Line data Source code
1 : /*
2 : * Copyright (c) 1997 - 2010 Kungliga Tekniska Högskolan
3 : * (Royal Institute of Technology, Stockholm, Sweden).
4 : * All rights reserved.
5 : *
6 : * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
7 : *
8 : * Redistribution and use in source and binary forms, with or without
9 : * modification, are permitted provided that the following conditions
10 : * are met:
11 : *
12 : * 1. Redistributions of source code must retain the above copyright
13 : * notice, this list of conditions and the following disclaimer.
14 : *
15 : * 2. Redistributions in binary form must reproduce the above copyright
16 : * notice, this list of conditions and the following disclaimer in the
17 : * documentation and/or other materials provided with the distribution.
18 : *
19 : * 3. Neither the name of the Institute nor the names of its contributors
20 : * may be used to endorse or promote products derived from this software
21 : * without specific prior written permission.
22 : *
23 : * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 : * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 : * SUCH DAMAGE.
34 : */
35 :
36 : #undef KRB5_DEPRECATED_FUNCTION
37 : #define KRB5_DEPRECATED_FUNCTION(x)
38 :
39 : #include "krb5_locl.h"
40 : #include <assert.h>
41 : #include <com_err.h>
42 :
43 : static void _krb5_init_ets(krb5_context);
44 :
45 : #define INIT_FIELD(C, T, E, D, F) \
46 : (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \
47 : "libdefaults", F, NULL)
48 :
49 : #define INIT_FLAG(C, O, V, D, F) \
50 : do { \
51 : if (krb5_config_get_bool_default((C), NULL, (D),"libdefaults", F, NULL)) { \
52 : (C)->O |= V; \
53 : } \
54 : } while(0)
55 :
56 : static krb5_error_code
57 : copy_enctypes(krb5_context context,
58 : const krb5_enctype *in,
59 : krb5_enctype **out);
60 :
61 : /*
62 : * Set the list of etypes `ret_etypes' from the configuration variable
63 : * `name'
64 : */
65 :
66 : static krb5_error_code
67 4715740 : set_etypes (krb5_context context,
68 : const char *name,
69 : krb5_enctype **ret_enctypes)
70 : {
71 : char **etypes_str;
72 4715740 : krb5_enctype *etypes = NULL;
73 :
74 4715740 : etypes_str = krb5_config_get_strings(context, NULL, "libdefaults",
75 : name, NULL);
76 4715740 : if(etypes_str){
77 : int i, j, k;
78 130534 : for(i = 0; etypes_str[i]; i++);
79 130534 : etypes = malloc((i+1) * sizeof(*etypes));
80 130534 : if (etypes == NULL) {
81 0 : krb5_config_free_strings (etypes_str);
82 0 : return krb5_enomem(context);
83 : }
84 522244 : for(j = 0, k = 0; j < i; j++) {
85 : krb5_enctype e;
86 391710 : if(krb5_string_to_enctype(context, etypes_str[j], &e) != 0)
87 519816 : continue;
88 131802 : if (krb5_enctype_valid(context, e) != 0)
89 0 : continue;
90 131802 : etypes[k++] = e;
91 : }
92 130534 : etypes[k] = ETYPE_NULL;
93 130534 : krb5_config_free_strings(etypes_str);
94 : }
95 4715740 : *ret_enctypes = etypes;
96 4715740 : return 0;
97 : }
98 :
99 : /*
100 : * read variables from the configuration file and set in `context'
101 : */
102 :
103 : static krb5_error_code
104 943148 : init_context_from_config_file(krb5_context context)
105 : {
106 : krb5_error_code ret;
107 : const char * tmp;
108 : char **s;
109 943148 : krb5_enctype *tmptypes = NULL;
110 :
111 943148 : INIT_FIELD(context, time, max_skew, 5 * 60, "clockskew");
112 943148 : INIT_FIELD(context, time, kdc_timeout, 30, "kdc_timeout");
113 943148 : INIT_FIELD(context, time, host_timeout, 3, "host_timeout");
114 943148 : INIT_FIELD(context, int, max_retries, 3, "max_retries");
115 :
116 943148 : INIT_FIELD(context, string, http_proxy, NULL, "http_proxy");
117 :
118 943148 : ret = krb5_config_get_bool_default(context, NULL, FALSE,
119 : "libdefaults",
120 : "allow_weak_crypto", NULL);
121 943148 : if (ret) {
122 0 : krb5_enctype_enable(context, ETYPE_DES_CBC_CRC);
123 0 : krb5_enctype_enable(context, ETYPE_DES_CBC_MD4);
124 0 : krb5_enctype_enable(context, ETYPE_DES_CBC_MD5);
125 0 : krb5_enctype_enable(context, ETYPE_DES_CBC_NONE);
126 0 : krb5_enctype_enable(context, ETYPE_DES_CFB64_NONE);
127 0 : krb5_enctype_enable(context, ETYPE_DES_PCBC_NONE);
128 : }
129 :
130 943148 : ret = set_etypes (context, "default_etypes", &tmptypes);
131 943148 : if(ret)
132 0 : return ret;
133 943148 : free(context->etypes);
134 943148 : context->etypes = tmptypes;
135 :
136 : /* The etypes member may change during the lifetime
137 : * of the context. To be able to reset it to
138 : * config value, we keep another copy.
