From 6e3caa083303aae41395c7ff038ab93ff203208b Mon Sep 17 00:00:00 2001 From: Assar Westerlund Date: Fri, 29 Dec 2000 21:16:01 +0000 Subject: [PATCH] fix conflicts from merge --- crypto/kerberosIV/appl/bsd/bsd_locl.h | 4 +- crypto/kerberosIV/appl/ftp/ftpd/ftpd.c | 110 +++++++-------- crypto/kerberosIV/appl/kip/kipd.c | 129 ++++++++++++++---- .../appl/telnet/libtelnet/kerberos.c | 16 +-- .../appl/telnet/libtelnet/krb4encpwd.c | 16 +-- .../kerberosIV/appl/telnet/telnetd/telnetd.h | 12 +- crypto/kerberosIV/lib/krb/getaddrs.c | 10 +- crypto/kerberosIV/man/kinit.1 | 24 ++-- crypto/kerberosIV/server/kerberos.c | 67 +++++++-- 9 files changed, 251 insertions(+), 137 deletions(-) diff --git a/crypto/kerberosIV/appl/bsd/bsd_locl.h b/crypto/kerberosIV/appl/bsd/bsd_locl.h index 19285e9b7546..565eb961a035 100644 --- a/crypto/kerberosIV/appl/bsd/bsd_locl.h +++ b/crypto/kerberosIV/appl/bsd/bsd_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -396,3 +396,5 @@ void prepare_utmp (struct utmp *utmp, char *tty, char *username, #endif int do_osfc2_magic(uid_t); + +void paranoid_setuid (uid_t uid); diff --git a/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c b/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c index 518b5bf9be9d..6d8a392ab7f6 100644 --- a/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c +++ b/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c @@ -40,7 +40,7 @@ #endif #include "getarg.h" -RCSID("$Id: ftpd.c,v 1.131 1999/11/30 19:18:38 assar Exp $"); +RCSID("$Id: ftpd.c,v 1.131.2.4 2000/09/26 09:30:26 assar Exp $"); static char version[] = "Version 6.00"; @@ -197,14 +197,13 @@ parse_auth_level(char *str) * Print usage and die. */ -static int debug_flag; static int interactive_flag; static char *guest_umask_string; static char *port_string; static char *umask_string; static char *auth_string; -int use_builtin_ls; +int use_builtin_ls = -1; static int help_flag; static int version_flag; @@ -218,8 +217,8 @@ struct getargs args[] = { { NULL, 't', arg_integer, &ftpd_timeout, "initial timeout" }, { NULL, 'T', arg_integer, &maxtimeout, "max timeout" }, { NULL, 'u', arg_string, &umask_string, "umask for user logins" }, - { NULL, 'd', arg_flag, &debug_flag, "enable debugging" }, - { NULL, 'v', arg_flag, &debug_flag, "enable debugging" }, + { NULL, 'd', arg_flag, &debug, "enable debugging" }, + { NULL, 'v', arg_flag, &debug, "enable debugging" }, { "builtin-ls", 'B', arg_flag, &use_builtin_ls, "use built-in ls to list files" }, { "version", 0, arg_flag, &version_flag }, { "help", 'h', arg_flag, &help_flag } @@ -234,6 +233,24 @@ usage (int code) exit (code); } +/* output contents of a file */ +static int +show_file(const char *file, int code) +{ + FILE *f; + char buf[128]; + + f = fopen(file, "r"); + if(f == NULL) + return -1; + while(fgets(buf, sizeof(buf), f)){ + buf[strcspn(buf, "\r\n")] = '\0'; + lreply(code, "%s", buf); + } + fclose(f); + return 0; +} + int main(int argc, char **argv) { @@ -377,27 +394,12 @@ main(int argc, char **argv) tmpline[0] = '\0'; /* If logins are disabled, print out the message. */ - if ((fd = fopen(_PATH_NOLOGIN,"r")) != NULL) { - while (fgets(line, sizeof(line), fd) != NULL) { - if ((cp = strchr(line, '\n')) != NULL) - *cp = '\0'; - lreply(530, "%s", line); - } - fflush(stdout); - fclose(fd); + if(show_file(_PATH_NOLOGIN, 530) == 0) { reply(530, "System not available."); exit(0); } - if ((fd = fopen(_PATH_FTPWELCOME, "r")) != NULL) { - while (fgets(line, sizeof(line), fd) != NULL) { - if ((cp = strchr(line, '\n')) != NULL) - *cp = '\0'; - lreply(220, "%s", line); - } - fflush(stdout); - fclose(fd); - /* reply(220,) must follow */ - } + show_file(_PATH_FTPWELCOME, 220); + /* reply(220,) must follow */ gethostname(hostname, sizeof(hostname)); reply(220, "%s FTP server (%s" @@ -704,24 +706,6 @@ checkaccess(char *name) #undef ALLOWED #undef NOT_ALLOWED -/* output contents of /etc/issue.net, or /etc/issue */ -static void -show_issue(int code) -{ - FILE *f; - char buf[128]; - - f = fopen("/etc/issue.net", "r"); - if(f == NULL) - f = fopen("/etc/issue", "r"); - if(f){ - while(fgets(buf, sizeof(buf), f)){ - buf[strcspn(buf, "\r\n")] = '\0'; - lreply(code, "%s", buf); - } - fclose(f); - } -} int do_login(int code, char *passwd) { @@ -765,21 +749,26 @@ int do_login(int code, char *passwd) reply(550, "Can't set uid."); return -1; } + + if(use_builtin_ls == -1) { + struct stat st; + /* if /bin/ls exist and is a regular file, use it, otherwise + use built-in ls */ + if(stat("/bin/ls", &st) == 0 && + S_ISREG(st.st_mode)) + use_builtin_ls = 0; + else + use_builtin_ls = 1; + } + /* * Display a login message, if it exists. * N.B. reply(code,) must follow the message. */ - if ((fd = fopen(_PATH_FTPLOGINMESG, "r")) != NULL) { - char *cp, line[LINE_MAX]; - - while (fgets(line, sizeof(line), fd) != NULL) { - if ((cp = strchr(line, '\n')) != NULL) - *cp = '\0'; - lreply(code, "%s", line); - } - } + show_file(_PATH_FTPLOGINMESG, code); + if(show_file(_PATH_ISSUE_NET, code) != 0) + show_file(_PATH_ISSUE, code); if (guest) { - show_issue(code); reply(code, "Guest login ok, access restrictions apply."); #ifdef HAVE_SETPROCTITLE snprintf (proctitle, sizeof(proctitle), @@ -803,7 +792,6 @@ int do_login(int code, char *passwd) passwd); } } else { - show_issue(code); reply(code, "User %s logged in.", pw->pw_name); #ifdef HAVE_SETPROCTITLE snprintf(proctitle, sizeof(proctitle), "%s: %s", remotehost, pw->pw_name); @@ -957,8 +945,8 @@ retrieve(const char *cmd, char *name) {".tar", "/bin/gtar cPf - %s", NULL}, {".tar.gz", "/bin/gtar zcPf - %s", NULL}, {".tar.Z", "/bin/gtar ZcPf - %s", NULL}, - {".gz", "/bin/gzip -c %s", "/bin/gzip -c -d %s"}, - {".Z", "/bin/compress -c %s", "/bin/uncompress -c -d %s"}, + {".gz", "/bin/gzip -c -- %s", "/bin/gzip -c -d -- %s"}, + {".Z", "/bin/compress -c -- %s", "/bin/uncompress -c -- %s"}, {NULL, NULL} }; struct cmds *p; @@ -1211,7 +1199,7 @@ dataconn(const char *name, off_t size, const char *mode) *sizebuf = '\0'; if (pdata >= 0) { struct sockaddr_storage from_ss; - struct sockaddr *from = (struct sockaddr *)&from; + struct sockaddr *from = (struct sockaddr *)&from_ss; int s; int fromlen = sizeof(from_ss); @@ -1501,7 +1489,7 @@ statfilecmd(char *filename) int c; char line[LINE_MAX]; - snprintf(line, sizeof(line), "/bin/ls -la %s", filename); + snprintf(line, sizeof(line), "/bin/ls -la -- %s", filename); fin = ftpd_popen(line, "r", 1, 