static
int serve_request_main(sec_mod_st *sec, int fd, uint8_t *buffer, unsigned buffer_size)
{
int ret, e;
uint8_t cmd;
size_t length;
void *pool = buffer;
/* read request */
ret = recv_msg_headers(fd, &cmd, MAIN_SEC_MOD_TIMEOUT);
if (ret < 0) {
seclog(sec, LOG_ERR, "error receiving msg head from main");
ret = ERR_BAD_COMMAND;
goto leave;
}
length = ret;
seclog(sec, LOG_DEBUG, "received request %s", cmd_request_to_str(cmd));
if (cmd <= MIN_SECM_CMD || cmd >= MAX_SECM_CMD) {
seclog(sec, LOG_ERR, "received invalid message from main of %u bytes (cmd: %u)\n",
(unsigned)length, (unsigned)cmd);
return ERR_BAD_COMMAND;
}
if (length > buffer_size) {
seclog(sec, LOG_ERR, "received too big message (%d)", (int)length);
ret = ERR_BAD_COMMAND;
goto leave;
}
/* read the body */
ret = force_read_timeout(fd, buffer, length, MAIN_SEC_MOD_TIMEOUT);
if (ret < 0) {
e = errno;
seclog(sec, LOG_ERR, "error receiving msg body of cmd %u with length %u: %s",
cmd, (unsigned)length, strerror(e));
ret = ERR_BAD_COMMAND;
goto leave;
}
ret = process_packet_from_main(pool, fd, sec, cmd, buffer, ret);
if (ret < 0) {
seclog(sec, LOG_ERR, "error processing data for '%s' command (%d)", cmd_request_to_str(cmd), ret);
}
leave:
return ret;
}
static
int serve_request_worker(sec_mod_st *sec, int cfd, pid_t pid, uint8_t *buffer, unsigned buffer_size)
{
int ret, e;
uint8_t cmd;
size_t length;
void *pool = buffer;
/* read request */
ret = recv_msg_headers(cfd, &cmd, MAX_WAIT_SECS);
if (ret < 0) {
seclog(sec, LOG_DEBUG, "error receiving msg head from worker");
goto leave;
}
length = ret;
if (length > buffer_size) {
seclog(sec, LOG_INFO, "too big message (%d)", (int)length);
ret = -1;
goto leave;
}
/* read the body */
ret = force_read_timeout(cfd, buffer, length, MAX_WAIT_SECS);
if (ret < 0) {
e = errno;
seclog(sec, LOG_INFO, "error receiving msg body: %s",
strerror(e));
ret = -1;
goto leave;
}
ret = process_worker_packet(pool, cfd, pid, sec, cmd, buffer, ret);
if (ret < 0) {
seclog(sec, LOG_INFO, "error processing data for '%s' command (%d)", cmd_request_to_str(cmd), ret);
}
leave:
return ret;
}
int post_kkdcp_handler(worker_st *ws, unsigned http_ver)
{
int ret, e, fd = -1;
struct http_req_st *req = &ws->req;
unsigned i, length;
kkdcp_st *kkdcp = NULL;
uint8_t *buf;
uint32_t mlength;
char realm[128] = "";
const char *reason = "Unknown";
kkdcp_realm_st *kr;
oclog(ws, LOG_INFO, "Processing KKDCP request");
for (i=0;i<ws->config->kkdcp_size;i++) {
if (ws->config->kkdcp[i].url && strcmp(ws->config->kkdcp[i].url, req->url) == 0) {
kkdcp = &ws->config->kkdcp[i];
break;
}
}
if (kkdcp == NULL) {
oclog(ws, LOG_HTTP_DEBUG, "could not figure kkdcp handler for %s", req->url);
return -1;
}
if (req->body_length == 0) {
oclog(ws, LOG_HTTP_DEBUG, "empty body length for kkdcp handler %s", req->url);
return -1;
}
ws_add_score_to_ip(ws, ws->config->ban_points_kkdcp, 0);
oclog(ws, LOG_HTTP_DEBUG, "HTTP processing kkdcp framed request: %u bytes", (unsigned)req->body_length);
length = BUF_SIZE;
buf = talloc_size(ws, length);
if (buf == NULL) {
oclog(ws, LOG_ERR, "kkdcp: memory error");
