2 * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "krb5_locl.h"
35 #ifdef HAVE_RES_SEARCH
38 #ifdef HAVE_ARPA_NAMESER_H
39 #include <arpa/nameser.h>
44 RCSID("$Id: principal.c,v 1.81.2.1 2002/10/21 16:08:25 joda Exp $");
46 #define princ_num_comp(P) ((P)->name.name_string.len)
47 #define princ_type(P) ((P)->name.name_type)
48 #define princ_comp(P) ((P)->name.name_string.val)
49 #define princ_ncomp(P, N) ((P)->name.name_string.val[(N)])
50 #define princ_realm(P) ((P)->realm)
53 krb5_free_principal(krb5_context context,
63 krb5_principal_get_type(krb5_context context,
64 krb5_principal principal)
66 return princ_type(principal);
70 krb5_principal_get_realm(krb5_context context,
71 krb5_principal principal)
73 return princ_realm(principal);
77 krb5_principal_get_comp_string(krb5_context context,
78 krb5_principal principal,
79 unsigned int component)
81 if(component >= princ_num_comp(principal))
83 return princ_ncomp(principal, component);
87 krb5_parse_name(krb5_context context,
89 krb5_principal *principal)
105 /* count number of component */
107 for(p = name; *p; p++){
110 krb5_set_error_string (context,
111 "trailing \\ in principal name");
112 return KRB5_PARSE_MALFORMED;
118 comp = calloc(ncomp, sizeof(*comp));
120 krb5_set_error_string (context, "malloc: out of memory");
125 p = start = q = s = strdup(name);
128 krb5_set_error_string (context, "malloc: out of memory");
144 krb5_set_error_string (context,
145 "trailing \\ in principal name");
146 ret = KRB5_PARSE_MALFORMED;
149 }else if(c == '/' || c == '@'){
151 krb5_set_error_string (context,
152 "part after realm in principal name");
153 ret = KRB5_PARSE_MALFORMED;
156 comp[n] = malloc(q - start + 1);
157 if (comp[n] == NULL) {
158 krb5_set_error_string (context, "malloc: out of memory");
162 memcpy(comp[n], start, q - start);
163 comp[n][q - start] = 0;
171 if(got_realm && (c == ':' || c == '/' || c == '\0')) {
172 krb5_set_error_string (context,
173 "part after realm in principal name");
174 ret = KRB5_PARSE_MALFORMED;
180 realm = malloc(q - start + 1);
182 krb5_set_error_string (context, "malloc: out of memory");
186 memcpy(realm, start, q - start);
187 realm[q - start] = 0;
189 ret = krb5_get_default_realm (context, &realm);
193 comp[n] = malloc(q - start + 1);
194 if (comp[n] == NULL) {
195 krb5_set_error_string (context, "malloc: out of memory");
199 memcpy(comp[n], start, q - start);
200 comp[n][q - start] = 0;
203 *principal = malloc(sizeof(**principal));
204 if (*principal == NULL) {
205 krb5_set_error_string (context, "malloc: out of memory");
209 (*principal)->name.name_type = KRB5_NT_PRINCIPAL;
210 (*principal)->name.name_string.val = comp;
211 princ_num_comp(*principal) = n;
212 (*principal)->realm = realm;
224 static const char quotable_chars[] = " \n\t\b\\/@";
225 static const char replace_chars[] = " ntb\\/@";
227 #define add_char(BASE, INDEX, LEN, C) do { if((INDEX) < (LEN)) (BASE)[(INDEX)++] = (C); }while(0);
230 quote_string(const char *s, char *out, size_t index, size_t len)
233 for(p = s; *p && index < len; p++){
234 if((q = strchr(quotable_chars, *p))){
235 add_char(out, index, len, '\\');
236 add_char(out, index, len, replace_chars[q - quotable_chars]);
238 add_char(out, index, len, *p);
246 static krb5_error_code
247 unparse_name_fixed(krb5_context context,
248 krb5_const_principal principal,
251 krb5_boolean short_form)
