search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r19681: Update to current lorikeet-heimdal. I'm looking at using the realm
[Samba.git] / source / heimdal / lib / krb5 / krbhst.c
blobf395f0d0c301103233bba726f75ee9d3fb339593
1 /*
2 * Copyright (c) 2001 - 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "krb5_locl.h"
35 #include <resolve.h>
36 #include "locate_plugin.h"
37
38 RCSID("$Id: krbhst.c,v 1.58 2006/11/12 20:05:20 lha Exp $");
39
40 static int
41 string_to_proto(const char *string)
42 {
43 if(strcasecmp(string, "udp") == 0)
44 return KRB5_KRBHST_UDP;
45 else if(strcasecmp(string, "tcp") == 0)
46 return KRB5_KRBHST_TCP;
47 else if(strcasecmp(string, "http") == 0)
48 return KRB5_KRBHST_HTTP;
49 return -1;
50 }
51
52 /*
53 * set `res' and `count' to the result of looking up SRV RR in DNS for
54 * `proto', `proto', `realm' using `dns_type'.
55 * if `port' != 0, force that port number
56 */
57
58 static krb5_error_code
59 srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count,
60 const char *realm, const char *dns_type,
61 const char *proto, const char *service, int port)
62 {
63 char domain[1024];
64 struct dns_reply *r;
65 struct resource_record *rr;
66 int num_srv;
67 int proto_num;
68 int def_port;
69
70 *res = NULL;
71 *count = 0;
72
73 proto_num = string_to_proto(proto);
74 if(proto_num < 0) {
75 krb5_set_error_string(context, "unknown protocol `%s'", proto);
76 return EINVAL;
77 }
78
79 if(proto_num == KRB5_KRBHST_HTTP)
80 def_port = ntohs(krb5_getportbyname (context, "http", "tcp", 80));
81 else if(port == 0)
82 def_port = ntohs(krb5_getportbyname (context, service, proto, 88));
83 else
84 def_port = port;
85
86 snprintf(domain, sizeof(domain), "_%s._%s.%s.", service, proto, realm);
87
88 r = dns_lookup(domain, dns_type);
89 if(r == NULL)
90 return KRB5_KDC_UNREACH;
91
92 for(num_srv = 0, rr = r->head; rr; rr = rr->next)
93 if(rr->type == T_SRV)
94 num_srv++;
95
96 *res = malloc(num_srv * sizeof(**res));
97 if(*res == NULL) {
98 dns_free_data(r);
99 krb5_set_error_string(context, "malloc: out of memory");
100 return ENOMEM;
101 }
102
103 dns_srv_order(r);
104
105 for(num_srv = 0, rr = r->head; rr; rr = rr->next)
106 if(rr->type == T_SRV) {
107 krb5_krbhst_info *hi;
108 size_t len = strlen(rr->u.srv->target);
109
110 hi = calloc(1, sizeof(*hi) + len);
111 if(hi == NULL) {
112 dns_free_data(r);
113 while(--num_srv >= 0)
114 free((*res)[num_srv]);
115 free(*res);
116 *res = NULL;
117 return ENOMEM;
118 }
119 (*res)[num_srv++] = hi;
120
121 hi->proto = proto_num;
122
123 hi->def_port = def_port;
124 if (port != 0)
125 hi->port = port;
126 else
127 hi->port = rr->u.srv->port;
128
129 strlcpy(hi->hostname, rr->u.srv->target, len + 1);
130 }
131
132 *count = num_srv;
133
134 dns_free_data(r);
135 return 0;
136 }
137
138
139 struct krb5_krbhst_data {
140 char *realm;
141 unsigned int flags;
142 int def_port;
143 int port; /* hardwired port number if != 0 */
144 #define KD_CONFIG 1
145 #define KD_SRV_UDP 2
146 #define KD_SRV_TCP 4
147 #define KD_SRV_HTTP 8
148 #define KD_FALLBACK 16
149 #define KD_CONFIG_EXISTS 32
150 #define KD_LARGE_MSG 64
151 #define KD_PLUGIN 128
152 krb5_error_code (*get_next)(krb5_context, struct krb5_krbhst_data *,
153 krb5_krbhst_info**);
154
155 unsigned int fallback_count;
