2 * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * @page krb5_principal_intro The principal handing functions.
37 * A Kerberos principal is a email address looking string that
38 * contains to parts separeted by a @. The later part is the kerbero
39 * realm the principal belongs to and the former is a list of 0 or
40 * more components. For example
43 host/hummel.it.su.se@SU.SE
47 * See the library functions here: @ref krb5_principal
50 #include "krb5_locl.h"
51 #ifdef HAVE_RES_SEARCH
54 #ifdef HAVE_ARPA_NAMESER_H
55 #include <arpa/nameser.h>
62 #define princ_num_comp(P) ((P)->name.name_string.len)
63 #define princ_type(P) ((P)->name.name_type)
64 #define princ_comp(P) ((P)->name.name_string.val)
65 #define princ_ncomp(P, N) ((P)->name.name_string.val[(N)])
66 #define princ_realm(P) ((P)->realm)
69 * Frees a Kerberos principal allocated by the library with
70 * krb5_parse_name(), krb5_make_principal() or any other related
71 * principal functions.
73 * @param context A Kerberos context.
74 * @param p a principal to free.
76 * @return An krb5 error code, see krb5_get_error_message().
78 * @ingroup krb5_principal
81 void KRB5_LIB_FUNCTION
82 krb5_free_principal(krb5_context context,
92 * Set the type of the principal
94 * @param context A Kerberos context.
95 * @param principal principal to set the type for
96 * @param type the new type
98 * @return An krb5 error code, see krb5_get_error_message().
100 * @ingroup krb5_principal
103 void KRB5_LIB_FUNCTION
104 krb5_principal_set_type(krb5_context context,
105 krb5_principal principal,
108 princ_type(principal) = type;
111 int KRB5_LIB_FUNCTION
112 krb5_principal_get_type(krb5_context context,
113 krb5_const_principal principal)
115 return princ_type(principal);
118 const char* KRB5_LIB_FUNCTION
119 krb5_principal_get_realm(krb5_context context,
120 krb5_const_principal principal)
122 return princ_realm(principal);
125 const char* KRB5_LIB_FUNCTION
126 krb5_principal_get_comp_string(krb5_context context,
127 krb5_const_principal principal,
128 unsigned int component)
130 if(component >= princ_num_comp(principal))
132 return princ_ncomp(principal, component);
136 * Get number of component is principal.
138 * @param context Kerberos 5 context
139 * @param principal principal to query
141 * @return number of components in string
143 * @ingroup krb5_principal
146 unsigned int KRB5_LIB_FUNCTION
147 krb5_principal_get_num_comp(krb5_context context,
148 krb5_const_principal principal)
150 return princ_num_comp(principal);
153 krb5_error_code KRB5_LIB_FUNCTION
154 krb5_parse_name_flags(krb5_context context,
157 krb5_principal *principal)
160 heim_general_string *comp;
161 heim_general_string realm = NULL;
173 int enterprise = (flags & KRB5_PRINCIPAL_PARSE_ENTERPRISE);
177 #define RFLAGS (KRB5_PRINCIPAL_PARSE_NO_REALM|KRB5_PRINCIPAL_PARSE_REQUIRE_REALM)
179 if ((flags & RFLAGS) == RFLAGS) {
180 krb5_set_error_message(context, KRB5_ERR_NO_SERVICE,
181 N_("Can't require both realm and "
182 "no realm at the same time", ""));
183 return KRB5_ERR_NO_SERVICE;
187 /* count number of component,
188 * enterprise names only have one component
192 for(p = name; *p; p++){
195 krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
196 N_("trailing \\ in principal name", ""));
197 return KRB5_PARSE_MALFORMED;
206 comp = calloc(ncomp, sizeof(*comp));
208 krb5_set_error_message(context, ENOMEM,
209 N_("malloc: out of memory", ""));
214 p = start = q = s = strdup(name);
217 krb5_set_error_message(context, ENOMEM,
218 N_("malloc: out of memory", ""));
234 ret = KRB5_PARSE_MALFORMED;
235 krb5_set_error_message(context, ret,
236 N_("trailing \\ in principal name", ""));
239 }else if(enterprise && first_at) {
242 }else if((c == '/' && !enterprise) || c == '@'){