139 : */
140 943148 : free(context->cfg_etypes);
141 943148 : context->cfg_etypes = NULL;
142 943148 : if (tmptypes) {
143 43922 : ret = copy_enctypes(context, tmptypes, &context->cfg_etypes);
144 43922 : if (ret)
145 0 : return ret;
146 : }
147 :
148 943148 : ret = set_etypes (context, "default_etypes_des", &tmptypes);
149 943148 : if(ret)
150 0 : return ret;
151 943148 : free(context->etypes_des);
152 943148 : context->etypes_des = tmptypes;
153 :
154 943148 : ret = set_etypes (context, "default_as_etypes", &tmptypes);
155 943148 : if(ret)
156 0 : return ret;
157 943148 : free(context->as_etypes);
158 943148 : context->as_etypes = tmptypes;
159 :
160 943148 : ret = set_etypes (context, "default_tgs_etypes", &tmptypes);
161 943148 : if(ret)
162 0 : return ret;
163 943148 : free(context->tgs_etypes);
164 943148 : context->tgs_etypes = tmptypes;
165 :
166 943148 : ret = set_etypes (context, "permitted_enctypes", &tmptypes);
167 943148 : if(ret)
168 0 : return ret;
169 943148 : free(context->permitted_enctypes);
170 943148 : context->permitted_enctypes = tmptypes;
171 :
172 943148 : INIT_FIELD(context, string, default_keytab,
173 : KEYTAB_DEFAULT, "default_keytab_name");
174 :
175 943148 : INIT_FIELD(context, string, default_keytab_modify,
176 : NULL, "default_keytab_modify_name");
177 :
178 943148 : INIT_FIELD(context, string, time_fmt,
179 : "%Y-%m-%dT%H:%M:%S", "time_format");
180 :
181 943148 : INIT_FIELD(context, string, date_fmt,
182 : "%Y-%m-%d", "date_format");
183 :
184 943148 : INIT_FIELD(context, bool, log_utc,
185 : FALSE, "log_utc");
186 :
187 943148 : context->no_ticket_store =
188 943148 : getenv("KRB5_NO_TICKET_STORE") != NULL;
189 :
190 : /* init dns-proxy slime */
191 943148 : tmp = krb5_config_get_string(context, NULL, "libdefaults",
192 : "dns_proxy", NULL);
193 943148 : if(tmp)
194 0 : roken_gethostby_setup(context->http_proxy, tmp);
195 943148 : krb5_free_host_realm (context, context->default_realms);
196 943148 : context->default_realms = NULL;
197 :
198 : {
199 : krb5_addresses addresses;
200 : char **adr, **a;
201 :
202 943148 : krb5_set_extra_addresses(context, NULL);
203 943148 : adr = krb5_config_get_strings(context, NULL,
204 : "libdefaults",
205 : "extra_addresses",
206 : NULL);
207 943148 : memset(&addresses, 0, sizeof(addresses));
208 943148 : for(a = adr; a && *a; a++) {
209 0 : ret = krb5_parse_address(context, *a, &addresses);
210 0 : if (ret == 0) {
211 0 : krb5_add_extra_addresses(context, &addresses);
212 0 : krb5_free_addresses(context, &addresses);
213 : }
214 : }
215 943148 : krb5_config_free_strings(adr);
216 :
217 943148 : krb5_set_ignore_addresses(context, NULL);
218 943148 : adr = krb5_config_get_strings(context, NULL,
219 : "libdefaults",
220 : "ignore_addresses",
221 : NULL);
222 943148 : memset(&addresses, 0, sizeof(addresses));
223 943148 : for(a = adr; a && *a; a++) {
224 0 : ret = krb5_parse_address(context, *a, &addresses);
225 0 : if (ret == 0) {
226 0 : krb5_add_ignore_addresses(context, &addresses);
227 0 : krb5_free_addresses(context, &addresses);
228 : }
229 : }
230 943148 : krb5_config_free_strings(adr);
231 : }
232 :
233 943148 : INIT_FIELD(context, bool, scan_interfaces, TRUE, "scan_interfaces");
234 943148 : INIT_FIELD(context, int, fcache_vno, 0, "fcache_version");
235 : /* prefer dns_lookup_kdc over srv_lookup. */
236 943148 : INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup");
237 943148 : INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc");
238 943148 : INIT_FIELD(context, int, large_msg_size, 1400, "large_message_size");
239 943148 : INIT_FIELD(context, int, max_msg_size, 1000 * 1024, "maximum_message_size");
240 943148 : INIT_FLAG(context, flags, KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME, TRUE, "dns_canonicalize_hostname");
241 943148 : INIT_FLAG(context, flags, KRB5_CTX_F_CHECK_PAC, TRUE, "check_pac");
242 943148 : INIT_FLAG(context, flags, KRB5_CTX_F_ENFORCE_OK_AS_DELEGATE, FALSE, "enforce_ok_as_delegate");
243 943148 : INIT_FLAG(context, flags, KRB5_CTX_F_REPORT_CANONICAL_CLIENT_NAME, FALSE, "report_canonical_client_name");
244 :
245 : /* report_canonical_client_name implies check_pac */
246 943148 : if (context->flags & KRB5_CTX_F_REPORT_CANONICAL_CLIENT_NAME)
247 0 : context->flags |= KRB5_CTX_F_CHECK_PAC;
248 :
249 943148 : free(context->default_cc_name);
250 943148 : context->default_cc_name = NULL;
251 943148 : context->default_cc_name_set = 0;
252 943148 : free(context->configured_default_cc_name);
253 943148 : context->configured_default_cc_name = NULL;
254 :
255 943148 : tmp = secure_getenv("KRB5_TRACE");
256 943148 : if (tmp)
257 5 : heim_add_debug_dest(context->hcontext, "libkrb5", tmp);
258 943148 : s = krb5_config_get_strings(context, NULL, "logging", "krb5", NULL);
259 943148 : if (s) {
260 : char **p;
261 :
262 0 : for (p = s; *p; p++)
263 0 : heim_add_debug_dest(context->hcontext, "libkrb5", *p);
264 0 : krb5_config_free_strings(s);
265 : }
266 :
267 943148 : tmp = krb5_config_get_string(context, NULL, "libdefaults",
268 : "check-rd-req-server", NULL);
269 943148 : if (tmp == NULL)
270 943148 : tmp = secure_getenv("KRB5_CHECK_RD_REQ_SERVER");
271 943148 : if(tmp) {
272 0 : if (strcasecmp(tmp, "ignore") == 0)
273 0 : context->flags |= KRB5_CTX_F_RD_REQ_IGNORE;
274 : }
275 943148 : ret = krb5_config_get_bool_default(context, NULL, TRUE,
276 : "libdefaults",
277 : "fcache_strict_checking", NULL);
278 943148 : if (ret)
279 2386 : context->flags |= KRB5_CTX_F_FCACHE_STRICT_CHECKING;
280 :
281 943148 : return 0;
282 : }
283 :
284 : static krb5_error_code
285 555816 : cc_ops_register(krb5_context context)
286 : {
287 555816 : context->cc_ops = NULL;
288 555816 : context->num_cc_ops = 0;
289 :
290 : #ifndef KCM_IS_API_CACHE
291 555816 : krb5_cc_register(context, &krb5_acc_ops, TRUE);
292 : #endif
293 555816 : krb5_cc_register(context, &krb5_fcc_ops, TRUE);
294 555816 : krb5_cc_register(context, &krb5_dcc_ops, TRUE);
295 555816 : krb5_cc_register(context, &krb5_mcc_ops, TRUE);
296 : #ifdef HAVE_SCC
297 : krb5_cc_register(context, &krb5_scc_ops, TRUE);
298 : #endif
299 : #ifdef HAVE_KCM
300 : #ifdef KCM_IS_API_CACHE
301 : krb5_cc_register(context, &krb5_akcm_ops, TRUE);
302 : #endif
303 : krb5_cc_register(context, &krb5_kcm_ops, TRUE);
304 : #endif
305 : #if defined(HAVE_KEYUTILS_H)
306 : krb5_cc_register(context, &krb5_krcc_ops, TRUE);
307 : #endif
308 555816 : _krb5_load_ccache_plugins(context);
309 555816 : return 0;
310 : }
311 :
312 : static krb5_error_code
313 0 : cc_ops_copy(krb5_context context, const krb5_context src_context)
314 : {
315 : const krb5_cc_ops **cc_ops;
