2 * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "krb5_locl.h"
36 RCSID("$Id: send_to_kdc.c,v 1.58 2006/04/02 02:32:03 lha Exp $");
38 struct send_and_recv {
39 krb5_send_and_recv_func_t func;
40 krb5_send_and_recv_close_func_t close;
44 krb5_error_code KRB5_LIB_FUNCTION
45 krb5_set_send_recv_func(krb5_context context,
46 krb5_send_and_recv_func_t func,
47 krb5_send_and_recv_close_func_t close_fn,
50 free(context->send_and_recv);
51 context->send_and_recv = malloc(sizeof(*context->send_and_recv));
52 if (!context->send_and_recv) {
55 context->send_and_recv->func = func;
56 context->send_and_recv->close = close_fn;
57 context->send_and_recv->data = data;
63 * send the data in `req' on the socket `fd' (which is datagram iff udp)
64 * waiting `tmout' for a reply and returning the reply in `rep'.
65 * iff limit read up to this many bytes
66 * returns 0 and data in `rep' if succesful, otherwise -1
77 struct timeval timeout;
81 if (fd >= FD_SETSIZE) {
89 timeout.tv_sec = tmout;
91 ret = select (fd + 1, &fdset, NULL, NULL, &timeout);
96 } else if (ret == 0) {
101 if (ioctl (fd, FIONREAD, &nbytes) < 0) {
102 krb5_data_free (rep);
109 nbytes = min(nbytes, limit - rep->length);
111 tmp = realloc (rep->data, rep->length + nbytes);
113 krb5_data_free (rep);
117 ret = recv (fd, (char*)tmp + rep->length, nbytes, 0);
119 krb5_data_free (rep);
124 } while(!udp && (limit == 0 || rep->length < limit));
129 * Send kerberos requests and receive a reply on a udp or any other kind
130 * of a datagram socket. See `recv_loop'.
134 send_and_recv_udp(int fd,
136 const krb5_data *req,
139 if (send (fd, req->data, req->length, 0) < 0)
142 return recv_loop(fd, tmout, 1, 0, rep);
146 * `send_and_recv' for a TCP (or any other stream) socket.
147 * Since there are no record limits on a stream socket the protocol here
148 * is to prepend the request with 4 bytes of its length and the reply
149 * is similarly encoded.
153 send_and_recv_tcp(int fd,
155 const krb5_data *req,
158 unsigned char len[4];
159 unsigned long rep_len;
162 _krb5_put_int(len, req->length, 4);
163 if(net_write(fd, len, sizeof(len)) < 0)
165 if(net_write(fd, req->data, req->length) < 0)
167 if (recv_loop (fd, tmout, 0, 4, &len_data) < 0)
169 if (len_data.length != 4) {
170 krb5_data_free (&len_data);
173 _krb5_get_int(len_data.data, &rep_len, 4);
174 krb5_data_free (&len_data);
175 if (recv_loop (fd, tmout, 0, rep_len, rep) < 0)
177 if(rep->length != rep_len) {
178 krb5_data_free (rep);
185 _krb5_send_and_recv_tcp(int fd,
187 const krb5_data *req,
190 return send_and_recv_tcp(fd, tmout, req, rep);
194 * `send_and_recv' tailored for the HTTP protocol.
