2 * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * @page page_principal The principal handing functions.
37 * A Kerberos principal is a email address looking string that
38 * contains to parts separeted by a @. The later part is the kerbero
39 * realm the principal belongs to and the former is a list of 0 or
40 * more components. For example
43 host/hummel.it.su.se@SU.SE
47 * See the library functions here: @ref krb5_principal
50 #include "krb5_locl.h"
51 #ifdef HAVE_RES_SEARCH
54 #ifdef HAVE_ARPA_NAMESER_H
55 #include <arpa/nameser.h>
62 #define princ_num_comp(P) ((P)->name.name_string.len)
63 #define princ_type(P) ((P)->name.name_type)
64 #define princ_comp(P) ((P)->name.name_string.val)
65 #define princ_ncomp(P, N) ((P)->name.name_string.val[(N)])
66 #define princ_realm(P) ((P)->realm)
69 * Frees a Kerberos principal allocated by the library with
70 * krb5_parse_name(), krb5_make_principal() or any other related
71 * principal functions.
73 * @param context A Kerberos context.
74 * @param p a principal to free.
76 * @return An krb5 error code, see krb5_get_error_message().
78 * @ingroup krb5_principal
83 void KRB5_LIB_FUNCTION
84 krb5_free_principal(krb5_context context,
93 void KRB5_LIB_FUNCTION
94 krb5_principal_set_type(krb5_context context,
95 krb5_principal principal,
98 princ_type(principal) = type;
101 int KRB5_LIB_FUNCTION
102 krb5_principal_get_type(krb5_context context,
103 krb5_const_principal principal)
105 return princ_type(principal);
108 const char* KRB5_LIB_FUNCTION
109 krb5_principal_get_realm(krb5_context context,
110 krb5_const_principal principal)
112 return princ_realm(principal);
115 const char* KRB5_LIB_FUNCTION
116 krb5_principal_get_comp_string(krb5_context context,
117 krb5_const_principal principal,
118 unsigned int component)
120 if(component >= princ_num_comp(principal))
122 return princ_ncomp(principal, component);
125 krb5_error_code KRB5_LIB_FUNCTION
126 krb5_parse_name_flags(krb5_context context,
129 krb5_principal *principal)
132 heim_general_string *comp;
133 heim_general_string realm = NULL;
145 int enterprise = (flags & KRB5_PRINCIPAL_PARSE_ENTERPRISE);
149 #define RFLAGS (KRB5_PRINCIPAL_PARSE_NO_REALM|KRB5_PRINCIPAL_PARSE_MUST_REALM)
151 if ((flags & RFLAGS) == RFLAGS) {
152 krb5_set_error_message(context, KRB5_ERR_NO_SERVICE,
153 "Can't require both realm and "
154 "no realm at the same time");
155 return KRB5_ERR_NO_SERVICE;
159 /* count number of component,
160 * enterprise names only have one component
164 for(p = name; *p; p++){
167 krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
168 "trailing \\ in principal name");
169 return KRB5_PARSE_MALFORMED;
178 comp = calloc(ncomp, sizeof(*comp));
180 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
185 p = start = q = s = strdup(name);
188 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
204 ret = KRB5_PARSE_MALFORMED;
205 krb5_set_error_message(context, ret,
206 "trailing \\ in principal name");
209 }else if(enterprise && first_at) {
212 }else if((c == '/' && !enterprise) || c == '@'){
214 ret = KRB5_PARSE_MALFORMED;
215 krb5_set_error_message(context, ret,
216 "part after realm in principal name");
219 comp[n] = malloc(q - start + 1);
220 if (comp[n] == NULL) {
222 krb5_set_error_message(context, ret, "malloc: out of memory");
225 memcpy(comp[n], start, q - start);
226 comp[n][q - start] = 0;
234 if(got_realm && (c == ':' || c == '/' || c == '\0')) {
235 ret = KRB5_PARSE_MALFORMED;
236 krb5_set_error_message(context, ret,