255 for(i = 0; i < princ_num_comp(principal); i++){
257 add_char(name, index, len, '/');
258 index = quote_string(princ_ncomp(principal, i), name, index, len);
262 /* add realm if different from default realm */
266 ret = krb5_get_default_realm(context, &r);
269 if(strcmp(princ_realm(principal), r) != 0)
274 add_char(name, index, len, '@');
275 index = quote_string(princ_realm(principal), name, index, len);
283 krb5_unparse_name_fixed(krb5_context context,
284 krb5_const_principal principal,
288 return unparse_name_fixed(context, principal, name, len, FALSE);
292 krb5_unparse_name_fixed_short(krb5_context context,
293 krb5_const_principal principal,
297 return unparse_name_fixed(context, principal, name, len, TRUE);
300 static krb5_error_code
301 unparse_name(krb5_context context,
302 krb5_const_principal principal,
304 krb5_boolean short_flag)
306 size_t len = 0, plen;
310 plen = strlen(princ_realm(principal));
311 if(strcspn(princ_realm(principal), quotable_chars) == plen)
316 for(i = 0; i < princ_num_comp(principal); i++){
317 plen = strlen(princ_ncomp(principal, i));
318 if(strcspn(princ_ncomp(principal, i), quotable_chars) == plen)
325 if(len != 0 && *name == NULL) {
326 krb5_set_error_string (context, "malloc: out of memory");
329 ret = unparse_name_fixed(context, principal, *name, len, short_flag);
336 krb5_unparse_name(krb5_context context,
337 krb5_const_principal principal,
340 return unparse_name(context, principal, name, FALSE);
344 krb5_unparse_name_short(krb5_context context,
345 krb5_const_principal principal,
348 return unparse_name(context, principal, name, TRUE);
351 #if 0 /* not implemented */
354 krb5_unparse_name_ext(krb5_context context,
355 krb5_const_principal principal,
359 krb5_abortx(context, "unimplemented krb5_unparse_name_ext called");
365 krb5_princ_realm(krb5_context context,
366 krb5_principal principal)
368 return &princ_realm(principal);
373 krb5_princ_set_realm(krb5_context context,
374 krb5_principal principal,
377 princ_realm(principal) = *realm;
382 krb5_build_principal(krb5_context context,
383 krb5_principal *principal,
385 krb5_const_realm realm,
391 ret = krb5_build_principal_va(context, principal, rlen, realm, ap);
396 static krb5_error_code
397 append_component(krb5_context context, krb5_principal p,
402 size_t len = princ_num_comp(p);
404 tmp = realloc(princ_comp(p), (len + 1) * sizeof(*tmp));
406 krb5_set_error_string (context, "malloc: out of memory");
410 princ_ncomp(p, len) = malloc(comp_len + 1);
411 if (princ_ncomp(p, len) == NULL) {
412 krb5_set_error_string (context, "malloc: out of memory");
415 memcpy (princ_ncomp(p, len), comp, comp_len);
416 princ_ncomp(p, len)[comp_len] = '\0';
422 va_ext_princ(krb5_context context, krb5_principal p, va_list ap)
427 len = va_arg(ap, int);
430 s = va_arg(ap, const char*);
431 append_component(context, p, s, len);
436 va_princ(krb5_context context, krb5_principal p, va_list ap)
440 s = va_arg(ap, const char*);
443 append_component(context, p, s, strlen(s));
448 static krb5_error_code
449 build_principal(krb5_context context,
450 krb5_principal *principal,
452 krb5_const_realm realm,
453 void (*func)(krb5_context, krb5_principal, va_list),
458 p = calloc(1, sizeof(*p));
460 krb5_set_error_string (context, "malloc: out of memory");
463 princ_type(p) = KRB5_NT_PRINCIPAL;
465 princ_realm(p) = strdup(realm);
466 if(p->realm == NULL){
468 krb5_set_error_string (context, "malloc: out of memory");
