[krbdev.mit.edu #6019] Add signal to force KDC to check for changed interfaces
Nicolas Williams via RT
rt-comment at krbdev.mit.edu
Tue Jul 8 17:55:52 EDT 2008
Or use a PF_ROUTE socket?
On Mon, Jul 07, 2008 at 04:19:32PM -0400, Alexandra Ellwood via RT wrote:
> diff -uNr -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/extern.c Kerberos/KerberosFramework/Kerberos5/Sources/kdc/extern.c
> --- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/extern.c 2006-11-16 14:54:22.000000000 -0800
> +++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/extern.c 2006-11-16 19:02:36.000000000 -0800
> @@ -40,3 +40,4 @@
>
> volatile int signal_requests_exit = 0; /* gets set when signal hits */
> volatile int signal_requests_hup = 0; /* ditto */
> +volatile int signal_requests_network = 0; /* ditto (SIGUSR1) */
> diff -uNr -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/extern.h Kerberos/KerberosFramework/Kerberos5/Sources/kdc/extern.h
> --- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/extern.h 2006-11-16 14:54:22.000000000 -0800
> +++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/extern.h 2006-11-16 19:02:36.000000000 -0800
> @@ -96,4 +96,5 @@
>
> extern volatile int signal_requests_exit;
> extern volatile int signal_requests_hup;
> +extern volatile int signal_requests_network;
> #endif /* __KRB5_KDC_EXTERN__ */
> diff -uNr -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/main.c Kerberos/KerberosFramework/Kerberos5/Sources/kdc/main.c
> --- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/main.c 2006-11-16 14:54:22.000000000 -0800
> +++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/main.c 2006-11-16 19:12:43.000000000 -0800
> @@ -56,6 +56,7 @@
>
> krb5_sigtype request_exit (int);
> krb5_sigtype request_hup (int);
> +krb5_sigtype request_network (int);
>
> void setup_signal_handlers (void);
>
> @@ -371,6 +372,18 @@
> #endif
> }
>
> +krb5_sigtype
> +request_network(int signo)
> +{
> + signal_requests_network = 1;
> +
> +#ifdef POSIX_SIGTYPE
> + return;
> +#else
> + return(0);
> +#endif
> +}
> +
> void
> setup_signal_handlers(void)
> {
> @@ -382,12 +395,15 @@
> (void) sigaction(SIGTERM, &s_action, (struct sigaction *) NULL);
> s_action.sa_handler = request_hup;
> (void) sigaction(SIGHUP, &s_action, (struct sigaction *) NULL);
> + s_action.sa_handler = request_network;
> + (void) sigaction(SIGUSR1, &s_action, (struct sigaction *) NULL);
> s_action.sa_handler = SIG_IGN;
> (void) sigaction(SIGPIPE, &s_action, (struct sigaction *) NULL);
> #else /* POSIX_SIGNALS */
> signal(SIGINT, request_exit);
> signal(SIGTERM, request_exit);
> signal(SIGHUP, request_hup);
> + signal(SIGUSR1, request_network);
> signal(SIGPIPE, SIG_IGN);
> #endif /* POSIX_SIGNALS */
>
> diff -uNr -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/network.c Kerberos/KerberosFramework/Kerberos5/Sources/kdc/network.c
> --- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/network.c 2006-11-16 14:54:22.000000000 -0800
> +++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/network.c 2006-11-16 19:02:36.000000000 -0800
> @@ -207,7 +207,7 @@
> (set.data[idx] = set.data[--set.n], 0)
>
> #define FREE_SET_DATA(set) if(set.data) free(set.data); \
> - (set.data = 0, set.max = 0)
> + (set.data = 0, set.max = 0, set.n = 0)
>
>
> /* Set<struct connection *> connections; */
> @@ -222,6 +222,8 @@
>
> static struct select_state sstate;
>
> +static int getcurtime (struct timeval *tvp);
> +
> static krb5_error_code add_udp_port(int port)
> {
> int i;
> @@ -1066,17 +1068,42 @@
> that junk on the stack. */
> static struct select_state sout;
> int i, sret;
> + int netchanged;
> krb5_error_code err;
>
> - if (conns == (struct connection **) NULL)
> - return KDC5_NONET;
> -
> + netchanged = 0;
> + if (conns == (struct connection **) NULL){
> + sleep(30);
> + err = setup_network(prog);
> + if (conns == (struct connection **) NULL)
> + return KDC5_NONET;
> + if (err){
> + com_err(prog, err,"while initalizing the network");
> + return err;
> + }
> + }
> +
> while (!signal_requests_exit) {
> if (signal_requests_hup) {
> krb5_klog_reopen(kdc_context);
> signal_requests_hup = 0;
> }
> - sstate.end_time.tv_sec = sstate.end_time.tv_usec = 0;
> +
> +
> + if (signal_requests_network) {
> + com_err(prog, EINTR, "signal_requests_network recieved");
> + err = getcurtime(&(sstate.end_time));
> + if(err) {
> + com_err(prog, err, "while getting the time");
> + continue;
> + }
> + sstate.end_time.tv_sec += 3;
> + netchanged = 1;
> + } else {
> + sstate.end_time.tv_sec = sstate.end_time.tv_usec = 0;
> + }
> +
> +
> err = krb5int_cm_call_select(&sstate, &sout, &sret);
> if (err) {
> com_err(prog, err, "while selecting for network input(1)");
> @@ -1087,6 +1114,17 @@
> com_err(prog, errno, "while selecting for network input(2)");
> continue;
> }
> + if(netchanged && (sret == 0)) {
> + signal_requests_network = 0;
> + (void)closedown_network(prog);
> + err = setup_network(prog);
> + if(err) {
> + com_err(prog, err, "while re-initializing network");
> + return err;
> + }
> + netchanged = 0;
> + }
> +
> nfound = sret;
> for (i=0; i<n_sockets && nfound > 0; i++) {
> int sflags = 0;
> @@ -1129,4 +1167,24 @@
> return 0;
> }
>
> +// stolen from sendto_kdc.c
> +static int getcurtime (struct timeval *tvp)
> +{
> +#ifdef _WIN32
> + struct _timeb tb;
> + _ftime(&tb);
> + tvp->tv_sec = tb.time;
> + tvp->tv_usec = tb.millitm * 1000;
> + /* Can _ftime fail? */
> + return 0;
> +#else
> + if (gettimeofday(tvp, 0)) {
> + //dperror("gettimeofday");
> + return errno;
> + }
> + return 0;
> +#endif
> +}
> +
> +
> #endif /* INET */
>
> _______________________________________________
> krb5-bugs mailing list
> krb5-bugs at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krb5-bugs
More information about the krb5-bugs
mailing list