NetBSD/crypto/dist/krb4/appl/popper/pop_init.c

400 lines
10 KiB
C
Raw Normal View History

/*
* Copyright (c) 1989 Regents of the University of California.
* All rights reserved. The Berkeley software License Agreement
* specifies the terms and conditions for redistribution.
*/
#include <popper.h>
2002-09-12 16:22:01 +04:00
__RCSID("$KTH-KRB: pop_init.c,v 1.58 2001/02/20 01:44:47 assar Exp $"
"$NetBSD: pop_init.c,v 1.1.1.4 2002/09/12 12:22:06 joda Exp $");
#if defined(KRB4) || defined(KRB5)
static int
pop_net_read(POP *p, int fd, void *buf, size_t len)
{
#ifdef KRB5
return krb5_net_read(p->context, &fd, buf, len);
#elif defined(KRB4)
return krb_net_read(fd, buf, len);
#endif
}
#endif
2001-09-17 16:09:38 +04:00
static char *addr_log;
static void
pop_write_addr(POP *p, struct sockaddr *addr)
{
char ts[32];
char as[128];
time_t t;
FILE *f;
if(addr_log == NULL)
return;
t = time(NULL);
strftime(ts, sizeof(ts), "%Y%m%d%H%M%S", localtime(&t));
if(inet_ntop (addr->sa_family, socket_get_address(addr),
as, sizeof(as)) == NULL) {
pop_log(p, POP_PRIORITY, "failed to print address");
return;
}
f = fopen(addr_log, "a");
if(f == NULL) {
pop_log(p, POP_PRIORITY, "failed to open address log (%s)", addr_log);
return;
}
fprintf(f, "%s %s\n", as, ts);
fclose(f);
}
#ifdef KRB4
static int
krb4_authenticate (POP *p, int s, u_char *buf, struct sockaddr *addr)
{
Key_schedule schedule;
KTEXT_ST ticket;
char instance[INST_SZ];
char version[9];
int auth;
if (memcmp (buf, KRB_SENDAUTH_VERS, 4) != 0)
return -1;
if (pop_net_read (p, s, buf + 4,
KRB_SENDAUTH_VLEN - 4) != KRB_SENDAUTH_VLEN - 4)
return -1;
if (memcmp (buf, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN) != 0)
return -1;
k_getsockinst (0, instance, sizeof(instance));
auth = krb_recvauth(KOPT_IGNORE_PROTOCOL,
s,
&ticket,
"pop",
instance,
(struct sockaddr_in *)addr,
(struct sockaddr_in *) NULL,
&p->kdata,
"",
schedule,
version);
if (auth != KSUCCESS) {
pop_msg(p, POP_FAILURE, "Kerberos authentication failure: %s",
krb_get_err_text(auth));
2000-12-29 04:42:08 +03:00
pop_log(p, POP_PRIORITY, "%s: (%s.%s@%s) %s", p->client,
p->kdata.pname, p->kdata.pinst, p->kdata.prealm,
krb_get_err_text(auth));
2001-09-17 16:09:38 +04:00
return -1;
}
#ifdef DEBUG
pop_log(p, POP_DEBUG, "%s.%s@%s (%s): ok", p->kdata.pname,
p->kdata.pinst, p->kdata.prealm, p->ipaddr);
#endif /* DEBUG */
return 0;
}
#endif /* KRB4 */
#ifdef KRB5
static int
krb5_authenticate (POP *p, int s, u_char *buf, struct sockaddr *addr)
{
krb5_error_code ret;
krb5_auth_context auth_context = NULL;
u_int32_t len;
krb5_ticket *ticket;
2001-09-17 16:09:38 +04:00
char *server;
if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0)
return -1;
len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | (buf[3]);
if (krb5_net_read(p->context, &s, buf, len) != len)
return -1;
if (len != sizeof(KRB5_SENDAUTH_VERSION)
|| memcmp (buf, KRB5_SENDAUTH_VERSION, len) != 0)
return -1;
ret = krb5_recvauth (p->context,
&auth_context,
&s,
"KPOPV1.0",
NULL, /* let rd_req figure out what server to use */
KRB5_RECVAUTH_IGNORE_VERSION,
NULL,
&ticket);
2001-09-17 16:09:38 +04:00
if (ret) {
pop_log(p, POP_PRIORITY, "krb5_recvauth: %s",
krb5_get_err_text(p->context, ret));