0); lreply(211, "status of %s:", filename); while ((c = getc(fin)) != EOF) { @@ -2093,9 +2081,9 @@ list_file(char *file) pdata = -1; } else { #ifdef HAVE_LS_A - const char *cmd = "/bin/ls -lA %s"; + const char *cmd = "/bin/ls -lA -- %s"; #else - const char *cmd = "/bin/ls -la %s"; + const char *cmd = "/bin/ls -la -- %s"; #endif retrieve(cmd, file); } @@ -2146,8 +2134,8 @@ send_file_list(char *whichf) */ if (dirname[0] == '-' && *dirlist == NULL && transflag == 0) { - retrieve("/bin/ls %s", dirname); - goto out; + list_file(dirname); + goto out; } perror_reply(550, whichf); if (dout != NULL) { @@ -2241,7 +2229,7 @@ find(char *pattern) FILE *f; snprintf(line, sizeof(line), - "/bin/locate -d %s %s", + "/bin/locate -d %s -- %s", ftp_rooted("/etc/locatedb"), pattern); f = ftpd_popen(line, "r", 1, 1); diff --git a/crypto/kerberosIV/appl/kip/kipd.c b/crypto/kerberosIV/appl/kip/kipd.c index f0e74c9bbd82..0bbf06b4849b 100644 --- a/crypto/kerberosIV/appl/kip/kipd.c +++ b/crypto/kerberosIV/appl/kip/kipd.c @@ -1,7 +1,7 @@ /* $FreeBSD$ */ /* - * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -35,22 +35,11 @@ #include "kip.h" -RCSID("$Id: kipd.c,v 1.16 1999/12/02 16:58:31 joda Exp $"); - -static int -fatal (int fd, char *s) -{ - u_char err = 1; - - write (fd, &err, sizeof(err)); - write (fd, s, strlen(s)+1); - syslog(LOG_ERR, "%s", s); - return err; -} +RCSID("$Id: kipd.c,v 1.16.2.3 2000/10/18 20:46:45 assar Exp $"); static int recv_conn (int sock, des_cblock *key, des_key_schedule schedule, - struct sockaddr_in *retaddr) + struct sockaddr_in *retaddr, char *user, size_t len) { int status; KTEXT_ST ticket; @@ -82,13 +71,21 @@ recv_conn (int sock, des_cblock *key, des_key_schedule schedule, return 1; } passwd = k_getpwnam ("root"); - if (passwd == NULL) - return fatal (sock, "Cannot find root"); - if (kuserok(&auth, "root") != 0) - return fatal (sock, "Permission denied"); + if (passwd == NULL) { + fatal (sock, "Cannot find root", schedule, &auth.session); + return 1; + } + if (kuserok(&auth, "root") != 0) { + fatal (sock, "Permission denied", schedule, &auth.session); + return 1; + } if (write (sock, &ok, sizeof(ok)) != sizeof(ok)) return 1; + snprintf (user, len, "%s%s%s@%s", auth.pname, + auth.pinst[0] != '\0' ? "." : "", + auth.pinst, auth.prealm); + memcpy(key, &auth.session, sizeof(des_cblock)); *retaddr = thataddr; return 0; @@ -97,17 +94,64 @@ recv_conn (int sock, des_cblock *key, des_key_schedule schedule, static int doit(int sock) { + char msg[1024]; + char cmd[MAXPATHLEN]; + char tun_if_name[64]; + char user[MAX_K_NAME_SZ]; struct sockaddr_in thataddr; des_key_schedule schedule; des_cblock key; - int this; + int this, ret, ret2; - if (recv_conn (sock, &key, schedule, &thataddr)) + isserver = 1; + + if (recv_conn (sock, &key, schedule, &thataddr, user, sizeof(user))) return 1; - this = tunnel_open (); + this = tunnel_open (tun_if_name, sizeof(tun_if_name)); if (this < 0) - fatal (sock, "Cannot open " _PATH_DEV TUNDEV); - return copy_packets (this, sock, TUNMTU, &key, schedule); + fatal (sock, "Cannot open " _PATH_DEV TUNDEV, schedule, &key); + + strlcpy(cmd, LIBEXECDIR "/kipd-control", sizeof(cmd)); + + ret = kip_exec (cmd, msg, sizeof(msg), "kipd-control", + "up", tun_if_name, inet_ntoa(thataddr.sin_addr), user, + NULL); + if (ret) { + fatal (sock, msg, schedule, &key); + return -1; + } + + ret = copy_packets (this, sock, TUNMTU, &key, schedule); + + ret2 = kip_exec (cmd, msg, sizeof(msg), "kipd-control", + "down", tun_if_name, user, NULL); + if (ret2) + syslog(LOG_ERR, "%s", msg); + return ret; +} + +static char *port_str = NULL; +static int inetd_flag = 1; +static int version_flag = 0; +static int help_flag = 0; + +struct getargs args[] = { + { "inetd", 'i', arg_negative_flag, &inetd_flag, + "Not started from inetd" }, + { "port", 'p', arg_string, &port_str, "Use this port", + "port" }, + { "version", 0, arg_flag, &version_flag }, + { "help", 0, arg_flag, &help_flag } +}; + +static void +usage(int ret) +{ + arg_printusage (args, + sizeof(args) / sizeof(args[0]), + NULL, + ""); + exit (ret); } /* @@ -117,9 +161,44 @@ doit(int sock) int main (int argc, char **argv) { - set_progname (argv[0]); + int port; + int optind = 0; + set_progname (argv[0]); roken_openlog(__progname, LOG_PID|LOG_CONS, LOG_DAEMON); + + if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv, + &optind)) + usage (1); + + if (help_flag) + usage (0); + + if (version_flag) { + print_version (NULL); + return 0; + } + + if(port_str) { + struct servent *s = roken_getservbyname (port_str, "tcp"); + + if (s) + port = s->s_port; + else { + char *ptr; + + port = strtol (port_str, &ptr, 10); + if (port == 0 && ptr == port_str) + errx (1, "bad port `%s'", port_str); + port = htons(port); + } + } else { + port = k_getportbyname ("kip", "tcp", htons(KIPPORT)); + } + + if (!inetd_flag) + mini_inetd (port); + signal (SIGCHLD, childhandler); - return doit(0); + return doit(STDIN_FILENO); } diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c b/crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c index 0dade629f111..9037ac665085 100644 --- a/crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c +++ b/crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c @@ -56,7 +56,7 @@ #include #endif -RCSID("$Id: kerberos.c,v 1.45 1999/03/13 21:18:55 assar Exp $"); +RCSID("$Id: kerberos.c,v 1.46 1999/09/16 20:41:33 assar Exp $"); #ifdef KRB4 #ifdef HAVE_SYS_TYPES_H @@ -181,7 +181,7 @@ kerberos4_send(char *name, Authenticator *ap) memset(instance, 0, sizeof(instance)); - strcpy_truncate (instance, + strlcpy (instance, krb_get_phost(RemoteHostName), INST_SZ); @@ -522,7 +522,7 @@ kerberos4_status(Authenticator *ap, char *name, size_t name_sz, int level) return(level); if (UserNameRequested && !kuserok(&adat, UserNameRequested)) { - strcpy_truncate(name, UserNameRequested, name_sz); + strlcpy(name, UserNameRequested, name_sz); return(AUTH_VALID); } else return(AUTH_USER); @@ -541,11 +541,11 @@ kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) switch(data[3]) { case KRB_REJECT: /* Rejected (reason might follow) */ - strcpy_truncate((char *)buf, " REJECT ", buflen); + strlcpy((char *)buf, " REJECT ", buflen); goto common; case KRB_ACCEPT: /* Accepted (name might follow) */ - strcpy_truncate((char *)buf, " ACCEPT ", buflen); + strlcpy((char *)buf, " ACCEPT ", buflen); common: BUMP(buf, buflen); if (cnt <= 4) @@ -558,15 +558,15 @@ kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) break; case KRB_AUTH: /* Authentication data follows */ - strcpy_truncate((char *)buf, " AUTH", buflen); + strlcpy((char *)buf, " AUTH", buflen); goto common2; case KRB_CHALLENGE: - strcpy_truncate((char *)buf, " CHALLENGE", buflen); + strlcpy((char *)buf, " CHALLENGE", buflen); goto common2; case KRB_RESPONSE: - strcpy_truncate((char *)buf, " RESPONSE", buflen); + strlcpy((char *)buf, " RESPONSE", buflen); goto common2; default: diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c b/crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c index 9e66d6f03cc8..a4f8a2c963b9 100644 --- a/crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c +++ b/crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c @@ -34,7 +34,7 @@ #include -RCSID("$Id: krb4encpwd.c,v 1.17 1998/07/09 23:16:29 assar Exp $"); +RCSID("$Id: krb4encpwd.c,v 1.18 1999/09/16 20:41:34 assar Exp $"); #ifdef KRB4_ENCPWD /* @@ -309,7 +309,7 @@ krb4encpwd_reply(ap, data, cnt) des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0); UserPassword = user_passwd; Challenge = challenge; - strcpy_truncate(instance, RemoteHostName, sizeof(instance)); + strlcpy(instance, RemoteHostName, sizeof(instance)); if ((cp = strchr(instance, '.')) != 0) *cp = '\0'; if (r = krb_mk_encpwd_req(&krb_token, KRB_SERVICE_NAME, instance, realm, Challenge, UserNameRequested, user_passwd)) { @@ -339,7 +339,7 @@ krb4encpwd_status(ap, name, name_sz, level) return(level); if (UserNameRequested && passwdok(UserNameRequested, UserPassword)) { - strcpy_truncate(name, UserNameRequested, name_sz); + strlcpy(name, UserNameRequested, name_sz); return(AUTH_VALID); } else { return(AUTH_USER); @@ -361,11 +361,11 @@ krb4encpwd_printsub(data, cnt, buf, buflen) switch(data[3]) { case KRB4_ENCPWD_REJECT: /* Rejected (reason might follow) */ - strcpy_truncate((char *)buf, " REJECT ", buflen); + strlcpy((char *)buf, " REJECT ", buflen); goto common; case KRB4_ENCPWD_ACCEPT: /* Accepted (name might follow) */ - strcpy_truncate((char *)buf, " ACCEPT ", buflen); + strlcpy((char *)buf, " ACCEPT ", buflen); common: BUMP(buf, buflen); if (cnt <= 4) @@ -378,15 +378,15 @@ krb4encpwd_printsub(data, cnt, buf, buflen) break; case KRB4_ENCPWD_AUTH: /* Authentication data follows */ - strcpy_truncate((char *)buf, " AUTH", buflen); + strlcpy((char *)buf, " AUTH", buflen); goto common2; case KRB4_ENCPWD_CHALLENGE: - strcpy_truncate((char *)buf, " CHALLENGE", buflen); + strlcpy((char *)buf, " CHALLENGE", buflen); goto common2; case KRB4_ENCPWD_ACK: - strcpy_truncate((char *)buf, " ACK", buflen); + strlcpy((char *)buf, " ACK", buflen); goto common2; default: diff --git a/crypto/kerberosIV/appl/telnet/telnetd/telnetd.h b/crypto/kerberosIV/appl/telnet/telnetd/telnetd.h index 82402b509fd7..c89ce0e86d83 100644 --- a/crypto/kerberosIV/appl/telnet/telnetd/telnetd.h +++ b/crypto/kerberosIV/appl/telnet/telnetd/telnetd.h @@ -125,10 +125,6 @@ #include "defs.h" -#ifdef HAVE_ARPA_TELNET_H -#include -#endif - #ifndef _POSIX_VDISABLE # ifdef VDISABLE # define _POSIX_VDISABLE VDISABLE @@ -153,12 +149,16 @@ #include #endif -#include "ext.h" - #ifdef HAVE_PATHS_H #include #endif +#ifdef HAVE_ARPA_TELNET_H +#include +#endif + +#include "ext.h" + #ifdef SOCKS #include /* This doesn't belong here. */ diff --git a/crypto/kerberosIV/lib/krb/getaddrs.c b/crypto/kerberosIV/lib/krb/getaddrs.c index c2e12b11a596..c4ee6ad7ec13 100644 --- a/crypto/kerberosIV/lib/krb/getaddrs.c +++ b/crypto/kerberosIV/lib/krb/getaddrs.