2 Unix SMB/CIFS implementation.
3 kerberos locator plugin
4 Copyright (C) Guenther Deschner 2007-2008
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 #include "nsswitch/winbind_client.h"
21 #include "libwbclient/wbclient.h"
27 #if defined(HAVE_KRB5) && defined(HAVE_KRB5_LOCATE_PLUGIN_H)
34 #include <krb5/locate_plugin.h>
36 #ifndef KRB5_PLUGIN_NO_HANDLE
37 #define KRB5_PLUGIN_NO_HANDLE KRB5_KDC_UNREACH /* Heimdal */
40 static const char *get_service_from_locate_service_type(enum locate_service_type svc)
43 case locate_service_kdc:
44 case locate_service_master_kdc:
46 case locate_service_kadmin:
47 case locate_service_krb524:
50 case locate_service_kpasswd:
60 static const char *locate_service_type_name(enum locate_service_type svc)
63 case locate_service_kdc:
64 return "locate_service_kdc";
65 case locate_service_master_kdc:
66 return "locate_service_master_kdc";
67 case locate_service_kadmin:
68 return "locate_service_kadmin";
69 case locate_service_krb524:
70 return "locate_service_krb524";
71 case locate_service_kpasswd:
72 return "locate_service_kpasswd";
79 static const char *socktype_name(int socktype)
92 static const char *family_name(int family)
99 #if defined(HAVE_IPV6)
111 * Check input parameters, return KRB5_PLUGIN_NO_HANDLE for unsupported ones
114 * @param realm string
115 * @param socktype integer
116 * @param family integer
121 static int smb_krb5_locator_lookup_sanity_check(enum locate_service_type svc,
126 if (!realm || strlen(realm) == 0) {
131 case locate_service_kdc:
132 case locate_service_master_kdc:
133 case locate_service_kpasswd:
135 case locate_service_kadmin:
136 case locate_service_krb524:
137 return KRB5_PLUGIN_NO_HANDLE;
146 #if defined(HAVE_IPV6)
157 case 0: /* Heimdal uses that */
167 * Try to get addrinfo for a given host and call the krb5 callback
170 * @param service string
171 * @param in struct addrinfo hint
172 * @param cbfunc krb5 callback function
173 * @param cbdata void pointer cbdata
175 * @return krb5_error_code.
178 static krb5_error_code smb_krb5_locator_call_cbfunc(const char *name,
181 int (*cbfunc)(void *, int, struct sockaddr *),
184 struct addrinfo *out = NULL;
190 ret = getaddrinfo(name, service, in, &out);
195 if (ret == EAI_AGAIN) {
201 fprintf(stderr, "[%5u]: smb_krb5_locator_lookup: "
202 "getaddrinfo failed: %s (%d)\n",
203 (unsigned int)getpid(), gai_strerror(ret), ret);
206 return KRB5_PLUGIN_NO_HANDLE;
209 ret = cbfunc(cbdata, out->ai_socktype, out->ai_addr);
212 fprintf(stderr, "[%5u]: smb_krb5_locator_lookup: "
213 "failed to call callback: %s (%d)\n",
214 (unsigned int)getpid(), error_message(ret), ret);
223 * PUBLIC INTERFACE: locate init
225 * @param context krb5_context
226 * @param privata_data pointer to private data pointer
228 * @return krb5_error_code.