return -1;
}
2001-09-17 16:09:38 +04:00
ret = krb5_unparse_name(p->context, ticket->server, &server);
if(ret) {
pop_log(p, POP_PRIORITY, "krb5_unparse_name: %s",
krb5_get_err_text(p->context, ret));
ret = -1;
goto out;
}
2001-09-17 16:09:38 +04:00
/* does this make sense? */
if(strncmp(server, "pop/", 4) != 0) {
pop_log(p, POP_PRIORITY,
"Got ticket for service `%s'", server);
ret = -1;
goto out;
} else if(p->debug)
pop_log(p, POP_DEBUG,
"Accepted ticket for service `%s'", server);
free(server);
out:
krb5_auth_con_free (p->context, auth_context);
krb5_copy_principal (p->context, ticket->client, &p->principal);
krb5_free_ticket (p->context, ticket);
return ret;
}
#endif
static int
krb_authenticate(POP *p, struct sockaddr *addr)
{
#if defined(KRB4) || defined(KRB5)
u_char buf[BUFSIZ];
if (pop_net_read (p, 0, buf, 4) != 4) {
pop_msg(p, POP_FAILURE, "Reading four bytes: %s",
strerror(errno));
exit (1);
}
#ifdef KRB4
if (krb4_authenticate (p, 0, buf, addr) == 0){
2001-09-17 16:09:38 +04:00
pop_write_addr(p, addr);
p->version = 4;
return POP_SUCCESS;
}
#endif
#ifdef KRB5
if (krb5_authenticate (p, 0, buf, addr) == 0){
2001-09-17 16:09:38 +04:00
pop_write_addr(p, addr);
p->version = 5;
return POP_SUCCESS;
}
#endif
exit (1);
#endif /* defined(KRB4) || defined(KRB5) */
return(POP_SUCCESS);
}
static int
plain_authenticate (POP *p, struct sockaddr *addr)
{
return(POP_SUCCESS);
}
static int kerberos_flag;
static char *auth_str;
static int debug_flag;
static int interactive_flag;
static char *port_str;
static char *trace_file;
static int timeout;
static int help_flag;
static int version_flag;
static struct getargs args[] = {
#if defined(KRB4) || defined(KRB5)
{ "kerberos", 'k', arg_flag, &kerberos_flag, "use kerberos" },
#endif
{ "auth-mode", 'a', arg_string, &auth_str, "required authentication" },
{ "debug", 'd', arg_flag, &debug_flag },
{ "interactive", 'i', arg_flag, &interactive_flag, "create new socket" },
{ "port", 'p', arg_string, &port_str, "port to listen to", "port" },
{ "trace-file", 't', arg_string, &trace_file, "trace all command to file", "file" },
{ "timeout", 'T', arg_integer, &timeout, "timeout", "seconds" },
2001-09-17 16:09:38 +04:00
{ "address-log", 0, arg_string, &addr_log, "enable address log", "file" },
{ "help", 'h', arg_flag, &help_flag },
{ "version", 'v', arg_flag, &version_flag }
};
static int num_args = sizeof(args) / sizeof(args[0]);
/*
* init: Start a Post Office Protocol session
*/
static int
pop_getportbyname(POP *p, const char *service,
const char *proto, short def)
{
#ifdef KRB5
return krb5_getportbyname(p->context, service, proto, def);
#elif defined(KRB4)
return k_getportbyname(service, proto, htons(def));
#else
return htons(default);
#endif
}
int
pop_init(POP *p,int argcount,char **argmessage)
{
struct sockaddr_storage cs_ss;
struct sockaddr *cs = (struct sockaddr *)&cs_ss;
2001-09-17 16:09:38 +04:00
socklen_t len;
char * trace_file_name = "/tmp/popper-trace";
int portnum = 0;
int optind = 0;
int error;
/* Initialize the POP parameter block */
memset (p, 0, sizeof(POP));
2001-09-17 16:09:38 +04:00
setprogname(argmessage[0]);
/* Save my name in a global variable */
2001-09-17 16:09:38 +04:00
p->myname = (char*)getprogname();
