void
process(char *name, pid_t *cids, int cnum)
{
pid_t pid = getpid();
pid_t ppid = getppid();
pid_t pgrp = getpgrp();
pid_t sid = getsid(0);
FILE *fp;
fp = fopen(name, "w");
fprintf(fp, "pid/spid\tppid/sppid\tsid/ssid\n");
fclose(fp);
while (1) {
int ret = 0, i;
fp = fopen(name, "a");
fprintf(fp, "%d/%d\t%d/%d\t%d/%d\n",
getpid(), pid,
getppid(), ppid,
getsid(0), sid);
fclose(fp);
ret = check_credentials(pid, ppid, pgrp, sid);
if (ret) {
parse_credentials(ret, name, pid, ppid, pgrp, sid);
}
for (i = 0; i < cnum; i++) {
if (kill(cids[i], 0) < 0) {
printf("%s: no child #%d = %d\n", name, i, cids[i]);
}
}
sleep(1);
}
}
static Ret_t prv_start_message_cb(InstanceID_t id,
VoidPtr_t userData,
SmlSyncHdrPtr_t headerP)
{
internals_t * internP = (internals_t *)userData;
SmlStatusPtr_t statusP;
SmlChalPtr_t challengeP = NULL;
char * dataStr;
if (internP->reply_ref)
{
free(internP->reply_ref);
}
internP->sequence = NULL;
internP->seq_code = 0;
internP->reply_ref = smlPcdata2String(headerP->msgID);
if (headerP->cred)
{
internP->srv_auth = check_credentials(headerP->cred, internP->account->toClientCred);
challengeP= get_challenge(internP->account->toClientCred);
store_nonce(internP->dmtreeH->MOs, internP->account, false);
}
dataStr = smlPcdata2String(headerP->respURI);
if (dataStr)
{
set_new_uri(internP, dataStr);
free(dataStr);
}
statusP = create_status(internP, internP->srv_auth, NULL);
statusP->chal = challengeP;
add_target_ref(statusP, headerP->target);
add_source_ref(statusP, headerP->source);
add_element(internP, (basicElement_t *)statusP);
return SML_ERR_OK;
}
isc_result_t
krb5_get_tgt(const char *principal, const char *keyfile)
{
isc_result_t result = ISC_R_FAILURE;
char *ccname = NULL;
krb5_context context = NULL;
krb5_error_code krberr;
krb5_ccache ccache = NULL;
krb5_principal kprincpw = NULL;
krb5_creds my_creds;
krb5_creds * my_creds_ptr = NULL;
krb5_get_init_creds_opt options;
krb5_keytab keytab = NULL;
int ret;
if (keyfile == NULL || keyfile[0] == '\0') {
keyfile = KRB_DEFAULT_KEYTAB;
log_info("Using default keytab %s\n", keyfile);
} else {
if (strncmp(keyfile, "FILE:", 5) != 0) {
log_error("Unknown keytab path format: Does it start with FILE:?\n");
return ISC_R_FAILURE;
}
}
krberr = krb5_init_context(&context);
CHECK_KRB5(NULL, krberr, "Kerberos context initialization failed");
result = ISC_R_SUCCESS;
ccname = "MEMORY:dhcp_ld_krb5_cc";
log_info("Using ccache %s\n" , ccname);
ret = setenv("KRB5CCNAME", ccname, 1);
if (ret == -1) {
log_error("Failed to setup environment\n");
result = ISC_R_FAILURE;
goto cleanup;
}
krberr = krb5_cc_resolve(context, ccname, &ccache);
CHECK_KRB5(context, krberr, "Couldnt resolve ccache '%s'", ccname);
krberr = krb5_parse_name(context, principal, &kprincpw);
CHECK_KRB5(context, krberr, "Failed to parse princ '%s'", princpal);
result = check_credentials(context, ccache, kprincpw);
if (result == ISC_R_SUCCESS) {
log_info("Found valid kerberos credentials\n");
goto cleanup;
} else {
log_error("No valid krb5 credentials\n");
}
krberr = krb5_kt_resolve(context, keyfile, &keytab);
CHECK_KRB5(context, krberr,
"Failed to resolve kt files '%s'\n", keyfile);
memset(&my_creds, 0, sizeof(my_creds));
memset(&options, 0, sizeof(options));
krb5_get_init_creds_opt_set_tkt_life(&options, KRB_MIN_TIME * 2);
krb5_get_init_creds_opt_set_address_list(&options, NULL);
krb5_get_init_creds_opt_set_forwardable(&options, 0);
krb5_get_init_creds_opt_set_proxiable(&options, 0);
krberr = krb5_get_init_creds_keytab(context, &my_creds, kprincpw,
keytab, 0, NULL, &options);
CHECK_KRB5(context, krberr, "Failed to get initial credentials TGT\n");
my_creds_ptr = &my_creds;
krberr = krb5_cc_initialize(context, ccache, kprincpw);
CHECK_KRB5(context, krberr, "Failed to init ccache\n");
krberr = krb5_cc_store_cred(context, ccache, &my_creds);
CHECK_KRB5(context, krberr, "Failed to store credentials\n");
result = ISC_R_SUCCESS;
log_info("Successfully init krb tgt %s", principal);
cleanup:
if (ccache) krb5_cc_close(context, ccache);
if (keytab) krb5_kt_close(context, keytab);
if (kprincpw) krb5_free_principal(context, kprincpw);
if (my_creds_ptr) krb5_free_cred_contents(context, &my_creds);
if (context) krb5_free_context(context);
return result;
}
static void enqueue_proc(void* cookie, char* argp, size_t arg_size,
door_desc_t* dt, uint_t n_desc)
{
int return_fd = -1;
SolarisAttachOperation* op = NULL;
// no listener
jint res = 0;
if (!AttachListener::is_initialized()) {
// how did we get here?
debug_only(warning("door_call when not enabled"));
res = (jint)SolarisAttachListener::ATTACH_ERROR_INTERNAL;
}
// check client credentials
if (res == 0) {
if (check_credentials() != 0) {
res = (jint)SolarisAttachListener::ATTACH_ERROR_DENIED;
}
}
// if we are stopped at ShowMessageBoxOnError then maybe we can
// load a diagnostic library
if (res == 0 && is_error_reported()) {
if (ShowMessageBoxOnError) {
// TBD - support loading of diagnostic library here
}
// can't enqueue operation after fatal error
res = (jint)SolarisAttachListener::ATTACH_ERROR_RESOURCE;
}
// create the operation
if (res == 0) {
int err;
op = create_operation(argp, arg_size, &err);
res = (op == NULL) ? (jint)err : 0;
}
// create a pair of connected sockets. Store the file descriptor
// for one end in the operation and enqueue the operation. The
// file descriptor for the other end wil be returned to the client.
if (res == 0) {
int s[2];
if (socketpair(PF_UNIX, SOCK_STREAM, 0, s) < 0) {
delete op;
res = (jint)SolarisAttachListener::ATTACH_ERROR_RESOURCE;
} else {
op->set_socket(s[0]);
return_fd = s[1];
SolarisAttachListener::enqueue(op);
}
}
// Return 0 (success) + file descriptor, or non-0 (error)
if (res == 0) {
door_desc_t desc;
// DOOR_RELEASE flag makes sure fd is closed after passing it to
// the client. See door_return(3DOOR) man page.
desc.d_attributes = DOOR_DESCRIPTOR | DOOR_RELEASE;
desc.d_data.d_desc.d_descriptor = return_fd;
door_return((char*)&res, sizeof(res), &desc, 1);
} else {
door_return((char*)&res, sizeof(res), NULL, 0);
}
}
