From: Theodore Tso Date: Fri, 6 Oct 1995 03:02:40 +0000 (+0000) Subject: network.c (setup_network): X-Git-Tag: krb5-1.0-beta6~931 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=f46fce77959a3f52ec54b79753496644ab68fb47;p=krb5.git network.c (setup_network): main.c (initialize_realms): Massive revamp of how the network ports are setup. The default port list for a realm is read from [kdcdefaults]/kdc_ports from the kdc.conf file. For each realm, a list of ports can be specified in [realms]//kdc_ports. extern.h (kdc_realm_t): Remove realm_pport and realm_sport, and added realm_ports. do_tgs_req.c (process_tgs_req): do_as_req.c (process_as_req): dispatch.c (dispatch): Pass the portnumber of the incoming request down to process_as_req and process_tgs_req, instead of the boolean "is_secondary". kerberos_v4.c (kerb_get_principal, kerberos_v4): Fix gcc -Wall flames, by fixing signed vs. unsigned types. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6937 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index 968870413..71e8ef748 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,24 @@ +Thu Oct 5 21:23:12 1995 Theodore Y. Ts'o + + * network.c (setup_network): + * main.c (initialize_realms): Massive revamp of how the network + ports are setup. The default port list for a realm is + read from [kdcdefaults]/kdc_ports from the kdc.conf file. + For each realm, a list of ports can be specified in + [realms]//kdc_ports. + + * extern.h (kdc_realm_t): Remove realm_pport and realm_sport, and + added realm_ports. + + * do_tgs_req.c (process_tgs_req): + * do_as_req.c (process_as_req): + * dispatch.c (dispatch): Pass the portnumber of the incoming + request down to process_as_req and process_tgs_req, + instead of the boolean "is_secondary". + + * kerberos_v4.c (kerb_get_principal, kerberos_v4): Fix gcc -Wall + flames, by fixing signed vs. unsigned types. + Mon Sep 18 11:16:30 1995 Mark Eichin * main.c (init_realm): strdup KRB5_KDB_M_NAME if we use it, to diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c index 7f10061e9..a94173ce4 100644 --- a/src/kdc/dispatch.c +++ b/src/kdc/dispatch.c @@ -30,10 +30,10 @@ #include "adm_proto.h" krb5_error_code -dispatch(pkt, from, is_secondary, response) +dispatch(pkt, from, portnum, response) krb5_data *pkt; const krb5_fulladdr *from; - int is_secondary; + int portnum; krb5_data **response; { @@ -51,7 +51,7 @@ dispatch(pkt, from, is_secondary, response) /* try TGS_REQ first; they are more common! */ if (krb5_is_tgs_req(pkt)) { - retval = process_tgs_req(pkt, from, is_secondary, response); + retval = process_tgs_req(pkt, from, portnum, response); } else if (krb5_is_as_req(pkt)) { if (!(retval = decode_krb5_as_req(pkt, &as_req))) { /* @@ -59,14 +59,14 @@ dispatch(pkt, from, is_secondary, response) * pointer. */ if (!(retval = setup_server_realm(as_req->server))) { - retval = process_as_req(as_req, from, is_secondary, response); + retval = process_as_req(as_req, from, portnum, response); } krb5_free_kdc_req(kdc_context, as_req); } } #ifdef KRB5_KRB4_COMPAT else if (pkt->data[0] == 4) /* old version */ - retval = process_v4(pkt, from, is_secondary, response); + retval = process_v4(pkt, from, portnum, response); #endif else retval = KRB5KRB_AP_ERR_MSG_TYPE; diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 94114f0c7..f4079ea6c 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -92,10 +92,10 @@ check_padata (client, src_addr, padata, pa_id, flags) /*ARGSUSED*/ krb5_error_code -process_as_req(request, from, is_secondary, response) +process_as_req(request, from, portnum, response) register krb5_kdc_req *request; const krb5_fulladdr *from; /* who sent it ? */ -int is_secondary; +int portnum; krb5_data **response; /* filled in with a response packet */ { diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index 8f97b417e..9d8364e4b 