search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
add missing files
[heimdal.git] / lib / krb5 / context.c
blobf150930f0c4d86d9b106e080de27e4fb0dc19ead
1 /*
2 * Copyright (c) 1997 - 2010 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 #include "krb5_locl.h"
37 #include <assert.h>
38 #include <com_err.h>
39
40 #define INIT_FIELD(C, T, E, D, F) \
41 (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \
42 "libdefaults", F, NULL)
43
44 #define INIT_FLAG(C, O, V, D, F) \
45 do { \
46 if (krb5_config_get_bool_default((C), NULL, (D),"libdefaults", F, NULL)) { \
47 (C)->O |= V; \
48 } \
49 } while(0)
50
51 /*
52 * Set the list of etypes `ret_etypes' from the configuration variable
53 * `name'
54 */
55
56 static krb5_error_code
57 set_etypes (krb5_context context,
58 const char *name,
59 krb5_enctype **ret_enctypes)
60 {
61 char **etypes_str;
62 krb5_enctype *etypes = NULL;
63
64 etypes_str = krb5_config_get_strings(context, NULL, "libdefaults",
65 name, NULL);
66 if(etypes_str){
67 int i, j, k;
68 for(i = 0; etypes_str[i]; i++);
69 etypes = malloc((i+1) * sizeof(*etypes));
70 if (etypes == NULL) {
71 krb5_config_free_strings (etypes_str);
72 return krb5_enomem(context);
73 }
74 for(j = 0, k = 0; j < i; j++) {
75 krb5_enctype e;
76 if(krb5_string_to_enctype(context, etypes_str[j], &e) != 0)
77 continue;
78 if (krb5_enctype_valid(context, e) != 0)
79 continue;
80 etypes[k++] = e;
81 }
82 etypes[k] = ETYPE_NULL;
83 krb5_config_free_strings(etypes_str);
84 }
85 *ret_enctypes = etypes;
86 return 0;
87 }
88
89 /*
90 * read variables from the configuration file and set in `context'
91 */
92
93 static krb5_error_code
94 init_context_from_config_file(krb5_context context)
95 {
96 krb5_error_code ret;
97 const char * tmp;
98 char **s;
99 krb5_enctype *tmptypes;
100
101 INIT_FIELD(context, time, max_skew, 5 * 60, "clockskew");
102 INIT_FIELD(context, time, kdc_timeout, 30, "kdc_timeout");
103 INIT_FIELD(context, time, host_timeout, 3, "host_timeout");
104 INIT_FIELD(context, int, max_retries, 3, "max_retries");
105
106 INIT_FIELD(context, string, http_proxy, NULL, "http_proxy");
107
108 ret = krb5_config_get_bool_default(context, NULL, FALSE,
109 "libdefaults",
110 "allow_weak_crypto", NULL);
111 if (ret) {
112 krb5_enctype_enable(context, ETYPE_DES_CBC_CRC);
113 krb5_enctype_enable(context, ETYPE_DES_CBC_MD4);
114 krb5_enctype_enable(context, ETYPE_DES_CBC_MD5);
115 krb5_enctype_enable(context, ETYPE_DES_CBC_NONE);
116 krb5_enctype_enable(context, ETYPE_DES_CFB64_NONE);
117 krb5_enctype_enable(context, ETYPE_DES_PCBC_NONE);
118 }
119
120 ret = set_etypes (context, "default_etypes", &tmptypes);
121 if(ret)
122 return ret;
123 free(context->etypes);
124 context->etypes = tmptypes;
125
126 ret = set_etypes (context, "default_etypes_des", &tmptypes);
127 if(ret)
128 return ret;
129 free(context->etypes_des);
130 context->etypes_des = tmptypes;
131
132 ret = set_etypes (context, "default_as_etypes", &tmptypes);
133 if(ret)
134 return ret;
135 free(context->as_etypes);
136 context->as_etypes = tmptypes;
137
138 ret = set_etypes (context, "default_tgs_etypes", &tmptypes);
139 if(ret)
140 return ret;
141 free(context->tgs_etypes);
142 context->tgs_etypes = tmptypes;
143
144 ret = set_etypes (context, "permitted_enctypes", &tmptypes);
145 if(ret)
146 return ret;
147 free(context->permitted_enctypes);
148 context->permitted_enctypes = tmptypes;
149
150 /* default keytab name */
151 tmp = NULL;
152 if(!issuid())
153 tmp = getenv("KRB5_KTNAME");
154 if(tmp != NULL)
155 context->default_keytab = tmp;
156 else
157 INIT_FIELD(context, string, default_keytab,
158 KEYTAB_DEFAULT, "default_keytab_name");
159
160 INIT_FIELD(context, string, default_keytab_modify,
161 NULL, "default_keytab_modify_name");
162
163 INIT_FIELD(context, string, time_fmt,
164 "%Y-%m-%dT%H:%M:%S", "time_format");
165
166 INIT_FIELD(context, string, date_fmt,
167 "%Y-%m-%d", "date_format");
168
169 INIT_FIELD(context, bool, log_utc,
170 FALSE, "log_utc");
171
172
173
174 /* init dns-proxy slime */
175 tmp = krb5_config_get_string(context, NULL, "libdefaults",
176 "dns_proxy", NULL);
177 if(tmp)
178 roken_gethostby_setup(context->http_proxy, tmp);
179 krb5_free_host_realm (context, context->default_realms);
180 context->default_realms = NULL;
181
182 {
183 krb5_addresses addresses;
184 char **adr, **a;
185
186 krb5_set_extra_addresses(context, NULL);
187 adr = krb5_config_get_strings(context, NULL,
188 "libdefaults",
189 "extra_addresses",
190 NULL);
191 memset(&addresses, 0, sizeof(addresses));
192 for(a = adr; a && *a; a++) {
193 ret = krb5_parse_address(context, *a, &addresses);
194 if (ret == 0) {
195 krb5_add_extra_addresses(context, &addresses);
196 krb5_free_addresses(context, &addresses);
197 }
198 }
199 krb5_config_free_strings(adr);
200
201 krb5_set_ignore_addresses(context, NULL);
202 adr = krb5_config_get_strings(context, NULL,
203 "libdefaults",
204 "ignore_addresses",
205 NULL);
206 memset(&addresses, 0, sizeof(addresses));
207 for(a = adr; a && *a; a++) {
208 ret = krb5_parse_address(context, *a, &addresses);