156
157 struct krb5_krbhst_info *hosts, **index, **end;
158 };
159
160 static krb5_boolean
161 krbhst_empty(const struct krb5_krbhst_data *kd)
162 {
163 return kd->index == &kd->hosts;
164 }
165
166 /*
167 * Return the default protocol for the `kd' (either TCP or UDP)
168 */
169
170 static int
171 krbhst_get_default_proto(struct krb5_krbhst_data *kd)
172 {
173 if (kd->flags & KD_LARGE_MSG)
174 return KRB5_KRBHST_TCP;
175 return KRB5_KRBHST_UDP;
176 }
177
178
179 /*
180 * parse `spec' into a krb5_krbhst_info, defaulting the port to `def_port'
181 * and forcing it to `port' if port != 0
182 */
183
184 static struct krb5_krbhst_info*
185 parse_hostspec(krb5_context context, struct krb5_krbhst_data *kd,
186 const char *spec, int def_port, int port)
187 {
188 const char *p = spec;
189 struct krb5_krbhst_info *hi;
190
191 hi = calloc(1, sizeof(*hi) + strlen(spec));
192 if(hi == NULL)
193 return NULL;
194
195 hi->proto = krbhst_get_default_proto(kd);
196
197 if(strncmp(p, "http://", 7) == 0){
198 hi->proto = KRB5_KRBHST_HTTP;
199 p += 7;
200 } else if(strncmp(p, "http/", 5) == 0) {
201 hi->proto = KRB5_KRBHST_HTTP;
202 p += 5;
203 def_port = ntohs(krb5_getportbyname (context, "http", "tcp", 80));
204 }else if(strncmp(p, "tcp/", 4) == 0){
205 hi->proto = KRB5_KRBHST_TCP;
206 p += 4;
207 } else if(strncmp(p, "udp/", 4) == 0) {
208 p += 4;
209 }
210
211 if(strsep_copy(&p, ":", hi->hostname, strlen(spec) + 1) < 0) {
212 free(hi);
213 return NULL;
214 }
215 /* get rid of trailing /, and convert to lower case */
216 hi->hostname[strcspn(hi->hostname, "/")] = '\0';
217 strlwr(hi->hostname);
218
219 hi->port = hi->def_port = def_port;
220 if(p != NULL) {
221 char *end;
222 hi->port = strtol(p, &end, 0);
223 if(end == p) {
224 free(hi);
225 return NULL;
226 }
227 }
228 if (port)
229 hi->port = port;
230 return hi;
231 }
232
233 void
234 _krb5_free_krbhst_info(krb5_krbhst_info *hi)
235 {
236 if (hi->ai != NULL)
237 freeaddrinfo(hi->ai);
238 free(hi);
239 }
240
241 krb5_error_code
242 _krb5_krbhost_info_move(krb5_context context,
243 krb5_krbhst_info *from,
244 krb5_krbhst_info **to)
245 {
246 size_t hostnamelen = strlen(from->hostname);
247 /* trailing NUL is included in structure */
248 *to = calloc(1, sizeof(**to) + hostnamelen);
249 if(*to == NULL) {
250 krb5_set_error_string(context, "malloc - out of memory");
251 return ENOMEM;
252 }
253
254 (*to)->proto = from->proto;
255 (*to)->port = from->port;
256 (*to)->def_port = from->def_port;
257 (*to)->ai = from->ai;
258 from->ai = NULL;
259 (*to)->next = NULL;
260 memcpy((*to)->hostname, from->hostname, hostnamelen + 1);
261 return 0;
262 }
263
264
265 static void
266 append_host_hostinfo(struct krb5_krbhst_data *kd, struct krb5_krbhst_info *host)
267 {
268 struct krb5_krbhst_info *h;
269
270 for(h = kd->hosts; h; h = h->next)
271 if(h->proto == host->proto &&
272 h->port == host->port &&
273 strcmp(h->hostname, host->hostname) == 0) {
274 _krb5_free_krbhst_info(host);
275 return;
276 }
277 *kd->end = host;
278 kd->end = &host->next;
279 }
280
281 static krb5_error_code
282 append_host_string(krb5_context context, struct krb5_krbhst_data *kd,
283 const char *host, int def_port, int port)
284 {
285 struct krb5_krbhst_info *hi;
286
287 hi = parse_hostspec(context, kd, host, def_port, port);