231 static krb5_error_code smb_krb5_locator_init(krb5_context context,
238 * PUBLIC INTERFACE: close locate
240 * @param private_data pointer to private data
245 static void smb_krb5_locator_close(void *private_data)
251 static bool ask_winbind(const char *realm, char **dcname)
254 const char *dc = NULL;
255 struct wbcDomainControllerInfoEx *dc_info = NULL;
258 flags = WBC_LOOKUP_DC_KDC_REQUIRED |
259 WBC_LOOKUP_DC_IS_DNS_NAME |
260 WBC_LOOKUP_DC_RETURN_DNS_NAME |
261 WBC_LOOKUP_DC_IP_REQUIRED;
263 wbc_status = wbcLookupDomainControllerEx(realm, NULL, NULL, flags, &dc_info);
265 if (!WBC_ERROR_IS_OK(wbc_status)) {
267 fprintf(stderr,"[%5u]: smb_krb5_locator_lookup: failed with: %s\n",
268 (unsigned int)getpid(), wbcErrorString(wbc_status));
273 if (dc_info->dc_address) {
274 dc = dc_info->dc_address;
275 if (dc[0] == '\\') dc++;
276 if (dc[0] == '\\') dc++;
279 if (!dc && dc_info->dc_unc) {
280 dc = dc_info->dc_unc;
281 if (dc[0] == '\\') dc++;
282 if (dc[0] == '\\') dc++;
286 wbcFreeMemory(dc_info);
290 *dcname = strdup(dc);
292 wbcFreeMemory(dc_info);
296 wbcFreeMemory(dc_info);
301 * PUBLIC INTERFACE: locate lookup
303 * @param private_data pointer to private data
304 * @param svc enum locate_service_type.
305 * @param realm string
306 * @param socktype integer
307 * @param family integer
308 * @param cbfunc callback function to send back entries
309 * @param cbdata void pointer to cbdata
311 * @return krb5_error_code.
314 static krb5_error_code smb_krb5_locator_lookup(void *private_data,
315 enum locate_service_type svc,
319 int (*cbfunc)(void *, int, struct sockaddr *),
323 struct addrinfo aihints;
324 char *kdc_name = NULL;
325 const char *service = get_service_from_locate_service_type(svc);
327 ZERO_STRUCT(aihints);
330 fprintf(stderr,"[%5u]: smb_krb5_locator_lookup: called for '%s' "
332 "socktype: '%s' (%d), family: '%s' (%d)\n",
333 (unsigned int)getpid(), realm,
334 locate_service_type_name(svc), svc,
335 socktype_name(socktype), socktype,
336 family_name(family), family);
338 ret = smb_krb5_locator_lookup_sanity_check(svc, realm, socktype,
342 fprintf(stderr, "[%5u]: smb_krb5_locator_lookup: "
343 "returning ret: %s (%d)\n",
344 (unsigned int)getpid(), error_message(ret), ret);
349 if (!winbind_env_set()) {
350 if (!ask_winbind(realm, &kdc_name)) {
352 fprintf(stderr, "[%5u]: smb_krb5_locator_lookup: "
353 "failed to query winbindd\n",
354 (unsigned int)getpid());
359 const char *env = NULL;
361 if (asprintf(&var, "%s_%s",
362 WINBINDD_LOCATOR_KDC_ADDRESS, realm) == -1) {
368 fprintf(stderr, "[%5u]: smb_krb5_locator_lookup: "
369 "failed to get kdc from env %s\n",
370 (unsigned int)getpid(), var);
377 kdc_name = strdup(env);
383 fprintf(stderr, "[%5u]: smb_krb5_locator_lookup: "
384 "got '%s' for '%s' from winbindd\n", (unsigned int)getpid(),
388 aihints.ai_family = family;
389 aihints.ai_socktype = socktype;
391 ret = smb_krb5_locator_call_cbfunc(kdc_name,
400 return KRB5_PLUGIN_NO_HANDLE;
403 #ifdef HEIMDAL_KRB5_LOCATE_PLUGIN_H
404 #define SMB_KRB5_LOCATOR_SYMBOL_NAME resolve /* Heimdal */
406 #define SMB_KRB5_LOCATOR_SYMBOL_NAME service_locator /* MIT */
409 const krb5plugin_service_locate_ftable SMB_KRB5_LOCATOR_SYMBOL_NAME = {
411 smb_krb5_locator_init,
412 smb_krb5_locator_close,
413 smb_krb5_locator_lookup,