244 ret = KRB5_PARSE_MALFORMED;
245 krb5_set_error_message(context, ret,
246 N_("part after realm in principal name", ""));
249 comp[n] = malloc(q - start + 1);
250 if (comp[n] == NULL) {
252 krb5_set_error_message(context, ret,
253 N_("malloc: out of memory", ""));
256 memcpy(comp[n], start, q - start);
257 comp[n][q - start] = 0;
265 if(got_realm && (c == '/' || c == '\0')) {
266 ret = KRB5_PARSE_MALFORMED;
267 krb5_set_error_message(context, ret,
268 N_("part after realm in principal name", ""));
274 if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) {
275 ret = KRB5_PARSE_MALFORMED;
276 krb5_set_error_message(context, ret,
277 N_("realm found in 'short' principal "
278 "expected to be without one", ""));
281 realm = malloc(q - start + 1);
284 krb5_set_error_message(context, ret,
285 N_("malloc: out of memory", ""));
288 memcpy(realm, start, q - start);
289 realm[q - start] = 0;
291 if (flags & KRB5_PRINCIPAL_PARSE_REQUIRE_REALM) {
292 ret = KRB5_PARSE_MALFORMED;
293 krb5_set_error_message(context, ret,
294 N_("realm NOT found in principal "
295 "expected to be with one", ""));
297 } else if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) {
300 ret = krb5_get_default_realm (context, &realm);
305 comp[n] = malloc(q - start + 1);
306 if (comp[n] == NULL) {
308 krb5_set_error_message(context, ret,
309 N_("malloc: out of memory", ""));
312 memcpy(comp[n], start, q - start);
313 comp[n][q - start] = 0;
316 *principal = malloc(sizeof(**principal));
317 if (*principal == NULL) {
319 krb5_set_error_message(context, ret,
320 N_("malloc: out of memory", ""));
324 (*principal)->name.name_type = KRB5_NT_ENTERPRISE_PRINCIPAL;
326 (*principal)->name.name_type = KRB5_NT_PRINCIPAL;
327 (*principal)->name.name_string.val = comp;
328 princ_num_comp(*principal) = n;
329 (*principal)->realm = realm;
342 krb5_error_code KRB5_LIB_FUNCTION
343 krb5_parse_name(krb5_context context,
345 krb5_principal *principal)
347 return krb5_parse_name_flags(context, name, 0, principal);
350 static const char quotable_chars[] = " \n\t\b\\/@";
351 static const char replace_chars[] = " ntb\\/@";
352 static const char nq_chars[] = " \\/@";
354 #define add_char(BASE, INDEX, LEN, C) do { if((INDEX) < (LEN)) (BASE)[(INDEX)++] = (C); }while(0);
357 quote_string(const char *s, char *out, size_t idx, size_t len, int display)
360 for(p = s; *p && idx < len; p++){
361 q = strchr(quotable_chars, *p);
363 add_char(out, idx, len, replace_chars[q - quotable_chars]);
365 add_char(out, idx, len, '\\');
366 add_char(out, idx, len, replace_chars[q - quotable_chars]);
368 add_char(out, idx, len, *p);
376 static krb5_error_code
377 unparse_name_fixed(krb5_context context,
378 krb5_const_principal principal,
385 int short_form = (flags & KRB5_PRINCIPAL_UNPARSE_SHORT) != 0;
386 int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) != 0;
387 int display = (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) != 0;
389 if (!no_realm && princ_realm(principal) == NULL) {
390 krb5_set_error_message(context, ERANGE,
391 N_("Realm missing from principal, "
392 "can't unparse", ""));
396 for(i = 0; i < princ_num_comp(principal); i++){
398 add_char(name, idx, len, '/');
399 idx = quote_string(princ_ncomp(principal, i), name, idx, len, display);
401 krb5_set_error_message(context, ERANGE,
402 N_("Out of space printing principal", ""));
406 /* add realm if different from default realm */
407 if(short_form && !no_realm) {
410 ret = krb5_get_default_realm(context, &r);
413 if(strcmp(princ_realm(principal), r) != 0)
417 if(!short_form && !no_realm) {
418 add_char(name, idx, len, '@');
419 idx = quote_string(princ_realm(principal), name, idx, len, display);
421 krb5_set_error_message(context, ERANGE,
422 N_("Out of space printing "
423 "realm of principal", ""));
