Exemple #1
0
static krb5_error_code
maybe_join (krb5_data *last, krb5_data *buf, unsigned int bufsiz)
{
    if (buf->length == 0)
        return 0;
    if (buf->data[0] == '/') {
        if (last->length + buf->length > bufsiz) {
            Tprintf (("too big: last=%d cur=%d max=%d\n", last->length, buf->length, bufsiz));
            return KRB5KRB_AP_ERR_ILL_CR_TKT;
        }
        memmove (buf->data+last->length, buf->data, buf->length);
        memcpy (buf->data, last->data, last->length);
        buf->length += last->length;
    } else if (buf->data[buf->length-1] == '.') {
        /* We can ignore the case where the previous component was
           empty; the strcat will be a no-op.  It should probably
           be an error case, but let's be flexible.  */
        if (last->length+buf->length > bufsiz) {
            Tprintf (("too big\n"));
            return KRB5KRB_AP_ERR_ILL_CR_TKT;
        }
        memcpy (buf->data + buf->length, last->data, last->length);
        buf->length += last->length;
    }
    /* Otherwise, do nothing.  */
    return 0;
}
Exemple #2
0
void TcpClient::event_cb(struct bufferevent *bev, short event, void *arg)
{
    TcpClient *pClient = (TcpClient *)arg;
    evutil_socket_t fd = bufferevent_getfd(bev);
    Tprintf(L"fd = %u, ", fd);
    if (event & BEV_EVENT_TIMEOUT)
    {
        Tprintf(L"Timed out\n"); //if bufferevent_set_timeouts() called
    }
    else if (event & BEV_EVENT_CONNECTED)
    {
        pClient->m_pBev = bev;
        pClient->m_bConnected = true;
        Tprintf(L"Connect okay.\n");
    }
    else if (event & BEV_EVENT_EOF)
    {
        pClient->m_bConnected = false;
        Tprintf(L"connection closed\n");
        bufferevent_free(bev);
    }
    else if (event & BEV_EVENT_ERROR)
    {
        pClient->m_bConnected = false;
        Tprintf(L"some other error\n");
        bufferevent_free(bev);
    }
}
Exemple #3
0
static int add_addrinfo_to_list (struct addrlist *lp, struct addrinfo *a,
				 void (*freefn)(void *), void *data)
{
    int err;

    dprint("\tadding %p=%A to %p (naddrs=%d space=%d)\n", a, a, lp,
	   lp->naddrs, lp->space);

    if (lp->naddrs == lp->space) {
	err = grow_list (lp, 1);
	if (err) {
	    Tprintf ("grow_list failed %d\n", err);
	    return err;
	}
    }
    Tprintf("setting element %d\n", lp->naddrs);
    lp->addrs[lp->naddrs].ai = a;
    lp->addrs[lp->naddrs].freefn = freefn;
    lp->addrs[lp->naddrs].data = data;
    lp->naddrs++;
    Tprintf ("\tcount is now %d: ", lp->naddrs);
    print_addrlist(lp);
    Tprintf("\n");
    return 0;
}
Exemple #4
0
/*
 * Given the list of hostnames of KDCs found in DNS SRV recs, lets go
 * thru NSS (name svc switch) to get the net addrs.
 */
static krb5_error_code
dns_hostnames2netaddrs(
	struct srv_dns_entry *head,
	enum locate_service_type svc,
	int socktype,
	int family,
	struct addrlist *addrlist)
{
    struct srv_dns_entry *entry = NULL, *next;
    krb5_error_code code;

    Tprintf ("walking answer list:\n");
    for (entry = head; entry != NULL; entry = entry->next) {
	code = 0;
	if (socktype)
	    code = add_host_to_list (addrlist, entry->host,
				    htons (entry->port), 0,
				    socktype, family);
	else {
	    (void) add_host_to_list (addrlist, entry->host,
				    htons (entry->port), 0,
				    SOCK_DGRAM, family);
		
	    code = add_host_to_list (addrlist, entry->host,
				    htons (entry->port), 0,
				    SOCK_STREAM, family);
	}
        if (code) {
	    Tprintf("  fail add_host code=%d %s\n", code, entry->host);
        }
    }
    Tprintf ("[end]\n");

    return code;
}
Exemple #5
0
krb5_error_code
k5_locate_server(krb5_context context, const krb5_data *realm,
                 struct serverlist *serverlist, enum locate_service_type svc,
                 int socktype)
{
    krb5_error_code code;
    struct serverlist al = SERVERLIST_INIT;

    *serverlist = al;

    if (realm == NULL || realm->data == NULL || realm->data[0] == 0) {
        krb5_set_error_message(context, KRB5_REALM_CANT_RESOLVE,
                               "Cannot find KDC for invalid realm name \"\"");
        return KRB5_REALM_CANT_RESOLVE;
    }

    code = module_locate_server(context, realm, &al, svc, socktype);
    Tprintf("module_locate_server returns %d\n", code);
    if (code == KRB5_PLUGIN_NO_HANDLE) {
        /*
         * We always try the local file before DNS.  Note that there
         * is no way to indicate "service not available" via the
         * config file.
         */

        code = prof_locate_server(context, realm, &al, svc, socktype);

#ifdef KRB5_DNS_LOOKUP
        if (code) {             /* Try DNS for all profile errors?  */
            krb5_error_code code2;
            code2 = dns_locate_server(context, realm, &al, svc, socktype);
            if (code2 != KRB5_PLUGIN_NO_HANDLE)
                code = code2;
        }
#endif /* KRB5_DNS_LOOKUP */

        /* We could put more heuristics here, like looking up a hostname
           of "kerberos."+REALM, etc.  */
    }
    if (code == 0)
        Tprintf ("krb5int_locate_server found %d addresses\n",
                 al.nservers);
    else
        Tprintf ("krb5int_locate_server returning error code %d/%s\n",
                 code, error_message(code));
    if (code != 0) {
        k5_free_serverlist(&al);
        return code;
    }
    if (al.nservers == 0) {       /* No good servers */
        k5_free_serverlist(&al);
        krb5_set_error_message(context, KRB5_REALM_CANT_RESOLVE,
                               _("Cannot resolve servers for KDC in realm "
                                 "\"%.*s\""), realm->length, realm->data);
        return KRB5_REALM_CANT_RESOLVE;
    }
    *serverlist = al;
    return 0;
}
Exemple #6
0
int
krb5int_add_host_to_list (struct addrlist *lp, const char *hostname,
			  int port, int secport,
			  int socktype, int family)
{
    struct addrinfo *addrs, *a, *anext, hint;
    int err;
    char portbuf[10], secportbuf[10];
    void (*freefn)(void *);

