mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-01 12:19:28 +00:00
Code Issues Releases Activity

fix conflicts from merge

Browse Source
This commit is contained in:
Assar Westerlund 2000-12-29 21:16:01 +00:00
parent 2a9bc9996c
commit 6e3caa0833
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=70497
9 changed files with 251 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/kerberosIV/appl/bsd/bsd_locl.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -396,3 +396,5 @@ void prepare_utmp (struct utmp *utmp, char *tty, char *username,
#endif
int do_osfc2_magic(uid_t);
void paranoid_setuid (uid_t uid);

110
crypto/kerberosIV/appl/ftp/ftpd/ftpd.c
View File

@ -40,7 +40,7 @@
#endif
#include "getarg.h"
RCSID("$Id: ftpd.c,v 1.131 1999/11/30 19:18:38 assar Exp $");
RCSID("$Id: ftpd.c,v 1.131.2.4 2000/09/26 09:30:26 assar Exp $");
static char version[] = "Version 6.00";
@ -197,14 +197,13 @@ parse_auth_level(char *str)
* Print usage and die.
*/
static int debug_flag;
static int interactive_flag;
static char *guest_umask_string;
static char *port_string;
static char *umask_string;
static char *auth_string;
int use_builtin_ls;
int use_builtin_ls = -1;
static int help_flag;
static int version_flag;
@ -218,8 +217,8 @@ struct getargs args[] = {
{ NULL, 't', arg_integer, &ftpd_timeout, "initial timeout" },
{ NULL, 'T', arg_integer, &maxtimeout, "max timeout" },
{ NULL, 'u', arg_string, &umask_string, "umask for user logins" },
{ NULL, 'd', arg_flag, &debug_flag, "enable debugging" },
{ NULL, 'v', arg_flag, &debug_flag, "enable debugging" },
{ NULL, 'd', arg_flag, &debug, "enable debugging" },
{ NULL, 'v', arg_flag, &debug, "enable debugging" },
{ "builtin-ls", 'B', arg_flag, &use_builtin_ls, "use built-in ls to list files" },
{ "version", 0, arg_flag, &version_flag },
{ "help", 'h', arg_flag, &help_flag }
@ -234,6 +233,24 @@ usage (int code)
exit (code);
}
/* output contents of a file */
static int
show_file(const char *file, int code)
{
FILE *f;
char buf[128];
f = fopen(file, "r");
if(f == NULL)
return -1;
while(fgets(buf, sizeof(buf), f)){
buf[strcspn(buf, "\r\n")] = '\0';
lreply(code, "%s", buf);
}
fclose(f);
return 0;
}
int
main(int argc, char **argv)
{
@ -377,27 +394,12 @@ main(int argc, char **argv)
tmpline[0] = '\0';
/* If logins are disabled, print out the message. */
if ((fd = fopen(_PATH_NOLOGIN,"r")) != NULL) {
while (fgets(line, sizeof(line), fd) != NULL) {
if ((cp = strchr(line, '\n')) != NULL)
*cp = '\0';
lreply(530, "%s", line);
}
fflush(stdout);
fclose(fd);
if(show_file(_PATH_NOLOGIN, 530) == 0) {
reply(530, "System not available.");
exit(0);
}
if ((fd = fopen(_PATH_FTPWELCOME, "r")) != NULL) {
while (fgets(line, sizeof(line), fd) != NULL) {
if ((cp = strchr(line, '\n')) != NULL)
*cp = '\0';
lreply(220, "%s", line);
}
fflush(stdout);
fclose(fd);
/* reply(220,) must follow */
}
show_file(_PATH_FTPWELCOME, 220);
/* reply(220,) must follow */
gethostname(hostname, sizeof(hostname));
reply(220, "%s FTP server (%s"
@ -704,24 +706,6 @@ checkaccess(char *name)
#undef ALLOWED
#undef NOT_ALLOWED
/* output contents of /etc/issue.net, or /etc/issue */
static void
