2 * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * @page page_principal The principal handing functions.
37 * A Kerberos principal is a email address looking string that
38 * contains to parts separeted by a @. The later part is the kerbero
39 * realm the principal belongs to and the former is a list of 0 or
40 * more components. For example
43 host/hummel.it.su.se@SU.SE
47 * See the library functions here: @ref krb5_principal
50 #include "krb5_locl.h"
51 #ifdef HAVE_RES_SEARCH
54 #ifdef HAVE_ARPA_NAMESER_H
55 #include <arpa/nameser.h>
60 RCSID("$Id: principal.c 22549 2008-01-29 09:37:25Z lha $");
62 #define princ_num_comp(P) ((P)->name.name_string.len)
63 #define princ_type(P) ((P)->name.name_type)
64 #define princ_comp(P) ((P)->name.name_string.val)
65 #define princ_ncomp(P, N) ((P)->name.name_string.val[(N)])
66 #define princ_realm(P) ((P)->realm)
69 * Frees a Kerberos principal allocated by the library with
70 * krb5_parse_name(), krb5_make_principal() or any other related
71 * principal functions.
73 * @param context A Kerberos context.
74 * @param p a principal to free.
76 * @return An krb5 error code, see krb5_get_error_message().
78 * @ingroup krb5_principal
83 void KRB5_LIB_FUNCTION
84 krb5_free_principal(krb5_context context,
93 void KRB5_LIB_FUNCTION
94 krb5_principal_set_type(krb5_context context,
95 krb5_principal principal,
98 princ_type(principal) = type;
101 int KRB5_LIB_FUNCTION
102 krb5_principal_get_type(krb5_context context,
103 krb5_const_principal principal)
105 return princ_type(principal);
108 const char* KRB5_LIB_FUNCTION
109 krb5_principal_get_realm(krb5_context context,
110 krb5_const_principal principal)
112 return princ_realm(principal);
115 const char* KRB5_LIB_FUNCTION
116 krb5_principal_get_comp_string(krb5_context context,
117 krb5_const_principal principal,
118 unsigned int component)
120 if(component >= princ_num_comp(principal))
122 return princ_ncomp(principal, component);
125 krb5_error_code KRB5_LIB_FUNCTION
126 krb5_parse_name_flags(krb5_context context,
129 krb5_principal *principal)
132 heim_general_string *comp;
133 heim_general_string realm = NULL;
145 int enterprise = (flags & KRB5_PRINCIPAL_PARSE_ENTERPRISE);
149 #define RFLAGS (KRB5_PRINCIPAL_PARSE_NO_REALM|KRB5_PRINCIPAL_PARSE_MUST_REALM)
151 if ((flags & RFLAGS) == RFLAGS) {
152 krb5_set_error_string(context, "Can't require both realm and "
153 "no realm at the same time");
154 return KRB5_ERR_NO_SERVICE;
158 /* count number of component,
159 * enterprise names only have one component
163 for(p = name; *p; p++){
166 krb5_set_error_string (context,
167 "trailing \\ in principal name");
168 return KRB5_PARSE_MALFORMED;
177 comp = calloc(ncomp, sizeof(*comp));
179 krb5_set_error_string (context, "malloc: out of memory");
184 p = start = q = s = strdup(name);
187 krb5_set_error_string (context, "malloc: out of memory");
203 krb5_set_error_string (context,
204 "trailing \\ in principal name");
205 ret = KRB5_PARSE_MALFORMED;
208 }else if(enterprise && first_at) {
211 }else if((c == '/' && !enterprise) || c == '@'){
213 krb5_set_error_string (context,
214 "part after realm in principal name");
215 ret = KRB5_PARSE_MALFORMED;
218 comp[n] = malloc(q - start + 1);
219 if (comp[n] == NULL) {
220 krb5_set_error_string (context, "malloc: out of memory");
