2 * Copyright (c) 2001 - 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 #include "krb5_locl.h"
38 #include "locate_plugin.h"
41 string_to_proto(const char *string)
43 if(strcasecmp(string, "udp") == 0)
44 return KRB5_KRBHST_UDP;
45 else if(strcasecmp(string, "tcp") == 0)
46 return KRB5_KRBHST_TCP;
47 else if(strcasecmp(string, "http") == 0)
48 return KRB5_KRBHST_HTTP;
53 is_invalid_tld_srv_target(const char *target)
55 return (strncmp("your-dns-needs-immediate-attention.",
57 && strchr(&target[35], '.') == NULL);
61 * set `res' and `count' to the result of looking up SRV RR in DNS for
62 * `proto', `proto', `realm' using `dns_type'.
63 * if `port' != 0, force that port number
66 static krb5_error_code
67 srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count,
68 const char *realm, const char *dns_type, const char *sitename,
69 const char *proto, const char *service, int port)
72 struct rk_dns_reply *r;
73 struct rk_resource_record *rr;
81 proto_num = string_to_proto(proto);
83 krb5_set_error_message(context, EINVAL,
84 N_("unknown protocol `%s' to lookup", ""),
89 if(proto_num == KRB5_KRBHST_HTTP)
90 def_port = ntohs(krb5_getportbyname (context, "http", "tcp", 80));
92 def_port = ntohs(krb5_getportbyname (context, service, proto, 88));
97 snprintf(domain, sizeof(domain), "_%s._%s.%s._sites.%s.",
98 service, proto, sitename, realm);
100 snprintf(domain, sizeof(domain), "_%s._%s.%s.", service, proto, realm);
102 r = rk_dns_lookup(domain, dns_type);
104 _krb5_debug(context, 0,
105 "DNS lookup failed domain: %s", domain);
106 return KRB5_KDC_UNREACH;
109 for(num_srv = 0, rr = r->head; rr; rr = rr->next)
110 if(rr->type == rk_ns_t_srv)
113 *res = malloc(num_srv * sizeof(**res));
116 return krb5_enomem(context);
121 for(num_srv = 0, rr = r->head; rr; rr = rr->next)
122 if(rr->type == rk_ns_t_srv) {
123 krb5_krbhst_info *hi = NULL;
127 /* Test for top-level domain controlled interruptions */
128 if (!is_invalid_tld_srv_target(rr->u.srv->target)) {
130 len = strlen(rr->u.srv->target);
131 hi = calloc(1, sizeof(*hi) + len);
135 while(--num_srv >= 0)
136 free((*res)[num_srv]);
141 "Domain lookup failed: "
142 "Realm %s needs immediate attention "
143 "see https://icann.org/namecollision",
145 return KRB5_KDC_UNREACH;
147 return krb5_enomem(context);
149 (*res)[num_srv++] = hi;
151 hi->proto = proto_num;
153 hi->def_port = def_port;
157 hi->port = rr->u.srv->port;
159 strlcpy(hi->hostname, rr->u.srv->target, len + 1);
169 struct krb5_krbhst_data {
170 const char *config_param;
171 const char *srv_label;
175 int port; /* hardwired port number if != 0 */
176 #define KD_CONFIG 0x0001
177 #define KD_SRV_UDP 0x0002
178 #define KD_SRV_TCP 0x0004
179 #define KD_SITE_SRV_UDP 0x0008
180 #define KD_SITE_SRV_TCP 0x0010
181 #define KD_SRV_HTTP 0x0020
182 #define KD_SRV_KKDCP 0x0040
183 #define KD_FALLBACK 0x0080
184 #define KD_CONFIG_EXISTS 0x0100
185 #define KD_LARGE_MSG 0x0200
186 #define KD_PLUGIN 0x0400
187 #define KD_HOSTNAMES 0x0800
188 krb5_error_code (*get_next)(krb5_context, struct krb5_krbhst_data *,
193 unsigned int fallback_count;
