-: 0:Source:alt_prof.c -: 0:Graph:/var/tsitkova/Sources/v10/trunk/src/lib/kadm5/alt_prof.so.gcno -: 0:Data:/var/tsitkova/Sources/v10/trunk/src/lib/kadm5/alt_prof.so.gcda -: 0:Runs:958 -: 0:Programs:2 -: 1:/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -: 2:/* lib/kadm5/alt_prof.c */ -: 3:/* -: 4: * Copyright 1995,2001,2008,2009 by the Massachusetts Institute of Technology. -: 5: * All Rights Reserved. -: 6: * -: 7: * Export of this software from the United States of America may -: 8: * require a specific license from the United States Government. -: 9: * It is the responsibility of any person or organization contemplating -: 10: * export to obtain such a license before exporting. -: 11: * -: 12: * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -: 13: * distribute this software and its documentation for any purpose and -: 14: * without fee is hereby granted, provided that the above copyright -: 15: * notice appear in all copies and that both that copyright notice and -: 16: * this permission notice appear in supporting documentation, and that -: 17: * the name of M.I.T. not be used in advertising or publicity pertaining -: 18: * to distribution of the software without specific, written prior -: 19: * permission. Furthermore if you modify this software you must label -: 20: * your software as modified software and not distribute it in such a -: 21: * fashion that it might be confused with the original M.I.T. software. -: 22: * M.I.T. makes no representations about the suitability of -: 23: * this software for any purpose. It is provided "as is" without express -: 24: * or implied warranty. -: 25: */ -: 26:/* -: 27: * Copyright 2004 Sun Microsystems, Inc. All rights reserved. -: 28: * Use is subject to license terms. -: 29: */ -: 30: -: 31:/* Implement alternate profile file handling. */ -: 32:#include "fake-addrinfo.h" -: 33:#include "k5-int.h" -: 34:#include -: 35:#include "adm_proto.h" -: 36:#include -: 37:#include -: 38:#include -: 39: -: 40:krb5_boolean krb5_match_config_pattern(const char *, const char*); 196: 41:static krb5_key_salt_tuple *copy_key_salt_tuple(ksalt, len) -: 42: krb5_key_salt_tuple *ksalt; -: 43: krb5_int32 len; -: 44:{ -: 45: krb5_key_salt_tuple *knew; -: 46: 196: 47: if((knew = (krb5_key_salt_tuple *) -: 48: malloc((len ) * sizeof(krb5_key_salt_tuple)))) { 196: 49: memcpy(knew, ksalt, len * sizeof(krb5_key_salt_tuple)); 196: 50: return knew; -: 51: } #####: 52: return 0; -: 53:} -: 54: -: 55:/* -: 56: * krb5_aprof_init() - Initialize alternate profile context. -: 57: * -: 58: * Parameters: -: 59: * fname - default file name of the profile. -: 60: * envname - environment variable name which can override fname. -: 61: * acontextp - Pointer to opaque context for alternate profile. -: 62: * -: 63: * Returns: -: 64: * error codes from profile_init() -: 65: */ -: 66:krb5_error_code 1137: 67:krb5_aprof_init(fname, envname, acontextp) -: 68: char *fname; -: 69: char *envname; -: 70: krb5_pointer *acontextp; -: 71:{ -: 72: krb5_error_code kret; -: 73: profile_t profile; -: 74: const char *kdc_config; -: 75: char *profile_path; -: 76: char **filenames; -: 77: int i; -: 78: struct k5buf buf; -: 79: 1137: 80: kret = krb5_get_default_config_files (&filenames); 1137: 81: if (kret) #####: 82: return kret; 1137: 83: if (envname == NULL || (kdc_config = getenv(envname)) == NULL) #####: 84: kdc_config = fname; 1137: 85: krb5int_buf_init_dynamic(&buf); 1137: 86: if (kdc_config) 1137: 87: krb5int_buf_add(&buf, kdc_config); 2274: 88: for (i = 0; filenames[i] != NULL; i++) { 1137: 89: if (krb5int_buf_len(&buf) > 0) 1137: 90: krb5int_buf_add(&buf, ":"); 1137: 91: krb5int_buf_add(&buf, filenames[i]); -: 92: } 1137: 93: krb5_free_config_files(filenames); 1137: 94: profile_path = krb5int_buf_data(&buf); 1137: 95: if (profile_path == NULL) #####: 96: return ENOMEM; 1137: 97: profile = (profile_t) NULL; 1137: 98: kret = profile_init_path(profile_path, &profile); 1137: 99: free(profile_path); 1137: 100: if (kret) #####: 101: return kret; 1137: 102: *acontextp = profile; 1137: 103: return 0; -: 104:} -: 105: -: 106:/* -: 107: * krb5_aprof_getvals() - Get values from alternate profile. -: 108: * -: 109: * Parameters: -: 110: * acontext - opaque context for alternate profile. -: 111: * hierarchy - hierarchy of value to retrieve. -: 112: * retdata - Returned data values. -: 113: * -: 114: * Returns: -: 115: * error codes from profile_get_values() -: 116: */ -: 117:krb5_error_code 16757: 118:krb5_aprof_getvals(acontext, hierarchy, retdata) -: 119: krb5_pointer acontext; -: 120: const char **hierarchy; -: 121: char ***retdata; -: 122:{ 16757: 123: return(profile_get_values((profile_t) acontext, -: 124: hierarchy, -: 125: retdata)); -: 126:} -: 127: -: 128:/* -: 129: * krb5_aprof_get_boolean() -: 130: * -: 131: * Parameters: -: 132: * acontext - opaque context for alternate profile -: 133: * hierarchy - hierarchy of value to retrieve -: 134: * retdata - Returned data value -: 135: * Returns: -: 136: * error codes -: 137: */ -: 138: -: 139:static krb5_error_code 1: 140:string_to_boolean (const char *string, krb5_boolean *out) -: 141:{ -: 142: static const char *const yes[] = { "y", "yes", "true", "t", "1", "on" }; -: 143: static const char *const no[] = { "n", "no", "false", "f", "nil", "0", "off" }; -: 144: unsigned int i; -: 145: 3: 146: for (i = 0; i < sizeof(yes)/sizeof(yes[0]); i++) 3: 147: if (!strcasecmp(string, yes[i])) { 1: 148: *out = 1; 1: 149: return 0; -: 150: } #####: 151: for (i = 0; i < sizeof(no)/sizeof(no[0]); i++) #####: 152: if (!strcasecmp(string, no[i])) { #####: 153: *out = 0; #####: 154: return 0; -: 155: } #####: 156: return PROF_BAD_BOOLEAN; -: 157:} -: 158: -: 159:krb5_error_code 1042: 160:krb5_aprof_get_boolean(krb5_pointer acontext, const char **hierarchy, -: 161: int uselast, krb5_boolean *retdata) -: 162:{ -: 163: krb5_error_code kret; -: 164: char **values; -: 165: char *valp; -: 166: int idx; -: 167: krb5_boolean val; -: 168: 1042: 169: kret = krb5_aprof_getvals (acontext, hierarchy, &values); 1042: 170: if (kret) 1041: 171: return kret; 1: 172: idx = 0; 1: 173: if (uselast) { 3: 174: while (values[idx]) 1: 175: idx++; 1: 176: idx--; -: 177: } 1: 178: valp = values[idx]; 1: 179: kret = string_to_boolean (valp, &val); 1: 180: profile_free_list(values); 1: 181: if (kret) #####: 182: return kret; 1: 183: *retdata = val; 1: 184: return 0; -: 185:} -: 186: -: 187:/* -: 188: * krb5_aprof_get_deltat() - Get a delta time value from the alternate -: 189: * profile. -: 190: * -: 191: * Parameters: -: 192: * acontext - opaque context for alternate profile. -: 193: * hierarchy - hierarchy of value to retrieve. -: 194: * uselast - if true, use last value, otherwise use -: 195: * first value found. -: 196: * deltatp - returned delta time value. -: 197: * -: 198: * Returns: -: 199: * error codes from profile_get_values() -: 200: * error codes from krb5_string_to_deltat() -: 201: */ -: 202:krb5_error_code 2419: 203:krb5_aprof_get_deltat(acontext, hierarchy, uselast, deltatp) -: 204: krb5_pointer acontext; -: 205: const char **hierarchy; -: 206: krb5_boolean uselast; -: 207: krb5_deltat *deltatp; -: 208:{ -: 209: krb5_error_code kret; -: 210: char **values; -: 211: char *valp; -: 212: int idx; -: 213: 2419: 214: if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) { #####: 215: idx = 0; #####: 216: if (uselast) { #####: 217: for (idx=0; values[idx]; idx++); #####: 218: idx--; -: 219: } #####: 220: valp = values[idx]; #####: 221: kret = krb5_string_to_deltat(valp, deltatp); -: 222: -: 223: /* Free the string storage */ #####: 224: profile_free_list(values); -: 225: } 2419: 226: return(kret); -: 227:} -: 228: -: 229:/* -: 230: * krb5_aprof_get_string() - Get a string value from the alternate -: 231: * profile. -: 232: * -: 233: * Parameters: -: 234: * acontext - opaque context for alternate profile. -: 235: * hierarchy - hierarchy of value to retrieve. -: 236: * uselast - if true, use last value, otherwise use -: 237: * first value found. -: 238: * stringp - returned string value. -: 239: * -: 240: * Returns: -: 241: * error codes from profile_get_values() -: 242: */ -: 243:krb5_error_code 10264: 244:krb5_aprof_get_string(acontext, hierarchy, uselast, stringp) -: 245: krb5_pointer acontext; -: 246: const char **hierarchy; -: 247: krb5_boolean uselast; -: 248: char **stringp; -: 249:{ -: 250: krb5_error_code kret; -: 251: char **values; -: 252: int lastidx; -: 253: 10264: 254: if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) { 3158: 255: for (lastidx=0; values[lastidx]; lastidx++); 3158: 256: lastidx--; -: 257: -: 258: /* Excise the entry we want from the null-terminated list, -: 259: and free up the rest. */ 3158: 260: if (uselast) { 3158: 261: *stringp = values[lastidx]; 3158: 262: values[lastidx] = NULL; -: 263: } else { #####: 264: *stringp = values[0]; #####: 265: values[0] = values[lastidx]; #####: 266: values[lastidx] = NULL; -: 267: } -: 268: -: 269: /* Free the string storage */ 3158: 270: profile_free_list(values); -: 271: } 10264: 272: return(kret); -: 273:} -: 274: -: 275:/* -: 276: * krb5_aprof_get_string_all() - When the attr identified by "hierarchy" is specified multiple times, -: 277: * collect all its string values from the alternate profile. -: 278: * -: 279: * Parameters: -: 280: * acontext - opaque context for alternate profile. -: 281: * hierarchy - hierarchy of value to retrieve. -: 282: * stringp - Returned string value. -: 283: * -: 284: * Returns: -: 285: * error codes from profile_get_values() or ENOMEM -: 286: * Caller is responsible for deallocating stringp buffer -: 287: */ -: 288:krb5_error_code 404: 289:krb5_aprof_get_string_all(acontext, hierarchy, stringp) -: 290: krb5_pointer acontext; -: 291: const char **hierarchy; -: 292: char **stringp; -: 293:{ 404: 294: krb5_error_code kret=0; -: 295: char **values; 404: 296: int lastidx = 0; 404: 297: char *tmp = NULL ; 404: 298: size_t buf_size = 0; 404: 299: kret = krb5_aprof_getvals(acontext, hierarchy, &values); 404: 300: if (!kret) { #####: 301: for (lastidx=0; values[lastidx]; lastidx++); #####: 302: lastidx--; -: 303: #####: 304: buf_size = strlen(values[0])+3; #####: 305: for (lastidx=1; values[lastidx]; lastidx++){ #####: 306: buf_size += strlen(values[lastidx]) + 3; -: 307: } -: 308: } 404: 309: if (buf_size > 0) { #####: 310: *stringp = calloc(1,buf_size); #####: 311: if (*stringp == NULL){ #####: 312: profile_free_list(values); #####: 313: return ENOMEM; -: 314: } #####: 315: tmp=*stringp; #####: 316: strlcpy(tmp, values[0], buf_size); #####: 317: for (lastidx=1; values[lastidx]; lastidx++){ #####: 318: tmp = strcat(tmp, " "); #####: 319: tmp = strcat(tmp, values[lastidx]); -: 320: } -: 321: /* Free the string storage */ #####: 322: profile_free_list(values); -: 323: } 404: 324: return(kret); -: 325:} -: 326: -: 327: -: 328:/* -: 329: * krb5_aprof_get_int32() - Get a 32-bit integer value from the alternate -: 330: * profile. -: 331: * -: 332: * Parameters: -: 333: * acontext - opaque context for alternate profile. -: 334: * hierarchy - hierarchy of value to retrieve. -: 335: * uselast - if true, use last value, otherwise use -: 336: * first value found. -: 337: * intp - returned 32-bit integer value. -: 338: * -: 339: * Returns: -: 340: * error codes from profile_get_values() -: 341: * EINVAL - value is not an integer -: 342: */ -: 343:krb5_error_code 2628: 344:krb5_aprof_get_int32(acontext, hierarchy, uselast, intp) -: 345: krb5_pointer acontext; -: 346: const char **hierarchy; -: 347: krb5_boolean uselast; -: 348: krb5_int32 *intp; -: 349:{ -: 350: krb5_error_code kret; -: 351: char **values; -: 352: int idx; -: 353: 2628: 354: if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) { 815: 355: idx = 0; 815: 356: if (uselast) { 815: 357: for (idx=0; values[idx]; idx++); 815: 358: idx--; -: 359: } -: 360: 815: 361: if (sscanf(values[idx], "%d", intp) != 1) #####: 362: kret = EINVAL; -: 363: -: 364: /* Free the string storage */ 815: 365: profile_free_list(values); -: 366: } 2628: 367: return(kret); -: 368:} -: 369: -: 370:/* -: 371: * krb5_aprof_finish() - Finish alternate profile context. -: 372: * -: 373: * Parameter: -: 374: * acontext - opaque context for alternate profile. -: 375: * -: 376: * Returns: -: 377: * 0 on success, something else on failure. -: 378: */ -: 379:krb5_error_code 1137: 380:krb5_aprof_finish(acontext) -: 381: krb5_pointer acontext; -: 382:{ 1137: 383: profile_release(acontext); 1137: 384: return(0); -: 385:} -: 386: -: 387:/* -: 388: * Returns nonzero if it found something to copy; the caller may still -: 389: * need to check the output field or mask to see if the copy -: 390: * (allocation) was successful. Returns zero if nothing was found to -: 391: * copy, and thus the caller may want to apply some default heuristic. -: 392: * If the default action is just to use a fixed, compiled-in string, -: 393: * supply it as the default value here and ignore the return value. -: 394: */ -: 395:static int 7480: 396:get_string_param(char **param_out, char *param_in, -: 397: long *mask_out, long mask_in, long mask_bit, -: 398: krb5_pointer aprofile, -: 399: const char **hierarchy, -: 400: const char *config_name, -: 401: const char *default_value) -: 402:{ -: 403: char *svalue; -: 404: 7480: 405: hierarchy[2] = config_name; 7480: 406: if (mask_in & mask_bit) { 1182: 407: *param_out = strdup(param_in); 1182: 408: if (*param_out) 1182: 409: *mask_out |= mask_bit; 1182: 410: return 1; 12596: 411: } else if (aprofile && 6298: 412: !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { 2167: 413: *param_out = svalue; 2167: 414: *mask_out |= mask_bit; 2167: 415: return 1; 4131: 416: } else if (default_value) { 752: 417: *param_out = strdup(default_value); 752: 418: if (*param_out) 752: 419: *mask_out |= mask_bit; 752: 420: return 1; -: 421: } else { 3379: 422: return 0; -: 423: } -: 424:} -: 425:/* -: 426: * Similar, for (host-order) port number, if not already set in the -: 427: * output field; default_value==0 means no default. -: 428: */ -: 429:static void 2805: 430:get_port_param(int *param_out, int param_in, -: 431: long *mask_out, long mask_in, long mask_bit, -: 432: krb5_pointer aprofile, -: 433: const char **hierarchy, -: 434: const char *config_name, -: 435: int default_value) -: 436:{ -: 437: krb5_int32 ivalue; -: 438: 2805: 439: if (! (*mask_out & mask_bit)) { 2079: 440: hierarchy[2] = config_name; 2079: 441: if (mask_in & mask_bit) { 392: 442: *mask_out |= mask_bit; 392: 443: *param_out = param_in; 4088: 444: } else if (aprofile && 1687: 445: !krb5_aprof_get_int32(aprofile, hierarchy, TRUE, &ivalue)) { 714: 446: *param_out = ivalue; 714: 447: *mask_out |= mask_bit; 973: 448: } else if (default_value) { 38: 449: *param_out = default_value; 38: 450: *mask_out |= mask_bit; -: 451: } -: 452: } 2805: 453:} -: 454:/* -: 455: * Similar, for delta_t; default is required. -: 456: */ -: 457:static void 2805: 458:get_deltat_param(krb5_deltat *param_out, krb5_deltat param_in, -: 459: long *mask_out, long mask_in, long mask_bit, -: 460: krb5_pointer aprofile, -: 461: const char **hierarchy, -: 462: const char *config_name, -: 463: krb5_deltat default_value) -: 464:{ -: 465: krb5_deltat dtvalue; -: 466: 2805: 467: hierarchy[2] = config_name; 2805: 468: if (mask_in & mask_bit) { 