reason = "memory error";
return -1;
}
ret = der_decode((uint8_t*)req->body, req->body_length, buf, &length, realm, sizeof(realm), &e);
if (ret < 0) {
oclog(ws, LOG_ERR, "kkdcp: DER decoding error: %s", asn1_strerror(e));
reason = "DER decoding error";
goto fail;
}
kr = &kkdcp->realms[0];
if (realm[0] != 0 && kkdcp->realms_size > 1) {
oclog(ws, LOG_DEBUG, "kkdcp: client asked for '%s'", realm);
for (i=0;i<kkdcp->realms_size;i++) {
if (strcmp(kkdcp->realms[i].realm, realm) == 0) {
kr = &kkdcp->realms[i];
break;
}
}
}
fd = socket(kr->ai_family, kr->ai_socktype, kr->ai_protocol);
if (fd == -1) {
e = errno;
oclog(ws, LOG_ERR, "kkdcp: socket error: %s", strerror(e));
reason = "socket error";
goto fail;
}
ret = connect(fd, (struct sockaddr*)&kr->addr, kr->addr_len);
if (ret == -1) {
e = errno;
oclog(ws, LOG_ERR, "kkdcp: connect error: %s", strerror(e));
reason = "connect error";
goto fail;
}
oclog(ws, LOG_HTTP_DEBUG, "HTTP sending kkdcp request: %u bytes", (unsigned)length);
ret = send(fd, buf, length, 0);
if (ret != length) {
if (ret == -1) {
e = errno;
oclog(ws, LOG_ERR, "kkdcp: send error: %s", strerror(e));
} else {
oclog(ws, LOG_ERR, "kkdcp: send error: only %d were sent", ret);
}
reason = "send error";
goto fail;
}
if (kr->ai_socktype == SOCK_DGRAM) {
ret = recv(fd, buf, BUF_SIZE, 0);
if (ret == -1) {
e = errno;
oclog(ws, LOG_ERR, "kkdcp: recv error: %s", strerror(e));
reason = "recv error";
goto fail;
}
length = ret;
} else {
ret = recv(fd, buf, 4, 0);
if (ret < 4) {
e = errno;
oclog(ws, LOG_ERR, "kkdcp: recv error: %s", strerror(e));
reason = "Recv error";
ret = -1;
goto fail;
}
memcpy(&mlength, buf, 4);
mlength = ntohl(mlength);
if (mlength >= BUF_SIZE-4) {
oclog(ws, LOG_ERR, "kkdcp: too long message (%d bytes)", (int)mlength);
reason = "recv error";
ret = -1;
goto fail;
}
ret = force_read_timeout(fd, buf+4, mlength, 5);
if (ret == -1) {
e = errno;
oclog(ws, LOG_ERR, "kkdcp: recv error: %s", strerror(e));
reason = "recv error";
goto fail;
}
length = ret + 4;
}
oclog(ws, LOG_HTTP_DEBUG, "HTTP processing kkdcp reply: %u bytes", (unsigned)length);
cstp_cork(ws);
ret = cstp_printf(ws, "HTTP/1.%u 200 OK\r\n", http_ver);
if (ret < 0) {
goto fail;
}
ret =
cstp_puts(ws, "Content-Type: application/kerberos\r\n");
if (ret < 0) {
goto fail;
}
ret = der_encode_inplace(buf, &length, BUF_SIZE, &e);
if (ret < 0) {
oclog(ws, LOG_ERR, "kkdcp: DER encoding error: %s", asn1_strerror(e));
reason = "DER encoding error";
goto fail;
}
oclog(ws, LOG_HTTP_DEBUG, "HTTP sending kkdcp framed reply: %u bytes", (unsigned)length);
ret =
cstp_printf(ws, "Content-Length: %u\r\n",
(unsigned int)length);
if (ret < 0) {
goto fail;
}
ret = cstp_puts(ws, "Connection: Keep-Alive\r\n");
if (ret < 0) {
goto fail;
}
ret = cstp_puts(ws, "\r\n");
if (ret < 0) {
goto fail;
}
ret = cstp_send(ws, buf, length);
if (ret < 0) {
goto fail;
}
ret = cstp_uncork(ws);
if (ret < 0) {
goto fail;
}
ret = 0;
goto cleanup;
fail:
cstp_printf(ws,
"HTTP/1.%u 502 Bad Gateway\r\nX-Reason: %s\r\n\r\n",
http_ver, reason);
ret = -1;
cleanup:
talloc_free(buf);
if (fd != -1)
close(fd);
return ret;
}