224 memcpy(comp[n], start, q - start);
225 comp[n][q - start] = 0;
233 if(got_realm && (c == ':' || c == '/' || c == '\0')) {
234 krb5_set_error_string (context,
235 "part after realm in principal name");
236 ret = KRB5_PARSE_MALFORMED;
242 if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) {
243 krb5_set_error_string (context, "realm found in 'short' principal "
244 "expected to be without one");
245 ret = KRB5_PARSE_MALFORMED;
248 realm = malloc(q - start + 1);
250 krb5_set_error_string (context, "malloc: out of memory");
254 memcpy(realm, start, q - start);
255 realm[q - start] = 0;
257 if (flags & KRB5_PRINCIPAL_PARSE_MUST_REALM) {
258 krb5_set_error_string (context, "realm NOT found in principal "
259 "expected to be with one");
260 ret = KRB5_PARSE_MALFORMED;
262 } else if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) {
265 ret = krb5_get_default_realm (context, &realm);
270 comp[n] = malloc(q - start + 1);
271 if (comp[n] == NULL) {
272 krb5_set_error_string (context, "malloc: out of memory");
276 memcpy(comp[n], start, q - start);
277 comp[n][q - start] = 0;
280 *principal = malloc(sizeof(**principal));
281 if (*principal == NULL) {
282 krb5_set_error_string (context, "malloc: out of memory");
287 (*principal)->name.name_type = KRB5_NT_ENTERPRISE_PRINCIPAL;
289 (*principal)->name.name_type = KRB5_NT_PRINCIPAL;
290 (*principal)->name.name_string.val = comp;
291 princ_num_comp(*principal) = n;
292 (*principal)->realm = realm;
305 krb5_error_code KRB5_LIB_FUNCTION
306 krb5_parse_name(krb5_context context,
308 krb5_principal *principal)
310 return krb5_parse_name_flags(context, name, 0, principal);
313 static const char quotable_chars[] = " \n\t\b\\/@";
314 static const char replace_chars[] = " ntb\\/@";
315 static const char nq_chars[] = " \\/@";
317 #define add_char(BASE, INDEX, LEN, C) do { if((INDEX) < (LEN)) (BASE)[(INDEX)++] = (C); }while(0);
320 quote_string(const char *s, char *out, size_t idx, size_t len, int display)
323 for(p = s; *p && idx < len; p++){
324 q = strchr(quotable_chars, *p);
326 add_char(out, idx, len, replace_chars[q - quotable_chars]);
328 add_char(out, idx, len, '\\');
329 add_char(out, idx, len, replace_chars[q - quotable_chars]);
331 add_char(out, idx, len, *p);
339 static krb5_error_code
340 unparse_name_fixed(krb5_context context,
341 krb5_const_principal principal,
348 int short_form = (flags & KRB5_PRINCIPAL_UNPARSE_SHORT) != 0;
349 int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) != 0;
350 int display = (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) != 0;
352 if (!no_realm && princ_realm(principal) == NULL) {
353 krb5_set_error_string(context, "Realm missing from principal, "
358 for(i = 0; i < princ_num_comp(principal); i++){
360 add_char(name, idx, len, '/');
361 idx = quote_string(princ_ncomp(principal, i), name, idx, len, display);
363 krb5_set_error_string(context, "Out of space printing principal");
367 /* add realm if different from default realm */
368 if(short_form && !no_realm) {
371 ret = krb5_get_default_realm(context, &r);
374 if(strcmp(princ_realm(principal), r) != 0)
378 if(!short_form && !no_realm) {
379 add_char(name, idx, len, '@');
380 idx = quote_string(princ_realm(principal), name, idx, len, display);
382 krb5_set_error_string(context,
383 "Out of space printing realm of principal");
