-: 0:Source:pkinit_profile.c -: 0:Graph:/var/tsitkova/Sources/v10/trunk/src/plugins/preauth/pkinit/pkinit_profile.so.gcno -: 0:Data:/var/tsitkova/Sources/v10/trunk/src/plugins/preauth/pkinit/pkinit_profile.so.gcda -: 0:Runs:291 -: 0:Programs:1 -: 1:/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -: 2:/* -: 3: * COPYRIGHT (C) 2006,2007 -: 4: * THE REGENTS OF THE UNIVERSITY OF MICHIGAN -: 5: * ALL RIGHTS RESERVED -: 6: * -: 7: * Permission is granted to use, copy, create derivative works -: 8: * and redistribute this software and such derivative works -: 9: * for any purpose, so long as the name of The University of -: 10: * Michigan is not used in any advertising or publicity -: 11: * pertaining to the use of distribution of this software -: 12: * without specific, written prior authorization. If the -: 13: * above copyright notice or any other identification of the -: 14: * University of Michigan is included in any copy of any -: 15: * portion of this software, then the disclaimer below must -: 16: * also be included. -: 17: * -: 18: * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION -: 19: * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY -: 20: * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF -: 21: * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING -: 22: * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF -: 23: * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE -: 24: * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE -: 25: * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR -: 26: * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING -: 27: * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN -: 28: * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF -: 29: * SUCH DAMAGES. -: 30: */ -: 31: -: 32:#include -: 33:#include -: 34:#include -: 35:#include -: 36: -: 37:#include "k5-int.h" -: 38:#include "pkinit.h" -: 39: -: 40:/* -: 41: * Routines for handling profile [config file] options -: 42: */ -: 43: -: 44:/* Forward prototypes */ -: 45:static int _krb5_conf_boolean(const char *s); -: 46: -: 47:/* -: 48: * XXX -: 49: * The following is duplicated verbatim from src/lib/krb5/krb/get_in_tkt.c, -: 50: * which is duplicated from somewhere else. :-/ -: 51: * XXX -: 52: */ -: 53:static const char *const conf_yes[] = { -: 54: "y", "yes", "true", "t", "1", "on", -: 55: 0, -: 56:}; -: 57: -: 58:static const char *const conf_no[] = { -: 59: "n", "no", "false", "nil", "0", "off", -: 60: 0, -: 61:}; -: 62: -: 63:static int #####: 64:_krb5_conf_boolean(const char *s) -: 65:{ -: 66: const char *const *p; -: 67: #####: 68: for(p=conf_yes; *p; p++) { #####: 69: if (strcasecmp(*p,s) == 0) #####: 70: return 1; -: 71: } -: 72: #####: 73: for(p=conf_no; *p; p++) { #####: 74: if (strcasecmp(*p,s) == 0) #####: 75: return 0; -: 76: } -: 77: -: 78: /* Default to "no" */ #####: 79: return 0; -: 80:} -: 81: -: 82:/* -: 83: * XXX -: 84: * End duplicated code from src/lib/krb5/krb/get_in_tkt.c -: 85: * XXX -: 86: */ -: 87: -: 88:/* -: 89: * The following are based on krb5_libdefault_* functions in -: 90: * src/lib/krb5/krb/get_in_tkt.c -: 91: * N.B. This assumes that context->default_realm has -: 92: * already been established. -: 93: */ -: 94:krb5_error_code 116: 95:pkinit_kdcdefault_strings(krb5_context context, const char *realmname, -: 96: const char *option, char ***ret_value) -: 97:{ 116: 98: profile_t profile = NULL; -: 99: const char *names[5]; 116: 100: char **values = NULL; -: 101: krb5_error_code retval; -: 102: 116: 103: if (context == NULL) #####: 104: return KV5M_CONTEXT; -: 105: 