209 if (ret == 0) {
210 krb5_add_ignore_addresses(context, &addresses);
211 krb5_free_addresses(context, &addresses);
212 }
213 }
214 krb5_config_free_strings(adr);
215 }
216
217 INIT_FIELD(context, bool, scan_interfaces, TRUE, "scan_interfaces");
218 INIT_FIELD(context, int, fcache_vno, 0, "fcache_version");
219 /* prefer dns_lookup_kdc over srv_lookup. */
220 INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup");
221 INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc");
222 INIT_FIELD(context, int, large_msg_size, 1400, "large_message_size");
223 INIT_FIELD(context, int, max_msg_size, 1000 * 1024, "maximum_message_size");
224 INIT_FLAG(context, flags, KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME, TRUE, "dns_canonicalize_hostname");
225 INIT_FLAG(context, flags, KRB5_CTX_F_CHECK_PAC, TRUE, "check_pac");
226
227 if (context->default_cc_name)
228 free(context->default_cc_name);
229 context->default_cc_name = NULL;
230 context->default_cc_name_set = 0;
231
232 s = krb5_config_get_strings(context, NULL, "logging", "krb5", NULL);
233 if(s) {
234 char **p;
235
236 if (context->debug_dest)
237 krb5_closelog(context, context->debug_dest);
238
239 krb5_initlog(context, "libkrb5", &context->debug_dest);
240 for(p = s; *p; p++)
241 krb5_addlog_dest(context, context->debug_dest, *p);
242 krb5_config_free_strings(s);
243 }
244
245 tmp = krb5_config_get_string(context, NULL, "libdefaults",
246 "check-rd-req-server", NULL);
247 if (tmp == NULL && !issuid())
248 tmp = getenv("KRB5_CHECK_RD_REQ_SERVER");
249 if(tmp) {
250 if (strcasecmp(tmp, "ignore") == 0)
251 context->flags |= KRB5_CTX_F_RD_REQ_IGNORE;
252 }
253
254 return 0;
255 }
256
257 static krb5_error_code
258 cc_ops_register(krb5_context context)
259 {
260 context->cc_ops = NULL;
261 context->num_cc_ops = 0;
262
263 #ifndef KCM_IS_API_CACHE
264 krb5_cc_register(context, &krb5_acc_ops, TRUE);
265 #endif
266 krb5_cc_register(context, &krb5_fcc_ops, TRUE);
267 krb5_cc_register(context, &krb5_dcc_ops, TRUE);
268 krb5_cc_register(context, &krb5_mcc_ops, TRUE);
269 #ifdef HAVE_SCC
270 krb5_cc_register(context, &krb5_scc_ops, TRUE);
271 #endif
272 #ifdef HAVE_KCM
273 #ifdef KCM_IS_API_CACHE
274 krb5_cc_register(context, &krb5_akcm_ops, TRUE);
275 #endif
276 krb5_cc_register(context, &krb5_kcm_ops, TRUE);
277 #endif
278 _krb5_load_ccache_plugins(context);
279 return 0;
280 }
281
282 static krb5_error_code
283 cc_ops_copy(krb5_context context, const krb5_context src_context)
284 {
285 const krb5_cc_ops **cc_ops;
286
287 context->cc_ops = NULL;
288 context->num_cc_ops = 0;
289
290 if (src_context->num_cc_ops == 0)
291 return 0;
292
293 cc_ops = malloc(sizeof(cc_ops[0]) * src_context->num_cc_ops);
294 if (cc_ops == NULL) {
295 krb5_set_error_message(context, KRB5_CC_NOMEM,
296 N_("malloc: out of memory", ""));
297 return KRB5_CC_NOMEM;
298 }
299
300 memcpy(rk_UNCONST(cc_ops), src_context->cc_ops,
301 sizeof(cc_ops[0]) * src_context->num_cc_ops);
302 context->cc_ops = cc_ops;
303 context->num_cc_ops = src_context->num_cc_ops;
304
305 return 0;
306 }
307
308 static krb5_error_code
309 kt_ops_register(krb5_context context)
310 {
311 context->num_kt_types = 0;
312 context->kt_types = NULL;
313
314 krb5_kt_register (context, &krb5_fkt_ops);
315 krb5_kt_register (context, &krb5_wrfkt_ops);
316 krb5_kt_register (context, &krb5_javakt_ops);
317 krb5_kt_register (context, &krb5_mkt_ops);
318 #ifndef HEIMDAL_SMALLER
319 krb5_kt_register (context, &krb5_akf_ops);
320 #endif
321 krb5_kt_register (context, &krb5_any_ops);
322 return 0;
323 }
324
325 static krb5_error_code
326 kt_ops_copy(krb5_context context, const krb5_context src_context)
327 {
328 context->num_kt_types = 0;
329 context->kt_types = NULL;
330
331 if (src_context->num_kt_types == 0)
332 return 0;
333
334 context->kt_types = malloc(sizeof(context->kt_types[0]) * src_context->num_kt_types);
335 if (context->kt_types == NULL)
336 return krb5_enomem(context);
337
338 context->num_kt_types = src_context->num_kt_types;
339 memcpy(context->kt_types, src_context->kt_types,
340 sizeof(context->kt_types[0]) * src_context->num_kt_types);
341
342 return 0;
343 }
344
345 static const char *sysplugin_dirs[] = {
346 LIBDIR "/plugin/krb5",
347 #ifdef __APPLE__
348 "/Library/KerberosPlugins/KerberosFrameworkPlugins",
349 "/System/Library/KerberosPlugins/KerberosFrameworkPlugins",
350 #endif
351 NULL
352 };
353
354 static void
355 init_context_once(void *ctx)
356 {
357 krb5_context context = ctx;
358 char **dirs;
359
360 dirs = krb5_config_get_strings(context, NULL, "libdefaults",
361 "plugin_dir", NULL);
362 if (dirs == NULL)
363 dirs = rk_UNCONST(sysplugin_dirs);
364
365 _krb5_load_plugins(context, "krb5", (const char **)dirs);
366
367 if (dirs != rk_UNCONST(sysplugin_dirs))
368 krb5_config_free_strings(dirs);
369
370 bindtextdomain(HEIMDAL_TEXTDOMAIN, HEIMDAL_LOCALEDIR);
371 }
372
373
374 /**
375 * Initializes the context structure and reads the configuration file
376 * /etc/krb5.conf. The structure should be freed by calling
377 * krb5_free_context() when it is no longer being used.