430 krb5_error_code KRB5_LIB_FUNCTION
431 krb5_unparse_name_fixed(krb5_context context,
432 krb5_const_principal principal,
436 return unparse_name_fixed(context, principal, name, len, 0);
439 krb5_error_code KRB5_LIB_FUNCTION
440 krb5_unparse_name_fixed_short(krb5_context context,
441 krb5_const_principal principal,
445 return unparse_name_fixed(context, principal, name, len,
446 KRB5_PRINCIPAL_UNPARSE_SHORT);
449 krb5_error_code KRB5_LIB_FUNCTION
450 krb5_unparse_name_fixed_flags(krb5_context context,
451 krb5_const_principal principal,
456 return unparse_name_fixed(context, principal, name, len, flags);
459 static krb5_error_code
460 unparse_name(krb5_context context,
461 krb5_const_principal principal,
465 size_t len = 0, plen;
469 if (princ_realm(principal)) {
470 plen = strlen(princ_realm(principal));
472 if(strcspn(princ_realm(principal), quotable_chars) == plen)
478 for(i = 0; i < princ_num_comp(principal); i++){
479 plen = strlen(princ_ncomp(principal, i));
480 if(strcspn(princ_ncomp(principal, i), quotable_chars) == plen)
489 krb5_set_error_message(context, ENOMEM,
490 N_("malloc: out of memory", ""));
493 ret = unparse_name_fixed(context, principal, *name, len, flags);
501 krb5_error_code KRB5_LIB_FUNCTION
502 krb5_unparse_name(krb5_context context,
503 krb5_const_principal principal,
506 return unparse_name(context, principal, name, 0);
509 krb5_error_code KRB5_LIB_FUNCTION
510 krb5_unparse_name_flags(krb5_context context,
511 krb5_const_principal principal,
515 return unparse_name(context, principal, name, flags);
518 krb5_error_code KRB5_LIB_FUNCTION
519 krb5_unparse_name_short(krb5_context context,
520 krb5_const_principal principal,
523 return unparse_name(context, principal, name, KRB5_PRINCIPAL_UNPARSE_SHORT);
526 #if 0 /* not implemented */
528 krb5_error_code KRB5_LIB_FUNCTION
529 krb5_unparse_name_ext(krb5_context context,
530 krb5_const_principal principal,
534 krb5_abortx(context, "unimplemented krb5_unparse_name_ext called");
539 krb5_realm * KRB5_LIB_FUNCTION
540 krb5_princ_realm(krb5_context context,
541 krb5_principal principal)
543 return &princ_realm(principal);
547 void KRB5_LIB_FUNCTION
548 krb5_princ_set_realm(krb5_context context,
549 krb5_principal principal,
552 princ_realm(principal) = *realm;
555 krb5_error_code KRB5_LIB_FUNCTION
556 krb5_principal_set_realm(krb5_context context,
557 krb5_principal principal,
558 krb5_const_realm realm)
560 if (princ_realm(principal))
561 free(princ_realm(principal));
563 princ_realm(principal) = strdup(realm);
564 if (princ_realm(principal) == NULL) {
565 krb5_set_error_message(context, ENOMEM,
566 N_("malloc: out of memory", ""));
573 krb5_error_code KRB5_LIB_FUNCTION
574 krb5_build_principal(krb5_context context,
575 krb5_principal *principal,
577 krb5_const_realm realm,
583 ret = krb5_build_principal_va(context, principal, rlen, realm, ap);
588 static krb5_error_code
589 append_component(krb5_context context, krb5_principal p,
593 heim_general_string *tmp;
594 size_t len = princ_num_comp(p);
596 tmp = realloc(princ_comp(p), (len + 1) * sizeof(*tmp));
598 krb5_set_error_message(context, ENOMEM,
599 N_("malloc: out of memory", ""));
603 princ_ncomp(p, len) = malloc(comp_len + 1);
604 if (princ_ncomp(p, len) == NULL) {
605 krb5_set_error_message(context, ENOMEM,
606 N_("malloc: out of memory", ""));
609 memcpy (princ_ncomp(p, len), comp, comp_len);
610 princ_ncomp(p, len)[comp_len] = '\0';
616 va_ext_princ(krb5_context context, krb5_principal p, va_list ap)
621 len = va_arg(ap, int);
624 s = va_arg(ap, const char*);
625 append_component(context, p, s, len);
630 va_princ(krb5_context context, krb5_principal p, va_list ap)
634 s = va_arg(ap, const char*);
637 append_component(context, p, s, strlen(s));