472 (*func)(context, p, ap);
478 krb5_make_principal(krb5_context context,
479 krb5_principal *principal,
480 krb5_const_realm realm,
487 ret = krb5_get_default_realm(context, &r);
493 ret = krb5_build_principal_va(context, principal, strlen(realm), realm, ap);
501 krb5_build_principal_va(krb5_context context,
502 krb5_principal *principal,
504 krb5_const_realm realm,
507 return build_principal(context, principal, rlen, realm, va_princ, ap);
511 krb5_build_principal_va_ext(krb5_context context,
512 krb5_principal *principal,
514 krb5_const_realm realm,
517 return build_principal(context, principal, rlen, realm, va_ext_princ, ap);
522 krb5_build_principal_ext(krb5_context context,
523 krb5_principal *principal,
525 krb5_const_realm realm,
531 ret = krb5_build_principal_va_ext(context, principal, rlen, realm, ap);
538 krb5_copy_principal(krb5_context context,
539 krb5_const_principal inprinc,
540 krb5_principal *outprinc)
542 krb5_principal p = malloc(sizeof(*p));
544 krb5_set_error_string (context, "malloc: out of memory");
547 if(copy_Principal(inprinc, p)) {
549 krb5_set_error_string (context, "malloc: out of memory");
557 * return TRUE iff princ1 == princ2 (without considering the realm)
561 krb5_principal_compare_any_realm(krb5_context context,
562 krb5_const_principal princ1,
563 krb5_const_principal princ2)
566 if(princ_num_comp(princ1) != princ_num_comp(princ2))
568 for(i = 0; i < princ_num_comp(princ1); i++){
569 if(strcmp(princ_ncomp(princ1, i), princ_ncomp(princ2, i)) != 0)
576 * return TRUE iff princ1 == princ2
580 krb5_principal_compare(krb5_context context,
581 krb5_const_principal princ1,
582 krb5_const_principal princ2)
584 if(!krb5_realm_compare(context, princ1, princ2))
586 return krb5_principal_compare_any_realm(context, princ1, princ2);
590 * return TRUE iff realm(princ1) == realm(princ2)
594 krb5_realm_compare(krb5_context context,
595 krb5_const_principal princ1,
596 krb5_const_principal princ2)
598 return strcmp(princ_realm(princ1), princ_realm(princ2)) == 0;
602 * return TRUE iff princ matches pattern
606 krb5_principal_match(krb5_context context,
607 krb5_const_principal princ,
608 krb5_const_principal pattern)
611 if(princ_num_comp(princ) != princ_num_comp(pattern))
613 if(fnmatch(princ_realm(pattern), princ_realm(princ), 0) != 0)
615 for(i = 0; i < princ_num_comp(princ); i++){
616 if(fnmatch(princ_ncomp(pattern, i), princ_ncomp(princ, i), 0) != 0)
623 struct v4_name_convert {
626 } default_v4_name_convert[] = {
628 { "hprop", "hprop" },
637 * return the converted instance name of `name' in `realm'.
638 * look in the configuration file and then in the default set above.
639 * return NULL if no conversion is appropriate.
643 get_name_conversion(krb5_context context, const char *realm, const char *name)
645 struct v4_name_convert *q;
648 p = krb5_config_get_string(context, NULL, "realms", realm,
649 "v4_name_convert", "host", name, NULL);
651 p = krb5_config_get_string(context, NULL, "libdefaults",
652 "v4_name_convert", "host", name, NULL);
656 /* XXX should be possible to override default list */
657 p = krb5_config_get_string(context, NULL,
666 p = krb5_config_get_string(context, NULL,
674 for(q = default_v4_name_convert; q->from; q++)
675 if(strcmp(q->from, name) == 0)
681 * convert the v4 principal `name.instance@realm' to a v5 principal in `princ'.
682 * if `resolve', use DNS.