378 *
379 * @param context pointer to returned context
380 *
381 * @return Returns 0 to indicate success. Otherwise an errno code is
382 * returned. Failure means either that something bad happened during
383 * initialization (typically ENOMEM) or that Kerberos should not be
384 * used ENXIO.
385 *
386 * @ingroup krb5
387 */
388
389 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
390 krb5_init_context(krb5_context *context)
391 {
392 static heim_base_once_t init_context = HEIM_BASE_ONCE_INIT;
393 krb5_context p;
394 krb5_error_code ret;
395 char **files;
396
397 *context = NULL;
398
399 p = calloc(1, sizeof(*p));
400 if(!p)
401 return ENOMEM;
402
403 p->mutex = malloc(sizeof(HEIMDAL_MUTEX));
404 if (p->mutex == NULL) {
405 free(p);
406 return ENOMEM;
407 }
408 HEIMDAL_MUTEX_init(p->mutex);
409
410 p->flags |= KRB5_CTX_F_HOMEDIR_ACCESS;
411
412 ret = krb5_get_default_config_files(&files);
413 if(ret)
414 goto out;
415 ret = krb5_set_config_files(p, files);
416 krb5_free_config_files(files);
417 if(ret)
418 goto out;
419
420 /* done enough to load plugins */
421 heim_base_once_f(&init_context, p, init_context_once);
422
423 /* init error tables */
424 krb5_init_ets(p);
425 cc_ops_register(p);
426 kt_ops_register(p);
427
428 #ifdef PKINIT
429 ret = hx509_context_init(&p->hx509ctx);
430 if (ret)
431 goto out;
432 #endif
433 if (rk_SOCK_INIT())
434 p->flags |= KRB5_CTX_F_SOCKETS_INITIALIZED;
435
436 out:
437 if(ret) {
438 krb5_free_context(p);
439 p = NULL;
440 }
441 *context = p;
442 return ret;
443 }
444
445 #ifndef HEIMDAL_SMALLER
446
447 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
448 krb5_get_permitted_enctypes(krb5_context context,
449 krb5_enctype **etypes)
450 {
451 return krb5_get_default_in_tkt_etypes(context, KRB5_PDU_NONE, etypes);
452 }
453
454 /*
455 *
456 */
457
458 static krb5_error_code
459 copy_etypes (krb5_context context,
460 krb5_enctype *enctypes,
461 krb5_enctype **ret_enctypes)
462 {
463 unsigned int i;
464
465 for (i = 0; enctypes[i]; i++)
466 ;
467 i++;
468
469 *ret_enctypes = malloc(sizeof(ret_enctypes[0]) * i);
470 if (*ret_enctypes == NULL)
471 return krb5_enomem(context);
472 memcpy(*ret_enctypes, enctypes, sizeof(ret_enctypes[0]) * i);
473 return 0;
474 }
475
476 /**
477 * Make a copy for the Kerberos 5 context, the new krb5_context shoud
478 * be freed with krb5_free_context().
479 *
480 * @param context the Kerberos context to copy
481 * @param out the copy of the Kerberos, set to NULL error.
482 *
483 * @return Returns 0 to indicate success. Otherwise an kerberos et
484 * error code is returned, see krb5_get_error_message().
485 *
486 * @ingroup krb5
487 */
488
489 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
490 krb5_copy_context(krb5_context context, krb5_context *out)
491 {
492 krb5_error_code ret;
493 krb5_context p;
494
495 *out = NULL;
496
497 p = calloc(1, sizeof(*p));
498 if (p == NULL)
499 return krb5_enomem(context);
500
501 p->mutex = malloc(sizeof(HEIMDAL_MUTEX));
502 if (p->mutex == NULL) {
503 free(p);
504 return krb5_enomem(context);
505 }
506 HEIMDAL_MUTEX_init(p->mutex);
507
508
509 if (context->default_cc_name)
510 p->default_cc_name = strdup(context->default_cc_name);
511 if (context->default_cc_name_env)
512 p->default_cc_name_env = strdup(context->default_cc_name_env);
513
514 if (context->etypes) {
515 ret = copy_etypes(context, context->etypes, &p->etypes);
516 if (ret)
517 goto out;
518 }
519 if (context->etypes_des) {
520 ret = copy_etypes(context, context->etypes_des, &p->etypes_des);
521 if (ret)
522 goto out;
523 }
524
525 if (context->default_realms) {
526 ret = krb5_copy_host_realm(context,
527 context->default_realms, &p->default_realms);
528 if (ret)
529 goto out;
530 }
531
532 ret = _krb5_config_copy(context, context->cf, &p->cf);
533 if (ret)
534 goto out;
535
536 /* XXX should copy */
537 krb5_init_ets(p);
538
539 cc_ops_copy(p, context);
540 kt_ops_copy(p, context);
541
542 #if 0 /* XXX */
543 if(context->warn_dest != NULL)
544 ;
545 if(context->debug_dest != NULL)
546 ;
547 #endif
548
549 ret = krb5_set_extra_addresses(p, context->extra_addresses);
550 if (ret)
551 goto out;
552 ret = krb5_set_extra_addresses(p, context->ignore_addresses);
553 if (ret)
554 goto out;
555
556 ret = _krb5_copy_send_to_kdc_func(p, context);
557 if (ret)
558 goto out;
559
560 *out = p;
561
562 return 0;
563
564 out:
565 krb5_free_context(p);
566 return ret;
567 }
568
569 #endif
570
571 /**
572 * Frees the krb5_context allocated by krb5_init_context().