    Tprintf ("adding hostname %s, ports %d,%d, family %d, socktype %d\n",
	     hostname, ntohs (port), ntohs (secport),
	     family, socktype);

    memset(&hint, 0, sizeof(hint));
    hint.ai_family = family;
    hint.ai_socktype = socktype;
#ifdef AI_NUMERICSERV
    hint.ai_flags = AI_NUMERICSERV;
#endif
    sprintf(portbuf, "%d", ntohs(port));
    sprintf(secportbuf, "%d", ntohs(secport));
    err = getaddrinfo (hostname, portbuf, &hint, &addrs);
    if (err) {
	Tprintf ("\tgetaddrinfo(\"%s\", \"%s\", ...)\n\treturns %d: %s\n",
		 hostname, portbuf, err, gai_strerror (err));
	return translate_ai_error (err);
    }
    freefn = call_freeaddrinfo;
    anext = 0;
    for (a = addrs; a != 0 && err == 0; a = anext, freefn = 0) {
	anext = a->ai_next;
	err = add_addrinfo_to_list (lp, a, freefn, a);
    }
    if (err || secport == 0)
	goto egress;
    if (socktype == 0)
	socktype = SOCK_DGRAM;
    else if (socktype != SOCK_DGRAM)
	goto egress;
    hint.ai_family = AF_INET;
    err = getaddrinfo (hostname, secportbuf, &hint, &addrs);
    if (err) {
	err = translate_ai_error (err);
	goto egress;
    }
    freefn = call_freeaddrinfo;
    for (a = addrs; a != 0 && err == 0; a = anext, freefn = 0) {
	anext = a->ai_next;
	err = add_addrinfo_to_list (lp, a, freefn, a);
    }
egress:
    /* Solaris Kerberos */
    if (anext)
	freeaddrinfo (anext);
    return err;
}
Exemple #7
0
static krb5_error_code
check_realm_in_list (krb5_data *realm, void *data)
{
    struct check_data *cdata = data;
    int i;

    Tprintf ((".. checking '%.*s'\n", (int) realm->length, realm->data));
    for (i = 0; cdata->tgs[i]; i++) {
        if (data_eq (cdata->tgs[i]->realm, *realm))
            return 0;
    }
    Tprintf (("BAD!\n"));
    return KRB5KRB_AP_ERR_ILL_CR_TKT;
}
Exemple #8
0
krb5_error_code
krb5_check_transited_list (krb5_context ctx, const krb5_data *trans_in,
                           const krb5_data *crealm, const krb5_data *srealm)
{
    krb5_data trans;
    struct check_data cdata;
    krb5_error_code r;
    const krb5_data *anonymous;

    trans.length = trans_in->length;
    trans.data = (char *) trans_in->data;
    if (trans.length && (trans.data[trans.length-1] == '\0'))
        trans.length--;

    Tprintf (("krb5_check_transited_list(trans=\"%.*s\", crealm=\"%.*s\", srealm=\"%.*s\")\n",
              (int) trans.length, trans.data,
              (int) crealm->length, crealm->data,
              (int) srealm->length, srealm->data));
    if (trans.length == 0)
        return 0;
    anonymous = krb5_anonymous_realm();
    if (crealm->length == anonymous->length &&
            (memcmp(crealm->data, anonymous->data, anonymous->length) == 0))
        return 0; /* Nothing to check for anonymous */

    r = krb5_walk_realm_tree (ctx, crealm, srealm, &cdata.tgs,
                              KRB5_REALM_BRANCH_CHAR);
    if (r) {
        Tprintf (("error %ld\n", (long) r));
        return r;
    }
#ifdef DEBUG /* avoid compiler warning about 'd' unused */
    {
        int i;
        Tprintf (("tgs list = {\n"));
        for (i = 0; cdata.tgs[i]; i++) {
            char *name;
            r = krb5_unparse_name (ctx, cdata.tgs[i], &name);
            Tprintf (("\t'%s'\n", name));
            free (name);
        }
        Tprintf (("}\n"));
    }
#endif
    cdata.ctx = ctx;
    r = foreach_realm (check_realm_in_list, &cdata, crealm, srealm, &trans);
    krb5_free_realm_tree (ctx, cdata.tgs);
    return r;
}
Exemple #9
0
bool CheckBipolarlyOriented(TopologicalGraph &G,tvertex &s,tvertex &t,bool &stConnected,tbrin &bs,bool addEdge)
  {
  // count  the number of sources and sinks
  int ns,nt;
  G.CheckAcyclic(ns,nt);
  if(ns != 1 || nt != 1)return false; //the grap is not bipolarly oriented
  
  s = t = 0;
  //  Find s (vertex with only outgoing edges)   
  bool found = true;;
  tbrin b,b0;
  tvertex v;
  for(v = 1; v <= G.nv();v++)
      {b = b0 =  G.pbrin[v];
      found = true;
      do
          {if(b  < 0){found = false;break;}
          b = G.cir[b];
          }while(b != b0);
      if(found){s = v;break;}
      }
  if(!found)return false;

  //  Find t (vertex with only incoming  edges)  
  for(v = 1; v <= G.nv();v++)
      {b = b0 =  G.pbrin[v];
      found = true;
      do
          {if(b  > 0){found = false;break;}
          b = G.cir[b];
          }while(b != b0);
       if(found){t = v;break;}
      }
  stConnected = false;
  // check that s and  are connected     
  bs = 0;
  b = b0 =  G.pbrin[s];
  do
      {if(G.vin[-b] == t){bs = b;stConnected = true;return true;}
      b = G.cir[b];
      }while(b != b0);

  // check that s and t belong to a same face
  bs = b0 =  G.pbrin[s];
  tbrin bt;
  do
      {// check face defined by b
      if(CheckVertexBelongFace(G,t,bs,bt))break;
      }while((bs =  G.cir[bs])  != b0);
  if(bt == 0){Tprintf("s and t DO NOT belong to a same face"); return false;}

