void process(char *name, pid_t *cids, int cnum) { pid_t pid = getpid(); pid_t ppid = getppid(); pid_t pgrp = getpgrp(); pid_t sid = getsid(0); FILE *fp; fp = fopen(name, "w"); fprintf(fp, "pid/spid\tppid/sppid\tsid/ssid\n"); fclose(fp); while (1) { int ret = 0, i; fp = fopen(name, "a"); fprintf(fp, "%d/%d\t%d/%d\t%d/%d\n", getpid(), pid, getppid(), ppid, getsid(0), sid); fclose(fp); ret = check_credentials(pid, ppid, pgrp, sid); if (ret) { parse_credentials(ret, name, pid, ppid, pgrp, sid); } for (i = 0; i < cnum; i++) { if (kill(cids[i], 0) < 0) { printf("%s: no child #%d = %d\n", name, i, cids[i]); } } sleep(1); } }
static Ret_t prv_start_message_cb(InstanceID_t id, VoidPtr_t userData, SmlSyncHdrPtr_t headerP) { internals_t * internP = (internals_t *)userData; SmlStatusPtr_t statusP; SmlChalPtr_t challengeP = NULL; char * dataStr; if (internP->reply_ref) { free(internP->reply_ref); } internP->sequence = NULL; internP->seq_code = 0; internP->reply_ref = smlPcdata2String(headerP->msgID); if (headerP->cred) { internP->srv_auth = check_credentials(headerP->cred, internP->account->toClientCred); challengeP= get_challenge(internP->account->toClientCred); store_nonce(internP->dmtreeH->MOs, internP->account, false); } dataStr = smlPcdata2String(headerP->respURI); if (dataStr) { set_new_uri(internP, dataStr); free(dataStr); } statusP = create_status(internP, internP->srv_auth, NULL); statusP->chal = challengeP; add_target_ref(statusP, headerP->target); add_source_ref(statusP, headerP->source); add_element(internP, (basicElement_t *)statusP); return SML_ERR_OK; }
isc_result_t krb5_get_tgt(const char *principal, const char *keyfile) { isc_result_t result = ISC_R_FAILURE; char *ccname = NULL; krb5_context context = NULL; krb5_error_code krberr; krb5_ccache ccache = NULL; krb5_principal kprincpw = NULL; krb5_creds my_creds; krb5_creds * my_creds_ptr = NULL; krb5_get_init_creds_opt options; krb5_keytab keytab = NULL; int ret; if (keyfile == NULL || keyfile[0] == '\0') { keyfile = KRB_DEFAULT_KEYTAB; log_info("Using default keytab %s\n", keyfile); } else { if (strncmp(keyfile, "FILE:", 5) != 0) { log_error("Unknown keytab path format: Does it start with FILE:?\n"); return ISC_R_FAILURE; } } krberr = krb5_init_context(&context); CHECK_KRB5(NULL, krberr, "Kerberos context initialization failed"); result = ISC_R_SUCCESS; ccname = "MEMORY:dhcp_ld_krb5_cc"; log_info("Using ccache %s\n" , ccname); ret = setenv("KRB5CCNAME", ccname, 1); if (ret == -1) { log_error("Failed to setup environment\n"); result = ISC_R_FAILURE; goto cleanup; } krberr = krb5_cc_resolve(context, ccname, &ccache); CHECK_KRB5(context, krberr, "Couldnt resolve ccache '%s'", ccname); krberr = krb5_parse_name(context, principal, &kprincpw); CHECK_KRB5(context, krberr, "Failed to parse princ '%s'", princpal); result = check_credentials(context, ccache, kprincpw); if (result == ISC_R_SUCCESS) { log_info("Found valid kerberos credentials\n"); goto cleanup; } else { log_error("No valid krb5 credentials\n"); } krberr = krb5_kt_resolve(context, keyfile, &keytab); CHECK_KRB5(context, krberr, "Failed to resolve kt files '%s'\n", keyfile); memset(&my_creds, 0, sizeof(my_creds)); memset(&options, 0, sizeof(options)); krb5_get_init_creds_opt_set_tkt_life(&options, KRB_MIN_TIME * 2); krb5_get_init_creds_opt_set_address_list(&options, NULL); krb5_get_init_creds_opt_set_forwardable(&options, 0); krb5_get_init_creds_opt_set_proxiable(&options, 0); krberr = krb5_get_init_creds_keytab(context, &my_creds, kprincpw, keytab, 0, NULL, &options); CHECK_KRB5(context, krberr, "Failed to get initial credentials TGT\n"); my_creds_ptr = &my_creds; krberr = krb5_cc_initialize(context, ccache, kprincpw); CHECK_KRB5(context, krberr, "Failed to init ccache\n"); krberr = krb5_cc_store_cred(context, ccache, &my_creds); CHECK_KRB5(context, krberr, "Failed to store credentials\n"); result = ISC_R_SUCCESS; log_info("Successfully init krb tgt %s", principal); cleanup: if (ccache) krb5_cc_close(context, ccache); if (keytab) krb5_kt_close(context, keytab); if (kprincpw) krb5_free_principal(context, kprincpw); if (my_creds_ptr) krb5_free_cred_contents(context, &my_creds); if (context) krb5_free_context(context); return result; }
static void enqueue_proc(void* cookie, char* argp, size_t arg_size, door_desc_t* dt, uint_t n_desc) { int return_fd = -1; SolarisAttachOperation* op = NULL; // no listener jint res = 0; if (!AttachListener::is_initialized()) { // how did we get here? debug_only(warning("door_call when not enabled")); res = (jint)SolarisAttachListener::ATTACH_ERROR_INTERNAL; } // check client credentials if (res == 0) { if (check_credentials() != 0) { res = (jint)SolarisAttachListener::ATTACH_ERROR_DENIED; } } // if we are stopped at ShowMessageBoxOnError then maybe we can // load a diagnostic library if (res == 0 && is_error_reported()) { if (ShowMessageBoxOnError) { // TBD - support loading of diagnostic library here } // can't enqueue operation after fatal error res = (jint)SolarisAttachListener::ATTACH_ERROR_RESOURCE; } // create the operation if (res == 0) { int err; op = create_operation(argp, arg_size, &err); res = (op == NULL) ? (jint)err : 0; } // create a pair of connected sockets. Store the file descriptor // for one end in the operation and enqueue the operation. The // file descriptor for the other end wil be returned to the client. if (res == 0) { int s[2]; if (socketpair(PF_UNIX, SOCK_STREAM, 0, s) < 0) { delete op; res = (jint)SolarisAttachListener::ATTACH_ERROR_RESOURCE; } else { op->set_socket(s[0]); return_fd = s[1]; SolarisAttachListener::enqueue(op); } } // Return 0 (success) + file descriptor, or non-0 (error) if (res == 0) { door_desc_t desc; // DOOR_RELEASE flag makes sure fd is closed after passing it to // the client. See door_return(3DOOR) man page. desc.d_attributes = DOOR_DESCRIPTOR | DOOR_RELEASE; desc.d_data.d_desc.d_descriptor = return_fd; door_return((char*)&res, sizeof(res), &desc, 1); } else { door_return((char*)&res, sizeof(res), NULL, 0); } }