237 "part after realm in principal name");
243 if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) {
244 ret = KRB5_PARSE_MALFORMED;
245 krb5_set_error_message(context, ret, "realm found in 'short' principal "
246 "expected to be without one");
249 realm = malloc(q - start + 1);
252 krb5_set_error_message(context, ret, "malloc: out of memory");
255 memcpy(realm, start, q - start);
256 realm[q - start] = 0;
258 if (flags & KRB5_PRINCIPAL_PARSE_MUST_REALM) {
259 ret = KRB5_PARSE_MALFORMED;
260 krb5_set_error_message(context, ret, "realm NOT found in principal "
261 "expected to be with one");
263 } else if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) {
266 ret = krb5_get_default_realm (context, &realm);
271 comp[n] = malloc(q - start + 1);
272 if (comp[n] == NULL) {
274 krb5_set_error_message(context, ret, "malloc: out of memory");
277 memcpy(comp[n], start, q - start);
278 comp[n][q - start] = 0;
281 *principal = malloc(sizeof(**principal));
282 if (*principal == NULL) {
284 krb5_set_error_message(context, ret, "malloc: out of memory");
288 (*principal)->name.name_type = KRB5_NT_ENTERPRISE_PRINCIPAL;
290 (*principal)->name.name_type = KRB5_NT_PRINCIPAL;
291 (*principal)->name.name_string.val = comp;
292 princ_num_comp(*principal) = n;
293 (*principal)->realm = realm;
306 krb5_error_code KRB5_LIB_FUNCTION
307 krb5_parse_name(krb5_context context,
309 krb5_principal *principal)
311 return krb5_parse_name_flags(context, name, 0, principal);
314 static const char quotable_chars[] = " \n\t\b\\/@";
315 static const char replace_chars[] = " ntb\\/@";
316 static const char nq_chars[] = " \\/@";
318 #define add_char(BASE, INDEX, LEN, C) do { if((INDEX) < (LEN)) (BASE)[(INDEX)++] = (C); }while(0);
321 quote_string(const char *s, char *out, size_t idx, size_t len, int display)
324 for(p = s; *p && idx < len; p++){
325 q = strchr(quotable_chars, *p);
327 add_char(out, idx, len, replace_chars[q - quotable_chars]);
329 add_char(out, idx, len, '\\');
330 add_char(out, idx, len, replace_chars[q - quotable_chars]);
332 add_char(out, idx, len, *p);
340 static krb5_error_code
341 unparse_name_fixed(krb5_context context,
342 krb5_const_principal principal,
349 int short_form = (flags & KRB5_PRINCIPAL_UNPARSE_SHORT) != 0;
350 int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) != 0;
351 int display = (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) != 0;
353 if (!no_realm && princ_realm(principal) == NULL) {
354 krb5_set_error_message(context, ERANGE,
355 "Realm missing from principal, "
360 for(i = 0; i < princ_num_comp(principal); i++){
362 add_char(name, idx, len, '/');
363 idx = quote_string(princ_ncomp(principal, i), name, idx, len, display);
365 krb5_set_error_message(context, ERANGE, "Out of space printing principal");
369 /* add realm if different from default realm */
370 if(short_form && !no_realm) {
373 ret = krb5_get_default_realm(context, &r);
376 if(strcmp(princ_realm(principal), r) != 0)
380 if(!short_form && !no_realm) {
381 add_char(name, idx, len, '@');
382 idx = quote_string(princ_realm(principal), name, idx, len, display);
384 krb5_set_error_message(context, ERANGE,
385 "Out of space printing realm of principal");
392 krb5_error_code KRB5_LIB_FUNCTION
393 krb5_unparse_name_fixed(krb5_context context,
394 krb5_const_principal principal,
398 return unparse_name_fixed(context, principal, name, len, 0);
401 krb5_error_code KRB5_LIB_FUNCTION
402 krb5_unparse_name_fixed_short(krb5_context context,
403 krb5_const_principal principal,