390 krb5_error_code KRB5_LIB_FUNCTION
391 krb5_unparse_name_fixed(krb5_context context,
392 krb5_const_principal principal,
396 return unparse_name_fixed(context, principal, name, len, 0);
399 krb5_error_code KRB5_LIB_FUNCTION
400 krb5_unparse_name_fixed_short(krb5_context context,
401 krb5_const_principal principal,
405 return unparse_name_fixed(context, principal, name, len,
406 KRB5_PRINCIPAL_UNPARSE_SHORT);
409 krb5_error_code KRB5_LIB_FUNCTION
410 krb5_unparse_name_fixed_flags(krb5_context context,
411 krb5_const_principal principal,
416 return unparse_name_fixed(context, principal, name, len, flags);
419 static krb5_error_code
420 unparse_name(krb5_context context,
421 krb5_const_principal principal,
425 size_t len = 0, plen;
429 if (princ_realm(principal)) {
430 plen = strlen(princ_realm(principal));
432 if(strcspn(princ_realm(principal), quotable_chars) == plen)
438 for(i = 0; i < princ_num_comp(principal); i++){
439 plen = strlen(princ_ncomp(principal, i));
440 if(strcspn(princ_ncomp(principal, i), quotable_chars) == plen)
449 krb5_set_error_string (context, "malloc: out of memory");
452 ret = unparse_name_fixed(context, principal, *name, len, flags);
460 krb5_error_code KRB5_LIB_FUNCTION
461 krb5_unparse_name(krb5_context context,
462 krb5_const_principal principal,
465 return unparse_name(context, principal, name, 0);
468 krb5_error_code KRB5_LIB_FUNCTION
469 krb5_unparse_name_flags(krb5_context context,
470 krb5_const_principal principal,
474 return unparse_name(context, principal, name, flags);
477 krb5_error_code KRB5_LIB_FUNCTION
478 krb5_unparse_name_short(krb5_context context,
479 krb5_const_principal principal,
482 return unparse_name(context, principal, name, KRB5_PRINCIPAL_UNPARSE_SHORT);
485 #if 0 /* not implemented */
487 krb5_error_code KRB5_LIB_FUNCTION
488 krb5_unparse_name_ext(krb5_context context,
489 krb5_const_principal principal,
493 krb5_abortx(context, "unimplemented krb5_unparse_name_ext called");
498 krb5_realm * KRB5_LIB_FUNCTION
499 krb5_princ_realm(krb5_context context,
500 krb5_principal principal)
502 return &princ_realm(principal);
506 void KRB5_LIB_FUNCTION
507 krb5_princ_set_realm(krb5_context context,
508 krb5_principal principal,
511 princ_realm(principal) = *realm;
515 krb5_error_code KRB5_LIB_FUNCTION
516 krb5_build_principal(krb5_context context,
517 krb5_principal *principal,
519 krb5_const_realm realm,
525 ret = krb5_build_principal_va(context, principal, rlen, realm, ap);
530 static krb5_error_code
531 append_component(krb5_context context, krb5_principal p,
535 heim_general_string *tmp;
536 size_t len = princ_num_comp(p);
538 tmp = realloc(princ_comp(p), (len + 1) * sizeof(*tmp));
540 krb5_set_error_string (context, "malloc: out of memory");
544 princ_ncomp(p, len) = malloc(comp_len + 1);
545 if (princ_ncomp(p, len) == NULL) {
546 krb5_set_error_string (context, "malloc: out of memory");
549 memcpy (princ_ncomp(p, len), comp, comp_len);
550 princ_ncomp(p, len)[comp_len] = '\0';
556 va_ext_princ(krb5_context context, krb5_principal p, va_list ap)
561 len = va_arg(ap, int);
564 s = va_arg(ap, const char*);
565 append_component(context, p, s, len);
570 va_princ(krb5_context context, krb5_principal p, va_list ap)
574 s = va_arg(ap, const char*);
577 append_component(context, p, s, strlen(s));
582 static krb5_error_code