588: 469: *mask_out |= mask_bit; 588: 470: *param_out = param_in; 4434: 471: } else if (aprofile && 2217: 472: !krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) { #####: 473: *param_out = dtvalue; #####: 474: *mask_out |= mask_bit; -: 475: } else { 2217: 476: *param_out = default_value; 2217: 477: *mask_out |= mask_bit; -: 478: } 2805: 479:} -: 480: -: 481:/* -: 482: * Parse out the port number from an admin_server setting. Modify server to -: 483: * contain just the hostname or address. If a port is given, set *port, and -: 484: * set the appropriate bit in *mask. -: 485: */ -: 486:static void 916: 487:parse_admin_server_port(char *server, int *port, long *mask) -: 488:{ -: 489: char *end, *portstr; -: 490: -: 491: /* Allow the name or addr to be enclosed in brackets, for IPv6 addrs. */ 916: 492: if (*server == '[' && (end = strchr(server + 1, ']')) != NULL) { #####: 493: portstr = (*(end + 1) == ':') ? end + 2 : NULL; -: 494: /* Shift the bracketed name or address back into server. */ #####: 495: memmove(server, server + 1, end - (server + 1)); #####: 496: *(end - 1) = '\0'; -: 497: } else { -: 498: /* Terminate the name at the colon, if any. */ 916: 499: end = server + strcspn(server, ":"); 916: 500: portstr = (*end == ':') ? end + 1 : NULL; 916: 501: *end = '\0'; -: 502: } -: 503: -: 504: /* If we found a port string, parse it and set the appropriate bit. */ 916: 505: if (portstr) { 726: 506: *port = atoi(portstr); 726: 507: *mask |= KADM5_CONFIG_KADMIND_PORT; -: 508: } 916: 509:} -: 510: -: 511:/* -: 512: * Function: kadm5_get_config_params -: 513: * -: 514: * Purpose: Merge configuration parameters provided by the caller with -: 515: * values specified in configuration files and with default values. -: 516: * -: 517: * Arguments: -: 518: * -: 519: * context (r) krb5_context to use -: 520: * profile (r) profile file to use -: 521: * envname (r) envname that contains a profile name to -: 522: * override profile -: 523: * params_in (r) params structure containing user-supplied -: 524: * values, or NULL -: 525: * params_out (w) params structure to be filled in -: 526: * -: 527: * Effects: -: 528: * -: 529: * The fields and mask of params_out are filled in with values -: 530: * obtained from params_in, the specified profile, and default -: 531: * values. Only and all fields specified in params_out->mask are -: 532: * set. The context of params_out must be freed with -: 533: * kadm5_free_config_params. -: 534: * -: 535: * params_in and params_out may be the same pointer. However, all pointers -: 536: * in params_in for which the mask is set will be re-assigned to newly copied -: 537: * versions, overwriting the old pointer value. -: 538: */ 935: 539:krb5_error_code kadm5_get_config_params(context, use_kdc_config, -: 540: params_in, params_out) -: 541: krb5_context context; -: 542: int use_kdc_config; -: 543: kadm5_config_params *params_in, *params_out; -: 544:{ -: 545: char *filename; -: 546: char *envname; -: 547: char *lrealm; 935: 548: krb5_pointer aprofile = 0; -: 549: const char *hierarchy[4]; -: 550: char *svalue; -: 551: krb5_int32 ivalue; -: 552: kadm5_config_params params, empty_params; -: 553: 935: 554: krb5_error_code kret = 0; -: 555: 935: 556: memset(¶ms, 0, sizeof(params)); 935: 557: memset(&empty_params, 0, sizeof(empty_params)); -: 558: 935: 559: if (params_in == NULL) params_in = &empty_params; -: 560: 935: 561: if (params_in->mask & KADM5_CONFIG_REALM) { 722: 562: lrealm = params.realm = strdup(params_in->realm); 722: 563: if (params.realm) 722: 564: params.mask |= KADM5_CONFIG_REALM; -: 565: } else { 213: 566: kret = krb5_get_default_realm(context, &lrealm); 213: 567: if (kret) #####: 568: goto cleanup; 213: 569: params.realm = lrealm; 213: 570: params.mask |= KADM5_CONFIG_REALM; -: 571: } -: 572: 935: 573: if (params_in->mask & KADM5_CONFIG_KVNO) { #####: 574: params.kvno = params_in->kvno; #####: 575: params.mask |= KADM5_CONFIG_KVNO; -: 576: } -: 577: /* -: 578: * XXX These defaults should to work on both client and -: 579: * server. kadm5_get_config_params can be implemented as a -: 580: * wrapper function in each library that provides correct -: 581: * defaults for NULL values. -: 582: */ 935: 583: if (use_kdc_config) { 923: 584: filename = DEFAULT_KDC_PROFILE; 923: 585: envname = KDC_PROFILE_ENV; -: 586: } else { 12: 587: filename = DEFAULT_PROFILE_PATH; 12: 588: envname = "KRB5_CONFIG"; -: 589: } 935: 590: if (context->profile_secure == TRUE) envname = 0; -: 591: 935: 592: kret = krb5_aprof_init(filename, envname, &aprofile); 935: 593: if (kret) #####: 594: goto cleanup; -: 595: -: 596: /* Initialize realm parameters */ 935: 597: hierarchy[0] = KRB5_CONF_REALMS; 935: 598: hierarchy[1] = lrealm; 935: 599: hierarchy[3] = (char *) NULL; -: 600: -: 601:#define GET_STRING_PARAM(FIELD, BIT, CONFTAG, DEFAULT) \ -: 602: get_string_param(¶ms.FIELD, params_in->FIELD, \ -: 603: ¶ms.mask, params_in->mask, BIT, \ -: 604: aprofile, hierarchy, CONFTAG, DEFAULT) -: 605: -: 606: /* Get the value for the admin server */ 935: 607: GET_STRING_PARAM(admin_server, KADM5_CONFIG_ADMIN_SERVER, KRB5_CONF_ADMIN_SERVER, -: 