Line data Source code
1 : /*
2 : * Copyright (c) 1997 - 2010 Kungliga Tekniska Högskolan
3 : * (Royal Institute of Technology, Stockholm, Sweden).
4 : * All rights reserved.
5 : *
6 : * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
7 : *
8 : * Redistribution and use in source and binary forms, with or without
9 : * modification, are permitted provided that the following conditions
10 : * are met:
11 : *
12 : * 1. Redistributions of source code must retain the above copyright
13 : * notice, this list of conditions and the following disclaimer.
14 : *
15 : * 2. Redistributions in binary form must reproduce the above copyright
16 : * notice, this list of conditions and the following disclaimer in the
17 : * documentation and/or other materials provided with the distribution.
18 : *
19 : * 3. Neither the name of the Institute nor the names of its contributors
20 : * may be used to endorse or promote products derived from this software
21 : * without specific prior written permission.
22 : *
23 : * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 : * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 : * SUCH DAMAGE.
34 : */
35 :
36 : #undef KRB5_DEPRECATED_FUNCTION
37 : #define KRB5_DEPRECATED_FUNCTION(x)
38 :
39 : #include "krb5_locl.h"
40 : #include <assert.h>
41 : #include <com_err.h>
42 :
43 : static void _krb5_init_ets(krb5_context);
44 :
45 : #define INIT_FIELD(C, T, E, D, F) \
46 : (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \
47 : "libdefaults", F, NULL)
48 :
49 : #define INIT_FLAG(C, O, V, D, F) \
50 : do { \
51 : if (krb5_config_get_bool_default((C), NULL, (D),"libdefaults", F, NULL)) { \
52 : (C)->O |= V; \
53 : } \
54 : } while(0)
55 :
56 : static krb5_error_code
57 : copy_enctypes(krb5_context context,
58 : const krb5_enctype *in,
59 : krb5_enctype **out);
60 :
61 : /*
62 : * Set the list of etypes `ret_etypes' from the configuration variable
63 : * `name'
64 : */
65 :
66 : static krb5_error_code
67 6729010 : set_etypes (krb5_context context,
68 : const char *name,
69 : krb5_enctype **ret_enctypes)
70 : {
71 163330 : char **etypes_str;
72 6729010 : krb5_enctype *etypes = NULL;
73 :
74 6729010 : etypes_str = krb5_config_get_strings(context, NULL, "libdefaults",
75 : name, NULL);
76 6729010 : if(etypes_str){
77 : int i, j, k;
78 554376 : for(i = 0; etypes_str[i]; i++);
79 138567 : etypes = malloc((i+1) * sizeof(*etypes));
80 138567 : if (etypes == NULL) {
81 0 : krb5_config_free_strings (etypes_str);
82 0 : return krb5_enomem(context);
83 : }
84 554376 : for(j = 0, k = 0; j < i; j++) {
85 0 : krb5_enctype e;
86 415809 : if(krb5_string_to_enctype(context, etypes_str[j], &e) != 0)
87 273924 : continue;
88 141885 : if (krb5_enctype_valid(context, e) != 0)
89 0 : continue;
90 141885 : etypes[k++] = e;
91 : }
92 138567 : etypes[k] = ETYPE_NULL;
93 138567 : krb5_config_free_strings(etypes_str);
94 : }
95 6729010 : *ret_enctypes = etypes;
96 6729010 : return 0;
97 : }
98 :
99 : /*
100 : * read variables from the configuration file and set in `context'
101 : */
102 :
103 : static krb5_error_code
104 1345802 : init_context_from_config_file(krb5_context context)
105 : {
106 32666 : krb5_error_code ret;
107 32666 : const char * tmp;
108 32666 : char **s;
109 1345802 : krb5_enctype *tmptypes = NULL;
110 :
111 1345802 : INIT_FIELD(context, time, max_skew, 5 * 60, "clockskew");
112 1345802 : INIT_FIELD(context, time, kdc_timeout, 30, "kdc_timeout");
113 1345802 : INIT_FIELD(context, time, host_timeout, 3, "host_timeout");
114 1345802 : INIT_FIELD(context, int, max_retries, 3, "max_retries");
115 :
116 1345802 : INIT_FIELD(context, string, http_proxy, NULL, "http_proxy");
117 :
118 1345802 : ret = krb5_config_get_bool_default(context, NULL, FALSE,
119 : "libdefaults",
120 : "allow_weak_crypto", NULL);
121 1345802 : if (ret) {
122 0 : krb5_enctype_enable(context, ETYPE_DES_CBC_CRC);
123 0 : krb5_enctype_enable(context, ETYPE_DES_CBC_MD4);
124 0 : krb5_enctype_enable(context, ETYPE_DES_CBC_MD5);
125 0 : krb5_enctype_enable(context, ETYPE_DES_CBC_NONE);
126 0 : krb5_enctype_enable(context, ETYPE_DES_CFB64_NONE);
127 0 : krb5_enctype_enable(context, ETYPE_DES_PCBC_NONE);
128 : }
129 :
130 1345802 : ret = set_etypes (context, "default_etypes", &tmptypes);
131 1345802 : if(ret)
132 0 : return ret;
133 1345802 : free(context->etypes);
134 1345802 : context->etypes = tmptypes;
135 :
136 : /* The etypes member may change during the lifetime
137 : * of the context. To be able to reset it to
138 : * config value, we keep another copy.