288 if(hi == NULL)
289 return ENOMEM;
290
291 append_host_hostinfo(kd, hi);
292 return 0;
293 }
294
295 /*
296 * return a readable representation of `host' in `hostname, hostlen'
297 */
298
299 krb5_error_code KRB5_LIB_FUNCTION
300 krb5_krbhst_format_string(krb5_context context, const krb5_krbhst_info *host,
301 char *hostname, size_t hostlen)
302 {
303 const char *proto = "";
304 char portstr[7] = "";
305 if(host->proto == KRB5_KRBHST_TCP)
306 proto = "tcp/";
307 else if(host->proto == KRB5_KRBHST_HTTP)
308 proto = "http://";
309 if(host->port != host->def_port)
310 snprintf(portstr, sizeof(portstr), ":%d", host->port);
311 snprintf(hostname, hostlen, "%s%s%s", proto, host->hostname, portstr);
312 return 0;
313 }
314
315 /*
316 * create a getaddrinfo `hints' based on `proto'
317 */
318
319 static void
320 make_hints(struct addrinfo *hints, int proto)
321 {
322 memset(hints, 0, sizeof(*hints));
323 hints->ai_family = AF_UNSPEC;
324 switch(proto) {
325 case KRB5_KRBHST_UDP :
326 hints->ai_socktype = SOCK_DGRAM;
327 break;
328 case KRB5_KRBHST_HTTP :
329 case KRB5_KRBHST_TCP :
330 hints->ai_socktype = SOCK_STREAM;
331 break;
332 }
333 }
334
335 /*
336 * return an `struct addrinfo *' in `ai' corresponding to the information
337 * in `host'. free:ing is handled by krb5_krbhst_free.
338 */
339
340 krb5_error_code KRB5_LIB_FUNCTION
341 krb5_krbhst_get_addrinfo(krb5_context context, krb5_krbhst_info *host,
342 struct addrinfo **ai)
343 {
344 struct addrinfo hints;
345 char portstr[NI_MAXSERV];
346 int ret;
347
348 if (host->ai == NULL) {
349 make_hints(&hints, host->proto);
350 snprintf (portstr, sizeof(portstr), "%d", host->port);
351 ret = getaddrinfo(host->hostname, portstr, &hints, &host->ai);
352 if (ret)
353 return krb5_eai_to_heim_errno(ret, errno);
354 }
355 *ai = host->ai;
356 return 0;
357 }
358
359 static krb5_boolean
360 get_next(struct krb5_krbhst_data *kd, krb5_krbhst_info **host)
361 {
362 struct krb5_krbhst_info *hi = *kd->index;
363 if(hi != NULL) {
364 *host = hi;
365 kd->index = &(*kd->index)->next;
366 return TRUE;
367 }
368 return FALSE;
369 }
370
371 static void
372 srv_get_hosts(krb5_context context, struct krb5_krbhst_data *kd,
373 const char *proto, const char *service)
374 {
375 krb5_krbhst_info **res;
376 int count, i;
377
378 if (srv_find_realm(context, &res, &count, kd->realm, "SRV", proto, service,
379 kd->port))
380 return;
381 for(i = 0; i < count; i++)
382 append_host_hostinfo(kd, res[i]);
383 free(res);
384 }
385
386 /*
387 * read the configuration for `conf_string', defaulting to kd->def_port and
388 * forcing it to `kd->port' if kd->port != 0
389 */
390
391 static void
392 config_get_hosts(krb5_context context, struct krb5_krbhst_data *kd,
393 const char *conf_string)
394 {
395 int i;
396
397 char **hostlist;
398 hostlist = krb5_config_get_strings(context, NULL,
399 "realms", kd->realm, conf_string, NULL);
400
401 if(hostlist == NULL)
402 return;
403 kd->flags |= KD_CONFIG_EXISTS;
404 for(i = 0; hostlist && hostlist[i] != NULL; i++)
405 append_host_string(context, kd, hostlist[i], kd->def_port, kd->port);
406
407 krb5_config_free_strings(hostlist);
408 }
409
410 /*
411 * as a fallback, look for `serv_string.kd->realm' (typically
412 * kerberos.REALM, kerberos-1.REALM, ...
