1 /* realm.c --- Realm related functions.
2 * Copyright (C) 2002, 2003, 2004 Simon Josefsson
4 * This file is part of Shishi.
6 * Shishi is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * Shishi is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with Shishi; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
25 * shishi_realm_default_guess:
27 * Guesses a realm based on getdomainname() (which really is NIS/YP
28 * domain, but if it is set it might be a good guess), or if it fails,
29 * based on gethostname(), or if it fails, the string
30 * "could-not-guess-default-realm". Note that the hostname is not
31 * trimmed off of the data returned by gethostname() to get the domain
32 * name and use that as the realm.
34 * Return value: Returns guessed realm for host as a string that has
35 * to be deallocated with free() by the caller.
38 shishi_realm_default_guess (void)
42 realm
= xgetdomainname ();
43 if (realm
&& strlen (realm
) > 0 && strcmp (realm
, "(none)") != 0)
49 realm
= xgethostname ();
50 if (realm
&& strlen (realm
) > 0 && strcmp (realm
, "(none)") != 0)
56 realm
= strdup ("could-not-guess-default-realm");
62 * shishi_realm_default:
63 * @handle: Shishi library handle create by shishi_init().
65 * Get name of default realm.
67 * Return value: Returns the default realm used in the library. (Not
68 * a copy of it, so don't modify or deallocate it.)
71 shishi_realm_default (Shishi
* handle
)
73 if (!handle
->default_realm
)
76 p
= shishi_realm_default_guess ();
77 shishi_realm_default_set (handle
, p
);
81 return handle
->default_realm
;
85 * shishi_realm_default_set:
86 * @handle: Shishi library handle create by shishi_init().
87 * @realm: string with new default realm name, or NULL to reset to default.
89 * Set the default realm used in the library. The string is copied
90 * into the library, so you can dispose of the variable immediately
91 * after calling this function.
94 shishi_realm_default_set (Shishi
* handle
, const char *realm
)
96 if (handle
->default_realm
)
97 free (handle
->default_realm
);
99 handle
->default_realm
= xstrdup (realm
);
101 handle
->default_realm
= NULL
;
105 * shishi_realm_for_server_file:
106 * @handle: Shishi library handle create by shishi_init().
107 * @server: hostname to find realm for.
109 * Find realm for a host using configuration file.
111 * Return value: Returns realm for host, or NULL if not found.
114 shishi_realm_for_server_file (Shishi
* handle
, char *server
)
120 * shishi_realm_for_server_dns:
121 * @handle: Shishi library handle create by shishi_init().
122 * @server: hostname to find realm for.
124 * Find realm for a host using DNS lookups, according to
125 * draft-ietf-krb-wg-krb-dns-locate-03.txt. Since DNS lookups may be
126 * spoofed, relying on the realm information may result in a
127 * redirection attack. In a single-realm scenario, this only achieves
128 * a denial of service, but with cross-realm trust it may redirect you
129 * to a compromised realm. For this reason, Shishi prints a warning,
130 * suggesting that the user should add the proper 'server-realm'
131 * configuration tokens instead.
133 * To illustrate the DNS information used, here is an extract from a
134 * zone file for the domain ASDF.COM:
136 * _kerberos.asdf.com. IN TXT "ASDF.COM"
137 * _kerberos.mrkserver.asdf.com. IN TXT "MARKETING.ASDF.COM"
138 * _kerberos.salesserver.asdf.com. IN TXT "SALES.ASDF.COM"
140 * Let us suppose that in this case, a client wishes to use a service
141 * on the host foo.asdf.com. It would first query:
143 * _kerberos.foo.asdf.com. IN TXT
145 * Finding no match, it would then query:
147 * _kerberos.asdf.com. IN TXT
149 * Return value: Returns realm for host, or NULL if not found.
152 shishi_realm_for_server_dns (Shishi
* handle
, char *server
)
160 asprintf (&tmp
, "_kerberos.%s", p
);
161 rrs
= shishi_resolv (tmp
, SHISHI_DNS_TXT
);
167 while (!rrs
&& p
&& *p
);
172 if (rrs
->class != C_IN
|| rrs
->type
!= T_TXT
)
174 shishi_warn (handle
, "Got non-TXT response to TXT query from DNS?");
178 shishi_warn (handle
, "DNS maps '%s' to '%s'.", server
, (char *) rrs
->rr
);
180 "Consider using a 'server-realm' configuration token.");
186 * shishi_realm_for_server:
187 * @handle: Shishi library handle create by shishi_init().
188 * @server: hostname to find realm for.
190 * Find realm for a host, using various methods. Currently this
191 * includes static configuration files (see
192 * shishi_realm_for_server_file()) and DNS (see
193 * shishi_realm_for_server_dns()).
195 * Return value: Returns realm for host, or NULL if not found.
198 shishi_realm_for_server (Shishi
* handle
, char *server
)
202 p
= shishi_realm_for_server_file (handle
, server
);
204 p
= shishi_realm_for_server_dns (handle
, server
);