316 :
317 0 : context->cc_ops = NULL;
318 0 : context->num_cc_ops = 0;
319 :
320 0 : if (src_context->num_cc_ops == 0)
321 0 : return 0;
322 :
323 0 : cc_ops = malloc(sizeof(cc_ops[0]) * src_context->num_cc_ops);
324 0 : if (cc_ops == NULL) {
325 0 : krb5_set_error_message(context, KRB5_CC_NOMEM,
326 0 : N_("malloc: out of memory", ""));
327 0 : return KRB5_CC_NOMEM;
328 : }
329 :
330 0 : memcpy(rk_UNCONST(cc_ops), src_context->cc_ops,
331 0 : sizeof(cc_ops[0]) * src_context->num_cc_ops);
332 0 : context->cc_ops = cc_ops;
333 0 : context->num_cc_ops = src_context->num_cc_ops;
334 :
335 0 : return 0;
336 : }
337 :
338 : static krb5_error_code
339 555816 : kt_ops_register(krb5_context context)
340 : {
341 555816 : context->num_kt_types = 0;
342 555816 : context->kt_types = NULL;
343 :
344 555816 : krb5_kt_register (context, &krb5_fkt_ops);
345 555816 : krb5_kt_register (context, &krb5_wrfkt_ops);
346 555816 : krb5_kt_register (context, &krb5_javakt_ops);
347 555816 : krb5_kt_register (context, &krb5_mkt_ops);
348 : #ifndef HEIMDAL_SMALLER
349 555816 : krb5_kt_register (context, &krb5_akf_ops);
350 : #endif
351 555816 : krb5_kt_register (context, &krb5_any_ops);
352 555816 : return 0;
353 : }
354 :
355 : static krb5_error_code
356 0 : kt_ops_copy(krb5_context context, const krb5_context src_context)
357 : {
358 0 : context->num_kt_types = 0;
359 0 : context->kt_types = NULL;
360 :
361 0 : if (src_context->num_kt_types == 0)
362 0 : return 0;
363 :
364 0 : context->kt_types = malloc(sizeof(context->kt_types[0]) * src_context->num_kt_types);
365 0 : if (context->kt_types == NULL)
366 0 : return krb5_enomem(context);
367 :
368 0 : context->num_kt_types = src_context->num_kt_types;
369 0 : memcpy(context->kt_types, src_context->kt_types,
370 0 : sizeof(context->kt_types[0]) * src_context->num_kt_types);
371 :
372 0 : return 0;
373 : }
374 :
375 : static const char *sysplugin_dirs[] = {
376 : #ifdef _WIN32
377 : "$ORIGIN",
378 : #else
379 : "$ORIGIN/../lib/plugin/krb5",
380 : #endif
381 : #ifdef __APPLE__
382 : LIBDIR "/plugin/krb5",
383 : #ifdef HEIM_PLUGINS_SEARCH_SYSTEM
384 : "/Library/KerberosPlugins/KerberosFrameworkPlugins",
385 : "/System/Library/KerberosPlugins/KerberosFrameworkPlugins",
386 : #endif
387 : #endif
388 : NULL
389 : };
390 :
391 : static void
392 16879 : init_context_once(void *ctx)
393 : {
394 16879 : krb5_context context = ctx;
395 : char **dirs;
396 :
397 : #ifdef _WIN32
398 : dirs = rk_UNCONST(sysplugin_dirs);
399 : #else
400 16879 : dirs = krb5_config_get_strings(context, NULL, "libdefaults",
401 : "plugin_dir", NULL);
402 16879 : if (dirs == NULL)
403 16879 : dirs = rk_UNCONST(sysplugin_dirs);
404 : #endif
405 :
406 16879 : _krb5_load_plugins(context, "krb5", (const char **)dirs);
407 :
408 16879 : if (dirs != rk_UNCONST(sysplugin_dirs))
409 0 : krb5_config_free_strings(dirs);
410 :
411 16879 : bindtextdomain(HEIMDAL_TEXTDOMAIN, HEIMDAL_LOCALEDIR);
412 16879 : }
413 :
414 : /**
415 : * Initializes the context structure and reads the configuration file
416 : * /etc/krb5.conf. The structure should be freed by calling
417 : * krb5_free_context() when it is no longer being used.
418 : *
419 : * @param context pointer to returned context
420 : *
421 : * @return Returns 0 to indicate success. Otherwise an errno code is
422 : * returned. Failure means either that something bad happened during
423 : * initialization (typically ENOMEM) or that Kerberos should not be
424 : * used ENXIO. If the function returns HEIM_ERR_RANDOM_OFFLINE, the
425 : * random source is not available and later Kerberos calls might fail.
426 : *
427 : * @ingroup krb5
428 : */
429 :
430 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
431 555816 : krb5_init_context(krb5_context *context)
432 : {
433 : static heim_base_once_t init_context = HEIM_BASE_ONCE_INIT;
434 : krb5_context p;
435 : krb5_error_code ret;
436 : char **files;
437 : uint8_t rnd;
438 :
439 555816 : *context = NULL;
440 :
441 : /**
442 : * krb5_init_context() will get one random byte to make sure our
443 : * random is alive. Assumption is that once the non blocking
444 : * source allows us to pull bytes, its all seeded and allows us to
445 : * pull more bytes.
446 : *
447 : * Most Kerberos users calls krb5_init_context(), so this is
448 : * useful point where we can do the checking.
449 : */
450 555816 : ret = krb5_generate_random(&rnd, sizeof(rnd));
451 555816 : if (ret)
452 0 : return ret;
453 :
454 555816 : p = calloc(1, sizeof(*p));
455 555816 : if(!p)
456 0 : return ENOMEM;
457 :
458 555816 : if ((p->hcontext = heim_context_init()) == NULL) {
459 0 : ret = ENOMEM;
460 0 : goto out;
461 : }
462 :
463 555816 : if (!issuid())
464 555816 : p->flags |= KRB5_CTX_F_HOMEDIR_ACCESS;
465 :
466 555816 : ret = krb5_get_default_config_files(&files);
467 555816 : if(ret)
468 0 : goto out;
469 555816 : ret = krb5_set_config_files(p, files);
470 555816 : krb5_free_config_files(files);
471 555816 : if(ret)
472 0 : goto out;
473 :
474 : /* done enough to load plugins */
475 555816 : heim_base_once_f(&init_context, p, init_context_once);
476 :
477 : /* init error tables */
478 555816 : _krb5_init_ets(p);
479 555816 : cc_ops_register(p);
480 555816 : kt_ops_register(p);
481 :
482 : #ifdef PKINIT
483 555816 : ret = hx509_context_init(&p->hx509ctx);
484 555816 : if (ret)
485 0 : goto out;
486 : #endif
487 555816 : if (rk_SOCK_INIT())
488 0 : p->flags |= KRB5_CTX_F_SOCKETS_INITIALIZED;
489 :
490 1111632 : out:
491 555816 : if (ret) {
492 0 : krb5_free_context(p);
493 0 : p = NULL;
494 : } else {
495 555816 : heim_context_set_log_utc(p->hcontext, p->log_utc);
496 : }
497 555816 : *context = p;
498 555816 : return ret;
499 : }
500 :
501 : #ifndef HEIMDAL_SMALLER
502 :
503 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
504 0 : krb5_get_permitted_enctypes(krb5_context context,
505 : krb5_enctype **etypes)
506 : {
507 0 : return krb5_get_default_in_tkt_etypes(context, KRB5_PDU_NONE, etypes);
508 : }
509 :
510 : /*
511 : *
512 : */
513 :
514 : static krb5_error_code
515 0 : copy_etypes (krb5_context context,
516 : krb5_enctype *enctypes,
517 : krb5_enctype **ret_enctypes)
518 : {
519 : unsigned int i;
520 :
521 0 : for (i = 0; enctypes[i]; i++)
522 : ;
523 0 : i++;
524 :
525 0 : *ret_enctypes = malloc(sizeof(enctypes[0]) * i);
526 0 : if (*ret_enctypes == NULL)
527 0 : return krb5_enomem(context);
528 0 : memcpy(*ret_enctypes, enctypes, sizeof(enctypes[0]) * i);
529 0 : return 0;
530 : }
531 :
532 : /**
533 : * Make a copy for the Kerberos 5 context, the new krb5_context shoud
534 : * be freed with krb5_free_context().