413 * `port' is the default port for the service, and `proto' the
414 * protocol
415 */
416
417 static krb5_error_code
418 fallback_get_hosts(krb5_context context, struct krb5_krbhst_data *kd,
419 const char *serv_string, int port, int proto)
420 {
421 char *host;
422 int ret;
423 struct addrinfo *ai;
424 struct addrinfo hints;
425 char portstr[NI_MAXSERV];
426
427 /*
428 * Don't try forever in case the DNS server keep returning us
429 * entries (like wildcard entries or the .nu TLD)
430 */
431 if(kd->fallback_count >= 5) {
432 kd->flags |= KD_FALLBACK;
433 return 0;
434 }
435
436 if(kd->fallback_count == 0)
437 asprintf(&host, "%s.%s.", serv_string, kd->realm);
438 else
439 asprintf(&host, "%s-%d.%s.",
440 serv_string, kd->fallback_count, kd->realm);
441
442 if (host == NULL)
443 return ENOMEM;
444
445 make_hints(&hints, proto);
446 snprintf(portstr, sizeof(portstr), "%d", port);
447 ret = getaddrinfo(host, portstr, &hints, &ai);
448 if (ret) {
449 /* no more hosts, so we're done here */
450 free(host);
451 kd->flags |= KD_FALLBACK;
452 } else {
453 struct krb5_krbhst_info *hi;
454 size_t hostlen = strlen(host);
455
456 hi = calloc(1, sizeof(*hi) + hostlen);
457 if(hi == NULL) {
458 free(host);
459 return ENOMEM;
460 }
461
462 hi->proto = proto;
463 hi->port = hi->def_port = port;
464 hi->ai = ai;
465 memmove(hi->hostname, host, hostlen);
466 hi->hostname[hostlen] = '\0';
467 free(host);
468 append_host_hostinfo(kd, hi);
469 kd->fallback_count++;
470 }
471 return 0;
472 }
473
474 /*
475 * Fetch hosts from plugin
476 */
477
478 static krb5_error_code
479 add_locate(void *ctx, int type, struct sockaddr *addr)
480 {
481 struct krb5_krbhst_info *hi;
482 struct krb5_krbhst_data *kd = ctx;
483 char host[NI_MAXHOST], port[NI_MAXSERV];
484 struct addrinfo hints, *ai;
485 socklen_t socklen;
486 size_t hostlen;
487 int ret;
488
489 socklen = socket_sockaddr_size(addr);
490
491 ret = getnameinfo(addr, socklen, host, sizeof(host), port, sizeof(port),
492 NI_NUMERICHOST|NI_NUMERICSERV);
493 if (ret != 0)
494 return 0;
495
496 memset(&hints, 0, sizeof(hints));
497 ret = getaddrinfo(host, port, &hints, &ai);
498 if (ret)
499 return 0;
500
501 hostlen = strlen(host);
502
503 hi = calloc(1, sizeof(*hi) + hostlen);
504 if(hi == NULL) {
505 free(host);
506 return ENOMEM;
507 }
508
509 hi->proto = krbhst_get_default_proto(kd);
510 hi->port = hi->def_port = socket_get_port(addr);
511 hi->ai = ai;
512 memmove(hi->hostname, host, hostlen);
513 hi->hostname[hostlen] = '\0';
514 append_host_hostinfo(kd, hi);
515
516 return 0;
517 }
518
519 static void
520 plugin_get_hosts(krb5_context context,
521 struct krb5_krbhst_data *kd,
522 enum locate_service_type type)
523 {
524 struct krb5_plugin *list, *e;
525 krb5_error_code ret;
526
527 ret = _krb5_plugin_find(context, PLUGIN_TYPE_DATA, "resolve", &list);