573 *
574 * @param context context to be freed.
575 *
576 * @ingroup krb5
577 */
578
579 KRB5_LIB_FUNCTION void KRB5_LIB_CALL
580 krb5_free_context(krb5_context context)
581 {
582 if (context->default_cc_name)
583 free(context->default_cc_name);
584 if (context->default_cc_name_env)
585 free(context->default_cc_name_env);
586 free(context->etypes);
587 free(context->etypes_des);
588 krb5_free_host_realm (context, context->default_realms);
589 krb5_config_file_free (context, context->cf);
590 free_error_table (context->et_list);
591 free(rk_UNCONST(context->cc_ops));
592 free(context->kt_types);
593 krb5_clear_error_message(context);
594 if(context->warn_dest != NULL)
595 krb5_closelog(context, context->warn_dest);
596 if(context->debug_dest != NULL)
597 krb5_closelog(context, context->debug_dest);
598 krb5_set_extra_addresses(context, NULL);
599 krb5_set_ignore_addresses(context, NULL);
600 krb5_set_send_to_kdc_func(context, NULL, NULL);
601
602 #ifdef PKINIT
603 if (context->hx509ctx)
604 hx509_context_free(&context->hx509ctx);
605 #endif
606
607 HEIMDAL_MUTEX_destroy(context->mutex);
608 free(context->mutex);
609 if (context->flags & KRB5_CTX_F_SOCKETS_INITIALIZED) {
610 rk_SOCK_EXIT();
611 }
612
613 memset(context, 0, sizeof(*context));
614 free(context);
615 }
616
617 /**
618 * Reinit the context from a new set of filenames.
619 *
620 * @param context context to add configuration too.
621 * @param filenames array of filenames, end of list is indicated with a NULL filename.
622 *
623 * @return Returns 0 to indicate success. Otherwise an kerberos et
624 * error code is returned, see krb5_get_error_message().
625 *
626 * @ingroup krb5
627 */
628
629 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
630 krb5_set_config_files(krb5_context context, char **filenames)
631 {
632 krb5_error_code ret;
633 krb5_config_binding *tmp = NULL;
634 while(filenames != NULL && *filenames != NULL && **filenames != '\0') {
635 ret = krb5_config_parse_file_multi(context, *filenames, &tmp);
636 if(ret != 0 && ret != ENOENT && ret != EACCES && ret != EPERM) {
637 krb5_config_file_free(context, tmp);
638 return ret;
639 }
640 filenames++;
641 }
642 #if 0
643 /* with this enabled and if there are no config files, Kerberos is
644 considererd disabled */
645 if(tmp == NULL)
646 return ENXIO;
647 #endif
648
649 #ifdef _WIN32
650 _krb5_load_config_from_registry(context, &tmp);
651 #endif
652
653 krb5_config_file_free(context, context->cf);
654 context->cf = tmp;
655 ret = init_context_from_config_file(context);
656 return ret;
657 }
658
659 static krb5_error_code
660 add_file(char ***pfilenames, int *len, char *file)
661 {
662 char **pp = *pfilenames;
663 int i;
664
665 for(i = 0; i < *len; i++) {
666 if(strcmp(pp[i], file) == 0) {
667 free(file);
668 return 0;
669 }
670 }
671
672 pp = realloc(*pfilenames, (*len + 2) * sizeof(*pp));
673 if (pp == NULL) {
674 free(file);
675 return ENOMEM;
676 }
677
678 pp[*len] = file;
679 pp[*len + 1] = NULL;
680 *pfilenames = pp;
681 *len += 1;
682 return 0;
683 }
684
685 /*
686 * `pq' isn't free, it's up the the caller
687 */
688
689 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
690 krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp)
691 {
692 krb5_error_code ret;
693 const char *p, *q;
694 char **pp;
695 int len;
696 char *fn;
697
698 pp = NULL;
699
700 len = 0;
701 p = filelist;
702 while(1) {
703 ssize_t l;
704 q = p;
705 l = strsep_copy(&q, PATH_SEP, NULL, 0);
706 if(l == -1)
707 break;
708 fn = malloc(l + 1);
709 if(fn == NULL) {
710 krb5_free_config_files(pp);
711 return ENOMEM;
712 }
713 (void)strsep_copy(&p, PATH_SEP, fn, l + 1);
714 ret = add_file(&pp, &len, fn);
715 if (ret) {
716 krb5_free_config_files(pp);
717 return ret;
718 }
719 }
720
721 if (pq != NULL) {
722 int i;
723
724 for (i = 0; pq[i] != NULL; i++) {
725 fn = strdup(pq[i]);
726 if (fn == NULL) {
727 krb5_free_config_files(pp);
728 return ENOMEM;
729 }
730 ret = add_file(&pp, &len, fn);
731 if (ret) {
732 krb5_free_config_files(pp);
733 return ret;
734 }
735 }
736 }
737
738 *ret_pp = pp;
739 return 0;
740 }
741
742 /**
743 * Prepend the filename to the global configuration list.
744 *
745 * @param filelist a filename to add to the default list of filename
746 * @param pfilenames return array of filenames, should be freed with krb5_free_config_files().
747 *
748 * @return Returns 0 to indicate success. Otherwise an kerberos et
749 * error code is returned, see krb5_get_error_message().
750 *
751 * @ingroup krb5
752 */
753
754 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
755 krb5_prepend_config_files_default(const char *filelist, char ***pfilenames)
756 {
757 krb5_error_code ret;
758 char **defpp, **pp = NULL;
759
760 ret = krb5_get_default_config_files(&defpp);
761 if (ret)
762 return ret;
763
764 ret = krb5_prepend_config_files(filelist, defpp, &pp);
765 krb5_free_config_files(defpp);
766 if (ret) {
767 return ret;
768 }
769 *pfilenames = pp;
770 return 0;
771 }
772
773 #ifdef _WIN32
774
775 /**
776 * Checks the registry for configuration file location
777 *
778 * Kerberos for Windows and other legacy Kerberos applications expect
779 * to find the configuration file location in the
780 * SOFTWARE\MIT\Kerberos registry key under the value "config".
