1 /*
2 * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
3 * Use is subject to license terms.
4 */
5
6 #pragma ident "@(#)ovsec_kadmd.c 1.9 04/09/08 SMI"
7
8 /*
9 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
10 *
11 * Openvision retains the copyright to derivative works of
12 * this source code. Do *NOT* create a derivative of this
13 * source code before consulting with your legal department.
14 * Do *NOT* integrate *ANY* of this source code into another
15 * product before consulting with your legal department.
16 *
17 * For further information, read the top-level Openvision
18 * copyright which is contained in the top-level MIT Kerberos
19 * copyright.
20 *
21 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
22 *
23 */
24
25
26 /*
37 #include <syslog.h>
38 #include <sys/types.h>
39 #include <sys/time.h>
40 #include <sys/socket.h>
41 #include <unistd.h>
42 #include <netinet/in.h>
43 #include <arpa/inet.h> /* inet_ntoa */
44 #include <netdb.h>
45 #include <gssapi/gssapi.h>
46 #include <rpc/rpc.h>
47 #include <kadm5/admin.h>
48 #include <kadm5/kadm_rpc.h>
49 #include <kadm5/server_internal.h>
50 #include <server_acl.h>
51 #include <krb5/adm_proto.h>
52 #include <string.h>
53 #include <gssapi_krb5.h>
54 #include <libintl.h>
55 #include <locale.h>
56 #include <sys/resource.h>
57
58 #ifndef FD_SETSIZE
59 #define FD_SETSIZE 256
60 #endif
61
62 #ifndef MAX
63 #define MAX(a, b) (((a) > (b)) ? (a) : (b))
64 #endif
65
66 static int signal_request_exit = 0;
67 static int schpw;
68 kadm5_config_params chgpw_params;
69 void kadm_svc_run(void);
70 void setup_signal_handlers();
71 void sig_exit(int);
72 void sig_pipe(int);
73
74 #ifdef POSIX_SIGNALS
75 static struct sigaction s_action;
76 #endif /* POSIX_SIGNALS */
77
78 #define TIMEOUT 15
79
80 typedef struct _auth_gssapi_name {
81 char *name;
82 gss_OID type;
83 } auth_gssapi_name;
84
85 gss_name_t gss_changepw_name = NULL, gss_oldchangepw_name = NULL;
86 void *global_server_handle;
87
88 /*
89 * This is a kludge, but the server needs these constants to be
90 * compatible with old clients. They are defined in <kadm5/admin.h>,
91 * but only if USE_KADM5_API_VERSION == 1.
92 */
93 #define OVSEC_KADM_ADMIN_SERVICE_P "ovsec_adm@admin"
94 #define OVSEC_KADM_CHANGEPW_SERVICE_P "ovsec_adm@changepw"
95
96 /*
97 * This enables us to set the keytab that gss_acquire_cred uses, but
98 * it also restricts us to linking against the Kv5 GSS-API library.
99 * Since this is *k*admind, that shouldn't be a problem.
100 */
101 extern char *krb5_overridekeyname;
102
103
104 /*
105 * Function: usage
106 *
107 * Purpose: print out the server usage message
108 *
109 * Arguments:
110 * Requires:
111 * Effects:
112 * Modifies:
113 */
114
115 void
116 usage()
117 {
118 fprintf(stderr, gettext("Usage: kadmind [-r realm] [-m] [-d] "
119 "[-p port-number]\n"));
120 exit(1);
121 }
122
158 OM_uint32 msg_ctx;
159
160 msg_ctx = 0;
161 while (1) {
162 maj_stat = gss_display_status(&min_stat, code,
163 type, GSS_C_NULL_OID,
164 &msg_ctx, &msg);
165 fprintf(stderr, "GSS-API error %s: %s\n", m,
166 (char *)msg.value);
167 (void) gss_release_buffer(&min_stat, &msg);
168
169 if (!msg_ctx)
170 break;
171 }
172 }
173
174 static krb5_context context; /* XXX yuck. the signal handlers need this */
175
176 in_port_t l_port = 0; /* global local port num, for BSM audits */
177
178 int
179 main(int argc, char *argv[])
180 {
181 void kadm_1(struct svc_req *, SVCXPRT *);
182 SVCXPRT *transp;
183 extern char *optarg;
184 extern int optind, opterr;
185 int ret, rlen, nofork, oldnames = 0;
186 OM_uint32 OMret, major_status, minor_status;
187 char *whoami;
188 FILE *acl_file;
189 gss_buffer_desc in_buf;
190 struct servent *srv;
191 struct sockaddr_in addr;
192 struct sockaddr_in *sin;
193 int s;
194 int optchar;
195 struct netconfig *nconf;
196 void *handlep;
197 int fd;
198 struct t_info tinfo;
199 struct t_bind tbindstr, *tres;