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -55,10 +55,10 @@ static krb5_error_code prepare_error_tgs PROTOTYPE((krb5_kdc_req *, /*ARGSUSED*/ krb5_error_code -process_tgs_req(pkt, from, is_secondary, response) +process_tgs_req(pkt, from, portnum, response) krb5_data *pkt; const krb5_fulladdr *from; /* who sent it ? */ -int is_secondary; +int portnum; krb5_data **response; /* filled in with a response packet */ { krb5_keyblock * subkey; @@ -89,12 +89,6 @@ krb5_data **response; /* filled in with a response packet */ int firstpass = 1; int ok_key_data = 0; const char *status = 0; - char secondary_ch; - - if (is_secondary) - secondary_ch = ';'; - else - secondary_ch = ':'; retval = decode_krb5_tgs_req(pkt, &request); if (retval) @@ -627,8 +621,8 @@ got_a_key:; cleanup: if (status) - krb5_klog_syslog(LOG_INFO, "TGS_REQ%c %s: authtime %d, host %s, %s for %s%s%s", - secondary_ch, status, authtime, fromstring, + krb5_klog_syslog(LOG_INFO, "TGS_REQ %d: %s: authtime %d, host %s, %s for %s%s%s", + portnum, status, authtime, fromstring, cname ? cname : "", sname ? sname : "", errcode ? ", " : "", diff --git a/src/kdc/extern.h b/src/kdc/extern.h index 78569e7d7..7ea95b8fc 100644 --- a/src/kdc/extern.h +++ b/src/kdc/extern.h @@ -52,8 +52,7 @@ typedef struct __kdc_realm_data { * Other per-realm data. */ krb5_encrypt_block realm_encblock; /* Per-realm master encryption block*/ - krb5_int32 realm_pport; /* Per-realm primary KDC port. */ - krb5_int32 realm_sport; /* Per-realm secondary KDC port. */ + char *realm_ports; /* Per-realm KDC port */ /* * Per-realm parameters. */ diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h index ec9fd74a2..e28113169 100644 --- a/src/kdc/kdc_util.h +++ b/src/kdc/kdc_util.h @@ -95,9 +95,7 @@ krb5_error_code kdc_initialize_rcache PROTOTYPE((krb5_context, char *)); /* network.c */ krb5_error_code listen_and_process PROTOTYPE((const char *)); -krb5_error_code setup_network PROTOTYPE((const char *, - int *, - int *)); +krb5_error_code setup_network PROTOTYPE((const char *)); krb5_error_code closedown_network PROTOTYPE((const char *)); void process_packet PROTOTYPE((int, const char *, int)); diff --git a/src/kdc/kerberos_v4.c b/src/kdc/kerberos_v4.c index b724c976e..6af490669 100644 --- a/src/kdc/kerberos_v4.c +++ b/src/kdc/kerberos_v4.c @@ -73,7 +73,7 @@ extern int errno; int compat_decrypt_key PROTOTYPE((krb5_key_data *, C_Block)); -int kerb_get_principal PROTOTYPE((char *, char *, Principal *, unsigned int, +int kerb_get_principal PROTOTYPE((char *, char *, Principal *, int, int *)); int check_princ PROTOTYPE((char *, char *, unsigned, Principal *)); @@ -334,7 +334,7 @@ kerb_get_principal(name, inst, principal, maxn, more) char *name; /* could have wild card */ char *inst; /* could have wild card */ Principal *principal; - unsigned int maxn; /* max number of name structs to return */ + int maxn; /* max number of name structs to return */ int *more; /* more tuples than room for */ { /* Note that this structure should not be passed to the @@ -499,7 +499,7 @@ kerberos_v4(client, pkt) #ifdef notdef u_long time_ws; /* Workstation time */ #endif - KRB4_32 req_life; /* Requested liftime */ + u_long req_life; /* Requested liftime */ char *service; /* Service name */ char *instance; /* Service instance */ #ifdef notdef @@ -521,7 +521,7 @@ kerberos_v4(client, pkt) } ptr = (char *) pkt_time_ws(pkt) + 4; - req_life = (KRB4_32) (*ptr++); + req_life = (u_long) (*ptr++); service = ptr; instance = ptr + strlen(service) + 1; @@ -614,7 +614,7 @@ kerberos_v4(client, pkt) case AUTH_MSG_APPL_REQUEST: { KRB4_32 time_ws; /* Workstation time */ - KRB4_32 req_life; /* Requested liftime */ + u_long req_life; /* Requested liftime */ char *service; /* Service name */ char *instance; /* Service instance */ int kerno = 0; /* Kerberos error number */ @@ -653,7 +653,7 @@ kerberos_v4(client, pkt) memcpy(&time_ws, ptr, 4); ptr += 4; - req_life = (KRB4_32) (*ptr++); + req_life = (u_long) (*ptr++); service = ptr; instance = ptr + strlen(service) + 1; diff --git a/src/kdc/main.c b/src/kdc/main.c index 4d689a5bc..b2d6b015b 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -170,72 +170,6 @@ get_realm_port(ctx, realm, name, defport, service) return(retval); } -/* - * Convert a string of the form [,]* to a list of ints. - */ -static int * -string2intlist(string) - char *string; -{ - int nints, i; - char *cp; - int *intlist; - - for ((nints=1, cp=string); *cp; cp++) - if (*cp == ',') - nints++; - if ((intlist = (int *) malloc((nints+1) * sizeof(int)))) { - cp = string; - for (i=0; irealm_kdc_pport_valid) - rdp->realm_pport = rparams->realm_kdc_pport; - else - rdp->realm_pport = get_realm_port(rdp->realm_context, - realm, - "kdc", - def_port, - KDC_PORTNAME); - - /* Handle KDC secondary port */ - if (rparams && rparams->realm_kdc_sport_valid) - rdp->realm_sport = rparams->realm_kdc_sport; + if (rparams && rparams->realm_kdc_ports) + rdp->realm_ports = strdup(rparams->realm_kdc_ports); else - rdp->realm_sport = get_realm_port(rdp->realm_context, - realm, - "v4kdc", - def_sport, - KDC_SECONDARY_PORTNAME); - + rdp->realm_ports = strdup(def_ports); + /* Handle stash file */ if (rparams && rparams->realm_stash_file) { rdp->realm_stash = strdup(rparams->realm_stash_file); @@ -751,11 +670,22 @@ initialize_realms(kcontext, argc, argv) krb5_enctype menctype = ENCTYPE_DES_CBC_CRC; kdc_realm_t *rdatap; krb5_boolean manual = FALSE; - krb5_int32 pport, sport; - + char *default_ports = 0; + krb5_pointer aprof; + const char *hierarchy[3]; extern char *optarg; - pport = sport = -1; + if (!krb5_aprof_init(DEFAULT_KDC_PROFILE, KDC_PROFILE_ENV, &aprof)) { + hierarchy[0] = "kdcdefaults"; + hierarchy[1] = "kdc_ports"; + hierarchy[2] = (char *) NULL; + if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &default_ports)) + default_ports = 0; + krb5_aprof_finish(aprof); + } + if (default_ports == 0) + default_ports = strdup(DEFAULT_KDC_PORTLIST); + /* * Loop through the option list. Each time we encounter a realm name, * use the previously scanned options to fill in for defaults. @@ -766,8 +696,8 @@ initialize_realms(kcontext, argc, argv) if (!find_realm_data(optarg, (krb5_ui_4) strlen(optarg))) { if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) { if ((retval = init_realm(argv[0], rdatap, optarg, db_name, - mkey_name, menctype, pport, sport, - manual))) { + mkey_name, menctype, + default_ports, manual))) { fprintf(stderr,"%s: cannot initialize realm %s\n", argv[0], optarg); exit(1); @@ -797,11 +727,9 @@ initialize_realms(kcontext, argc, argv) rcname = optarg; break; case 'p': - pport = atoi(optarg); - break; - case 's': - sport = atoi(optarg); - break; + if (default_ports) + free(default_ports); + default_ports = strdup(optarg); case '?': default: usage(argv[0]); @@ -821,7 +749,7 @@ initialize_realms(kcontext, argc, argv) } if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) { if ((retval = init_realm(argv[0], rdatap, lrealm, db_name, - mkey_name, menctype, pport, sport, + mkey_name, menctype, default_ports, manual))) { fprintf(stderr,"%s: cannot initialize realm %s\n", argv[0], lrealm); @@ -842,6 +770,8 @@ initialize_realms(kcontext, argc, argv) /* Ensure that this is set for our first request. */ kdc_active_realm = kdc_realmlist[0]; + if (default_ports) + free(default_ports); return; } @@ -887,7 +817,7 @@ char *argv[]; { krb5_error_code retval; krb5_context kcontext; - int *primaries, *secondaries; + int *port_list; int errout = 0; if (strrchr(argv[0], '/')) @@ -900,7 +830,7 @@ char *argv[]; } memset((char *) kdc_realmlist, 0, (size_t) (sizeof(kdc_realm_t *) * KRB5_KDC_MAX_REALMS)); - primaries = secondaries = (int *) NULL; + port_list = NULL; /* * A note about Kerberos contexts: This context, "kcontext", is used @@ -917,14 +847,9 @@ char *argv[]; */ initialize_realms(kcontext, argc, argv); - /* - * Get the default port lists. - */ - get_default_portlists(&primaries, &secondaries); - setup_signal_handlers(); - if ((retval = setup_network(argv[0], primaries, secondaries))) { + if ((retval = setup_network(argv[0]))) { com_err(argv[0], retval, "while initializing network"); finish_realms(argv[0]); return 1; @@ -946,10 +871,6 @@ char *argv[]; krb5_klog_syslog(LOG_INFO, "shutting down"); krb5_klog_close(kdc_context); finish_realms(argv[0]); - if (primaries) - free(primaries); - if (secondaries) - free(secondaries); return errout; } diff --git a/src/kdc/network.c b/src/kdc/network.c index 60688e6b1..b986505d8 100644 --- a/src/kdc/network.c +++ b/src/kdc/network.c @@ -29,6 +29,7 @@ #include "extern.h" #include "kdc5_err.h" +#include #ifdef KRB5_USE_INET #include #include @@ -44,246 +45,100 @@ extern int errno; static int *udp_port_fds = (int *) NULL; static u_short *udp_port_nums = (u_short *) NULL; static int n_udp_ports = 0; -static int *sec_udp_port_fds = (int *) NULL; -static u_short *sec_udp_port_nums = (u_short *) NULL; -static int n_sec_udp_ports = 0; +static int max_udp_ports = 0; static fd_set select_fds; static int select_nfds; +static krb5_error_code add_port(u_short port) +{ + int i; + int *new_fds; + u_short *new_ports; + int new_max; + + for (i=0; i < n_udp_ports; i++) { + if (udp_port_nums[i] == port) + return 0; + } + + if (n_udp_ports >= max_udp_ports) { + new_max = max_udp_ports + 10; + new_fds = realloc(udp_port_fds, new_max * sizeof(int)); + if (new_fds == 0) + return ENOMEM; + udp_port_fds = new_fds; + + new_ports = realloc(udp_port_nums, new_max * sizeof(u_short)); + if (new_ports == 0) + return ENOMEM; + udp_port_nums = new_ports; + + max_udp_ports = new_max; + } + + udp_port_nums[n_udp_ports++] = port; + return 0; +} + + krb5_error_code -setup_network(prog, p_ports, s_ports) +setup_network(prog) const char *prog; -int *p_ports; -int *s_ports; { - struct servent *sp; struct sockaddr_in sin; krb5_error_code retval; - int i, j, found; - int npports, nsports; + u_short port; + char *cp; + int i; FD_ZERO(&select_fds); select_nfds = 0; memset((char *)&sin, 0, sizeof(sin)); - /* - * Count the number of primary and secondary ports supplied to us. - */ - npports = 0; - if (p_ports) - for (npports=0; p_ports[npports] > 0; npports++); - nsports = 0; - if (s_ports) - for (nsports=0; s_ports[nsports] > 0; nsports++); - - /* - * Now handle the primary ports. - */ - if ((udp_port_fds = (int *) malloc((kdc_numrealms+npports) - * sizeof(int))) && - (udp_port_nums = (u_short *) malloc((kdc_numrealms+npports) - * sizeof(u_short)))) { - /* Zero it out */ - for (i=0; i<(kdc_numrealms+npports); i++) { - udp_port_fds[i] = -1; - udp_port_nums[i] = 0; - } - - /* - * First handle any explicitly named primary ports. - */ - for (i=0; i select_nfds) - select_nfds = udp_port_fds[i]+1; - } - else { - udp_port_fds[i] = udp_port_fds[j]; - udp_port_nums[i] = udp_port_nums[j]; - } - } - - /* Now handle each realm */ - for (i=0; irealm_pport) { - found = 1; - break; - } - } - if (!found) { - if ((udp_port_fds[npports+i] = - socket(PF_INET, SOCK_DGRAM, 0)) == -1) { - retval = errno; - com_err(prog, 0, "Cannot create server socket on port %d", - kdc_realmlist[i]->realm_pport); - return(retval); - } - udp_port_nums[npports+i] = kdc_realmlist[i]->realm_pport; - sin.sin_port = htons(kdc_realmlist[i]->realm_pport); - if (bind(udp_port_fds[npports+i], - (struct sockaddr *) &sin, - sizeof(sin)) == -1) { - retval = errno; - com_err(prog, 0, "Cannot bind server socket on port %d", - kdc_realmlist[i]->realm_pport); - return(retval); - } - FD_SET(udp_port_fds[npports+i], &select_fds); - if (udp_port_fds[npports+i]+1 > select_nfds) - select_nfds = udp_port_fds[npports+i]+1; - } - else { - udp_port_fds[npports+i] = udp_port_fds[j]; - udp_port_nums[npports+i] = udp_port_nums[j]; + /* Handle each realm's ports */ + for (i=0; irealm_ports; + while (cp && *cp) { + if (*cp == ',' || isspace(*cp)) { + cp++; + continue; } + port = strtoul(cp, &cp, 10); + if (cp == 0) + break; + retval = add_port(port); + if (retval) + return retval; } - n_udp_ports = kdc_numrealms + npports; } - /* - * Now we set up the secondary listening ports. Special case here. - * If the first secondary port is -1, then we don't listen on secondary - * ports. - */ - if ((!s_ports || (s_ports[0] != -1)) && - (sec_udp_port_fds = (int *) malloc((kdc_numrealms+nsports) - * sizeof(int))) && - (sec_udp_port_nums = (u_short *) malloc((kdc_numrealms+nsports) - * sizeof(u_short)))) { - /* Zero it out */ - for (i=0; i<(kdc_numrealms+nsports); i++) { - sec_udp_port_fds[i] = -1; - sec_udp_port_nums[i] = 0; + for (i=0; i select_nfds) - select_nfds = sec_udp_port_fds[i]+1; - } - else { - sec_udp_port_fds[i] = sec_udp_port_fds[j]; - sec_udp_port_nums[i] = sec_udp_port_nums[j]; - } + sin.sin_port = htons(udp_port_nums[i]); + if (bind(udp_port_fds[i], (struct sockaddr *) &sin, + sizeof(sin)) == -1) { + retval = errno; + com_err(prog, 0, "Cannot bind server socket on port %d", + udp_port_nums[i]); + return(retval); } - - /* Now handle each realm */ - for (i=0; irealm_sport > 0) { - found = 0; - for (j=0; j<(nsports+i); j++) { - if (sec_udp_port_nums[j] == - kdc_realmlist[i]->realm_sport) { - found = 1; - break; - } - } - if (!found && (kdc_realmlist[i]->realm_sport > 0)) { - if ((sec_udp_port_fds[nsports+i] = - socket(PF_INET, SOCK_DGRAM, 0)) == -1) { - retval = errno; - com_err(prog, 0, - "Cannot create secondary server socket on port %d", - kdc_realmlist[i]->realm_sport); - return(retval); - } - sec_udp_port_nums[nsports+i] = - kdc_realmlist[i]->realm_sport; - sin.sin_port = htons(kdc_realmlist[i]->realm_sport); - if (bind(sec_udp_port_fds[nsports+i], - (struct sockaddr *) &sin, - sizeof(sin)) == -1) { - retval = errno; - com_err(prog, 0, - "Cannot bind secondary server socket on port %d", - kdc_realmlist[i]->realm_sport); - close(sec_udp_port_fds[nsports+i]); - sec_udp_port_fds[nsports+i] = -1; - continue; - } - FD_SET(sec_udp_port_fds[nsports+i], &select_fds); - if (sec_udp_port_fds[nsports+i]+1 > select_nfds) - select_nfds = sec_udp_port_fds[nsports+i]+1; - } - else { - if (kdc_realmlist[i]->realm_sport > 0) { - sec_udp_port_fds[nsports+i] = sec_udp_port_fds[j]; - sec_udp_port_nums[nsports+i] = sec_udp_port_nums[j]; - } - else { - sec_udp_port_fds[nsports+i] = -1; - sec_udp_port_nums[nsports+i] = -1; - } - } - } - } - n_sec_udp_ports = kdc_numrealms + nsports; + FD_SET(udp_port_fds[i], &select_fds); + if (udp_port_fds[i]+1 > select_nfds) + select_nfds = udp_port_fds[i]+1; } + return 0; } -void process_packet(port_fd, prog, is_secondary) +void process_packet(port_fd, prog, portnum) int port_fd; const char *prog; - int is_secondary; + int portnum; { int cc, saddr_len; krb5_fulladdr faddr; @@ -316,7 +171,7 @@ void process_packet(port_fd, prog, is_secondary) addr.length = 4; /* this address is in net order */ addr.contents = (krb5_octet *) &saddr.sin_addr; - if ((retval = dispatch(&request, &faddr, is_secondary, &response))) { + if ((retval = dispatch(&request, &faddr, portnum, &response))) { com_err(prog, retval, "while dispatching"); return; } @@ -345,7 +200,6 @@ const char *prog; int nfound; fd_set readfds; int i; - int fdfound; if (udp_port_fds == (int *) NULL) return KDC5_NONET; @@ -359,22 +213,12 @@ const char *prog; com_err(prog, errno, "while selecting for network input"); continue; } - fdfound = 0; for (i=0; i= 0) - (void) close(sec_udp_port_fds[i]); - } - free(sec_udp_port_fds); - free(sec_udp_port_nums); - return 0; }