195 struct krb5_krbhst_info *hosts, **index, **end;
199 krbhst_empty(const struct krb5_krbhst_data *kd)
201 return kd->index == &kd->hosts;
205 * Return the default protocol for the `kd' (either TCP or UDP)
209 krbhst_get_default_proto(struct krb5_krbhst_data *kd)
211 if (kd->flags & KD_LARGE_MSG)
212 return KRB5_KRBHST_TCP;
213 return KRB5_KRBHST_UDP;
217 krbhst_get_default_port(struct krb5_krbhst_data *kd)
226 KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL
227 _krb5_krbhst_get_realm(krb5_krbhst_handle handle)
229 return handle->realm;
233 * parse `spec' into a krb5_krbhst_info, defaulting the port to `def_port'
234 * and forcing it to `port' if port != 0
237 static struct krb5_krbhst_info*
238 parse_hostspec(krb5_context context, struct krb5_krbhst_data *kd,
239 const char *spec, int def_port, int port)
241 const char *p = spec, *q;
242 struct krb5_krbhst_info *hi;
244 hi = calloc(1, sizeof(*hi) + strlen(spec));
248 hi->proto = krbhst_get_default_proto(kd);
250 if(strncmp(p, "http://", 7) == 0){
251 hi->proto = KRB5_KRBHST_HTTP;
253 } else if(strncmp(p, "http/", 5) == 0) {
254 hi->proto = KRB5_KRBHST_HTTP;
256 def_port = ntohs(krb5_getportbyname (context, "http", "tcp", 80));
257 }else if(strncmp(p, "tcp/", 4) == 0){
258 hi->proto = KRB5_KRBHST_TCP;
260 } else if(strncmp(p, "udp/", 4) == 0) {
261 hi->proto = KRB5_KRBHST_UDP;
265 if (p[0] == '[' && (q = strchr(p, ']')) != NULL) {
266 /* if address looks like [foo:bar] or [foo:bar]: its a ipv6
267 adress, strip of [] */
268 memcpy(hi->hostname, &p[1], q - p - 1);
269 hi->hostname[q - p - 1] = '\0';
274 } else if(strsep_copy(&p, ":", hi->hostname, strlen(spec) + 1) < 0) {
275 /* copy everything before : */
279 /* get rid of trailing /, and convert to lower case */
280 hi->hostname[strcspn(hi->hostname, "/")] = '\0';
281 strlwr(hi->hostname);
283 hi->port = hi->def_port = def_port;
284 if(p != NULL && p[0]) {
286 hi->port = strtol(p, &end, 0);
297 KRB5_LIB_FUNCTION void KRB5_LIB_CALL
298 _krb5_free_krbhst_info(krb5_krbhst_info *hi)
301 freeaddrinfo(hi->ai);
305 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
306 _krb5_krbhost_info_move(krb5_context context,
307 krb5_krbhst_info *from,
308 krb5_krbhst_info **to)
310 size_t hostnamelen = strlen(from->hostname);
311 /* trailing NUL is included in structure */
312 *to = calloc(1, sizeof(**to) + hostnamelen);
314 return krb5_enomem(context);
316 (*to)->proto = from->proto;
317 (*to)->port = from->port;
318 (*to)->def_port = from->def_port;
319 (*to)->ai = from->ai;
322 memcpy((*to)->hostname, from->hostname, hostnamelen + 1);
328 append_host_hostinfo(struct krb5_krbhst_data *kd, struct krb5_krbhst_info *host)
330 struct krb5_krbhst_info *h;
332 for(h = kd->hosts; h; h = h->next)
333 if(h->proto == host->proto &&
334 h->port == host->port &&
335 strcmp(h->hostname, host->hostname) == 0) {
336 _krb5_free_krbhst_info(host);
340 kd->end = &host->next;
343 static krb5_error_code
344 append_host_string(krb5_context context, struct krb5_krbhst_data *kd,
345 const char *host, int def_port, int port)
347 struct krb5_krbhst_info *hi;