528 if(ret != 0 || list == NULL)
529 return;
530
531 kd->flags |= KD_CONFIG_EXISTS;
532
533 for (e = list; e != NULL; e = _krb5_plugin_get_next(e)) {
534 krb5plugin_service_locate_ftable *service;
535 void *ctx;
536
537 service = _krb5_plugin_get_symbol(e);
538 if (service->minor_version != 0)
539 continue;
540
541 (*service->init)(context, &ctx);
542 ret = (*service->lookup)(ctx, type, kd->realm, 0, 0, add_locate, kd);
543 (*service->fini)(ctx);
544 if (ret) {
545 krb5_set_error_string(context, "Plugin failed to lookup");
546 break;
547 }
548 }
549 _krb5_plugin_free(list);
550 }
551
552 /*
553 *
554 */
555
556 static krb5_error_code
557 kdc_get_next(krb5_context context,
558 struct krb5_krbhst_data *kd,
559 krb5_krbhst_info **host)
560 {
561 krb5_error_code ret;
562
563 if ((kd->flags & KD_PLUGIN) == 0) {
564 plugin_get_hosts(context, kd, locate_service_kdc);
565 kd->flags |= KD_PLUGIN;
566 if(get_next(kd, host))
567 return 0;
568 }
569
570 if((kd->flags & KD_CONFIG) == 0) {
571 config_get_hosts(context, kd, "kdc");
572 kd->flags |= KD_CONFIG;
573 if(get_next(kd, host))
574 return 0;
575 }
576
577 if (kd->flags & KD_CONFIG_EXISTS)
578 return KRB5_KDC_UNREACH; /* XXX */
579
580 if(context->srv_lookup) {
581 if((kd->flags & KD_SRV_UDP) == 0 && (kd->flags & KD_LARGE_MSG) == 0) {
582 srv_get_hosts(context, kd, "udp", "kerberos");
583 kd->flags |= KD_SRV_UDP;
584 if(get_next(kd, host))
585 return 0;
586 }
587
588 if((kd->flags & KD_SRV_TCP) == 0) {
589 srv_get_hosts(context, kd, "tcp", "kerberos");
590 kd->flags |= KD_SRV_TCP;
591 if(get_next(kd, host))
592 return 0;
593 }
594 if((kd->flags & KD_SRV_HTTP) == 0) {
595 srv_get_hosts(context, kd, "http", "kerberos");
596 kd->flags |= KD_SRV_HTTP;
597 if(get_next(kd, host))
598 return 0;
599 }
600 }
601
602 while((kd->flags & KD_FALLBACK) == 0) {
603 ret = fallback_get_hosts(context, kd, "kerberos",
604 kd->def_port,
605 krbhst_get_default_proto(kd));
606 if(ret)
607 return ret;
608 if(get_next(kd, host))
609 return 0;
610 }
611
612 return KRB5_KDC_UNREACH; /* XXX */
613 }
614
615 static krb5_error_code
616 admin_get_next(krb5_context context,
617 struct krb5_krbhst_data *kd,
618 krb5_krbhst_info **host)
619 {
620 krb5_error_code ret;
621
622 if((kd->flags & KD_CONFIG) == 0) {
623 config_get_hosts(context, kd, "admin_server");
624 kd->flags |= KD_CONFIG;
625 if(get_next(kd, host))
626 return 0;
627 }
628
629 if (kd->flags & KD_CONFIG_EXISTS)
630 return KRB5_KDC_UNREACH; /* XXX */
631
632 if(context->srv_lookup) {
633 if((kd->flags & KD_SRV_TCP) == 0) {
634 srv_get_hosts(context, kd, "tcp", "kerberos-adm");
635 kd->flags |= KD_SRV_TCP;
636 if(get_next(kd, host))
637 return 0;
638 }
639 }
640
641 if (krbhst_empty(kd)
642 && (kd->flags & KD_FALLBACK) == 0) {