139 : */
140 1345802 : free(context->cfg_etypes);
141 1345802 : context->cfg_etypes = NULL;
142 1345802 : if (tmptypes) {
143 47283 : ret = copy_enctypes(context, tmptypes, &context->cfg_etypes);
144 47283 : if (ret)
145 0 : return ret;
146 : }
147 :
148 1345802 : ret = set_etypes (context, "default_etypes_des", &tmptypes);
149 1345802 : if(ret)
150 0 : return ret;
151 1345802 : free(context->etypes_des);
152 1345802 : context->etypes_des = tmptypes;
153 :
154 1345802 : ret = set_etypes (context, "default_as_etypes", &tmptypes);
155 1345802 : if(ret)
156 0 : return ret;
157 1345802 : free(context->as_etypes);
158 1345802 : context->as_etypes = tmptypes;
159 :
160 1345802 : ret = set_etypes (context, "default_tgs_etypes", &tmptypes);
161 1345802 : if(ret)
162 0 : return ret;
163 1345802 : free(context->tgs_etypes);
164 1345802 : context->tgs_etypes = tmptypes;
165 :
166 1345802 : ret = set_etypes (context, "permitted_enctypes", &tmptypes);
167 1345802 : if(ret)
168 0 : return ret;
169 1345802 : free(context->permitted_enctypes);
170 1345802 : context->permitted_enctypes = tmptypes;
171 :
172 1345802 : INIT_FIELD(context, string, default_keytab,
173 : KEYTAB_DEFAULT, "default_keytab_name");
174 :
175 1345802 : INIT_FIELD(context, string, default_keytab_modify,
176 : NULL, "default_keytab_modify_name");
177 :
178 1345802 : INIT_FIELD(context, string, time_fmt,
179 : "%Y-%m-%dT%H:%M:%S", "time_format");
180 :
181 1345802 : INIT_FIELD(context, string, date_fmt,
182 : "%Y-%m-%d", "date_format");
183 :
184 1345802 : INIT_FIELD(context, bool, log_utc,
185 : FALSE, "log_utc");
186 :
187 1378468 : context->no_ticket_store =
188 1345802 : getenv("KRB5_NO_TICKET_STORE") != NULL;
189 :
190 : /* init dns-proxy slime */
191 1345802 : tmp = krb5_config_get_string(context, NULL, "libdefaults",
192 : "dns_proxy", NULL);
193 1345802 : if(tmp)
194 0 : roken_gethostby_setup(context->http_proxy, tmp);
195 1345802 : krb5_free_host_realm (context, context->default_realms);
196 1345802 : context->default_realms = NULL;
197 :
198 : {
199 32666 : krb5_addresses addresses;
200 32666 : char **adr, **a;
201 :
202 1345802 : krb5_set_extra_addresses(context, NULL);
203 1345802 : adr = krb5_config_get_strings(context, NULL,
204 : "libdefaults",
205 : "extra_addresses",
206 : NULL);
207 1345802 : memset(&addresses, 0, sizeof(addresses));
208 1345802 : for(a = adr; a && *a; a++) {
209 0 : ret = krb5_parse_address(context, *a, &addresses);
210 0 : if (ret == 0) {
211 0 : krb5_add_extra_addresses(context, &addresses);
212 0 : krb5_free_addresses(context, &addresses);
213 : }
214 : }
215 1345802 : krb5_config_free_strings(adr);
216 :
217 1345802 : krb5_set_ignore_addresses(context, NULL);
218 1345802 : adr = krb5_config_get_strings(context, NULL,
219 : "libdefaults",
220 : "ignore_addresses",
221 : NULL);
222 1345802 : memset(&addresses, 0, sizeof(addresses));
223 1345802 : for(a = adr; a && *a; a++) {
224 0 : ret = krb5_parse_address(context, *a, &addresses);
225 0 : if (ret == 0) {
226 0 : krb5_add_ignore_addresses(context, &addresses);
227 0 : krb5_free_addresses(context, &addresses);
228 : }
229 : }
230 1345802 : krb5_config_free_strings(adr);
231 : }
232 :
233 1345802 : INIT_FIELD(context, bool, scan_interfaces, TRUE, "scan_interfaces");
234 1345802 : INIT_FIELD(context, int, fcache_vno, 0, "fcache_version");
235 : /* prefer dns_lookup_kdc over srv_lookup. */
236 1345802 : INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup");
237 1345802 : INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc");
238 1345802 : INIT_FIELD(context, int, large_msg_size, 1400, "large_message_size");
239 1345802 : INIT_FIELD(context, int, max_msg_size, 1000 * 1024, "maximum_message_size");
240 1345802 : INIT_FLAG(context, flags, KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME, TRUE, "dns_canonicalize_hostname");
241 1345802 : INIT_FLAG(context, flags, KRB5_CTX_F_CHECK_PAC, TRUE, "check_pac");
242 1345802 : INIT_FLAG(context, flags, KRB5_CTX_F_ENFORCE_OK_AS_DELEGATE, FALSE, "enforce_ok_as_delegate");
243 1345802 : INIT_FLAG(context, flags, KRB5_CTX_F_REPORT_CANONICAL_CLIENT_NAME, FALSE, "report_canonical_client_name");
244 :
245 : /* report_canonical_client_name implies check_pac */
246 1345802 : if (context->flags & KRB5_CTX_F_REPORT_CANONICAL_CLIENT_NAME)
247 0 : context->flags |= KRB5_CTX_F_CHECK_PAC;
248 :
249 1345802 : free(context->default_cc_name);
250 1345802 : context->default_cc_name = NULL;
251 1345802 : context->default_cc_name_set = 0;
252 1345802 : free(context->configured_default_cc_name);
253 1345802 : context->configured_default_cc_name = NULL;
254 :
255 1345802 : tmp = secure_getenv("KRB5_TRACE");
256 1345802 : if (tmp)
257 9 : heim_add_debug_dest(context->hcontext, "libkrb5", tmp);
258 1345802 : s = krb5_config_get_strings(context, NULL, "logging", "krb5", NULL);
259 1345802 : if (s) {
260 : char **p;
261 :
262 0 : for (p = s; *p; p++)
263 0 : heim_add_debug_dest(context->hcontext, "libkrb5", *p);
264 0 : krb5_config_free_strings(s);
265 : }
266 :
267 1345802 : tmp = krb5_config_get_string(context, NULL, "libdefaults",
268 : "check-rd-req-server", NULL);
269 1345802 : if (tmp == NULL)
270 1345802 : tmp = secure_getenv("KRB5_CHECK_RD_REQ_SERVER");
271 1345802 : if(tmp) {
272 0 : if (strcasecmp(tmp, "ignore") == 0)
273 0 : context->flags |= KRB5_CTX_F_RD_REQ_IGNORE;
274 : }
275 1345802 : ret = krb5_config_get_bool_default(context, NULL, TRUE,
276 : "libdefaults",
277 : "fcache_strict_checking", NULL);
278 1345802 : if (ret)
279 110695 : context->flags |= KRB5_CTX_F_FCACHE_STRICT_CHECKING;
280 :
281 1313136 : return 0;
282 : }
283 :
284 : static krb5_error_code
285 792004 : cc_ops_register(krb5_context context)
286 : {
287 19510 : krb5_error_code ret;
288 :
289 792004 : context->cc_ops = NULL;
290 792004 : context->num_cc_ops = 0;
291 :
292 : #ifndef KCM_IS_API_CACHE