  // Add an edge between s and t
  if(addEdge)
      {G.NewEdge(bs,bt);
      if(G.ComputeGenus() != 0)setPigaleError(-1);
      bs = (tbrin)G.ne(); 
      }
  return true;
  }
Exemple #10
0
static krb5_error_code
prof_locate_server (krb5_context context, const krb5_data *realm,
		    char ***hostlist,
		    enum locate_service_type svc)
{
    const char	*realm_srv_names[4];
    char **hl, *host, *profname;
    krb5_error_code code;
    int i, j, count;

    *hostlist = NULL;  /* default - indicate no KDCs found */

    switch (svc) {
    case locate_service_kdc:
	profname = "kdc";
	break;
    case locate_service_master_kdc:
        profname = "master_kdc";
	break;
    case locate_service_kadmin:
	profname = "admin_server";
	break;
    case locate_service_krb524:
	profname = "krb524_server";
	break;
    case locate_service_kpasswd:
	profname = "kpasswd_server";
	break;
    default:
	return EINVAL;
    }

    if ((host = malloc(realm->length + 1)) == NULL) 
	return ENOMEM;

    (void) strncpy(host, realm->data, realm->length);
    host[realm->length] = '\0';
    hl = 0;

    realm_srv_names[0] = "realms";
    realm_srv_names[1] = host;
    realm_srv_names[2] = profname;
    realm_srv_names[3] = 0;

    code = profile_get_values(context->profile, realm_srv_names, &hl);
    if (code) {
	Tprintf ("config file lookup failed: %s\n",
		 error_message(code));
        if (code == PROF_NO_SECTION || code == PROF_NO_RELATION)
	    code = KRB5_REALM_UNKNOWN;
 	krb5_xfree(host);
  	return code;
     }
    krb5_xfree(host);

    *hostlist = hl;

    return 0;
}
Exemple #11
0
static krb5_error_code
dns_locate_server(krb5_context context, const krb5_data *realm,
                  struct serverlist *serverlist, enum locate_service_type svc,
                  int socktype)
{
    const char *dnsname;
    int use_dns = _krb5_use_dns_kdc(context);
    krb5_error_code code;

    if (!use_dns)
        return 0;

    switch (svc) {
    case locate_service_kdc:
        dnsname = "_kerberos";
        break;
    case locate_service_master_kdc:
        dnsname = "_kerberos-master";
        break;
    case locate_service_kadmin:
        dnsname = "_kerberos-adm";
        break;
    case locate_service_krb524:
        dnsname = "_krb524";
        break;
    case locate_service_kpasswd:
        dnsname = "_kpasswd";
        break;
    default:
        return 0;
    }

    code = 0;
    if (socktype == SOCK_DGRAM || socktype == 0) {
        code = locate_srv_dns_1(realm, dnsname, "_udp", serverlist);
        if (code)
            Tprintf("dns udp lookup returned error %d\n", code);
    }
    if ((socktype == SOCK_STREAM || socktype == 0) && code == 0) {
        code = locate_srv_dns_1(realm, dnsname, "_tcp", serverlist);
        if (code)
            Tprintf("dns tcp lookup returned error %d\n", code);
    }
    return code;
}
Exemple #12
0
/*ARGSUSED*/
static long
krb5int_get_plugin_sym (struct plugin_file_handle *h, 
                        const char *csymname, int isfunc, void **ptr,
			struct errinfo *ep)
{
    long err = 0;
    void *sym = NULL;
    
#if USE_DLOPEN
    if (!err && !sym && (h->dlhandle != NULL)) {
        /* XXX Do we need to add a leading "_" to the symbol name on any
        modern platforms?  */
        sym = dlsym (h->dlhandle, csymname);
        if (sym == NULL) {
            const char *e = dlerror (); /* XXX copy and save away */
            Tprintf ("dlsym(%s): %s\n", csymname, e);
            err = ENOENT; /* XXX */
	    krb5int_set_error(ep, err, "%s", e);
        }
    }
#endif
    
#if USE_CFBUNDLE
    if (!err && !sym && (h->bundle != NULL)) {
        CFStringRef cfsymname = NULL;
        
        if (!err) {
            cfsymname = CFStringCreateWithCString (kCFAllocatorDefault, csymname, 
                                                   kCFStringEncodingASCII);
            if (cfsymname == NULL) { err = ENOMEM; }
        }
        
        if (!err) {
            if (isfunc) {
                sym = CFBundleGetFunctionPointerForName (h->bundle, cfsymname);
            } else {
                sym = CFBundleGetDataPointerForName (h->bundle, cfsymname);
            }
            if (sym == NULL) { err = ENOENT; }  /* XXX */       
        }
        
        if (cfsymname != NULL) { CFRelease (cfsymname); }
    }
#endif
    
    if (!err && (sym == NULL)) {
        err = ENOENT;  /* unimplemented */
    }
    
    if (!err) {
        *ptr = sym;
    }
    
    return err;
}
Exemple #13
0
AboutDialog::AboutDialog(QWidget *parent) :
    QDialog(parent),
    ui(new Ui::AboutDialog)
{
    ui->setupUi(this);

    QString txt = Tprintf("<html><head/><body><p align=\"center\"><span style=\" font-size:12pt;\">Rev: %s (build: %s) </span></p></body></html>", VERSION,__DATE__);

    ui->label_rev->setText(txt);

}
Exemple #14
0
long KRB5_CALLCONV
krb5int_get_plugin_dir_func (struct plugin_dir_handle *dirhandle,
			     const char *symname,
			     void (***ptrs)(void),
			     struct errinfo *ep)
{
    long err = 0;
    void (**p)() = NULL;
    int count = 0;
    
    /* XXX Do we need to add a leading "_" to the symbol name on any
        modern platforms?  */
    