200
201 struct t_optmgmt req, resp;
202 struct opthdr *opt;
203 char reqbuf[128];
204 int *ip;
205 struct rlimit rl;
206
207 kadm5_server_handle_t handle;
208 krb5_context ctx;
209 kadm5_config_params params;
210 auth_gssapi_name names[6];
211 gss_buffer_desc gssbuf;
212 gss_OID nt_krb5_name_oid;
213
214 int allowed;
215
216 /* This is OID value the Krb5_Name NameType */
217 gssbuf.value = "{1 2 840 113554 1 2 2 1}";
218 gssbuf.length = strlen(gssbuf.value);
219 major_status = gss_str_to_oid(&minor_status, &gssbuf,
220 &nt_krb5_name_oid);
221 if (major_status != GSS_S_COMPLETE) {
222 fprintf(stderr,
223 gettext("Couldn't create KRB5 Name NameType OID\n"));
224 display_status("str_to_oid", major_status, minor_status);
225 exit(1);
226 }
227
228 names[0].name = names[1].name = names[2].name =
529 exit(1);
530 }
531 transp = svc_tli_create(fd, nconf, NULL, 0, 0);
532 (void) t_free((char *) tres, T_BIND);
533 if (transp == NULL) {
534 fprintf(stderr, gettext("%s: Cannot create RPC service.\n"),
535 whoami);
536 krb5_klog_syslog(LOG_ERR, gettext("Cannot create RPC service: %m"));
537 krb5_klog_close(context);
538 exit(1);
539 }
540 if (!svc_register(transp, KADM, KADMVERS, kadm_1, 0)) {
541 fprintf(stderr,
542 gettext("%s: Cannot register RPC service.\n"), whoami);
543 krb5_klog_syslog(LOG_ERR,
544 gettext("Cannot register RPC service, failing."));
545 krb5_klog_close(context);
546 exit(1);
547 }
548
549 (void) kadm5_get_adm_host_srv_name(context,
550 params.realm, &names[0].name);
551 (void) kadm5_get_cpw_host_srv_name(context,
552 params.realm, &names[1].name);
553 names[2].name = KADM5_ADMIN_SERVICE_P;
554 names[3].name = KADM5_CHANGEPW_SERVICE_P;
555 names[4].name = OVSEC_KADM_ADMIN_SERVICE_P;
556 names[5].name = OVSEC_KADM_CHANGEPW_SERVICE_P;
557
558 if (names[0].name == NULL || names[1].name == NULL ||
559 names[2].name == NULL || names[3].name == NULL ||
560 names[4].name == NULL || names[5].name == NULL) {
561 krb5_klog_syslog(LOG_ERR,
562 gettext("Cannot initialize GSS-API authentication, "
563 "failing."));
564 fprintf(stderr,
565 gettext("%s: Cannot initialize "
566 "GSS-API authentication.\n"),
567 whoami);
568 krb5_klog_close(context);
569 exit(1);
570 }
571 /*
572 * XXX krb5_defkeyname is an internal library global and should go
573 * away
574 */
575 krb5_overridekeyname = params.admin_keytab;
576
577 /*
578 * Try to acquire creds for the old OV services as well as the new
579 * names, but if that fails just fall back on the new names.
580 */
581
582 if (rpc_gss_set_svc_name(names[5].name,
583 "kerberos_v5", 0, KADM, KADMVERS) &&
584 rpc_gss_set_svc_name(names[4].name,
585 "kerberos_v5", 0, KADM, KADMVERS))
586 oldnames++;
587 if (rpc_gss_set_svc_name(names[3].name,
588 "kerberos_v5", 0, KADM, KADMVERS))
589 oldnames++;
590 if (rpc_gss_set_svc_name(names[2].name,
591 "kerberos_v5", 0, KADM, KADMVERS))
592 oldnames++;
593 if (rpc_gss_set_svc_name(names[0].name,
594 "kerberos_v5", 0, KADM, KADMVERS))
595 oldnames++;
627 krb5_klog_close(context);
628 exit(1);
629 }
630 if ((ret = kadm5_init("kadmind", NULL,
631 NULL, ¶ms,
632 KADM5_STRUCT_VERSION,
633 KADM5_API_VERSION_2,
634 &global_server_handle)) != KADM5_OK) {
635 krb5_klog_syslog(LOG_ERR,
636 gettext("%s while initializing, aborting"),
637 error_message(ret));
638 fprintf(stderr,
639 gettext("%s: %s while initializing, aborting\n"),
640 whoami, error_message(ret));
641 krb5_klog_close(context);
642 exit(1);
643 }
644
645 handle = global_server_handle;
646 ctx = handle->context;
647
648 krb5_klog_syslog(LOG_INFO, gettext("starting"));
649
650 /*
651 * We now call our own customized async event processing
652 * function kadm_svc_run(), as opposed to svc_run() earlier,
653 * since this enables kadmind to also listen-to/process
654 * non-RPCSEC_GSS based change-pwd requests apart from the
655 * regular, RPCSEC_GSS kpasswd requests from Solaris Krb5 clients.
