5 files changed, 155 insertions, 2 deletions
diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h
index b2d05ad..cdf2f4d 100644
--- a/src/lib/kadm5/admin.h
+++ b/src/lib/kadm5/admin.h
@@ -283,6 +283,8 @@ typedef struct __krb5_realm_params {
     char *		realm_kdc_ports;
     char *		realm_kdc_tcp_ports;
     char *		realm_acl_file;
+    char *              realm_host_based_services;
+    char *              realm_no_host_referral;
     krb5_int32		realm_kadmind_port;
     krb5_enctype	realm_enctype;
     krb5_deltat		realm_max_life;
diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c
index 45f748d..477866b 100644
--- a/src/lib/kadm5/alt_prof.c
+++ b/src/lib/kadm5/alt_prof.c
@@ -1,7 +1,7 @@
 /*
  * lib/kadm/alt_prof.c
  *
- * Copyright 1995,2001,2008 by the Massachusetts Institute of Technology.
+ * Copyright 1995,2001,2008,2009 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -274,6 +274,59 @@ krb5_aprof_get_string(acontext, hierarchy, uselast, stringp)
 }
 
 /*
+ * krb5_aprof_get_string_all()	- When the attr identified by "hierarchy" is specified multiple times, 
+ *                                collect all its string values from the alternate  profile. 
+ *
+ * Parameters:
+ *	acontext		- opaque context for alternate profile.
+ *	hierarchy		- hierarchy of value to retrieve.
+ *	stringp			- Returned string value.
+ *
+ * Returns:
+ * 	error codes from profile_get_values() or ENOMEM
+ * 	Caller is responsible for deallocating stringp buffer
+ */
+krb5_error_code
+krb5_aprof_get_string_all(acontext, hierarchy, stringp)
+    krb5_pointer  	acontext;
+    const char    	**hierarchy;
+    char                **stringp;
+{
+    krb5_error_code     kret=0;
+    char                **values;
+    int                 lastidx;
+    char                *tmp;
+    size_t             buf_size=0; 
+ 
+    if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) {
+        for (lastidx=0; values[lastidx]; lastidx++);
+        lastidx--;
+         
+        buf_size = strlen(values[0])+2;
+        for (lastidx=1; values[lastidx]; lastidx++){
+            buf_size += strlen(values[lastidx]+1);
+         }
+    }
+    if (buf_size > 0) {
+        *stringp = calloc(1,buf_size);
+        if (stringp == NULL){
+  	    profile_free_list(values);
+            return ENOMEM;
+        }
+        tmp=*stringp;
+        strcpy(tmp,values[0]);
+        for (lastidx=1; values[lastidx]; lastidx++){
+            tmp = strcat(tmp, " ");
+            tmp = strcat(tmp, values[lastidx]);
+         }
+        /* Free the string storage */
+        profile_free_list(values);
+    }
+    return(kret);
+} 
+
+
+/*
  * krb5_aprof_get_int32()	- Get a 32-bit integer value from the alternate
  *				  profile.
  *
@@ -866,6 +919,10 @@ krb5_read_realm_params(kcontext, realm, rparamp)
 
     char		*kdcprofile = 0;
     char		*kdcenv = 0;
+    char                *no_refrls = 0;
+    char                *host_based_srvcs = 0;
+         
+
 
     krb5_error_code	kret;
 
@@ -971,6 +1028,26 @@ krb5_read_realm_params(kcontext, realm, rparamp)
 	rparams->realm_reject_bad_transit_valid = 1;
     }
 