642 static krb5_error_code
643 build_principal(krb5_context context,
644 krb5_principal *principal,
646 krb5_const_realm realm,
647 void (*func)(krb5_context, krb5_principal, va_list),
652 p = calloc(1, sizeof(*p));
654 krb5_set_error_message(context, ENOMEM,
655 N_("malloc: out of memory", ""));
658 princ_type(p) = KRB5_NT_PRINCIPAL;
660 princ_realm(p) = strdup(realm);
661 if(p->realm == NULL){
663 krb5_set_error_message(context, ENOMEM,
664 N_("malloc: out of memory", ""));
668 (*func)(context, p, ap);
673 krb5_error_code KRB5_LIB_FUNCTION
674 krb5_make_principal(krb5_context context,
675 krb5_principal *principal,
676 krb5_const_realm realm,
683 ret = krb5_get_default_realm(context, &r);
689 ret = krb5_build_principal_va(context, principal, strlen(realm), realm, ap);
696 krb5_error_code KRB5_LIB_FUNCTION
697 krb5_build_principal_va(krb5_context context,
698 krb5_principal *principal,
700 krb5_const_realm realm,
703 return build_principal(context, principal, rlen, realm, va_princ, ap);
706 krb5_error_code KRB5_LIB_FUNCTION
707 krb5_build_principal_va_ext(krb5_context context,
708 krb5_principal *principal,
710 krb5_const_realm realm,
713 return build_principal(context, principal, rlen, realm, va_ext_princ, ap);
717 krb5_error_code KRB5_LIB_FUNCTION
718 krb5_build_principal_ext(krb5_context context,
719 krb5_principal *principal,
721 krb5_const_realm realm,
727 ret = krb5_build_principal_va_ext(context, principal, rlen, realm, ap);
733 krb5_error_code KRB5_LIB_FUNCTION
734 krb5_copy_principal(krb5_context context,
735 krb5_const_principal inprinc,
736 krb5_principal *outprinc)
738 krb5_principal p = malloc(sizeof(*p));
740 krb5_set_error_message(context, ENOMEM,
741 N_("malloc: out of memory", ""));
744 if(copy_Principal(inprinc, p)) {
746 krb5_set_error_message(context, ENOMEM,
747 N_("malloc: out of memory", ""));
755 * return TRUE iff princ1 == princ2 (without considering the realm)
758 krb5_boolean KRB5_LIB_FUNCTION
759 krb5_principal_compare_any_realm(krb5_context context,
760 krb5_const_principal princ1,
761 krb5_const_principal princ2)
764 if(princ_num_comp(princ1) != princ_num_comp(princ2))
766 for(i = 0; i < princ_num_comp(princ1); i++){
767 if(strcmp(princ_ncomp(princ1, i), princ_ncomp(princ2, i)) != 0)
773 krb5_boolean KRB5_LIB_FUNCTION
774 _krb5_principal_compare_PrincipalName(krb5_context context,
775 krb5_const_principal princ1,
776 PrincipalName *princ2)
779 if (princ_num_comp(princ1) != princ2->name_string.len)
781 for(i = 0; i < princ_num_comp(princ1); i++){
782 if(strcmp(princ_ncomp(princ1, i), princ2->name_string.val[i]) != 0)
790 * return TRUE iff princ1 == princ2
793 krb5_boolean KRB5_LIB_FUNCTION
794 krb5_principal_compare(krb5_context context,
795 krb5_const_principal princ1,
796 krb5_const_principal princ2)
798 if(!krb5_realm_compare(context, princ1, princ2))
800 return krb5_principal_compare_any_realm(context, princ1, princ2);
804 * return TRUE iff realm(princ1) == realm(princ2)
807 krb5_boolean KRB5_LIB_FUNCTION
808 krb5_realm_compare(krb5_context context,
809 krb5_const_principal princ1,
810 krb5_const_principal princ2)
812 return strcmp(princ_realm(princ1), princ_realm(princ2)) == 0;
816 * return TRUE iff princ matches pattern
819 krb5_boolean KRB5_LIB_FUNCTION
820 krb5_principal_match(krb5_context context,
821 krb5_const_principal princ,
822 krb5_const_principal pattern)
825 if(princ_num_comp(princ) != princ_num_comp(pattern))
827 if(fnmatch(princ_realm(pattern), princ_realm(princ), 0) != 0)
829 for(i = 0; i < princ_num_comp(princ); i++){
830 if(fnmatch(princ_ncomp(pattern, i), princ_ncomp(princ, i), 0) != 0)
837 static struct v4_name_convert {
840 } default_v4_name_convert[] = {
842 { "hprop", "hprop" },
851 * return the converted instance name of `name' in `realm'.