407 return unparse_name_fixed(context, principal, name, len,
408 KRB5_PRINCIPAL_UNPARSE_SHORT);
411 krb5_error_code KRB5_LIB_FUNCTION
412 krb5_unparse_name_fixed_flags(krb5_context context,
413 krb5_const_principal principal,
418 return unparse_name_fixed(context, principal, name, len, flags);
421 static krb5_error_code
422 unparse_name(krb5_context context,
423 krb5_const_principal principal,
427 size_t len = 0, plen;
431 if (princ_realm(principal)) {
432 plen = strlen(princ_realm(principal));
434 if(strcspn(princ_realm(principal), quotable_chars) == plen)
440 for(i = 0; i < princ_num_comp(principal); i++){
441 plen = strlen(princ_ncomp(principal, i));
442 if(strcspn(princ_ncomp(principal, i), quotable_chars) == plen)
451 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
454 ret = unparse_name_fixed(context, principal, *name, len, flags);
462 krb5_error_code KRB5_LIB_FUNCTION
463 krb5_unparse_name(krb5_context context,
464 krb5_const_principal principal,
467 return unparse_name(context, principal, name, 0);
470 krb5_error_code KRB5_LIB_FUNCTION
471 krb5_unparse_name_flags(krb5_context context,
472 krb5_const_principal principal,
476 return unparse_name(context, principal, name, flags);
479 krb5_error_code KRB5_LIB_FUNCTION
480 krb5_unparse_name_short(krb5_context context,
481 krb5_const_principal principal,
484 return unparse_name(context, principal, name, KRB5_PRINCIPAL_UNPARSE_SHORT);
487 #if 0 /* not implemented */
489 krb5_error_code KRB5_LIB_FUNCTION
490 krb5_unparse_name_ext(krb5_context context,
491 krb5_const_principal principal,
495 krb5_abortx(context, "unimplemented krb5_unparse_name_ext called");
500 krb5_realm * KRB5_LIB_FUNCTION
501 krb5_princ_realm(krb5_context context,
502 krb5_principal principal)
504 return &princ_realm(principal);
508 void KRB5_LIB_FUNCTION
509 krb5_princ_set_realm(krb5_context context,
510 krb5_principal principal,
513 princ_realm(principal) = *realm;
516 krb5_error_code KRB5_LIB_FUNCTION
517 krb5_principal_set_realm(krb5_context context,
518 krb5_principal principal,
519 krb5_const_realm realm)
521 if (princ_realm(principal))
522 free(princ_realm(principal));
524 princ_realm(principal) = strdup(realm);
525 if (princ_realm(principal) == NULL) {
526 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
533 krb5_error_code KRB5_LIB_FUNCTION
534 krb5_build_principal(krb5_context context,
535 krb5_principal *principal,
537 krb5_const_realm realm,
543 ret = krb5_build_principal_va(context, principal, rlen, realm, ap);
548 static krb5_error_code
549 append_component(krb5_context context, krb5_principal p,
553 heim_general_string *tmp;
554 size_t len = princ_num_comp(p);
556 tmp = realloc(princ_comp(p), (len + 1) * sizeof(*tmp));
558 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
562 princ_ncomp(p, len) = malloc(comp_len + 1);
563 if (princ_ncomp(p, len) == NULL) {
564 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
567 memcpy (princ_ncomp(p, len), comp, comp_len);
568 princ_ncomp(p, len)[comp_len] = '\0';
574 va_ext_princ(krb5_context context, krb5_principal p, va_list ap)
579 len = va_arg(ap, int);
582 s = va_arg(ap, const char*);
583 append_component(context, p, s, len);
588 va_princ(krb5_context context, krb5_principal p, va_list ap)
592 s = va_arg(ap, const char*);
595 append_component(context, p, s, strlen(s));
600 static krb5_error_code
601 build_principal(krb5_context context,
602 krb5_principal *principal,
604 krb5_const_realm realm,
605 void (*func)(krb5_context, krb5_principal, va_list),
