1*0a6a1f1dSLionel Sambuc /* $NetBSD: context.c,v 1.4 2014/04/24 13:45:34 pettai Exp $ */
2ebfedea0SLionel Sambuc
3ebfedea0SLionel Sambuc /*
4ebfedea0SLionel Sambuc * Copyright (c) 1997 - 2010 Kungliga Tekniska Högskolan
5ebfedea0SLionel Sambuc * (Royal Institute of Technology, Stockholm, Sweden).
6ebfedea0SLionel Sambuc * All rights reserved.
7ebfedea0SLionel Sambuc *
8ebfedea0SLionel Sambuc * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
9ebfedea0SLionel Sambuc *
10ebfedea0SLionel Sambuc * Redistribution and use in source and binary forms, with or without
11ebfedea0SLionel Sambuc * modification, are permitted provided that the following conditions
12ebfedea0SLionel Sambuc * are met:
13ebfedea0SLionel Sambuc *
14ebfedea0SLionel Sambuc * 1. Redistributions of source code must retain the above copyright
15ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer.
16ebfedea0SLionel Sambuc *
17ebfedea0SLionel Sambuc * 2. Redistributions in binary form must reproduce the above copyright
18ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer in the
19ebfedea0SLionel Sambuc * documentation and/or other materials provided with the distribution.
20ebfedea0SLionel Sambuc *
21ebfedea0SLionel Sambuc * 3. Neither the name of the Institute nor the names of its contributors
22ebfedea0SLionel Sambuc * may be used to endorse or promote products derived from this software
23ebfedea0SLionel Sambuc * without specific prior written permission.
24ebfedea0SLionel Sambuc *
25ebfedea0SLionel Sambuc * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
26ebfedea0SLionel Sambuc * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27ebfedea0SLionel Sambuc * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28ebfedea0SLionel Sambuc * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
29ebfedea0SLionel Sambuc * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30ebfedea0SLionel Sambuc * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31ebfedea0SLionel Sambuc * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32ebfedea0SLionel Sambuc * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33ebfedea0SLionel Sambuc * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34ebfedea0SLionel Sambuc * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35ebfedea0SLionel Sambuc * SUCH DAMAGE.
36ebfedea0SLionel Sambuc */
37ebfedea0SLionel Sambuc
38ebfedea0SLionel Sambuc #include "krb5_locl.h"
39*0a6a1f1dSLionel Sambuc #include <assert.h>
40ebfedea0SLionel Sambuc #include <krb5/com_err.h>
41ebfedea0SLionel Sambuc
42ebfedea0SLionel Sambuc #define INIT_FIELD(C, T, E, D, F) \
43ebfedea0SLionel Sambuc (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \
44ebfedea0SLionel Sambuc "libdefaults", F, NULL)
45ebfedea0SLionel Sambuc
46ebfedea0SLionel Sambuc #define INIT_FLAG(C, O, V, D, F) \
47ebfedea0SLionel Sambuc do { \
48ebfedea0SLionel Sambuc if (krb5_config_get_bool_default((C), NULL, (D),"libdefaults", F, NULL)) { \
49ebfedea0SLionel Sambuc (C)->O |= V; \
50ebfedea0SLionel Sambuc } \
51ebfedea0SLionel Sambuc } while(0)
52ebfedea0SLionel Sambuc
53ebfedea0SLionel Sambuc /*
54ebfedea0SLionel Sambuc * Set the list of etypes `ret_etypes' from the configuration variable
55ebfedea0SLionel Sambuc * `name'
56ebfedea0SLionel Sambuc */
57ebfedea0SLionel Sambuc
58ebfedea0SLionel Sambuc static krb5_error_code
set_etypes(krb5_context context,const char * name,krb5_enctype ** ret_enctypes)59ebfedea0SLionel Sambuc set_etypes (krb5_context context,
60ebfedea0SLionel Sambuc const char *name,
61ebfedea0SLionel Sambuc krb5_enctype **ret_enctypes)
62ebfedea0SLionel Sambuc {
63ebfedea0SLionel Sambuc char **etypes_str;
64ebfedea0SLionel Sambuc krb5_enctype *etypes = NULL;
65ebfedea0SLionel Sambuc
66ebfedea0SLionel Sambuc etypes_str = krb5_config_get_strings(context, NULL, "libdefaults",
67ebfedea0SLionel Sambuc name, NULL);
68ebfedea0SLionel Sambuc if(etypes_str){
69ebfedea0SLionel Sambuc int i, j, k;
70ebfedea0SLionel Sambuc for(i = 0; etypes_str[i]; i++);
71ebfedea0SLionel Sambuc etypes = malloc((i+1) * sizeof(*etypes));
72ebfedea0SLionel Sambuc if (etypes == NULL) {
73ebfedea0SLionel Sambuc krb5_config_free_strings (etypes_str);
74ebfedea0SLionel Sambuc krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
75ebfedea0SLionel Sambuc return ENOMEM;
76ebfedea0SLionel Sambuc }
77ebfedea0SLionel Sambuc for(j = 0, k = 0; j < i; j++) {
78ebfedea0SLionel Sambuc krb5_enctype e;
79ebfedea0SLionel Sambuc if(krb5_string_to_enctype(context, etypes_str[j], &e) != 0)
80ebfedea0SLionel Sambuc continue;
81ebfedea0SLionel Sambuc if (krb5_enctype_valid(context, e) != 0)
82ebfedea0SLionel Sambuc continue;
83ebfedea0SLionel Sambuc etypes[k++] = e;
84ebfedea0SLionel Sambuc }
85ebfedea0SLionel Sambuc etypes[k] = ETYPE_NULL;
86ebfedea0SLionel Sambuc krb5_config_free_strings(etypes_str);
87ebfedea0SLionel Sambuc }
88ebfedea0SLionel Sambuc *ret_enctypes = etypes;
89ebfedea0SLionel Sambuc return 0;
90ebfedea0SLionel Sambuc }
91ebfedea0SLionel Sambuc
92ebfedea0SLionel Sambuc /*
93ebfedea0SLionel Sambuc * read variables from the configuration file and set in `context'
94ebfedea0SLionel Sambuc */
95ebfedea0SLionel Sambuc
96ebfedea0SLionel Sambuc static krb5_error_code
init_context_from_config_file(krb5_context context)97ebfedea0SLionel Sambuc init_context_from_config_file(krb5_context context)
98ebfedea0SLionel Sambuc {
99ebfedea0SLionel Sambuc krb5_error_code ret;
100ebfedea0SLionel Sambuc const char * tmp;
101ebfedea0SLionel Sambuc char **s;
102ebfedea0SLionel Sambuc krb5_enctype *tmptypes;
103ebfedea0SLionel Sambuc
104ebfedea0SLionel Sambuc INIT_FIELD(context, time, max_skew, 5 * 60, "clockskew");
105ebfedea0SLionel Sambuc INIT_FIELD(context, time, kdc_timeout, 3, "kdc_timeout");
106ebfedea0SLionel Sambuc INIT_FIELD(context, int, max_retries, 3, "max_retries");
107ebfedea0SLionel Sambuc
108ebfedea0SLionel Sambuc INIT_FIELD(context, string, http_proxy, NULL, "http_proxy");
109ebfedea0SLionel Sambuc
110ebfedea0SLionel Sambuc ret = krb5_config_get_bool_default(context, NULL, FALSE,
111ebfedea0SLionel Sambuc "libdefaults",
112ebfedea0SLionel Sambuc "allow_weak_crypto", NULL);
113ebfedea0SLionel Sambuc if (ret) {
114ebfedea0SLionel Sambuc krb5_enctype_enable(context, ETYPE_DES_CBC_CRC);
115ebfedea0SLionel Sambuc krb5_enctype_enable(context, ETYPE_DES_CBC_MD4);
116ebfedea0SLionel Sambuc krb5_enctype_enable(context, ETYPE_DES_CBC_MD5);
117ebfedea0SLionel Sambuc krb5_enctype_enable(context, ETYPE_DES_CBC_NONE);
118ebfedea0SLionel Sambuc krb5_enctype_enable(context, ETYPE_DES_CFB64_NONE);
119ebfedea0SLionel Sambuc krb5_enctype_enable(context, ETYPE_DES_PCBC_NONE);
120ebfedea0SLionel Sambuc }
121ebfedea0SLionel Sambuc
122ebfedea0SLionel Sambuc ret = set_etypes (context, "default_etypes", &tmptypes);
123ebfedea0SLionel Sambuc if(ret)
124ebfedea0SLionel Sambuc return ret;
125ebfedea0SLionel Sambuc free(context->etypes);
126ebfedea0SLionel Sambuc context->etypes = tmptypes;
127ebfedea0SLionel Sambuc
128ebfedea0SLionel Sambuc ret = set_etypes (context, "default_etypes_des", &tmptypes);
129ebfedea0SLionel Sambuc if(ret)
130ebfedea0SLionel Sambuc return ret;
131ebfedea0SLionel Sambuc free(context->etypes_des);
132ebfedea0SLionel Sambuc context->etypes_des = tmptypes;
133ebfedea0SLionel Sambuc
134*0a6a1f1dSLionel Sambuc ret = set_etypes (context, "default_as_etypes", &tmptypes);
135*0a6a1f1dSLionel Sambuc if(ret)
136*0a6a1f1dSLionel Sambuc return ret;
137*0a6a1f1dSLionel Sambuc free(context->as_etypes);
138*0a6a1f1dSLionel Sambuc context->as_etypes = tmptypes;
139*0a6a1f1dSLionel Sambuc
140*0a6a1f1dSLionel Sambuc ret = set_etypes (context, "default_tgs_etypes", &tmptypes);
141*0a6a1f1dSLionel Sambuc if(ret)
142*0a6a1f1dSLionel Sambuc return ret;
143*0a6a1f1dSLionel Sambuc free(context->tgs_etypes);
144*0a6a1f1dSLionel Sambuc context->tgs_etypes = tmptypes;
145*0a6a1f1dSLionel Sambuc
146*0a6a1f1dSLionel Sambuc ret = set_etypes (context, "permitted_enctypes", &tmptypes);
147*0a6a1f1dSLionel Sambuc if(ret)
148*0a6a1f1dSLionel Sambuc return ret;
149*0a6a1f1dSLionel Sambuc free(context->permitted_enctypes);
150*0a6a1f1dSLionel Sambuc context->permitted_enctypes = tmptypes;
151*0a6a1f1dSLionel Sambuc
152ebfedea0SLionel Sambuc /* default keytab name */
153ebfedea0SLionel Sambuc tmp = NULL;
154ebfedea0SLionel Sambuc if(!issuid())
155ebfedea0SLionel Sambuc tmp = getenv("KRB5_KTNAME");
156ebfedea0SLionel Sambuc if(tmp != NULL)
157ebfedea0SLionel Sambuc context->default_keytab = tmp;
158ebfedea0SLionel Sambuc else
159ebfedea0SLionel Sambuc INIT_FIELD(context, string, default_keytab,
160ebfedea0SLionel Sambuc KEYTAB_DEFAULT, "default_keytab_name");
161ebfedea0SLionel Sambuc
162ebfedea0SLionel Sambuc INIT_FIELD(context, string, default_keytab_modify,
163ebfedea0SLionel Sambuc NULL, "default_keytab_modify_name");
164ebfedea0SLionel Sambuc
165ebfedea0SLionel Sambuc INIT_FIELD(context, string, time_fmt,
166ebfedea0SLionel Sambuc "%Y-%m-%dT%H:%M:%S", "time_format");
167ebfedea0SLionel Sambuc
168ebfedea0SLionel Sambuc INIT_FIELD(context, string, date_fmt,
169ebfedea0SLionel Sambuc "%Y-%m-%d", "date_format");
170ebfedea0SLionel Sambuc
171ebfedea0SLionel Sambuc INIT_FIELD(context, bool, log_utc,
172ebfedea0SLionel Sambuc FALSE, "log_utc");
173ebfedea0SLionel Sambuc
174ebfedea0SLionel Sambuc
175ebfedea0SLionel Sambuc
176ebfedea0SLionel Sambuc /* init dns-proxy slime */
177ebfedea0SLionel Sambuc tmp = krb5_config_get_string(context, NULL, "libdefaults",
178ebfedea0SLionel Sambuc "dns_proxy", NULL);
179ebfedea0SLionel Sambuc if(tmp)
180ebfedea0SLionel Sambuc roken_gethostby_setup(context->http_proxy, tmp);
181ebfedea0SLionel Sambuc krb5_free_host_realm (context, context->default_realms);