781 */
782 char *
783 _krb5_get_default_config_config_files_from_registry()
784 {
785 static const char * KeyName = "Software\\MIT\\Kerberos";
786 char *config_file = NULL;
787 LONG rcode;
788 HKEY key;
789
790 rcode = RegOpenKeyEx(HKEY_CURRENT_USER, KeyName, 0, KEY_READ, &key);
791 if (rcode == ERROR_SUCCESS) {
792 config_file = _krb5_parse_reg_value_as_multi_string(NULL, key, "config",
793 REG_NONE, 0, PATH_SEP);
794 RegCloseKey(key);
795 }
796
797 if (config_file)
798 return config_file;
799
800 rcode = RegOpenKeyEx(HKEY_LOCAL_MACHINE, KeyName, 0, KEY_READ, &key);
801 if (rcode == ERROR_SUCCESS) {
802 config_file = _krb5_parse_reg_value_as_multi_string(NULL, key, "config",
803 REG_NONE, 0, PATH_SEP);
804 RegCloseKey(key);
805 }
806
807 return config_file;
808 }
809
810 #endif
811
812 /**
813 * Get the global configuration list.
814 *
815 * @param pfilenames return array of filenames, should be freed with krb5_free_config_files().
816 *
817 * @return Returns 0 to indicate success. Otherwise an kerberos et
818 * error code is returned, see krb5_get_error_message().
819 *
820 * @ingroup krb5
821 */
822
823 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
824 krb5_get_default_config_files(char ***pfilenames)
825 {
826 const char *files = NULL;
827
828 if (pfilenames == NULL)
829 return EINVAL;
830 if(!issuid())
831 files = getenv("KRB5_CONFIG");
832
833 #ifdef _WIN32
834 if (files == NULL) {
835 char * reg_files;
836 reg_files = _krb5_get_default_config_config_files_from_registry();
837 if (reg_files != NULL) {
838 krb5_error_code code;
839
840 code = krb5_prepend_config_files(reg_files, NULL, pfilenames);
841 free(reg_files);
842
843 return code;
844 }
845 }
846 #endif
847
848 if (files == NULL)
849 files = krb5_config_file;
850
851 return krb5_prepend_config_files(files, NULL, pfilenames);
852 }
853
854 /**
855 * Free a list of configuration files.
856 *
857 * @param filenames list, terminated with a NULL pointer, to be
858 * freed. NULL is an valid argument.
859 *
860 * @return Returns 0 to indicate success. Otherwise an kerberos et
861 * error code is returned, see krb5_get_error_message().
862 *
863 * @ingroup krb5
864 */
865
866 KRB5_LIB_FUNCTION void KRB5_LIB_CALL
867 krb5_free_config_files(char **filenames)
868 {
869 char **p;
870 for(p = filenames; p && *p != NULL; p++)
871 free(*p);
872 free(filenames);
873 }
874
875 /**
876 * Returns the list of Kerberos encryption types sorted in order of
877 * most preferred to least preferred encryption type. Note that some
878 * encryption types might be disabled, so you need to check with
879 * krb5_enctype_valid() before using the encryption type.
880 *
881 * @return list of enctypes, terminated with ETYPE_NULL. Its a static
882 * array completed into the Kerberos library so the content doesn't
883 * need to be freed.
884 *
885 * @ingroup krb5
886 */
887
888 KRB5_LIB_FUNCTION const krb5_enctype * KRB5_LIB_CALL
889 krb5_kerberos_enctypes(krb5_context context)
890 {
891 static const krb5_enctype p[] = {
892 ETYPE_AES256_CTS_HMAC_SHA1_96,
893 ETYPE_AES128_CTS_HMAC_SHA1_96,
894 ETYPE_DES3_CBC_SHA1,
895 ETYPE_ARCFOUR_HMAC_MD5,
896 ETYPE_NULL
897 };
898
899 static const krb5_enctype weak[] = {
900 ETYPE_AES256_CTS_HMAC_SHA1_96,
901 ETYPE_AES128_CTS_HMAC_SHA1_96,
902 ETYPE_DES3_CBC_SHA1,
903 ETYPE_DES3_CBC_MD5,
904 ETYPE_ARCFOUR_HMAC_MD5,
905 ETYPE_DES_CBC_MD5,
906 ETYPE_DES_CBC_MD4,
907 ETYPE_DES_CBC_CRC,
908 ETYPE_NULL
909 };
910
911 /*
912 * if the list of enctypes enabled by "allow_weak_crypto"
913 * are valid, then return the former default enctype list
914 * that contained the weak entries.
915 */
916 if (krb5_enctype_valid(context, ETYPE_DES_CBC_CRC) == 0 &&
917 krb5_enctype_valid(context, ETYPE_DES_CBC_MD4) == 0 &&
918 krb5_enctype_valid(context, ETYPE_DES_CBC_MD5) == 0 &&
919 krb5_enctype_valid(context, ETYPE_DES_CBC_NONE) == 0 &&
920 krb5_enctype_valid(context, ETYPE_DES_CFB64_NONE) == 0 &&
921 krb5_enctype_valid(context, ETYPE_DES_PCBC_NONE) == 0)
922 return weak;
923
924 return p;
925 }
926
927 /*
928 *
929 */
930
931 static krb5_error_code
932 copy_enctypes(krb5_context context,
933 const krb5_enctype *in,
934 krb5_enctype **out)
935 {
936 krb5_enctype *p = NULL;
937 size_t m, n;
938
939 for (n = 0; in[n]; n++)
940 ;
941 n++;
942 ALLOC(p, n);
943 if(p == NULL)
944 return krb5_enomem(context);
945 for (n = 0, m = 0; in[n]; n++) {
946 if (krb5_enctype_valid(context, in[n]) != 0)
947 continue;
948 p[m++] = in[n];
949 }
950 p[m] = KRB5_ENCTYPE_NULL;
951 if (m == 0) {
952 free(p);
953 krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
954 N_("no valid enctype set", ""));
955 return KRB5_PROG_ETYPE_NOSUPP;
956 }
957 *out = p;
958 return 0;
959 }
960
961
962 /*
963 * set `etype' to a malloced list of the default enctypes
964 */
965
966 static krb5_error_code
967 default_etypes(krb5_context context, krb5_enctype **etype)
968 {
969 const krb5_enctype *p = krb5_kerberos_enctypes(context);
970 return copy_enctypes(context, p, etype);
971 }
972
973 /**
974 * Set the default encryption types that will be use in communcation
975 * with the KDC, clients and servers.
