Exemplo n.º 1
0
Arquivo: conf5.c Projeto: dmtcp/dmtcp
void
process(char *name, pid_t *cids, int cnum)
{
  pid_t pid = getpid();
  pid_t ppid = getppid();
  pid_t pgrp = getpgrp();
  pid_t sid = getsid(0);

  FILE *fp;

  fp = fopen(name, "w");
  fprintf(fp, "pid/spid\tppid/sppid\tsid/ssid\n");
  fclose(fp);
  while (1) {
    int ret = 0, i;

    fp = fopen(name, "a");
    fprintf(fp, "%d/%d\t%d/%d\t%d/%d\n",
            getpid(), pid,
            getppid(), ppid,
            getsid(0), sid);
    fclose(fp);

    ret = check_credentials(pid, ppid, pgrp, sid);
    if (ret) {
      parse_credentials(ret, name, pid, ppid, pgrp, sid);
    }
    for (i = 0; i < cnum; i++) {
      if (kill(cids[i], 0) < 0) {
        printf("%s: no child #%d = %d\n", name, i, cids[i]);
      }
    }
    sleep(1);
  }
}
Exemplo n.º 2
0
static Ret_t prv_start_message_cb(InstanceID_t id,
                                  VoidPtr_t userData,
                                  SmlSyncHdrPtr_t headerP)
{
    internals_t * internP = (internals_t *)userData;
    SmlStatusPtr_t statusP;
    SmlChalPtr_t challengeP = NULL;
    char * dataStr;

    if (internP->reply_ref)
    {
        free(internP->reply_ref);
    }
    internP->sequence = NULL;
    internP->seq_code = 0;

    internP->reply_ref = smlPcdata2String(headerP->msgID);

    if (headerP->cred)
    {
        internP->srv_auth = check_credentials(headerP->cred, internP->account->toClientCred);
        challengeP= get_challenge(internP->account->toClientCred);
        store_nonce(internP->dmtreeH->MOs, internP->account, false);
    }

    dataStr = smlPcdata2String(headerP->respURI);
    if (dataStr)
    {
        set_new_uri(internP, dataStr);
        free(dataStr);
    }

    statusP = create_status(internP, internP->srv_auth, NULL);
    statusP->chal = challengeP;
    add_target_ref(statusP, headerP->target);
    add_source_ref(statusP, headerP->source);

    add_element(internP, (basicElement_t *)statusP);

    return SML_ERR_OK;
}
Exemplo n.º 3
0
isc_result_t
krb5_get_tgt(const char *principal, const char *keyfile)
{
    isc_result_t result = ISC_R_FAILURE;
    char *ccname = NULL;
    krb5_context context = NULL;
    krb5_error_code krberr;
    krb5_ccache ccache = NULL;
    krb5_principal kprincpw = NULL;
    krb5_creds my_creds;
    krb5_creds * my_creds_ptr = NULL;
    krb5_get_init_creds_opt options;
    krb5_keytab keytab = NULL;
    int ret;
    
    if (keyfile == NULL || keyfile[0] == '\0') {
        keyfile = KRB_DEFAULT_KEYTAB;
        log_info("Using default keytab %s\n", keyfile);
    } else {
        if (strncmp(keyfile, "FILE:", 5) != 0) {
            log_error("Unknown keytab path format: Does it start with FILE:?\n");
            return ISC_R_FAILURE;
        }
    }

    krberr = krb5_init_context(&context);
    CHECK_KRB5(NULL, krberr, "Kerberos context initialization failed");

    result = ISC_R_SUCCESS;

    ccname = "MEMORY:dhcp_ld_krb5_cc";
    log_info("Using ccache %s\n" , ccname);

    ret = setenv("KRB5CCNAME", ccname, 1);
    if (ret == -1) {
        log_error("Failed to setup environment\n");
        result = ISC_R_FAILURE;
        goto cleanup;
    }

    krberr = krb5_cc_resolve(context, ccname, &ccache);
    CHECK_KRB5(context, krberr, "Couldnt resolve ccache '%s'", ccname);

    krberr = krb5_parse_name(context, principal, &kprincpw);
    CHECK_KRB5(context, krberr, "Failed to parse princ '%s'", princpal);