293 792004 : ret = krb5_cc_register(context, &krb5_acc_ops, TRUE);
294 792004 : if (ret)
295 0 : return ret;
296 : #endif
297 792004 : ret = krb5_cc_register(context, &krb5_fcc_ops, TRUE);
298 792004 : if (ret)
299 0 : return ret;
300 792004 : ret = krb5_cc_register(context, &krb5_dcc_ops, TRUE);
301 792004 : if (ret)
302 0 : return ret;
303 792004 : ret = krb5_cc_register(context, &krb5_mcc_ops, TRUE);
304 792004 : if (ret)
305 0 : return ret;
306 : #ifdef HAVE_SCC
307 : ret = krb5_cc_register(context, &krb5_scc_ops, TRUE);
308 : if (ret)
309 : return ret;
310 : #endif
311 : #ifdef HAVE_KCM
312 : #ifdef KCM_IS_API_CACHE
313 : ret = krb5_cc_register(context, &krb5_akcm_ops, TRUE);
314 : if (ret)
315 : return ret;
316 : #endif
317 : ret = krb5_cc_register(context, &krb5_kcm_ops, TRUE);
318 : if (ret)
319 : return ret;
320 : #endif
321 : #if defined(HAVE_KEYUTILS_H)
322 792004 : ret = krb5_cc_register(context, &krb5_krcc_ops, TRUE);
323 792004 : if (ret)
324 0 : return ret;
325 : #endif
326 792004 : ret = _krb5_load_ccache_plugins(context);
327 792004 : return ret;
328 : }
329 :
330 : static krb5_error_code
331 0 : cc_ops_copy(krb5_context context, const krb5_context src_context)
332 : {
333 0 : const krb5_cc_ops **cc_ops;
334 :
335 0 : context->cc_ops = NULL;
336 0 : context->num_cc_ops = 0;
337 :
338 0 : if (src_context->num_cc_ops == 0)
339 0 : return 0;
340 :
341 0 : cc_ops = malloc(sizeof(cc_ops[0]) * src_context->num_cc_ops);
342 0 : if (cc_ops == NULL) {
343 0 : krb5_set_error_message(context, KRB5_CC_NOMEM,
344 0 : N_("malloc: out of memory", ""));
345 0 : return KRB5_CC_NOMEM;
346 : }
347 :
348 0 : memcpy(rk_UNCONST(cc_ops), src_context->cc_ops,
349 0 : sizeof(cc_ops[0]) * src_context->num_cc_ops);
350 0 : context->cc_ops = cc_ops;
351 0 : context->num_cc_ops = src_context->num_cc_ops;
352 :
353 0 : return 0;
354 : }
355 :
356 : static krb5_error_code
357 792004 : kt_ops_register(krb5_context context)
358 : {
359 19510 : krb5_error_code ret;
360 :
361 792004 : context->num_kt_types = 0;
362 792004 : context->kt_types = NULL;
363 :
364 792004 : ret = krb5_kt_register (context, &krb5_fkt_ops);
365 792004 : if (ret)
366 0 : return ret;
367 792004 : ret = krb5_kt_register (context, &krb5_wrfkt_ops);
368 792004 : if (ret)
369 0 : return ret;
370 792004 : ret = krb5_kt_register (context, &krb5_javakt_ops);
371 792004 : if (ret)
372 0 : return ret;
373 792004 : ret = krb5_kt_register (context, &krb5_mkt_ops);
374 792004 : if (ret)
375 0 : return ret;
376 : #ifndef HEIMDAL_SMALLER
377 792004 : ret = krb5_kt_register (context, &krb5_akf_ops);
378 792004 : if (ret)
379 0 : return ret;
380 : #endif
381 792004 : ret = krb5_kt_register (context, &krb5_any_ops);
382 792004 : return ret;
383 : }
384 :
385 : static krb5_error_code
386 0 : kt_ops_copy(krb5_context context, const krb5_context src_context)
387 : {
388 0 : context->num_kt_types = 0;
389 0 : context->kt_types = NULL;
390 :
391 0 : if (src_context->num_kt_types == 0)
392 0 : return 0;
393 :
394 0 : context->kt_types = malloc(sizeof(context->kt_types[0]) * src_context->num_kt_types);
395 0 : if (context->kt_types == NULL)
396 0 : return krb5_enomem(context);
397 :
398 0 : context->num_kt_types = src_context->num_kt_types;
399 0 : memcpy(context->kt_types, src_context->kt_types,
400 0 : sizeof(context->kt_types[0]) * src_context->num_kt_types);
401 :
402 0 : return 0;
403 : }
404 :
405 : static const char *const sysplugin_dirs[] = {
406 : #ifdef _WIN32
407 : "$ORIGIN",
408 : #else
409 : "$ORIGIN/../lib/plugin/krb5",
410 : #endif
411 : #ifdef __APPLE__
412 : LIBDIR "/plugin/krb5",
413 : #ifdef HEIM_PLUGINS_SEARCH_SYSTEM
414 : "/Library/KerberosPlugins/KerberosFrameworkPlugins",
415 : "/System/Library/KerberosPlugins/KerberosFrameworkPlugins",
416 : #endif
417 : #endif
418 : NULL
419 : };
420 :
421 : static void
422 33851 : init_context_once(void *ctx)
423 : {
424 33851 : krb5_context context = ctx;
425 1269 : char **dirs;
426 :
427 : #ifdef _WIN32
428 : dirs = rk_UNCONST(sysplugin_dirs);
429 : #else
430 33851 : dirs = krb5_config_get_strings(context, NULL, "libdefaults",
431 : "plugin_dir", NULL);
432 33851 : if (dirs == NULL)
433 33851 : dirs = rk_UNCONST(sysplugin_dirs);
434 : #endif
435 :
436 33851 : _krb5_load_plugins(context, "krb5", (const char **)dirs);
437 :
438 33851 : if (dirs != rk_UNCONST(sysplugin_dirs))
439 0 : krb5_config_free_strings(dirs);
440 :
441 33851 : bindtextdomain(HEIMDAL_TEXTDOMAIN, HEIMDAL_LOCALEDIR);
442 33851 : }
443 :
444 : /**
445 : * Initializes the context structure and reads the configuration file
446 : * /etc/krb5.conf. The structure should be freed by calling
447 : * krb5_free_context() when it is no longer being used.
448 : *
449 : * @param context pointer to returned context
450 : *
451 : * @return Returns 0 to indicate success. Otherwise an errno code is
452 : * returned. Failure means either that something bad happened during
453 : * initialization (typically ENOMEM) or that Kerberos should not be
454 : * used ENXIO. If the function returns HEIM_ERR_RANDOM_OFFLINE, the
455 : * random source is not available and later Kerberos calls might fail.
456 : *
457 : * @ingroup krb5
458 : */
459 :
460 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
461 792004 : krb5_init_context(krb5_context *context)
462 : {
463 19510 : static heim_base_once_t init_context = HEIM_BASE_ONCE_INIT;
464 19510 : krb5_context p;
465 19510 : krb5_error_code ret;
466 19510 : char **files;
467 19510 : uint8_t rnd;
468 :
469 792004 : *context = NULL;
470 :
471 : /**
472 : * krb5_init_context() will get one random byte to make sure our
473 : * random is alive. Assumption is that once the non blocking
474 : * source allows us to pull bytes, its all seeded and allows us to
475 : * pull more bytes.
476 : *
477 : * Most Kerberos users calls krb5_init_context(), so this is
478 : * useful point where we can do the checking.