976 *
977 * @param context Kerberos 5 context.
978 * @param etypes Encryption types, array terminated with ETYPE_NULL (0).
979 *
980 * @return Returns 0 to indicate success. Otherwise an kerberos et
981 * error code is returned, see krb5_get_error_message().
982 *
983 * @ingroup krb5
984 */
985
986 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
987 krb5_set_default_in_tkt_etypes(krb5_context context,
988 const krb5_enctype *etypes)
989 {
990 krb5_error_code ret;
991 krb5_enctype *p = NULL;
992
993 if(etypes) {
994 ret = copy_enctypes(context, etypes, &p);
995 if (ret)
996 return ret;
997 }
998 if(context->etypes)
999 free(context->etypes);
1000 context->etypes = p;
1001 return 0;
1002 }
1003
1004 /**
1005 * Get the default encryption types that will be use in communcation
1006 * with the KDC, clients and servers.
1007 *
1008 * @param context Kerberos 5 context.
1009 * @param etypes Encryption types, array terminated with
1010 * ETYPE_NULL(0), caller should free array with krb5_xfree():
1011 *
1012 * @return Returns 0 to indicate success. Otherwise an kerberos et
1013 * error code is returned, see krb5_get_error_message().
1014 *
1015 * @ingroup krb5
1016 */
1017
1018 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1019 krb5_get_default_in_tkt_etypes(krb5_context context,
1020 krb5_pdu pdu_type,
1021 krb5_enctype **etypes)
1022 {
1023 krb5_enctype *enctypes = NULL;
1024 krb5_error_code ret;
1025 krb5_enctype *p;
1026
1027 heim_assert(pdu_type == KRB5_PDU_AS_REQUEST ||
1028 pdu_type == KRB5_PDU_TGS_REQUEST ||
1029 pdu_type == KRB5_PDU_NONE, "pdu contant not as expected");
1030
1031 if (pdu_type == KRB5_PDU_AS_REQUEST && context->as_etypes != NULL)
1032 enctypes = context->as_etypes;
1033 else if (pdu_type == KRB5_PDU_TGS_REQUEST && context->tgs_etypes != NULL)
1034 enctypes = context->tgs_etypes;
1035 else if (context->etypes != NULL)
1036 enctypes = context->etypes;
1037
1038 if (enctypes != NULL) {
1039 ret = copy_enctypes(context, enctypes, &p);
1040 if (ret)
1041 return ret;
1042 } else {
1043 ret = default_etypes(context, &p);
1044 if (ret)
1045 return ret;
1046 }
1047 *etypes = p;
1048 return 0;
1049 }
1050
1051 /**
1052 * Init the built-in ets in the Kerberos library.
1053 *
1054 * @param context kerberos context to add the ets too
1055 *
1056 * @ingroup krb5
1057 */
1058
1059 KRB5_LIB_FUNCTION void KRB5_LIB_CALL
1060 krb5_init_ets(krb5_context context)
1061 {
1062 if(context->et_list == NULL){
1063 krb5_add_et_list(context, initialize_krb5_error_table_r);
1064 krb5_add_et_list(context, initialize_asn1_error_table_r);
1065 krb5_add_et_list(context, initialize_heim_error_table_r);
1066
1067 krb5_add_et_list(context, initialize_k524_error_table_r);
1068
1069 #ifdef COM_ERR_BINDDOMAIN_krb5
1070 bindtextdomain(COM_ERR_BINDDOMAIN_krb5, HEIMDAL_LOCALEDIR);
1071 bindtextdomain(COM_ERR_BINDDOMAIN_asn1, HEIMDAL_LOCALEDIR);
1072 bindtextdomain(COM_ERR_BINDDOMAIN_heim, HEIMDAL_LOCALEDIR);
1073 bindtextdomain(COM_ERR_BINDDOMAIN_k524, HEIMDAL_LOCALEDIR);
1074 #endif
1075
1076 #ifdef PKINIT
1077 krb5_add_et_list(context, initialize_hx_error_table_r);
1078 #ifdef COM_ERR_BINDDOMAIN_hx
1079 bindtextdomain(COM_ERR_BINDDOMAIN_hx, HEIMDAL_LOCALEDIR);
1080 #endif
1081 #endif
1082 }
1083 }
1084
1085 /**
1086 * Make the kerberos library default to the admin KDC.
1087 *
1088 * @param context Kerberos 5 context.
1089 * @param flag boolean flag to select if the use the admin KDC or not.
1090 *
1091 * @ingroup krb5
1092 */
1093
1094 KRB5_LIB_FUNCTION void KRB5_LIB_CALL
1095 krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag)
1096 {
1097 context->use_admin_kdc = flag;
1098 }
1099
1100 /**
1101 * Make the kerberos library default to the admin KDC.
1102 *
1103 * @param context Kerberos 5 context.
1104 *
1105 * @return boolean flag to telling the context will use admin KDC as the default KDC.
1106 *
1107 * @ingroup krb5
1108 */
1109
1110 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
1111 krb5_get_use_admin_kdc (krb5_context context)
1112 {
1113 return context->use_admin_kdc;
1114 }
1115
1116 /**
1117 * Add extra address to the address list that the library will add to
1118 * the client's address list when communicating with the KDC.
1119 *
1120 * @param context Kerberos 5 context.
1121 * @param addresses addreses to add
1122 *
1123 * @return Returns 0 to indicate success. Otherwise an kerberos et
1124 * error code is returned, see krb5_get_error_message().
1125 *
1126 * @ingroup krb5
1127 */
1128
1129 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1130 krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses)
1131 {
1132
1133 if(context->extra_addresses)
1134 return krb5_append_addresses(context,
1135 context->extra_addresses, addresses);
1136 else
1137 return krb5_set_extra_addresses(context, addresses);
1138 }
1139
1140 /**
1141 * Set extra address to the address list that the library will add to
1142 * the client's address list when communicating with the KDC.