    result = check_credentials(context, ccache, kprincpw);
    if (result == ISC_R_SUCCESS) {
        log_info("Found valid kerberos credentials\n");
        goto cleanup;
    } else {
        log_error("No valid krb5 credentials\n");
    }

    krberr = krb5_kt_resolve(context, keyfile, &keytab);
    CHECK_KRB5(context, krberr, 
            "Failed to resolve kt files '%s'\n", keyfile);

    memset(&my_creds, 0, sizeof(my_creds));
    memset(&options, 0, sizeof(options));

    krb5_get_init_creds_opt_set_tkt_life(&options, KRB_MIN_TIME * 2);
    krb5_get_init_creds_opt_set_address_list(&options, NULL);
    krb5_get_init_creds_opt_set_forwardable(&options, 0);
    krb5_get_init_creds_opt_set_proxiable(&options, 0);

    krberr = krb5_get_init_creds_keytab(context, &my_creds, kprincpw,
                keytab, 0, NULL, &options);
    CHECK_KRB5(context, krberr, "Failed to get initial credentials TGT\n");
    
    my_creds_ptr = &my_creds;

    krberr = krb5_cc_initialize(context, ccache, kprincpw);
    CHECK_KRB5(context, krberr, "Failed to init ccache\n");

    krberr = krb5_cc_store_cred(context, ccache, &my_creds);
    CHECK_KRB5(context, krberr, "Failed to store credentials\n");

    result = ISC_R_SUCCESS;
    log_info("Successfully init krb tgt %s", principal);

cleanup:
    if (ccache) krb5_cc_close(context, ccache);
    if (keytab) krb5_kt_close(context, keytab);
    if (kprincpw) krb5_free_principal(context, kprincpw);
    if (my_creds_ptr) krb5_free_cred_contents(context, &my_creds);
    if (context) krb5_free_context(context);
    return result;
}
Exemplo n.º 4
0
  static void enqueue_proc(void* cookie, char* argp, size_t arg_size,
                           door_desc_t* dt, uint_t n_desc)
  {
    int return_fd = -1;
    SolarisAttachOperation* op = NULL;

    // no listener
    jint res = 0;
    if (!AttachListener::is_initialized()) {
      // how did we get here?
      debug_only(warning("door_call when not enabled"));
      res = (jint)SolarisAttachListener::ATTACH_ERROR_INTERNAL;
    }

    // check client credentials
    if (res == 0) {
      if (check_credentials() != 0) {
        res = (jint)SolarisAttachListener::ATTACH_ERROR_DENIED;
      }
    }

    // if we are stopped at ShowMessageBoxOnError then maybe we can
    // load a diagnostic library
    if (res == 0 && is_error_reported()) {
      if (ShowMessageBoxOnError) {
        // TBD - support loading of diagnostic library here
      }

      // can't enqueue operation after fatal error
      res = (jint)SolarisAttachListener::ATTACH_ERROR_RESOURCE;
    }

    // create the operation
    if (res == 0) {
      int err;
      op = create_operation(argp, arg_size, &err);
      res = (op == NULL) ? (jint)err : 0;
    }

    // create a pair of connected sockets. Store the file descriptor
    // for one end in the operation and enqueue the operation. The
    // file descriptor for the other end wil be returned to the client.
    if (res == 0) {
      int s[2];
      if (socketpair(PF_UNIX, SOCK_STREAM, 0, s) < 0) {
        delete op;
        res = (jint)SolarisAttachListener::ATTACH_ERROR_RESOURCE;
      } else {
        op->set_socket(s[0]);
        return_fd = s[1];
        SolarisAttachListener::enqueue(op);
      }
    }

    // Return 0 (success) + file descriptor, or non-0 (error)
    if (res == 0) {
      door_desc_t desc;
      // DOOR_RELEASE flag makes sure fd is closed after passing it to
      // the client.  See door_return(3DOOR) man page.
      desc.d_attributes = DOOR_DESCRIPTOR | DOOR_RELEASE;
      desc.d_data.d_desc.d_descriptor = return_fd;
      door_return((char*)&res, sizeof(res), &desc, 1);
    } else {
      door_return((char*)&res, sizeof(res), NULL, 0);
    }
  }