479 : */
480 792004 : ret = krb5_generate_random(&rnd, sizeof(rnd));
481 792004 : if (ret)
482 0 : return ret;
483 :
484 792004 : p = calloc(1, sizeof(*p));
485 792004 : if(!p)
486 0 : return ENOMEM;
487 :
488 792004 : if ((p->hcontext = heim_context_init()) == NULL) {
489 0 : ret = ENOMEM;
490 0 : goto out;
491 : }
492 :
493 792004 : if (!issuid())
494 792004 : p->flags |= KRB5_CTX_F_HOMEDIR_ACCESS;
495 :
496 792004 : ret = krb5_get_default_config_files(&files);
497 792004 : if(ret)
498 0 : goto out;
499 792004 : ret = krb5_set_config_files(p, files);
500 792004 : krb5_free_config_files(files);
501 792004 : if(ret)
502 0 : goto out;
503 :
504 : /* done enough to load plugins */
505 792004 : heim_base_once_f(&init_context, p, init_context_once);
506 :
507 : /* init error tables */
508 792004 : _krb5_init_ets(p);
509 792004 : ret = cc_ops_register(p);
510 792004 : if (ret)
511 0 : goto out;
512 792004 : ret = kt_ops_register(p);
513 792004 : if (ret)
514 0 : goto out;
515 :
516 : #ifdef PKINIT
517 792004 : ret = hx509_context_init(&p->hx509ctx);
518 792004 : if (ret)
519 0 : goto out;
520 : #endif
521 772494 : if (rk_SOCK_INIT())
522 0 : p->flags |= KRB5_CTX_F_SOCKETS_INITIALIZED;
523 :
524 792004 : out:
525 792004 : if (ret) {
526 0 : krb5_free_context(p);
527 0 : p = NULL;
528 : } else {
529 792004 : heim_context_set_log_utc(p->hcontext, p->log_utc);
530 : }
531 792004 : *context = p;
532 792004 : return ret;
533 : }
534 :
535 : #ifndef HEIMDAL_SMALLER
536 :
537 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
538 0 : krb5_get_permitted_enctypes(krb5_context context,
539 : krb5_enctype **etypes)
540 : {
541 0 : return krb5_get_default_in_tkt_etypes(context, KRB5_PDU_NONE, etypes);
542 : }
543 :
544 : /*
545 : *
546 : */
547 :
548 : static krb5_error_code
549 0 : copy_etypes (krb5_context context,
550 : krb5_enctype *enctypes,
551 : krb5_enctype **ret_enctypes)
552 : {
553 0 : unsigned int i;
554 :
555 0 : for (i = 0; enctypes[i]; i++)
556 : ;
557 0 : i++;
558 :
559 0 : *ret_enctypes = malloc(sizeof(enctypes[0]) * i);
560 0 : if (*ret_enctypes == NULL)
561 0 : return krb5_enomem(context);
562 0 : memcpy(*ret_enctypes, enctypes, sizeof(enctypes[0]) * i);
563 0 : return 0;
564 : }
565 :
566 : /**
567 : * Make a copy for the Kerberos 5 context, the new krb5_context shoud
568 : * be freed with krb5_free_context().
569 : *
570 : * @param context the Kerberos context to copy
571 : * @param out the copy of the Kerberos, set to NULL error.
572 : *
573 : * @return Returns 0 to indicate success. Otherwise an kerberos et
574 : * error code is returned, see krb5_get_error_message().
575 : *
576 : * @ingroup krb5
577 : */
578 :
579 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
580 0 : krb5_copy_context(krb5_context context, krb5_context *out)
581 : {
582 0 : krb5_error_code ret = 0;
583 0 : krb5_context p;
584 :
585 0 : *out = NULL;
586 :
587 0 : p = calloc(1, sizeof(*p));
588 0 : if (p == NULL)
589 0 : return krb5_enomem(context);
590 :
591 0 : p->cc_ops = NULL;
592 0 : p->etypes = NULL;
593 0 : p->kt_types = NULL;
594 0 : p->cfg_etypes = NULL;
595 0 : p->etypes_des = NULL;
596 0 : p->default_realms = NULL;
597 0 : p->extra_addresses = NULL;
598 0 : p->ignore_addresses = NULL;
599 :
600 0 : if ((p->hcontext = heim_context_init()) == NULL)
601 0 : ret = ENOMEM;
602 :
603 0 : if (ret == 0) {
604 0 : heim_context_set_log_utc(p->hcontext, context->log_utc);
605 0 : ret = _krb5_config_copy(context, context->cf, &p->cf);
606 : }
607 0 : if (ret == 0)
608 0 : ret = init_context_from_config_file(p);
609 0 : if (ret == 0 && context->default_cc_name) {
610 0 : free(p->default_cc_name);
611 0 : if ((p->default_cc_name = strdup(context->default_cc_name)) == NULL)
612 0 : ret = ENOMEM;
613 : }
614 0 : if (ret == 0 && context->default_cc_name_env) {
615 0 : free(p->default_cc_name_env);
616 0 : if ((p->default_cc_name_env =
617 0 : strdup(context->default_cc_name_env)) == NULL)
618 0 : ret = ENOMEM;
619 : }
620 0 : if (ret == 0 && context->configured_default_cc_name) {
621 0 : free(p->configured_default_cc_name);
622 0 : if ((p->configured_default_cc_name =
623 0 : strdup(context->configured_default_cc_name)) == NULL)
624 0 : ret = ENOMEM;
625 : }
626 :
627 0 : if (ret == 0 && context->etypes) {
628 0 : free(p->etypes);
629 0 : ret = copy_etypes(context, context->etypes, &p->etypes);
630 : }
631 0 : if (ret == 0 && context->cfg_etypes) {
632 0 : free(p->cfg_etypes);
633 0 : ret = copy_etypes(context, context->cfg_etypes, &p->cfg_etypes);
634 : }
635 0 : if (ret == 0 && context->etypes_des) {
636 0 : free(p->etypes_des);
637 0 : ret = copy_etypes(context, context->etypes_des, &p->etypes_des);
638 : }
639 :
640 0 : if (ret == 0 && context->default_realms) {
641 0 : krb5_free_host_realm(context, p->default_realms);
642 0 : ret = krb5_copy_host_realm(context,
643 0 : context->default_realms, &p->default_realms);
644 : }
645 :
646 : /* XXX should copy */
647 0 : if (ret == 0)
648 0 : _krb5_init_ets(p);
649 :
650 0 : if (ret == 0)
651 0 : ret = cc_ops_copy(p, context);
652 0 : if (ret == 0)
653 0 : ret = kt_ops_copy(p, context);
654 0 : if (ret == 0)
655 0 : ret = krb5_set_extra_addresses(p, context->extra_addresses);
656 0 : if (ret == 0)
657 0 : ret = krb5_set_extra_addresses(p, context->ignore_addresses);
658 0 : if (ret == 0)
659 0 : ret = _krb5_copy_send_to_kdc_func(p, context);
660 :
661 0 : if (ret == 0)
662 0 : *out = p;
663 : else
664 0 : krb5_free_context(p);
665 0 : return ret;
666 : }
667 :
668 : #endif
669 :
670 : /**
671 : * Frees the krb5_context allocated by krb5_init_context().
672 : *
673 : * @param context context to be freed.
674 : *
675 : * @ingroup krb5
676 : */
677 :
678 : KRB5_LIB_FUNCTION void KRB5_LIB_CALL
679 753173 : krb5_free_context(krb5_context context)
680 : {
681 753173 : _krb5_free_name_canon_rules(context, context->name_canon_rules);
682 753173 : free(context->default_cc_name);
683 753173 : free(context->default_cc_name_env);
684 753173 : free(context->configured_default_cc_name);
685 753173 : free(context->etypes);
686 753173 : free(context->cfg_etypes);
687 753173 : free(context->etypes_des);
688 753173 : free(context->permitted_enctypes);
689 753173 : free(context->tgs_etypes);
690 753173 : free(context->as_etypes);
691 753173 : krb5_free_host_realm (context, context->default_realms);
692 753173 : krb5_config_file_free (context, context->cf);
693 753173 : free(rk_UNCONST(context->cc_ops));
694 753173 : free(context->kt_types);
695 753173 : krb5_clear_error_message(context);
696 753173 : krb5_set_extra_addresses(context, NULL);
697 753173 : krb5_set_ignore_addresses(context, NULL);
698 753173 : krb5_set_send_to_kdc_func(context, NULL, NULL);
699 :
700 : #ifdef PKINIT
701 753173 : hx509_context_free(&context->hx509ctx);
702 : #endif
703 :
704 753173 : if (context->flags & KRB5_CTX_F_SOCKETS_INITIALIZED) {
705 17909 : rk_SOCK_EXIT();
706 : }
707 :
708 753173 : heim_context_free(&context->hcontext);
709 753173 : memset(context, 0, sizeof(*context));
710 753173 : free(context);
711 753173 : }
712 :
713 : /**
714 : * Reinit the context from a new set of filenames.