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -35,7 +35,7 @@ #include "krb_locl.h" -RCSID("$Id: getaddrs.c,v 1.28 1999/12/02 16:58:42 joda Exp $"); +RCSID("$Id: getaddrs.c,v 1.28.2.1 2000/06/23 03:29:53 assar Exp $"); #if defined(HAVE_SYS_IOCTL_H) && SunOS != 40 #include @@ -102,7 +102,11 @@ k_get_all_addrs (struct in_addr **l) ifconf.ifc_len = in_len; ifconf.ifc_buf = inbuf; - if(ioctl(fd, SIOCGIFCONF, &ifconf) < 0) + /* + * Solaris returns EINVAL when the buffer is too small. + */ + + if(ioctl(fd, SIOCGIFCONF, &ifconf) < 0 && errno != EINVAL) goto fail; if(ifconf.ifc_len + sizeof(ifreq) < in_len) break; diff --git a/crypto/kerberosIV/man/kinit.1 b/crypto/kerberosIV/man/kinit.1 index 7d05b307d3ae..f27f240da57e 100644 --- a/crypto/kerberosIV/man/kinit.1 +++ b/crypto/kerberosIV/man/kinit.1 @@ -31,23 +31,17 @@ see the .I kerberos(1) manual page. .PP -If you are logged in to a workstation that is running the -.I toehold -service, -you do not have to use +If you are using a replaced +.I login +that already fetches tickets for you, you do not have to use .I kinit. -The -.I toehold -login procedure will log you into -Kerberos -automatically. You will need to use .I kinit only in those situations in which your original tickets have expired. (Tickets expire in about a day.) -Note as well that -.I toehold +Note as well that the modified +.I login will automatically destroy your tickets when you logout from the workstation. .PP When you use @@ -77,9 +71,9 @@ specifies your user identification number. .PP If you have logged in to Kerberos -without the benefit of the workstation -.I toehold -system, +without the benefit of the modified +.I login +program, make sure you use the .I kdestroy command to destroy any active tickets before you end your login session. @@ -126,7 +120,7 @@ restrictions in Kerberos Version 4, this value must be between 5 and will acquires a ticket for changepw.kerberos. .SH SEE ALSO .PP -kerberos(1), kdestroy(1), klist(1), toehold(1) +kerberos(1), kdestroy(1), klist(1), login(1) .SH BUGS The .B \-r diff --git a/crypto/kerberosIV/server/kerberos.c b/crypto/kerberosIV/server/kerberos.c index 32f34e2aa5bc..09a65df567e3 100644 --- a/crypto/kerberosIV/server/kerberos.c +++ b/crypto/kerberosIV/server/kerberos.c @@ -10,7 +10,13 @@ #include "config.h" #include "protos.h" -RCSID("$Id: kerberos.c,v 1.87 1999/11/13 06:35:39 assar Exp $"); +RCSID("$Id: kerberos.c,v 1.87.2.3 2000/10/18 20:24:13 assar Exp $"); + +/* + * If support for really large numbers of network interfaces is + * desired, define FD_SETSIZE to some suitable value. + */ +#define FD_SETSIZE (4*1024) #include #include @@ -299,10 +305,13 @@ kerberos(unsigned char *buf, int len, switch(msg_type){ case AUTH_MSG_KDC_REQUEST: /* XXX range check */ - p += krb_get_nir(p, name, inst, realm); + p += krb_get_nir(p, name, sizeof(name), + inst, sizeof(inst), + realm, sizeof(realm)); p += krb_get_int(p, &req_time, 4, lsb); life = *p++; - p += krb_get_nir(p, service, sinst, NULL); + p += krb_get_nir(p, service, sizeof(service), + sinst, sizeof(sinst), NULL, 0); klog(L_INI_REQ, "AS REQ %s.