608: NULL); -: 609: 935: 610: if (params.mask & KADM5_CONFIG_ADMIN_SERVER) { 916: 611: parse_admin_server_port(params.admin_server, ¶ms.kadmind_port, -: 612: ¶ms.mask); -: 613: } -: 614: -: 615: /* Get the value for the database */ 935: 616: GET_STRING_PARAM(dbname, KADM5_CONFIG_DBNAME, KRB5_CONF_DATABASE_NAME, -: 617: DEFAULT_KDB_FILE); -: 618: -: 619: /* Get the value for the admin (policy) database lock file*/ 935: 620: if (!GET_STRING_PARAM(admin_keytab, KADM5_CONFIG_ADMIN_KEYTAB, -: 621: KRB5_CONF_ADMIN_KEYTAB, NULL)) { 739: 622: const char *s = getenv("KRB5_KTNAME"); 739: 623: if (s == NULL) 13: 624: s = DEFAULT_KADM5_KEYTAB; 739: 625: params.admin_keytab = strdup(s); 739: 626: if (params.admin_keytab) 739: 627: params.mask |= KADM5_CONFIG_ADMIN_KEYTAB; -: 628: } -: 629: -: 630: /* Get the name of the acl file */ 935: 631: GET_STRING_PARAM(acl_file, KADM5_CONFIG_ACL_FILE, KRB5_CONF_ACL_FILE, -: 632: DEFAULT_KADM5_ACL_FILE); -: 633: -: 634: /* Get the name of the dict file */ 935: 635: GET_STRING_PARAM(dict_file, KADM5_CONFIG_DICT_FILE, KRB5_CONF_DICT_FILE, NULL); -: 636: -: 637:#define GET_PORT_PARAM(FIELD, BIT, CONFTAG, DEFAULT) \ -: 638: get_port_param(¶ms.FIELD, params_in->FIELD, \ -: 639: ¶ms.mask, params_in->mask, BIT, \ -: 640: aprofile, hierarchy, CONFTAG, DEFAULT) -: 641: /* Get the value for the kadmind port */ 935: 642: GET_PORT_PARAM(kadmind_port, KADM5_CONFIG_KADMIND_PORT, -: 643: KRB5_CONF_KADMIND_PORT, DEFAULT_KADM5_PORT); -: 644: -: 645: /* Get the value for the kpasswd port */ 935: 646: GET_PORT_PARAM(kpasswd_port, KADM5_CONFIG_KPASSWD_PORT, -: 647: KRB5_CONF_KPASSWD_PORT, DEFAULT_KPASSWD_PORT); -: 648: -: 649: /* Get the value for the master key name */ 935: 650: GET_STRING_PARAM(mkey_name, KADM5_CONFIG_MKEY_NAME, -: 651: KRB5_CONF_MASTER_KEY_NAME, NULL); -: 652: -: 653: /* Get the value for the master key type */ 935: 654: hierarchy[2] = KRB5_CONF_MASTER_KEY_TYPE; 935: 655: if (params_in->mask & KADM5_CONFIG_ENCTYPE) { 196: 656: params.mask |= KADM5_CONFIG_ENCTYPE; 196: 657: params.enctype = params_in->enctype; 1757: 658: } else if (aprofile && 739: 659: !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { 279: 660: if (!krb5_string_to_enctype(svalue, ¶ms.enctype)) { 279: 661: params.mask |= KADM5_CONFIG_ENCTYPE; 279: 662: free(svalue); -: 663: } -: 664: } else { 460: 665: params.mask |= KADM5_CONFIG_ENCTYPE; 460: 666: params.enctype = DEFAULT_KDC_ENCTYPE; -: 667: } -: 668: -: 669: /* Get the value for mkey_from_kbd */ 935: 670: if (params_in->mask & KADM5_CONFIG_MKEY_FROM_KBD) { #####: 671: params.mask |= KADM5_CONFIG_MKEY_FROM_KBD; #####: 672: params.mkey_from_kbd = params_in->mkey_from_kbd; -: 673: } -: 674: -: 675: /* Get the value for the stashfile */ 935: 676: GET_STRING_PARAM(stash_file, KADM5_CONFIG_STASH_FILE, -: 677: KRB5_CONF_KEY_STASH_FILE, NULL); -: 678: -: 679: /* Get the value for maximum ticket lifetime. */ -: 680:#define GET_DELTAT_PARAM(FIELD, BIT, CONFTAG, DEFAULT) \ -: 681: get_deltat_param(¶ms.FIELD, params_in->FIELD, \ -: 682: ¶ms.mask, params_in->mask, BIT, \ -: 683: aprofile, hierarchy, CONFTAG, DEFAULT) -: 684: 935: 685: GET_DELTAT_PARAM(max_life, KADM5_CONFIG_MAX_LIFE, KRB5_CONF_MAX_LIFE, -: 686: 24 * 60 * 60); /* 1 day */ -: 687: -: 688: /* Get the value for maximum renewable ticket lifetime. */ 935: 689: GET_DELTAT_PARAM(max_rlife, KADM5_CONFIG_MAX_RLIFE, KRB5_CONF_MAX_RENEWABLE_LIFE, -: 690: 0); -: 691: -: 692: /* Get the value for the default principal expiration */ 935: 693: hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_EXPIRATION; 935: 694: if (params_in->mask & KADM5_CONFIG_EXPIRATION) { 196: 695: params.mask |= KADM5_CONFIG_EXPIRATION; 196: 696: params.expiration = params_in->expiration; 1478: 697: } else if (aprofile && 739: 698: !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { #####: 699: if (!krb5_string_to_timestamp(svalue, ¶ms.expiration)) { #####: 700: params.mask |= KADM5_CONFIG_EXPIRATION; #####: 701: free(svalue); -: 702: } -: 703: } else { 739: 704: params.mask |= KADM5_CONFIG_EXPIRATION; 739: 705: params.expiration = 0; -: 706: } -: 707: -: 708: /* Get the value for the default principal flags */ 935: 709: hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_FLAGS; 935: 710: if (params_in->mask & KADM5_CONFIG_FLAGS) { 196: 711: params.mask |= KADM5_CONFIG_FLAGS; 196: 712: params.flags = params_in->flags; 1478: 713: } else if (aprofile && 739: 714: !