656 */
657 kadm_svc_run();
658
659 krb5_klog_syslog(LOG_INFO, gettext("finished, exiting"));
660 kadm5_destroy(global_server_handle);
661 t_close(fd);
662 krb5_klog_close(context);
663 exit(0);
664 }
665
666
667 /*
668 * Function: kadm_svc_run
669 *
722 &chgpw_params);
723 else
724 svc_getreq_poll(rfd, pollret);
725 break;
726 } else {
727 if (i == (nfds - 1))
728 perror("poll");
729 }
730 }
731 break;
732 }
733 }
734 }
735
736
737 /*
738 * Function: setup_signal_handlers
739 *
740 * Purpose: Setup signal handling functions with System V's signal().
741 */
742 void setup_signal_handlers() {
743 signal(SIGINT, sig_exit);
744 signal(SIGTERM, sig_exit);
745 signal(SIGQUIT, sig_exit);
746 signal(SIGPIPE, sig_pipe);
747 return;
748 }
749
750
751 /*
752 * Function: sig_exit
753 *
754 * Purpose: sets flags saying the server got a signal and that it
755 * should exit when convenient.
756 *
757 * Effects:
758 * Modifies signal_request_exit which ideally makes the server exit
759 * at some point.
760 *
761 * Modifies:
762 * Signal_request_exit
763 */
764 void sig_exit(int signum)
765 {
766 krb5_klog_syslog(LOG_NOTICE, gettext("Got signal to request exit"));
|
1 /*
2 * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
3 * Use is subject to license terms.
4 */
5
6 #pragma ident "@(#)ovsec_kadmd.c 1.8 04/05/24 SMI"
7
8 /*
9 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
10 *
11 * Openvision retains the copyright to derivative works of
12 * this source code. Do *NOT* create a derivative of this
13 * source code before consulting with your legal department.
14 * Do *NOT* integrate *ANY* of this source code into another
15 * product before consulting with your legal department.
16 *
17 * For further information, read the top-level Openvision
18 * copyright which is contained in the top-level MIT Kerberos
19 * copyright.
20 *
21 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
22 *
23 */
24
25
26 /*
37 #include <syslog.h>
38 #include <sys/types.h>
39 #include <sys/time.h>
40 #include <sys/socket.h>
41 #include <unistd.h>
42 #include <netinet/in.h>
43 #include <arpa/inet.h> /* inet_ntoa */
44 #include <netdb.h>
45 #include <gssapi/gssapi.h>
46 #include <rpc/rpc.h>
47 #include <kadm5/admin.h>
48 #include <kadm5/kadm_rpc.h>
49 #include <kadm5/server_internal.h>
50 #include <server_acl.h>
51 #include <krb5/adm_proto.h>
52 #include <string.h>
53 #include <gssapi_krb5.h>
54 #include <libintl.h>
55 #include <locale.h>
56 #include <sys/resource.h>
57 #include <kdb/kdb_log.h>
58
59 #include <rpc/rpcsec_gss.h>
60
61 #ifndef FD_SETSIZE
62 #define FD_SETSIZE 256
63 #endif
64
65 #ifndef MAX
66 #define MAX(a, b) (((a) > (b)) ? (a) : (b))
67 #endif
68
69 static int signal_request_exit = 0;
70 static int schpw;
71 kadm5_config_params chgpw_params;
72 void kadm_svc_run(void);
73 void setup_signal_handlers(iprop_role iproprole);
74 void sig_exit(int);
75 void sig_pipe(int);
76
77 #ifdef POSIX_SIGNALS
78 static struct sigaction s_action;
79 #endif /* POSIX_SIGNALS */
80
81 #define TIMEOUT 15
82
83 typedef struct _auth_gssapi_name {
84 char *name;
85 gss_OID type;
86 } auth_gssapi_name;
87
88 gss_name_t gss_changepw_name = NULL, gss_oldchangepw_name = NULL;
89 void *global_server_handle;
90
91 /*
92 * This is a kludge, but the server needs these constants to be
93 * compatible with old clients. They are defined in <kadm5/admin.h>,
94 * but only if USE_KADM5_API_VERSION == 1.