%s@%s for %s.%s from %s (%s/%u)", name, inst, realm, service, sinst, @@ -378,7 +387,8 @@ kerberos(unsigned char *buf, int len, } p += krb_get_int(p, &req_time, 4, lsb); life = *p++; - p += krb_get_nir(p, service, sinst, NULL); + p += krb_get_nir(p, service, sizeof(service), + sinst, sizeof(sinst), NULL, 0); klog(L_APPL_REQ, "APPL REQ %s.%s@%s for %s.%s from %s (%s/%u)", ad.pname, ad.pinst, ad.prealm, @@ -556,6 +566,10 @@ mksocket(struct descr *d, struct in_addr addr, int type, memset(d, 0, sizeof(struct descr)); if ((sock = socket(AF_INET, type, 0)) < 0) err (1, "socket"); + if (sock >= FD_SETSIZE) { + errno = EMFILE; + errx(1, "Aborting: too many descriptors"); + } #if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT) if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)) < 0) @@ -969,13 +983,24 @@ read_socket(struct descr *n) } } +static fd_set readfds; + static void -loop(struct descr *fds, int nfds) +loop(struct descr *fds, int base_nfds) { + int nfds = base_nfds; + int max_tcp = min(FD_SETSIZE, getdtablesize()) - fds[base_nfds - 1].s; + if (max_tcp <= 10) { + errno = EMFILE; + errx(1, "Aborting: too many descriptors"); + } + max_tcp -= 10; /* We need a few extra for DB, logs, etc. */ + if (max_tcp > 100) max_tcp = 100; /* Keep to some sane limit. */ + for (;;) { int ret; - fd_set readfds; struct timeval tv; + int next_timeout = 10; /* In seconds */ int maxfd = 0; struct descr *n, *minfree; int accepted; /* accept at most one socket per `round' */ @@ -998,12 +1023,15 @@ loop(struct descr *fds, int nfds) } FD_SET(n->s, &readfds); maxfd = max(maxfd, n->s); + next_timeout = min(next_timeout, tv.tv_sec - n->timeout); } /* add more space for sockets */ - if(minfree == NULL){ + if (minfree == NULL && nfds < base_nfds + max_tcp) { int i = nfds; struct descr *new; nfds *=2; + if (nfds > base_nfds + max_tcp) + nfds = base_nfds + max_tcp; new = realloc(fds, sizeof(struct descr) * nfds); if(new){ fds = new; @@ -1011,7 +1039,27 @@ loop(struct descr *fds, int nfds) for(; i < nfds; i++) fds[i].s = -1; } } - ret = select(maxfd + 1, &readfds, 0, 0, 0); + if (minfree == NULL) { + /* + * We are possibly the subject of a DOS attack, pick a TCP + * connection at random and drop it. + */ + int r = rand() % (nfds - base_nfds); + r = r + base_nfds; + FD_CLR(fds[r].s, &readfds); + close(fds[r].s); + fds[r].s = -1; + minfree = &fds[r]; + } + if (next_timeout < 0) next_timeout = 0; + tv.tv_sec = next_timeout; + tv.tv_usec = 0; + ret = select(maxfd + 1, &readfds, 0, 0, &tv); + if (ret < 0) { + if (errno != EINTR) + klog(L_KRB_PERR, "select: %s", strerror(errno)); + continue; + } accepted = 0; for (n = fds; n < fds + nfds; n++){ if(n->s < 0) continue; @@ -1023,8 +1071,7 @@ loop(struct descr *fds, int nfds) if(accepted) continue; accepted = 1; s = accept(n->s, NULL, 0); - if(minfree == NULL){ - kerb_err_reply(s, NULL, KFAILURE, "Out of memory"); + if (minfree == NULL || s >= FD_SETSIZE) { close(s); }else{ minfree->s = s;