show_issue(int code)
{
FILE *f;
char buf[128];
f = fopen("/etc/issue.net", "r");
if(f == NULL)
f = fopen("/etc/issue", "r");
if(f){
while(fgets(buf, sizeof(buf), f)){
buf[strcspn(buf, "\r\n")] = '\0';
lreply(code, "%s", buf);
}
fclose(f);
}
}
int do_login(int code, char *passwd)
{
@ -765,21 +749,26 @@ int do_login(int code, char *passwd)
reply(550, "Can't set uid.");
return -1;
}
if(use_builtin_ls == -1) {
struct stat st;
/* if /bin/ls exist and is a regular file, use it, otherwise
use built-in ls */
if(stat("/bin/ls", &st) == 0 &&
S_ISREG(st.st_mode))
use_builtin_ls = 0;
else
use_builtin_ls = 1;
}
/*
* Display a login message, if it exists.
* N.B. reply(code,) must follow the message.
*/
if ((fd = fopen(_PATH_FTPLOGINMESG, "r")) != NULL) {
char *cp, line[LINE_MAX];
while (fgets(line, sizeof(line), fd) != NULL) {
if ((cp = strchr(line, '\n')) != NULL)
*cp = '\0';
lreply(code, "%s", line);
}
}
show_file(_PATH_FTPLOGINMESG, code);
if(show_file(_PATH_ISSUE_NET, code) != 0)
show_file(_PATH_ISSUE, code);
if (guest) {
show_issue(code);
reply(code, "Guest login ok, access restrictions apply.");
#ifdef HAVE_SETPROCTITLE
snprintf (proctitle, sizeof(proctitle),
@ -803,7 +792,6 @@ int do_login(int code, char *passwd)
passwd);
}
} else {
show_issue(code);
reply(code, "User %s logged in.", pw->pw_name);
#ifdef HAVE_SETPROCTITLE
snprintf(proctitle, sizeof(proctitle), "%s: %s", remotehost, pw->pw_name);
@ -957,8 +945,8 @@ retrieve(const char *cmd, char *name)
{".tar", "/bin/gtar cPf - %s", NULL},
{".tar.gz", "/bin/gtar zcPf - %s", NULL},
{".tar.Z", "/bin/gtar ZcPf - %s", NULL},
{".gz", "/bin/gzip -c %s", "/bin/gzip -c -d %s"},
{".Z", "/bin/compress -c %s", "/bin/uncompress -c -d %s"},
{".gz", "/bin/gzip -c -- %s", "/bin/gzip -c -d -- %s"},
{".Z", "/bin/compress -c -- %s", "/bin/uncompress -c -- %s"},
{NULL, NULL}
};
struct cmds *p;
@ -1211,7 +1199,7 @@ dataconn(const char *name, off_t size, const char *mode)
*sizebuf = '\0';
if (pdata >= 0) {
struct sockaddr_storage from_ss;
struct sockaddr *from = (struct sockaddr *)&from;
struct sockaddr *from = (struct sockaddr *)&from_ss;
int s;
int fromlen = sizeof(from_ss);
@ -1501,7 +1489,7 @@ statfilecmd(char *filename)
int c;
char line[LINE_MAX];
snprintf(line, sizeof(line), "/bin/ls -la %s", filename);
snprintf(line, sizeof(line), "/bin/ls -la -- %s", filename);
fin = ftpd_popen(line, "r", 1, 0);
lreply(211, "status of %s:", filename);
while ((c = getc(fin)) != EOF) {
@ -2093,9 +2081,9 @@ list_file(char *file)
pdata = -1;
} else {
#ifdef HAVE_LS_A
const char *cmd = "/bin/ls -lA %s";
const char *cmd = "/bin/ls -lA -- %s";
#else
const char *cmd = "/bin/ls -la %s";
const char *cmd = "/bin/ls -la -- %s";
#endif
retrieve(cmd, file);
}
@ -2146,8 +2134,8 @@ send_file_list(char *whichf)
*/
if (dirname[0] == '-' && *dirlist == NULL &&
transflag == 0) {
retrieve("/bin/ls %s", dirname);
goto out;
list_file(dirname);
goto out;
}
perror_reply(550, whichf);
if (dout != NULL) {
@ -2241,7 +2229,7 @@ find(char *pattern)
FILE *f;
snprintf(line, sizeof(line),
"/bin/locate -d %s %s",
"/bin/locate -d %s -- %s",
ftp_rooted("/etc/locatedb"),
pattern);
f = ftpd_popen(line, "r", 1, 1);