349 hi = parse_hostspec(context, kd, host, def_port, port);
351 return krb5_enomem(context);
353 append_host_hostinfo(kd, hi);
358 * return a readable representation of `host' in `hostname, hostlen'
361 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
362 krb5_krbhst_format_string(krb5_context context, const krb5_krbhst_info *host,
363 char *hostname, size_t hostlen)
365 const char *proto = "";
366 if(host->proto == KRB5_KRBHST_TCP)
368 else if(host->proto == KRB5_KRBHST_HTTP)
370 if (host->port != host->def_port)
371 snprintf(hostname, hostlen, "%s%s:%d", proto, host->hostname, (int)host->port);
373 snprintf(hostname, hostlen, "%s%s", proto, host->hostname);
378 * create a getaddrinfo `hints' based on `proto'
382 make_hints(struct addrinfo *hints, int proto)
384 memset(hints, 0, sizeof(*hints));
385 hints->ai_family = AF_UNSPEC;
387 case KRB5_KRBHST_UDP :
388 hints->ai_socktype = SOCK_DGRAM;
390 case KRB5_KRBHST_HTTP :
391 case KRB5_KRBHST_TCP :
392 hints->ai_socktype = SOCK_STREAM;
398 * Return an `struct addrinfo *' for a KDC host.
400 * Returns an the struct addrinfo in in that corresponds to the
401 * information in `host'. free:ing is handled by krb5_krbhst_free, so
402 * the returned ai must not be released.
407 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
408 krb5_krbhst_get_addrinfo(krb5_context context, krb5_krbhst_info *host,
409 struct addrinfo **ai)
413 if (host->ai == NULL) {
414 struct addrinfo hints;
415 char portstr[NI_MAXSERV];
417 snprintf (portstr, sizeof(portstr), "%d", host->port);
418 make_hints(&hints, host->proto);
420 ret = getaddrinfo(host->hostname, portstr, &hints, &host->ai);
422 ret = krb5_eai_to_heim_errno(ret, errno);
432 get_next(struct krb5_krbhst_data *kd, krb5_krbhst_info **host)
434 struct krb5_krbhst_info *hi = *kd->index;
437 kd->index = &(*kd->index)->next;
444 srv_get_hosts(krb5_context context, struct krb5_krbhst_data *kd,
445 const char *sitename, const char *proto, const char *service)
448 krb5_krbhst_info **res;
451 if (krb5_realm_is_lkdc(kd->realm))
454 ret = srv_find_realm(context, &res, &count, kd->realm, "SRV",
455 sitename, proto, service, kd->port);
456 _krb5_debug(context, 2, "searching DNS for realm %s %s.%s -> %d",
457 kd->realm, proto, service, ret);
460 for(i = 0; i < count; i++)
461 append_host_hostinfo(kd, res[i]);
466 * read the configuration for `conf_string', defaulting to kd->def_port and
467 * forcing it to `kd->port' if kd->port != 0
471 config_get_hosts(krb5_context context, struct krb5_krbhst_data *kd,
472 const char *conf_string)
476 hostlist = krb5_config_get_strings(context, NULL,
477 "realms", kd->realm, conf_string, NULL);
479 _krb5_debug(context, 2, "configuration file for realm %s%s found",
480 kd->realm, hostlist ? "" : " not");
484 kd->flags |= KD_CONFIG_EXISTS;
485 for(i = 0; hostlist && hostlist[i] != NULL; i++)
486 append_host_string(context, kd, hostlist[i], kd->def_port, kd->port);
488 krb5_config_free_strings(hostlist);
492 * as a fallback, look for `serv_string.kd->realm' (typically
493 * kerberos.REALM, kerberos-1.REALM, ...