182ebfedea0SLionel Sambuc context->default_realms = NULL;
183ebfedea0SLionel Sambuc
184ebfedea0SLionel Sambuc {
185ebfedea0SLionel Sambuc krb5_addresses addresses;
186ebfedea0SLionel Sambuc char **adr, **a;
187ebfedea0SLionel Sambuc
188ebfedea0SLionel Sambuc krb5_set_extra_addresses(context, NULL);
189ebfedea0SLionel Sambuc adr = krb5_config_get_strings(context, NULL,
190ebfedea0SLionel Sambuc "libdefaults",
191ebfedea0SLionel Sambuc "extra_addresses",
192ebfedea0SLionel Sambuc NULL);
193ebfedea0SLionel Sambuc memset(&addresses, 0, sizeof(addresses));
194ebfedea0SLionel Sambuc for(a = adr; a && *a; a++) {
195ebfedea0SLionel Sambuc ret = krb5_parse_address(context, *a, &addresses);
196ebfedea0SLionel Sambuc if (ret == 0) {
197ebfedea0SLionel Sambuc krb5_add_extra_addresses(context, &addresses);
198ebfedea0SLionel Sambuc krb5_free_addresses(context, &addresses);
199ebfedea0SLionel Sambuc }
200ebfedea0SLionel Sambuc }
201ebfedea0SLionel Sambuc krb5_config_free_strings(adr);
202ebfedea0SLionel Sambuc
203ebfedea0SLionel Sambuc krb5_set_ignore_addresses(context, NULL);
204ebfedea0SLionel Sambuc adr = krb5_config_get_strings(context, NULL,
205ebfedea0SLionel Sambuc "libdefaults",
206ebfedea0SLionel Sambuc "ignore_addresses",
207ebfedea0SLionel Sambuc NULL);
208ebfedea0SLionel Sambuc memset(&addresses, 0, sizeof(addresses));
209ebfedea0SLionel Sambuc for(a = adr; a && *a; a++) {
210ebfedea0SLionel Sambuc ret = krb5_parse_address(context, *a, &addresses);
211ebfedea0SLionel Sambuc if (ret == 0) {
212ebfedea0SLionel Sambuc krb5_add_ignore_addresses(context, &addresses);
213ebfedea0SLionel Sambuc krb5_free_addresses(context, &addresses);
214ebfedea0SLionel Sambuc }
215ebfedea0SLionel Sambuc }
216ebfedea0SLionel Sambuc krb5_config_free_strings(adr);
217ebfedea0SLionel Sambuc }
218ebfedea0SLionel Sambuc
219ebfedea0SLionel Sambuc INIT_FIELD(context, bool, scan_interfaces, TRUE, "scan_interfaces");
220ebfedea0SLionel Sambuc INIT_FIELD(context, int, fcache_vno, 0, "fcache_version");
221ebfedea0SLionel Sambuc /* prefer dns_lookup_kdc over srv_lookup. */
222ebfedea0SLionel Sambuc INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup");
223ebfedea0SLionel Sambuc INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc");
224ebfedea0SLionel Sambuc INIT_FIELD(context, int, large_msg_size, 1400, "large_message_size");
225ebfedea0SLionel Sambuc INIT_FLAG(context, flags, KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME, TRUE, "dns_canonicalize_hostname");
226ebfedea0SLionel Sambuc INIT_FLAG(context, flags, KRB5_CTX_F_CHECK_PAC, TRUE, "check_pac");
227ebfedea0SLionel Sambuc context->default_cc_name = NULL;
228ebfedea0SLionel Sambuc context->default_cc_name_set = 0;
229ebfedea0SLionel Sambuc
230ebfedea0SLionel Sambuc s = krb5_config_get_strings(context, NULL, "logging", "krb5", NULL);
231ebfedea0SLionel Sambuc if(s) {
232ebfedea0SLionel Sambuc char **p;
233ebfedea0SLionel Sambuc krb5_initlog(context, "libkrb5", &context->debug_dest);
234ebfedea0SLionel Sambuc for(p = s; *p; p++)
235ebfedea0SLionel Sambuc krb5_addlog_dest(context, context->debug_dest, *p);
236ebfedea0SLionel Sambuc krb5_config_free_strings(s);
237ebfedea0SLionel Sambuc }
238ebfedea0SLionel Sambuc
239ebfedea0SLionel Sambuc tmp = krb5_config_get_string(context, NULL, "libdefaults",
240ebfedea0SLionel Sambuc "check-rd-req-server", NULL);
241ebfedea0SLionel Sambuc if (tmp == NULL && !issuid())
242ebfedea0SLionel Sambuc tmp = getenv("KRB5_CHECK_RD_REQ_SERVER");
243ebfedea0SLionel Sambuc if(tmp) {
244ebfedea0SLionel Sambuc if (strcasecmp(tmp, "ignore") == 0)
245ebfedea0SLionel Sambuc context->flags |= KRB5_CTX_F_RD_REQ_IGNORE;
246ebfedea0SLionel Sambuc }
247ebfedea0SLionel Sambuc
248ebfedea0SLionel Sambuc return 0;
249ebfedea0SLionel Sambuc }
250ebfedea0SLionel Sambuc
251ebfedea0SLionel Sambuc static krb5_error_code
cc_ops_register(krb5_context context)252ebfedea0SLionel Sambuc cc_ops_register(krb5_context context)
253ebfedea0SLionel Sambuc {
254ebfedea0SLionel Sambuc context->cc_ops = NULL;
255ebfedea0SLionel Sambuc context->num_cc_ops = 0;
256ebfedea0SLionel Sambuc
257ebfedea0SLionel Sambuc #ifndef KCM_IS_API_CACHE
258ebfedea0SLionel Sambuc krb5_cc_register(context, &krb5_acc_ops, TRUE);
259ebfedea0SLionel Sambuc #endif
260ebfedea0SLionel Sambuc krb5_cc_register(context, &krb5_fcc_ops, TRUE);
261ebfedea0SLionel Sambuc krb5_cc_register(context, &krb5_mcc_ops, TRUE);
262ebfedea0SLionel Sambuc #ifdef HAVE_SCC
263ebfedea0SLionel Sambuc krb5_cc_register(context, &krb5_scc_ops, TRUE);
264ebfedea0SLionel Sambuc #endif
265ebfedea0SLionel Sambuc #ifdef HAVE_KCM
266ebfedea0SLionel Sambuc #ifdef KCM_IS_API_CACHE
267ebfedea0SLionel Sambuc krb5_cc_register(context, &krb5_akcm_ops, TRUE);
268ebfedea0SLionel Sambuc #endif
269ebfedea0SLionel Sambuc krb5_cc_register(context, &krb5_kcm_ops, TRUE);
270ebfedea0SLionel Sambuc #endif
271ebfedea0SLionel Sambuc _krb5_load_ccache_plugins(context);
272ebfedea0SLionel Sambuc return 0;
273ebfedea0SLionel Sambuc }
274ebfedea0SLionel Sambuc
275ebfedea0SLionel Sambuc static krb5_error_code
cc_ops_copy(krb5_context context,const krb5_context src_context)276ebfedea0SLionel Sambuc cc_ops_copy(krb5_context context, const krb5_context src_context)
277ebfedea0SLionel Sambuc {
278ebfedea0SLionel Sambuc const krb5_cc_ops **cc_ops;
279ebfedea0SLionel Sambuc
280ebfedea0SLionel Sambuc context->cc_ops = NULL;
281ebfedea0SLionel Sambuc context->num_cc_ops = 0;
282ebfedea0SLionel Sambuc
283ebfedea0SLionel Sambuc if (src_context->num_cc_ops == 0)
284ebfedea0SLionel Sambuc return 0;
285ebfedea0SLionel Sambuc
286ebfedea0SLionel Sambuc cc_ops = malloc(sizeof(cc_ops[0]) * src_context->num_cc_ops);
287ebfedea0SLionel Sambuc if (cc_ops == NULL) {
288ebfedea0SLionel Sambuc krb5_set_error_message(context, KRB5_CC_NOMEM,
289ebfedea0SLionel Sambuc N_("malloc: out of memory", ""));
290ebfedea0SLionel Sambuc return KRB5_CC_NOMEM;
291ebfedea0SLionel Sambuc }
292ebfedea0SLionel Sambuc
293ebfedea0SLionel Sambuc memcpy(rk_UNCONST(cc_ops), src_context->cc_ops,
294ebfedea0SLionel Sambuc sizeof(cc_ops[0]) * src_context->num_cc_ops);
295ebfedea0SLionel Sambuc context->cc_ops = cc_ops;
296ebfedea0SLionel Sambuc context->num_cc_ops = src_context->num_cc_ops;
297ebfedea0SLionel Sambuc
298ebfedea0SLionel Sambuc return 0;
299ebfedea0SLionel Sambuc }
300ebfedea0SLionel Sambuc
301ebfedea0SLionel Sambuc static krb5_error_code
kt_ops_register(krb5_context context)302ebfedea0SLionel Sambuc kt_ops_register(krb5_context context)
303ebfedea0SLionel Sambuc {
304ebfedea0SLionel Sambuc context->num_kt_types = 0;
305ebfedea0SLionel Sambuc context->kt_types = NULL;
306ebfedea0SLionel Sambuc
307ebfedea0SLionel Sambuc krb5_kt_register (context, &krb5_fkt_ops);
308ebfedea0SLionel Sambuc krb5_kt_register (context, &krb5_wrfkt_ops);
309ebfedea0SLionel Sambuc krb5_kt_register (context, &krb5_javakt_ops);
310ebfedea0SLionel Sambuc krb5_kt_register (context, &krb5_mkt_ops);
311ebfedea0SLionel Sambuc #ifndef HEIMDAL_SMALLER
312ebfedea0SLionel Sambuc krb5_kt_register (context, &krb5_akf_ops);
313ebfedea0SLionel Sambuc #endif
314ebfedea0SLionel Sambuc krb5_kt_register (context, &krb5_any_ops);
315ebfedea0SLionel Sambuc return 0;
316ebfedea0SLionel Sambuc }
317ebfedea0SLionel Sambuc
318ebfedea0SLionel Sambuc static krb5_error_code
kt_ops_copy(krb5_context context,const krb5_context src_context)319ebfedea0SLionel Sambuc kt_ops_copy(krb5_context context, const krb5_context src_context)
320ebfedea0SLionel Sambuc {
321ebfedea0SLionel Sambuc context->num_kt_types = 0;
322ebfedea0SLionel Sambuc context->kt_types = NULL;
323ebfedea0SLionel Sambuc
324ebfedea0SLionel Sambuc if (src_context->num_kt_types == 0)
325ebfedea0SLionel Sambuc return 0;
326ebfedea0SLionel Sambuc
327ebfedea0SLionel Sambuc context->kt_types = malloc(sizeof(context->kt_types[0]) * src_context->num_kt_types);
328ebfedea0SLionel Sambuc if (context->kt_types == NULL) {
329ebfedea0SLionel Sambuc krb5_set_error_message(context, ENOMEM,
330ebfedea0SLionel Sambuc N_("malloc: out of memory", ""));
331ebfedea0SLionel Sambuc return ENOMEM;
332ebfedea0SLionel Sambuc }
333ebfedea0SLionel Sambuc
334ebfedea0SLionel Sambuc context->num_kt_types = src_context->num_kt_types;
335ebfedea0SLionel Sambuc memcpy(context->kt_types, src_context->kt_types,
336ebfedea0SLionel Sambuc sizeof(context->kt_types[0]) * src_context->num_kt_types);
337ebfedea0SLionel Sambuc
338ebfedea0SLionel Sambuc return 0;
339ebfedea0SLionel Sambuc }
340ebfedea0SLionel Sambuc
341ebfedea0SLionel Sambuc static const char *sysplugin_dirs[] = {
342ebfedea0SLionel Sambuc LIBDIR "/plugin/krb5",
343ebfedea0SLionel Sambuc #ifdef __APPLE__
344ebfedea0SLionel Sambuc "/Library/KerberosPlugins/KerberosFrameworkPlugins",
345ebfedea0SLionel Sambuc "/System/Library/KerberosPlugins/KerberosFrameworkPlugins",
346ebfedea0SLionel Sambuc #endif
347ebfedea0SLionel Sambuc NULL
348ebfedea0SLionel Sambuc };
349ebfedea0SLionel Sambuc
350ebfedea0SLionel Sambuc static void
init_context_once(void * ctx)351ebfedea0SLionel Sambuc init_context_once(void *ctx)
352ebfedea0SLionel Sambuc {
353ebfedea0SLionel Sambuc krb5_context context = ctx;
354ebfedea0SLionel Sambuc
355ebfedea0SLionel Sambuc _krb5_load_plugins(context, "krb5", sysplugin_dirs);
356ebfedea0SLionel Sambuc
357ebfedea0SLionel Sambuc bindtextdomain(HEIMDAL_TEXTDOMAIN, HEIMDAL_LOCALEDIR);
358ebfedea0SLionel Sambuc }
359ebfedea0SLionel Sambuc
360ebfedea0SLionel Sambuc
361ebfedea0SLionel Sambuc /**
362ebfedea0SLionel Sambuc * Initializes the context structure and reads the configuration file
363ebfedea0SLionel Sambuc * /etc/krb5.conf. The structure should be freed by calling
364ebfedea0SLionel Sambuc * krb5_free_context() when it is no longer being used.