1143 *
1144 * @param context Kerberos 5 context.
1145 * @param addresses addreses to set
1146 *
1147 * @return Returns 0 to indicate success. Otherwise an kerberos et
1148 * error code is returned, see krb5_get_error_message().
1149 *
1150 * @ingroup krb5
1151 */
1152
1153 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1154 krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
1155 {
1156 if(context->extra_addresses)
1157 krb5_free_addresses(context, context->extra_addresses);
1158
1159 if(addresses == NULL) {
1160 if(context->extra_addresses != NULL) {
1161 free(context->extra_addresses);
1162 context->extra_addresses = NULL;
1163 }
1164 return 0;
1165 }
1166 if(context->extra_addresses == NULL) {
1167 context->extra_addresses = malloc(sizeof(*context->extra_addresses));
1168 if (context->extra_addresses == NULL)
1169 return krb5_enomem(context);
1170 }
1171 return krb5_copy_addresses(context, addresses, context->extra_addresses);
1172 }
1173
1174 /**
1175 * Get extra address to the address list that the library will add to
1176 * the client's address list when communicating with the KDC.
1177 *
1178 * @param context Kerberos 5 context.
1179 * @param addresses addreses to set
1180 *
1181 * @return Returns 0 to indicate success. Otherwise an kerberos et
1182 * error code is returned, see krb5_get_error_message().
1183 *
1184 * @ingroup krb5
1185 */
1186
1187 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1188 krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses)
1189 {
1190 if(context->extra_addresses == NULL) {
1191 memset(addresses, 0, sizeof(*addresses));
1192 return 0;
1193 }
1194 return krb5_copy_addresses(context,context->extra_addresses, addresses);
1195 }
1196
1197 /**
1198 * Add extra addresses to ignore when fetching addresses from the
1199 * underlaying operating system.
1200 *
1201 * @param context Kerberos 5 context.
1202 * @param addresses addreses to ignore
1203 *
1204 * @return Returns 0 to indicate success. Otherwise an kerberos et
1205 * error code is returned, see krb5_get_error_message().
1206 *
1207 * @ingroup krb5
1208 */
1209
1210 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1211 krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses)
1212 {
1213
1214 if(context->ignore_addresses)
1215 return krb5_append_addresses(context,
1216 context->ignore_addresses, addresses);
1217 else
1218 return krb5_set_ignore_addresses(context, addresses);
1219 }
1220
1221 /**
1222 * Set extra addresses to ignore when fetching addresses from the
1223 * underlaying operating system.
1224 *
1225 * @param context Kerberos 5 context.
1226 * @param addresses addreses to ignore
1227 *
1228 * @return Returns 0 to indicate success. Otherwise an kerberos et
1229 * error code is returned, see krb5_get_error_message().
1230 *
1231 * @ingroup krb5
1232 */
1233
1234 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1235 krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses)
1236 {
1237 if(context->ignore_addresses)
1238 krb5_free_addresses(context, context->ignore_addresses);
1239 if(addresses == NULL) {
1240 if(context->ignore_addresses != NULL) {
1241 free(context->ignore_addresses);
1242 context->ignore_addresses = NULL;
1243 }
1244 return 0;
1245 }
1246 if(context->ignore_addresses == NULL) {
1247 context->ignore_addresses = malloc(sizeof(*context->ignore_addresses));
1248 if (context->ignore_addresses == NULL)
1249 return krb5_enomem(context);
1250 }
1251 return krb5_copy_addresses(context, addresses, context->ignore_addresses);
1252 }
1253
1254 /**
1255 * Get extra addresses to ignore when fetching addresses from the
1256 * underlaying operating system.
1257 *
1258 * @param context Kerberos 5 context.
1259 * @param addresses list addreses ignored
1260 *
1261 * @return Returns 0 to indicate success. Otherwise an kerberos et
1262 * error code is returned, see krb5_get_error_message().
1263 *
1264 * @ingroup krb5
1265 */
1266
1267 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1268 krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses)
1269 {
1270 if(context->ignore_addresses == NULL) {
1271 memset(addresses, 0, sizeof(*addresses));
1272 return 0;
1273 }
1274 return krb5_copy_addresses(context, context->ignore_addresses, addresses);
1275 }
1276
1277 /**
1278 * Set version of fcache that the library should use.
1279 *
1280 * @param context Kerberos 5 context.
1281 * @param version version number.
1282 *
1283 * @return Returns 0 to indicate success. Otherwise an kerberos et
1284 * error code is returned, see krb5_get_error_message().
1285 *
1286 * @ingroup krb5
1287 */
1288
1289 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1290 krb5_set_fcache_version(krb5_context context, int version)
1291 {
1292 context->fcache_vno = version;
1293 return 0;
1294 }
1295
1296 /**
1297 * Get version of fcache that the library should use.
1298 *
1299 * @param context Kerberos 5 context.
1300 * @param version version number.
1301 *
1302 * @return Returns 0 to indicate success. Otherwise an kerberos et
1303 * error code is returned, see krb5_get_error_message().
1304 *
1305 * @ingroup krb5
1306 */
1307
1308 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1309 krb5_get_fcache_version(krb5_context context, int *version)
1310 {
1311 *version = context->fcache_vno;
1312 return 0;
1313 }
1314
1315 /**
1316 * Runtime check if the Kerberos library was complied with thread support.
1317 *
1318 * @return TRUE if the library was compiled with thread support, FALSE if not.
1319 *
1320 * @ingroup krb5
1321 */
1322
1323
1324 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
1325 krb5_is_thread_safe(void)
1326 {
1327 #ifdef ENABLE_PTHREAD_SUPPORT
1328 return TRUE;
1329 #else
1330 return FALSE;
1331 #endif
1332 }
1333
1334 /**
1335 * Set if the library should use DNS to canonicalize hostnames.
1336 *
1337 * @param context Kerberos 5 context.