494 * `port' is the default port for the service, and `proto' the
498 static krb5_error_code
499 fallback_get_hosts(krb5_context context, struct krb5_krbhst_data *kd,
500 const char *serv_string, int port, int proto)
505 struct addrinfo hints;
506 char portstr[NI_MAXSERV];
508 ret = krb5_config_get_bool_default(context, NULL, KRB5_FALLBACK_DEFAULT,
509 "libdefaults", "use_fallback", NULL);
511 kd->flags |= KD_FALLBACK;
515 _krb5_debug(context, 2, "fallback lookup %d for realm %s (service %s)",
516 kd->fallback_count, kd->realm, serv_string);
519 * Don't try forever in case the DNS server keep returning us
520 * entries (like wildcard entries or the .nu TLD)
522 * Also don't try LKDC realms since fallback wont work on them at all.
524 if(kd->fallback_count >= 5 || krb5_realm_is_lkdc(kd->realm)) {
525 kd->flags |= KD_FALLBACK;
529 if(kd->fallback_count == 0)
530 ret = asprintf(&host, "%s.%s.", serv_string, kd->realm);
532 ret = asprintf(&host, "%s-%d.%s.",
533 serv_string, kd->fallback_count, kd->realm);
535 if (ret < 0 || host == NULL)
536 return krb5_enomem(context);
538 make_hints(&hints, proto);
539 snprintf(portstr, sizeof(portstr), "%d", port);
540 ret = getaddrinfo(host, portstr, &hints, &ai);
542 /* no more hosts, so we're done here */
544 kd->flags |= KD_FALLBACK;
546 struct krb5_krbhst_info *hi;
549 /* Check for ICANN gTLD Name Collision address (127.0.53.53) */
550 if (ai->ai_family == AF_INET) {
551 struct sockaddr_in *sin = (struct sockaddr_in *)ai->ai_addr;
552 if (sin->sin_addr.s_addr == htonl(0x7f003535)) {
554 "Fallback lookup failed: "
555 "Realm %s needs immediate attention "
556 "see https://icann.org/namecollision",
558 return KRB5_KDC_UNREACH;
562 hostlen = strlen(host);
563 hi = calloc(1, sizeof(*hi) + hostlen);
566 return krb5_enomem(context);
570 hi->port = hi->def_port = port;
572 memmove(hi->hostname, host, hostlen);
573 hi->hostname[hostlen] = '\0';
575 append_host_hostinfo(kd, hi);
576 kd->fallback_count++;
582 * Fetch hosts from plugin
585 static krb5_error_code
586 add_plugin_host(struct krb5_krbhst_data *kd,
592 struct krb5_krbhst_info *hi;
593 struct addrinfo hints, *ai;
597 make_hints(&hints, proto);
598 ret = getaddrinfo(host, port, &hints, &ai);
602 hostlen = strlen(host);
604 hi = calloc(1, sizeof(*hi) + hostlen);
611 hi->port = hi->def_port = portnum;
613 memmove(hi->hostname, host, hostlen);
614 hi->hostname[hostlen] = '\0';
615 append_host_hostinfo(kd, hi);
620 static krb5_error_code
621 add_locate(void *ctx, int type, struct sockaddr *addr)
623 struct krb5_krbhst_data *kd = ctx;
624 char host[NI_MAXHOST], port[NI_MAXSERV];
629 socklen = socket_sockaddr_size(addr);
630 portnum = socket_get_port(addr);
632 ret = getnameinfo(addr, socklen, host, sizeof(host), port, sizeof(port),
633 NI_NUMERICHOST|NI_NUMERICSERV);
638 snprintf(port, sizeof(port), "%d", kd->port);
639 else if (atoi(port) == 0)
640 snprintf(port, sizeof(port), "%d", krbhst_get_default_port(kd));
642 proto = krbhst_get_default_proto(kd);
644 ret = add_plugin_host(kd, host, port, portnum, proto);
649 * This is really kind of broken and should be solved a different
650 * way, some sites block UDP, and we don't, in the general case,
651 * fall back to TCP, that should also be done. But since that