198 send_and_recv_http(int fd,
201 const krb5_data *req,
207 int len = base64_encode(req->data, req->length, &str);
211 asprintf(&request, "GET %s%s HTTP/1.0\r\n\r\n", prefix, str);
215 ret = net_write (fd, request, strlen(request));
219 ret = recv_loop(fd, tmout, 0, 0, rep);
223 unsigned long rep_len;
226 s = realloc(rep->data, rep->length + 1);
228 krb5_data_free (rep);
232 p = strstr(s, "\r\n\r\n");
240 rep->length -= p - s;
241 if(rep->length < 4) { /* remove length */
247 _krb5_get_int(p, &rep_len, 4);
248 if (rep_len != rep->length) {
253 memmove(rep->data, p + 4, rep->length);
259 init_port(const char *s, int fallback)
264 sscanf (s, "%d", &tmp);
271 * Return 0 if succesful, otherwise 1
275 send_via_proxy (krb5_context context,
276 const krb5_krbhst_info *hi,
277 const krb5_data *send_data,
280 char *proxy2 = strdup(context->http_proxy);
281 char *proxy = proxy2;
284 struct addrinfo hints;
285 struct addrinfo *ai, *a;
288 char portstr[NI_MAXSERV];
292 if (strncmp (proxy, "http://", 7) == 0)
295 colon = strchr(proxy, ':');
298 memset (&hints, 0, sizeof(hints));
299 hints.ai_family = PF_UNSPEC;
300 hints.ai_socktype = SOCK_STREAM;
301 snprintf (portstr, sizeof(portstr), "%d",
302 ntohs(init_port (colon, htons(80))));
303 ret = getaddrinfo (proxy, portstr, &hints, &ai);
306 return krb5_eai_to_heim_errno(ret, errno);
308 for (a = ai; a != NULL; a = a->ai_next) {
309 s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
312 if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
324 asprintf(&prefix, "http://%s/", hi->hostname);
329 ret = send_and_recv_http(s, context->kdc_timeout,
330 prefix, send_data, receive);
333 if(ret == 0 && receive->length != 0)
339 * Send the data `send' to one host from `handle` and get back the reply
343 krb5_error_code KRB5_LIB_FUNCTION
344 krb5_sendto (krb5_context context,
345 const krb5_data *send_data,
346 krb5_krbhst_handle handle,
349 krb5_error_code ret = 0;
353 for (i = 0; i < context->max_retries; ++i) {
354 krb5_krbhst_info *hi;
356 while (krb5_krbhst_next(context, handle, &hi) == 0) {
357 struct addrinfo *ai, *a;
359 if (context->send_and_recv) {
360 ret = context->send_and_recv->func(context,
361 context->send_and_recv->data,
362 hi, send_data, receive);
365 } else if (receive->length != 0) {
372 if(hi->proto == KRB5_KRBHST_HTTP && context->http_proxy) {
373 if (send_via_proxy (context, hi, send_data, receive)) {
374 /* Try again, with next host */
382 ret = krb5_krbhst_get_addrinfo(context, hi, &ai);
386 for (a = ai; a != NULL; a = a->ai_next) {
387 fd = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
390 if (connect (fd, a->ai_addr, a->ai_addrlen) < 0) {
395 case KRB5_KRBHST_HTTP :
396 ret = send_and_recv_http(fd, context->kdc_timeout,
397 "", send_data, receive);
399 case KRB5_KRBHST_TCP :
400 ret = send_and_recv_tcp (fd, context->kdc_timeout,
403 case KRB5_KRBHST_UDP :
404 ret = send_and_recv_udp (fd, context->kdc_timeout,
409 if(ret == 0 && receive->length != 0) {
414 krb5_krbhst_reset(context, handle);
416 krb5_clear_error_string (context);
417 return KRB5_KDC_UNREACH;
420 krb5_error_code KRB5_LIB_FUNCTION
421 krb5_sendto_kdc(krb5_context context,
422 const krb5_data *send_data,
423 const krb5_realm *realm,
426 return krb5_sendto_kdc_flags(context, send_data, realm, receive, 0);
429 krb5_error_code KRB5_LIB_FUNCTION
430 krb5_sendto_kdc_flags(krb5_context context,
431 const krb5_data *send_data,
432 const krb5_realm *realm,
437 krb5_krbhst_handle handle;
440 if ((flags & KRB5_KRBHST_FLAGS_MASTER) || context->use_admin_kdc)
441 type = KRB5_KRBHST_ADMIN;
443 type = KRB5_KRBHST_KDC;
445 if (send_data->length > context->large_msg_size)
446 flags |= KRB5_KRBHST_FLAGS_LARGE_MSG;
448 ret = krb5_krbhst_init_flags(context, *realm, type, flags, &handle);
452 ret = krb5_sendto(context, send_data, handle, receive);
453 krb5_krbhst_free(context, handle);
454 if (ret == KRB5_KDC_UNREACH)
455 krb5_set_error_string(context,
456 "unable to reach any KDC in realm %s", *realm);