    Tprintf("get_plugin_data_sym(%s)\n", symname);
    
    if (!err) {
        p = calloc (1, sizeof (*p)); /* calloc initializes to NULL */
        if (p == NULL) { err = errno; }
    }
    
    if (!err && (dirhandle != NULL) && (dirhandle->files != NULL)) {
        int i = 0;
        
        for (i = 0; !err && (dirhandle->files[i] != NULL); i++) {
            void (*sym)() = NULL;
            
            if (krb5int_get_plugin_func (dirhandle->files[i], symname, &sym, ep) == 0) {
                void (**newp)() = NULL;

                count++;
                newp = realloc (p, ((count + 1) * sizeof (*p))); /* +1 for NULL */
                if (newp == NULL) { 
                    err = errno; 
                } else {
                    p = newp;
                    p[count - 1] = sym;
                    p[count] = NULL;
                }
            }
        }
    }
    
    if (!err) {
        *ptrs = p;
        p = NULL; /* ptrs takes ownership */
    }
    
    if (p != NULL) { free (p); }
    
    return err;
}
Exemple #15
0
void GraphEditor::load(bool initgrid) 
// by default initgrid = true
// when editing (erasing edges, vertices,reorienting) initgrid = false
  {
  if(!is_init) //MAC
    {gwp->canvas->setSceneRect(0,0,contentsRect().width(),contentsRect().height());
    is_init=true;
    }
  //if(!is_init)return;
  clear();// delete all items
  if(gwp->pGG->nv() > staticData::MaxND)
      {Tprintf("Too big graph nv= %d (>%d)",gwp->pGG->nv(),staticData::MaxND);return;}
  GeometricGraph & G = *(gwp->pGG);

  if(initgrid)
      {Normalise();
      InitGrid(current_grid);
      }
  DrawGrid(current_grid);
  if(ShowGrid)showGrid(true);

  Prop<NodeItem *> nodeitem(G.Set(tvertex()),PROP_CANVAS_ITEM,(NodeItem *)NULL);
  Prop<EdgeItem *> edgeitem(G.Set(tedge()),PROP_CANVAS_ITEM,(EdgeItem *)NULL);
  nodeitem.SetName("nodeitem");edgeitem.SetName("edgeitem");

  for(tvertex v = 1;v <= G.nv();v++)
      nodeitem[v] =  CreateNodeItem(v,gwp);
  for(tedge e = 1;e <= G.ne();e++)
      edgeitem[e] = CreateEdgeItem(e,gwp); 

  if(staticData::ShowExtTbrin())
      {tedge e = G.extbrin().GetEdge();
      EdgeItem *edge = (G.extbrin() > 0) ? edgeitem[e]  : edgeitem[e]->opp;
      edge->SetColor(color[Green],false);
      } 

  Prop<bool> eoriented(G.Set(tedge()),PROP_ORIENTED,false);
  CreateColorItems(gwp,color_node,color_edge);
  G.vcolor.definit(color_node);
  G.vlabel.definit(0L);
  G.elabel.definit(0L);
  CreateThickItems(gwp,width_edge);
  G.ewidth.definit(width_edge);
  }
Exemple #16
0
void* TcpClient::ConnectThread(void *pParam)
{
    TcpClient *pClient = (TcpClient *)pParam;

    struct sockaddr_in sin;
    sin.sin_family = AF_INET;
    inet_pton(AF_INET, pClient->m_cIPAddr, (void*)&sin.sin_addr);
    sin.sin_port = htons(pClient->m_nPort);

    int nCycle = 15;
    while (pClient->m_bConnecting)
    {
        if (nCycle < 15)
        {
            nCycle++;
            Sleep(1000);
            continue;
        }
        Tprintf(L"Connecting\n");
        nCycle = 0;
        struct event_base *base = event_base_new();
        assert(base != NULL);
#if defined (WIN32)
        evthread_use_windows_threads();
#else
        evthread_use_pthreads();
#endif
        evthread_make_base_notifiable(base);
        struct bufferevent *bev = bufferevent_socket_new(base, -1, BEV_OPT_CLOSE_ON_FREE | BEV_OPT_THREADSAFE);
        bufferevent_setcb(bev, read_cb, NULL, event_cb, pClient);
        bufferevent_enable(bev, EV_READ | EV_WRITE | EV_PERSIST);
        //连接
        if (bufferevent_socket_connect(bev, (SOCKADDR*)&sin, sizeof(SOCKADDR)) < 0)
        {
            bufferevent_free(bev);
            return NULL;
        }
        event_base_dispatch(base);

        event_base_free(base);
    }
    return NULL;
}
Exemple #17
0
/*
 * Solaris Kerberos (illumos)
 *
 * Allow main programs to provide an override function for _locate_server,
 * named _krb5_override_service_locator().  If that function is found in
 * the main program, it's called like a service locator plugin function.
 * If it returns KRB5_PLUGIN_NO_HANDLE, continue with other _locate_server
 * functions.  If it returns anything else (zero or some other error),
 * that return is "final" (no other _locate_server functions are called).
 * This mechanism is used by programs like "idmapd" that want to completely
 * control service location.
 */
static krb5_error_code
override_locate_server (krb5_context ctx, const krb5_data *realm,
		      struct addrlist *addrlist,
		      enum locate_service_type svc, int socktype, int family)
{
    struct module_callback_data cbdata = { 0, };
    krb5_error_code code;
    void *dlh;
    krb5_lookup_func lookup_func;

    Tprintf("in override_locate_server\n");
    cbdata.lp = addrlist;

    if ((dlh = dlopen(0, RTLD_FIRST | RTLD_LAZY)) == NULL) {
	Tprintf("dlopen failed\n");
	return KRB5_PLUGIN_NO_HANDLE;
    }
    lookup_func = (krb5_lookup_func) dlsym(
	dlh, "_krb5_override_service_locator");
    dlclose(dlh);
    if (lookup_func == NULL) {
	Tprintf("dlsym failed\n");
	return KRB5_PLUGIN_NO_HANDLE;
    }

    code = lookup_func(ctx, svc, realm->data, socktype, family,
		       module_callback, &cbdata);
    if (code == KRB5_PLUGIN_NO_HANDLE) {
	Tprintf("override lookup routine returned KRB5_PLUGIN_NO_HANDLE\n");
	return code;
    }
    if (code != 0) {
	/* Module encountered an actual error.  */
	Tprintf("override lookup routine returned error %d: %s\n",
		    code, error_message(code));
	return code;
    }

    /* Got something back, yippee.  */
    Tprintf("now have %d addrs in list %p\n", addrlist->naddrs, addrlist);
    print_addrlist(addrlist);

    return 0;
}
Exemple #18
0
static krb5_error_code
dns_locate_server (krb5_context context, const krb5_data *realm,
		struct srv_dns_entry **dns_list_head,
		enum locate_service_type svc, int socktype, int family)
{
    const char *dnsname;
    int use_dns = _krb5_use_dns_kdc(context);
    krb5_error_code code;
    struct srv_dns_entry *head = NULL;