365ebfedea0SLionel Sambuc *
366ebfedea0SLionel Sambuc * @param context pointer to returned context
367ebfedea0SLionel Sambuc *
368ebfedea0SLionel Sambuc * @return Returns 0 to indicate success. Otherwise an errno code is
369ebfedea0SLionel Sambuc * returned. Failure means either that something bad happened during
370ebfedea0SLionel Sambuc * initialization (typically ENOMEM) or that Kerberos should not be
371ebfedea0SLionel Sambuc * used ENXIO.
372ebfedea0SLionel Sambuc *
373ebfedea0SLionel Sambuc * @ingroup krb5
374ebfedea0SLionel Sambuc */
375ebfedea0SLionel Sambuc
376ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_context(krb5_context * context)377ebfedea0SLionel Sambuc krb5_init_context(krb5_context *context)
378ebfedea0SLionel Sambuc {
379ebfedea0SLionel Sambuc static heim_base_once_t init_context = HEIM_BASE_ONCE_INIT;
380ebfedea0SLionel Sambuc krb5_context p;
381ebfedea0SLionel Sambuc krb5_error_code ret;
382ebfedea0SLionel Sambuc char **files;
383ebfedea0SLionel Sambuc
384ebfedea0SLionel Sambuc *context = NULL;
385ebfedea0SLionel Sambuc
386ebfedea0SLionel Sambuc p = calloc(1, sizeof(*p));
387ebfedea0SLionel Sambuc if(!p)
388ebfedea0SLionel Sambuc return ENOMEM;
389ebfedea0SLionel Sambuc
390ebfedea0SLionel Sambuc p->mutex = malloc(sizeof(HEIMDAL_MUTEX));
391ebfedea0SLionel Sambuc if (p->mutex == NULL) {
392ebfedea0SLionel Sambuc free(p);
393ebfedea0SLionel Sambuc return ENOMEM;
394ebfedea0SLionel Sambuc }
395ebfedea0SLionel Sambuc HEIMDAL_MUTEX_init(p->mutex);
396ebfedea0SLionel Sambuc
397ebfedea0SLionel Sambuc p->flags |= KRB5_CTX_F_HOMEDIR_ACCESS;
398ebfedea0SLionel Sambuc
399ebfedea0SLionel Sambuc ret = krb5_get_default_config_files(&files);
400ebfedea0SLionel Sambuc if(ret)
401ebfedea0SLionel Sambuc goto out;
402ebfedea0SLionel Sambuc ret = krb5_set_config_files(p, files);
403ebfedea0SLionel Sambuc krb5_free_config_files(files);
404ebfedea0SLionel Sambuc if(ret)
405ebfedea0SLionel Sambuc goto out;
406ebfedea0SLionel Sambuc
407ebfedea0SLionel Sambuc /* init error tables */
408ebfedea0SLionel Sambuc krb5_init_ets(p);
409ebfedea0SLionel Sambuc cc_ops_register(p);
410ebfedea0SLionel Sambuc kt_ops_register(p);
411ebfedea0SLionel Sambuc
412ebfedea0SLionel Sambuc #ifdef PKINIT
413ebfedea0SLionel Sambuc ret = hx509_context_init(&p->hx509ctx);
414ebfedea0SLionel Sambuc if (ret)
415ebfedea0SLionel Sambuc goto out;
416ebfedea0SLionel Sambuc #endif
417ebfedea0SLionel Sambuc if (rk_SOCK_INIT())
418ebfedea0SLionel Sambuc p->flags |= KRB5_CTX_F_SOCKETS_INITIALIZED;
419ebfedea0SLionel Sambuc
420ebfedea0SLionel Sambuc out:
421ebfedea0SLionel Sambuc if(ret) {
422ebfedea0SLionel Sambuc krb5_free_context(p);
423ebfedea0SLionel Sambuc p = NULL;
424ebfedea0SLionel Sambuc } else {
425ebfedea0SLionel Sambuc heim_base_once_f(&init_context, p, init_context_once);
426ebfedea0SLionel Sambuc }
427ebfedea0SLionel Sambuc *context = p;
428ebfedea0SLionel Sambuc return ret;
429ebfedea0SLionel Sambuc }
430ebfedea0SLionel Sambuc
431ebfedea0SLionel Sambuc #ifndef HEIMDAL_SMALLER
432ebfedea0SLionel Sambuc
433ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_permitted_enctypes(krb5_context context,krb5_enctype ** etypes)434ebfedea0SLionel Sambuc krb5_get_permitted_enctypes(krb5_context context,
435ebfedea0SLionel Sambuc krb5_enctype **etypes)
436ebfedea0SLionel Sambuc {
437*0a6a1f1dSLionel Sambuc return krb5_get_default_in_tkt_etypes(context, KRB5_PDU_NONE, etypes);
438ebfedea0SLionel Sambuc }
439ebfedea0SLionel Sambuc
440ebfedea0SLionel Sambuc /*
441ebfedea0SLionel Sambuc *
442ebfedea0SLionel Sambuc */
443ebfedea0SLionel Sambuc
444ebfedea0SLionel Sambuc static krb5_error_code
copy_etypes(krb5_context context,krb5_enctype * enctypes,krb5_enctype ** ret_enctypes)445ebfedea0SLionel Sambuc copy_etypes (krb5_context context,
446ebfedea0SLionel Sambuc krb5_enctype *enctypes,
447ebfedea0SLionel Sambuc krb5_enctype **ret_enctypes)
448ebfedea0SLionel Sambuc {
449ebfedea0SLionel Sambuc unsigned int i;
450ebfedea0SLionel Sambuc
451ebfedea0SLionel Sambuc for (i = 0; enctypes[i]; i++)
452ebfedea0SLionel Sambuc ;
453ebfedea0SLionel Sambuc i++;
454ebfedea0SLionel Sambuc
455ebfedea0SLionel Sambuc *ret_enctypes = malloc(sizeof(**ret_enctypes) * i);
456ebfedea0SLionel Sambuc if (*ret_enctypes == NULL) {
457ebfedea0SLionel Sambuc krb5_set_error_message(context, ENOMEM,
458ebfedea0SLionel Sambuc N_("malloc: out of memory", ""));
459ebfedea0SLionel Sambuc return ENOMEM;
460ebfedea0SLionel Sambuc }
461ebfedea0SLionel Sambuc memcpy(*ret_enctypes, enctypes, sizeof(**ret_enctypes) * i);
462ebfedea0SLionel Sambuc return 0;
463ebfedea0SLionel Sambuc }
464ebfedea0SLionel Sambuc
465ebfedea0SLionel Sambuc /**
466ebfedea0SLionel Sambuc * Make a copy for the Kerberos 5 context, the new krb5_context shoud
467ebfedea0SLionel Sambuc * be freed with krb5_free_context().
468ebfedea0SLionel Sambuc *
469ebfedea0SLionel Sambuc * @param context the Kerberos context to copy
470ebfedea0SLionel Sambuc * @param out the copy of the Kerberos, set to NULL error.
471ebfedea0SLionel Sambuc *
472ebfedea0SLionel Sambuc * @return Returns 0 to indicate success. Otherwise an kerberos et
473ebfedea0SLionel Sambuc * error code is returned, see krb5_get_error_message().
474ebfedea0SLionel Sambuc *
475ebfedea0SLionel Sambuc * @ingroup krb5
476ebfedea0SLionel Sambuc */
477ebfedea0SLionel Sambuc
478ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_context(krb5_context context,krb5_context * out)479ebfedea0SLionel Sambuc krb5_copy_context(krb5_context context, krb5_context *out)
480ebfedea0SLionel Sambuc {
481ebfedea0SLionel Sambuc krb5_error_code ret;
482ebfedea0SLionel Sambuc krb5_context p;
483ebfedea0SLionel Sambuc
484ebfedea0SLionel Sambuc *out = NULL;
485ebfedea0SLionel Sambuc
486ebfedea0SLionel Sambuc p = calloc(1, sizeof(*p));
487ebfedea0SLionel Sambuc if (p == NULL) {
488ebfedea0SLionel Sambuc krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
489ebfedea0SLionel Sambuc return ENOMEM;
490ebfedea0SLionel Sambuc }
491ebfedea0SLionel Sambuc
492ebfedea0SLionel Sambuc p->mutex = malloc(sizeof(HEIMDAL_MUTEX));
493ebfedea0SLionel Sambuc if (p->mutex == NULL) {
494ebfedea0SLionel Sambuc krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
495ebfedea0SLionel Sambuc free(p);
496ebfedea0SLionel Sambuc return ENOMEM;
497ebfedea0SLionel Sambuc }
498ebfedea0SLionel Sambuc HEIMDAL_MUTEX_init(p->mutex);
499ebfedea0SLionel Sambuc
500ebfedea0SLionel Sambuc
501ebfedea0SLionel Sambuc if (context->default_cc_name)
502ebfedea0SLionel Sambuc p->default_cc_name = strdup(context->default_cc_name);
503ebfedea0SLionel Sambuc if (context->default_cc_name_env)
504ebfedea0SLionel Sambuc p->default_cc_name_env = strdup(context->default_cc_name_env);
505ebfedea0SLionel Sambuc
506ebfedea0SLionel Sambuc if (context->etypes) {
507ebfedea0SLionel Sambuc ret = copy_etypes(context, context->etypes, &p->etypes);
508ebfedea0SLionel Sambuc if (ret)
509ebfedea0SLionel Sambuc goto out;
510ebfedea0SLionel Sambuc }
511ebfedea0SLionel Sambuc if (context->etypes_des) {
512ebfedea0SLionel Sambuc ret = copy_etypes(context, context->etypes_des, &p->etypes_des);
513ebfedea0SLionel Sambuc if (ret)
514ebfedea0SLionel Sambuc goto out;
515ebfedea0SLionel Sambuc }
516ebfedea0SLionel Sambuc
517ebfedea0SLionel Sambuc if (context->default_realms) {
518ebfedea0SLionel Sambuc ret = krb5_copy_host_realm(context,
519ebfedea0SLionel Sambuc context->default_realms, &p->default_realms);
520ebfedea0SLionel Sambuc if (ret)
521ebfedea0SLionel Sambuc goto out;
522ebfedea0SLionel Sambuc }
523ebfedea0SLionel Sambuc
524ebfedea0SLionel Sambuc ret = _krb5_config_copy(context, context->cf, &p->cf);
525ebfedea0SLionel Sambuc if (ret)
526ebfedea0SLionel Sambuc goto out;
527ebfedea0SLionel Sambuc
528ebfedea0SLionel Sambuc /* XXX should copy */
529ebfedea0SLionel Sambuc krb5_init_ets(p);
530ebfedea0SLionel Sambuc
531ebfedea0SLionel Sambuc cc_ops_copy(p, context);
532ebfedea0SLionel Sambuc kt_ops_copy(p, context);
533ebfedea0SLionel Sambuc
534ebfedea0SLionel Sambuc #if 0 /* XXX */
535ebfedea0SLionel Sambuc if(context->warn_dest != NULL)
536ebfedea0SLionel Sambuc ;
537ebfedea0SLionel Sambuc if(context->debug_dest != NULL)
538ebfedea0SLionel Sambuc ;
539ebfedea0SLionel Sambuc #endif
540ebfedea0SLionel Sambuc
541ebfedea0SLionel Sambuc ret = krb5_set_extra_addresses(p, context->extra_addresses);
542ebfedea0SLionel Sambuc if (ret)
543ebfedea0SLionel Sambuc goto out;
544ebfedea0SLionel Sambuc ret = krb5_set_extra_addresses(p, context->ignore_addresses);
545ebfedea0SLionel Sambuc if (ret)
546ebfedea0SLionel Sambuc goto out;
547ebfedea0SLionel Sambuc
548ebfedea0SLionel Sambuc ret = _krb5_copy_send_to_kdc_func(p, context);
549ebfedea0SLionel Sambuc if (ret)
550ebfedea0SLionel Sambuc goto out;
551ebfedea0SLionel Sambuc
552ebfedea0SLionel Sambuc *out = p;
553ebfedea0SLionel Sambuc
554ebfedea0SLionel Sambuc return 0;
555ebfedea0SLionel Sambuc
556ebfedea0SLionel Sambuc out:
557ebfedea0SLionel Sambuc krb5_free_context(p);
558ebfedea0SLionel Sambuc return ret;
559ebfedea0SLionel Sambuc }
560ebfedea0SLionel Sambuc
561ebfedea0SLionel Sambuc #endif
562ebfedea0SLionel Sambuc
563ebfedea0SLionel Sambuc /**
564ebfedea0SLionel Sambuc * Frees the krb5_context allocated by krb5_init_context().