583 build_principal(krb5_context context,
584 krb5_principal *principal,
586 krb5_const_realm realm,
587 void (*func)(krb5_context, krb5_principal, va_list),
592 p = calloc(1, sizeof(*p));
594 krb5_set_error_string (context, "malloc: out of memory");
597 princ_type(p) = KRB5_NT_PRINCIPAL;
599 princ_realm(p) = strdup(realm);
600 if(p->realm == NULL){
602 krb5_set_error_string (context, "malloc: out of memory");
606 (*func)(context, p, ap);
611 krb5_error_code KRB5_LIB_FUNCTION
612 krb5_make_principal(krb5_context context,
613 krb5_principal *principal,
614 krb5_const_realm realm,
621 ret = krb5_get_default_realm(context, &r);
627 ret = krb5_build_principal_va(context, principal, strlen(realm), realm, ap);
634 krb5_error_code KRB5_LIB_FUNCTION
635 krb5_build_principal_va(krb5_context context,
636 krb5_principal *principal,
638 krb5_const_realm realm,
641 return build_principal(context, principal, rlen, realm, va_princ, ap);
644 krb5_error_code KRB5_LIB_FUNCTION
645 krb5_build_principal_va_ext(krb5_context context,
646 krb5_principal *principal,
648 krb5_const_realm realm,
651 return build_principal(context, principal, rlen, realm, va_ext_princ, ap);
655 krb5_error_code KRB5_LIB_FUNCTION
656 krb5_build_principal_ext(krb5_context context,
657 krb5_principal *principal,
659 krb5_const_realm realm,
665 ret = krb5_build_principal_va_ext(context, principal, rlen, realm, ap);
671 krb5_error_code KRB5_LIB_FUNCTION
672 krb5_copy_principal(krb5_context context,
673 krb5_const_principal inprinc,
674 krb5_principal *outprinc)
676 krb5_principal p = malloc(sizeof(*p));
678 krb5_set_error_string (context, "malloc: out of memory");
681 if(copy_Principal(inprinc, p)) {
683 krb5_set_error_string (context, "malloc: out of memory");
691 * return TRUE iff princ1 == princ2 (without considering the realm)
694 krb5_boolean KRB5_LIB_FUNCTION
695 krb5_principal_compare_any_realm(krb5_context context,
696 krb5_const_principal princ1,
697 krb5_const_principal princ2)
700 if(princ_num_comp(princ1) != princ_num_comp(princ2))
702 for(i = 0; i < princ_num_comp(princ1); i++){
703 if(strcmp(princ_ncomp(princ1, i), princ_ncomp(princ2, i)) != 0)
710 * return TRUE iff princ1 == princ2
713 krb5_boolean KRB5_LIB_FUNCTION
714 krb5_principal_compare(krb5_context context,
715 krb5_const_principal princ1,
716 krb5_const_principal princ2)
718 if(!krb5_realm_compare(context, princ1, princ2))
720 return krb5_principal_compare_any_realm(context, princ1, princ2);
724 * return TRUE iff realm(princ1) == realm(princ2)
727 krb5_boolean KRB5_LIB_FUNCTION
728 krb5_realm_compare(krb5_context context,
729 krb5_const_principal princ1,
730 krb5_const_principal princ2)
732 return strcmp(princ_realm(princ1), princ_realm(princ2)) == 0;
736 * return TRUE iff princ matches pattern
739 krb5_boolean KRB5_LIB_FUNCTION
740 krb5_principal_match(krb5_context context,
741 krb5_const_principal princ,
742 krb5_const_principal pattern)
745 if(princ_num_comp(princ) != princ_num_comp(pattern))
747 if(fnmatch(princ_realm(pattern), princ_realm(princ), 0) != 0)
749 for(i = 0; i < princ_num_comp(princ); i++){
750 if(fnmatch(princ_ncomp(pattern, i), princ_ncomp(princ, i), 0) != 0)
757 static struct v4_name_convert {
760 } default_v4_name_convert[] = {
762 { "hprop", "hprop" },
771 * return the converted instance name of `name' in `realm'.