535 : *
536 : * @param context the Kerberos context to copy
537 : * @param out the copy of the Kerberos, set to NULL error.
538 : *
539 : * @return Returns 0 to indicate success. Otherwise an kerberos et
540 : * error code is returned, see krb5_get_error_message().
541 : *
542 : * @ingroup krb5
543 : */
544 :
545 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
546 0 : krb5_copy_context(krb5_context context, krb5_context *out)
547 : {
548 : krb5_error_code ret;
549 : krb5_context p;
550 :
551 0 : *out = NULL;
552 :
553 0 : p = calloc(1, sizeof(*p));
554 0 : if (p == NULL)
555 0 : return krb5_enomem(context);
556 :
557 0 : if ((p->hcontext = heim_context_init()) == NULL) {
558 0 : ret = ENOMEM;
559 0 : goto out;
560 : }
561 :
562 0 : heim_context_set_log_utc(p->hcontext, context->log_utc);
563 :
564 0 : if (context->default_cc_name &&
565 0 : (p->default_cc_name = strdup(context->default_cc_name)) == NULL) {
566 0 : ret = ENOMEM;
567 0 : goto out;
568 : }
569 0 : if (context->default_cc_name_env &&
570 0 : (p->default_cc_name_env =
571 0 : strdup(context->default_cc_name_env)) == NULL) {
572 0 : ret = ENOMEM;
573 0 : goto out;
574 : }
575 0 : if (context->configured_default_cc_name &&
576 0 : (p->configured_default_cc_name =
577 0 : strdup(context->configured_default_cc_name)) == NULL) {
578 0 : ret = ENOMEM;
579 0 : goto out;
580 : }
581 :
582 0 : if (context->etypes) {
583 0 : ret = copy_etypes(context, context->etypes, &p->etypes);
584 0 : if (ret)
585 0 : goto out;
586 : }
587 0 : if (context->cfg_etypes) {
588 0 : ret = copy_etypes(context, context->cfg_etypes, &p->cfg_etypes);
589 0 : if (ret)
590 0 : goto out;
591 : }
592 0 : if (context->etypes_des) {
593 0 : ret = copy_etypes(context, context->etypes_des, &p->etypes_des);
594 0 : if (ret)
595 0 : goto out;
596 : }
597 :
598 0 : if (context->default_realms) {
599 0 : ret = krb5_copy_host_realm(context,
600 0 : context->default_realms, &p->default_realms);
601 0 : if (ret)
602 0 : goto out;
603 : }
604 :
605 0 : ret = _krb5_config_copy(context, context->cf, &p->cf);
606 0 : if (ret)
607 0 : goto out;
608 :
609 : /* XXX should copy */
610 0 : _krb5_init_ets(p);
611 :
612 0 : cc_ops_copy(p, context);
613 0 : kt_ops_copy(p, context);
614 :
615 0 : ret = krb5_set_extra_addresses(p, context->extra_addresses);
616 0 : if (ret)
617 0 : goto out;
618 0 : ret = krb5_set_extra_addresses(p, context->ignore_addresses);
619 0 : if (ret)
620 0 : goto out;
621 :
622 0 : ret = _krb5_copy_send_to_kdc_func(p, context);
623 0 : if (ret)
624 0 : goto out;
625 :
626 0 : *out = p;
627 :
628 0 : return 0;
629 :
630 0 : out:
631 0 : krb5_free_context(p);
632 0 : return ret;
633 : }
634 :
635 : #endif
636 :
637 : /**
638 : * Frees the krb5_context allocated by krb5_init_context().
639 : *
640 : * @param context context to be freed.
641 : *
642 : * @ingroup krb5
643 : */
644 :
645 : KRB5_LIB_FUNCTION void KRB5_LIB_CALL
646 533651 : krb5_free_context(krb5_context context)
647 : {
648 533651 : _krb5_free_name_canon_rules(context, context->name_canon_rules);
649 533651 : free(context->default_cc_name);
650 533651 : free(context->default_cc_name_env);
651 533651 : free(context->configured_default_cc_name);
652 533651 : free(context->etypes);
653 533651 : free(context->cfg_etypes);
654 533651 : free(context->etypes_des);
655 533651 : free(context->permitted_enctypes);
656 533651 : free(context->tgs_etypes);
657 533651 : free(context->as_etypes);
658 533651 : krb5_free_host_realm (context, context->default_realms);
659 533651 : krb5_config_file_free (context, context->cf);
660 533651 : free(rk_UNCONST(context->cc_ops));
661 533651 : free(context->kt_types);
662 533651 : krb5_clear_error_message(context);
663 533651 : krb5_set_extra_addresses(context, NULL);
664 533651 : krb5_set_ignore_addresses(context, NULL);
665 533651 : krb5_set_send_to_kdc_func(context, NULL, NULL);
666 :
667 : #ifdef PKINIT
668 533651 : hx509_context_free(&context->hx509ctx);
669 : #endif
670 :
671 533651 : if (context->flags & KRB5_CTX_F_SOCKETS_INITIALIZED) {
672 : rk_SOCK_EXIT();
673 : }
674 :
675 533651 : heim_context_free(&context->hcontext);
676 533651 : memset(context, 0, sizeof(*context));
677 533651 : free(context);
678 533651 : }
679 :
680 : /**
681 : * Reinit the context from a new set of filenames.
682 : *
683 : * @param context context to add configuration too.
684 : * @param filenames array of filenames, end of list is indicated with a NULL filename.
685 : *
686 : * @return Returns 0 to indicate success. Otherwise an kerberos et
687 : * error code is returned, see krb5_get_error_message().