715 : *
716 : * @param context context to add configuration too.
717 : * @param filenames array of filenames, end of list is indicated with a NULL filename.
718 : *
719 : * @return Returns 0 to indicate success. Otherwise an kerberos et
720 : * error code is returned, see krb5_get_error_message().
721 : *
722 : * @ingroup krb5
723 : */
724 :
725 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
726 1345802 : krb5_set_config_files(krb5_context context, char **filenames)
727 : {
728 32666 : krb5_error_code ret;
729 1345802 : heim_config_binding *tmp = NULL;
730 :
731 1345802 : if ((ret = heim_set_config_files(context->hcontext, filenames,
732 : &tmp)))
733 0 : return ret;
734 1345802 : krb5_config_file_free(context, context->cf);
735 1345802 : context->cf = (krb5_config_binding *)tmp;
736 1345802 : return init_context_from_config_file(context);
737 : }
738 :
739 : #ifndef HEIMDAL_SMALLER
740 : /**
741 : * Reinit the context from configuration file contents in a C string.
742 : * This should only be used in tests.
743 : *
744 : * @param context context to add configuration too.
745 : * @param config configuration.
746 : *
747 : * @return Returns 0 to indicate success. Otherwise an kerberos et
748 : * error code is returned, see krb5_get_error_message().
749 : *
750 : * @ingroup krb5
751 : */
752 :
753 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
754 0 : krb5_set_config(krb5_context context, const char *config)
755 : {
756 0 : krb5_error_code ret;
757 0 : krb5_config_binding *tmp = NULL;
758 :
759 0 : if ((ret = krb5_config_parse_string_multi(context, config, &tmp)))
760 0 : return ret;
761 : #if 0
762 : /* with this enabled and if there are no config files, Kerberos is
763 : considererd disabled */
764 : if (tmp == NULL)
765 : return ENXIO;
766 : #endif
767 :
768 0 : krb5_config_file_free(context, context->cf);
769 0 : context->cf = tmp;
770 0 : ret = init_context_from_config_file(context);
771 0 : return ret;
772 : }
773 : #endif
774 :
775 : /*
776 : * `pq' isn't free, it's up the the caller
777 : */
778 :
779 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
780 0 : krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp)
781 : {
782 0 : return heim_prepend_config_files(filelist, pq, ret_pp);
783 : }
784 :
785 : /**
786 : * Prepend the filename to the global configuration list.
787 : *
788 : * @param filelist a filename to add to the default list of filename
789 : * @param pfilenames return array of filenames, should be freed with krb5_free_config_files().
790 : *
791 : * @return Returns 0 to indicate success. Otherwise an kerberos et
792 : * error code is returned, see krb5_get_error_message().
793 : *
794 : * @ingroup krb5
795 : */
796 :
797 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
798 553798 : krb5_prepend_config_files_default(const char *filelist, char ***pfilenames)
799 : {
800 553798 : return heim_prepend_config_files_default(filelist, krb5_config_file,
801 : "KRB5_CONFIG", pfilenames);
802 : }
803 :
804 : /**
805 : * Get the global configuration list.
806 : *
807 : * @param pfilenames return array of filenames, should be freed with krb5_free_config_files().
808 : *
809 : * @return Returns 0 to indicate success. Otherwise an kerberos et
810 : * error code is returned, see krb5_get_error_message().
811 : *
812 : * @ingroup krb5
813 : */
814 :
815 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
816 792004 : krb5_get_default_config_files(char ***pfilenames)
817 : {
818 792004 : if (pfilenames == NULL)
819 0 : return EINVAL;
820 792004 : return heim_get_default_config_files(krb5_config_file, "KRB5_CONFIG",
821 : pfilenames);
822 : }
823 :
824 : /**
825 : * Free a list of configuration files.
826 : *
827 : * @param filenames list, terminated with a NULL pointer, to be
828 : * freed. NULL is an valid argument.
829 : *
830 : * @return Returns 0 to indicate success. Otherwise an kerberos et
831 : * error code is returned, see krb5_get_error_message().
832 : *
833 : * @ingroup krb5
834 : */
835 :
836 : KRB5_LIB_FUNCTION void KRB5_LIB_CALL
837 1345802 : krb5_free_config_files(char **filenames)
838 : {
839 1345802 : heim_free_config_files(filenames);
840 1345802 : }
841 :
842 : /**
843 : * Returns the list of Kerberos encryption types sorted in order of
844 : * most preferred to least preferred encryption type. Note that some
845 : * encryption types might be disabled, so you need to check with
846 : * krb5_enctype_valid() before using the encryption type.
847 : *
848 : * @return list of enctypes, terminated with ETYPE_NULL. Its a static
849 : * array completed into the Kerberos library so the content doesn't
850 : * need to be freed.
851 : *
852 : * @ingroup krb5
853 : */
854 :
855 : KRB5_LIB_FUNCTION const krb5_enctype * KRB5_LIB_CALL
856 223808 : krb5_kerberos_enctypes(krb5_context context)
857 : {
858 6826 : static const krb5_enctype p[] = {
859 : ETYPE_AES256_CTS_HMAC_SHA1_96,
860 : ETYPE_AES128_CTS_HMAC_SHA1_96,
861 : ETYPE_AES256_CTS_HMAC_SHA384_192,
862 : ETYPE_AES128_CTS_HMAC_SHA256_128,
863 : ETYPE_DES3_CBC_SHA1,
864 : ETYPE_ARCFOUR_HMAC_MD5,
865 : ETYPE_NULL
866 : };
867 :
868 6826 : static const krb5_enctype weak[] = {
869 : ETYPE_AES256_CTS_HMAC_SHA1_96,
870 : ETYPE_AES128_CTS_HMAC_SHA1_96,
871 : ETYPE_AES256_CTS_HMAC_SHA384_192,
872 : ETYPE_AES128_CTS_HMAC_SHA256_128,
873 : ETYPE_DES3_CBC_SHA1,
874 : ETYPE_DES3_CBC_MD5,
875 : ETYPE_ARCFOUR_HMAC_MD5,
876 : ETYPE_DES_CBC_MD5,
877 : ETYPE_DES_CBC_MD4,
878 : ETYPE_DES_CBC_CRC,
879 : ETYPE_NULL
880 : };
881 :
882 : /*
883 : * if the list of enctypes enabled by "allow_weak_crypto"
884 : * are valid, then return the former default enctype list
885 : * that contained the weak entries.