565ebfedea0SLionel Sambuc *
566ebfedea0SLionel Sambuc * @param context context to be freed.
567ebfedea0SLionel Sambuc *
568ebfedea0SLionel Sambuc * @ingroup krb5
569ebfedea0SLionel Sambuc */
570ebfedea0SLionel Sambuc
571ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_context(krb5_context context)572ebfedea0SLionel Sambuc krb5_free_context(krb5_context context)
573ebfedea0SLionel Sambuc {
574ebfedea0SLionel Sambuc if (context->default_cc_name)
575ebfedea0SLionel Sambuc free(context->default_cc_name);
576ebfedea0SLionel Sambuc if (context->default_cc_name_env)
577ebfedea0SLionel Sambuc free(context->default_cc_name_env);
578ebfedea0SLionel Sambuc free(context->etypes);
579ebfedea0SLionel Sambuc free(context->etypes_des);
580ebfedea0SLionel Sambuc krb5_free_host_realm (context, context->default_realms);
581ebfedea0SLionel Sambuc krb5_config_file_free (context, context->cf);
582ebfedea0SLionel Sambuc free_error_table (context->et_list);
583ebfedea0SLionel Sambuc free(rk_UNCONST(context->cc_ops));
584ebfedea0SLionel Sambuc free(context->kt_types);
585ebfedea0SLionel Sambuc krb5_clear_error_message(context);
586ebfedea0SLionel Sambuc if(context->warn_dest != NULL)
587ebfedea0SLionel Sambuc krb5_closelog(context, context->warn_dest);
588ebfedea0SLionel Sambuc if(context->debug_dest != NULL)
589ebfedea0SLionel Sambuc krb5_closelog(context, context->debug_dest);
590ebfedea0SLionel Sambuc krb5_set_extra_addresses(context, NULL);
591ebfedea0SLionel Sambuc krb5_set_ignore_addresses(context, NULL);
592ebfedea0SLionel Sambuc krb5_set_send_to_kdc_func(context, NULL, NULL);
593ebfedea0SLionel Sambuc
594ebfedea0SLionel Sambuc #ifdef PKINIT
595ebfedea0SLionel Sambuc if (context->hx509ctx)
596ebfedea0SLionel Sambuc hx509_context_free(&context->hx509ctx);
597ebfedea0SLionel Sambuc #endif
598ebfedea0SLionel Sambuc
599ebfedea0SLionel Sambuc HEIMDAL_MUTEX_destroy(context->mutex);
600ebfedea0SLionel Sambuc free(context->mutex);
601ebfedea0SLionel Sambuc if (context->flags & KRB5_CTX_F_SOCKETS_INITIALIZED) {
602ebfedea0SLionel Sambuc rk_SOCK_EXIT();
603ebfedea0SLionel Sambuc }
604ebfedea0SLionel Sambuc
605ebfedea0SLionel Sambuc memset(context, 0, sizeof(*context));
606ebfedea0SLionel Sambuc free(context);
607ebfedea0SLionel Sambuc }
608ebfedea0SLionel Sambuc
609ebfedea0SLionel Sambuc /**
610ebfedea0SLionel Sambuc * Reinit the context from a new set of filenames.
611ebfedea0SLionel Sambuc *
612ebfedea0SLionel Sambuc * @param context context to add configuration too.
613ebfedea0SLionel Sambuc * @param filenames array of filenames, end of list is indicated with a NULL filename.
614ebfedea0SLionel Sambuc *
615ebfedea0SLionel Sambuc * @return Returns 0 to indicate success. Otherwise an kerberos et
616ebfedea0SLionel Sambuc * error code is returned, see krb5_get_error_message().
617ebfedea0SLionel Sambuc *
618ebfedea0SLionel Sambuc * @ingroup krb5
619ebfedea0SLionel Sambuc */
620ebfedea0SLionel Sambuc
621ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_config_files(krb5_context context,char ** filenames)622ebfedea0SLionel Sambuc krb5_set_config_files(krb5_context context, char **filenames)
623ebfedea0SLionel Sambuc {
624ebfedea0SLionel Sambuc krb5_error_code ret;
625ebfedea0SLionel Sambuc krb5_config_binding *tmp = NULL;
626ebfedea0SLionel Sambuc while(filenames != NULL && *filenames != NULL && **filenames != '\0') {
627ebfedea0SLionel Sambuc ret = krb5_config_parse_file_multi(context, *filenames, &tmp);
628ebfedea0SLionel Sambuc if(ret != 0 && ret != ENOENT && ret != EACCES && ret != EPERM) {
629ebfedea0SLionel Sambuc krb5_config_file_free(context, tmp);
630ebfedea0SLionel Sambuc return ret;
631ebfedea0SLionel Sambuc }
632ebfedea0SLionel Sambuc filenames++;
633ebfedea0SLionel Sambuc }
634ebfedea0SLionel Sambuc #if 1
635ebfedea0SLionel Sambuc /* with this enabled and if there are no config files, Kerberos is
636ebfedea0SLionel Sambuc considererd disabled */
637ebfedea0SLionel Sambuc if(tmp == NULL)
638ebfedea0SLionel Sambuc return ENXIO;
639ebfedea0SLionel Sambuc #endif
640ebfedea0SLionel Sambuc
641ebfedea0SLionel Sambuc #ifdef _WIN32
642ebfedea0SLionel Sambuc _krb5_load_config_from_registry(context, &tmp);
643ebfedea0SLionel Sambuc #endif
644ebfedea0SLionel Sambuc
645ebfedea0SLionel Sambuc krb5_config_file_free(context, context->cf);
646ebfedea0SLionel Sambuc context->cf = tmp;
647ebfedea0SLionel Sambuc ret = init_context_from_config_file(context);
648ebfedea0SLionel Sambuc return ret;
649ebfedea0SLionel Sambuc }
650ebfedea0SLionel Sambuc
651ebfedea0SLionel Sambuc static krb5_error_code
add_file(char *** pfilenames,int * len,char * file)652ebfedea0SLionel Sambuc add_file(char ***pfilenames, int *len, char *file)
653ebfedea0SLionel Sambuc {
654ebfedea0SLionel Sambuc char **pp = *pfilenames;
655ebfedea0SLionel Sambuc int i;
656ebfedea0SLionel Sambuc
657ebfedea0SLionel Sambuc for(i = 0; i < *len; i++) {
658ebfedea0SLionel Sambuc if(strcmp(pp[i], file) == 0) {
659ebfedea0SLionel Sambuc free(file);
660ebfedea0SLionel Sambuc return 0;
661ebfedea0SLionel Sambuc }
662ebfedea0SLionel Sambuc }
663ebfedea0SLionel Sambuc
664ebfedea0SLionel Sambuc pp = realloc(*pfilenames, (*len + 2) * sizeof(*pp));
665ebfedea0SLionel Sambuc if (pp == NULL) {
666ebfedea0SLionel Sambuc free(file);
667ebfedea0SLionel Sambuc return ENOMEM;
668ebfedea0SLionel Sambuc }
669ebfedea0SLionel Sambuc
670ebfedea0SLionel Sambuc pp[*len] = file;
671ebfedea0SLionel Sambuc pp[*len + 1] = NULL;
672ebfedea0SLionel Sambuc *pfilenames = pp;
673ebfedea0SLionel Sambuc *len += 1;
674ebfedea0SLionel Sambuc return 0;
675ebfedea0SLionel Sambuc }
676ebfedea0SLionel Sambuc
677ebfedea0SLionel Sambuc /*
678ebfedea0SLionel Sambuc * `pq' isn't free, it's up the the caller
679ebfedea0SLionel Sambuc */
680ebfedea0SLionel Sambuc
681ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_prepend_config_files(const char * filelist,char ** pq,char *** ret_pp)682ebfedea0SLionel Sambuc krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp)
683ebfedea0SLionel Sambuc {
684ebfedea0SLionel Sambuc krb5_error_code ret;
685ebfedea0SLionel Sambuc const char *p, *q;
686ebfedea0SLionel Sambuc char **pp;
687ebfedea0SLionel Sambuc int len;
688ebfedea0SLionel Sambuc char *fn;
689ebfedea0SLionel Sambuc
690ebfedea0SLionel Sambuc pp = NULL;
691ebfedea0SLionel Sambuc
692ebfedea0SLionel Sambuc len = 0;
693ebfedea0SLionel Sambuc p = filelist;
694ebfedea0SLionel Sambuc while(1) {
695ebfedea0SLionel Sambuc ssize_t l;
696ebfedea0SLionel Sambuc q = p;
697ebfedea0SLionel Sambuc l = strsep_copy(&q, PATH_SEP, NULL, 0);
698ebfedea0SLionel Sambuc if(l == -1)
699ebfedea0SLionel Sambuc break;
700ebfedea0SLionel Sambuc fn = malloc(l + 1);
701ebfedea0SLionel Sambuc if(fn == NULL) {
702ebfedea0SLionel Sambuc krb5_free_config_files(pp);
703ebfedea0SLionel Sambuc return ENOMEM;
704ebfedea0SLionel Sambuc }
705ebfedea0SLionel Sambuc (void)strsep_copy(&p, PATH_SEP, fn, l + 1);
706ebfedea0SLionel Sambuc ret = add_file(&pp, &len, fn);
707ebfedea0SLionel Sambuc if (ret) {
708ebfedea0SLionel Sambuc krb5_free_config_files(pp);
709ebfedea0SLionel Sambuc return ret;
710ebfedea0SLionel Sambuc }
711ebfedea0SLionel Sambuc }
712ebfedea0SLionel Sambuc
713ebfedea0SLionel Sambuc if (pq != NULL) {
714ebfedea0SLionel Sambuc int i;
715ebfedea0SLionel Sambuc
716ebfedea0SLionel Sambuc for (i = 0; pq[i] != NULL; i++) {
717ebfedea0SLionel Sambuc fn = strdup(pq[i]);
718ebfedea0SLionel Sambuc if (fn == NULL) {
719ebfedea0SLionel Sambuc krb5_free_config_files(pp);
720ebfedea0SLionel Sambuc return ENOMEM;
721ebfedea0SLionel Sambuc }
722ebfedea0SLionel Sambuc ret = add_file(&pp, &len, fn);
723ebfedea0SLionel Sambuc if (ret) {
724ebfedea0SLionel Sambuc krb5_free_config_files(pp);
725ebfedea0SLionel Sambuc return ret;
726ebfedea0SLionel Sambuc }
727ebfedea0SLionel Sambuc }
728ebfedea0SLionel Sambuc }
729ebfedea0SLionel Sambuc
730ebfedea0SLionel Sambuc *ret_pp = pp;
731ebfedea0SLionel Sambuc return 0;
732ebfedea0SLionel Sambuc }
733ebfedea0SLionel Sambuc
734ebfedea0SLionel Sambuc /**
735ebfedea0SLionel Sambuc * Prepend the filename to the global configuration list.
736ebfedea0SLionel Sambuc *
737ebfedea0SLionel Sambuc * @param filelist a filename to add to the default list of filename
738ebfedea0SLionel Sambuc * @param pfilenames return array of filenames, should be freed with krb5_free_config_files().
739ebfedea0SLionel Sambuc *
740ebfedea0SLionel Sambuc * @return Returns 0 to indicate success. Otherwise an kerberos et
741ebfedea0SLionel Sambuc * error code is returned, see krb5_get_error_message().
742ebfedea0SLionel Sambuc *
743ebfedea0SLionel Sambuc * @ingroup krb5
744ebfedea0SLionel Sambuc */
745ebfedea0SLionel Sambuc
746ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_prepend_config_files_default(const char * filelist,char *** pfilenames)747ebfedea0SLionel Sambuc krb5_prepend_config_files_default(const char *filelist, char ***pfilenames)
748ebfedea0SLionel Sambuc {
749ebfedea0SLionel Sambuc krb5_error_code ret;
750ebfedea0SLionel Sambuc char **defpp, **pp = NULL;
751ebfedea0SLionel Sambuc
752ebfedea0SLionel Sambuc ret = krb5_get_default_config_files(&defpp);
753ebfedea0SLionel Sambuc if (ret)
754ebfedea0SLionel Sambuc return ret;
755ebfedea0SLionel Sambuc
756ebfedea0SLionel Sambuc ret = krb5_prepend_config_files(filelist, defpp, &pp);
757ebfedea0SLionel Sambuc krb5_free_config_files(defpp);
758ebfedea0SLionel Sambuc if (ret) {
759ebfedea0SLionel Sambuc return ret;
760ebfedea0SLionel Sambuc }
761ebfedea0SLionel Sambuc *pfilenames = pp;
762ebfedea0SLionel Sambuc return 0;
763ebfedea0SLionel Sambuc }
764ebfedea0SLionel Sambuc
765ebfedea0SLionel Sambuc #ifdef _WIN32
766ebfedea0SLionel Sambuc
767ebfedea0SLionel Sambuc /**
768ebfedea0SLionel Sambuc * Checks the registry for configuration file location
769ebfedea0SLionel Sambuc *
770ebfedea0SLionel Sambuc * Kerberos for Windows and other legacy Kerberos applications expect
771ebfedea0SLionel Sambuc * to find the configuration file location in the
772ebfedea0SLionel Sambuc * SOFTWARE\MIT\Kerberos registry key under the value "config".