95 */
96 #define OVSEC_KADM_ADMIN_SERVICE_P "ovsec_adm@admin"
97 #define OVSEC_KADM_CHANGEPW_SERVICE_P "ovsec_adm@changepw"
98
99 /*
100 * This enables us to set the keytab that gss_acquire_cred uses, but
101 * it also restricts us to linking against the Kv5 GSS-API library.
102 * Since this is *k*admind, that shouldn't be a problem.
103 */
104 extern char *krb5_overridekeyname;
105
106 extern void krb5_iprop_prog_1();
107 extern kadm5_ret_t kiprop_get_adm_host_srv_name(
108 krb5_context,
109 const char *,
110 char **);
111
112 /*
113 * Function: usage
114 *
115 * Purpose: print out the server usage message
116 *
117 * Arguments:
118 * Requires:
119 * Effects:
120 * Modifies:
121 */
122
123 void
124 usage()
125 {
126 fprintf(stderr, gettext("Usage: kadmind [-r realm] [-m] [-d] "
127 "[-p port-number]\n"));
128 exit(1);
129 }
130
166 OM_uint32 msg_ctx;
167
168 msg_ctx = 0;
169 while (1) {
170 maj_stat = gss_display_status(&min_stat, code,
171 type, GSS_C_NULL_OID,
172 &msg_ctx, &msg);
173 fprintf(stderr, "GSS-API error %s: %s\n", m,
174 (char *)msg.value);
175 (void) gss_release_buffer(&min_stat, &msg);
176
177 if (!msg_ctx)
178 break;
179 }
180 }
181
182 static krb5_context context; /* XXX yuck. the signal handlers need this */
183
184 in_port_t l_port = 0; /* global local port num, for BSM audits */
185
186 int nofork = 0; /* global; don't fork (debug mode) */
187
188 int
189 main(int argc, char *argv[])
190 {
191 void kadm_1(struct svc_req *, SVCXPRT *);
192 SVCXPRT *transp;
193 extern char *optarg;
194 extern int optind, opterr;
195 int ret, rlen, oldnames = 0;
196 OM_uint32 OMret, major_status, minor_status;
197 char *whoami;
198 FILE *acl_file;
199 gss_buffer_desc in_buf;
200 struct servent *srv;
201 struct sockaddr_in addr;
202 struct sockaddr_in *sin;
203 int s;
204 int optchar;
205 struct netconfig *nconf;
206 void *handlep;
207 int fd;
208 struct t_info tinfo;
209 struct t_bind tbindstr, *tres;
210
211 struct t_optmgmt req, resp;
212 struct opthdr *opt;
213 char reqbuf[128];
214 int *ip;
215 struct rlimit rl;
216
217 char *kiprop_name = NULL; /* IProp svc name */
218 kdb_log_context *log_ctx;
219 kadm5_server_handle_t handle;
220 krb5_context ctx;
221
222 kadm5_config_params params;
223 auth_gssapi_name names[6];
224 gss_buffer_desc gssbuf;
225 gss_OID nt_krb5_name_oid;
226
227 int allowed;
228
229 /* This is OID value the Krb5_Name NameType */
230 gssbuf.value = "{1 2 840 113554 1 2 2 1}";
231 gssbuf.length = strlen(gssbuf.value);
232 major_status = gss_str_to_oid(&minor_status, &gssbuf,
233 &nt_krb5_name_oid);
234 if (major_status != GSS_S_COMPLETE) {
235 fprintf(stderr,
236 gettext("Couldn't create KRB5 Name NameType OID\n"));
237 display_status("str_to_oid", major_status, minor_status);
238 exit(1);
239 }
240
241 names[0].name = names[1].name = names[2].name =
542 exit(1);
543 }
544 transp = svc_tli_create(fd, nconf, NULL, 0, 0);
545 (void) t_free((char *) tres, T_BIND);