852 * look in the configuration file and then in the default set above.
853 * return NULL if no conversion is appropriate.
857 get_name_conversion(krb5_context context, const char *realm, const char *name)
859 struct v4_name_convert *q;
862 p = krb5_config_get_string(context, NULL, "realms", realm,
863 "v4_name_convert", "host", name, NULL);
865 p = krb5_config_get_string(context, NULL, "libdefaults",
866 "v4_name_convert", "host", name, NULL);
870 /* XXX should be possible to override default list */
871 p = krb5_config_get_string(context, NULL,
880 p = krb5_config_get_string(context, NULL,
888 for(q = default_v4_name_convert; q->from; q++)
889 if(strcmp(q->from, name) == 0)
895 * convert the v4 principal `name.instance@realm' to a v5 principal in `princ'.
896 * if `resolve', use DNS.
897 * if `func', use that function for validating the conversion
900 krb5_error_code KRB5_LIB_FUNCTION
901 krb5_425_conv_principal_ext2(krb5_context context,
903 const char *instance,
905 krb5_boolean (*func)(krb5_context,
906 void *, krb5_principal),
908 krb5_boolean resolve,
909 krb5_principal *princ)
914 char host[MAXHOSTNAMELEN];
915 char local_hostname[MAXHOSTNAMELEN];
917 /* do the following: if the name is found in the
918 `v4_name_convert:host' part, is assumed to be a `host' type
919 principal, and the instance is looked up in the
920 `v4_instance_convert' part. if not found there the name is
921 (optionally) looked up as a hostname, and if that doesn't yield
922 anything, the `default_domain' is appended to the instance
927 if(instance[0] == 0){
931 p = get_name_conversion(context, realm, name);
935 p = krb5_config_get_string(context, NULL, "realms", realm,
936 "v4_instance_convert", instance, NULL);
939 ret = krb5_make_principal(context, &pr, realm, name, instance, NULL);
942 if(func == NULL || (*func)(context, funcctx, pr)){
946 krb5_free_principal(context, pr);
948 krb5_clear_error_message (context);
949 return HEIM_ERR_V4_PRINC_NO_CONV;
952 krb5_boolean passed = FALSE;
957 r = dns_lookup(instance, "aaaa");
959 if (r->head && r->head->type == T_AAAA) {
960 inst = strdup(r->head->domain);
965 r = dns_lookup(instance, "a");
967 if(r->head && r->head->type == T_A) {
968 inst = strdup(r->head->domain);
975 struct addrinfo hints, *ai;
977 memset (&hints, 0, sizeof(hints));
978 hints.ai_flags = AI_CANONNAME;
979 ret = getaddrinfo(instance, NULL, &hints, &ai);
981 const struct addrinfo *a;
982 for (a = ai; a != NULL; a = a->ai_next) {
983 if (a->ai_canonname != NULL) {
984 inst = strdup (a->ai_canonname);
994 krb5_set_error_message(context, ENOMEM,
995 N_("malloc: out of memory", ""));
999 ret = krb5_make_principal(context, &pr, realm, name, inst,
1003 if(func == NULL || (*func)(context, funcctx, pr)){
1007 krb5_free_principal(context, pr);
1012 snprintf(host, sizeof(host), "%s.%s", instance, realm);
1014 ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
1017 if((*func)(context, funcctx, pr)){
1021 krb5_free_principal(context, pr);
1025 * if the instance is the first component of the local hostname,
1026 * the converted host should be the long hostname.