643 ret = fallback_get_hosts(context, kd, "kerberos",
644 kd->def_port,
645 krbhst_get_default_proto(kd));
646 if(ret)
647 return ret;
648 kd->flags |= KD_FALLBACK;
649 if(get_next(kd, host))
650 return 0;
651 }
652
653 return KRB5_KDC_UNREACH; /* XXX */
654 }
655
656 static krb5_error_code
657 kpasswd_get_next(krb5_context context,
658 struct krb5_krbhst_data *kd,
659 krb5_krbhst_info **host)
660 {
661 krb5_error_code ret;
662
663 if((kd->flags & KD_CONFIG) == 0) {
664 config_get_hosts(context, kd, "kpasswd_server");
665 kd->flags |= KD_CONFIG;
666 if(get_next(kd, host))
667 return 0;
668 }
669
670 if (kd->flags & KD_CONFIG_EXISTS)
671 return KRB5_KDC_UNREACH; /* XXX */
672
673 if(context->srv_lookup) {
674 if((kd->flags & KD_SRV_UDP) == 0) {
675 srv_get_hosts(context, kd, "udp", "kpasswd");
676 kd->flags |= KD_SRV_UDP;
677 if(get_next(kd, host))
678 return 0;
679 }
680 if((kd->flags & KD_SRV_TCP) == 0) {
681 srv_get_hosts(context, kd, "tcp", "kpasswd");
682 kd->flags |= KD_SRV_TCP;
683 if(get_next(kd, host))
684 return 0;
685 }
686 }
687
688 /* no matches -> try admin */
689
690 if (krbhst_empty(kd)) {
691 kd->flags = 0;
692 kd->port = kd->def_port;
693 kd->get_next = admin_get_next;
694 ret = (*kd->get_next)(context, kd, host);
695 if (ret == 0)
696 (*host)->proto = krbhst_get_default_proto(kd);
697 return ret;
698 }
699
700 return KRB5_KDC_UNREACH; /* XXX */
701 }
702
703 static krb5_error_code
704 krb524_get_next(krb5_context context,
705 struct krb5_krbhst_data *kd,
706 krb5_krbhst_info **host)
707 {
708 if((kd->flags & KD_CONFIG) == 0) {
709 config_get_hosts(context, kd, "krb524_server");
710 if(get_next(kd, host))
711 return 0;
712 kd->flags |= KD_CONFIG;
713 }
714
715 if (kd->flags & KD_CONFIG_EXISTS)
716 return KRB5_KDC_UNREACH; /* XXX */
717
718 if(context->srv_lookup) {
719 if((kd->flags & KD_SRV_UDP) == 0) {
720 srv_get_hosts(context, kd, "udp", "krb524");
721 kd->flags |= KD_SRV_UDP;
722 if(get_next(kd, host))
723 return 0;
724 }
725
726 if((kd->flags & KD_SRV_TCP) == 0) {
727 srv_get_hosts(context, kd, "tcp", "krb524");
728 kd->flags |= KD_SRV_TCP;
729 if(get_next(kd, host))
730 return 0;
731 }
732 }
733
734 /* no matches -> try kdc */
735
736 if (krbhst_empty(kd)) {
737 kd->flags = 0;
738 kd->port = kd->def_port;
739 kd->get_next = kdc_get_next;
740 return (*kd->get_next)(context, kd, host);
741 }
742
743 return KRB5_KDC_UNREACH; /* XXX */
744 }
745
746 static struct krb5_krbhst_data*
747 common_init(krb5_context context,
748 const char *realm,
749 int flags)
750 {
751 struct krb5_krbhst_data *kd;
752
753 if((kd = calloc(1, sizeof(*kd))) == NULL)
754 return NULL;
755
756 if((kd->realm = strdup(realm)) == NULL) {
757 free(kd);
758 return NULL;
759 }
760
761 /* For 'realms' without a . do not even think of going to DNS */
762 if (!strchr(realm, '.'))