772 * look in the configuration file and then in the default set above.
773 * return NULL if no conversion is appropriate.
777 get_name_conversion(krb5_context context, const char *realm, const char *name)
779 struct v4_name_convert *q;
782 p = krb5_config_get_string(context, NULL, "realms", realm,
783 "v4_name_convert", "host", name, NULL);
785 p = krb5_config_get_string(context, NULL, "libdefaults",
786 "v4_name_convert", "host", name, NULL);
790 /* XXX should be possible to override default list */
791 p = krb5_config_get_string(context, NULL,
800 p = krb5_config_get_string(context, NULL,
808 for(q = default_v4_name_convert; q->from; q++)
809 if(strcmp(q->from, name) == 0)
815 * convert the v4 principal `name.instance@realm' to a v5 principal in `princ'.
816 * if `resolve', use DNS.
817 * if `func', use that function for validating the conversion
820 krb5_error_code KRB5_LIB_FUNCTION
821 krb5_425_conv_principal_ext2(krb5_context context,
823 const char *instance,
825 krb5_boolean (*func)(krb5_context,
826 void *, krb5_principal),
828 krb5_boolean resolve,
829 krb5_principal *princ)
834 char host[MAXHOSTNAMELEN];
835 char local_hostname[MAXHOSTNAMELEN];
837 /* do the following: if the name is found in the
838 `v4_name_convert:host' part, is assumed to be a `host' type
839 principal, and the instance is looked up in the
840 `v4_instance_convert' part. if not found there the name is
841 (optionally) looked up as a hostname, and if that doesn't yield
842 anything, the `default_domain' is appended to the instance
847 if(instance[0] == 0){
851 p = get_name_conversion(context, realm, name);
855 p = krb5_config_get_string(context, NULL, "realms", realm,
856 "v4_instance_convert", instance, NULL);
859 ret = krb5_make_principal(context, &pr, realm, name, instance, NULL);
860 if(func == NULL || (*func)(context, funcctx, pr)){
864 krb5_free_principal(context, pr);
866 krb5_clear_error_string (context);
867 return HEIM_ERR_V4_PRINC_NO_CONV;
870 krb5_boolean passed = FALSE;
875 r = dns_lookup(instance, "aaaa");
877 if (r->head && r->head->type == T_AAAA) {
878 inst = strdup(r->head->domain);
883 r = dns_lookup(instance, "a");
885 if(r->head && r->head->type == T_A) {
886 inst = strdup(r->head->domain);
893 struct addrinfo hints, *ai;
895 memset (&hints, 0, sizeof(hints));
896 hints.ai_flags = AI_CANONNAME;
897 ret = getaddrinfo(instance, NULL, &hints, &ai);
899 const struct addrinfo *a;
900 for (a = ai; a != NULL; a = a->ai_next) {
901 if (a->ai_canonname != NULL) {
902 inst = strdup (a->ai_canonname);
912 krb5_set_error_string (context, "malloc: out of memory");
916 ret = krb5_make_principal(context, &pr, realm, name, inst,
920 if(func == NULL || (*func)(context, funcctx, pr)){
924 krb5_free_principal(context, pr);
929 snprintf(host, sizeof(host), "%s.%s", instance, realm);
931 ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
932 if((*func)(context, funcctx, pr)){
936 krb5_free_principal(context, pr);
940 * if the instance is the first component of the local hostname,
941 * the converted host should be the long hostname.
