2 Unix SMB/CIFS implementation.
3 kerberos locator plugin
4 Copyright (C) Guenther Deschner 2007-2008
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 #include "nsswitch/winbind_client.h"
21 #include "libwbclient/wbclient.h"
27 #if defined(HAVE_KRB5) && defined(HAVE_KRB5_LOCATE_PLUGIN_H)
29 #include <krb5/krb5.h>
30 #include <krb5/locate_plugin.h>
32 #ifndef KRB5_PLUGIN_NO_HANDLE
33 #define KRB5_PLUGIN_NO_HANDLE KRB5_KDC_UNREACH /* Heimdal */
36 static const char *get_service_from_locate_service_type(enum locate_service_type svc
)
39 case locate_service_kdc
:
40 case locate_service_master_kdc
:
42 case locate_service_kadmin
:
43 case locate_service_krb524
:
46 case locate_service_kpasswd
:
56 static const char *locate_service_type_name(enum locate_service_type svc
)
59 case locate_service_kdc
:
60 return "locate_service_kdc";
61 case locate_service_master_kdc
:
62 return "locate_service_master_kdc";
63 case locate_service_kadmin
:
64 return "locate_service_kadmin";
65 case locate_service_krb524
:
66 return "locate_service_krb524";
67 case locate_service_kpasswd
:
68 return "locate_service_kpasswd";
75 static const char *socktype_name(int socktype
)
88 static const char *family_name(int family
)
95 #if defined(HAVE_IPV6)
107 * Check input parameters, return KRB5_PLUGIN_NO_HANDLE for unsupported ones
110 * @param realm string
111 * @param socktype integer
112 * @param family integer
117 static int smb_krb5_locator_lookup_sanity_check(enum locate_service_type svc
,
122 if (!realm
|| strlen(realm
) == 0) {
127 case locate_service_kdc
:
128 case locate_service_master_kdc
:
129 case locate_service_kpasswd
:
131 case locate_service_kadmin
:
132 case locate_service_krb524
:
133 return KRB5_PLUGIN_NO_HANDLE
;
142 #if defined(HAVE_IPV6)
153 case 0: /* Heimdal uses that */
163 * Try to get addrinfo for a given host and call the krb5 callback
166 * @param service string
167 * @param in struct addrinfo hint
168 * @param cbfunc krb5 callback function
169 * @param cbdata void pointer cbdata
171 * @return krb5_error_code.
174 static krb5_error_code
smb_krb5_locator_call_cbfunc(const char *name
,
177 int (*cbfunc
)(void *, int, struct sockaddr
*),
180 struct addrinfo
*out
= NULL
;
186 ret
= getaddrinfo(name
, service
, in
, &out
);
191 if (ret
== EAI_AGAIN
) {
197 fprintf(stderr
, "[%5u]: smb_krb5_locator_lookup: "
198 "getaddrinfo failed: %s (%d)\n",
199 (unsigned int)getpid(), gai_strerror(ret
), ret
);
202 return KRB5_PLUGIN_NO_HANDLE
;
205 ret
= cbfunc(cbdata
, out
->ai_socktype
, out
->ai_addr
);
208 fprintf(stderr
, "[%5u]: smb_krb5_locator_lookup: "
209 "failed to call callback: %s (%d)\n",
210 (unsigned int)getpid(), error_message(ret
), ret
);
219 * PUBLIC INTERFACE: locate init
221 * @param context krb5_context
222 * @param privata_data pointer to private data pointer
224 * @return krb5_error_code.