610 p = calloc(1, sizeof(*p));
612 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
615 princ_type(p) = KRB5_NT_PRINCIPAL;
617 princ_realm(p) = strdup(realm);
618 if(p->realm == NULL){
620 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
624 (*func)(context, p, ap);
629 krb5_error_code KRB5_LIB_FUNCTION
630 krb5_make_principal(krb5_context context,
631 krb5_principal *principal,
632 krb5_const_realm realm,
639 ret = krb5_get_default_realm(context, &r);
645 ret = krb5_build_principal_va(context, principal, strlen(realm), realm, ap);
652 krb5_error_code KRB5_LIB_FUNCTION
653 krb5_build_principal_va(krb5_context context,
654 krb5_principal *principal,
656 krb5_const_realm realm,
659 return build_principal(context, principal, rlen, realm, va_princ, ap);
662 krb5_error_code KRB5_LIB_FUNCTION
663 krb5_build_principal_va_ext(krb5_context context,
664 krb5_principal *principal,
666 krb5_const_realm realm,
669 return build_principal(context, principal, rlen, realm, va_ext_princ, ap);
673 krb5_error_code KRB5_LIB_FUNCTION
674 krb5_build_principal_ext(krb5_context context,
675 krb5_principal *principal,
677 krb5_const_realm realm,
683 ret = krb5_build_principal_va_ext(context, principal, rlen, realm, ap);
689 krb5_error_code KRB5_LIB_FUNCTION
690 krb5_copy_principal(krb5_context context,
691 krb5_const_principal inprinc,
692 krb5_principal *outprinc)
694 krb5_principal p = malloc(sizeof(*p));
696 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
699 if(copy_Principal(inprinc, p)) {
701 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
709 * return TRUE iff princ1 == princ2 (without considering the realm)
712 krb5_boolean KRB5_LIB_FUNCTION
713 krb5_principal_compare_any_realm(krb5_context context,
714 krb5_const_principal princ1,
715 krb5_const_principal princ2)
718 if(princ_num_comp(princ1) != princ_num_comp(princ2))
720 for(i = 0; i < princ_num_comp(princ1); i++){
721 if(strcmp(princ_ncomp(princ1, i), princ_ncomp(princ2, i)) != 0)
727 krb5_boolean KRB5_LIB_FUNCTION
728 _krb5_principal_compare_PrincipalName(krb5_context context,
729 krb5_const_principal princ1,
730 PrincipalName *princ2)
733 if (princ_num_comp(princ1) != princ2->name_string.len)
735 for(i = 0; i < princ_num_comp(princ1); i++){
736 if(strcmp(princ_ncomp(princ1, i), princ2->name_string.val[i]) != 0)
744 * return TRUE iff princ1 == princ2
747 krb5_boolean KRB5_LIB_FUNCTION
748 krb5_principal_compare(krb5_context context,
749 krb5_const_principal princ1,
750 krb5_const_principal princ2)
752 if(!krb5_realm_compare(context, princ1, princ2))
754 return krb5_principal_compare_any_realm(context, princ1, princ2);
758 * return TRUE iff realm(princ1) == realm(princ2)
761 krb5_boolean KRB5_LIB_FUNCTION
762 krb5_realm_compare(krb5_context context,
763 krb5_const_principal princ1,
764 krb5_const_principal princ2)
766 return strcmp(princ_realm(princ1), princ_realm(princ2)) == 0;
770 * return TRUE iff princ matches pattern
773 krb5_boolean KRB5_LIB_FUNCTION
774 krb5_principal_match(krb5_context context,
775 krb5_const_principal princ,
776 krb5_const_principal pattern)
779 if(princ_num_comp(princ) != princ_num_comp(pattern))
781 if(fnmatch(princ_realm(pattern), princ_realm(princ), 0) != 0)
783 for(i = 0; i < princ_num_comp(princ); i++){
784 if(fnmatch(princ_ncomp(pattern, i), princ_ncomp(princ, i), 0) != 0)
791 static struct v4_name_convert {
794 } default_v4_name_convert[] = {
796 { "hprop", "hprop" },
805 * return the converted instance name of `name' in `realm'.