1338 * @param flag if its dns canonicalizion is used or not.
1339 *
1340 * @ingroup krb5
1341 */
1342
1343 KRB5_LIB_FUNCTION void KRB5_LIB_CALL
1344 krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag)
1345 {
1346 if (flag)
1347 context->flags |= KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME;
1348 else
1349 context->flags &= ~KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME;
1350 }
1351
1352 /**
1353 * Get if the library uses DNS to canonicalize hostnames.
1354 *
1355 * @param context Kerberos 5 context.
1356 *
1357 * @return return non zero if the library uses DNS to canonicalize hostnames.
1358 *
1359 * @ingroup krb5
1360 */
1361
1362 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
1363 krb5_get_dns_canonicalize_hostname (krb5_context context)
1364 {
1365 return (context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) ? 1 : 0;
1366 }
1367
1368 /**
1369 * Get current offset in time to the KDC.
1370 *
1371 * @param context Kerberos 5 context.
1372 * @param sec seconds part of offset.
1373 * @param usec micro seconds part of offset.
1374 *
1375 * @return returns zero
1376 *
1377 * @ingroup krb5
1378 */
1379
1380 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1381 krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec)
1382 {
1383 if (sec)
1384 *sec = context->kdc_sec_offset;
1385 if (usec)
1386 *usec = context->kdc_usec_offset;
1387 return 0;
1388 }
1389
1390 /**
1391 * Set current offset in time to the KDC.
1392 *
1393 * @param context Kerberos 5 context.
1394 * @param sec seconds part of offset.
1395 * @param usec micro seconds part of offset.
1396 *
1397 * @return returns zero
1398 *
1399 * @ingroup krb5
1400 */
1401
1402 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1403 krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec)
1404 {
1405 context->kdc_sec_offset = sec;
1406 if (usec >= 0)
1407 context->kdc_usec_offset = usec;
1408 return 0;
1409 }
1410
1411 /**
1412 * Get max time skew allowed.
1413 *
1414 * @param context Kerberos 5 context.
1415 *
1416 * @return timeskew in seconds.
1417 *
1418 * @ingroup krb5
1419 */
1420
1421 KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL
1422 krb5_get_max_time_skew (krb5_context context)
1423 {
1424 return context->max_skew;
1425 }
1426
1427 /**
1428 * Set max time skew allowed.
1429 *
1430 * @param context Kerberos 5 context.
1431 * @param t timeskew in seconds.
1432 *
1433 * @ingroup krb5
1434 */
1435
1436 KRB5_LIB_FUNCTION void KRB5_LIB_CALL
1437 krb5_set_max_time_skew (krb5_context context, time_t t)
1438 {
1439 context->max_skew = t;
1440 }
1441
1442 /*
1443 * Init encryption types in len, val with etypes.
1444 *
1445 * @param context Kerberos 5 context.
1446 * @param pdu_type type of pdu
1447 * @param len output length of val.
1448 * @param val output array of enctypes.
1449 * @param etypes etypes to set val and len to, if NULL, use default enctypes.
1450
1451 * @return Returns 0 to indicate success. Otherwise an kerberos et
1452 * error code is returned, see krb5_get_error_message().
1453 *
1454 * @ingroup krb5
1455 */
1456
1457 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1458 _krb5_init_etype(krb5_context context,
1459 krb5_pdu pdu_type,
1460 unsigned *len,
1461 krb5_enctype **val,
1462 const krb5_enctype *etypes)
1463 {
1464 krb5_error_code ret;
1465
1466 if (etypes == NULL)
1467 ret = krb5_get_default_in_tkt_etypes(context, pdu_type, val);
1468 else
1469 ret = copy_enctypes(context, etypes, val);
1470 if (ret)
1471 return ret;
1472
1473 if (len) {
1474 *len = 0;
1475 while ((*val)[*len] != KRB5_ENCTYPE_NULL)
1476 (*len)++;
1477 }
1478 return 0;
1479 }
1480
1481 /*
1482 * Allow homedir accces
1483 */
1484
1485 static HEIMDAL_MUTEX homedir_mutex = HEIMDAL_MUTEX_INITIALIZER;
1486 static krb5_boolean allow_homedir = TRUE;
1487
1488 krb5_boolean
1489 _krb5_homedir_access(krb5_context context)
1490 {
1491 krb5_boolean allow;
1492
1493 if (context && (context->flags & KRB5_CTX_F_HOMEDIR_ACCESS) == 0)
1494 return FALSE;
1495
1496 HEIMDAL_MUTEX_lock(&homedir_mutex);
1497 allow = allow_homedir;
1498 HEIMDAL_MUTEX_unlock(&homedir_mutex);
1499 return allow;
1500 }
1501
1502 /**
1503 * Enable and disable home directory access on either the global state
1504 * or the krb5_context state. By calling krb5_set_home_dir_access()
1505 * with context set to NULL, the global state is configured otherwise
1506 * the state for the krb5_context is modified.
1507 *
1508 * For home directory access to be allowed, both the global state and
1509 * the krb5_context state have to be allowed.
1510 *
1511 * Administrator (root user), never uses the home directory.
1512 *
1513 * @param context a Kerberos 5 context or NULL
1514 * @param allow allow if TRUE home directory
1515 * @return the old value
1516 *
1517 * @ingroup krb5
1518 */
1519
1520 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
1521 krb5_set_home_dir_access(krb5_context context, krb5_boolean allow)
1522 {
1523 krb5_boolean old;
1524 if (context) {
1525 old = (context->flags & KRB5_CTX_F_HOMEDIR_ACCESS) ? TRUE : FALSE;
1526 if (allow)
1527 context->flags |= KRB5_CTX_F_HOMEDIR_ACCESS;
1528 else
1529 context->flags &= ~KRB5_CTX_F_HOMEDIR_ACCESS;
1530 } else {
1531 HEIMDAL_MUTEX_lock(&homedir_mutex);
1532 old = allow_homedir;
1533 allow_homedir = allow;
1534 HEIMDAL_MUTEX_unlock(&homedir_mutex);
1535 }
1536
1537 return old;
1538 }
Heimdal