Received: from brmea-mail-1.sun.com (brmea-mail-1.Sun.COM [192.18.98.31]) by krbdev.mit.edu (8.12.9) with ESMTP id m68Ltjo4029702; Tue, 8 Jul 2008 17:55:45 -0400 (EDT)
Received: from dm-central-02.central.sun.com ([129.147.62.5]) by brmea-mail-1.sun.com (8.13.6+Sun/8.12.9) with ESMTP id m68LtiL5010304 for <rt@krbdev.mit.edu>; Tue, 8 Jul 2008 21:55:44 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-02.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL,v2.2) with ESMTP id m68LtioQ027010 for <rt@krbdev.mit.edu>; Tue, 8 Jul 2008 15:55:44 -0600 (MDT)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.1+Sun/8.14.1) with ESMTP id m68LthJY014464 for <rt@krbdev.mit.edu>; Tue, 8 Jul 2008 16:55:43 -0500 (CDT)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.1+Sun/8.14.1/Submit) id m68Lthws014463 for rt@krbdev.mit.edu; Tue, 8 Jul 2008 16:55:43 -0500 (CDT)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f
Date: Tue, 8 Jul 2008 16:55:43 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #6019] Add signal to force KDC to check for changed interfaces
Message-ID: <20080708215543.GQ2735@Sun.COM>
Mail-Followup-To: rt@krbdev.mit.edu
References: <rt-6019-27320.1.65585895025551@krbdev.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <rt-6019-27320.1.65585895025551@krbdev.mit.edu>
User-Agent: Mutt/1.5.7i
RT-Send-Cc: 
X-RT-Original-Encoding: us-ascii
Content-Length: 6378

Or use a PF_ROUTE socket?

On Mon, Jul 07, 2008 at 04:19:32PM -0400, Alexandra Ellwood via RT wrote:
> diff -uNr -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/extern.c Kerberos/KerberosFramework/Kerberos5/Sources/kdc/extern.c
> --- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/extern.c	2006-11-16 14:54:22.000000000 -0800
> +++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/extern.c	2006-11-16 19:02:36.000000000 -0800
> @@ -40,3 +40,4 @@
>  
>  volatile int signal_requests_exit = 0;	/* gets set when signal hits */
>  volatile int signal_requests_hup = 0;   /* ditto */
> +volatile int signal_requests_network = 0;   /* ditto (SIGUSR1) */
> diff -uNr -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/extern.h Kerberos/KerberosFramework/Kerberos5/Sources/kdc/extern.h
> --- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/extern.h	2006-11-16 14:54:22.000000000 -0800
> +++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/extern.h	2006-11-16 19:02:36.000000000 -0800
> @@ -96,4 +96,5 @@
>  
>  extern volatile int signal_requests_exit;
>  extern volatile int signal_requests_hup;
> +extern volatile int signal_requests_network;
>  #endif /* __KRB5_KDC_EXTERN__ */
> diff -uNr -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/main.c Kerberos/KerberosFramework/Kerberos5/Sources/kdc/main.c
> --- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/main.c	2006-11-16 14:54:22.000000000 -0800
> +++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/main.c	2006-11-16 19:12:43.000000000 -0800
> @@ -56,6 +56,7 @@
>  
>  krb5_sigtype request_exit (int);
>  krb5_sigtype request_hup  (int);
> +krb5_sigtype request_network  (int);
>  
>  void setup_signal_handlers (void);
>  
> @@ -371,6 +372,18 @@
>  #endif
>  }
>  
> +krb5_sigtype
> +request_network(int signo)
> +{
> +    signal_requests_network = 1;
> +
> +#ifdef POSIX_SIGTYPE
> +    return;
> +#else
> +    return(0);
> +#endif
> +}
> +
>  void
>  setup_signal_handlers(void)
>  {
> @@ -382,12 +395,15 @@
>      (void) sigaction(SIGTERM, &s_action, (struct sigaction *) NULL);
>      s_action.sa_handler = request_hup;
>      (void) sigaction(SIGHUP, &s_action, (struct sigaction *) NULL);
> +    s_action.sa_handler = request_network;
> +    (void) sigaction(SIGUSR1, &s_action, (struct sigaction *) NULL);
>      s_action.sa_handler = SIG_IGN;
>      (void) sigaction(SIGPIPE, &s_action, (struct sigaction *) NULL);
>  #else  /* POSIX_SIGNALS */