806 * look in the configuration file and then in the default set above.
807 * return NULL if no conversion is appropriate.
811 get_name_conversion(krb5_context context, const char *realm, const char *name)
813 struct v4_name_convert *q;
816 p = krb5_config_get_string(context, NULL, "realms", realm,
817 "v4_name_convert", "host", name, NULL);
819 p = krb5_config_get_string(context, NULL, "libdefaults",
820 "v4_name_convert", "host", name, NULL);
824 /* XXX should be possible to override default list */
825 p = krb5_config_get_string(context, NULL,
834 p = krb5_config_get_string(context, NULL,
842 for(q = default_v4_name_convert; q->from; q++)
843 if(strcmp(q->from, name) == 0)
849 * convert the v4 principal `name.instance@realm' to a v5 principal in `princ'.
850 * if `resolve', use DNS.
851 * if `func', use that function for validating the conversion
854 krb5_error_code KRB5_LIB_FUNCTION
855 krb5_425_conv_principal_ext2(krb5_context context,
857 const char *instance,
859 krb5_boolean (*func)(krb5_context,
860 void *, krb5_principal),
862 krb5_boolean resolve,
863 krb5_principal *princ)
868 char host[MAXHOSTNAMELEN];
869 char local_hostname[MAXHOSTNAMELEN];
871 /* do the following: if the name is found in the
872 `v4_name_convert:host' part, is assumed to be a `host' type
873 principal, and the instance is looked up in the
874 `v4_instance_convert' part. if not found there the name is
875 (optionally) looked up as a hostname, and if that doesn't yield
876 anything, the `default_domain' is appended to the instance
881 if(instance[0] == 0){
885 p = get_name_conversion(context, realm, name);
889 p = krb5_config_get_string(context, NULL, "realms", realm,
890 "v4_instance_convert", instance, NULL);
893 ret = krb5_make_principal(context, &pr, realm, name, instance, NULL);
894 if(func == NULL || (*func)(context, funcctx, pr)){
898 krb5_free_principal(context, pr);
900 krb5_clear_error_string (context);
901 return HEIM_ERR_V4_PRINC_NO_CONV;
904 krb5_boolean passed = FALSE;
909 r = dns_lookup(instance, "aaaa");
911 if (r->head && r->head->type == T_AAAA) {
912 inst = strdup(r->head->domain);
917 r = dns_lookup(instance, "a");
919 if(r->head && r->head->type == T_A) {
920 inst = strdup(r->head->domain);
927 struct addrinfo hints, *ai;
929 memset (&hints, 0, sizeof(hints));
930 hints.ai_flags = AI_CANONNAME;
931 ret = getaddrinfo(instance, NULL, &hints, &ai);
933 const struct addrinfo *a;
934 for (a = ai; a != NULL; a = a->ai_next) {
935 if (a->ai_canonname != NULL) {
936 inst = strdup (a->ai_canonname);
946 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
950 ret = krb5_make_principal(context, &pr, realm, name, inst,
954 if(func == NULL || (*func)(context, funcctx, pr)){
958 krb5_free_principal(context, pr);
963 snprintf(host, sizeof(host), "%s.%s", instance, realm);
965 ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
966 if((*func)(context, funcctx, pr)){
970 krb5_free_principal(context, pr);
974 * if the instance is the first component of the local hostname,
975 * the converted host should be the long hostname.