129
crypto/kerberosIV/appl/kip/kipd.c
View File

@ -1,7 +1,7 @@
/* $FreeBSD$ */
/*
* Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -35,22 +35,11 @@
#include "kip.h"
RCSID("$Id: kipd.c,v 1.16 1999/12/02 16:58:31 joda Exp $");
static int
fatal (int fd, char *s)
{
u_char err = 1;
write (fd, &err, sizeof(err));
write (fd, s, strlen(s)+1);
syslog(LOG_ERR, "%s", s);
return err;
}
RCSID("$Id: kipd.c,v 1.16.2.3 2000/10/18 20:46:45 assar Exp $");
static int
recv_conn (int sock, des_cblock *key, des_key_schedule schedule,
struct sockaddr_in *retaddr)
struct sockaddr_in *retaddr, char *user, size_t len)
{
int status;
KTEXT_ST ticket;
@ -82,13 +71,21 @@ recv_conn (int sock, des_cblock *key, des_key_schedule schedule,
return 1;
}
passwd = k_getpwnam ("root");
if (passwd == NULL)
return fatal (sock, "Cannot find root");
if (kuserok(&auth, "root") != 0)
return fatal (sock, "Permission denied");
if (passwd == NULL) {
fatal (sock, "Cannot find root", schedule, &auth.session);
return 1;
}
if (kuserok(&auth, "root") != 0) {
fatal (sock, "Permission denied", schedule, &auth.session);
return 1;
}
if (write (sock, &ok, sizeof(ok)) != sizeof(ok))
return 1;
snprintf (user, len, "%s%s%s@%s", auth.pname,
auth.pinst[0] != '\0' ? "." : "",
auth.pinst, auth.prealm);
memcpy(key, &auth.session, sizeof(des_cblock));
*retaddr = thataddr;
return 0;
@ -97,17 +94,64 @@ recv_conn (int sock, des_cblock *key, des_key_schedule schedule,
static int
doit(int sock)
{
char msg[1024];
char cmd[MAXPATHLEN];
char tun_if_name[64];
char user[MAX_K_NAME_SZ];
struct sockaddr_in thataddr;
des_key_schedule schedule;
des_cblock key;
int this;
int this, ret, ret2;
if (recv_conn (sock, &key, schedule, &thataddr))
isserver = 1;
if (recv_conn (sock, &key, schedule, &thataddr, user, sizeof(user)))
return 1;
this = tunnel_open ();
this = tunnel_open (tun_if_name, sizeof(tun_if_name));
if (this < 0)
fatal (sock, "Cannot open " _PATH_DEV TUNDEV);
return copy_packets (this, sock, TUNMTU, &key, schedule);
fatal (sock, "Cannot open " _PATH_DEV TUNDEV, schedule, &key);
strlcpy(cmd, LIBEXECDIR "/kipd-control", sizeof(cmd));
ret = kip_exec (cmd, msg, sizeof(msg), "kipd-control",
"up", tun_if_name, inet_ntoa(thataddr.sin_addr), user,
NULL);
if (ret) {
fatal (sock, msg, schedule, &key);
return -1;
}
ret = copy_packets (this, sock, TUNMTU, &key, schedule);
ret2 = kip_exec (cmd, msg, sizeof(msg), "kipd-control",
"down", tun_if_name, user, NULL);
if (ret2)
syslog(LOG_ERR, "%s", msg);
return ret;
}
static char *port_str = NULL;
static int inetd_flag = 1;
static int version_flag = 0;
static int help_flag = 0;
struct getargs args[] = {
{ "inetd", 'i', arg_negative_flag, &inetd_flag,
"Not started from inetd" },
{ "port", 'p', arg_string, &port_str, "Use this port",
"port" },
{ "version", 0, arg_flag, &version_flag },
{ "help", 0, arg_flag, &help_flag }
};
static void
usage(int ret)
{
arg_printusage (args,
sizeof(args) / sizeof(args[0]),
NULL,
"");
exit (ret);
}
/*
@ -117,9 +161,44 @@ doit(int sock)
int
main (int argc, char **argv)
{
set_progname (argv[0]);
int port;
int optind = 0;
set_progname (argv[0]);
roken_openlog(__progname, LOG_PID|LOG_CONS, LOG_DAEMON);
if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
&optind))
usage (1);
if (help_flag)
usage (0);
if (version_flag) {
print_version (NULL);
return 0;
}
if(port_str) {
struct servent *s = roken_getservbyname (port_str, "tcp");
if (s)
port = s->s_port;
else {
char *ptr;
port = strtol (port_str, &ptr, 10);
if (port == 0 && ptr == port_str)
errx (1, "bad port `%s'", port_str);
port = htons(port);
}
} else {
port = k_getportbyname ("kip", "tcp", htons(KIPPORT));
}
if (!inetd_flag)
mini_inetd (port);
signal (SIGCHLD, childhandler);
return doit(0);
return doit(STDIN_FILENO);
}

