static int serve_request_main(sec_mod_st *sec, int fd, uint8_t *buffer, unsigned buffer_size) { int ret, e; uint8_t cmd; size_t length; void *pool = buffer; /* read request */ ret = recv_msg_headers(fd, &cmd, MAIN_SEC_MOD_TIMEOUT); if (ret < 0) { seclog(sec, LOG_ERR, "error receiving msg head from main"); ret = ERR_BAD_COMMAND; goto leave; } length = ret; seclog(sec, LOG_DEBUG, "received request %s", cmd_request_to_str(cmd)); if (cmd <= MIN_SECM_CMD || cmd >= MAX_SECM_CMD) { seclog(sec, LOG_ERR, "received invalid message from main of %u bytes (cmd: %u)\n", (unsigned)length, (unsigned)cmd); return ERR_BAD_COMMAND; } if (length > buffer_size) { seclog(sec, LOG_ERR, "received too big message (%d)", (int)length); ret = ERR_BAD_COMMAND; goto leave; } /* read the body */ ret = force_read_timeout(fd, buffer, length, MAIN_SEC_MOD_TIMEOUT); if (ret < 0) { e = errno; seclog(sec, LOG_ERR, "error receiving msg body of cmd %u with length %u: %s", cmd, (unsigned)length, strerror(e)); ret = ERR_BAD_COMMAND; goto leave; } ret = process_packet_from_main(pool, fd, sec, cmd, buffer, ret); if (ret < 0) { seclog(sec, LOG_ERR, "error processing data for '%s' command (%d)", cmd_request_to_str(cmd), ret); } leave: return ret; }
static int serve_request_worker(sec_mod_st *sec, int cfd, pid_t pid, uint8_t *buffer, unsigned buffer_size) { int ret, e; uint8_t cmd; size_t length; void *pool = buffer; /* read request */ ret = recv_msg_headers(cfd, &cmd, MAX_WAIT_SECS); if (ret < 0) { seclog(sec, LOG_DEBUG, "error receiving msg head from worker"); goto leave; } length = ret; if (length > buffer_size) { seclog(sec, LOG_INFO, "too big message (%d)", (int)length); ret = -1; goto leave; } /* read the body */ ret = force_read_timeout(cfd, buffer, length, MAX_WAIT_SECS); if (ret < 0) { e = errno; seclog(sec, LOG_INFO, "error receiving msg body: %s", strerror(e)); ret = -1; goto leave; } ret = process_worker_packet(pool, cfd, pid, sec, cmd, buffer, ret); if (ret < 0) { seclog(sec, LOG_INFO, "error processing data for '%s' command (%d)", cmd_request_to_str(cmd), ret); } leave: return ret; }
int post_kkdcp_handler(worker_st *ws, unsigned http_ver) { int ret, e, fd = -1; struct http_req_st *req = &ws->req; unsigned i, length; kkdcp_st *kkdcp = NULL; uint8_t *buf; uint32_t mlength; char realm[128] = ""; const char *reason = "Unknown"; kkdcp_realm_st *kr; oclog(ws, LOG_INFO, "Processing KKDCP request"); for (i=0;i<ws->config->kkdcp_size;i++) { if (ws->config->kkdcp[i].url && strcmp(ws->config->kkdcp[i].url, req->url) == 0) { kkdcp = &ws->config->kkdcp[i]; break; } } if (kkdcp == NULL) { oclog(ws, LOG_HTTP_DEBUG, "could not figure kkdcp handler for %s", req->url); return -1; } if (req->body_length == 0) { oclog(ws, LOG_HTTP_DEBUG, "empty body length for kkdcp handler %s", req->url); return -1; } ws_add_score_to_ip(ws, ws->config->ban_points_kkdcp, 0); oclog(ws, LOG_HTTP_DEBUG, "HTTP processing kkdcp framed request: %u bytes", (unsigned)req->body_length); length = BUF_SIZE; buf = talloc_size(ws, length); if (buf == NULL) { oclog(ws, LOG_ERR, "kkdcp: memory error"); reason = "memory error"; return -1; } ret = der_decode((uint8_t*)req->body, req->body_length, buf, &length, realm, sizeof(realm), &e); if (ret < 0) { oclog(ws, LOG_ERR, "kkdcp: DER decoding error: %s", asn1_strerror(e)); reason = "DER decoding error"; goto fail; } kr = &kkdcp->realms[0]; if (realm[0] != 0 && kkdcp->realms_size > 1) { oclog(ws, LOG_DEBUG, "kkdcp: client asked for '%s'", realm); for (i=0;i<kkdcp->realms_size;i++) { if (strcmp(kkdcp->realms[i].realm, realm) == 0) { kr = &kkdcp->realms[i]; break; } } } fd = socket(kr->ai_family, kr->ai_socktype, kr->ai_protocol); if (fd == -1) { e = errno; oclog(ws, LOG_ERR, "kkdcp: socket error: %s", strerror(e)); reason = "socket error"; goto fail; } ret = connect(fd, (struct sockaddr*)&kr->addr, kr->addr_len); if (ret == -1) { e = errno; oclog(ws, LOG_ERR, "kkdcp: connect error: %s", strerror(e)); reason = "connect error"; goto fail; } oclog(ws, LOG_HTTP_DEBUG, "HTTP sending kkdcp request: %u bytes", (unsigned)length); ret = send(fd, buf, length, 0); if (ret != length) { if (ret == -1) { e = errno; oclog(ws, LOG_ERR, "kkdcp: send error: %s", strerror(e)); } else { oclog(ws, LOG_ERR, "kkdcp: send error: only %d were sent", ret); } reason = "send error"; goto fail; } if (kr->ai_socktype == SOCK_DGRAM) { ret = recv(fd, buf, BUF_SIZE, 0); if (ret == -1) { e = errno; oclog(ws, LOG_ERR, "kkdcp: recv error: %s", strerror(e)); reason = "recv error"; goto fail; } length = ret; } else { ret = recv(fd, buf, 4, 0); if (ret < 4) { e = errno; oclog(ws, LOG_ERR, "kkdcp: recv error: %s", strerror(e)); reason = "Recv error"; ret = -1; goto fail; } memcpy(&mlength, buf, 4); mlength = ntohl(mlength); if (mlength >= BUF_SIZE-4) { oclog(ws, LOG_ERR, "kkdcp: too long message (%d bytes)", (int)mlength); reason = "recv error"; ret = -1; goto fail; } ret = force_read_timeout(fd, buf+4, mlength, 5); if (ret == -1) { e = errno; oclog(ws, LOG_ERR, "kkdcp: recv error: %s", strerror(e)); reason = "recv error"; goto fail; } length = ret + 4; } oclog(ws, LOG_HTTP_DEBUG, "HTTP processing kkdcp reply: %u bytes", (unsigned)length); cstp_cork(ws); ret = cstp_printf(ws, "HTTP/1.%u 200 OK\r\n", http_ver); if (ret < 0) { goto fail; } ret = cstp_puts(ws, "Content-Type: application/kerberos\r\n"); if (ret < 0) { goto fail; } ret = der_encode_inplace(buf, &length, BUF_SIZE, &e); if (ret < 0) { oclog(ws, LOG_ERR, "kkdcp: DER encoding error: %s", asn1_strerror(e)); reason = "DER encoding error"; goto fail; } oclog(ws, LOG_HTTP_DEBUG, "HTTP sending kkdcp framed reply: %u bytes", (unsigned)length); ret = cstp_printf(ws, "Content-Length: %u\r\n", (unsigned int)length); if (ret < 0) { goto fail; } ret = cstp_puts(ws, "Connection: Keep-Alive\r\n"); if (ret < 0) { goto fail; } ret = cstp_puts(ws, "\r\n"); if (ret < 0) { goto fail; } ret = cstp_send(ws, buf, length); if (ret < 0) { goto fail; } ret = cstp_uncork(ws); if (ret < 0) { goto fail; } ret = 0; goto cleanup; fail: cstp_printf(ws, "HTTP/1.%u 502 Bad Gateway\r\nX-Reason: %s\r\n\r\n", http_ver, reason); ret = -1; cleanup: talloc_free(buf); if (fd != -1) close(fd); return ret; }