    *dns_list_head = NULL; /* default: indicate we have found no KDCs */

    if (!use_dns)
	return KRB5_PLUGIN_NO_HANDLE;

    switch (svc) {
    case locate_service_kdc:
	dnsname = "_kerberos";
	break;
    case locate_service_master_kdc:
	dnsname = "_kerberos-master";
	break;
    case locate_service_kadmin:
	dnsname = "_kerberos-adm";
	break;
    case locate_service_krb524:
	dnsname = "_krb524";
	break;
    case locate_service_kpasswd:
	dnsname = "_kpasswd";
	break;
    default:
	return KRB5_PLUGIN_NO_HANDLE;
    }

    code = 0;
    if (socktype == SOCK_DGRAM || socktype == 0) {
	code = krb5int_make_srv_query_realm(realm, dnsname, "_udp", &head);
	if (code)
	    Tprintf("dns udp lookup returned error %d\n", code);
    }
    if ((socktype == SOCK_STREAM || socktype == 0) && code == 0) {
	code = krb5int_make_srv_query_realm(realm, dnsname, "_tcp", &head);
	if (code)
	    Tprintf("dns tcp lookup returned error %d\n", code);
    }

    if (head == NULL)
	return 0;

    /* Check for the "." case indicating no support.  */
    if (head->next == 0 && head->host[0] == 0) {
	free(head->host);
	free(head);
	return KRB5_ERR_NO_SERVICE;
    }

    /*
     * Okay!  Now we've got a linked list of entries sorted by
     * priority.  Return it so later we can map hostnames to net addresses.
     */
    *dns_list_head = head;

    return 0;
}
Exemple #19
0
static krb5_error_code
module_locate_server (krb5_context ctx, const krb5_data *realm,
		      struct addrlist *addrlist,
		      enum locate_service_type svc, int socktype, int family)
{
    struct krb5plugin_service_locate_result *res = NULL;
    krb5_error_code code;
    struct krb5plugin_service_locate_ftable *vtbl = NULL;
    void **ptrs;
    int i;
    struct module_callback_data cbdata = { 0, };

    Tprintf("in module_locate_server\n");
    cbdata.lp = addrlist;
    if (!PLUGIN_DIR_OPEN (&ctx->libkrb5_plugins)) {
        
	code = krb5int_open_plugin_dirs (objdirs, NULL, &ctx->libkrb5_plugins,
					 &ctx->err);
	if (code)
	    return KRB5_PLUGIN_NO_HANDLE;
    }

    code = krb5int_get_plugin_dir_data (&ctx->libkrb5_plugins,
					"service_locator", &ptrs, &ctx->err);
    if (code) {
	Tprintf("error looking up plugin symbols: %s\n",
		krb5_get_error_message(ctx, code));
	return KRB5_PLUGIN_NO_HANDLE;
    }

    for (i = 0; ptrs[i]; i++) {
	void *blob;

	vtbl = ptrs[i];
	Tprintf("element %d is %p\n", i, ptrs[i]);

	/* For now, don't keep the plugin data alive.  For long-lived
	   contexts, it may be desirable to change that later.  */
	code = vtbl->init(ctx, &blob);
	if (code)
	    continue;

	code = vtbl->lookup(blob, svc, realm->data, socktype, family,
			    module_callback, &cbdata);
	vtbl->fini(blob);
	if (code == KRB5_PLUGIN_NO_HANDLE) {
	    /* Module passes, keep going.  */
	    /* XXX */
	    Tprintf("plugin doesn't handle this realm (KRB5_PLUGIN_NO_HANDLE)\n");
	    continue;
	}
	if (code != 0) {
	    /* Module encountered an actual error.  */
	    Tprintf("plugin lookup routine returned error %d: %s\n",
		    code, error_message(code));
	    krb5int_free_plugin_dir_data (ptrs);
	    return code;
	}
	break;
    }
    if (ptrs[i] == NULL) {
	Tprintf("ran off end of plugin list\n");
	krb5int_free_plugin_dir_data (ptrs);
	return KRB5_PLUGIN_NO_HANDLE;
    }
    Tprintf("stopped with plugin #%d, res=%p\n", i, res);

    /* Got something back, yippee.  */
    Tprintf("now have %d addrs in list %p\n", addrlist->naddrs, addrlist);
    print_addrlist(addrlist);
    krb5int_free_plugin_dir_data (ptrs);
    return 0;
}
Exemple #20
0
static long
krb5int_get_plugin_sym (struct plugin_file_handle *h,
                        const char *csymname, int isfunc, void **ptr,
                        struct errinfo *ep)
{
    long err = 0;
    void *sym = NULL;

#if USE_DLOPEN
    if (!err && !sym && (h->dlhandle != NULL)) {
        /* XXX Do we need to add a leading "_" to the symbol name on any
           modern platforms?  */
        sym = dlsym (h->dlhandle, csymname);
        if (sym == NULL) {
            const char *e = dlerror (); /* XXX copy and save away */
            if (e == NULL)
                e = "unknown failure";
            Tprintf ("dlsym(%s): %s\n", csymname, e);
            err = ENOENT; /* XXX */
            k5_set_error(ep, err, "%s", e);
        }
    }
#endif

#ifdef _WIN32
    LPVOID lpMsgBuf;
    DWORD dw;

    if (!err && !sym && (h->hinstPlugin != NULL)) {
        sym = GetProcAddress(h->hinstPlugin, csymname);
        if (sym == NULL) {
            const char *e = "unable to get dll symbol"; /* XXX copy and save away */
            Tprintf ("GetProcAddress(%s): %i\n", csymname, GetLastError());
            err = ENOENT; /* XXX */
            k5_set_error(ep, err, "%s", e);

            dw = GetLastError();
            if (FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER |
                              FORMAT_MESSAGE_FROM_SYSTEM,
                              NULL,
                              dw,
                              MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
                              (LPTSTR) &lpMsgBuf,
                              0, NULL )) {

                fprintf (stderr, "unable to get dll symbol, %s\n", (LPCTSTR)lpMsgBuf);
                LocalFree(lpMsgBuf);
            }
        }
    }
#endif

    if (!err && (sym == NULL)) {
        err = ENOENT;  /* unimplemented */
    }

    if (!err) {
        *ptr = sym;
    }

    return err;
}
Exemple #21
0
long KRB5_CALLCONV
krb5int_open_plugin (const char *filepath, struct plugin_file_handle **h, struct errinfo *ep)
{
    long err = 0;
    struct stat statbuf;
    struct plugin_file_handle *htmp = NULL;
    int got_plugin = 0;

    if (!err) {
        if (stat (filepath, &statbuf) < 0) {
            err = errno;
            Tprintf ("stat(%s): %s\n", filepath, strerror (err));
            k5_set_error(ep, err, _("unable to find plugin [%s]: %s"),
                         filepath, strerror(err));
        }
    }

    if (!err) {
        htmp = calloc (1, sizeof (*htmp)); /* calloc initializes ptrs to NULL */
        if (htmp == NULL) { err = ENOMEM; }
    }