16
crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c
View File

@ -56,7 +56,7 @@
#include <config.h>
#endif
RCSID("$Id: kerberos.c,v 1.45 1999/03/13 21:18:55 assar Exp $");
RCSID("$Id: kerberos.c,v 1.46 1999/09/16 20:41:33 assar Exp $");
#ifdef KRB4
#ifdef HAVE_SYS_TYPES_H
@ -181,7 +181,7 @@ kerberos4_send(char *name, Authenticator *ap)
memset(instance, 0, sizeof(instance));
strcpy_truncate (instance,
strlcpy (instance,
krb_get_phost(RemoteHostName),
INST_SZ);
@ -522,7 +522,7 @@ kerberos4_status(Authenticator *ap, char *name, size_t name_sz, int level)
return(level);
if (UserNameRequested && !kuserok(&adat, UserNameRequested)) {
strcpy_truncate(name, UserNameRequested, name_sz);
strlcpy(name, UserNameRequested, name_sz);
return(AUTH_VALID);
} else
return(AUTH_USER);
@ -541,11 +541,11 @@ kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
switch(data[3]) {
case KRB_REJECT: /* Rejected (reason might follow) */
strcpy_truncate((char *)buf, " REJECT ", buflen);
strlcpy((char *)buf, " REJECT ", buflen);
goto common;
case KRB_ACCEPT: /* Accepted (name might follow) */
strcpy_truncate((char *)buf, " ACCEPT ", buflen);
strlcpy((char *)buf, " ACCEPT ", buflen);
common:
BUMP(buf, buflen);
if (cnt <= 4)
@ -558,15 +558,15 @@ kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
break;
case KRB_AUTH: /* Authentication data follows */
strcpy_truncate((char *)buf, " AUTH", buflen);
strlcpy((char *)buf, " AUTH", buflen);
goto common2;
case KRB_CHALLENGE:
strcpy_truncate((char *)buf, " CHALLENGE", buflen);
strlcpy((char *)buf, " CHALLENGE", buflen);
goto common2;
case KRB_RESPONSE:
strcpy_truncate((char *)buf, " RESPONSE", buflen);
strlcpy((char *)buf, " RESPONSE", buflen);
goto common2;
default:

16
crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c
View File

@ -34,7 +34,7 @@
#include <config.h>
RCSID("$Id: krb4encpwd.c,v 1.17 1998/07/09 23:16:29 assar Exp $");
RCSID("$Id: krb4encpwd.c,v 1.18 1999/09/16 20:41:34 assar Exp $");
#ifdef KRB4_ENCPWD
/*
@ -309,7 +309,7 @@ krb4encpwd_reply(ap, data, cnt)
des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0);
UserPassword = user_passwd;
Challenge = challenge;
strcpy_truncate(instance, RemoteHostName, sizeof(instance));
strlcpy(instance, RemoteHostName, sizeof(instance));
if ((cp = strchr(instance, '.')) != 0) *cp = '\0';
if (r = krb_mk_encpwd_req(&krb_token, KRB_SERVICE_NAME, instance, realm, Challenge, UserNameRequested, user_passwd)) {
@ -339,7 +339,7 @@ krb4encpwd_status(ap, name, name_sz, level)
return(level);
if (UserNameRequested && passwdok(UserNameRequested, UserPassword)) {
strcpy_truncate(name, UserNameRequested, name_sz);
strlcpy(name, UserNameRequested, name_sz);
return(AUTH_VALID);
} else {
return(AUTH_USER);
@ -361,11 +361,11 @@ krb4encpwd_printsub(data, cnt, buf, buflen)
switch(data[3]) {
case KRB4_ENCPWD_REJECT: /* Rejected (reason might follow) */
strcpy_truncate((char *)buf, " REJECT ", buflen);
strlcpy((char *)buf, " REJECT ", buflen);
goto common;
case KRB4_ENCPWD_ACCEPT: /* Accepted (name might follow) */
strcpy_truncate((char *)buf, " ACCEPT ", buflen);
strlcpy((char *)buf, " ACCEPT ", buflen);
common:
BUMP(buf, buflen);
if (cnt <= 4)
@ -378,15 +378,15 @@ krb4encpwd_printsub(data, cnt, buf, buflen)
break;
case KRB4_ENCPWD_AUTH: /* Authentication data follows */
strcpy_truncate((char *)buf, " AUTH", buflen);
strlcpy((char *)buf, " AUTH", buflen);
goto common2;
case KRB4_ENCPWD_CHALLENGE:
strcpy_truncate((char *)buf, " CHALLENGE", buflen);
strlcpy((char *)buf, " CHALLENGE", buflen);
goto common2;
case KRB4_ENCPWD_ACK:
strcpy_truncate((char *)buf, " ACK", buflen);
strlcpy((char *)buf, " ACK", buflen);
goto common2;
default:

12
crypto/kerberosIV/appl/telnet/telnetd/telnetd.h
View File

@ -125,10 +125,6 @@
#include "defs.h"
#ifdef HAVE_ARPA_TELNET_H
#include <arpa/telnet.h>
#endif
#ifndef _POSIX_VDISABLE
# ifdef VDISABLE
# define _POSIX_VDISABLE VDISABLE
@ -153,12 +149,16 @@
#include <sys/utsname.h>
#endif
#include "ext.h"
#ifdef HAVE_PATHS_H
#include <paths.h>
#endif
#ifdef HAVE_ARPA_TELNET_H
#include <arpa/telnet.h>
#endif
#include "ext.h"
#ifdef SOCKS
#include <socks.h>
/* This doesn't belong here. */

10
crypto/kerberosIV/lib/krb/getaddrs.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -35,7 +35,7 @@
#include "krb_locl.h"
RCSID("$Id: getaddrs.c,v 1.28 1999/12/02 16:58:42 joda Exp $");
RCSID("$Id: getaddrs.c,v 1.28.2.1 2000/06/23 03:29:53 assar Exp $");
#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
#include <sys/ioctl.h>
@ -102,7 +102,11 @@ k_get_all_addrs (struct in_addr **l)
ifconf.ifc_len = in_len;
ifconf.ifc_buf = inbuf;
if(ioctl(fd, SIOCGIFCONF, &ifconf) < 0)
/*
* Solaris returns EINVAL when the buffer is too small.
*/
if(ioctl(fd, SIOCGIFCONF, &ifconf) < 0 && errno != EINVAL)
goto fail;
if(ifconf.ifc_len + sizeof(ifreq) < in_len)
break;

24
crypto/kerberosIV/man/kinit.1
View File

@ -31,23 +31,17 @@ see the
.I kerberos(1)
manual page.
.PP
If you are logged in to a workstation that is running the
.I toehold
service,
you do not have to use
If you are using a replaced
.I login
that already fetches tickets for you, you do not have to use
.I kinit.
The
.I toehold
login procedure will log you into
Kerberos
automatically.
You will need to use
.I kinit
only in those situations in which
your original tickets have expired.
(Tickets expire in about a day.)
Note as well that
.I toehold
Note as well that the modified
.I login
will automatically destroy your tickets when you logout from the workstation.
.PP
When you use
@ -77,9 +71,9 @@ specifies your user identification number.
.PP
If you have logged in to
Kerberos
without the benefit of the workstation
.I toehold
system,
without the benefit of the modified
.I login
program,
make sure you use the
.I kdestroy
command to destroy any active tickets before you end your login session.
@ -126,7 +120,7 @@ restrictions in Kerberos Version 4, this value must be between 5 and
will acquires a ticket for changepw.kerberos.
.SH SEE ALSO
.PP
kerberos(1), kdestroy(1), klist(1), toehold(1)
kerberos(1), kdestroy(1), klist(1), login(1)
.SH BUGS
The
.B \-r