763 kd->flags |= KD_CONFIG_EXISTS;
764
765 if (flags & KRB5_KRBHST_FLAGS_LARGE_MSG)
766 kd->flags |= KD_LARGE_MSG;
767 kd->end = kd->index = &kd->hosts;
768 return kd;
769 }
770
771 /*
772 * initialize `handle' to look for hosts of type `type' in realm `realm'
773 */
774
775 krb5_error_code KRB5_LIB_FUNCTION
776 krb5_krbhst_init(krb5_context context,
777 const char *realm,
778 unsigned int type,
779 krb5_krbhst_handle *handle)
780 {
781 return krb5_krbhst_init_flags(context, realm, type, 0, handle);
782 }
783
784 krb5_error_code KRB5_LIB_FUNCTION
785 krb5_krbhst_init_flags(krb5_context context,
786 const char *realm,
787 unsigned int type,
788 int flags,
789 krb5_krbhst_handle *handle)
790 {
791 struct krb5_krbhst_data *kd;
792 krb5_error_code (*next)(krb5_context, struct krb5_krbhst_data *,
793 krb5_krbhst_info **);
794 int def_port;
795
796 switch(type) {
797 case KRB5_KRBHST_KDC:
798 next = kdc_get_next;
799 def_port = ntohs(krb5_getportbyname (context, "kerberos", "udp", 88));
800 break;
801 case KRB5_KRBHST_ADMIN:
802 next = admin_get_next;
803 def_port = ntohs(krb5_getportbyname (context, "kerberos-adm",
804 "tcp", 749));
805 break;
806 case KRB5_KRBHST_CHANGEPW:
807 next = kpasswd_get_next;
808 def_port = ntohs(krb5_getportbyname (context, "kpasswd", "udp",
809 KPASSWD_PORT));
810 break;
811 case KRB5_KRBHST_KRB524:
812 next = krb524_get_next;
813 def_port = ntohs(krb5_getportbyname (context, "krb524", "udp", 4444));
814 break;
815 default:
816 krb5_set_error_string(context, "unknown krbhst type (%u)", type);
817 return ENOTTY;
818 }
819 if((kd = common_init(context, realm, flags)) == NULL)
820 return ENOMEM;
821 kd->get_next = next;
822 kd->def_port = def_port;
823 *handle = kd;
824 return 0;
825 }
826
827 /*
828 * return the next host information from `handle' in `host'
829 */
830
831 krb5_error_code KRB5_LIB_FUNCTION
832 krb5_krbhst_next(krb5_context context,
833 krb5_krbhst_handle handle,
834 krb5_krbhst_info **host)
835 {
836 if(get_next(handle, host))
837 return 0;
838
839 return (*handle->get_next)(context, handle, host);
840 }
841
842 /*
843 * return the next host information from `handle' as a host name
844 * in `hostname' (or length `hostlen)
845 */
846
847 krb5_error_code KRB5_LIB_FUNCTION
848 krb5_krbhst_next_as_string(krb5_context context,
849 krb5_krbhst_handle handle,
850 char *hostname,
851 size_t hostlen)
852 {
853 krb5_error_code ret;
854 krb5_krbhst_info *host;
855 ret = krb5_krbhst_next(context, handle, &host);
856 if(ret)
857 return ret;
858 return krb5_krbhst_format_string(context, host, hostname, hostlen);
859 }
860
861
862 void KRB5_LIB_FUNCTION
863 krb5_krbhst_reset(krb5_context context, krb5_krbhst_handle handle)
864 {
865 handle->index = &handle->hosts;
866 }
867
868 void KRB5_LIB_FUNCTION
869 krb5_krbhst_free(krb5_context context, krb5_krbhst_handle handle)
870 {