#if USE_DLOPEN
    if (!err && ((statbuf.st_mode & S_IFMT) == S_IFREG
#if USE_CFBUNDLE
                 || (statbuf.st_mode & S_IFMT) == S_IFDIR
#endif /* USE_CFBUNDLE */
        )) {
        void *handle = NULL;

#if USE_CFBUNDLE
        char executablepath[MAXPATHLEN];

        if ((statbuf.st_mode & S_IFMT) == S_IFDIR) {
            int lock_err = 0;
            CFStringRef pluginString = NULL;
            CFURLRef pluginURL = NULL;
            CFBundleRef pluginBundle = NULL;
            CFURLRef executableURL = NULL;

            /* Lock around CoreFoundation calls since objects are refcounted
             * and the refcounts are not thread-safe.  Using pthreads directly
             * because this code is Mac-specific */
            lock_err = pthread_mutex_lock(&krb5int_bundle_mutex);
            if (lock_err) { err = lock_err; }

            if (!err) {
                pluginString = CFStringCreateWithCString (kCFAllocatorDefault,
                                                          filepath,
                                                          kCFStringEncodingASCII);
                if (pluginString == NULL) { err = ENOMEM; }
            }

            if (!err) {
                pluginURL = CFURLCreateWithFileSystemPath (kCFAllocatorDefault,
                                                           pluginString,
                                                           kCFURLPOSIXPathStyle,
                                                           true);
                if (pluginURL == NULL) { err = ENOMEM; }
            }

            if (!err) {
                pluginBundle = CFBundleCreate (kCFAllocatorDefault, pluginURL);
                if (pluginBundle == NULL) { err = ENOENT; } /* XXX need better error */
            }

            if (!err) {
                executableURL = CFBundleCopyExecutableURL (pluginBundle);
                if (executableURL == NULL) { err = ENOMEM; }
            }

            if (!err) {
                if (!CFURLGetFileSystemRepresentation (executableURL,
                                                       true, /* absolute */
                                                       (UInt8 *)executablepath,
                                                       sizeof (executablepath))) {
                    err = ENOMEM;
                }
            }

            if (!err) {
                /* override the path the caller passed in */
                filepath = executablepath;
            }

            if (executableURL    != NULL) { CFRelease (executableURL); }
            if (pluginBundle     != NULL) { CFRelease (pluginBundle); }
            if (pluginURL        != NULL) { CFRelease (pluginURL); }
            if (pluginString     != NULL) { CFRelease (pluginString); }

            /* unlock after CFRelease calls since they modify refcounts */
            if (!lock_err) { pthread_mutex_unlock (&krb5int_bundle_mutex); }
        }
#endif /* USE_CFBUNDLE */

#ifdef RTLD_GROUP
#define PLUGIN_DLOPEN_FLAGS (RTLD_NOW | RTLD_LOCAL | RTLD_GROUP)
#else
#define PLUGIN_DLOPEN_FLAGS (RTLD_NOW | RTLD_LOCAL)
#endif
        if (!err) {
            handle = dlopen(filepath, PLUGIN_DLOPEN_FLAGS);
            if (handle == NULL) {
                const char *e = dlerror();
                if (e == NULL)
                    e = _("unknown failure");
                Tprintf ("dlopen(%s): %s\n", filepath, e);
                err = ENOENT; /* XXX */
                k5_set_error(ep, err, _("unable to load plugin [%s]: %s"),
                             filepath, e);
            }
        }

        if (!err) {
            got_plugin = 1;
            htmp->dlhandle = handle;
            handle = NULL;
        }

        if (handle != NULL) { dlclose (handle); }
    }
#endif /* USE_DLOPEN */

#ifdef _WIN32
    if (!err && (statbuf.st_mode & S_IFMT) == S_IFREG) {
        HMODULE handle = NULL;

        handle = LoadLibrary(filepath);
        if (handle == NULL) {
            Tprintf ("Unable to load dll: %s\n", filepath);
            err = ENOENT; /* XXX */
            k5_set_error(ep, err, _("unable to load DLL [%s]"), filepath);
        }

        if (!err) {
            got_plugin = 1;
            htmp->hinstPlugin = handle;
            handle = NULL;
        }

        if (handle != NULL)
            FreeLibrary(handle);
    }
#endif

    if (!err && !got_plugin) {
        err = ENOENT;  /* no plugin or no way to load plugins */
        k5_set_error(ep, err, _("plugin unavailable: %s"), strerror(err));
    }

    if (!err) {
        *h = htmp;
        htmp = NULL;  /* h takes ownership */
    }

    free(htmp);

    return err;
}
Exemple #22
0
int EmbedVision(TopologicalGraph &G)
  {int morg = G.ne();
  if(!G.CheckConnected())G.MakeConnected();
  if(!G.FindPlanarMap())
      {Tprintf("Not Planar Graph");
      for(tedge e = G.ne(); e > morg; e--) G.DeleteEdge(e);
      return -1;
      }
  if(!G.CheckBiconnected())G.Biconnect();
  bool alreadyBipolarOriented = false;
  bool stConnected = false; 
   tvertex s,t;
   tbrin bs,bt;
   bool already2Connected = (morg == G.ne());
   if(already2Connected && (alreadyBipolarOriented = CheckBipolarlyOriented(G,s,t,stConnected,bs,true)) == true)
      {if(stConnected)Tprintf("Using original orientation (s,t are connected)");
      else Tprintf("Using original orientation (s,t are not connected)");
      bt = -bs;
      }
  else
      {// Find reasonable s t vertices
      tedge e;
      tbrin b;
      int len;
      G.LongestFace(bs,len);
      s = G.vin[bs];
      bt = bs;
      for(int i = 1 ;i <= len/2; i++)bt = G.cir[-bt];
      t = G.vin[bt];
      // Check if s an t are connected
      b = bs;
      do
          {if(G.vin[-b] == t){stConnected = true;break;}
          }while((b = G.cir[b]) != bs);
      if(!stConnected)
          {G.NewEdge(bs,bt);
          bs = (tbrin)G.ne();
          }
      s = G.vin[bs];   t = G.vin[-bs];
      // BipolarOrient the graph
      G.BipolarPlan(bs);
      G.FixOrientation();
      }
  
  int n = G.nv();  int m = G.ne();
  // if bs has been reoriented as the packing  suppose that vin[bst]= source
  tbrin bst = (G.vin[bs] != s) ? -bs : bs;
  