886 : */
887 223808 : if (krb5_enctype_valid(context, ETYPE_DES_CBC_CRC) == 0 &&
888 0 : krb5_enctype_valid(context, ETYPE_DES_CBC_MD4) == 0 &&
889 0 : krb5_enctype_valid(context, ETYPE_DES_CBC_MD5) == 0 &&
890 0 : krb5_enctype_valid(context, ETYPE_DES_CBC_NONE) == 0 &&
891 0 : krb5_enctype_valid(context, ETYPE_DES_CFB64_NONE) == 0 &&
892 0 : krb5_enctype_valid(context, ETYPE_DES_PCBC_NONE) == 0)
893 0 : return weak;
894 :
895 216982 : return p;
896 : }
897 :
898 : /*
899 : *
900 : */
901 :
902 : static krb5_error_code
903 182453 : copy_enctypes(krb5_context context,
904 : const krb5_enctype *in,
905 : krb5_enctype **out)
906 : {
907 182453 : krb5_enctype *p = NULL;
908 4898 : size_t m, n;
909 :
910 1013930 : for (n = 0; in[n]; n++)
911 : ;
912 182453 : n++;
913 182453 : ALLOC(p, n);
914 182453 : if(p == NULL)
915 0 : return krb5_enomem(context);
916 1013930 : for (n = 0, m = 0; in[n]; n++) {
917 831477 : if (krb5_enctype_valid(context, in[n]) != 0)
918 0 : continue;
919 831477 : p[m++] = in[n];
920 : }
921 182453 : p[m] = KRB5_ENCTYPE_NULL;
922 182453 : if (m == 0) {
923 0 : free(p);
924 0 : krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
925 0 : N_("no valid enctype set", ""));
926 0 : return KRB5_PROG_ETYPE_NOSUPP;
927 : }
928 182453 : *out = p;
929 182453 : return 0;
930 : }
931 :
932 :
933 : /*
934 : * set `etype' to a malloced list of the default enctypes
935 : */
936 :
937 : static krb5_error_code
938 51728 : default_etypes(krb5_context context, krb5_enctype **etype)
939 : {
940 52898 : const krb5_enctype *p = krb5_kerberos_enctypes(context);
941 51728 : return copy_enctypes(context, p, etype);
942 : }
943 :
944 : /**
945 : * Set the default encryption types that will be use in communcation
946 : * with the KDC, clients and servers.
947 : *
948 : * @param context Kerberos 5 context.
949 : * @param etypes Encryption types, array terminated with ETYPE_NULL (0).
950 : * A value of NULL resets the encryption types to the defaults set in the
951 : * configuration file.
952 : *
953 : * @return Returns 0 to indicate success. Otherwise an kerberos et
954 : * error code is returned, see krb5_get_error_message().
955 : *
956 : * @ingroup krb5
957 : */
958 :
959 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
960 22349 : krb5_set_default_in_tkt_etypes(krb5_context context,
961 : const krb5_enctype *etypes)
962 : {
963 1035 : krb5_error_code ret;
964 22349 : krb5_enctype *p = NULL;
965 :
966 22349 : if(!etypes) {
967 0 : etypes = context->cfg_etypes;
968 : }
969 :
970 22349 : if(etypes) {
971 22349 : ret = copy_enctypes(context, etypes, &p);
972 22349 : if (ret)
973 0 : return ret;
974 : }
975 22349 : if(context->etypes)
976 20100 : free(context->etypes);
977 22349 : context->etypes = p;
978 22349 : return 0;
979 : }
980 :
981 : /**
982 : * Get the default encryption types that will be use in communcation
983 : * with the KDC, clients and servers.
984 : *
985 : * @param context Kerberos 5 context.
986 : * @param pdu_type request type (AS, TGS or none)
987 : * @param etypes Encryption types, array terminated with
988 : * ETYPE_NULL(0), caller should free array with krb5_xfree():
989 : *
990 : * @return Returns 0 to indicate success. Otherwise an kerberos et
991 : * error code is returned, see krb5_get_error_message().
992 : *
993 : * @ingroup krb5
994 : */
995 :
996 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
997 112790 : krb5_get_default_in_tkt_etypes(krb5_context context,
998 : krb5_pdu pdu_type,
999 : krb5_enctype **etypes)
1000 : {
1001 112790 : krb5_enctype *enctypes = NULL;
1002 3863 : krb5_error_code ret;
1003 3863 : krb5_enctype *p;
1004 :
1005 112790 : heim_assert(pdu_type == KRB5_PDU_AS_REQUEST ||
1006 : pdu_type == KRB5_PDU_TGS_REQUEST ||
1007 : pdu_type == KRB5_PDU_NONE, "unexpected pdu type");
1008 :
1009 112790 : if (pdu_type == KRB5_PDU_AS_REQUEST && context->as_etypes != NULL)
1010 478 : enctypes = context->as_etypes;
1011 112312 : else if (pdu_type == KRB5_PDU_TGS_REQUEST && context->tgs_etypes != NULL)
1012 0 : enctypes = context->tgs_etypes;
1013 112312 : else if (context->etypes != NULL)
1014 57891 : enctypes = context->etypes;
1015 :
1016 111620 : if (enctypes != NULL) {
1017 61062 : ret = copy_enctypes(context, enctypes, &p);
1018 61062 : if (ret)
1019 0 : return ret;
1020 : } else {
1021 51728 : ret = default_etypes(context, &p);
1022 51728 : if (ret)
1023 0 : return ret;
1024 : }
1025 112790 : *etypes = p;
1026 112790 : return 0;
1027 : }
1028 :
1029 : /**
1030 : * Init the built-in ets in the Kerberos library.
1031 : *
1032 : * @param context kerberos context to add the ets too
1033 : *
1034 : * @ingroup krb5
1035 : */
1036 :
1037 : KRB5_LIB_FUNCTION void KRB5_LIB_CALL
1038 0 : krb5_init_ets(krb5_context context)
1039 : {
1040 0 : }
1041 :
1042 : static void
1043 792004 : _krb5_init_ets(krb5_context context)
1044 : {
1045 792004 : heim_add_et_list(context->hcontext, initialize_krb5_error_table_r);
1046 792004 : heim_add_et_list(context->hcontext, initialize_asn1_error_table_r);
1047 792004 : heim_add_et_list(context->hcontext, initialize_heim_error_table_r);
1048 :
1049 792004 : heim_add_et_list(context->hcontext, initialize_k524_error_table_r);
1050 792004 : heim_add_et_list(context->hcontext, initialize_k5e1_error_table_r);
1051 :
1052 : #ifdef COM_ERR_BINDDOMAIN_krb5
1053 792004 : bindtextdomain(COM_ERR_BINDDOMAIN_krb5, HEIMDAL_LOCALEDIR);
1054 792004 : bindtextdomain(COM_ERR_BINDDOMAIN_asn1, HEIMDAL_LOCALEDIR);
1055 792004 : bindtextdomain(COM_ERR_BINDDOMAIN_heim, HEIMDAL_LOCALEDIR);
1056 792004 : bindtextdomain(COM_ERR_BINDDOMAIN_k524, HEIMDAL_LOCALEDIR);
1057 : #endif
1058 :
1059 : #ifdef PKINIT
1060 792004 : heim_add_et_list(context->hcontext, initialize_hx_error_table_r);
1061 : #ifdef COM_ERR_BINDDOMAIN_hx
1062 792004 : bindtextdomain(COM_ERR_BINDDOMAIN_hx, HEIMDAL_LOCALEDIR);
1063 : #endif
1064 : #endif
1065 792004 : }
1066 :
1067 : /**
1068 : * Make the kerberos library default to the admin KDC.
1069 : *
1070 : * @param context Kerberos 5 context.
1071 : * @param flag boolean flag to select if the use the admin KDC or not.