116: 106: profile = context->profile; -: 107: 116: 108: if (realmname != NULL) { -: 109: /* -: 110: * Try number one: -: 111: * -: 112: * [realms] -: 113: * REALM = { -: 114: * option = -: 115: * } -: 116: */ -: 117: 116: 118: names[0] = KRB5_CONF_REALMS; 116: 119: names[1] = realmname; 116: 120: names[2] = option; 116: 121: names[3] = 0; 116: 122: retval = profile_get_values(profile, names, &values); 116: 123: if (retval == 0 && values != NULL) 4: 124: goto goodbye; -: 125: } -: 126: -: 127: /* -: 128: * Try number two: -: 129: * -: 130: * [kdcdefaults] -: 131: * option = -: 132: */ -: 133: 112: 134: names[0] = KRB5_CONF_KDCDEFAULTS; 112: 135: names[1] = option; 112: 136: names[2] = 0; 112: 137: retval = profile_get_values(profile, names, &values); 112: 138: if (retval == 0 && values != NULL) -: 139: goto goodbye; -: 140: -: 141:goodbye: 116: 142: if (values == NULL) 112: 143: retval = ENOENT; -: 144: 116: 145: *ret_value = values; -: 146: 116: 147: return retval; -: 148: -: 149:} -: 150: -: 151:krb5_error_code 110: 152:pkinit_kdcdefault_string(krb5_context context, const char *realmname, -: 153: const char *option, char **ret_value) -: 154:{ -: 155: krb5_error_code retval; 110: 156: char **values = NULL; -: 157: 110: 158: retval = pkinit_kdcdefault_strings(context, realmname, option, &values); 110: 159: if (retval) 108: 160: return retval; -: 161: 2: 162: if (values[0] == NULL) { #####: 163: retval = ENOENT; -: 164: } else { 2: 165: *ret_value = strdup(values[0]); 2: 166: if (*ret_value == NULL) #####: 167: retval = ENOMEM; -: 168: } -: 169: 2: 170: profile_free_list(values); 2: 171: return retval; -: 172:} -: 173: -: 174:krb5_error_code 4: 175:pkinit_kdcdefault_boolean(krb5_context context, const char *realmname, -: 176: const char *option, int default_value, int *ret_value) -: 177:{ 4: 178: char *string = NULL; -: 179: krb5_error_code retval; -: 180: 4: 181: retval = pkinit_kdcdefault_string(context, realmname, option, &string); -: 182: 4: 183: if (retval == 0) { #####: 184: *ret_value = _krb5_conf_boolean(string); #####: 185: free(string); -: 186: } else 4: 187: *ret_value = default_value; -: 188: 4: 189: return 0; -: 190:} -: 191: -: 192:krb5_error_code 2: 193:pkinit_kdcdefault_integer(krb5_context context, const char *realmname, -: 194: const char *option, int default_value, int *ret_value) -: 195:{ 2: 196: char *string = NULL; -: 197: krb5_error_code retval; -: 198: 2: 199: retval = pkinit_kdcdefault_string(context, realmname, option, &string); -: 200: 2: 201: if (retval == 0) { -: 202: char *endptr; -: 203: long l; #####: 204: l = strtol(string, &endptr, 0); #####: 205: if (endptr == string) #####: 206: *ret_value = default_value; -: 207: else #####: 208: *ret_value = l; #####: 209: free(string); -: 210: } else 2: 211: *ret_value = default_value; -: 212: 2: 213: return 0; -: 214:} -: 215: -: 216: -: 217:/* -: 218: * krb5_libdefault_string() is defined as static in -: 219: * src/lib/krb5/krb/get_in_tkt.c. Create local versions of -: 220: * krb5_libdefault_* functions here. We need a libdefaults_strings() -: 221: * function which is not currently supported there anyway. Also, -: 222: * add the ability to supply a default value for the boolean and -: 223: * integer functions. -: 224: */ -: 225: -: 226:krb5_error_code 22: 227:pkinit_libdefault_strings(krb5_context context, const krb5_data *realm, -: 228: const char *option, char ***ret_value) -: 229:{ -: 230: profile_t profile; -: 231: const char *names[5]; 22: 232: char **values = NULL; -: 233: krb5_error_code retval; -: 234: char realmstr[1024]; -: 235: 22: 236: if (realm != NULL && realm->length > sizeof(realmstr)-1) #####: 237: return EINVAL; -: 238: 22: 239: if (realm != NULL) { 22: 240: strncpy(realmstr, realm->data, realm->length); 22: 241: realmstr[realm->length] = '\0'; -: 242: } -: 243: 22: 244: if (!context || (context->magic != KV5M_CONTEXT)) #####: 245: return KV5M_CONTEXT; -: 246: 22: 247: profile = context->profile; -: 248: -: 249: 22: 250: if (realm != NULL) { -: 251: /* -: 252: * Try number one: -: 253: * -: 254: * [libdefaults] -: 255: * REALM = { -: 256: * option = -: 257: * } -: 258: */ -: 259: 22: 260: names[0] = KRB5_CONF_LIBDEFAULTS; 22: 261: names[1] = realmstr; 22: 262: names[2] = option; 22: 263: names[3] = 0; 22: 264: retval = profile_get_values(profile, names, &values); 22: 265: if (retval == 0 && values != NULL && values[0] != NULL) #####: 266: goto goodbye; -: 267: -: 268: /* -: 269: * Try number two: -: 270: * -: 271: * [realms] -: 272: * REALM = { -: 273: * option = -: 274: * } -: 275: */ -: 276: 22: 277: names[0] = KRB5_CONF_REALMS; 22: 278: names[1] = realmstr; 22: 279: names[2] = option; 22: 280: names[3] = 0; 22: 281: retval = profile_get_values(profile, names, &values); 22: 282: if (retval == 0 && values != NULL && values[0] != NULL) 2: 283: goto goodbye; -: 284: } -: 285: -: 286: /* -: 287: * Try number three: -: 288: * -: 289: * [libdefaults] -: 290: * option = -: 291: */ -: 292: 20: 293: names[0] = KRB5_CONF_LIBDEFAULTS; 20: 294: names[1] = option; 20: 295: names[2] = 0; 20: 296: retval = profile_get_values(profile, names, &values); 20: 297: if (retval == 0 && values != NULL && values[0] != NULL) -: 298: goto goodbye; -: 299: -: 300:goodbye: 22: 301: if (values == NULL) 20: 302: return ENOENT; -: 303: 2: 304: *ret_value = values; -: 305: 2: 306: return retval; -: 307:} -: 308: -: 309:krb5_error_code 12: 310:pkinit_libdefault_string(krb5_context context, const krb5_data *realm, -: 311: const char *option, char **ret_value) -: 312:{ -: 313: krb5_error_code retval; 12: 314: char **values = NULL; -: 315: 12: 316: retval = pkinit_libdefault_strings(context, realm, option, &values); 12: 317: if (retval) 12: 318: return retval; -: 319: #####: 320: if (values[0] == NULL) { #####: 321: retval = ENOENT; -: 322: } else { #####: 323: *ret_value = strdup(values[0]); #####: 324: if (*ret_value == NULL) #####: 325: retval = ENOMEM; -: 326: } -: 327: #####: 328: profile_free_list(values); #####: 329: return retval; -: 330:} -: 331: -: 332:krb5_error_code 8: 333:pkinit_libdefault_boolean(krb5_context context, const krb5_data *realm, -: 334: const char *option, int default_value, -: 335: int *ret_value) -: 336:{ 8: 337: char *string = NULL; -: 338: krb5_error_code retval; -: 339: 8: 340: retval = pkinit_libdefault_string(context, realm, option, &string); -: 341: 8: 342: if (retval == 0) { #####: 343: *ret_value = _krb5_conf_boolean(string); #####: 344: free(string); -: 345: } else 8: 346: *ret_value = default_value; -: 347: 8: 348: return 0; -: 349:} -: 350: -: 351:krb5_error_code 2: 352:pkinit_libdefault_integer(krb5_context context, const krb5_data *realm, -: 353: const char *option, int default_value, -: 354: int *ret_value) -: 355:{ 2: 356: char *string = NULL; -: 357: krb5_error_code retval; -: 358: 2: 359: retval = pkinit_libdefault_string(context, realm, option, &string); -: 360: 2: 361: if (retval == 0) { -: 362: char *endptr; -: 363: long l; #####: 364: l = strtol(string, &endptr, 0); #####: 365: if (endptr == string) #####: 366: *ret_value = default_value; -: 367: else #####: 368: *ret_value = l; #####: 369: free(string); -: 370: } -: 371: 2: 372: return retval; -: 373:}