>      signal(SIGINT, request_exit);
>      signal(SIGTERM, request_exit);
>      signal(SIGHUP, request_hup);
> +    signal(SIGUSR1, request_network);
>      signal(SIGPIPE, SIG_IGN);
>  #endif /* POSIX_SIGNALS */
>  
> diff -uNr -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/network.c Kerberos/KerberosFramework/Kerberos5/Sources/kdc/network.c
> --- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/network.c	2006-11-16 14:54:22.000000000 -0800
> +++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/network.c	2006-11-16 19:02:36.000000000 -0800
> @@ -207,7 +207,7 @@
>    (set.data[idx] = set.data[--set.n], 0)
>  
>  #define FREE_SET_DATA(set) if(set.data) free(set.data);                 \
> -   (set.data = 0, set.max = 0)
> +   (set.data = 0, set.max = 0, set.n = 0)
>  
>  
>  /* Set<struct connection *> connections; */
> @@ -222,6 +222,8 @@
>  
>  static struct select_state sstate;
>  
> +static int getcurtime (struct timeval *tvp);
> +
>  static krb5_error_code add_udp_port(int port)
>  {
>      int	i;
> @@ -1066,17 +1068,42 @@
>         that junk on the stack.  */
>      static struct select_state sout;
>      int			i, sret;
> +    int			netchanged; 
>      krb5_error_code	err;
>  
> -    if (conns == (struct connection **) NULL)
> -	return KDC5_NONET;
> -    
> +    netchanged = 0;
> +    if (conns == (struct connection **) NULL){
> +       sleep(30);
> +       err = setup_network(prog);
> +       if (conns == (struct connection **) NULL)
> +                       return KDC5_NONET;
> +               if (err){
> +                       com_err(prog, err,"while initalizing the network");
> +                       return err;
> +               }
> +     }   
> + 
>      while (!signal_requests_exit) {
>  	if (signal_requests_hup) {
>  	    krb5_klog_reopen(kdc_context);
>  	    signal_requests_hup = 0;
>  	}
> -	sstate.end_time.tv_sec = sstate.end_time.tv_usec = 0;
> +
> +
> +       if (signal_requests_network) {
> +               com_err(prog, EINTR, "signal_requests_network recieved");
> +               err = getcurtime(&(sstate.end_time));
> +               if(err) {
> +                       com_err(prog, err, "while getting the time");
> +                       continue;
> +               }
> +               sstate.end_time.tv_sec += 3;
> +               netchanged = 1;
> +       } else {
> +               sstate.end_time.tv_sec = sstate.end_time.tv_usec = 0;
> +       }
> +
> +
>  	err = krb5int_cm_call_select(&sstate, &sout, &sret);
>  	if (err) {
>  	    com_err(prog, err, "while selecting for network input(1)");
> @@ -1087,6 +1114,17 @@
>  		com_err(prog, errno, "while selecting for network input(2)");
>  	    continue;
>  	}
> +	if(netchanged && (sret == 0)) {
> +               signal_requests_network = 0;
> +               (void)closedown_network(prog);
> +               err = setup_network(prog);
> +               if(err) {
> +                       com_err(prog, err, "while re-initializing network");
> +                       return err;
> +               }
> +               netchanged = 0;
> +       }
> +
>  	nfound = sret;
>  	for (i=0; i<n_sockets && nfound > 0; i++) {
>  	    int sflags = 0;
> @@ -1129,4 +1167,24 @@
>      return 0;
>  }
>  
> +// stolen from sendto_kdc.c
> +static int getcurtime (struct timeval *tvp)
> +{
> +#ifdef _WIN32
> +    struct _timeb tb;
> +    _ftime(&tb);
> +    tvp->tv_sec = tb.time;
> +    tvp->tv_usec = tb.millitm * 1000;
> +    /* Can _ftime fail?  */
> +    return 0;
> +#else
> +    if (gettimeofday(tvp, 0)) {
> +      //dperror("gettimeofday");
> +      return errno;
> +    }
> +    return 0;
> +#endif
> +}
> +
> +
>  #endif /* INET */
> 
> _______________________________________________
> krb5-bugs mailing list
> krb5-bugs@mit.edu
> https://mailman.mit.edu/mailman/listinfo/krb5-bugs