diff options
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/kadm5/admin.h | 2 | ||||
-rw-r--r-- | src/lib/kadm5/alt_prof.c | 81 | ||||
-rw-r--r-- | src/lib/kadm5/srv/libkadm5srv.exports | 1 | ||||
-rw-r--r-- | src/lib/krb5/libkrb5.exports | 1 | ||||
-rw-r--r-- | src/lib/krb5/os/def_realm.c | 72 |
5 files changed, 155 insertions, 2 deletions
diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h index b2d05ad..cdf2f4d 100644 --- a/src/lib/kadm5/admin.h +++ b/src/lib/kadm5/admin.h @@ -283,6 +283,8 @@ typedef struct __krb5_realm_params { char * realm_kdc_ports; char * realm_kdc_tcp_ports; char * realm_acl_file; + char * realm_host_based_services; + char * realm_no_host_referral; krb5_int32 realm_kadmind_port; krb5_enctype realm_enctype; krb5_deltat realm_max_life; diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c index 45f748d..477866b 100644 --- a/src/lib/kadm5/alt_prof.c +++ b/src/lib/kadm5/alt_prof.c @@ -1,7 +1,7 @@ /* * lib/kadm/alt_prof.c * - * Copyright 1995,2001,2008 by the Massachusetts Institute of Technology. + * Copyright 1995,2001,2008,2009 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -274,6 +274,59 @@ krb5_aprof_get_string(acontext, hierarchy, uselast, stringp) } /* + * krb5_aprof_get_string_all() - When the attr identified by "hierarchy" is specified multiple times, + * collect all its string values from the alternate profile. + * + * Parameters: + * acontext - opaque context for alternate profile. + * hierarchy - hierarchy of value to retrieve. + * stringp - Returned string value. + * + * Returns: + * error codes from profile_get_values() or ENOMEM + * Caller is responsible for deallocating stringp buffer + */ +krb5_error_code +krb5_aprof_get_string_all(acontext, hierarchy, stringp) + krb5_pointer acontext; + const char **hierarchy; + char **stringp; +{ + krb5_error_code kret=0; + char **values; + int lastidx; + char *tmp; + size_t buf_size=0; + + if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) { + for (lastidx=0; values[lastidx]; lastidx++); + lastidx--; + + buf_size = strlen(values[0])+2; + for (lastidx=1; values[lastidx]; lastidx++){ + buf_size += strlen(values[lastidx]+1); + } + } + if (buf_size > 0) { + *stringp = calloc(1,buf_size); + if (stringp == NULL){ + profile_free_list(values); + return ENOMEM; + } + tmp=*stringp; + strcpy(tmp,values[0]); + for (lastidx=1; values[lastidx]; lastidx++){ + tmp = strcat(tmp, " "); + tmp = strcat(tmp, values[lastidx]); + } + /* Free the string storage */ + profile_free_list(values); + } + return(kret); +} + + +/* * krb5_aprof_get_int32() - Get a 32-bit integer value from the alternate * profile. * @@ -866,6 +919,10 @@ krb5_read_realm_params(kcontext, realm, rparamp) char *kdcprofile = 0; char *kdcenv = 0; + char *no_refrls = 0; + char *host_based_srvcs = 0; + + krb5_error_code kret; @@ -971,6 +1028,26 @@ krb5_read_realm_params(kcontext, realm, rparamp) rparams->realm_reject_bad_transit_valid = 1; } + hierarchy[2] = "no_host_referral"; + if (!krb5_aprof_get_string_all(aprofile, hierarchy, &no_refrls)) { + + if (strchr(no_refrls, '*')) + no_refrls = strdup("*"); + rparams->realm_no_host_referral = no_refrls; + } else + no_refrls = 0; + + if (no_refrls == 0 || strlen(no_refrls) == 0 || strncmp(no_refrls, "*",1) != 0) { + hierarchy[2] = "host_based_services"; + if (!krb5_aprof_get_string_all(aprofile, hierarchy, &host_based_srvcs)){ + if (strchr(host_based_srvcs, '*')) + host_based_srvcs = strdup("*"); + rparams->realm_host_based_services = host_based_srvcs; + } else + host_based_srvcs = 0; + } + + /* Get the value for the default principal flags */ hierarchy[2] = "default_principal_flags"; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { @@ -1039,6 +1116,8 @@ krb5_free_realm_params(kcontext, rparams) krb5_xfree(rparams->realm_kdc_ports); krb5_xfree(rparams->realm_kdc_tcp_ports); krb5_xfree(rparams->realm_acl_file); + krb5_xfree(rparams->realm_no_host_referral); + krb5_xfree(rparams->realm_host_based_services); krb5_xfree(rparams); } return(0); diff --git a/src/lib/kadm5/srv/libkadm5srv.exports b/src/lib/kadm5/srv/libkadm5srv.exports index 1205580..d0a45ba 100644 --- a/src/lib/kadm5/srv/libkadm5srv.exports +++ b/src/lib/kadm5/srv/libkadm5srv.exports @@ -67,6 +67,7 @@ krb5_aprof_get_boolean krb5_aprof_get_deltat krb5_aprof_get_int32 krb5_aprof_get_string +krb5_aprof_get_string_all krb5_aprof_getvals krb5_aprof_init krb5_copy_key_data_contents diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index 4a6581f..9651f30 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -362,6 +362,7 @@ krb5_os_free_context krb5_os_hostaddr krb5_os_init_context krb5_os_localaddr +krb5int_get_domain_realm_mapping krb5_overridekeyname krb5_pac_add_buffer krb5_pac_free diff --git a/src/lib/krb5/os/def_realm.c b/src/lib/krb5/os/def_realm.c index 13a025d..327a63c 100644 --- a/src/lib/krb5/os/def_realm.c +++ b/src/lib/krb5/os/def_realm.c @@ -1,7 +1,7 @@ /* * lib/krb5/os/def_realm.c * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,2009 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -187,3 +187,73 @@ krb5_free_default_realm(krb5_context context, char *lrealm) { free (lrealm); } +krb5_error_code +krb5int_get_domain_realm_mapping(krb5_context context, const char *host, char ***realmsp) +{ + char **retrealms; + char *realm, *cp, *temp_realm; + krb5_error_code retval; + char temp_host[MAX_DNS_NAMELEN+1]; + +#ifdef DEBUG_REFERRALS + printf("krb5int_get_domain_realm_mapping(host:%s) called\n",host); +#endif + /* do sanity check and lower-case */ + retval = krb5int_clean_hostname(context, host, temp_host, sizeof temp_host); + if (retval) + return retval; + /* + Search for the best match for the host or domain. + Example: Given a host a.b.c.d, try to match on: + 1) a.b.c.d 2) .b.c.d. 3) b.c.d 4) .c.d 5) c.d 6) .d 7) d + */ + + cp = temp_host; + realm = (char *)NULL; + temp_realm = 0; + while (cp ) { +#ifdef DEBUG_REFERRALS + printf(" trying to look up %s in the domain_realm map\n",cp); +#endif + retval = profile_get_string(context->profile, "domain_realm", cp, + 0, (char *)NULL, &temp_realm); + if (retval) + return retval; + if (temp_realm != (char *)NULL) + break; /* Match found */ + + /* Setup for another test */ + if (*cp == '.') { + cp++; + } else { + cp = strchr(cp, '.'); + } + } +#ifdef DEBUG_REFERRALS + printf(" done searching the domain_realm map\n"); +#endif + if (temp_realm!=(char*)NULL) { +#ifdef DEBUG_REFERRALS + printf(" temp_realm is %s\n",temp_realm); +#endif + realm = strdup(temp_realm); + profile_release_string(temp_realm); + if (!realm) { + return ENOMEM; + } + } + if (!(retrealms = (char **)calloc(2, sizeof(*retrealms)))) { + if (realm != (char *)NULL) + free(realm); + return ENOMEM; + } + + retrealms[0] = realm; + retrealms[1] = 0; + + *realmsp = retrealms; + + return 0; +} + + |