683 * if `func', use that function for validating the conversion
687 krb5_425_conv_principal_ext(krb5_context context,
689 const char *instance,
691 krb5_boolean (*func)(krb5_context, krb5_principal),
692 krb5_boolean resolve,
693 krb5_principal *princ)
698 char host[MAXHOSTNAMELEN];
699 char local_hostname[MAXHOSTNAMELEN];
701 /* do the following: if the name is found in the
702 `v4_name_convert:host' part, is is assumed to be a `host' type
703 principal, and the instance is looked up in the
704 `v4_instance_convert' part. if not found there the name is
705 (optionally) looked up as a hostname, and if that doesn't yield
706 anything, the `default_domain' is appended to the instance
711 if(instance[0] == 0){
715 p = get_name_conversion(context, realm, name);
719 p = krb5_config_get_string(context, NULL, "realms", realm,
720 "v4_instance_convert", instance, NULL);
723 ret = krb5_make_principal(context, &pr, realm, name, instance, NULL);
724 if(func == NULL || (*func)(context, pr)){
728 krb5_free_principal(context, pr);
730 krb5_clear_error_string (context);
731 return HEIM_ERR_V4_PRINC_NO_CONV;
734 krb5_boolean passed = FALSE;
739 r = dns_lookup(instance, "aaaa");
740 if (r && r->head && r->head->type == T_AAAA) {
741 inst = strdup(r->head->domain);
745 r = dns_lookup(instance, "a");
746 if(r && r->head && r->head->type == T_A) {
747 inst = strdup(r->head->domain);
753 struct addrinfo hints, *ai;
756 memset (&hints, 0, sizeof(hints));
757 hints.ai_flags = AI_CANONNAME;
758 ret = getaddrinfo(instance, NULL, &hints, &ai);
760 const struct addrinfo *a;
761 for (a = ai; a != NULL; a = a->ai_next) {
762 if (a->ai_canonname != NULL) {
763 inst = strdup (a->ai_canonname);
773 krb5_set_error_string (context, "malloc: out of memory");
777 ret = krb5_make_principal(context, &pr, realm, name, inst,
781 if(func == NULL || (*func)(context, pr)){
785 krb5_free_principal(context, pr);
790 snprintf(host, sizeof(host), "%s.%s", instance, realm);
792 ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
793 if((*func)(context, pr)){
797 krb5_free_principal(context, pr);
801 * if the instance is the first component of the local hostname,
802 * the converted host should be the long hostname.
806 gethostname (local_hostname, sizeof(local_hostname)) == 0 &&
807 strncmp(instance, local_hostname, strlen(instance)) == 0 &&
808 local_hostname[strlen(instance)] == '.') {
809 strlcpy(host, local_hostname, sizeof(host));
815 domains = krb5_config_get_strings(context, NULL, "realms", realm,
817 for(d = domains; d && *d; d++){
818 snprintf(host, sizeof(host), "%s.%s", instance, *d);
819 ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
820 if(func == NULL || (*func)(context, pr)){
822 krb5_config_free_strings(domains);
825 krb5_free_principal(context, pr);
827 krb5_config_free_strings(domains);
831 p = krb5_config_get_string(context, NULL, "realms", realm,
832 "default_domain", NULL);
834 /* this should be an error, just faking a name is not good */
835 krb5_clear_error_string (context);
836 return HEIM_ERR_V4_PRINC_NO_CONV;
841 snprintf(host, sizeof(host), "%s.%s", instance, p);
843 ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
844 if(func == NULL || (*func)(context, pr)){
848 krb5_free_principal(context, pr);
849 krb5_clear_error_string (context);
850 return HEIM_ERR_V4_PRINC_NO_CONV;
852 p = krb5_config_get_string(context, NULL,
860 p = krb5_config_get_string(context, NULL,
869 ret = krb5_make_principal(context, &pr, realm, name, instance, NULL);
870 if(func == NULL || (*func)(context, pr)){
874 krb5_free_principal(context, pr);