945 gethostname (local_hostname, sizeof(local_hostname)) == 0 &&
946 strncmp(instance, local_hostname, strlen(instance)) == 0 &&
947 local_hostname[strlen(instance)] == '.') {
948 strlcpy(host, local_hostname, sizeof(host));
954 domains = krb5_config_get_strings(context, NULL, "realms", realm,
956 for(d = domains; d && *d; d++){
957 snprintf(host, sizeof(host), "%s.%s", instance, *d);
958 ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
959 if(func == NULL || (*func)(context, funcctx, pr)){
961 krb5_config_free_strings(domains);
964 krb5_free_principal(context, pr);
966 krb5_config_free_strings(domains);
970 p = krb5_config_get_string(context, NULL, "realms", realm,
971 "default_domain", NULL);
973 /* this should be an error, just faking a name is not good */
974 krb5_clear_error_string (context);
975 return HEIM_ERR_V4_PRINC_NO_CONV;
980 snprintf(host, sizeof(host), "%s.%s", instance, p);
982 ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
983 if(func == NULL || (*func)(context, funcctx, pr)){
987 krb5_free_principal(context, pr);
988 krb5_clear_error_string (context);
989 return HEIM_ERR_V4_PRINC_NO_CONV;
991 p = krb5_config_get_string(context, NULL,
999 p = krb5_config_get_string(context, NULL,
1008 ret = krb5_make_principal(context, &pr, realm, name, instance, NULL);
1009 if(func == NULL || (*func)(context, funcctx, pr)){
1013 krb5_free_principal(context, pr);
1014 krb5_clear_error_string (context);
1015 return HEIM_ERR_V4_PRINC_NO_CONV;
1019 convert_func(krb5_context conxtext, void *funcctx, krb5_principal principal)
1021 krb5_boolean (*func)(krb5_context, krb5_principal) = funcctx;
1022 return (*func)(conxtext, principal);
1025 krb5_error_code KRB5_LIB_FUNCTION
1026 krb5_425_conv_principal_ext(krb5_context context,
1028 const char *instance,
1030 krb5_boolean (*func)(krb5_context, krb5_principal),
1031 krb5_boolean resolve,
1032 krb5_principal *principal)
1034 return krb5_425_conv_principal_ext2(context,
1038 func ? convert_func : NULL,
1046 krb5_error_code KRB5_LIB_FUNCTION
1047 krb5_425_conv_principal(krb5_context context,
1049 const char *instance,
1051 krb5_principal *princ)
1053 krb5_boolean resolve = krb5_config_get_bool(context,
1056 "v4_instance_resolve",
1059 return krb5_425_conv_principal_ext(context, name, instance, realm,
1060 NULL, resolve, princ);
1065 check_list(const krb5_config_binding *l, const char *name, const char **out)
1068 if (l->type != krb5_config_string)
1070 if(strcmp(name, l->u.string) == 0) {
1080 name_convert(krb5_context context, const char *name, const char *realm,
1083 const krb5_config_binding *l;
1084 l = krb5_config_get_list (context,
1091 if(l && check_list(l, name, out))
1092 return KRB5_NT_SRV_HST;
1093 l = krb5_config_get_list (context,
1099 if(l && check_list(l, name, out))
1100 return KRB5_NT_SRV_HST;
1101 l = krb5_config_get_list (context,
1108 if(l && check_list(l, name, out))
1109 return KRB5_NT_UNKNOWN;
1110 l = krb5_config_get_list (context,
1116 if(l && check_list(l, name, out))
1117 return KRB5_NT_UNKNOWN;
1119 /* didn't find it in config file, try built-in list */
1121 struct v4_name_convert *q;
1122 for(q = default_v4_name_convert; q->from; q++) {
1123 if(strcmp(name, q->to) == 0) {
1125 return KRB5_NT_SRV_HST;
1133 * convert the v5 principal in `principal' into a v4 corresponding one
1134 * in `name, instance, realm'
1135 * this is limited interface since there's no length given for these
1136 * three parameters. They have to be 40 bytes each (ANAME_SZ).