1030 gethostname (local_hostname, sizeof(local_hostname)) == 0 &&
1031 strncmp(instance, local_hostname, strlen(instance)) == 0 &&
1032 local_hostname[strlen(instance)] == '.') {
1033 strlcpy(host, local_hostname, sizeof(host));
1038 char **domains, **d;
1039 domains = krb5_config_get_strings(context, NULL, "realms", realm,
1040 "v4_domains", NULL);
1041 for(d = domains; d && *d; d++){
1042 snprintf(host, sizeof(host), "%s.%s", instance, *d);
1043 ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
1045 krb5_config_free_strings(domains);
1048 if(func == NULL || (*func)(context, funcctx, pr)){
1050 krb5_config_free_strings(domains);
1053 krb5_free_principal(context, pr);
1055 krb5_config_free_strings(domains);
1059 p = krb5_config_get_string(context, NULL, "realms", realm,
1060 "default_domain", NULL);
1062 /* this should be an error, just faking a name is not good */
1063 krb5_clear_error_message (context);
1064 return HEIM_ERR_V4_PRINC_NO_CONV;
1069 snprintf(host, sizeof(host), "%s.%s", instance, p);
1071 ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
1074 if(func == NULL || (*func)(context, funcctx, pr)){
1078 krb5_free_principal(context, pr);
1079 krb5_clear_error_message (context);
1080 return HEIM_ERR_V4_PRINC_NO_CONV;
1082 p = krb5_config_get_string(context, NULL,
1090 p = krb5_config_get_string(context, NULL,
1099 ret = krb5_make_principal(context, &pr, realm, name, instance, NULL);
1102 if(func == NULL || (*func)(context, funcctx, pr)){
1106 krb5_free_principal(context, pr);
1107 krb5_clear_error_message (context);
1108 return HEIM_ERR_V4_PRINC_NO_CONV;
1112 check_list(const krb5_config_binding *l, const char *name, const char **out)
1115 if (l->type != krb5_config_string)
1117 if(strcmp(name, l->u.string) == 0) {
1127 name_convert(krb5_context context, const char *name, const char *realm,
1130 const krb5_config_binding *l;
1131 l = krb5_config_get_list (context,
1138 if(l && check_list(l, name, out))
1139 return KRB5_NT_SRV_HST;
1140 l = krb5_config_get_list (context,
1146 if(l && check_list(l, name, out))
1147 return KRB5_NT_SRV_HST;
1148 l = krb5_config_get_list (context,
1155 if(l && check_list(l, name, out))
1156 return KRB5_NT_UNKNOWN;
1157 l = krb5_config_get_list (context,
1163 if(l && check_list(l, name, out))
1164 return KRB5_NT_UNKNOWN;
1166 /* didn't find it in config file, try built-in list */
1168 struct v4_name_convert *q;
1169 for(q = default_v4_name_convert; q->from; q++) {
1170 if(strcmp(name, q->to) == 0) {
1172 return KRB5_NT_SRV_HST;
1180 * convert the v5 principal in `principal' into a v4 corresponding one
1181 * in `name, instance, realm'
1182 * this is limited interface since there's no length given for these
1183 * three parameters. They have to be 40 bytes each (ANAME_SZ).