979 gethostname (local_hostname, sizeof(local_hostname)) == 0 &&
980 strncmp(instance, local_hostname, strlen(instance)) == 0 &&
981 local_hostname[strlen(instance)] == '.') {
982 strlcpy(host, local_hostname, sizeof(host));
988 domains = krb5_config_get_strings(context, NULL, "realms", realm,
990 for(d = domains; d && *d; d++){
991 snprintf(host, sizeof(host), "%s.%s", instance, *d);
992 ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
993 if(func == NULL || (*func)(context, funcctx, pr)){
995 krb5_config_free_strings(domains);
998 krb5_free_principal(context, pr);
1000 krb5_config_free_strings(domains);
1004 p = krb5_config_get_string(context, NULL, "realms", realm,
1005 "default_domain", NULL);
1007 /* this should be an error, just faking a name is not good */
1008 krb5_clear_error_string (context);
1009 return HEIM_ERR_V4_PRINC_NO_CONV;
1014 snprintf(host, sizeof(host), "%s.%s", instance, p);
1016 ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
1017 if(func == NULL || (*func)(context, funcctx, pr)){
1021 krb5_free_principal(context, pr);
1022 krb5_clear_error_string (context);
1023 return HEIM_ERR_V4_PRINC_NO_CONV;
1025 p = krb5_config_get_string(context, NULL,
1033 p = krb5_config_get_string(context, NULL,
1042 ret = krb5_make_principal(context, &pr, realm, name, instance, NULL);
1043 if(func == NULL || (*func)(context, funcctx, pr)){
1047 krb5_free_principal(context, pr);
1048 krb5_clear_error_string (context);
1049 return HEIM_ERR_V4_PRINC_NO_CONV;
1053 convert_func(krb5_context conxtext, void *funcctx, krb5_principal principal)
1055 krb5_boolean (*func)(krb5_context, krb5_principal) = funcctx;
1056 return (*func)(conxtext, principal);
1059 krb5_error_code KRB5_LIB_FUNCTION
1060 krb5_425_conv_principal_ext(krb5_context context,
1062 const char *instance,
1064 krb5_boolean (*func)(krb5_context, krb5_principal),
1065 krb5_boolean resolve,
1066 krb5_principal *principal)
1068 return krb5_425_conv_principal_ext2(context,
1072 func ? convert_func : NULL,
1080 krb5_error_code KRB5_LIB_FUNCTION
1081 krb5_425_conv_principal(krb5_context context,
1083 const char *instance,
1085 krb5_principal *princ)
1087 krb5_boolean resolve = krb5_config_get_bool(context,
1090 "v4_instance_resolve",
1093 return krb5_425_conv_principal_ext(context, name, instance, realm,
1094 NULL, resolve, princ);
1099 check_list(const krb5_config_binding *l, const char *name, const char **out)
1102 if (l->type != krb5_config_string)
1104 if(strcmp(name, l->u.string) == 0) {
1114 name_convert(krb5_context context, const char *name, const char *realm,
1117 const krb5_config_binding *l;
1118 l = krb5_config_get_list (context,
1125 if(l && check_list(l, name, out))
1126 return KRB5_NT_SRV_HST;
1127 l = krb5_config_get_list (context,
1133 if(l && check_list(l, name, out))
1134 return KRB5_NT_SRV_HST;
1135 l = krb5_config_get_list (context,
1142 if(l && check_list(l, name, out))
1143 return KRB5_NT_UNKNOWN;
1144 l = krb5_config_get_list (context,
1150 if(l && check_list(l, name, out))
1151 return KRB5_NT_UNKNOWN;
1153 /* didn't find it in config file, try built-in list */
1155 struct v4_name_convert *q;
1156 for(q = default_v4_name_convert; q->from; q++) {
1157 if(strcmp(name, q->to) == 0) {
1159 return KRB5_NT_SRV_HST;
1167 * convert the v5 principal in `principal' into a v4 corresponding one
1168 * in `name, instance, realm'
1169 * this is limited interface since there's no length given for these
1170 * three parameters. They have to be 40 bytes each (ANAME_SZ).