546 if (transp == NULL) {
547 fprintf(stderr, gettext("%s: Cannot create RPC service.\n"),
548 whoami);
549 krb5_klog_syslog(LOG_ERR, gettext("Cannot create RPC service: %m"));
550 krb5_klog_close(context);
551 exit(1);
552 }
553 if (!svc_register(transp, KADM, KADMVERS, kadm_1, 0)) {
554 fprintf(stderr,
555 gettext("%s: Cannot register RPC service.\n"), whoami);
556 krb5_klog_syslog(LOG_ERR,
557 gettext("Cannot register RPC service, failing."));
558 krb5_klog_close(context);
559 exit(1);
560 }
561
562 /*
563 * XXX krb5_defkeyname is an internal library global and should go
564 * away
565 */
566 krb5_overridekeyname = params.admin_keytab;
567
568 (void) kadm5_get_adm_host_srv_name(context,
569 params.realm, &names[0].name);
570 (void) kadm5_get_cpw_host_srv_name(context,
571 params.realm, &names[1].name);
572 names[2].name = KADM5_ADMIN_SERVICE_P;
573 names[3].name = KADM5_CHANGEPW_SERVICE_P;
574 names[4].name = OVSEC_KADM_ADMIN_SERVICE_P;
575 names[5].name = OVSEC_KADM_CHANGEPW_SERVICE_P;
576
577 if (names[0].name == NULL || names[1].name == NULL ||
578 names[2].name == NULL || names[3].name == NULL ||
579 names[4].name == NULL || names[5].name == NULL) {
580 krb5_klog_syslog(LOG_ERR,
581 gettext("Cannot initialize GSS-API authentication, "
582 "failing."));
583 fprintf(stderr,
584 gettext("%s: Cannot initialize "
585 "GSS-API authentication.\n"),
586 whoami);
587 krb5_klog_close(context);
588 exit(1);
589 }
590
591 /*
592 * Try to acquire creds for the old OV services as well as the new
593 * names, but if that fails just fall back on the new names.
594 */
595
596 if (rpc_gss_set_svc_name(names[5].name,
597 "kerberos_v5", 0, KADM, KADMVERS) &&
598 rpc_gss_set_svc_name(names[4].name,
599 "kerberos_v5", 0, KADM, KADMVERS))
600 oldnames++;
601 if (rpc_gss_set_svc_name(names[3].name,
602 "kerberos_v5", 0, KADM, KADMVERS))
603 oldnames++;
604 if (rpc_gss_set_svc_name(names[2].name,
605 "kerberos_v5", 0, KADM, KADMVERS))
606 oldnames++;
607 if (rpc_gss_set_svc_name(names[0].name,
608 "kerberos_v5", 0, KADM, KADMVERS))
609 oldnames++;
641 krb5_klog_close(context);
642 exit(1);
643 }
644 if ((ret = kadm5_init("kadmind", NULL,
645 NULL, ¶ms,
646 KADM5_STRUCT_VERSION,
647 KADM5_API_VERSION_2,
648 &global_server_handle)) != KADM5_OK) {
649 krb5_klog_syslog(LOG_ERR,
650 gettext("%s while initializing, aborting"),
651 error_message(ret));
652 fprintf(stderr,
653 gettext("%s: %s while initializing, aborting\n"),
654 whoami, error_message(ret));
655 krb5_klog_close(context);
656 exit(1);
657 }
658
659 handle = global_server_handle;
660 ctx = handle->context;
661 if (params.iprop_enabled == TRUE)
662 ulog_set_role(ctx, IPROP_MASTER);
663 else
664 ulog_set_role(ctx, IPROP_NULL);
665
666 log_ctx = ctx->kdblog_context;
667
668 if (log_ctx && (log_ctx->iproprole == IPROP_MASTER)) {
669 /*
670 * IProp is enabled, so let's map in the update log
671 * and setup the service.