67
crypto/kerberosIV/server/kerberos.c
View File

@ -10,7 +10,13 @@
#include "config.h"
#include "protos.h"
RCSID("$Id: kerberos.c,v 1.87 1999/11/13 06:35:39 assar Exp $");
RCSID("$Id: kerberos.c,v 1.87.2.3 2000/10/18 20:24:13 assar Exp $");
/*
* If support for really large numbers of network interfaces is
* desired, define FD_SETSIZE to some suitable value.
*/
#define FD_SETSIZE (4*1024)
#include <stdio.h>
#include <stdlib.h>
@ -299,10 +305,13 @@ kerberos(unsigned char *buf, int len,
switch(msg_type){
case AUTH_MSG_KDC_REQUEST:
/* XXX range check */
p += krb_get_nir(p, name, inst, realm);
p += krb_get_nir(p, name, sizeof(name),
inst, sizeof(inst),
realm, sizeof(realm));
p += krb_get_int(p, &req_time, 4, lsb);
life = *p++;
p += krb_get_nir(p, service, sinst, NULL);
p += krb_get_nir(p, service, sizeof(service),
sinst, sizeof(sinst), NULL, 0);
klog(L_INI_REQ,
"AS REQ %s.%s@%s for %s.%s from %s (%s/%u)",
name, inst, realm, service, sinst,
@ -378,7 +387,8 @@ kerberos(unsigned char *buf, int len,
}
p += krb_get_int(p, &req_time, 4, lsb);
life = *p++;
p += krb_get_nir(p, service, sinst, NULL);
p += krb_get_nir(p, service, sizeof(service),
sinst, sizeof(sinst), NULL, 0);
klog(L_APPL_REQ,
"APPL REQ %s.%s@%s for %s.%s from %s (%s/%u)",
ad.pname, ad.pinst, ad.prealm,
@ -556,6 +566,10 @@ mksocket(struct descr *d, struct in_addr addr, int type,
memset(d, 0, sizeof(struct descr));
if ((sock = socket(AF_INET, type, 0)) < 0)
err (1, "socket");
if (sock >= FD_SETSIZE) {
errno = EMFILE;
errx(1, "Aborting: too many descriptors");
}
#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT)
if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on,
sizeof(on)) < 0)
@ -969,13 +983,24 @@ read_socket(struct descr *n)
}
}
static fd_set readfds;
static void
loop(struct descr *fds, int nfds)
loop(struct descr *fds, int base_nfds)
{
int nfds = base_nfds;
int max_tcp = min(FD_SETSIZE, getdtablesize()) - fds[base_nfds - 1].s;
if (max_tcp <= 10) {
errno = EMFILE;
errx(1, "Aborting: too many descriptors");
}
max_tcp -= 10; /* We need a few extra for DB, logs, etc. */
if (max_tcp > 100) max_tcp = 100; /* Keep to some sane limit. */
for (;;) {
int ret;
fd_set readfds;
struct timeval tv;
int next_timeout = 10; /* In seconds */
int maxfd = 0;
struct descr *n, *minfree;
int accepted; /* accept at most one socket per `round' */
@ -998,12 +1023,15 @@ loop(struct descr *fds, int nfds)
}
FD_SET(n->s, &readfds);
maxfd = max(maxfd, n->s);
next_timeout = min(next_timeout, tv.tv_sec - n->timeout);
}
/* add more space for sockets */
if(minfree == NULL){
if (minfree == NULL && nfds < base_nfds + max_tcp) {
int i = nfds;
struct descr *new;
nfds *=2;
if (nfds > base_nfds + max_tcp)
nfds = base_nfds + max_tcp;
new = realloc(fds, sizeof(struct descr) * nfds);
if(new){
fds = new;
@ -1011,7 +1039,27 @@ loop(struct descr *fds, int nfds)
for(; i < nfds; i++) fds[i].s = -1;
}
}
ret = select(maxfd + 1, &readfds, 0, 0, 0);
if (minfree == NULL) {
/*
* We are possibly the subject of a DOS attack, pick a TCP
* connection at random and drop it.
*/
int r = rand() % (nfds - base_nfds);
r = r + base_nfds;
FD_CLR(fds[r].s, &readfds);
close(fds[r].s);
fds[r].s = -1;
minfree = &fds[r];
}
if (next_timeout < 0) next_timeout = 0;
tv.tv_sec = next_timeout;
tv.tv_usec = 0;
ret = select(maxfd + 1, &readfds, 0, 0, &tv);
if (ret < 0) {
if (errno != EINTR)
klog(L_KRB_PERR, "select: %s", strerror(errno));
continue;
}
accepted = 0;
for (n = fds; n < fds + nfds; n++){
if(n->s < 0) continue;
@ -1023,8 +1071,7 @@ loop(struct descr *fds, int nfds)
if(accepted) continue;
accepted = 1;
s = accept(n->s, NULL, 0);
if(minfree == NULL){
kerb_err_reply(s, NULL, KFAILURE, "Out of memory");
if (minfree == NULL || s >= FD_SETSIZE) {
close(s);
}else{
minfree->s = s;