688 : *
689 : * @ingroup krb5
690 : */
691 :
692 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
693 943148 : krb5_set_config_files(krb5_context context, char **filenames)
694 : {
695 : krb5_error_code ret;
696 943148 : heim_config_binding *tmp = NULL;
697 :
698 943148 : if ((ret = heim_set_config_files(context->hcontext, filenames,
699 : &tmp)))
700 0 : return ret;
701 943148 : krb5_config_file_free(context, context->cf);
702 943148 : context->cf = (krb5_config_binding *)tmp;
703 943148 : return init_context_from_config_file(context);
704 : }
705 :
706 : #ifndef HEIMDAL_SMALLER
707 : /**
708 : * Reinit the context from configuration file contents in a C string.
709 : * This should only be used in tests.
710 : *
711 : * @param context context to add configuration too.
712 : * @param config configuration.
713 : *
714 : * @return Returns 0 to indicate success. Otherwise an kerberos et
715 : * error code is returned, see krb5_get_error_message().
716 : *
717 : * @ingroup krb5
718 : */
719 :
720 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
721 0 : krb5_set_config(krb5_context context, const char *config)
722 : {
723 : krb5_error_code ret;
724 0 : krb5_config_binding *tmp = NULL;
725 :
726 0 : if ((ret = krb5_config_parse_string_multi(context, config, &tmp)))
727 0 : return ret;
728 : #if 0
729 : /* with this enabled and if there are no config files, Kerberos is
730 : considererd disabled */
731 : if (tmp == NULL)
732 : return ENXIO;
733 : #endif
734 :
735 0 : krb5_config_file_free(context, context->cf);
736 0 : context->cf = tmp;
737 0 : ret = init_context_from_config_file(context);
738 0 : return ret;
739 : }
740 : #endif
741 :
742 : /*
743 : * `pq' isn't free, it's up the the caller
744 : */
745 :
746 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
747 0 : krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp)
748 : {
749 0 : return heim_prepend_config_files(filelist, pq, ret_pp);
750 : }
751 :
752 : /**
753 : * Prepend the filename to the global configuration list.
754 : *
755 : * @param filelist a filename to add to the default list of filename
756 : * @param pfilenames return array of filenames, should be freed with krb5_free_config_files().
757 : *
758 : * @return Returns 0 to indicate success. Otherwise an kerberos et
759 : * error code is returned, see krb5_get_error_message().
760 : *
761 : * @ingroup krb5
762 : */
763 :
764 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
765 387332 : krb5_prepend_config_files_default(const char *filelist, char ***pfilenames)
766 : {
767 387332 : return heim_prepend_config_files_default(filelist, krb5_config_file,
768 : "KRB5_CONFIG", pfilenames);
769 : }
770 :
771 : /**
772 : * Get the global configuration list.
773 : *
774 : * @param pfilenames return array of filenames, should be freed with krb5_free_config_files().
775 : *
776 : * @return Returns 0 to indicate success. Otherwise an kerberos et
777 : * error code is returned, see krb5_get_error_message().
778 : *
779 : * @ingroup krb5
780 : */
781 :
782 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
783 555816 : krb5_get_default_config_files(char ***pfilenames)
784 : {
785 555816 : if (pfilenames == NULL)
786 0 : return EINVAL;
787 555816 : return heim_get_default_config_files(krb5_config_file, "KRB5_CONFIG",
788 : pfilenames);
789 : }
790 :
791 : /**
792 : * Free a list of configuration files.
793 : *
794 : * @param filenames list, terminated with a NULL pointer, to be
795 : * freed. NULL is an valid argument.
796 : *
797 : * @return Returns 0 to indicate success. Otherwise an kerberos et
798 : * error code is returned, see krb5_get_error_message().
799 : *
800 : * @ingroup krb5
801 : */
802 :
803 : KRB5_LIB_FUNCTION void KRB5_LIB_CALL
804 943148 : krb5_free_config_files(char **filenames)
805 : {
806 943148 : heim_free_config_files(filenames);
807 943148 : }
808 :
809 : /**
810 : * Returns the list of Kerberos encryption types sorted in order of
811 : * most preferred to least preferred encryption type. Note that some
812 : * encryption types might be disabled, so you need to check with
813 : * krb5_enctype_valid() before using the encryption type.
814 : *
815 : * @return list of enctypes, terminated with ETYPE_NULL. Its a static
816 : * array completed into the Kerberos library so the content doesn't
817 : * need to be freed.
818 : *
819 : * @ingroup krb5
820 : */
821 :
822 : KRB5_LIB_FUNCTION const krb5_enctype * KRB5_LIB_CALL
823 135984 : krb5_kerberos_enctypes(krb5_context context)
824 : {
825 : static const krb5_enctype p[] = {
826 : ETYPE_AES256_CTS_HMAC_SHA1_96,
827 : ETYPE_AES128_CTS_HMAC_SHA1_96,
828 : ETYPE_AES256_CTS_HMAC_SHA384_192,
829 : ETYPE_AES128_CTS_HMAC_SHA256_128,
830 : ETYPE_DES3_CBC_SHA1,
831 : ETYPE_ARCFOUR_HMAC_MD5,
832 : ETYPE_NULL
833 : };
834 :
835 : static const krb5_enctype weak[] = {
836 : ETYPE_AES256_CTS_HMAC_SHA1_96,
837 : ETYPE_AES128_CTS_HMAC_SHA1_96,
838 : ETYPE_AES256_CTS_HMAC_SHA384_192,
839 : ETYPE_AES128_CTS_HMAC_SHA256_128,
840 : ETYPE_DES3_CBC_SHA1,
841 : ETYPE_DES3_CBC_MD5,
842 : ETYPE_ARCFOUR_HMAC_MD5,
843 : ETYPE_DES_CBC_MD5,
844 : ETYPE_DES_CBC_MD4,
845 : ETYPE_DES_CBC_CRC,
846 : ETYPE_NULL
847 : };
848 :
849 : /*
850 : * if the list of enctypes enabled by "allow_weak_crypto"
851 : * are valid, then return the former default enctype list
852 : * that contained the weak entries.
853 : */
854 135984 : if (krb5_enctype_valid(context, ETYPE_DES_CBC_CRC) == 0 &&
855 0 : krb5_enctype_valid(context, ETYPE_DES_CBC_MD4) == 0 &&
856 0 : krb5_enctype_valid(context, ETYPE_DES_CBC_MD5) == 0 &&
857 0 : krb5_enctype_valid(context, ETYPE_DES_CBC_NONE) == 0 &&
858 0 : krb5_enctype_valid(context, ETYPE_DES_CFB64_NONE) == 0 &&
859 0 : krb5_enctype_valid(context, ETYPE_DES_PCBC_NONE) == 0)
860 0 : return weak;
861 :
862 135984 : return p;
863 : }
864 :
865 : /*
866 : *
867 : */
868 :
869 : static krb5_error_code
870 137447 : copy_enctypes(krb5_context context,
871 : const krb5_enctype *in,
872 : krb5_enctype **out)
873 : {
874 137447 : krb5_enctype *p = NULL;
875 : size_t m, n;
876 :
877 137447 : for (n = 0; in[n]; n++)
878 : ;
879 137447 : n++;
880 137447 : ALLOC(p, n);
881 137447 : if(p == NULL)
882 0 : return krb5_enomem(context);
883 715241 : for (n = 0, m = 0; in[n]; n++) {
884 577794 : if (krb5_enctype_valid(context, in[n]) != 0)
885 0 : continue;
886 577794 : p[m++] = in[n];
887 : }
888 137447 : p[m] = KRB5_ENCTYPE_NULL;
889 137447 : if (m == 0) {
890 0 : free(p);
891 0 : krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
892 0 : N_("no valid enctype set", ""));
893 0 : return KRB5_PROG_ETYPE_NOSUPP;
894 : }
895 137447 : *out = p;
896 137447 : return 0;
897 : }
898 :
899 :
900 : /*
901 : * set `etype' to a malloced list of the default enctypes
902 : */
903 :
904 : static krb5_error_code
905 31553 : default_etypes(krb5_context context, krb5_enctype **etype)
906 : {
907 31553 : const krb5_enctype *p = krb5_kerberos_enctypes(context);
908 31553 : return copy_enctypes(context, p, etype);
909 : }
910 :
911 : /**
912 : * Set the default encryption types that will be use in communcation
913 : * with the KDC, clients and servers.