773ebfedea0SLionel Sambuc */
774ebfedea0SLionel Sambuc char *
_krb5_get_default_config_config_files_from_registry()775ebfedea0SLionel Sambuc _krb5_get_default_config_config_files_from_registry()
776ebfedea0SLionel Sambuc {
777ebfedea0SLionel Sambuc static const char * KeyName = "Software\\MIT\\Kerberos";
778ebfedea0SLionel Sambuc char *config_file = NULL;
779ebfedea0SLionel Sambuc LONG rcode;
780ebfedea0SLionel Sambuc HKEY key;
781ebfedea0SLionel Sambuc
782ebfedea0SLionel Sambuc rcode = RegOpenKeyEx(HKEY_CURRENT_USER, KeyName, 0, KEY_READ, &key);
783ebfedea0SLionel Sambuc if (rcode == ERROR_SUCCESS) {
784ebfedea0SLionel Sambuc config_file = _krb5_parse_reg_value_as_multi_string(NULL, key, "config",
785ebfedea0SLionel Sambuc REG_NONE, 0, PATH_SEP);
786ebfedea0SLionel Sambuc RegCloseKey(key);
787ebfedea0SLionel Sambuc }
788ebfedea0SLionel Sambuc
789ebfedea0SLionel Sambuc if (config_file)
790ebfedea0SLionel Sambuc return config_file;
791ebfedea0SLionel Sambuc
792ebfedea0SLionel Sambuc rcode = RegOpenKeyEx(HKEY_LOCAL_MACHINE, KeyName, 0, KEY_READ, &key);
793ebfedea0SLionel Sambuc if (rcode == ERROR_SUCCESS) {
794ebfedea0SLionel Sambuc config_file = _krb5_parse_reg_value_as_multi_string(NULL, key, "config",
795ebfedea0SLionel Sambuc REG_NONE, 0, PATH_SEP);
796ebfedea0SLionel Sambuc RegCloseKey(key);
797ebfedea0SLionel Sambuc }
798ebfedea0SLionel Sambuc
799ebfedea0SLionel Sambuc return config_file;
800ebfedea0SLionel Sambuc }
801ebfedea0SLionel Sambuc
802ebfedea0SLionel Sambuc #endif
803ebfedea0SLionel Sambuc
804ebfedea0SLionel Sambuc /**
805ebfedea0SLionel Sambuc * Get the global configuration list.
806ebfedea0SLionel Sambuc *
807ebfedea0SLionel Sambuc * @param pfilenames return array of filenames, should be freed with krb5_free_config_files().
808ebfedea0SLionel Sambuc *
809ebfedea0SLionel Sambuc * @return Returns 0 to indicate success. Otherwise an kerberos et
810ebfedea0SLionel Sambuc * error code is returned, see krb5_get_error_message().
811ebfedea0SLionel Sambuc *
812ebfedea0SLionel Sambuc * @ingroup krb5
813ebfedea0SLionel Sambuc */
814ebfedea0SLionel Sambuc
815ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_default_config_files(char *** pfilenames)816ebfedea0SLionel Sambuc krb5_get_default_config_files(char ***pfilenames)
817ebfedea0SLionel Sambuc {
818ebfedea0SLionel Sambuc const char *files = NULL;
819ebfedea0SLionel Sambuc
820ebfedea0SLionel Sambuc if (pfilenames == NULL)
821ebfedea0SLionel Sambuc return EINVAL;
822ebfedea0SLionel Sambuc if(!issuid())
823ebfedea0SLionel Sambuc files = getenv("KRB5_CONFIG");
824ebfedea0SLionel Sambuc
825ebfedea0SLionel Sambuc #ifdef _WIN32
826ebfedea0SLionel Sambuc if (files == NULL) {
827ebfedea0SLionel Sambuc char * reg_files;
828ebfedea0SLionel Sambuc reg_files = _krb5_get_default_config_config_files_from_registry();
829ebfedea0SLionel Sambuc if (reg_files != NULL) {
830ebfedea0SLionel Sambuc krb5_error_code code;
831ebfedea0SLionel Sambuc
832ebfedea0SLionel Sambuc code = krb5_prepend_config_files(reg_files, NULL, pfilenames);
833ebfedea0SLionel Sambuc free(reg_files);
834ebfedea0SLionel Sambuc
835ebfedea0SLionel Sambuc return code;
836ebfedea0SLionel Sambuc }
837ebfedea0SLionel Sambuc }
838ebfedea0SLionel Sambuc #endif
839ebfedea0SLionel Sambuc
840ebfedea0SLionel Sambuc if (files == NULL)
841ebfedea0SLionel Sambuc files = krb5_config_file;
842ebfedea0SLionel Sambuc
843ebfedea0SLionel Sambuc return krb5_prepend_config_files(files, NULL, pfilenames);
844ebfedea0SLionel Sambuc }
845ebfedea0SLionel Sambuc
846ebfedea0SLionel Sambuc /**
847ebfedea0SLionel Sambuc * Free a list of configuration files.
848ebfedea0SLionel Sambuc *
849ebfedea0SLionel Sambuc * @param filenames list, terminated with a NULL pointer, to be
850ebfedea0SLionel Sambuc * freed. NULL is an valid argument.
851ebfedea0SLionel Sambuc *
852ebfedea0SLionel Sambuc * @return Returns 0 to indicate success. Otherwise an kerberos et
853ebfedea0SLionel Sambuc * error code is returned, see krb5_get_error_message().
854ebfedea0SLionel Sambuc *
855ebfedea0SLionel Sambuc * @ingroup krb5
856ebfedea0SLionel Sambuc */
857ebfedea0SLionel Sambuc
858ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_config_files(char ** filenames)859ebfedea0SLionel Sambuc krb5_free_config_files(char **filenames)
860ebfedea0SLionel Sambuc {
861ebfedea0SLionel Sambuc char **p;
862ebfedea0SLionel Sambuc for(p = filenames; p && *p != NULL; p++)
863ebfedea0SLionel Sambuc free(*p);
864ebfedea0SLionel Sambuc free(filenames);
865ebfedea0SLionel Sambuc }
866ebfedea0SLionel Sambuc
867ebfedea0SLionel Sambuc /**
868ebfedea0SLionel Sambuc * Returns the list of Kerberos encryption types sorted in order of
869ebfedea0SLionel Sambuc * most preferred to least preferred encryption type. Note that some
870ebfedea0SLionel Sambuc * encryption types might be disabled, so you need to check with
871ebfedea0SLionel Sambuc * krb5_enctype_valid() before using the encryption type.
872ebfedea0SLionel Sambuc *
873ebfedea0SLionel Sambuc * @return list of enctypes, terminated with ETYPE_NULL. Its a static
874ebfedea0SLionel Sambuc * array completed into the Kerberos library so the content doesn't
875ebfedea0SLionel Sambuc * need to be freed.
876ebfedea0SLionel Sambuc *
877ebfedea0SLionel Sambuc * @ingroup krb5
878ebfedea0SLionel Sambuc */
879ebfedea0SLionel Sambuc
880ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION const krb5_enctype * KRB5_LIB_CALL
krb5_kerberos_enctypes(krb5_context context)881ebfedea0SLionel Sambuc krb5_kerberos_enctypes(krb5_context context)
882ebfedea0SLionel Sambuc {
883ebfedea0SLionel Sambuc static const krb5_enctype p[] = {
884ebfedea0SLionel Sambuc ETYPE_AES256_CTS_HMAC_SHA1_96,
885ebfedea0SLionel Sambuc ETYPE_AES128_CTS_HMAC_SHA1_96,
886ebfedea0SLionel Sambuc ETYPE_DES3_CBC_SHA1,
887ebfedea0SLionel Sambuc ETYPE_DES3_CBC_MD5,
888ebfedea0SLionel Sambuc ETYPE_ARCFOUR_HMAC_MD5,
889ebfedea0SLionel Sambuc ETYPE_DES_CBC_MD5,
890ebfedea0SLionel Sambuc ETYPE_DES_CBC_MD4,
891ebfedea0SLionel Sambuc ETYPE_DES_CBC_CRC,
892ebfedea0SLionel Sambuc ETYPE_NULL
893ebfedea0SLionel Sambuc };
894ebfedea0SLionel Sambuc return p;
895ebfedea0SLionel Sambuc }
896ebfedea0SLionel Sambuc
897ebfedea0SLionel Sambuc /*
898*0a6a1f1dSLionel Sambuc *
899*0a6a1f1dSLionel Sambuc */
900*0a6a1f1dSLionel Sambuc
901*0a6a1f1dSLionel Sambuc static krb5_error_code
copy_enctypes(krb5_context context,const krb5_enctype * in,krb5_enctype ** out)902*0a6a1f1dSLionel Sambuc copy_enctypes(krb5_context context,
903*0a6a1f1dSLionel Sambuc const krb5_enctype *in,
904*0a6a1f1dSLionel Sambuc krb5_enctype **out)
905*0a6a1f1dSLionel Sambuc {
906*0a6a1f1dSLionel Sambuc krb5_enctype *p = NULL;
907*0a6a1f1dSLionel Sambuc size_t m, n;
908*0a6a1f1dSLionel Sambuc
909*0a6a1f1dSLionel Sambuc for (n = 0; in[n]; n++)
910*0a6a1f1dSLionel Sambuc ;
911*0a6a1f1dSLionel Sambuc n++;
912*0a6a1f1dSLionel Sambuc ALLOC(p, n);
913*0a6a1f1dSLionel Sambuc if(p == NULL)
914*0a6a1f1dSLionel Sambuc return krb5_enomem(context);
915*0a6a1f1dSLionel Sambuc for (n = 0, m = 0; in[n]; n++) {
916*0a6a1f1dSLionel Sambuc if (krb5_enctype_valid(context, in[n]) != 0)
917*0a6a1f1dSLionel Sambuc continue;
918*0a6a1f1dSLionel Sambuc p[m++] = in[n];
919*0a6a1f1dSLionel Sambuc }
920*0a6a1f1dSLionel Sambuc p[m] = KRB5_ENCTYPE_NULL;
921*0a6a1f1dSLionel Sambuc if (m == 0) {
922*0a6a1f1dSLionel Sambuc free(p);
923*0a6a1f1dSLionel Sambuc krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
924*0a6a1f1dSLionel Sambuc N_("no valid enctype set", ""));
925*0a6a1f1dSLionel Sambuc return KRB5_PROG_ETYPE_NOSUPP;
926*0a6a1f1dSLionel Sambuc }
927*0a6a1f1dSLionel Sambuc *out = p;
928*0a6a1f1dSLionel Sambuc return 0;
929*0a6a1f1dSLionel Sambuc }
930*0a6a1f1dSLionel Sambuc
931*0a6a1f1dSLionel Sambuc
932*0a6a1f1dSLionel Sambuc /*
933ebfedea0SLionel Sambuc * set `etype' to a malloced list of the default enctypes
934ebfedea0SLionel Sambuc */
935ebfedea0SLionel Sambuc
936ebfedea0SLionel Sambuc static krb5_error_code
default_etypes(krb5_context context,krb5_enctype ** etype)937ebfedea0SLionel Sambuc default_etypes(krb5_context context, krb5_enctype **etype)
938ebfedea0SLionel Sambuc {
939*0a6a1f1dSLionel Sambuc const krb5_enctype *p = krb5_kerberos_enctypes(context);
940*0a6a1f1dSLionel Sambuc return copy_enctypes(context, p, etype);
941ebfedea0SLionel Sambuc }
942ebfedea0SLionel Sambuc
943ebfedea0SLionel Sambuc /**
944ebfedea0SLionel Sambuc * Set the default encryption types that will be use in communcation
945ebfedea0SLionel Sambuc * with the KDC, clients and servers.
946ebfedea0SLionel Sambuc *
947ebfedea0SLionel Sambuc * @param context Kerberos 5 context.