1072 : *
1073 : * @ingroup krb5
1074 : */
1075 :
1076 : KRB5_LIB_FUNCTION void KRB5_LIB_CALL
1077 0 : krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag)
1078 : {
1079 0 : context->use_admin_kdc = flag;
1080 0 : }
1081 :
1082 : /**
1083 : * Make the kerberos library default to the admin KDC.
1084 : *
1085 : * @param context Kerberos 5 context.
1086 : *
1087 : * @return boolean flag to telling the context will use admin KDC as the default KDC.
1088 : *
1089 : * @ingroup krb5
1090 : */
1091 :
1092 : KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
1093 0 : krb5_get_use_admin_kdc (krb5_context context)
1094 : {
1095 0 : return context->use_admin_kdc;
1096 : }
1097 :
1098 : /**
1099 : * Add extra address to the address list that the library will add to
1100 : * the client's address list when communicating with the KDC.
1101 : *
1102 : * @param context Kerberos 5 context.
1103 : * @param addresses addreses to add
1104 : *
1105 : * @return Returns 0 to indicate success. Otherwise an kerberos et
1106 : * error code is returned, see krb5_get_error_message().
1107 : *
1108 : * @ingroup krb5
1109 : */
1110 :
1111 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1112 0 : krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses)
1113 : {
1114 :
1115 0 : if(context->extra_addresses)
1116 0 : return krb5_append_addresses(context,
1117 : context->extra_addresses, addresses);
1118 : else
1119 0 : return krb5_set_extra_addresses(context, addresses);
1120 : }
1121 :
1122 : /**
1123 : * Set extra address to the address list that the library will add to
1124 : * the client's address list when communicating with the KDC.
1125 : *
1126 : * @param context Kerberos 5 context.
1127 : * @param addresses addreses to set
1128 : *
1129 : * @return Returns 0 to indicate success. Otherwise an kerberos et
1130 : * error code is returned, see krb5_get_error_message().
1131 : *
1132 : * @ingroup krb5
1133 : */
1134 :
1135 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1136 2098975 : krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
1137 : {
1138 2098975 : if(context->extra_addresses)
1139 0 : krb5_free_addresses(context, context->extra_addresses);
1140 :
1141 2098975 : if(addresses == NULL) {
1142 2098975 : if(context->extra_addresses != NULL) {
1143 0 : free(context->extra_addresses);
1144 0 : context->extra_addresses = NULL;
1145 : }
1146 2098975 : return 0;
1147 : }
1148 0 : if(context->extra_addresses == NULL) {
1149 0 : context->extra_addresses = malloc(sizeof(*context->extra_addresses));
1150 0 : if (context->extra_addresses == NULL)
1151 0 : return krb5_enomem(context);
1152 : }
1153 0 : return krb5_copy_addresses(context, addresses, context->extra_addresses);
1154 : }
1155 :
1156 : /**
1157 : * Get extra address to the address list that the library will add to
1158 : * the client's address list when communicating with the KDC.
1159 : *
1160 : * @param context Kerberos 5 context.
1161 : * @param addresses addreses to set
1162 : *
1163 : * @return Returns 0 to indicate success. Otherwise an kerberos et
1164 : * error code is returned, see krb5_get_error_message().
1165 : *
1166 : * @ingroup krb5
1167 : */
1168 :
1169 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1170 0 : krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses)
1171 : {
1172 0 : if(context->extra_addresses == NULL) {
1173 0 : memset(addresses, 0, sizeof(*addresses));
1174 0 : return 0;
1175 : }
1176 0 : return krb5_copy_addresses(context,context->extra_addresses, addresses);
1177 : }
1178 :
1179 : /**
1180 : * Add extra addresses to ignore when fetching addresses from the
1181 : * underlaying operating system.
1182 : *
1183 : * @param context Kerberos 5 context.
1184 : * @param addresses addreses to ignore
1185 : *
1186 : * @return Returns 0 to indicate success. Otherwise an kerberos et
1187 : * error code is returned, see krb5_get_error_message().
1188 : *
1189 : * @ingroup krb5
1190 : */
1191 :
1192 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1193 0 : krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses)
1194 : {
1195 :
1196 0 : if(context->ignore_addresses)
1197 0 : return krb5_append_addresses(context,
1198 : context->ignore_addresses, addresses);
1199 : else
1200 0 : return krb5_set_ignore_addresses(context, addresses);
1201 : }
1202 :
1203 : /**
1204 : * Set extra addresses to ignore when fetching addresses from the
1205 : * underlaying operating system.
1206 : *
1207 : * @param context Kerberos 5 context.
1208 : * @param addresses addreses to ignore
1209 : *
1210 : * @return Returns 0 to indicate success. Otherwise an kerberos et
1211 : * error code is returned, see krb5_get_error_message().
1212 : *
1213 : * @ingroup krb5
1214 : */
1215 :
1216 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1217 2098975 : krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses)
1218 : {
1219 2098975 : if(context->ignore_addresses)
1220 0 : krb5_free_addresses(context, context->ignore_addresses);
1221 2098975 : if(addresses == NULL) {
1222 2098975 : if(context->ignore_addresses != NULL) {
1223 0 : free(context->ignore_addresses);
1224 0 : context->ignore_addresses = NULL;
1225 : }
1226 2098975 : return 0;
1227 : }
1228 0 : if(context->ignore_addresses == NULL) {
1229 0 : context->ignore_addresses = malloc(sizeof(*context->ignore_addresses));
1230 0 : if (context->ignore_addresses == NULL)
1231 0 : return krb5_enomem(context);
1232 : }
1233 0 : return krb5_copy_addresses(context, addresses, context->ignore_addresses);
1234 : }
1235 :
1236 : /**
1237 : * Get extra addresses to ignore when fetching addresses from the
1238 : * underlaying operating system.
1239 : *
1240 : * @param context Kerberos 5 context.
1241 : * @param addresses list addreses ignored
1242 : *
1243 : * @return Returns 0 to indicate success. Otherwise an kerberos et
1244 : * error code is returned, see krb5_get_error_message().
1245 : *
1246 : * @ingroup krb5
1247 : */
1248 :
1249 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1250 0 : krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses)
1251 : {
1252 0 : if(context->ignore_addresses == NULL) {
1253 0 : memset(addresses, 0, sizeof(*addresses));
1254 0 : return 0;
1255 : }
1256 0 : return krb5_copy_addresses(context, context->ignore_addresses, addresses);
1257 : }
1258 :
1259 : /**
1260 : * Set version of fcache that the library should use.
1261 : *
1262 : * @param context Kerberos 5 context.
1263 : * @param version version number.
1264 : *
1265 : * @return Returns 0 to indicate success. Otherwise an kerberos et
1266 : * error code is returned, see krb5_get_error_message().
1267 : *
1268 : * @ingroup krb5
1269 : */
1270 :
1271 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1272 0 : krb5_set_fcache_version(krb5_context context, int version)
1273 : {
1274 0 : context->fcache_vno = version;
1275 0 : return 0;
1276 : }
1277 :
1278 : /**
1279 : * Get version of fcache that the library should use.
1280 : *
1281 : * @param context Kerberos 5 context.
1282 : * @param version version number.