914 : *
915 : * @param context Kerberos 5 context.
916 : * @param etypes Encryption types, array terminated with ETYPE_NULL (0).
917 : * A value of NULL resets the encryption types to the defaults set in the
918 : * configuration file.
919 : *
920 : * @return Returns 0 to indicate success. Otherwise an kerberos et
921 : * error code is returned, see krb5_get_error_message().
922 : *
923 : * @ingroup krb5
924 : */
925 :
926 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
927 17121 : krb5_set_default_in_tkt_etypes(krb5_context context,
928 : const krb5_enctype *etypes)
929 : {
930 : krb5_error_code ret;
931 17121 : krb5_enctype *p = NULL;
932 :
933 17121 : if(!etypes) {
934 0 : etypes = context->cfg_etypes;
935 : }
936 :
937 17121 : if(etypes) {
938 17121 : ret = copy_enctypes(context, etypes, &p);
939 17121 : if (ret)
940 0 : return ret;
941 : }
942 17121 : if(context->etypes)
943 15331 : free(context->etypes);
944 17121 : context->etypes = p;
945 17121 : return 0;
946 : }
947 :
948 : /**
949 : * Get the default encryption types that will be use in communcation
950 : * with the KDC, clients and servers.
951 : *
952 : * @param context Kerberos 5 context.
953 : * @param pdu_type request type (AS, TGS or none)
954 : * @param etypes Encryption types, array terminated with
955 : * ETYPE_NULL(0), caller should free array with krb5_xfree():
956 : *
957 : * @return Returns 0 to indicate success. Otherwise an kerberos et
958 : * error code is returned, see krb5_get_error_message().
959 : *
960 : * @ingroup krb5
961 : */
962 :
963 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
964 76315 : krb5_get_default_in_tkt_etypes(krb5_context context,
965 : krb5_pdu pdu_type,
966 : krb5_enctype **etypes)
967 : {
968 76315 : krb5_enctype *enctypes = NULL;
969 : krb5_error_code ret;
970 : krb5_enctype *p;
971 :
972 76315 : heim_assert(pdu_type == KRB5_PDU_AS_REQUEST ||
973 : pdu_type == KRB5_PDU_TGS_REQUEST ||
974 : pdu_type == KRB5_PDU_NONE, "unexpected pdu type");
975 :
976 76315 : if (pdu_type == KRB5_PDU_AS_REQUEST && context->as_etypes != NULL)
977 454 : enctypes = context->as_etypes;
978 75861 : else if (pdu_type == KRB5_PDU_TGS_REQUEST && context->tgs_etypes != NULL)
979 0 : enctypes = context->tgs_etypes;
980 75861 : else if (context->etypes != NULL)
981 44308 : enctypes = context->etypes;
982 :
983 76315 : if (enctypes != NULL) {
984 44762 : ret = copy_enctypes(context, enctypes, &p);
985 44762 : if (ret)
986 0 : return ret;
987 : } else {
988 31553 : ret = default_etypes(context, &p);
989 31553 : if (ret)
990 0 : return ret;
991 : }
992 76315 : *etypes = p;
993 76315 : return 0;
994 : }
995 :
996 : /**
997 : * Init the built-in ets in the Kerberos library.
998 : *
999 : * @param context kerberos context to add the ets too
1000 : *
1001 : * @ingroup krb5
1002 : */
1003 :
1004 : KRB5_LIB_FUNCTION void KRB5_LIB_CALL
1005 0 : krb5_init_ets(krb5_context context)
1006 : {
1007 0 : }
1008 :
1009 : static void
1010 555816 : _krb5_init_ets(krb5_context context)
1011 : {
1012 555816 : heim_add_et_list(context->hcontext, initialize_krb5_error_table_r);
1013 555816 : heim_add_et_list(context->hcontext, initialize_asn1_error_table_r);
1014 555816 : heim_add_et_list(context->hcontext, initialize_heim_error_table_r);
1015 :
1016 555816 : heim_add_et_list(context->hcontext, initialize_k524_error_table_r);
1017 555816 : heim_add_et_list(context->hcontext, initialize_k5e1_error_table_r);
1018 :
1019 : #ifdef COM_ERR_BINDDOMAIN_krb5
1020 555816 : bindtextdomain(COM_ERR_BINDDOMAIN_krb5, HEIMDAL_LOCALEDIR);
1021 555816 : bindtextdomain(COM_ERR_BINDDOMAIN_asn1, HEIMDAL_LOCALEDIR);
1022 555816 : bindtextdomain(COM_ERR_BINDDOMAIN_heim, HEIMDAL_LOCALEDIR);
1023 555816 : bindtextdomain(COM_ERR_BINDDOMAIN_k524, HEIMDAL_LOCALEDIR);
1024 : #endif
1025 :
1026 : #ifdef PKINIT
1027 555816 : heim_add_et_list(context->hcontext, initialize_hx_error_table_r);
1028 : #ifdef COM_ERR_BINDDOMAIN_hx
1029 555816 : bindtextdomain(COM_ERR_BINDDOMAIN_hx, HEIMDAL_LOCALEDIR);
1030 : #endif
1031 : #endif
1032 555816 : }
1033 :
1034 : /**
1035 : * Make the kerberos library default to the admin KDC.
1036 : *
1037 : * @param context Kerberos 5 context.
1038 : * @param flag boolean flag to select if the use the admin KDC or not.
1039 : *
1040 : * @ingroup krb5
1041 : */
1042 :
1043 : KRB5_LIB_FUNCTION void KRB5_LIB_CALL
1044 0 : krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag)
1045 : {
1046 0 : context->use_admin_kdc = flag;
1047 0 : }
1048 :
1049 : /**
1050 : * Make the kerberos library default to the admin KDC.
1051 : *
1052 : * @param context Kerberos 5 context.
1053 : *
1054 : * @return boolean flag to telling the context will use admin KDC as the default KDC.
