2 * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "krb5_locl.h"
36 RCSID("$Id: send_to_kdc.c 21934 2007-08-27 14:21:04Z lha $");
39 krb5_send_to_kdc_func func;
44 * send the data in `req' on the socket `fd' (which is datagram iff udp)
45 * waiting `tmout' for a reply and returning the reply in `rep'.
46 * iff limit read up to this many bytes
47 * returns 0 and data in `rep' if succesful, otherwise -1
58 struct timeval timeout;
62 if (fd >= FD_SETSIZE) {
70 timeout.tv_sec = tmout;
72 ret = select (fd + 1, &fdset, NULL, NULL, &timeout);
77 } else if (ret == 0) {
82 if (ioctl (fd, FIONREAD, &nbytes) < 0) {
90 nbytes = min(nbytes, limit - rep->length);
92 tmp = realloc (rep->data, rep->length + nbytes);
98 ret = recv (fd, (char*)tmp + rep->length, nbytes, 0);
100 krb5_data_free (rep);
105 } while(!udp && (limit == 0 || rep->length < limit));
110 * Send kerberos requests and receive a reply on a udp or any other kind
111 * of a datagram socket. See `recv_loop'.
115 send_and_recv_udp(int fd,
117 const krb5_data *req,
120 if (send (fd, req->data, req->length, 0) < 0)
123 return recv_loop(fd, tmout, 1, 0, rep);
127 * `send_and_recv' for a TCP (or any other stream) socket.
128 * Since there are no record limits on a stream socket the protocol here
129 * is to prepend the request with 4 bytes of its length and the reply
130 * is similarly encoded.
134 send_and_recv_tcp(int fd,
136 const krb5_data *req,
139 unsigned char len[4];
140 unsigned long rep_len;
143 _krb5_put_int(len, req->length, 4);
144 if(net_write(fd, len, sizeof(len)) < 0)
146 if(net_write(fd, req->data, req->length) < 0)
148 if (recv_loop (fd, tmout, 0, 4, &len_data) < 0)
150 if (len_data.length != 4) {
151 krb5_data_free (&len_data);
154 _krb5_get_int(len_data.data, &rep_len, 4);
155 krb5_data_free (&len_data);
156 if (recv_loop (fd, tmout, 0, rep_len, rep) < 0)
158 if(rep->length != rep_len) {
159 krb5_data_free (rep);
166 _krb5_send_and_recv_tcp(int fd,
168 const krb5_data *req,
171 return send_and_recv_tcp(fd, tmout, req, rep);
175 * `send_and_recv' tailored for the HTTP protocol.
179 send_and_recv_http(int fd,
182 const krb5_data *req,
188 int len = base64_encode(req->data, req->length, &str);
192 asprintf(&request, "GET %s%s HTTP/1.0\r\n\r\n", prefix, str);
196 ret = net_write (fd, request, strlen(request));
200 ret = recv_loop(fd, tmout, 0, 0, rep);
204 unsigned long rep_len;
207 s = realloc(rep->data, rep->length + 1);
209 krb5_data_free (rep);
213 p = strstr(s, "\r\n\r\n");
221 rep->length -= p - s;
222 if(rep->length < 4) { /* remove length */
228 _krb5_get_int(p, &rep_len, 4);
229 if (rep_len != rep->length) {
234 memmove(rep->data, p + 4, rep->length);
240 init_port(const char *s, int fallback)
245 sscanf (s, "%d", &tmp);
252 * Return 0 if succesful, otherwise 1
256 send_via_proxy (krb5_context context,
257 const krb5_krbhst_info *hi,
258 const krb5_data *send_data,
261 char *proxy2 = strdup(context->http_proxy);
262 char *proxy = proxy2;
265 struct addrinfo hints;
266 struct addrinfo *ai, *a;
269 char portstr[NI_MAXSERV];
273 if (strncmp (proxy, "http://", 7) == 0)
276 colon = strchr(proxy, ':');
279 memset (&hints, 0, sizeof(hints));
280 hints.ai_family = PF_UNSPEC;
281 hints.ai_socktype = SOCK_STREAM;
282 snprintf (portstr, sizeof(portstr), "%d",
283 ntohs(init_port (colon, htons(80))));
284 ret = getaddrinfo (proxy, portstr, &hints, &ai);
287 return krb5_eai_to_heim_errno(ret, errno);
289 for (a = ai; a != NULL; a = a->ai_next) {
290 s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
293 if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
305 asprintf(&prefix, "http://%s/", hi->hostname);
310 ret = send_and_recv_http(s, context->kdc_timeout,
311 prefix, send_data, receive);
314 if(ret == 0 && receive->length != 0)
320 * Send the data `send' to one host from `handle` and get back the reply
324 krb5_error_code KRB5_LIB_FUNCTION
325 krb5_sendto (krb5_context context,
326 const krb5_data *send_data,
327 krb5_krbhst_handle handle,
334 krb5_data_zero(receive);
336 for (i = 0; i < context->max_retries; ++i) {
337 krb5_krbhst_info *hi;
339 while (krb5_krbhst_next(context, handle, &hi) == 0) {
340 struct addrinfo *ai, *a;
342 if (context->send_to_kdc) {
343 struct send_to_kdc *s = context->send_to_kdc;
345 ret = (*s->func)(context, s->data,
346 hi, send_data, receive);
347 if (ret == 0 && receive->length != 0)