  // Compute y coords
  Prop<int> y(G.Set(tvertex()),PROP_DRAW_INT_5); y.clear();
  MaxPath *MP=new MaxPath(n,m);
  for(tedge e = 1; e <= m; e++)
      MP->insert(G.vin[e.firsttbrin()](),G.vin[e.secondtbrin()](),1);
  
  MP->solve(y);
  delete MP;
  int maxyval = y[t];
  
  // compute MaxPath for edges
  svector<int> x(0,m); x.clear();
  MP=new MaxPath(m,2*m);
  svector<tbrin> &Fpbrin = G.ComputeFpbrin();
  tbrin b0,b;
  // out == positif
 
  for(int i = 1; i <= Fpbrin.n(); i++)
      {b0 = Fpbrin[i];
      if(b0.out())
          while((b=-G.acir[b0]).out())
              b0=b;
      else
          do
              {b0=G.cir[-b0];}
          while(b0.in());
      // b0 is the lowest tbrin on the left of the face
      if(b0 == G.cir[bst])continue; // face exterieure
      
      // référence : e
      tedge e = (G.acir[b0]).GetEdge();
      b=b0;
      while (b.out())
          {if(stConnected || b != bst) 
              MP->insert(b.GetEdge()(),e(),1);
          b=G.cir[-b];
          }
      while (b.GetEdge()!=e)
          {MP->insert(e(),b.GetEdge()(),0);
          b=G.cir[-b];
          }
      }


  MP->solve(x);
  delete &Fpbrin;
  delete MP; 

  // computes extremities of vertices
  Prop<int> x1(G.Set(tvertex()),PROP_DRAW_INT_1);
  Prop<int> x2(G.Set(tvertex()),PROP_DRAW_INT_2);
  int maxxval=ComputeExtremities(G,x,x1,x2,morg);

  Prop1<int> m_org(G.Set(),PROP_TMP);
  m_org() = morg;
  for(tedge e = G.ne(); e > morg; e--)
      G.DeleteEdge(e);

  Prop1<int> maxx(G.Set(),PROP_DRAW_INT_1);
  Prop1<int> maxy(G.Set(),PROP_DRAW_INT_2);
  maxx()=maxxval;  maxy()=maxyval;
  Prop1<Tpoint> pmin(G.Set(),PROP_POINT_MIN);
  Prop1<Tpoint> pmax(G.Set(),PROP_POINT_MAX);
  pmin() = Tpoint(-1,-1);
  pmax() = Tpoint(maxxval+1,maxyval+1);


  Prop<Tpoint> P1(G.Set(tedge()),PROP_DRAW_POINT_1);
  Prop<Tpoint> P2(G.Set(tedge()),PROP_DRAW_POINT_2);
  for (tedge e=1; e<= G.ne(); e++)
      {P1[e]=Tpoint(x[e],y[G.vin[e.firsttbrin()]]);
      P2[e]=Tpoint(x[e],y[G.vin[e.secondtbrin()]]);
      }
  
  return 0;
  }
Exemple #23
0
static krb5_error_code
process_intermediates (krb5_error_code (*fn)(krb5_data *, void *), void *data,
                       const krb5_data *n1, const krb5_data *n2) {
    unsigned int len1, len2, i;
    char *p1, *p2;

    Tprintf (("process_intermediates(%.*s,%.*s)\n",
              (int) n1->length, n1->data, (int) n2->length, n2->data));

    len1 = n1->length;
    len2 = n2->length;

    Tprintf (("(walking intermediates now)\n"));
    /* Simplify...  */
    if (len1 > len2) {
        const krb5_data *p;
        int tmp = len1;
        len1 = len2;
        len2 = tmp;
        p = n1;
        n1 = n2;
        n2 = p;
    }
    /* Okay, now len1 is always shorter or equal.  */
    if (len1 == len2) {
        if (memcmp (n1->data, n2->data, len1)) {
            Tprintf (("equal length but different strings in path: '%.*s' '%.*s'\n",
                      (int) n1->length, n1->data, (int) n2->length, n2->data));
            return KRB5KRB_AP_ERR_ILL_CR_TKT;
        }
        Tprintf (("(end intermediates)\n"));
        return 0;
    }
    /* Now len1 is always shorter.  */
    if (len1 == 0)
        /* Shouldn't be possible.  Internal error?  */
        return KRB5KRB_AP_ERR_ILL_CR_TKT;
    p1 = n1->data;
    p2 = n2->data;
    if (p1[0] == '/') {
        /* X.500 style names, with common prefix.  */
        if (p2[0] != '/') {
            Tprintf (("mixed name formats in path: x500='%.*s' domain='%.*s'\n",
                      (int) len1, p1, (int) len2, p2));
            return KRB5KRB_AP_ERR_ILL_CR_TKT;
        }
        if (memcmp (p1, p2, len1)) {
            Tprintf (("x500 names with different prefixes '%.*s' '%.*s'\n",
                      (int) len1, p1, (int) len2, p2));
            return KRB5KRB_AP_ERR_ILL_CR_TKT;
        }
        for (i = len1 + 1; i < len2; i++)
            if (p2[i] == '/') {
                krb5_data d;
                krb5_error_code r;

                d.data = p2;
                d.length = i;
                r = (*fn) (&d, data);
                if (r)
                    return r;
            }
    } else {
        /* Domain style names, with common suffix.  */
        if (p2[0] == '/') {
            Tprintf (("mixed name formats in path: domain='%.*s' x500='%.*s'\n",
                      (int) len1, p1, (int) len2, p2));
            return KRB5KRB_AP_ERR_ILL_CR_TKT;
        }
        if (memcmp (p1, p2 + (len2 - len1), len1)) {
            Tprintf (("domain names with different suffixes '%.*s' '%.*s'\n",
                      (int) len1, p1, (int) len2, p2));
            return KRB5KRB_AP_ERR_ILL_CR_TKT;
        }
        for (i = len2 - len1 - 1; i > 0; i--) {
            Tprintf (("looking at '%.*s'\n", (int) (len2 - i), p2+i));
            if (p2[i-1] == '.') {
                krb5_data d;
                krb5_error_code r;