227 static krb5_error_code
smb_krb5_locator_init(krb5_context context
,
234 * PUBLIC INTERFACE: close locate
236 * @param private_data pointer to private data
241 static void smb_krb5_locator_close(void *private_data
)
247 static bool ask_winbind(const char *realm
, char **dcname
)
250 const char *dc
= NULL
;
251 struct wbcDomainControllerInfoEx
*dc_info
= NULL
;
254 flags
= WBC_LOOKUP_DC_KDC_REQUIRED
|
255 WBC_LOOKUP_DC_IS_DNS_NAME
|
256 WBC_LOOKUP_DC_RETURN_DNS_NAME
|
257 WBC_LOOKUP_DC_IP_REQUIRED
;
259 wbc_status
= wbcLookupDomainControllerEx(realm
, NULL
, NULL
, flags
, &dc_info
);
261 if (!WBC_ERROR_IS_OK(wbc_status
)) {
263 fprintf(stderr
,"[%5u]: smb_krb5_locator_lookup: failed with: %s\n",
264 (unsigned int)getpid(), wbcErrorString(wbc_status
));
269 if (dc_info
->dc_address
) {
270 dc
= dc_info
->dc_address
;
271 if (dc
[0] == '\\') dc
++;
272 if (dc
[0] == '\\') dc
++;
275 if (!dc
&& dc_info
->dc_unc
) {
276 dc
= dc_info
->dc_unc
;
277 if (dc
[0] == '\\') dc
++;
278 if (dc
[0] == '\\') dc
++;
282 wbcFreeMemory(dc_info
);
286 *dcname
= strdup(dc
);
288 wbcFreeMemory(dc_info
);
292 wbcFreeMemory(dc_info
);
297 * PUBLIC INTERFACE: locate lookup
299 * @param private_data pointer to private data
300 * @param svc enum locate_service_type.
301 * @param realm string
302 * @param socktype integer
303 * @param family integer
304 * @param cbfunc callback function to send back entries
305 * @param cbdata void pointer to cbdata
307 * @return krb5_error_code.
310 static krb5_error_code
smb_krb5_locator_lookup(void *private_data
,
311 enum locate_service_type svc
,
315 int (*cbfunc
)(void *, int, struct sockaddr
*),
319 struct addrinfo aihints
;
320 char *kdc_name
= NULL
;
321 const char *service
= get_service_from_locate_service_type(svc
);
323 ZERO_STRUCT(aihints
);
326 fprintf(stderr
,"[%5u]: smb_krb5_locator_lookup: called for '%s' "
328 "socktype: '%s' (%d), family: '%s' (%d)\n",
329 (unsigned int)getpid(), realm
,
330 locate_service_type_name(svc
), svc
,
331 socktype_name(socktype
), socktype
,
332 family_name(family
), family
);
334 ret
= smb_krb5_locator_lookup_sanity_check(svc
, realm
, socktype
,
338 fprintf(stderr
, "[%5u]: smb_krb5_locator_lookup: "
339 "returning ret: %s (%d)\n",
340 (unsigned int)getpid(), error_message(ret
), ret
);
345 if (!winbind_env_set()) {
346 if (!ask_winbind(realm
, &kdc_name
)) {
348 fprintf(stderr
, "[%5u]: smb_krb5_locator_lookup: "
349 "failed to query winbindd\n",
350 (unsigned int)getpid());
355 const char *env
= NULL
;
357 if (asprintf(&var
, "%s_%s",
358 WINBINDD_LOCATOR_KDC_ADDRESS
, realm
) == -1) {
364 fprintf(stderr
, "[%5u]: smb_krb5_locator_lookup: "
365 "failed to get kdc from env %s\n",
366 (unsigned int)getpid(), var
);
373 kdc_name
= strdup(env
);
379 fprintf(stderr
, "[%5u]: smb_krb5_locator_lookup: "
380 "got '%s' for '%s' from winbindd\n", (unsigned int)getpid(),
384 aihints
.ai_family
= family
;
385 aihints
.ai_socktype
= socktype
;
387 ret
= smb_krb5_locator_call_cbfunc(kdc_name
,
396 return KRB5_PLUGIN_NO_HANDLE
;
399 #ifdef HEIMDAL_KRB5_LOCATE_PLUGIN_H
400 #define SMB_KRB5_LOCATOR_SYMBOL_NAME resolve /* Heimdal */
402 #define SMB_KRB5_LOCATOR_SYMBOL_NAME service_locator /* MIT */
405 const krb5plugin_service_locate_ftable SMB_KRB5_LOCATOR_SYMBOL_NAME
= {
407 smb_krb5_locator_init
,
408 smb_krb5_locator_close
,
409 smb_krb5_locator_lookup
,