1283 : *
1284 : * @return Returns 0 to indicate success. Otherwise an kerberos et
1285 : * error code is returned, see krb5_get_error_message().
1286 : *
1287 : * @ingroup krb5
1288 : */
1289 :
1290 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1291 0 : krb5_get_fcache_version(krb5_context context, int *version)
1292 : {
1293 0 : *version = context->fcache_vno;
1294 0 : return 0;
1295 : }
1296 :
1297 : /**
1298 : * Runtime check if the Kerberos library was complied with thread support.
1299 : *
1300 : * @return TRUE if the library was compiled with thread support, FALSE if not.
1301 : *
1302 : * @ingroup krb5
1303 : */
1304 :
1305 :
1306 : KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
1307 0 : krb5_is_thread_safe(void)
1308 : {
1309 : #ifdef ENABLE_PTHREAD_SUPPORT
1310 : return TRUE;
1311 : #else
1312 0 : return FALSE;
1313 : #endif
1314 : }
1315 :
1316 : /**
1317 : * Set if the library should use DNS to canonicalize hostnames.
1318 : *
1319 : * @param context Kerberos 5 context.
1320 : * @param flag if its dns canonicalizion is used or not.
1321 : *
1322 : * @ingroup krb5
1323 : */
1324 :
1325 : KRB5_LIB_FUNCTION void KRB5_LIB_CALL
1326 1258762 : krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag)
1327 : {
1328 1258762 : if (flag)
1329 0 : context->flags |= KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME;
1330 : else
1331 1258762 : context->flags &= ~KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME;
1332 1258762 : }
1333 :
1334 : /**
1335 : * Get if the library uses DNS to canonicalize hostnames.
1336 : *
1337 : * @param context Kerberos 5 context.
1338 : *
1339 : * @return return non zero if the library uses DNS to canonicalize hostnames.
1340 : *
1341 : * @ingroup krb5
1342 : */
1343 :
1344 : KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
1345 0 : krb5_get_dns_canonicalize_hostname (krb5_context context)
1346 : {
1347 0 : return (context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) ? 1 : 0;
1348 : }
1349 :
1350 : /**
1351 : * Get current offset in time to the KDC.
1352 : *
1353 : * @param context Kerberos 5 context.
1354 : * @param sec seconds part of offset.
1355 : * @param usec micro seconds part of offset.
1356 : *
1357 : * @return returns zero
1358 : *
1359 : * @ingroup krb5
1360 : */
1361 :
1362 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1363 0 : krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec)
1364 : {
1365 0 : if (sec)
1366 0 : *sec = context->kdc_sec_offset;
1367 0 : if (usec)
1368 0 : *usec = context->kdc_usec_offset;
1369 0 : return 0;
1370 : }
1371 :
1372 : /**
1373 : * Set current offset in time to the KDC.
1374 : *
1375 : * @param context Kerberos 5 context.
1376 : * @param sec seconds part of offset.
1377 : * @param usec micro seconds part of offset.
1378 : *
1379 : * @return returns zero
1380 : *
1381 : * @ingroup krb5
1382 : */
1383 :
1384 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1385 0 : krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec)
1386 : {
1387 0 : context->kdc_sec_offset = sec;
1388 0 : if (usec >= 0)
1389 0 : context->kdc_usec_offset = usec;
1390 0 : return 0;
1391 : }
1392 :
1393 : /**
1394 : * Get max time skew allowed.
1395 : *
1396 : * @param context Kerberos 5 context.
1397 : *
1398 : * @return timeskew in seconds.
1399 : *
1400 : * @ingroup krb5
1401 : */
1402 :
1403 : KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL
1404 9 : krb5_get_max_time_skew (krb5_context context)
1405 : {
1406 9 : return context->max_skew;
1407 : }
1408 :
1409 : /**
1410 : * Set max time skew allowed.
1411 : *
1412 : * @param context Kerberos 5 context.
1413 : * @param t timeskew in seconds.
1414 : *
1415 : * @ingroup krb5
1416 : */
1417 :
1418 : KRB5_LIB_FUNCTION void KRB5_LIB_CALL
1419 0 : krb5_set_max_time_skew (krb5_context context, time_t t)
1420 : {
1421 0 : context->max_skew = t;
1422 0 : }
1423 :
1424 : /*
1425 : * Init encryption types in len, val with etypes.
1426 : *
1427 : * @param context Kerberos 5 context.
1428 : * @param pdu_type type of pdu
1429 : * @param len output length of val.
1430 : * @param val output array of enctypes.
1431 : * @param etypes etypes to set val and len to, if NULL, use default enctypes.
1432 :
1433 : * @return Returns 0 to indicate success. Otherwise an kerberos et
1434 : * error code is returned, see krb5_get_error_message().
1435 : *
1436 : * @ingroup krb5
1437 : */
1438 :
1439 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1440 95614 : _krb5_init_etype(krb5_context context,
1441 : krb5_pdu pdu_type,
1442 : unsigned *len,
1443 : krb5_enctype **val,
1444 : const krb5_enctype *etypes)
1445 : {
1446 3278 : krb5_error_code ret;
1447 :
1448 95614 : if (etypes == NULL)
1449 95583 : ret = krb5_get_default_in_tkt_etypes(context, pdu_type, val);
1450 : else
1451 31 : ret = copy_enctypes(context, etypes, val);
1452 95614 : if (ret)
1453 0 : return ret;
1454 :
1455 95614 : if (len) {
1456 95614 : *len = 0;
1457 646098 : while ((*val)[*len] != KRB5_ENCTYPE_NULL)
1458 550484 : (*len)++;
1459 : }
1460 92336 : return 0;
1461 : }
1462 :
1463 : /*
1464 : * Allow homedir access
1465 : */
1466 :
1467 : KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
1468 82342 : _krb5_homedir_access(krb5_context context)
1469 : {
1470 82342 : if (context)
1471 82342 : return !!(context->flags & KRB5_CTX_F_HOMEDIR_ACCESS);
1472 0 : return !issuid();
1473 : }
1474 :
1475 : /**
1476 : * Enable and disable home directory access on either the global state
1477 : * or the krb5_context state. By calling krb5_set_home_dir_access()
1478 : * with context set to NULL, the global state is configured otherwise
1479 : * the state for the krb5_context is modified.
1480 : *
1481 : * For home directory access to be allowed, both the global state and
1482 : * the krb5_context state have to be allowed.
1483 : *
1484 : * @param context a Kerberos 5 context or NULL
1485 : * @param allow allow if TRUE home directory
1486 : * @return the old value
1487 : *
1488 : * @ingroup krb5
1489 : */
1490 :
1491 : KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
1492 0 : krb5_set_home_dir_access(krb5_context context, krb5_boolean allow)
1493 : {
1494 0 : krb5_boolean old = _krb5_homedir_access(context);
1495 :
1496 0 : if (context) {
1497 0 : if (allow)
1498 0 : context->flags |= KRB5_CTX_F_HOMEDIR_ACCESS;
1499 : else
1500 0 : context->flags &= ~KRB5_CTX_F_HOMEDIR_ACCESS;
1501 0 : heim_context_set_homedir_access(context->hcontext, allow ? 1 : 0);
1502 : }
1503 :
1504 0 : return old;
1505 : }
1506 :
|