948ebfedea0SLionel Sambuc * @param etypes Encryption types, array terminated with ETYPE_NULL (0).
949ebfedea0SLionel Sambuc *
950ebfedea0SLionel Sambuc * @return Returns 0 to indicate success. Otherwise an kerberos et
951ebfedea0SLionel Sambuc * error code is returned, see krb5_get_error_message().
952ebfedea0SLionel Sambuc *
953ebfedea0SLionel Sambuc * @ingroup krb5
954ebfedea0SLionel Sambuc */
955ebfedea0SLionel Sambuc
956ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_default_in_tkt_etypes(krb5_context context,const krb5_enctype * etypes)957ebfedea0SLionel Sambuc krb5_set_default_in_tkt_etypes(krb5_context context,
958ebfedea0SLionel Sambuc const krb5_enctype *etypes)
959ebfedea0SLionel Sambuc {
960ebfedea0SLionel Sambuc krb5_error_code ret;
961ebfedea0SLionel Sambuc krb5_enctype *p = NULL;
962ebfedea0SLionel Sambuc
963ebfedea0SLionel Sambuc if(etypes) {
964*0a6a1f1dSLionel Sambuc ret = copy_enctypes(context, etypes, &p);
965ebfedea0SLionel Sambuc if (ret)
966*0a6a1f1dSLionel Sambuc return ret;
967ebfedea0SLionel Sambuc }
968ebfedea0SLionel Sambuc if(context->etypes)
969ebfedea0SLionel Sambuc free(context->etypes);
970ebfedea0SLionel Sambuc context->etypes = p;
971ebfedea0SLionel Sambuc return 0;
972ebfedea0SLionel Sambuc }
973ebfedea0SLionel Sambuc
974ebfedea0SLionel Sambuc /**
975ebfedea0SLionel Sambuc * Get the default encryption types that will be use in communcation
976ebfedea0SLionel Sambuc * with the KDC, clients and servers.
977ebfedea0SLionel Sambuc *
978ebfedea0SLionel Sambuc * @param context Kerberos 5 context.
979ebfedea0SLionel Sambuc * @param etypes Encryption types, array terminated with
980ebfedea0SLionel Sambuc * ETYPE_NULL(0), caller should free array with krb5_xfree():
981ebfedea0SLionel Sambuc *
982ebfedea0SLionel Sambuc * @return Returns 0 to indicate success. Otherwise an kerberos et
983ebfedea0SLionel Sambuc * error code is returned, see krb5_get_error_message().
984ebfedea0SLionel Sambuc *
985ebfedea0SLionel Sambuc * @ingroup krb5
986ebfedea0SLionel Sambuc */
987ebfedea0SLionel Sambuc
988ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_default_in_tkt_etypes(krb5_context context,krb5_pdu pdu_type,krb5_enctype ** etypes)989ebfedea0SLionel Sambuc krb5_get_default_in_tkt_etypes(krb5_context context,
990*0a6a1f1dSLionel Sambuc krb5_pdu pdu_type,
991ebfedea0SLionel Sambuc krb5_enctype **etypes)
992ebfedea0SLionel Sambuc {
993*0a6a1f1dSLionel Sambuc krb5_enctype *enctypes = NULL;
994ebfedea0SLionel Sambuc krb5_error_code ret;
995*0a6a1f1dSLionel Sambuc krb5_enctype *p;
996ebfedea0SLionel Sambuc
997*0a6a1f1dSLionel Sambuc heim_assert(pdu_type == KRB5_PDU_AS_REQUEST ||
998*0a6a1f1dSLionel Sambuc pdu_type == KRB5_PDU_TGS_REQUEST ||
999*0a6a1f1dSLionel Sambuc pdu_type == KRB5_PDU_NONE, "pdu contant not as expected");
1000*0a6a1f1dSLionel Sambuc
1001*0a6a1f1dSLionel Sambuc if (pdu_type == KRB5_PDU_AS_REQUEST && context->as_etypes != NULL)
1002*0a6a1f1dSLionel Sambuc enctypes = context->as_etypes;
1003*0a6a1f1dSLionel Sambuc else if (pdu_type == KRB5_PDU_TGS_REQUEST && context->tgs_etypes != NULL)
1004*0a6a1f1dSLionel Sambuc enctypes = context->tgs_etypes;
1005*0a6a1f1dSLionel Sambuc else if (context->etypes != NULL)
1006*0a6a1f1dSLionel Sambuc enctypes = context->etypes;
1007*0a6a1f1dSLionel Sambuc
1008*0a6a1f1dSLionel Sambuc if (enctypes != NULL) {
1009*0a6a1f1dSLionel Sambuc ret = copy_enctypes(context, enctypes, &p);
1010*0a6a1f1dSLionel Sambuc if (ret)
1011*0a6a1f1dSLionel Sambuc return ret;
1012ebfedea0SLionel Sambuc } else {
1013ebfedea0SLionel Sambuc ret = default_etypes(context, &p);
1014ebfedea0SLionel Sambuc if (ret)
1015ebfedea0SLionel Sambuc return ret;
1016ebfedea0SLionel Sambuc }
1017ebfedea0SLionel Sambuc *etypes = p;
1018ebfedea0SLionel Sambuc return 0;
1019ebfedea0SLionel Sambuc }
1020ebfedea0SLionel Sambuc
1021ebfedea0SLionel Sambuc /**
1022ebfedea0SLionel Sambuc * Init the built-in ets in the Kerberos library.
1023ebfedea0SLionel Sambuc *
1024ebfedea0SLionel Sambuc * @param context kerberos context to add the ets too
1025ebfedea0SLionel Sambuc *
1026ebfedea0SLionel Sambuc * @ingroup krb5
1027ebfedea0SLionel Sambuc */
1028ebfedea0SLionel Sambuc
1029ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_init_ets(krb5_context context)1030ebfedea0SLionel Sambuc krb5_init_ets(krb5_context context)
1031ebfedea0SLionel Sambuc {
1032ebfedea0SLionel Sambuc if(context->et_list == NULL){
1033ebfedea0SLionel Sambuc krb5_add_et_list(context, initialize_krb5_error_table_r);
1034ebfedea0SLionel Sambuc krb5_add_et_list(context, initialize_asn1_error_table_r);
1035ebfedea0SLionel Sambuc krb5_add_et_list(context, initialize_heim_error_table_r);
1036ebfedea0SLionel Sambuc
1037ebfedea0SLionel Sambuc krb5_add_et_list(context, initialize_k524_error_table_r);
1038ebfedea0SLionel Sambuc
1039ebfedea0SLionel Sambuc #ifdef COM_ERR_BINDDOMAIN_krb5
1040ebfedea0SLionel Sambuc bindtextdomain(COM_ERR_BINDDOMAIN_krb5, HEIMDAL_LOCALEDIR);
1041ebfedea0SLionel Sambuc bindtextdomain(COM_ERR_BINDDOMAIN_asn1, HEIMDAL_LOCALEDIR);
1042ebfedea0SLionel Sambuc bindtextdomain(COM_ERR_BINDDOMAIN_heim, HEIMDAL_LOCALEDIR);
1043ebfedea0SLionel Sambuc bindtextdomain(COM_ERR_BINDDOMAIN_k524, HEIMDAL_LOCALEDIR);
1044ebfedea0SLionel Sambuc #endif
1045ebfedea0SLionel Sambuc
1046ebfedea0SLionel Sambuc #ifdef PKINIT
1047ebfedea0SLionel Sambuc krb5_add_et_list(context, initialize_hx_error_table_r);
1048ebfedea0SLionel Sambuc #ifdef COM_ERR_BINDDOMAIN_hx
1049ebfedea0SLionel Sambuc bindtextdomain(COM_ERR_BINDDOMAIN_hx, HEIMDAL_LOCALEDIR);
1050ebfedea0SLionel Sambuc #endif
1051ebfedea0SLionel Sambuc #endif
1052ebfedea0SLionel Sambuc }
1053ebfedea0SLionel Sambuc }
1054ebfedea0SLionel Sambuc
1055ebfedea0SLionel Sambuc /**
1056ebfedea0SLionel Sambuc * Make the kerberos library default to the admin KDC.
1057ebfedea0SLionel Sambuc *
1058ebfedea0SLionel Sambuc * @param context Kerberos 5 context.
1059ebfedea0SLionel Sambuc * @param flag boolean flag to select if the use the admin KDC or not.
1060ebfedea0SLionel Sambuc *
1061ebfedea0SLionel Sambuc * @ingroup krb5
1062ebfedea0SLionel Sambuc */
1063ebfedea0SLionel Sambuc
1064ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_set_use_admin_kdc(krb5_context context,krb5_boolean flag)1065ebfedea0SLionel Sambuc krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag)
1066ebfedea0SLionel Sambuc {
1067ebfedea0SLionel Sambuc context->use_admin_kdc = flag;
1068ebfedea0SLionel Sambuc }
1069ebfedea0SLionel Sambuc
1070ebfedea0SLionel Sambuc /**
1071ebfedea0SLionel Sambuc * Make the kerberos library default to the admin KDC.
1072ebfedea0SLionel Sambuc *
1073ebfedea0SLionel Sambuc * @param context Kerberos 5 context.
1074ebfedea0SLionel Sambuc *
1075ebfedea0SLionel Sambuc * @return boolean flag to telling the context will use admin KDC as the default KDC.
1076ebfedea0SLionel Sambuc *
1077ebfedea0SLionel Sambuc * @ingroup krb5
1078ebfedea0SLionel Sambuc */
1079ebfedea0SLionel Sambuc
1080ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_get_use_admin_kdc(krb5_context context)1081ebfedea0SLionel Sambuc krb5_get_use_admin_kdc (krb5_context context)
1082ebfedea0SLionel Sambuc {
1083ebfedea0SLionel Sambuc return context->use_admin_kdc;
1084ebfedea0SLionel Sambuc }
1085ebfedea0SLionel Sambuc
1086ebfedea0SLionel Sambuc /**
1087ebfedea0SLionel Sambuc * Add extra address to the address list that the library will add to
1088ebfedea0SLionel Sambuc * the client's address list when communicating with the KDC.
1089ebfedea0SLionel Sambuc *
1090ebfedea0SLionel Sambuc * @param context Kerberos 5 context.
1091ebfedea0SLionel Sambuc * @param addresses addreses to add
1092ebfedea0SLionel Sambuc *
1093ebfedea0SLionel Sambuc * @return Returns 0 to indicate success. Otherwise an kerberos et
1094ebfedea0SLionel Sambuc * error code is returned, see krb5_get_error_message().
1095ebfedea0SLionel Sambuc *
1096ebfedea0SLionel Sambuc * @ingroup krb5
1097ebfedea0SLionel Sambuc */
1098ebfedea0SLionel Sambuc
1099ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_add_extra_addresses(krb5_context context,krb5_addresses * addresses)1100ebfedea0SLionel Sambuc krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses)
1101ebfedea0SLionel Sambuc {
1102ebfedea0SLionel Sambuc
1103ebfedea0SLionel Sambuc if(context->extra_addresses)
1104ebfedea0SLionel Sambuc return krb5_append_addresses(context,
1105ebfedea0SLionel Sambuc context->extra_addresses, addresses);
1106ebfedea0SLionel Sambuc else
1107ebfedea0SLionel Sambuc return krb5_set_extra_addresses(context, addresses);
1108ebfedea0SLionel Sambuc }
1109ebfedea0SLionel Sambuc
1110ebfedea0SLionel Sambuc /**
1111ebfedea0SLionel Sambuc * Set extra address to the address list that the library will add to
1112ebfedea0SLionel Sambuc * the client's address list when communicating with the KDC.
1113ebfedea0SLionel Sambuc *
1114ebfedea0SLionel Sambuc * @param context Kerberos 5 context.
1115ebfedea0SLionel Sambuc * @param addresses addreses to set
1116ebfedea0SLionel Sambuc *
1117ebfedea0SLionel Sambuc * @return Returns 0 to indicate success. Otherwise an kerberos et
1118ebfedea0SLionel Sambuc * error code is returned, see krb5_get_error_message().