1055 : *
1056 : * @ingroup krb5
1057 : */
1058 :
1059 : KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
1060 0 : krb5_get_use_admin_kdc (krb5_context context)
1061 : {
1062 0 : return context->use_admin_kdc;
1063 : }
1064 :
1065 : /**
1066 : * Add extra address to the address list that the library will add to
1067 : * the client's address list when communicating with the KDC.
1068 : *
1069 : * @param context Kerberos 5 context.
1070 : * @param addresses addreses to add
1071 : *
1072 : * @return Returns 0 to indicate success. Otherwise an kerberos et
1073 : * error code is returned, see krb5_get_error_message().
1074 : *
1075 : * @ingroup krb5
1076 : */
1077 :
1078 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1079 0 : krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses)
1080 : {
1081 :
1082 0 : if(context->extra_addresses)
1083 0 : return krb5_append_addresses(context,
1084 : context->extra_addresses, addresses);
1085 : else
1086 0 : return krb5_set_extra_addresses(context, addresses);
1087 : }
1088 :
1089 : /**
1090 : * Set extra address to the address list that the library will add to
1091 : * the client's address list when communicating with the KDC.
1092 : *
1093 : * @param context Kerberos 5 context.
1094 : * @param addresses addreses to set
1095 : *
1096 : * @return Returns 0 to indicate success. Otherwise an kerberos et
1097 : * error code is returned, see krb5_get_error_message().
1098 : *
1099 : * @ingroup krb5
1100 : */
1101 :
1102 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1103 1476799 : krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
1104 : {
1105 1476799 : if(context->extra_addresses)
1106 0 : krb5_free_addresses(context, context->extra_addresses);
1107 :
1108 1476799 : if(addresses == NULL) {
1109 1476799 : if(context->extra_addresses != NULL) {
1110 0 : free(context->extra_addresses);
1111 0 : context->extra_addresses = NULL;
1112 : }
1113 1476799 : return 0;
1114 : }
1115 0 : if(context->extra_addresses == NULL) {
1116 0 : context->extra_addresses = malloc(sizeof(*context->extra_addresses));
1117 0 : if (context->extra_addresses == NULL)
1118 0 : return krb5_enomem(context);
1119 : }
1120 0 : return krb5_copy_addresses(context, addresses, context->extra_addresses);
1121 : }
1122 :
1123 : /**
1124 : * Get extra address to the address list that the library will add to
1125 : * the client's address list when communicating with the KDC.
1126 : *
1127 : * @param context Kerberos 5 context.
1128 : * @param addresses addreses to set
1129 : *
1130 : * @return Returns 0 to indicate success. Otherwise an kerberos et
1131 : * error code is returned, see krb5_get_error_message().
1132 : *
1133 : * @ingroup krb5
1134 : */
1135 :
1136 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1137 0 : krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses)
1138 : {
1139 0 : if(context->extra_addresses == NULL) {
1140 0 : memset(addresses, 0, sizeof(*addresses));
1141 0 : return 0;
1142 : }
1143 0 : return krb5_copy_addresses(context,context->extra_addresses, addresses);
1144 : }
1145 :
1146 : /**
1147 : * Add extra addresses to ignore when fetching addresses from the
1148 : * underlaying operating system.
1149 : *
1150 : * @param context Kerberos 5 context.
1151 : * @param addresses addreses to ignore
1152 : *
1153 : * @return Returns 0 to indicate success. Otherwise an kerberos et
1154 : * error code is returned, see krb5_get_error_message().
1155 : *
1156 : * @ingroup krb5
1157 : */
1158 :
1159 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1160 0 : krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses)
1161 : {
1162 :
1163 0 : if(context->ignore_addresses)
1164 0 : return krb5_append_addresses(context,
1165 : context->ignore_addresses, addresses);
1166 : else
1167 0 : return krb5_set_ignore_addresses(context, addresses);
1168 : }
1169 :
1170 : /**
1171 : * Set extra addresses to ignore when fetching addresses from the
1172 : * underlaying operating system.
1173 : *
1174 : * @param context Kerberos 5 context.
1175 : * @param addresses addreses to ignore
1176 : *
1177 : * @return Returns 0 to indicate success. Otherwise an kerberos et
1178 : * error code is returned, see krb5_get_error_message().
1179 : *
1180 : * @ingroup krb5
1181 : */
1182 :
1183 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1184 1476799 : krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses)
1185 : {
1186 1476799 : if(context->ignore_addresses)
1187 0 : krb5_free_addresses(context, context->ignore_addresses);
1188 1476799 : if(addresses == NULL) {
1189 1476799 : if(context->ignore_addresses != NULL) {
1190 0 : free(context->ignore_addresses);
1191 0 : context->ignore_addresses = NULL;
1192 : }
1193 1476799 : return 0;
1194 : }
1195 0 : if(context->ignore_addresses == NULL) {
1196 0 : context->ignore_addresses = malloc(sizeof(*context->ignore_addresses));
1197 0 : if (context->ignore_addresses == NULL)
1198 0 : return krb5_enomem(context);
1199 : }
1200 0 : return krb5_copy_addresses(context, addresses, context->ignore_addresses);
1201 : }
1202 :
1203 : /**
1204 : * Get extra addresses to ignore when fetching addresses from the
1205 : * underlaying operating system.
1206 : *
1207 : * @param context Kerberos 5 context.
1208 : * @param addresses list addreses ignored
1209 : *
1210 : * @return Returns 0 to indicate success. Otherwise an kerberos et
1211 : * error code is returned, see krb5_get_error_message().
1212 : *
1213 : * @ingroup krb5
1214 : */
1215 :
1216 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1217 0 : krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses)
1218 : {
1219 0 : if(context->ignore_addresses == NULL) {
1220 0 : memset(addresses, 0, sizeof(*addresses));
1221 0 : return 0;
1222 : }
1223 0 : return krb5_copy_addresses(context, context->ignore_addresses, addresses);
1224 : }
1225 :
1226 : /**
1227 : * Set version of fcache that the library should use.
1228 : *
1229 : * @param context Kerberos 5 context.
1230 : * @param version version number.
1231 : *
1232 : * @return Returns 0 to indicate success. Otherwise an kerberos et
1233 : * error code is returned, see krb5_get_error_message().
1234 : *
1235 : * @ingroup krb5
1236 : */
1237 :
1238 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1239 0 : krb5_set_fcache_version(krb5_context context, int version)
1240 : {
1241 0 : context->fcache_vno = version;
1242 0 : return 0;
1243 : }
1244 :
1245 : /**
1246 : * Get version of fcache that the library should use.
1247 : *
1248 : * @param context Kerberos 5 context.
1249 : * @param version version number.
1250 : *
1251 : * @return Returns 0 to indicate success. Otherwise an kerberos et
1252 : * error code is returned, see krb5_get_error_message().