1173 krb5_error_code KRB5_LIB_FUNCTION
1174 krb5_524_conv_principal(krb5_context context,
1175 const krb5_principal principal,
1180 const char *n, *i, *r;
1182 int type = princ_type(principal);
1183 const int aname_sz = 40;
1185 r = principal->realm;
1187 switch(principal->name.name_string.len){
1189 n = principal->name.name_string.val[0];
1193 n = principal->name.name_string.val[0];
1194 i = principal->name.name_string.val[1];
1197 krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
1198 "cannot convert a %d component principal",
1199 principal->name.name_string.len);
1200 return KRB5_PARSE_MALFORMED;
1205 int t = name_convert(context, n, r, &tmp);
1212 if(type == KRB5_NT_SRV_HST){
1215 strlcpy (tmpinst, i, sizeof(tmpinst));
1216 p = strchr(tmpinst, '.');
1222 if (strlcpy (name, n, aname_sz) >= aname_sz) {
1223 krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
1224 "too long name component to convert");
1225 return KRB5_PARSE_MALFORMED;
1227 if (strlcpy (instance, i, aname_sz) >= aname_sz) {
1228 krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
1229 "too long instance component to convert");
1230 return KRB5_PARSE_MALFORMED;
1232 if (strlcpy (realm, r, aname_sz) >= aname_sz) {
1233 krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
1234 "too long realm component to convert");
1235 return KRB5_PARSE_MALFORMED;
1241 * Create a principal in `ret_princ' for the service `sname' running
1242 * on host `hostname'. */
1244 krb5_error_code KRB5_LIB_FUNCTION
1245 krb5_sname_to_principal (krb5_context context,
1246 const char *hostname,
1249 krb5_principal *ret_princ)
1251 krb5_error_code ret;
1252 char localhost[MAXHOSTNAMELEN];
1253 char **realms, *host = NULL;
1255 if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) {
1256 krb5_set_error_message(context, KRB5_SNAME_UNSUPP_NAMETYPE,
1257 "unsupported name type %d",
1259 return KRB5_SNAME_UNSUPP_NAMETYPE;
1261 if(hostname == NULL) {
1262 ret = gethostname(localhost, sizeof(localhost) - 1);
1265 krb5_set_error_message(context, ret,
1266 "Failed to get local hostname");
1269 localhost[sizeof(localhost) - 1] = '\0';
1270 hostname = localhost;
1274 if(type == KRB5_NT_SRV_HST) {
1275 ret = krb5_expand_hostname_realms (context, hostname,
1282 ret = krb5_get_host_realm(context, hostname, &realms);
1287 ret = krb5_make_principal(context, ret_princ, realms[0], sname,
1291 krb5_free_host_realm(context, realms);
1295 static const struct {
1299 { "UNKNOWN", KRB5_NT_UNKNOWN },
1300 { "PRINCIPAL", KRB5_NT_PRINCIPAL },
1301 { "SRV_INST", KRB5_NT_SRV_INST },
1302 { "SRV_HST", KRB5_NT_SRV_HST },
1303 { "SRV_XHST", KRB5_NT_SRV_XHST },
1304 { "UID", KRB5_NT_UID },
1305 { "X500_PRINCIPAL", KRB5_NT_X500_PRINCIPAL },
1306 { "SMTP_NAME", KRB5_NT_SMTP_NAME },
1307 { "ENTERPRISE_PRINCIPAL", KRB5_NT_ENTERPRISE_PRINCIPAL },
1308 { "ENT_PRINCIPAL_AND_ID", KRB5_NT_ENT_PRINCIPAL_AND_ID },
1309 { "MS_PRINCIPAL", KRB5_NT_MS_PRINCIPAL },
1310 { "MS_PRINCIPAL_AND_ID", KRB5_NT_MS_PRINCIPAL_AND_ID },
1315 krb5_parse_nametype(krb5_context context, const char *str, int32_t *nametype)
1319 for(i = 0; nametypes[i].type; i++) {
1320 if (strcasecmp(nametypes[i].type, str) == 0) {
1321 *nametype = nametypes[i].value;
1325 krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
1326 "Failed to find name type %s", str);
1327 return KRB5_PARSE_MALFORMED;
git.samba.org / metze / samba / wip.git / blob