1119ebfedea0SLionel Sambuc *
1120ebfedea0SLionel Sambuc * @ingroup krb5
1121ebfedea0SLionel Sambuc */
1122ebfedea0SLionel Sambuc
1123ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_extra_addresses(krb5_context context,const krb5_addresses * addresses)1124ebfedea0SLionel Sambuc krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
1125ebfedea0SLionel Sambuc {
1126ebfedea0SLionel Sambuc if(context->extra_addresses)
1127ebfedea0SLionel Sambuc krb5_free_addresses(context, context->extra_addresses);
1128ebfedea0SLionel Sambuc
1129ebfedea0SLionel Sambuc if(addresses == NULL) {
1130ebfedea0SLionel Sambuc if(context->extra_addresses != NULL) {
1131ebfedea0SLionel Sambuc free(context->extra_addresses);
1132ebfedea0SLionel Sambuc context->extra_addresses = NULL;
1133ebfedea0SLionel Sambuc }
1134ebfedea0SLionel Sambuc return 0;
1135ebfedea0SLionel Sambuc }
1136ebfedea0SLionel Sambuc if(context->extra_addresses == NULL) {
1137ebfedea0SLionel Sambuc context->extra_addresses = malloc(sizeof(*context->extra_addresses));
1138ebfedea0SLionel Sambuc if(context->extra_addresses == NULL) {
1139ebfedea0SLionel Sambuc krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
1140ebfedea0SLionel Sambuc return ENOMEM;
1141ebfedea0SLionel Sambuc }
1142ebfedea0SLionel Sambuc }
1143ebfedea0SLionel Sambuc return krb5_copy_addresses(context, addresses, context->extra_addresses);
1144ebfedea0SLionel Sambuc }
1145ebfedea0SLionel Sambuc
1146ebfedea0SLionel Sambuc /**
1147ebfedea0SLionel Sambuc * Get extra address to the address list that the library will add to
1148ebfedea0SLionel Sambuc * the client's address list when communicating with the KDC.
1149ebfedea0SLionel Sambuc *
1150ebfedea0SLionel Sambuc * @param context Kerberos 5 context.
1151ebfedea0SLionel Sambuc * @param addresses addreses to set
1152ebfedea0SLionel Sambuc *
1153ebfedea0SLionel Sambuc * @return Returns 0 to indicate success. Otherwise an kerberos et
1154ebfedea0SLionel Sambuc * error code is returned, see krb5_get_error_message().
1155ebfedea0SLionel Sambuc *
1156ebfedea0SLionel Sambuc * @ingroup krb5
1157ebfedea0SLionel Sambuc */
1158ebfedea0SLionel Sambuc
1159ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_extra_addresses(krb5_context context,krb5_addresses * addresses)1160ebfedea0SLionel Sambuc krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses)
1161ebfedea0SLionel Sambuc {
1162ebfedea0SLionel Sambuc if(context->extra_addresses == NULL) {
1163ebfedea0SLionel Sambuc memset(addresses, 0, sizeof(*addresses));
1164ebfedea0SLionel Sambuc return 0;
1165ebfedea0SLionel Sambuc }
1166ebfedea0SLionel Sambuc return krb5_copy_addresses(context,context->extra_addresses, addresses);
1167ebfedea0SLionel Sambuc }
1168ebfedea0SLionel Sambuc
1169ebfedea0SLionel Sambuc /**
1170ebfedea0SLionel Sambuc * Add extra addresses to ignore when fetching addresses from the
1171ebfedea0SLionel Sambuc * underlaying operating system.
1172ebfedea0SLionel Sambuc *
1173ebfedea0SLionel Sambuc * @param context Kerberos 5 context.
1174ebfedea0SLionel Sambuc * @param addresses addreses to ignore
1175ebfedea0SLionel Sambuc *
1176ebfedea0SLionel Sambuc * @return Returns 0 to indicate success. Otherwise an kerberos et
1177ebfedea0SLionel Sambuc * error code is returned, see krb5_get_error_message().
1178ebfedea0SLionel Sambuc *
1179ebfedea0SLionel Sambuc * @ingroup krb5
1180ebfedea0SLionel Sambuc */
1181ebfedea0SLionel Sambuc
1182ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_add_ignore_addresses(krb5_context context,krb5_addresses * addresses)1183ebfedea0SLionel Sambuc krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses)
1184ebfedea0SLionel Sambuc {
1185ebfedea0SLionel Sambuc
1186ebfedea0SLionel Sambuc if(context->ignore_addresses)
1187ebfedea0SLionel Sambuc return krb5_append_addresses(context,
1188ebfedea0SLionel Sambuc context->ignore_addresses, addresses);
1189ebfedea0SLionel Sambuc else
1190ebfedea0SLionel Sambuc return krb5_set_ignore_addresses(context, addresses);
1191ebfedea0SLionel Sambuc }
1192ebfedea0SLionel Sambuc
1193ebfedea0SLionel Sambuc /**
1194ebfedea0SLionel Sambuc * Set extra addresses to ignore when fetching addresses from the
1195ebfedea0SLionel Sambuc * underlaying operating system.
1196ebfedea0SLionel Sambuc *
1197ebfedea0SLionel Sambuc * @param context Kerberos 5 context.
1198ebfedea0SLionel Sambuc * @param addresses addreses to ignore
1199ebfedea0SLionel Sambuc *
1200ebfedea0SLionel Sambuc * @return Returns 0 to indicate success. Otherwise an kerberos et
1201ebfedea0SLionel Sambuc * error code is returned, see krb5_get_error_message().
1202ebfedea0SLionel Sambuc *
1203ebfedea0SLionel Sambuc * @ingroup krb5
1204ebfedea0SLionel Sambuc */
1205ebfedea0SLionel Sambuc
1206ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_ignore_addresses(krb5_context context,const krb5_addresses * addresses)1207ebfedea0SLionel Sambuc krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses)
1208ebfedea0SLionel Sambuc {
1209ebfedea0SLionel Sambuc if(context->ignore_addresses)
1210ebfedea0SLionel Sambuc krb5_free_addresses(context, context->ignore_addresses);
1211ebfedea0SLionel Sambuc if(addresses == NULL) {
1212ebfedea0SLionel Sambuc if(context->ignore_addresses != NULL) {
1213ebfedea0SLionel Sambuc free(context->ignore_addresses);
1214ebfedea0SLionel Sambuc context->ignore_addresses = NULL;
1215ebfedea0SLionel Sambuc }
1216ebfedea0SLionel Sambuc return 0;
1217ebfedea0SLionel Sambuc }
1218ebfedea0SLionel Sambuc if(context->ignore_addresses == NULL) {
1219ebfedea0SLionel Sambuc context->ignore_addresses = malloc(sizeof(*context->ignore_addresses));
1220ebfedea0SLionel Sambuc if(context->ignore_addresses == NULL) {
1221ebfedea0SLionel Sambuc krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
1222ebfedea0SLionel Sambuc return ENOMEM;
1223ebfedea0SLionel Sambuc }
1224ebfedea0SLionel Sambuc }
1225ebfedea0SLionel Sambuc return krb5_copy_addresses(context, addresses, context->ignore_addresses);
1226ebfedea0SLionel Sambuc }
1227ebfedea0SLionel Sambuc
1228ebfedea0SLionel Sambuc /**
1229ebfedea0SLionel Sambuc * Get extra addresses to ignore when fetching addresses from the
1230ebfedea0SLionel Sambuc * underlaying operating system.
1231ebfedea0SLionel Sambuc *
1232ebfedea0SLionel Sambuc * @param context Kerberos 5 context.
1233ebfedea0SLionel Sambuc * @param addresses list addreses ignored
1234ebfedea0SLionel Sambuc *
1235ebfedea0SLionel Sambuc * @return Returns 0 to indicate success. Otherwise an kerberos et
1236ebfedea0SLionel Sambuc * error code is returned, see krb5_get_error_message().
1237ebfedea0SLionel Sambuc *
1238ebfedea0SLionel Sambuc * @ingroup krb5
1239ebfedea0SLionel Sambuc */
1240ebfedea0SLionel Sambuc
1241ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_ignore_addresses(krb5_context context,krb5_addresses * addresses)1242ebfedea0SLionel Sambuc krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses)
1243ebfedea0SLionel Sambuc {
1244ebfedea0SLionel Sambuc if(context->ignore_addresses == NULL) {
1245ebfedea0SLionel Sambuc memset(addresses, 0, sizeof(*addresses));
1246ebfedea0SLionel Sambuc return 0;
1247ebfedea0SLionel Sambuc }
1248ebfedea0SLionel Sambuc return krb5_copy_addresses(context, context->ignore_addresses, addresses);
1249ebfedea0SLionel Sambuc }
1250ebfedea0SLionel Sambuc
1251ebfedea0SLionel Sambuc /**
1252ebfedea0SLionel Sambuc * Set version of fcache that the library should use.
1253ebfedea0SLionel Sambuc *
1254ebfedea0SLionel Sambuc * @param context Kerberos 5 context.
1255ebfedea0SLionel Sambuc * @param version version number.
1256ebfedea0SLionel Sambuc *
1257ebfedea0SLionel Sambuc * @return Returns 0 to indicate success. Otherwise an kerberos et
1258ebfedea0SLionel Sambuc * error code is returned, see krb5_get_error_message().
1259ebfedea0SLionel Sambuc *
1260ebfedea0SLionel Sambuc * @ingroup krb5
1261ebfedea0SLionel Sambuc */
1262ebfedea0SLionel Sambuc
1263ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_fcache_version(krb5_context context,int version)1264ebfedea0SLionel Sambuc krb5_set_fcache_version(krb5_context context, int version)
1265ebfedea0SLionel Sambuc {
1266ebfedea0SLionel Sambuc context->fcache_vno = version;
1267ebfedea0SLionel Sambuc return 0;
1268ebfedea0SLionel Sambuc }
1269ebfedea0SLionel Sambuc
1270ebfedea0SLionel Sambuc /**
1271ebfedea0SLionel Sambuc * Get version of fcache that the library should use.
1272ebfedea0SLionel Sambuc *
1273ebfedea0SLionel Sambuc * @param context Kerberos 5 context.
1274ebfedea0SLionel Sambuc * @param version version number.
1275ebfedea0SLionel Sambuc *
1276ebfedea0SLionel Sambuc * @return Returns 0 to indicate success. Otherwise an kerberos et
1277ebfedea0SLionel Sambuc * error code is returned, see krb5_get_error_message().
1278ebfedea0SLionel Sambuc *
1279ebfedea0SLionel Sambuc * @ingroup krb5
1280ebfedea0SLionel Sambuc */
1281ebfedea0SLionel Sambuc
1282ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_fcache_version(krb5_context context,int * version)1283ebfedea0SLionel Sambuc krb5_get_fcache_version(krb5_context context, int *version)
1284ebfedea0SLionel Sambuc {
1285ebfedea0SLionel Sambuc *version = context->fcache_vno;
1286ebfedea0SLionel Sambuc return 0;
1287ebfedea0SLionel Sambuc }
1288ebfedea0SLionel Sambuc
1289ebfedea0SLionel Sambuc /**
1290ebfedea0SLionel Sambuc * Runtime check if the Kerberos library was complied with thread support.
1291ebfedea0SLionel Sambuc *
1292ebfedea0SLionel Sambuc * @return TRUE if the library was compiled with thread support, FALSE if not.
1293ebfedea0SLionel Sambuc *
1294ebfedea0SLionel Sambuc * @ingroup krb5
1295ebfedea0SLionel Sambuc */
1296ebfedea0SLionel Sambuc
1297ebfedea0SLionel Sambuc
1298ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_is_thread_safe(void)1299ebfedea0SLionel Sambuc krb5_is_thread_safe(void)
1300ebfedea0SLionel Sambuc {
1301ebfedea0SLionel Sambuc #ifdef ENABLE_PTHREAD_SUPPORT
1302ebfedea0SLionel Sambuc return TRUE;
1303ebfedea0SLionel Sambuc #else
1304ebfedea0SLionel Sambuc return FALSE;
1305ebfedea0SLionel Sambuc #endif
1306ebfedea0SLionel Sambuc }
1307ebfedea0SLionel Sambuc
1308ebfedea0SLionel Sambuc /**
1309ebfedea0SLionel Sambuc * Set if the library should use DNS to canonicalize hostnames.
1310ebfedea0SLionel Sambuc *
1311ebfedea0SLionel Sambuc * @param context Kerberos 5 context.
1312ebfedea0SLionel Sambuc * @param flag if its dns canonicalizion is used or not.
1313ebfedea0SLionel Sambuc *
1314ebfedea0SLionel Sambuc * @ingroup krb5
1315ebfedea0SLionel Sambuc */
1316ebfedea0SLionel Sambuc
1317ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_set_dns_canonicalize_hostname(krb5_context context,krb5_boolean flag)1318ebfedea0SLionel Sambuc krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag)
1319ebfedea0SLionel Sambuc {
1320ebfedea0SLionel Sambuc if (flag)
1321ebfedea0SLionel Sambuc context->flags |= KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME;
1322ebfedea0SLionel Sambuc else
1323ebfedea0SLionel Sambuc context->flags &= ~KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME;
1324ebfedea0SLionel Sambuc }
1325ebfedea0SLionel Sambuc
1326ebfedea0SLionel Sambuc /**
1327ebfedea0SLionel Sambuc * Get if the library uses DNS to canonicalize hostnames.