1139 krb5_error_code KRB5_LIB_FUNCTION
1140 krb5_524_conv_principal(krb5_context context,
1141 const krb5_principal principal,
1146 const char *n, *i, *r;
1148 int type = princ_type(principal);
1149 const int aname_sz = 40;
1151 r = principal->realm;
1153 switch(principal->name.name_string.len){
1155 n = principal->name.name_string.val[0];
1159 n = principal->name.name_string.val[0];
1160 i = principal->name.name_string.val[1];
1163 krb5_set_error_string (context,
1164 "cannot convert a %d component principal",
1165 principal->name.name_string.len);
1166 return KRB5_PARSE_MALFORMED;
1171 int t = name_convert(context, n, r, &tmp);
1178 if(type == KRB5_NT_SRV_HST){
1181 strlcpy (tmpinst, i, sizeof(tmpinst));
1182 p = strchr(tmpinst, '.');
1188 if (strlcpy (name, n, aname_sz) >= aname_sz) {
1189 krb5_set_error_string (context,
1190 "too long name component to convert");
1191 return KRB5_PARSE_MALFORMED;
1193 if (strlcpy (instance, i, aname_sz) >= aname_sz) {
1194 krb5_set_error_string (context,
1195 "too long instance component to convert");
1196 return KRB5_PARSE_MALFORMED;
1198 if (strlcpy (realm, r, aname_sz) >= aname_sz) {
1199 krb5_set_error_string (context,
1200 "too long realm component to convert");
1201 return KRB5_PARSE_MALFORMED;
1207 * Create a principal in `ret_princ' for the service `sname' running
1208 * on host `hostname'. */
1210 krb5_error_code KRB5_LIB_FUNCTION
1211 krb5_sname_to_principal (krb5_context context,
1212 const char *hostname,
1215 krb5_principal *ret_princ)
1217 krb5_error_code ret;
1218 char localhost[MAXHOSTNAMELEN];
1219 char **realms, *host = NULL;
1221 if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) {
1222 krb5_set_error_string (context, "unsupported name type %d",
1224 return KRB5_SNAME_UNSUPP_NAMETYPE;
1226 if(hostname == NULL) {
1227 gethostname(localhost, sizeof(localhost));
1228 hostname = localhost;
1232 if(type == KRB5_NT_SRV_HST) {
1233 ret = krb5_expand_hostname_realms (context, hostname,
1240 ret = krb5_get_host_realm(context, hostname, &realms);
1245 ret = krb5_make_principal(context, ret_princ, realms[0], sname,
1249 krb5_free_host_realm(context, realms);
1253 static const struct {
1257 { "UNKNOWN", KRB5_NT_UNKNOWN },
1258 { "PRINCIPAL", KRB5_NT_PRINCIPAL },
1259 { "SRV_INST", KRB5_NT_SRV_INST },
1260 { "SRV_HST", KRB5_NT_SRV_HST },
1261 { "SRV_XHST", KRB5_NT_SRV_XHST },
1262 { "UID", KRB5_NT_UID },
1263 { "X500_PRINCIPAL", KRB5_NT_X500_PRINCIPAL },
1264 { "SMTP_NAME", KRB5_NT_SMTP_NAME },
1265 { "ENTERPRISE_PRINCIPAL", KRB5_NT_ENTERPRISE_PRINCIPAL },
1266 { "ENT_PRINCIPAL_AND_ID", KRB5_NT_ENT_PRINCIPAL_AND_ID },
1267 { "MS_PRINCIPAL", KRB5_NT_MS_PRINCIPAL },
1268 { "MS_PRINCIPAL_AND_ID", KRB5_NT_MS_PRINCIPAL_AND_ID },
1273 krb5_parse_nametype(krb5_context context, const char *str, int32_t *nametype)
1277 for(i = 0; nametypes[i].type; i++) {
1278 if (strcasecmp(nametypes[i].type, str) == 0) {
1279 *nametype = nametypes[i].value;
1283 krb5_set_error_string(context, "Failed to find name type %s", str);
1284 return KRB5_PARSE_MALFORMED;
git.samba.org / jelmer / samba4-debian.git / blob