652 * should require us to invert the whole "find kdc" stack, let put
656 if (proto == KRB5_KRBHST_UDP) {
657 ret = add_plugin_host(kd, host, port, portnum, KRB5_KRBHST_TCP);
666 enum locate_service_type type;
667 struct krb5_krbhst_data *kd;
671 static KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
672 plcallback(krb5_context context,
673 const void *plug, void *plugctx, void *userctx)
675 const krb5plugin_service_locate_ftable *locate = plug;
676 struct plctx *plctx = userctx;
678 if (locate->minor_version >= KRB5_PLUGIN_LOCATE_VERSION_2)
679 return locate->lookup(plugctx, plctx->flags, plctx->type, plctx->kd->realm, 0, 0, add_locate, plctx->kd);
681 if (plctx->flags & KRB5_PLF_ALLOW_HOMEDIR)
682 return locate->old_lookup(plugctx, plctx->type, plctx->kd->realm, 0, 0, add_locate, plctx->kd);
684 return KRB5_PLUGIN_NO_HANDLE;
687 static const char *locate_plugin_deps[] = { "krb5", NULL };
689 static struct heim_plugin_data
690 locate_plugin_data = {
693 KRB5_PLUGIN_LOCATE_VERSION_0,
699 plugin_get_hosts(krb5_context context,
700 struct krb5_krbhst_data *kd,
701 enum locate_service_type type)
703 struct plctx ctx = { type, kd, 0 };
705 if (_krb5_homedir_access(context))
706 ctx.flags |= KRB5_PLF_ALLOW_HOMEDIR;
708 _krb5_plugin_run_f(context, &locate_plugin_data,
709 0, &ctx, plcallback);
717 hostnames_get_hosts(krb5_context context,
718 struct krb5_krbhst_data *kd,
721 kd->flags |= KD_HOSTNAMES;
723 append_host_string(context, kd, kd->hostname, kd->def_port, kd->port);
731 static krb5_error_code
732 kdc_get_next(krb5_context context,
733 struct krb5_krbhst_data *kd,
734 krb5_krbhst_info **host)
738 if ((kd->flags & KD_HOSTNAMES) == 0) {
739 hostnames_get_hosts(context, kd, "kdc");
740 if(get_next(kd, host))
744 if ((kd->flags & KD_PLUGIN) == 0) {
745 plugin_get_hosts(context, kd, locate_service_kdc);
746 kd->flags |= KD_PLUGIN;
747 if(get_next(kd, host))
751 if((kd->flags & KD_CONFIG) == 0) {
752 config_get_hosts(context, kd, kd->config_param);
753 kd->flags |= KD_CONFIG;
754 if(get_next(kd, host))
758 if (kd->flags & KD_CONFIG_EXISTS) {
759 _krb5_debug(context, 1,
760 "Configuration exists for realm %s, wont go to DNS",
762 return KRB5_KDC_UNREACH;
765 if(context->srv_lookup) {
766 if(kd->sitename && (kd->flags & KD_SITE_SRV_TCP) == 0) {
767 srv_get_hosts(context, kd, kd->sitename, "tcp", "kerberos");
768 kd->flags |= KD_SITE_SRV_TCP;
769 if(get_next(kd, host))
773 if((kd->flags & KD_SRV_UDP) == 0 && (kd->flags & KD_LARGE_MSG) == 0) {
774 srv_get_hosts(context, kd, NULL, "udp", kd->srv_label);
775 kd->flags |= KD_SRV_UDP;
776 if(get_next(kd, host))
780 if((kd->flags & KD_SRV_TCP) == 0) {
781 srv_get_hosts(context, kd, NULL, "tcp", kd->srv_label);
782 kd->flags |= KD_SRV_TCP;
783 if(get_next(kd, host))
786 if((kd->flags & KD_SRV_HTTP) == 0) {
787 srv_get_hosts(context, kd, NULL, "http", kd->srv_label);
788 kd->flags |= KD_SRV_HTTP;
789 if(get_next(kd, host))
794 while((kd->flags & KD_FALLBACK) == 0) {
795 ret = fallback_get_hosts(context, kd, "kerberos",
797 krbhst_get_default_proto(kd));
800 if(get_next(kd, host))
804 _krb5_debug(context, 0, "No KDC entries found for %s", kd->realm);
806 return KRB5_KDC_UNREACH; /* XXX */