875 krb5_clear_error_string (context);
876 return HEIM_ERR_V4_PRINC_NO_CONV;
880 krb5_425_conv_principal(krb5_context context,
882 const char *instance,
884 krb5_principal *princ)
886 krb5_boolean resolve = krb5_config_get_bool(context,
889 "v4_instance_resolve",
892 return krb5_425_conv_principal_ext(context, name, instance, realm,
893 NULL, resolve, princ);
898 check_list(const krb5_config_binding *l, const char *name, const char **out)
901 if (l->type != krb5_config_string)
903 if(strcmp(name, l->u.string) == 0) {
913 name_convert(krb5_context context, const char *name, const char *realm,
916 const krb5_config_binding *l;
917 l = krb5_config_get_list (context,
924 if(l && check_list(l, name, out))
925 return KRB5_NT_SRV_HST;
926 l = krb5_config_get_list (context,
932 if(l && check_list(l, name, out))
933 return KRB5_NT_SRV_HST;
934 l = krb5_config_get_list (context,
941 if(l && check_list(l, name, out))
942 return KRB5_NT_UNKNOWN;
943 l = krb5_config_get_list (context,
949 if(l && check_list(l, name, out))
950 return KRB5_NT_UNKNOWN;
952 /* didn't find it in config file, try built-in list */
954 struct v4_name_convert *q;
955 for(q = default_v4_name_convert; q->from; q++) {
956 if(strcmp(name, q->to) == 0) {
958 return KRB5_NT_SRV_HST;
966 * convert the v5 principal in `principal' into a v4 corresponding one
967 * in `name, instance, realm'
968 * this is limited interface since there's no length given for these
969 * three parameters. They have to be 40 bytes each (ANAME_SZ).
973 krb5_524_conv_principal(krb5_context context,
974 const krb5_principal principal,
979 const char *n, *i, *r;
981 int type = princ_type(principal);
982 const int aname_sz = 40;
984 r = principal->realm;
986 switch(principal->name.name_string.len){
988 n = principal->name.name_string.val[0];
992 n = principal->name.name_string.val[0];
993 i = principal->name.name_string.val[1];
996 krb5_set_error_string (context,
997 "cannot convert a %d component principal",
998 principal->name.name_string.len);
999 return KRB5_PARSE_MALFORMED;
1004 int t = name_convert(context, n, r, &tmp);
1011 if(type == KRB5_NT_SRV_HST){
1014 strlcpy (tmpinst, i, sizeof(tmpinst));
1015 p = strchr(tmpinst, '.');
1021 if (strlcpy (name, n, aname_sz) >= aname_sz) {
1022 krb5_set_error_string (context,
1023 "too long name component to convert");
1024 return KRB5_PARSE_MALFORMED;
1026 if (strlcpy (instance, i, aname_sz) >= aname_sz) {
1027 krb5_set_error_string (context,
1028 "too long instance component to convert");
1029 return KRB5_PARSE_MALFORMED;
1031 if (strlcpy (realm, r, aname_sz) >= aname_sz) {
1032 krb5_set_error_string (context,
1033 "too long realm component to convert");
1034 return KRB5_PARSE_MALFORMED;
1040 * Create a principal in `ret_princ' for the service `sname' running
1041 * on host `hostname'. */
1044 krb5_sname_to_principal (krb5_context context,
1045 const char *hostname,
1048 krb5_principal *ret_princ)
1050 krb5_error_code ret;
1051 char localhost[MAXHOSTNAMELEN];
1052 char **realms, *host = NULL;
1054 if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) {
1055 krb5_set_error_string (context, "unsupported name type %d",
1057 return KRB5_SNAME_UNSUPP_NAMETYPE;
1059 if(hostname == NULL) {
1060 gethostname(localhost, sizeof(localhost));
1061 hostname = localhost;
1065 if(type == KRB5_NT_SRV_HST) {
1066 ret = krb5_expand_hostname_realms (context, hostname,
1073 ret = krb5_get_host_realm(context, hostname, &realms);
1078 ret = krb5_make_principal(context, ret_princ, realms[0], sname,
1082 krb5_free_host_realm(context, realms);
projects / dragonfly.git / blob