1253 : *
1254 : * @ingroup krb5
1255 : */
1256 :
1257 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1258 0 : krb5_get_fcache_version(krb5_context context, int *version)
1259 : {
1260 0 : *version = context->fcache_vno;
1261 0 : return 0;
1262 : }
1263 :
1264 : /**
1265 : * Runtime check if the Kerberos library was complied with thread support.
1266 : *
1267 : * @return TRUE if the library was compiled with thread support, FALSE if not.
1268 : *
1269 : * @ingroup krb5
1270 : */
1271 :
1272 :
1273 : KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
1274 0 : krb5_is_thread_safe(void)
1275 : {
1276 : #ifdef ENABLE_PTHREAD_SUPPORT
1277 : return TRUE;
1278 : #else
1279 0 : return FALSE;
1280 : #endif
1281 : }
1282 :
1283 : /**
1284 : * Set if the library should use DNS to canonicalize hostnames.
1285 : *
1286 : * @param context Kerberos 5 context.
1287 : * @param flag if its dns canonicalizion is used or not.
1288 : *
1289 : * @ingroup krb5
1290 : */
1291 :
1292 : KRB5_LIB_FUNCTION void KRB5_LIB_CALL
1293 869733 : krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag)
1294 : {
1295 869733 : if (flag)
1296 0 : context->flags |= KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME;
1297 : else
1298 869733 : context->flags &= ~KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME;
1299 869733 : }
1300 :
1301 : /**
1302 : * Get if the library uses DNS to canonicalize hostnames.
1303 : *
1304 : * @param context Kerberos 5 context.
1305 : *
1306 : * @return return non zero if the library uses DNS to canonicalize hostnames.
1307 : *
1308 : * @ingroup krb5
1309 : */
1310 :
1311 : KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
1312 0 : krb5_get_dns_canonicalize_hostname (krb5_context context)
1313 : {
1314 0 : return (context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) ? 1 : 0;
1315 : }
1316 :
1317 : /**
1318 : * Get current offset in time to the KDC.
1319 : *
1320 : * @param context Kerberos 5 context.
1321 : * @param sec seconds part of offset.
1322 : * @param usec micro seconds part of offset.
1323 : *
1324 : * @return returns zero
1325 : *
1326 : * @ingroup krb5
1327 : */
1328 :
1329 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1330 0 : krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec)
1331 : {
1332 0 : if (sec)
1333 0 : *sec = context->kdc_sec_offset;
1334 0 : if (usec)
1335 0 : *usec = context->kdc_usec_offset;
1336 0 : return 0;
1337 : }
1338 :
1339 : /**
1340 : * Set current offset in time to the KDC.
1341 : *
1342 : * @param context Kerberos 5 context.
1343 : * @param sec seconds part of offset.
1344 : * @param usec micro seconds part of offset.
1345 : *
1346 : * @return returns zero
1347 : *
1348 : * @ingroup krb5
1349 : */
1350 :
1351 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1352 0 : krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec)
1353 : {
1354 0 : context->kdc_sec_offset = sec;
1355 0 : if (usec >= 0)
1356 0 : context->kdc_usec_offset = usec;
1357 0 : return 0;
1358 : }
1359 :
1360 : /**
1361 : * Get max time skew allowed.
1362 : *
1363 : * @param context Kerberos 5 context.
1364 : *
1365 : * @return timeskew in seconds.
1366 : *
1367 : * @ingroup krb5
1368 : */
1369 :
1370 : KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL
1371 6 : krb5_get_max_time_skew (krb5_context context)
1372 : {
1373 6 : return context->max_skew;
1374 : }
1375 :
1376 : /**
1377 : * Set max time skew allowed.
1378 : *
1379 : * @param context Kerberos 5 context.
1380 : * @param t timeskew in seconds.
1381 : *
1382 : * @ingroup krb5
1383 : */
1384 :
1385 : KRB5_LIB_FUNCTION void KRB5_LIB_CALL
1386 0 : krb5_set_max_time_skew (krb5_context context, time_t t)
1387 : {
1388 0 : context->max_skew = t;
1389 0 : }
1390 :
1391 : /*
1392 : * Init encryption types in len, val with etypes.
1393 : *
1394 : * @param context Kerberos 5 context.
1395 : * @param pdu_type type of pdu
1396 : * @param len output length of val.
1397 : * @param val output array of enctypes.
1398 : * @param etypes etypes to set val and len to, if NULL, use default enctypes.
1399 :
1400 : * @return Returns 0 to indicate success. Otherwise an kerberos et
1401 : * error code is returned, see krb5_get_error_message().
1402 : *
1403 : * @ingroup krb5
1404 : */
1405 :
1406 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1407 64698 : _krb5_init_etype(krb5_context context,
1408 : krb5_pdu pdu_type,
1409 : unsigned *len,
1410 : krb5_enctype **val,
1411 : const krb5_enctype *etypes)
1412 : {
1413 : krb5_error_code ret;
1414 :
1415 64698 : if (etypes == NULL)
1416 64609 : ret = krb5_get_default_in_tkt_etypes(context, pdu_type, val);
1417 : else
1418 89 : ret = copy_enctypes(context, etypes, val);
1419 64698 : if (ret)
1420 0 : return ret;
1421 :
1422 64698 : if (len) {
1423 64698 : *len = 0;
1424 495860 : while ((*val)[*len] != KRB5_ENCTYPE_NULL)
1425 366464 : (*len)++;
1426 : }
1427 64698 : return 0;
1428 : }
1429 :
1430 : /*
1431 : * Allow homedir access
1432 : */
1433 :
1434 : KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
1435 49549 : _krb5_homedir_access(krb5_context context)
1436 : {
1437 49549 : if (context)
1438 49549 : return !!(context->flags & KRB5_CTX_F_HOMEDIR_ACCESS);
1439 0 : return !issuid();
1440 : }
1441 :
1442 : /**
1443 : * Enable and disable home directory access on either the global state
1444 : * or the krb5_context state. By calling krb5_set_home_dir_access()
1445 : * with context set to NULL, the global state is configured otherwise
1446 : * the state for the krb5_context is modified.
1447 : *
1448 : * For home directory access to be allowed, both the global state and
1449 : * the krb5_context state have to be allowed.
1450 : *
1451 : * @param context a Kerberos 5 context or NULL
1452 : * @param allow allow if TRUE home directory
1453 : * @return the old value
1454 : *
1455 : * @ingroup krb5
1456 : */
1457 :
1458 : KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
1459 0 : krb5_set_home_dir_access(krb5_context context, krb5_boolean allow)
1460 : {
1461 0 : krb5_boolean old = _krb5_homedir_access(context);
1462 :
1463 0 : if (context) {
1464 0 : if (allow)
1465 0 : context->flags |= KRB5_CTX_F_HOMEDIR_ACCESS;
1466 : else
1467 0 : context->flags &= ~KRB5_CTX_F_HOMEDIR_ACCESS;
1468 0 : heim_context_set_homedir_access(context->hcontext, allow ? 1 : 0);
1469 : }
1470 :
1471 0 : return old;
1472 : }
1473 :
|