+        hierarchy[2] = "no_host_referral";
+        if (!krb5_aprof_get_string_all(aprofile, hierarchy, &no_refrls)) {
+         
+            if (strchr(no_refrls, '*'))
+                no_refrls = strdup("*");
+            rparams->realm_no_host_referral = no_refrls;
+        } else
+            no_refrls = 0;
+
+  	if (no_refrls == 0 || strlen(no_refrls) == 0 || strncmp(no_refrls, "*",1) != 0) {
+            hierarchy[2] = "host_based_services";
+  	    if (!krb5_aprof_get_string_all(aprofile, hierarchy, &host_based_srvcs)){
+                if (strchr(host_based_srvcs, '*'))
+                    host_based_srvcs = strdup("*");
+                rparams->realm_host_based_services = host_based_srvcs;
+            } else
+                host_based_srvcs = 0;
+        }
+
+
     /* Get the value for the default principal flags */
     hierarchy[2] = "default_principal_flags";
     if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
@@ -1039,6 +1116,8 @@ krb5_free_realm_params(kcontext, rparams)
 	krb5_xfree(rparams->realm_kdc_ports);
 	krb5_xfree(rparams->realm_kdc_tcp_ports);
 	krb5_xfree(rparams->realm_acl_file);
+	krb5_xfree(rparams->realm_no_host_referral);
+	krb5_xfree(rparams->realm_host_based_services);
 	krb5_xfree(rparams);
     }
     return(0);
diff --git a/src/lib/kadm5/srv/libkadm5srv.exports b/src/lib/kadm5/srv/libkadm5srv.exports
index 1205580..d0a45ba 100644
--- a/src/lib/kadm5/srv/libkadm5srv.exports
+++ b/src/lib/kadm5/srv/libkadm5srv.exports
@@ -67,6 +67,7 @@ krb5_aprof_get_boolean
 krb5_aprof_get_deltat
 krb5_aprof_get_int32
 krb5_aprof_get_string
+krb5_aprof_get_string_all
 krb5_aprof_getvals
 krb5_aprof_init
 krb5_copy_key_data_contents
diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports
index 4a6581f..9651f30 100644
--- a/src/lib/krb5/libkrb5.exports
+++ b/src/lib/krb5/libkrb5.exports
@@ -362,6 +362,7 @@ krb5_os_free_context
 krb5_os_hostaddr
 krb5_os_init_context
 krb5_os_localaddr
+krb5int_get_domain_realm_mapping
 krb5_overridekeyname
 krb5_pac_add_buffer
 krb5_pac_free
diff --git a/src/lib/krb5/os/def_realm.c b/src/lib/krb5/os/def_realm.c
index 13a025d..327a63c 100644
--- a/src/lib/krb5/os/def_realm.c
+++ b/src/lib/krb5/os/def_realm.c
@@ -1,7 +1,7 @@
 /*
  * lib/krb5/os/def_realm.c
  *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2009 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -187,3 +187,73 @@ krb5_free_default_realm(krb5_context context, char *lrealm)
 {
 	free (lrealm);
 }
+krb5_error_code
+krb5int_get_domain_realm_mapping(krb5_context context, const char *host, char ***realmsp)
+{
+    char **retrealms;
+    char *realm, *cp, *temp_realm;
+    krb5_error_code retval;
+    char temp_host[MAX_DNS_NAMELEN+1];
+
+#ifdef DEBUG_REFERRALS
+    printf("krb5int_get_domain_realm_mapping(host:%s) called\n",host);
+#endif
+    /* do sanity check and lower-case */
+    retval = krb5int_clean_hostname(context, host, temp_host, sizeof temp_host);
+    if (retval)
+        return retval;
+    /*
+       Search for the best match for the host or domain.
+       Example: Given a host a.b.c.d, try to match on:
+         1) a.b.c.d  2) .b.c.d.   3) b.c.d  4)  .c.d  5) c.d  6) .d   7) d
+     */
+
+    cp = temp_host;
+    realm = (char *)NULL;
+    temp_realm = 0;
+    while (cp ) {
+#ifdef DEBUG_REFERRALS
+        printf("  trying to look up %s in the domain_realm map\n",cp);
+#endif
+  	retval = profile_get_string(context->profile, "domain_realm", cp,
+                                    0, (char *)NULL, &temp_realm);
+        if (retval)
+            return retval;
+        if (temp_realm != (char *)NULL)
+            break;	/* Match found */
+ 
+        /* Setup for another test */
+        if (*cp == '.') {
+            cp++;
+        } else {
+            cp = strchr(cp, '.');
+        }
+    }
+#ifdef DEBUG_REFERRALS
+    printf("  done searching the domain_realm map\n");
+#endif
+    if (temp_realm!=(char*)NULL) {
+#ifdef DEBUG_REFERRALS
+       printf("  temp_realm is %s\n",temp_realm);
+#endif
+        realm = strdup(temp_realm);
+        profile_release_string(temp_realm);
+        if (!realm) {
+            return ENOMEM;
+        }
+    }
+    if (!(retrealms = (char **)calloc(2, sizeof(*retrealms)))) {
+        if (realm != (char *)NULL)
+            free(realm);
+        return ENOMEM;
+    }
+
+    retrealms[0] = realm;
+    retrealms[1] = 0;
+
+    *realmsp = retrealms;
+
+    return 0;
+}
+
+