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { -: 715: char *sp, *ep, *tp; -: 716: #####: 717: sp = svalue; #####: 718: params.flags = 0; #####: 719: while (sp) { #####: 720: if ((ep = strchr(sp, (int) ',')) || -: 721: (ep = strchr(sp, (int) ' ')) || -: 722: (ep = strchr(sp, (int) '\t'))) { -: 723: /* Fill in trailing whitespace of sp */ #####: 724: tp = ep - 1; #####: 725: while (isspace((int) *tp) && (tp > sp)) { #####: 726: *tp = '\0'; #####: 727: tp--; -: 728: } #####: 729: *ep = '\0'; #####: 730: ep++; -: 731: /* Skip over trailing whitespace of ep */ #####: 732: while (isspace((int) *ep) && (*ep)) ep++; -: 733: } -: 734: /* Convert this flag */ #####: 735: if (krb5_string_to_flags(sp, -: 736: "+", -: 737: "-", -: 738: ¶ms.flags)) #####: 739: break; #####: 740: sp = ep; -: 741: } #####: 742: if (!sp) #####: 743: params.mask |= KADM5_CONFIG_FLAGS; #####: 744: free(svalue); -: 745: } else { 739: 746: params.mask |= KADM5_CONFIG_FLAGS; 739: 747: params.flags = KRB5_KDB_DEF_FLAGS; -: 748: } -: 749: -: 750: /* Get the value for the supported enctype/salttype matrix */ 935: 751: hierarchy[2] = KRB5_CONF_SUPPORTED_ENCTYPES; 935: 752: if (params_in->mask & KADM5_CONFIG_ENCTYPES) { -: 753: /* The following scenario is when the input keysalts are !NULL */ 196: 754: if(params_in->keysalts) { 196: 755: params.keysalts = copy_key_salt_tuple(params_in->keysalts, -: 756: params_in->num_keysalts); 196: 757: if(params.keysalts) { 196: 758: params.mask |= KADM5_CONFIG_ENCTYPES; 196: 759: params.num_keysalts = params_in->num_keysalts; -: 760: } -: 761: } else { #####: 762: params.mask |= KADM5_CONFIG_ENCTYPES; #####: 763: params.keysalts = 0; #####: 764: params.num_keysalts = params_in->num_keysalts; -: 765: } -: 766: } else { 739: 767: svalue = NULL; 739: 768: if (aprofile) 739: 769: krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue); 739: 770: if (svalue == NULL) 463: 771: svalue = strdup(KRB5_DEFAULT_SUPPORTED_ENCTYPES); -: 772: 739: 773: params.keysalts = NULL; 739: 774: params.num_keysalts = 0; 739: 775: krb5_string_to_keysalts(svalue, -: 776: ", \t",/* Tuple separators */ -: 777: ":.-", /* Key/salt separators */ -: 778: 0, /* No duplicates */ -: 779: ¶ms.keysalts, -: 780: ¶ms.num_keysalts); 739: 781: if (params.num_keysalts) 739: 782: params.mask |= KADM5_CONFIG_ENCTYPES; -: 783: 739: 784: free(svalue); -: 785: } -: 786: 935: 787: hierarchy[2] = KRB5_CONF_IPROP_ENABLE; -: 788: 935: 789: params.iprop_enabled = FALSE; 935: 790: params.mask |= KADM5_CONFIG_IPROP_ENABLED; -: 791: 935: 792: if (params_in->mask & KADM5_CONFIG_IPROP_ENABLED) { 196: 793: params.mask |= KADM5_CONFIG_IPROP_ENABLED; 196: 794: params.iprop_enabled = params_in->iprop_enabled; -: 795: } else { -: 796: krb5_boolean bvalue; 1478: 797: if (aprofile && 739: 798: !krb5_aprof_get_boolean(aprofile, hierarchy, TRUE, &bvalue)) { #####: 799: params.iprop_enabled = bvalue; #####: 800: params.mask |= KADM5_CONFIG_IPROP_ENABLED; -: 801: } -: 802: } -: 803: 935: 804: if (!GET_STRING_PARAM(iprop_logfile, KADM5_CONFIG_IPROP_LOGFILE, -: 805: KRB5_CONF_IPROP_LOGFILE, NULL)) { 739: 806: if (params.mask & KADM5_CONFIG_DBNAME) { 739: 807: if (asprintf(¶ms.iprop_logfile, "%s.ulog", params.dbname) >= 0) { 739: 808: params.mask |= KADM5_CONFIG_IPROP_LOGFILE; -: 809: } -: 810: } -: 811: } -: 812: 935: 813: GET_PORT_PARAM(iprop_port, KADM5_CONFIG_IPROP_PORT, -: 814: KRB5_CONF_IPROP_PORT, 0); -: 815: 935: 816: hierarchy[2] = KRB5_CONF_IPROP_MASTER_ULOGSIZE; -: 817: 935: 818: params.iprop_ulogsize = DEF_ULOGENTRIES; 935: 819: params.mask |= KADM5_CONFIG_ULOG_SIZE; -: 820: 935: 821: if (params_in->mask & KADM5_CONFIG_ULOG_SIZE) { 196: 822: params.mask |= KADM5_CONFIG_ULOG_SIZE; 196: 823: params.iprop_ulogsize = params_in->iprop_ulogsize; -: 824: } else { 739: 825: if (aprofile && !krb5_aprof_get_int32(aprofile, hierarchy, -: 826: TRUE, &ivalue)) { #####: 827: if (ivalue > MAX_ULOGENTRIES) #####: 828: params.iprop_ulogsize = MAX_ULOGENTRIES; #####: 829: else if (ivalue <= 0) #####: 830: params.iprop_ulogsize = DEF_ULOGENTRIES; -: 831: else #####: 832: params.iprop_ulogsize = ivalue; #####: 833: params.mask |= KADM5_CONFIG_ULOG_SIZE; -: 834: } -: 835: } -: 836: 935: 837: GET_DELTAT_PARAM(iprop_poll_time, KADM5_CONFIG_POLL_TIME, -: 838: KRB5_CONF_IPROP_SLAVE_POLL, 2 * 60); /* 2m */ -: 839: 935: 840: *params_out = params; -: 841: -: 842:cleanup: 935: 843: if (aprofile) 935: 844: krb5_aprof_finish(aprofile); 935: 845: if (kret) { #####: 846: kadm5_free_config_params(context, ¶ms); #####: 847: params_out->mask = 0; -: 848: } 935: 849: return(kret); -: 850:} -: 851:/* -: 852: * kadm5_free_config_params() - Free data allocated by above. -: 853: */ -: 854:krb5_error_code 876: 855:kadm5_free_config_params(context, params) -: 856: krb5_context context; -: 857: kadm5_config_params *params; -: 858:{ 876: 859: if (params) { 876: 860: free(params->dbname); 876: 861: free(params->mkey_name); 876: 862: free(params->stash_file); 876: 863: free(params->keysalts); 876: 864: free(params->admin_server); 876: 865: free(params->admin_keytab); 876: 866: free(params->dict_file); 876: 867: free(params->acl_file); 876: 868: free(params->realm); 876: 869: free(params->iprop_logfile); -: 870: } 876: 871: return(0); -: 872:} -: 873: -: 874:krb5_error_code 6: 875:kadm5_get_admin_service_name(krb5_context ctx, -: 876: char *realm_in, -: 877: char *admin_name, -: 878: size_t maxlen) -: 879:{ -: 880: krb5_error_code ret; -: 881: kadm5_config_params params_in, params_out; 6: 882: struct addrinfo hint, *ai = NULL; -: 883: int err; -: 884: 6: 885: memset(¶ms_in, 0, sizeof(params_in)); 6: 886: memset(¶ms_out, 0, sizeof(params_out)); -: 887: 6: 888: params_in.mask |= KADM5_CONFIG_REALM; 6: 889: params_in.realm = realm_in; 6: 890: ret = kadm5_get_config_params(ctx, 0, ¶ms_in, ¶ms_out); 6: 891: if (ret) #####: 892: return ret; -: 893: 6: 894: if (!