/* Get the name of our host */
gethostname(p->myhost,MaxHostNameLen);
#ifdef KRB5
2001-09-17 16:09:38 +04:00
{
krb5_error_code ret;
2001-09-17 16:09:38 +04:00
ret = krb5_init_context (&p->context);
if (ret)
errx (1, "krb5_init_context failed: %d", ret);
krb5_openlog(p->context, p->myname, &p->logf);
krb5_set_warn_dest(p->context, p->logf);
}
#else
/* Open the log file */
roken_openlog(p->myname,POP_LOGOPTS,POP_FACILITY);
#endif
p->auth_level = AUTH_NONE;
if(getarg(args, num_args, argcount, argmessage, &optind)){
arg_printusage(args, num_args, NULL, "");
exit(1);
}
if(help_flag){
arg_printusage(args, num_args, NULL, "");
exit(0);
}
if(version_flag){
print_version(NULL);
exit(0);
}
argcount -= optind;
argmessage += optind;
if (argcount != 0) {
arg_printusage(args, num_args, NULL, "");
exit(1);
}
if(auth_str){
if (strcmp (auth_str, "none") == 0)
p->auth_level = AUTH_NONE;
else if(strcmp(auth_str, "otp") == 0)
p->auth_level = AUTH_OTP;
else
warnx ("bad value for -a: %s", optarg);
}
/* Debugging requested */
p->debug = debug_flag;
if(port_str)
portnum = htons(atoi(port_str));
if(trace_file){
p->debug++;
if ((p->trace = fopen(trace_file, "a+")) == NULL) {
pop_log(p, POP_PRIORITY,
"Unable to open trace file \"%s\", err = %d",
optarg,errno);
exit (1);
}
trace_file_name = trace_file;
}
#if defined(KRB4) || defined(KRB5)
p->kerberosp = kerberos_flag;
#endif
if(timeout)
pop_timeout = timeout;
/* Fake inetd */
if (interactive_flag) {
if (portnum == 0)
portnum = p->kerberosp ?
pop_getportbyname(p, "kpop", "tcp", 1109) :
pop_getportbyname(p, "pop", "tcp", 110);
mini_inetd (portnum);
}
/* Get the address and socket of the client to whom I am speaking */
len = sizeof(cs_ss);
if (getpeername(STDIN_FILENO, cs, &len) < 0) {
pop_log(p,POP_PRIORITY,
"Unable to obtain socket and address of client, err = %d",errno);
exit (1);
}
/* Save the dotted decimal form of the client's IP address
in the POP parameter block */
inet_ntop (cs->sa_family, socket_get_address (cs),
p->ipaddr, sizeof(p->ipaddr));
/* Save the client's port */
p->ipport = ntohs(socket_get_port (cs));
/* Get the canonical name of the host to whom I am speaking */
2001-09-17 16:09:38 +04:00
error = getnameinfo_verified (cs, len, p->client, sizeof(p->client),
NULL, 0, 0);
if (error) {
pop_log (p, POP_PRIORITY,
"getnameinfo: %s", gai_strerror (error));
strlcpy (p->client, p->ipaddr, sizeof(p->client));
}
/* Create input file stream for TCP/IP communication */
if ((p->input = fdopen(STDIN_FILENO,"r")) == NULL){
pop_log(p,POP_PRIORITY,
"Unable to open communication stream for input, err = %d",errno);
exit (1);
}
/* Create output file stream for TCP/IP communication */
if ((p->output = fdopen(STDOUT_FILENO,"w")) == NULL){
pop_log(p,POP_PRIORITY,
"Unable to open communication stream for output, err = %d",errno);
exit (1);
}
pop_log(p,POP_PRIORITY,
"(v%s) Servicing request from \"%s\" at %s\n",
VERSION,p->client,p->ipaddr);
#ifdef DEBUG
if (p->trace)
pop_log(p,POP_PRIORITY,
"Tracing session and debugging information in file \"%s\"",
trace_file_name);
else if (p->debug)
pop_log(p,POP_PRIORITY,"Debugging turned on");
#endif /* DEBUG */
return((p->kerberosp ? krb_authenticate : plain_authenticate)(p, cs));
}