto_ctx *ctx, verto_ev *ev)
1892 struct connection *conn;
1893 SOCKET_WRITEV_TEMP tmp;
1897 conn = verto_get_private(ev);
1898 sock = verto_get_fd(ev);
1900 nwrote = SOCKET_WRITEV(sock, conn->sgp,
1902 if (nwrote > 0) { /* non-error and non-eof */
1904 sg_buf *sgp = conn->sgp;
1905 if ((size_t)nwrote < SG_LEN(sgp)) {
1906 SG_ADVANCE(sgp, (size_t)nwrote);
1909 nwrote -= SG_LEN(sgp);
1912 if (conn->sgnum == 0 && nwrote != 0)
1917 /* If we still have more data to send, just return so that
1918 * the main loop can call this function again when the socket
1919 * is ready for more writing. */
1920 if (conn->sgnum > 0)
1924 /* Finished sending. We should go back to reading, though if we
1925 * sent a FIELD_TOOLONG error in reply to a length with the high
1926 * bit set, RFC 4120 says we have to close the TCP stream. */
1931 loop_free(verto_ctx *ctx)
1934 FREE_SET_DATA(events);
1935 FREE_SET_DATA(udp_port_data);
1936 FREE_SET_DATA(tcp_port_data);
1937 FREE_SET_DATA(rpc_svc_data);
1941 have_event_for_fd(int fd)
1946 FOREACH_ELT(events, i, ev) {
1947 if (verto_get_fd(ev) == fd)
1955 accept_rpc_connection(verto_ctx *ctx, verto_ev *ev)
1957 struct socksetup sockdata;
1958 struct connection *conn;
1962 conn = verto_get_private(ev);
1965 sockdata.handle = conn->handle;
1966 sockdata.prog = conn->prog;
1967 sockdata.retval = 0;
1969 /* Service the woken RPC listener descriptor. */
1971 FD_SET(verto_get_fd(ev), &fds);
1972 svc_getreqset(&fds);
1974 /* Scan svc_fdset for any new connections. */
1975 for (s = 0; s < FD_SETSIZE; s++) {
1976 struct sockaddr_storage addr_s;
1977 struct sockaddr *addr = (struct sockaddr *) &addr_s;
1978 socklen_t addrlen = sizeof(addr_s);
1979 struct connection *newconn;
1983 /* If we already have this fd, continue. */
1984 if (!FD_ISSET(s, &svc_fdset) || have_event_for_fd(s))
1987 newev = add_rpc_data_fd(&sockdata, s);
1990 newconn = verto_get_private(newev);
1994 setnbio(s), setnolinger(s), setkeepalive(s);
1997 if (getpeername(s, addr, &addrlen) ||
1998 getnameinfo(addr, addrlen,
2000 sizeof(newconn->addrbuf),
2001 tmpbuf, sizeof(tmpbuf),
2002 NI_NUMERICHOST | NI_NUMERICSERV)) {
2003 strlcpy(newconn->addrbuf, "???",
2004 sizeof(newconn->addrbuf));
2007 p = newconn->addrbuf;
2008 end = p + sizeof(newconn->addrbuf);
2010 if ((size_t)(end - p) > 2 + strlen(tmpbuf)) {
2012 strlcpy(p, tmpbuf, end - p);
2016 krb5_klog_syslog(LOG_INFO, _("accepted RPC connection on socket %d "
2017 "from %s"), s, newconn->addrbuf);
2020 newconn->addr_s = addr_s;
2021 newconn->addrlen = addrlen;
2022 newconn->start_time = time(0);
2024 if (++tcp_or_rpc_data_counter > max_tcp_or_rpc_data_connections)
2025 kill_lru_tcp_or_rpc_connection(newconn->handle, newev);
2027 newconn->faddr.address = &newconn->kaddr;
2028 init_addr(&newconn->faddr, ss2sa(&newconn->addr_s));
2033 process_rpc_connection(verto_ctx *ctx, verto_ev *ev)
2038 FD_SET(verto_get_fd(ev), &fds);
2039 svc_getreqset(&fds);
2041 if (!FD_ISSET(verto_get_fd(ev), &svc_fdset))