809 static krb5_error_code
810 admin_get_next(krb5_context context,
811 struct krb5_krbhst_data *kd,
812 krb5_krbhst_info **host)
816 if ((kd->flags & KD_PLUGIN) == 0) {
817 plugin_get_hosts(context, kd, locate_service_kadmin);
818 kd->flags |= KD_PLUGIN;
819 if(get_next(kd, host))
823 if((kd->flags & KD_CONFIG) == 0) {
824 config_get_hosts(context, kd, kd->config_param);
825 kd->flags |= KD_CONFIG;
826 if(get_next(kd, host))
830 if (kd->flags & KD_CONFIG_EXISTS) {
831 _krb5_debug(context, 1,
832 "Configuration exists for realm %s, wont go to DNS",
834 return KRB5_KDC_UNREACH;
837 if(context->srv_lookup) {
838 if((kd->flags & KD_SRV_TCP) == 0) {
839 srv_get_hosts(context, kd, NULL, "tcp", kd->srv_label);
840 kd->flags |= KD_SRV_TCP;
841 if(get_next(kd, host))
847 && (kd->flags & KD_FALLBACK) == 0) {
848 ret = fallback_get_hosts(context, kd, "kerberos",
850 krbhst_get_default_proto(kd));
853 kd->flags |= KD_FALLBACK;
854 if(get_next(kd, host))
858 _krb5_debug(context, 0, "No admin entries found for realm %s", kd->realm);
860 return KRB5_KDC_UNREACH; /* XXX */
863 static krb5_error_code
864 kpasswd_get_next(krb5_context context,
865 struct krb5_krbhst_data *kd,
866 krb5_krbhst_info **host)
870 if ((kd->flags & KD_PLUGIN) == 0) {
871 plugin_get_hosts(context, kd, locate_service_kpasswd);
872 kd->flags |= KD_PLUGIN;
873 if(get_next(kd, host))
877 if((kd->flags & KD_CONFIG) == 0) {
878 config_get_hosts(context, kd, kd->config_param);
879 kd->flags |= KD_CONFIG;
880 if(get_next(kd, host))
884 if (kd->flags & KD_CONFIG_EXISTS) {
885 _krb5_debug(context, 1,
886 "Configuration exists for realm %s, wont go to DNS",
888 return KRB5_KDC_UNREACH;
891 if(context->srv_lookup) {
892 if((kd->flags & KD_SRV_UDP) == 0) {
893 srv_get_hosts(context, kd, NULL, "udp", kd->srv_label);
894 kd->flags |= KD_SRV_UDP;
895 if(get_next(kd, host))
898 if((kd->flags & KD_SRV_TCP) == 0) {
899 srv_get_hosts(context, kd, NULL, "tcp", kd->srv_label);
900 kd->flags |= KD_SRV_TCP;
901 if(get_next(kd, host))
906 /* no matches -> try admin */
908 if (krbhst_empty(kd)) {
910 kd->port = kd->def_port;
911 kd->get_next = admin_get_next;
912 ret = (*kd->get_next)(context, kd, host);
914 (*host)->proto = krbhst_get_default_proto(kd);
918 _krb5_debug(context, 0, "No kpasswd entries found for realm %s", kd->realm);
920 return KRB5_KDC_UNREACH;
924 krbhost_dealloc(void *ptr)
926 struct krb5_krbhst_data *handle = (struct krb5_krbhst_data *)ptr;
927 krb5_krbhst_info *h, *next;
929 for (h = handle->hosts; h != NULL; h = next) {
931 _krb5_free_krbhst_info(h);
933 if (handle->hostname)
934 free(handle->hostname);
935 if (handle->sitename)
936 free(handle->sitename);
941 static struct krb5_krbhst_data*
942 common_init(krb5_context context,
943 const char *config_param,
944 const char *srv_label,
949 struct krb5_krbhst_data *kd;
951 if ((kd = heim_alloc(sizeof(*kd), "krbhst-context", krbhost_dealloc)) == NULL)
954 if((kd->realm = strdup(realm)) == NULL) {
959 kd->config_param = config_param;
960 kd->srv_label = srv_label;
962 _krb5_debug(context, 2, "Trying to find service %s for realm %s flags %x",
963 service, realm, flags);
965 /* For 'realms' without a . do not even think of going to DNS */
966 if (!strchr(realm, '.'))