(params_out.mask & KADM5_CONFIG_ADMIN_SERVER)) { #####: 895: ret = KADM5_MISSING_KRB5_CONF_PARAMS; #####: 896: goto err_params; -: 897: } -: 898: 6: 899: memset(&hint, 0, sizeof(hint)); 6: 900: hint.ai_flags = AI_CANONNAME | AI_ADDRCONFIG; 6: 901: err = getaddrinfo(params_out.admin_server, NULL, &hint, &ai); 6: 902: if (err != 0) { #####: 903: ret = KADM5_CANT_RESOLVE; #####: 904: krb5_set_error_message(ctx, ret, #####: 905: _("Cannot resolve address of admin server " -: 906: "\"%s\" for realm \"%s\""), -: 907: params_out.admin_server, realm_in); #####: 908: goto err_params; -: 909: } 6: 910: if (strlen(ai->ai_canonname) + sizeof("kadmin/") > maxlen) { #####: 911: ret = ENOMEM; #####: 912: goto err_params; -: 913: } 6: 914: snprintf(admin_name, maxlen, "kadmin/%s", ai->ai_canonname); -: 915: -: 916:err_params: 6: 917: if (ai != NULL) 6: 918: freeaddrinfo(ai); 6: 919: kadm5_free_config_params(ctx, ¶ms_out); 6: 920: return ret; -: 921:} -: 922: -: 923:/*********************************************************************** -: 924: * This is the old krb5_realm_read_params, which I mutated into -: 925: * kadm5_get_config_params but which old KDC code still uses. -: 926: ***********************************************************************/ -: 927: -: 928:/* -: 929: * krb5_read_realm_params() - Read per-realm parameters from KDC -: 930: * alternate profile. -: 931: */ -: 932:krb5_error_code 101: 933:krb5_read_realm_params(kcontext, realm, rparamp) -: 934: krb5_context kcontext; -: 935: char *realm; -: 936: krb5_realm_params **rparamp; -: 937:{ -: 938: char *filename; -: 939: char *envname; -: 940: char *lrealm; 101: 941: krb5_pointer aprofile = 0; -: 942: krb5_realm_params *rparams; -: 943: const char *hierarchy[4]; -: 944: char *svalue; -: 945: krb5_int32 ivalue; -: 946: krb5_boolean bvalue; -: 947: krb5_deltat dtvalue; -: 948: 101: 949: char *kdcprofile = 0; 101: 950: char *kdcenv = 0; 101: 951: char *no_refrls = 0; 101: 952: char *host_based_srvcs = 0; -: 953: -: 954: -: 955: -: 956: krb5_error_code kret; -: 957: 101: 958: filename = (kdcprofile) ? kdcprofile : DEFAULT_KDC_PROFILE; 101: 959: envname = (kdcenv) ? kdcenv : KDC_PROFILE_ENV; -: 960: 101: 961: if (kcontext->profile_secure == TRUE) envname = 0; -: 962: 101: 963: rparams = (krb5_realm_params *) NULL; 101: 964: if (realm) 101: 965: lrealm = strdup(realm); -: 966: else { #####: 967: kret = krb5_get_default_realm(kcontext, &lrealm); #####: 968: if (kret) #####: 969: goto cleanup; -: 970: } -: 971: 101: 972: kret = krb5_aprof_init(filename, envname, &aprofile); 101: 973: if (kret) #####: 974: goto cleanup; -: 975: 101: 976: rparams = (krb5_realm_params *) malloc(sizeof(krb5_realm_params)); 101: 977: if (rparams == 0) { #####: 978: kret = ENOMEM; #####: 979: goto cleanup; -: 980: } -: 981: -: 982: /* Initialize realm parameters */ 101: 983: memset(rparams, 0, sizeof(krb5_realm_params)); -: 984: -: 985: /* Set up the hierarchy so we can query multiple realm variables. */ 101: 986: hierarchy[0] = KRB5_CONF_REALMS; 101: 987: hierarchy[1] = lrealm; 101: 988: hierarchy[3] = (char *) NULL; -: 989: -: 990: /* Get the value for the KDC port list */ 101: 991: hierarchy[2] = KRB5_CONF_KDC_PORTS; 101: 992: if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) 101: 993: rparams->realm_kdc_ports = svalue; 101: 994: hierarchy[2] = KRB5_CONF_KDC_TCP_PORTS; 101: 995: if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) 101: 996: rparams->realm_kdc_tcp_ports = svalue; -: 997: -: 998: /* Get the name of the acl file */ 101: 999: hierarchy[2] = KRB5_CONF_ACL_FILE; 101: 1000: if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) 101: 1001: rparams->realm_acl_file = svalue; -: 1002: -: 1003: /* Get the value for the kadmind port */ 101: 1004: hierarchy[2] = KRB5_CONF_KADMIND_PORT; 101: 1005: if (!krb5_aprof_get_int32(aprofile, hierarchy, TRUE, &ivalue)) { 101: 1006: rparams->realm_kadmind_port = ivalue; 101: 1007: rparams->realm_kadmind_port_valid = 1; -: 1008: } -: 1009: -: 1010: /* Get the value for the master key name */ 101: 1011: hierarchy[2] = KRB5_CONF_MASTER_KEY_NAME; 101: 1012: if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) #####: 1013: rparams->realm_mkey_name = svalue; -: 1014: -: 1015: /* Get the value for the master key type */ 101: 1016: hierarchy[2] = KRB5_CONF_MASTER_KEY_TYPE; 101: 1017: if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { 32: 1018: if (!krb5_string_to_enctype(svalue, &rparams->realm_enctype)) 32: 1019: rparams->realm_enctype_valid = 1; 32: 1020: free(svalue); -: 1021: } -: 1022: -: 1023: /* Get the value for the stashfile */ 101: 1024: hierarchy[2] = KRB5_CONF_KEY_STASH_FILE; 101: 1025: if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) 101: 1026: rparams->realm_stash_file = svalue; -: 1027: -: 1028: /* Get the value for maximum ticket lifetime. */ 101: 1029: hierarchy[2] = KRB5_CONF_MAX_LIFE; 101: 1030: if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) { #####: 1031: rparams->realm_max_life = dtvalue; #####: 1032: rparams->realm_max_life_valid = 1; -: 1033: } -: 1034: -: 1035: /* Get the value for maximum renewable ticket lifetime. */ 101: 1036: hierarchy[2] = KRB5_CONF_MAX_RENEWABLE_LIFE; 101: 1037: if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) { #####: 1038: rparams->realm_max_rlife = dtvalue; #####: 1039: rparams->realm_max_rlife_valid = 1; -: 1040: } -: 1041: -: 1042: /* Get the value for the default principal expiration */ 101: 1043: hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_EXPIRATION; 101: 1044: if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { #####: 1045: if (!krb5_string_to_timestamp(svalue, -: 1046: &rparams->realm_expiration)) #####: 1047: rparams->realm_expiration_valid = 1; #####: 1048: free(svalue); -: 1049: } -: 1050: 101: 1051: hierarchy[2] = KRB5_CONF_REJECT_BAD_TRANSIT; 101: 1052: if (!krb5_aprof_get_boolean(aprofile, hierarchy, TRUE, &bvalue)) { #####: 1053: rparams->realm_reject_bad_transit = bvalue; #####: 1054: rparams->realm_reject_bad_transit_valid = 1; -: 1055: } -: 1056: 101: 1057: hierarchy[2] = KRB5_CONF_RESTRICT_ANONYMOUS_TO_TGT; 101: 1058: if (!krb5_aprof_get_boolean(aprofile, hierarchy, TRUE, &bvalue)) { 1: 1059: rparams->realm_restrict_anon = bvalue; 1: 1060: rparams->realm_restrict_anon_valid = 1; -: 1061: } -: 1062: 101: 1063: hierarchy[2] = KRB5_CONF_NO_HOST_REFERRAL; 101: 1064: if (!krb5_aprof_get_string_all(aprofile, hierarchy, &no_refrls)) #####: 1065: rparams->realm_no_host_referral = no_refrls; -: 1066: else 101: 1067: no_refrls = 0; -: 1068: 101: 1069: if (!no_refrls || krb5_match_config_pattern(no_refrls, KRB5_CONF_ASTERISK) == FALSE) { 101: 1070: hierarchy[2] = KRB5_CONF_HOST_BASED_SERVICES; 101: 1071: if (!krb5_aprof_get_string_all(aprofile, hierarchy, &host_based_srvcs)) #####: 1072: rparams->realm_host_based_services = host_based_srvcs; -: 1073: else 101: 1074: host_based_srvcs = 0; -: 1075: } -: 1076: -: 1077: /* Get the value for the default principal flags */ 101: 1078: hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_FLAGS; 101: 1079: if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { -: 1080: char *sp, *ep, *tp; -: 1081: #####: 1082: sp = svalue; #####: 1083: rparams->realm_flags = 0; #####: 1084: while (sp) { #####: 1085: if ((ep = strchr(sp, (int) ',')) || -: 1086: (ep = strchr(sp, (int) ' ')) || -: 1087: (ep = strchr(sp, (int) '\t'))) { -: 1088: /* Fill in trailing whitespace of sp */ #####: 1089: tp = ep - 1; #####: 1090: while (isspace((int) *tp) && (tp < sp)) { #####: 1091: *tp = '\0'; #####: 1092: tp--; -: 1093: } #####: 1094: *ep = '\0'; #####: 1095: ep++; -: 1096: /* Skip over trailing whitespace of ep */ #####: 1097: while (isspace((int) *ep) && (*ep)) ep++; -: 1098: } -: 1099: /* Convert this flag */ #####: 1100: if (krb5_string_to_flags(sp, -: 1101: "+", -: 1102: "-", -: 1103: &rparams->realm_flags)) #####: 1104: break; #####: 1105: sp = ep; -: 1106: } #####: 1107: if (!sp) #####: 1108: rparams->realm_flags_valid = 1; #####: 1109: free(svalue); -: 1110: } -: 1111: 101: 1112: rparams->realm_keysalts = NULL; 101: 1113: rparams->realm_num_keysalts = 0; -: 1114: -: 1115:cleanup: 101: 1116: if (aprofile) 101: 1117: krb5_aprof_finish(aprofile); 101: 1118: free(lrealm); 101: 1119: if (kret) { #####: 1120: if (rparams) #####: 1121: krb5_free_realm_params(kcontext, rparams); #####: 1122: rparams = 0; -: 1123: } 101: 1124: *rparamp = rparams; 101: 1125: return(kret); -: 1126:} -: 1127: -: 1128:/* -: 1129: * krb5_free_realm_params() - Free data allocated by above. -: 1130: */ -: 1131:krb5_error_code 101: 1132:krb5_free_realm_params(kcontext, rparams) -: 1133: krb5_context kcontext; -: 1134: krb5_realm_params *rparams; -: 1135:{ 101: 1136: if (rparams) { 101: 1137: free(rparams->realm_profile); 101: 1138: free(rparams->realm_mkey_name); 101: 1139: free(rparams->realm_stash_file); 101: 1140: free(rparams->realm_keysalts); 101: 1141: free(rparams->realm_kdc_ports); 101: 1142: free(rparams->realm_kdc_tcp_ports); 101: 1143: free(rparams->realm_acl_file); 101: 1144: free(rparams->realm_no_host_referral); 101: 1145: free(rparams->realm_host_based_services); 101: 1146: free(rparams); -: 1147: } 101: 1148: return(0); -: 1149:} -: 1150:/* -: 1151: * match_config_pattern - -: 1152: * returns TRUE is the pattern is found in the attr's list of values. -: 1153: * Otherwise - FALSE. -: 1154: * In conf file the values are separates by commas or whitespaces. -: 1155: */ -: 1156:krb5_boolean #####: 1157:krb5_match_config_pattern(const char *string, const char *pattern) -: 1158:{ -: 1159: const char *ptr; #####: 1160: char next = '\0'; #####: 1161: int len = strlen(pattern); -: 1162: #####: 1163: for (ptr = strstr(string,pattern); ptr != 0; ptr = strstr(ptr+len,pattern)) { #####: 1164: if (ptr == string #####: 1165: || isspace((unsigned char)*(ptr-1)) #####: 1166: || *(ptr-1) ==',') { #####: 1167: next = *(ptr + len); #####: 1168: if (next == '\0' || isspace((unsigned char)next) || next ==',') { #####: 1169: return TRUE; -: 1170: } -: 1171: } -: 1172: } #####: 1173: return FALSE; -: 1174:}