1328ebfedea0SLionel Sambuc *
1329ebfedea0SLionel Sambuc * @param context Kerberos 5 context.
1330ebfedea0SLionel Sambuc *
1331ebfedea0SLionel Sambuc * @return return non zero if the library uses DNS to canonicalize hostnames.
1332ebfedea0SLionel Sambuc *
1333ebfedea0SLionel Sambuc * @ingroup krb5
1334ebfedea0SLionel Sambuc */
1335ebfedea0SLionel Sambuc
1336ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_get_dns_canonicalize_hostname(krb5_context context)1337ebfedea0SLionel Sambuc krb5_get_dns_canonicalize_hostname (krb5_context context)
1338ebfedea0SLionel Sambuc {
1339ebfedea0SLionel Sambuc return (context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) ? 1 : 0;
1340ebfedea0SLionel Sambuc }
1341ebfedea0SLionel Sambuc
1342ebfedea0SLionel Sambuc /**
1343ebfedea0SLionel Sambuc * Get current offset in time to the KDC.
1344ebfedea0SLionel Sambuc *
1345ebfedea0SLionel Sambuc * @param context Kerberos 5 context.
1346ebfedea0SLionel Sambuc * @param sec seconds part of offset.
1347ebfedea0SLionel Sambuc * @param usec micro seconds part of offset.
1348ebfedea0SLionel Sambuc *
1349ebfedea0SLionel Sambuc * @return returns zero
1350ebfedea0SLionel Sambuc *
1351ebfedea0SLionel Sambuc * @ingroup krb5
1352ebfedea0SLionel Sambuc */
1353ebfedea0SLionel Sambuc
1354ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_kdc_sec_offset(krb5_context context,int32_t * sec,int32_t * usec)1355ebfedea0SLionel Sambuc krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec)
1356ebfedea0SLionel Sambuc {
1357ebfedea0SLionel Sambuc if (sec)
1358ebfedea0SLionel Sambuc *sec = context->kdc_sec_offset;
1359ebfedea0SLionel Sambuc if (usec)
1360ebfedea0SLionel Sambuc *usec = context->kdc_usec_offset;
1361ebfedea0SLionel Sambuc return 0;
1362ebfedea0SLionel Sambuc }
1363ebfedea0SLionel Sambuc
1364ebfedea0SLionel Sambuc /**
1365ebfedea0SLionel Sambuc * Set current offset in time to the KDC.
1366ebfedea0SLionel Sambuc *
1367ebfedea0SLionel Sambuc * @param context Kerberos 5 context.
1368ebfedea0SLionel Sambuc * @param sec seconds part of offset.
1369ebfedea0SLionel Sambuc * @param usec micro seconds part of offset.
1370ebfedea0SLionel Sambuc *
1371ebfedea0SLionel Sambuc * @return returns zero
1372ebfedea0SLionel Sambuc *
1373ebfedea0SLionel Sambuc * @ingroup krb5
1374ebfedea0SLionel Sambuc */
1375ebfedea0SLionel Sambuc
1376ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_kdc_sec_offset(krb5_context context,int32_t sec,int32_t usec)1377ebfedea0SLionel Sambuc krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec)
1378ebfedea0SLionel Sambuc {
1379ebfedea0SLionel Sambuc context->kdc_sec_offset = sec;
1380ebfedea0SLionel Sambuc if (usec >= 0)
1381ebfedea0SLionel Sambuc context->kdc_usec_offset = usec;
1382ebfedea0SLionel Sambuc return 0;
1383ebfedea0SLionel Sambuc }
1384ebfedea0SLionel Sambuc
1385ebfedea0SLionel Sambuc /**
1386ebfedea0SLionel Sambuc * Get max time skew allowed.
1387ebfedea0SLionel Sambuc *
1388ebfedea0SLionel Sambuc * @param context Kerberos 5 context.
1389ebfedea0SLionel Sambuc *
1390ebfedea0SLionel Sambuc * @return timeskew in seconds.
1391ebfedea0SLionel Sambuc *
1392ebfedea0SLionel Sambuc * @ingroup krb5
1393ebfedea0SLionel Sambuc */
1394ebfedea0SLionel Sambuc
1395ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL
krb5_get_max_time_skew(krb5_context context)1396ebfedea0SLionel Sambuc krb5_get_max_time_skew (krb5_context context)
1397ebfedea0SLionel Sambuc {
1398ebfedea0SLionel Sambuc return context->max_skew;
1399ebfedea0SLionel Sambuc }
1400ebfedea0SLionel Sambuc
1401ebfedea0SLionel Sambuc /**
1402ebfedea0SLionel Sambuc * Set max time skew allowed.
1403ebfedea0SLionel Sambuc *
1404ebfedea0SLionel Sambuc * @param context Kerberos 5 context.
1405ebfedea0SLionel Sambuc * @param t timeskew in seconds.
1406ebfedea0SLionel Sambuc *
1407ebfedea0SLionel Sambuc * @ingroup krb5
1408ebfedea0SLionel Sambuc */
1409ebfedea0SLionel Sambuc
1410ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_set_max_time_skew(krb5_context context,time_t t)1411ebfedea0SLionel Sambuc krb5_set_max_time_skew (krb5_context context, time_t t)
1412ebfedea0SLionel Sambuc {
1413ebfedea0SLionel Sambuc context->max_skew = t;
1414ebfedea0SLionel Sambuc }
1415ebfedea0SLionel Sambuc
1416*0a6a1f1dSLionel Sambuc /*
1417ebfedea0SLionel Sambuc * Init encryption types in len, val with etypes.
1418ebfedea0SLionel Sambuc *
1419ebfedea0SLionel Sambuc * @param context Kerberos 5 context.
1420*0a6a1f1dSLionel Sambuc * @param pdu_type type of pdu
1421ebfedea0SLionel Sambuc * @param len output length of val.
1422ebfedea0SLionel Sambuc * @param val output array of enctypes.
1423ebfedea0SLionel Sambuc * @param etypes etypes to set val and len to, if NULL, use default enctypes.
1424ebfedea0SLionel Sambuc
1425ebfedea0SLionel Sambuc * @return Returns 0 to indicate success. Otherwise an kerberos et
1426ebfedea0SLionel Sambuc * error code is returned, see krb5_get_error_message().
1427ebfedea0SLionel Sambuc *
1428ebfedea0SLionel Sambuc * @ingroup krb5
1429ebfedea0SLionel Sambuc */
1430ebfedea0SLionel Sambuc
1431ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_init_etype(krb5_context context,krb5_pdu pdu_type,unsigned * len,krb5_enctype ** val,const krb5_enctype * etypes)1432*0a6a1f1dSLionel Sambuc _krb5_init_etype(krb5_context context,
1433*0a6a1f1dSLionel Sambuc krb5_pdu pdu_type,
1434ebfedea0SLionel Sambuc unsigned *len,
1435ebfedea0SLionel Sambuc krb5_enctype **val,
1436ebfedea0SLionel Sambuc const krb5_enctype *etypes)
1437ebfedea0SLionel Sambuc {
1438ebfedea0SLionel Sambuc krb5_error_code ret;
1439ebfedea0SLionel Sambuc
1440*0a6a1f1dSLionel Sambuc if (etypes == NULL)
1441*0a6a1f1dSLionel Sambuc ret = krb5_get_default_in_tkt_etypes(context, pdu_type, val);
1442*0a6a1f1dSLionel Sambuc else
1443*0a6a1f1dSLionel Sambuc ret = copy_enctypes(context, etypes, val);
1444ebfedea0SLionel Sambuc if (ret)
1445ebfedea0SLionel Sambuc return ret;
1446ebfedea0SLionel Sambuc
1447*0a6a1f1dSLionel Sambuc if (len) {
1448*0a6a1f1dSLionel Sambuc *len = 0;
1449*0a6a1f1dSLionel Sambuc while ((*val)[*len] != KRB5_ENCTYPE_NULL)
1450*0a6a1f1dSLionel Sambuc (*len)++;
1451ebfedea0SLionel Sambuc }
1452*0a6a1f1dSLionel Sambuc return 0;
1453ebfedea0SLionel Sambuc }
1454ebfedea0SLionel Sambuc
1455ebfedea0SLionel Sambuc /*
1456ebfedea0SLionel Sambuc * Allow homedir accces
1457ebfedea0SLionel Sambuc */
1458ebfedea0SLionel Sambuc
1459ebfedea0SLionel Sambuc static HEIMDAL_MUTEX homedir_mutex = HEIMDAL_MUTEX_INITIALIZER;
1460ebfedea0SLionel Sambuc static krb5_boolean allow_homedir = TRUE;
1461ebfedea0SLionel Sambuc
1462ebfedea0SLionel Sambuc krb5_boolean
_krb5_homedir_access(krb5_context context)1463ebfedea0SLionel Sambuc _krb5_homedir_access(krb5_context context)
1464ebfedea0SLionel Sambuc {
1465ebfedea0SLionel Sambuc krb5_boolean allow;
1466ebfedea0SLionel Sambuc
1467ebfedea0SLionel Sambuc #ifdef HAVE_GETEUID
1468ebfedea0SLionel Sambuc /* is never allowed for root */
1469ebfedea0SLionel Sambuc if (geteuid() == 0)
1470ebfedea0SLionel Sambuc return FALSE;
1471ebfedea0SLionel Sambuc #endif
1472ebfedea0SLionel Sambuc
1473ebfedea0SLionel Sambuc if (context && (context->flags & KRB5_CTX_F_HOMEDIR_ACCESS) == 0)
1474ebfedea0SLionel Sambuc return FALSE;
1475ebfedea0SLionel Sambuc
1476ebfedea0SLionel Sambuc HEIMDAL_MUTEX_lock(&homedir_mutex);
1477ebfedea0SLionel Sambuc allow = allow_homedir;
1478ebfedea0SLionel Sambuc HEIMDAL_MUTEX_unlock(&homedir_mutex);
1479ebfedea0SLionel Sambuc return allow;
1480ebfedea0SLionel Sambuc }
1481ebfedea0SLionel Sambuc
1482ebfedea0SLionel Sambuc /**
1483ebfedea0SLionel Sambuc * Enable and disable home directory access on either the global state
1484ebfedea0SLionel Sambuc * or the krb5_context state. By calling krb5_set_home_dir_access()
1485ebfedea0SLionel Sambuc * with context set to NULL, the global state is configured otherwise
1486ebfedea0SLionel Sambuc * the state for the krb5_context is modified.
1487ebfedea0SLionel Sambuc *
1488ebfedea0SLionel Sambuc * For home directory access to be allowed, both the global state and
1489ebfedea0SLionel Sambuc * the krb5_context state have to be allowed.
1490ebfedea0SLionel Sambuc *
1491ebfedea0SLionel Sambuc * Administrator (root user), never uses the home directory.
1492ebfedea0SLionel Sambuc *
1493ebfedea0SLionel Sambuc * @param context a Kerberos 5 context or NULL
1494ebfedea0SLionel Sambuc * @param allow allow if TRUE home directory
1495ebfedea0SLionel Sambuc * @return the old value
1496ebfedea0SLionel Sambuc *
1497ebfedea0SLionel Sambuc * @ingroup krb5
1498ebfedea0SLionel Sambuc */
1499ebfedea0SLionel Sambuc
1500ebfedea0SLionel Sambuc KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_set_home_dir_access(krb5_context context,krb5_boolean allow)1501ebfedea0SLionel Sambuc krb5_set_home_dir_access(krb5_context context, krb5_boolean allow)
1502ebfedea0SLionel Sambuc {
1503ebfedea0SLionel Sambuc krb5_boolean old;
1504ebfedea0SLionel Sambuc if (context) {
1505ebfedea0SLionel Sambuc old = (context->flags & KRB5_CTX_F_HOMEDIR_ACCESS) ? TRUE : FALSE;
1506ebfedea0SLionel Sambuc if (allow)
1507ebfedea0SLionel Sambuc context->flags |= KRB5_CTX_F_HOMEDIR_ACCESS;
1508ebfedea0SLionel Sambuc else
1509ebfedea0SLionel Sambuc context->flags &= ~KRB5_CTX_F_HOMEDIR_ACCESS;
1510ebfedea0SLionel Sambuc } else {
1511ebfedea0SLionel Sambuc HEIMDAL_MUTEX_lock(&homedir_mutex);
1512ebfedea0SLionel Sambuc old = allow_homedir;
1513ebfedea0SLionel Sambuc allow_homedir = allow;
1514ebfedea0SLionel Sambuc HEIMDAL_MUTEX_unlock(&homedir_mutex);
1515ebfedea0SLionel Sambuc }
1516ebfedea0SLionel Sambuc
1517ebfedea0SLionel Sambuc return old;
1518ebfedea0SLionel Sambuc }
1519