871 krb5_krbhst_info *h, *next;
872
873 if (handle == NULL)
874 return;
875
876 for (h = handle->hosts; h != NULL; h = next) {
877 next = h->next;
878 _krb5_free_krbhst_info(h);
879 }
880
881 free(handle->realm);
882 free(handle);
883 }
884
885 /* backwards compatibility ahead */
886
887 static krb5_error_code
888 gethostlist(krb5_context context, const char *realm,
889 unsigned int type, char ***hostlist)
890 {
891 krb5_error_code ret;
892 int nhost = 0;
893 krb5_krbhst_handle handle;
894 char host[MAXHOSTNAMELEN];
895 krb5_krbhst_info *hostinfo;
896
897 ret = krb5_krbhst_init(context, realm, type, &handle);
898 if (ret)
899 return ret;
900
901 while(krb5_krbhst_next(context, handle, &hostinfo) == 0)
902 nhost++;
903 if(nhost == 0)
904 return KRB5_KDC_UNREACH;
905 *hostlist = calloc(nhost + 1, sizeof(**hostlist));
906 if(*hostlist == NULL) {
907 krb5_krbhst_free(context, handle);
908 return ENOMEM;
909 }
910
911 krb5_krbhst_reset(context, handle);
912 nhost = 0;
913 while(krb5_krbhst_next_as_string(context, handle,
914 host, sizeof(host)) == 0) {
915 if(((*hostlist)[nhost++] = strdup(host)) == NULL) {
916 krb5_free_krbhst(context, *hostlist);
917 krb5_krbhst_free(context, handle);
918 return ENOMEM;
919 }
920 }
921 (*hostlist)[nhost++] = NULL;
922 krb5_krbhst_free(context, handle);
923 return 0;
924 }
925
926 /*
927 * return an malloced list of kadmin-hosts for `realm' in `hostlist'
928 */
929
930 krb5_error_code KRB5_LIB_FUNCTION
931 krb5_get_krb_admin_hst (krb5_context context,
932 const krb5_realm *realm,
933 char ***hostlist)
934 {
935 return gethostlist(context, *realm, KRB5_KRBHST_ADMIN, hostlist);
936 }
937
938 /*
939 * return an malloced list of changepw-hosts for `realm' in `hostlist'
940 */
941
942 krb5_error_code KRB5_LIB_FUNCTION
943 krb5_get_krb_changepw_hst (krb5_context context,
944 const krb5_realm *realm,
945 char ***hostlist)
946 {
947 return gethostlist(context, *realm, KRB5_KRBHST_CHANGEPW, hostlist);
948 }
949
950 /*
951 * return an malloced list of 524-hosts for `realm' in `hostlist'
952 */
953
954 krb5_error_code KRB5_LIB_FUNCTION
955 krb5_get_krb524hst (krb5_context context,
956 const krb5_realm *realm,
957 char ***hostlist)
958 {
959 return gethostlist(context, *realm, KRB5_KRBHST_KRB524, hostlist);
960 }
961
962
963 /*
964 * return an malloced list of KDC's for `realm' in `hostlist'
965 */
966
967 krb5_error_code KRB5_LIB_FUNCTION
968 krb5_get_krbhst (krb5_context context,
969 const krb5_realm *realm,
970 char ***hostlist)
971 {
972 return gethostlist(context, *realm, KRB5_KRBHST_KDC, hostlist);
973 }
974
975 /*
976 * free all the memory allocated in `hostlist'
977 */
978
979 krb5_error_code KRB5_LIB_FUNCTION
980 krb5_free_krbhst (krb5_context context,
981 char **hostlist)
982 {
983 char **p;
984
985 for (p = hostlist; *p; ++p)
986 free (*p);
987 free (hostlist);
988 return 0;
989 }
Samba GIT mirror