967 kd->flags |= KD_CONFIG_EXISTS;
969 if (flags & KRB5_KRBHST_FLAGS_LARGE_MSG)
970 kd->flags |= KD_LARGE_MSG;
971 kd->end = kd->index = &kd->hosts;
976 * initialize `handle' to look for hosts of type `type' in realm `realm'
979 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
980 krb5_krbhst_init(krb5_context context,
983 krb5_krbhst_handle *handle)
985 return krb5_krbhst_init_flags(context, realm, type, 0, handle);
988 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
989 krb5_krbhst_init_flags(krb5_context context,
993 krb5_krbhst_handle *handle)
995 struct krb5_krbhst_data *kd;
996 krb5_error_code (*next)(krb5_context, struct krb5_krbhst_data *,
997 krb5_krbhst_info **);
999 const char *config_param;
1000 const char *srv_label;
1001 const char *service;
1006 case KRB5_KRBHST_KDC:
1007 next = kdc_get_next;
1008 def_port = ntohs(krb5_getportbyname(context, "kerberos", "udp", 88));
1009 config_param = "kdc";
1010 srv_label = "kerberos";
1013 case KRB5_KRBHST_ADMIN:
1014 next = admin_get_next;
1015 def_port = ntohs(krb5_getportbyname(context, "kerberos-adm",
1017 config_param = "admin_server";
1018 srv_label = "kerberos-adm";
1021 case KRB5_KRBHST_READONLY_ADMIN:
1022 next = admin_get_next;
1023 def_port = ntohs(krb5_getportbyname(context, "kerberos-adm",
1025 config_param = "readonly_admin_server";
1026 srv_label = "kerberos-adm-readonly";
1029 case KRB5_KRBHST_CHANGEPW:
1030 next = kpasswd_get_next;
1031 def_port = ntohs(krb5_getportbyname(context, "kpasswd", "udp",
1033 config_param = "kpasswd_server";
1034 srv_label = "kpasswd";
1035 service = "change_password";
1037 case KRB5_KRBHST_TKTBRIDGEAP:
1038 next = kdc_get_next;
1039 def_port = ntohs(krb5_getportbyname(context, "kerberos", "tcp", 88));
1040 config_param = "tktbridgeap";
1041 srv_label = "kerberos-tkt-bridge";
1045 krb5_set_error_message(context, ENOTTY,
1046 N_("unknown krbhst type (%u)", ""), type);
1049 if((kd = common_init(context, config_param, srv_label, service, realm,
1052 kd->get_next = next;
1053 kd->def_port = def_port;
1059 * return the next host information from `handle' in `host'
1062 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1063 krb5_krbhst_next(krb5_context context,
1064 krb5_krbhst_handle handle,
1065 krb5_krbhst_info **host)
1067 if(get_next(handle, host))
1070 return (*handle->get_next)(context, handle, host);
1074 * return the next host information from `handle' as a host name
1075 * in `hostname' (or length `hostlen)
1078 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1079 krb5_krbhst_next_as_string(krb5_context context,
1080 krb5_krbhst_handle handle,
1084 krb5_error_code ret;
1085 krb5_krbhst_info *host;
1086 ret = krb5_krbhst_next(context, handle, &host);
1089 return krb5_krbhst_format_string(context, host, hostname, hostlen);
1096 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1097 krb5_krbhst_set_hostname(krb5_context context,
1098 krb5_krbhst_handle handle,
1099 const char *hostname)
1101 if (handle->hostname)
1102 free(handle->hostname);
1103 handle->hostname = strdup(hostname);
1104 if (handle->hostname == NULL)
1109 krb5_error_code KRB5_LIB_FUNCTION
1110 krb5_krbhst_set_sitename(krb5_context context,
1111 krb5_krbhst_handle handle,
1112 const char *sitename)
1114 if (handle->sitename)