1186 krb5_error_code KRB5_LIB_FUNCTION
1187 krb5_524_conv_principal(krb5_context context,
1188 const krb5_principal principal,
1193 const char *n, *i, *r;
1195 int type = princ_type(principal);
1196 const int aname_sz = 40;
1198 r = principal->realm;
1200 switch(principal->name.name_string.len){
1202 n = principal->name.name_string.val[0];
1206 n = principal->name.name_string.val[0];
1207 i = principal->name.name_string.val[1];
1210 krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
1211 N_("cannot convert a %d "
1212 "component principal", ""),
1213 principal->name.name_string.len);
1214 return KRB5_PARSE_MALFORMED;
1219 int t = name_convert(context, n, r, &tmp);
1226 if(type == KRB5_NT_SRV_HST){
1229 strlcpy (tmpinst, i, sizeof(tmpinst));
1230 p = strchr(tmpinst, '.');
1236 if (strlcpy (name, n, aname_sz) >= aname_sz) {
1237 krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
1238 N_("too long name component to convert", ""));
1239 return KRB5_PARSE_MALFORMED;
1241 if (strlcpy (instance, i, aname_sz) >= aname_sz) {
1242 krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
1243 N_("too long instance component to convert", ""));
1244 return KRB5_PARSE_MALFORMED;
1246 if (strlcpy (realm, r, aname_sz) >= aname_sz) {
1247 krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
1248 N_("too long realm component to convert", ""));
1249 return KRB5_PARSE_MALFORMED;
1255 * Create a principal for the service running on hostname. If
1256 * KRB5_NT_SRV_HST is used, the hostname is canonization using DNS (or
1257 * some other service), this is potentially insecure.
1259 * @param context A Kerberos context.
1260 * @param hostname hostname to use
1261 * @param sname Service name to use
1262 * @param type name type of pricipal, use KRB5_NT_SRV_HST or KRB5_NT_UNKNOWN.
1263 * @param ret_princ return principal, free with krb5_free_principal().
1265 * @return An krb5 error code, see krb5_get_error_message().
1267 * @ingroup krb5_principal
1270 krb5_error_code KRB5_LIB_FUNCTION
1271 krb5_sname_to_principal (krb5_context context,
1272 const char *hostname,
1275 krb5_principal *ret_princ)
1277 krb5_error_code ret;
1278 char localhost[MAXHOSTNAMELEN];
1279 char **realms, *host = NULL;
1281 if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) {
1282 krb5_set_error_message(context, KRB5_SNAME_UNSUPP_NAMETYPE,
1283 N_("unsupported name type %d", ""),
1285 return KRB5_SNAME_UNSUPP_NAMETYPE;
1287 if(hostname == NULL) {
1288 ret = gethostname(localhost, sizeof(localhost) - 1);
1291 krb5_set_error_message(context, ret,
1292 N_("Failed to get local hostname", ""));
1295 localhost[sizeof(localhost) - 1] = '\0';
1296 hostname = localhost;
1300 if(type == KRB5_NT_SRV_HST) {
1301 ret = krb5_expand_hostname_realms (context, hostname,
1308 ret = krb5_get_host_realm(context, hostname, &realms);
1313 ret = krb5_make_principal(context, ret_princ, realms[0], sname,
1317 krb5_free_host_realm(context, realms);
1321 static const struct {
1325 { "UNKNOWN", KRB5_NT_UNKNOWN },
1326 { "PRINCIPAL", KRB5_NT_PRINCIPAL },
1327 { "SRV_INST", KRB5_NT_SRV_INST },
1328 { "SRV_HST", KRB5_NT_SRV_HST },
1329 { "SRV_XHST", KRB5_NT_SRV_XHST },
1330 { "UID", KRB5_NT_UID },
1331 { "X500_PRINCIPAL", KRB5_NT_X500_PRINCIPAL },
1332 { "SMTP_NAME", KRB5_NT_SMTP_NAME },
1333 { "ENTERPRISE_PRINCIPAL", KRB5_NT_ENTERPRISE_PRINCIPAL },
1334 { "ENT_PRINCIPAL_AND_ID", KRB5_NT_ENT_PRINCIPAL_AND_ID },
1335 { "MS_PRINCIPAL", KRB5_NT_MS_PRINCIPAL },
1336 { "MS_PRINCIPAL_AND_ID", KRB5_NT_MS_PRINCIPAL_AND_ID },
1341 krb5_parse_nametype(krb5_context context, const char *str, int32_t *nametype)
1345 for(i = 0; nametypes[i].type; i++) {
1346 if (strcasecmp(nametypes[i].type, str) == 0) {
1347 *nametype = nametypes[i].value;
1351 krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
1352 N_("Failed to find name type %s", ""), str);
1353 return KRB5_PARSE_MALFORMED;
git.samba.org / metze / heimdal / wip.git / blob