672 */
673 if (ret = ulog_map(ctx, ¶ms, FKADMIND)) {
674 fprintf(stderr,
675 gettext("%s: %s while mapping update log "
676 "(`%s.ulog')\n"), whoami, error_message(ret),
677 params.dbname);
678 krb5_klog_syslog(LOG_ERR,
679 gettext("%s while mapping update log "
680 "(`%s.ulog')"), error_message(ret),
681 params.dbname);
682 krb5_klog_close(ctx);
683 exit(1);
684 }
685
686
687 if (nofork)
688 fprintf(stderr,
689 "%s: create IPROP svc (PROG=%d, VERS=%d)\n",
690 whoami, KRB5_IPROP_PROG, KRB5_IPROP_VERS);
691
692 if (!svc_create(krb5_iprop_prog_1,
693 KRB5_IPROP_PROG, KRB5_IPROP_VERS,
694 "circuit_v")) {
695 fprintf(stderr,
696 gettext("%s: Cannot create IProp RPC service (PROG=%d, VERS=%d)\n"),
697 whoami,
698 KRB5_IPROP_PROG, KRB5_IPROP_VERS);
699 krb5_klog_syslog(LOG_ERR,
700 gettext("Cannot create IProp RPC service (PROG=%d, VERS=%d), failing."),
701 KRB5_IPROP_PROG, KRB5_IPROP_VERS);
702 krb5_klog_close(ctx);
703 exit(1);
704 }
705
706 if (ret = kiprop_get_adm_host_srv_name(ctx,
707 params.realm,
708 &kiprop_name)) {
709 krb5_klog_syslog(LOG_ERR,
710 gettext("%s while getting IProp svc name, failing"),
711 error_message(ret));
712 fprintf(stderr,
713 gettext("%s: %s while getting IProp svc name, failing\n"),
714 whoami, error_message(ret));
715 krb5_klog_close(ctx);
716 exit(1);
717 }
718
719 if (!rpc_gss_set_svc_name(kiprop_name, "kerberos_v5", 0,
720 KRB5_IPROP_PROG, KRB5_IPROP_VERS)) {
721 rpc_gss_error_t err;
722 (void) rpc_gss_get_error(&err);
723
724 krb5_klog_syslog(LOG_ERR,
725 gettext("Unable to set RPCSEC_GSS service name (`%s'), failing."),
726 kiprop_name ? kiprop_name : "<null>");
727
728 fprintf(stderr,
729 gettext("%s: Unable to set RPCSEC_GSS service name (`%s'), failing.\n"),
730 whoami,
731 kiprop_name ? kiprop_name : "<null>");
732
733 if (nofork) {
734 fprintf(stderr,
735 "%s: set svc name (rpcsec err=%d, sys err=%d)\n",
736 whoami,
737 err.rpc_gss_error,
738 err.system_error);
739 }
740
741 exit(1);
742 }
743 free(kiprop_name);
744 }
745
746 setup_signal_handlers(log_ctx->iproprole);
747 krb5_klog_syslog(LOG_INFO, gettext("starting"));
748 if (nofork)
749 fprintf(stderr, "%s: starting...\n", whoami);
750
751
752 /*
753 * We now call our own customized async event processing
754 * function kadm_svc_run(), as opposed to svc_run() earlier,
755 * since this enables kadmind to also listen-to/process
756 * non-RPCSEC_GSS based change-pwd requests apart from the
757 * regular, RPCSEC_GSS kpasswd requests from Solaris Krb5 clients.
758 */
759 kadm_svc_run();
760
761 krb5_klog_syslog(LOG_INFO, gettext("finished, exiting"));
762 kadm5_destroy(global_server_handle);
763 t_close(fd);
764 krb5_klog_close(context);
765 exit(0);
766 }
767
768
769 /*
770 * Function: kadm_svc_run
771 *
824 &chgpw_params);
825 else
826 svc_getreq_poll(rfd, pollret);
827 break;
828 } else {
829 if (i == (nfds - 1))
830 perror("poll");
831 }
832 }
833 break;
834 }
835 }
836 }
837
838
839 /*
840 * Function: setup_signal_handlers
841 *
842 * Purpose: Setup signal handling functions with System V's signal().
843 */
844 void setup_signal_handlers(iprop_role iproprole) {
845 signal(SIGINT, sig_exit);
846 signal(SIGTERM, sig_exit);
847 signal(SIGQUIT, sig_exit);
848 signal(SIGPIPE, sig_pipe);
849
850 /*
851 * IProp will fork for a full-resync, we don't want to
852 * wait on it and we don't want the living dead procs either.
853 */
854 if (iproprole == IPROP_MASTER)
855 (void) signal(SIGCHLD, SIG_IGN);
856
857 return;
858 }
859
860
861 /*
862 * Function: sig_exit
863 *
864 * Purpose: sets flags saying the server got a signal and that it
865 * should exit when convenient.
866 *
867 * Effects:
868 * Modifies signal_request_exit which ideally makes the server exit
869 * at some point.
870 *
871 * Modifies:
872 * Signal_request_exit
873 */
874 void sig_exit(int signum)
875 {
876 krb5_klog_syslog(LOG_NOTICE, gettext("Got signal to request exit"));
|