352 if(hi->proto == KRB5_KRBHST_HTTP && context->http_proxy) {
353 if (send_via_proxy (context, hi, send_data, receive) == 0) {
360 ret = krb5_krbhst_get_addrinfo(context, hi, &ai);
364 for (a = ai; a != NULL; a = a->ai_next) {
365 fd = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
368 if (connect (fd, a->ai_addr, a->ai_addrlen) < 0) {
373 case KRB5_KRBHST_HTTP :
374 ret = send_and_recv_http(fd, context->kdc_timeout,
375 "", send_data, receive);
377 case KRB5_KRBHST_TCP :
378 ret = send_and_recv_tcp (fd, context->kdc_timeout,
381 case KRB5_KRBHST_UDP :
382 ret = send_and_recv_udp (fd, context->kdc_timeout,
387 if(ret == 0 && receive->length != 0)
391 krb5_krbhst_reset(context, handle);
393 krb5_clear_error_string (context);
394 ret = KRB5_KDC_UNREACH;
399 krb5_error_code KRB5_LIB_FUNCTION
400 krb5_sendto_kdc(krb5_context context,
401 const krb5_data *send_data,
402 const krb5_realm *realm,
405 return krb5_sendto_kdc_flags(context, send_data, realm, receive, 0);
408 krb5_error_code KRB5_LIB_FUNCTION
409 krb5_sendto_kdc_flags(krb5_context context,
410 const krb5_data *send_data,
411 const krb5_realm *realm,
418 ret = krb5_sendto_ctx_alloc(context, &ctx);
421 krb5_sendto_ctx_add_flags(ctx, flags);
422 krb5_sendto_ctx_set_func(ctx, _krb5_kdc_retry, NULL);
424 ret = krb5_sendto_context(context, ctx, send_data, *realm, receive);
425 krb5_sendto_ctx_free(context, ctx);
429 krb5_error_code KRB5_LIB_FUNCTION
430 krb5_set_send_to_kdc_func(krb5_context context,
431 krb5_send_to_kdc_func func,
434 free(context->send_to_kdc);
436 context->send_to_kdc = NULL;
440 context->send_to_kdc = malloc(sizeof(*context->send_to_kdc));
441 if (context->send_to_kdc == NULL) {
442 krb5_set_error_string(context, "Out of memory");
446 context->send_to_kdc->func = func;
447 context->send_to_kdc->data = data;
451 struct krb5_sendto_ctx_data {
454 krb5_sendto_ctx_func func;
458 krb5_error_code KRB5_LIB_FUNCTION
459 krb5_sendto_ctx_alloc(krb5_context context, krb5_sendto_ctx *ctx)
461 *ctx = calloc(1, sizeof(**ctx));
463 krb5_set_error_string(context, "out of memory");
469 void KRB5_LIB_FUNCTION
470 krb5_sendto_ctx_add_flags(krb5_sendto_ctx ctx, int flags)
475 int KRB5_LIB_FUNCTION
476 krb5_sendto_ctx_get_flags(krb5_sendto_ctx ctx)
481 void KRB5_LIB_FUNCTION
482 krb5_sendto_ctx_set_type(krb5_sendto_ctx ctx, int type)
488 void KRB5_LIB_FUNCTION
489 krb5_sendto_ctx_set_func(krb5_sendto_ctx ctx,
490 krb5_sendto_ctx_func func,
497 void KRB5_LIB_FUNCTION
498 krb5_sendto_ctx_free(krb5_context context, krb5_sendto_ctx ctx)
500 memset(ctx, 0, sizeof(*ctx));
504 krb5_error_code KRB5_LIB_FUNCTION
505 krb5_sendto_context(krb5_context context,
507 const krb5_data *send_data,
508 const krb5_realm realm,
512 krb5_krbhst_handle handle = NULL;
513 int type, freectx = 0;
516 krb5_data_zero(receive);
520 ret = krb5_sendto_ctx_alloc(context, &ctx);
527 if ((ctx->flags & KRB5_KRBHST_FLAGS_MASTER) || context->use_admin_kdc)
528 type = KRB5_KRBHST_ADMIN;
530 type = KRB5_KRBHST_KDC;
533 if (send_data->length > context->large_msg_size)
534 ctx->flags |= KRB5_KRBHST_FLAGS_LARGE_MSG;
536 /* loop until we get back a appropriate response */
539 action = KRB5_SENDTO_DONE;
541 krb5_data_free(receive);
543 if (handle == NULL) {
544 ret = krb5_krbhst_init_flags(context, realm, type,
545 ctx->flags, &handle);
548 krb5_sendto_ctx_free(context, ctx);
553 ret = krb5_sendto(context, send_data, handle, receive);
557 ret = (*ctx->func)(context, ctx, ctx->data, receive, &action);
561 if (action != KRB5_SENDTO_CONTINUE) {
562 krb5_krbhst_free(context, handle);
565 } while (action != KRB5_SENDTO_DONE);
567 krb5_krbhst_free(context, handle);
568 if (ret == KRB5_KDC_UNREACH)
569 krb5_set_error_string(context,
570 "unable to reach any KDC in realm %s", realm);
572 krb5_data_free(receive);
574 krb5_sendto_ctx_free(context, ctx);
579 _krb5_kdc_retry(krb5_context context, krb5_sendto_ctx ctx, void *data,
580 const krb5_data *reply, int *action)
585 if(krb5_rd_error(context, reply, &error))
588 ret = krb5_error_from_rd_error(context, &error, NULL);
589 krb5_free_error_contents(context, &error);
592 case KRB5KRB_ERR_RESPONSE_TOO_BIG: {
593 if (krb5_sendto_ctx_get_flags(ctx) & KRB5_KRBHST_FLAGS_LARGE_MSG)
595 krb5_sendto_ctx_add_flags(ctx, KRB5_KRBHST_FLAGS_LARGE_MSG);
596 *action = KRB5_SENDTO_RESTART;
599 case KRB5KDC_ERR_SVC_UNAVAILABLE:
600 *action = KRB5_SENDTO_CONTINUE;