1115 free(handle->sitename);
1116 handle->sitename = strdup(sitename);
1117 if (handle->sitename == NULL)
1118 return krb5_enomem(context);
1122 KRB5_LIB_FUNCTION void KRB5_LIB_CALL
1123 krb5_krbhst_reset(krb5_context context, krb5_krbhst_handle handle)
1125 handle->index = &handle->hosts;
1128 KRB5_LIB_FUNCTION void KRB5_LIB_CALL
1129 krb5_krbhst_free(krb5_context context, krb5_krbhst_handle handle)
1131 heim_release(handle);
1134 #ifndef HEIMDAL_SMALLER
1136 /* backwards compatibility ahead */
1138 static krb5_error_code
1139 gethostlist(krb5_context context, const char *realm,
1140 unsigned int type, char ***hostlist)
1142 krb5_error_code ret;
1144 krb5_krbhst_handle handle;
1145 char host[MAXHOSTNAMELEN];
1146 krb5_krbhst_info *hostinfo;
1148 ret = krb5_krbhst_init(context, realm, type, &handle);
1152 while (krb5_krbhst_next(context, handle, &hostinfo) == 0)
1155 krb5_set_error_message(context, KRB5_KDC_UNREACH,
1156 N_("No KDC found for realm %s", ""), realm);
1157 krb5_krbhst_free(context, handle);
1158 return KRB5_KDC_UNREACH;
1160 *hostlist = calloc(nhost + 1, sizeof(**hostlist));
1161 if (*hostlist == NULL) {
1162 krb5_krbhst_free(context, handle);
1163 return krb5_enomem(context);
1166 krb5_krbhst_reset(context, handle);
1168 while (krb5_krbhst_next_as_string(context, handle,
1169 host, sizeof(host)) == 0) {
1170 if (((*hostlist)[nhost++] = strdup(host)) == NULL) {
1171 krb5_free_krbhst(context, *hostlist);
1172 krb5_krbhst_free(context, handle);
1173 return krb5_enomem(context);
1176 (*hostlist)[nhost] = NULL;
1177 krb5_krbhst_free(context, handle);
1182 * Return a malloced list of kadmin-hosts for `realm' in `hostlist'
1185 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1186 krb5_get_krb_admin_hst(krb5_context context,
1187 const krb5_realm *realm,
1190 return gethostlist(context, *realm, KRB5_KRBHST_ADMIN, hostlist);
1194 * Return a malloced list of writable kadmin-hosts for `realm' in `hostlist'
1197 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1198 krb5_get_krb_readonly_admin_hst(krb5_context context,
1199 const krb5_realm *realm,
1202 return gethostlist(context, *realm, KRB5_KRBHST_READONLY_ADMIN, hostlist);
1206 * return an malloced list of changepw-hosts for `realm' in `hostlist'
1209 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1210 krb5_get_krb_changepw_hst (krb5_context context,
1211 const krb5_realm *realm,
1214 return gethostlist(context, *realm, KRB5_KRBHST_CHANGEPW, hostlist);
1218 * return an malloced list of 524-hosts for `realm' in `hostlist'
1221 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1222 krb5_get_krb524hst (krb5_context context,
1223 const krb5_realm *realm,
1226 return gethostlist(context, *realm, KRB5_KRBHST_KRB524, hostlist);
1230 * return an malloced list of KDC's for `realm' in `hostlist'
1233 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1234 krb5_get_krbhst (krb5_context context,
1235 const krb5_realm *realm,
1238 return gethostlist(context, *realm, KRB5_KRBHST_KDC, hostlist);
1242 * free all the memory allocated in `hostlist'
1245 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1246 krb5_free_krbhst (krb5_context context,
1251 for (p = hostlist; *p; ++p)
1257 #endif /* HEIMDAL_SMALLER */
git.samba.org / samba.git / blob