                d.data = p2+i;
                d.length = len2 - i;
                r = (*fn) (&d, data);
                if (r)
                    return r;
            }
        }
    }
    Tprintf (("(end intermediates)\n"));
    return 0;
}
Exemple #24
0
static krb5_error_code
locate_srv_conf_1(krb5_context context, const krb5_data *realm,
                  const char * name, struct serverlist *serverlist,
                  k5_transport transport, int udpport)
{
    const char *realm_srv_names[4];
    char **hostlist = NULL, *realmstr = NULL, *host = NULL;
    const char *hostspec;
    krb5_error_code code;
    int i, default_port;

    Tprintf("looking in krb5.conf for realm %s entry %s; ports %d,%d\n",
            realm->data, name, udpport);

    realmstr = k5memdup0(realm->data, realm->length, &code);
    if (realmstr == NULL)
        goto cleanup;

    realm_srv_names[0] = KRB5_CONF_REALMS;
    realm_srv_names[1] = realmstr;
    realm_srv_names[2] = name;
    realm_srv_names[3] = 0;
    code = profile_get_values(context->profile, realm_srv_names, &hostlist);
    if (code) {
        Tprintf("config file lookup failed: %s\n", error_message(code));
        if (code == PROF_NO_SECTION || code == PROF_NO_RELATION)
            code = 0;
        goto cleanup;
    }

    for (i = 0; hostlist[i]; i++) {
        int port_num;
        k5_transport this_transport = transport;
        const char *uri_path = NULL;

        hostspec = hostlist[i];
        Tprintf("entry %d is '%s'\n", i, hostspec);

        parse_uri_if_https(hostspec, &this_transport, &hostspec, &uri_path);

        default_port = (this_transport == HTTPS) ? 443 : udpport;
        code = k5_parse_host_string(hostspec, default_port, &host, &port_num);
        if (code == 0 && host == NULL)
            code = EINVAL;
        if (code)
            goto cleanup;

        code = add_host_to_list(serverlist, host, port_num, this_transport,
                                AF_UNSPEC, uri_path, -1);
        if (code)
            goto cleanup;

        free(host);
        host = NULL;
    }

cleanup:
    free(realmstr);
    free(host);
    profile_free_list(hostlist);
    return code;
}
Exemple #25
0
/* The input strings cannot contain any \0 bytes, according to the
   spec, but our API is such that they may not be \0 terminated
   either.  Thus we keep on treating them as krb5_data objects instead
   of C strings.  */
static krb5_error_code
foreach_realm (krb5_error_code (*fn)(krb5_data *comp,void *data), void *data,
               const krb5_data *crealm, const krb5_data *srealm,
               const krb5_data *transit)
{
    char buf[MAXLEN], last[MAXLEN];
    char *p, *bufp;
    int next_lit, intermediates, l;
    krb5_data this_component;
    krb5_error_code r;
    krb5_data last_component;

    /* Invariants:
       - last_component points to last[]
       - this_component points to buf[]
       - last_component has length of last
       - this_component has length of buf when calling out
       Keep these consistent, and we should be okay.  */

    next_lit = 0;
    intermediates = 0;
    memset (buf, 0, sizeof (buf));

    this_component.data = buf;
    last_component.data = last;
    last_component.length = 0;

#define print_data(fmt,d) Tprintf((fmt,(int)(d)->length,(d)->data))
    print_data ("client realm: %.*s\n", crealm);
    print_data ("server realm: %.*s\n", srealm);
    print_data ("transit enc.: %.*s\n", transit);

    if (transit->length == 0) {
        Tprintf (("no other realms transited\n"));
        return 0;
    }

    bufp = buf;
    for (p = transit->data, l = transit->length; l; p++, l--) {
        if (next_lit) {
            *bufp++ = *p;
            if (bufp == buf+sizeof(buf))
                return KRB5KRB_AP_ERR_ILL_CR_TKT;
            next_lit = 0;
        } else if (*p == '\\') {
            next_lit = 1;
        } else if (*p == ',') {
            if (bufp != buf) {
                this_component.length = bufp - buf;
                r = maybe_join (&last_component, &this_component, sizeof(buf));
                if (r)
                    return r;
                r = (*fn) (&this_component, data);
                if (r)
                    return r;
                if (intermediates) {
                    if (p == transit->data)
                        r = process_intermediates (fn, data,
                                                   &this_component, crealm);
                    else {
                        r = process_intermediates (fn, data, &this_component,
                                                   &last_component);
                    }
                    if (r)
                        return r;
                }
                intermediates = 0;
                memcpy (last, buf, sizeof (buf));
                last_component.length = this_component.length;
                memset (buf, 0, sizeof (buf));
                bufp = buf;
            } else {
                intermediates = 1;
                if (p == transit->data) {
                    if (crealm->length >= MAXLEN)
                        return KRB5KRB_AP_ERR_ILL_CR_TKT;
                    if (crealm->length > 0)
                        memcpy (last, crealm->data, crealm->length);
                    last[crealm->length] = '\0';
                    last_component.length = crealm->length;
                }
            }
        } else if (*p == ' ' && bufp == buf) {
            /* This next component stands alone, even if it has a
               trailing dot or leading slash.  */
            memset (last, 0, sizeof (last));
            last_component.length = 0;
        } else {
            /* Not a special character; literal.  */
            *bufp++ = *p;
            if (bufp == buf+sizeof(buf))
                return KRB5KRB_AP_ERR_ILL_CR_TKT;
        }
    }
    /* At end.  Must be normal state.  */
    if (next_lit)
        Tprintf (("ending in next-char-literal state\n"));
    /* Process trailing element or comma.  */
    if (bufp == buf) {
        /* Trailing comma.  */
        r = process_intermediates (fn, data, &last_component, srealm);
    } else {
        /* Trailing component.  */
        this_component.length = bufp - buf;
        r = maybe_join (&last_component, &this_component, sizeof(buf));
        if (r)
            return r;
        r = (*fn) (&this_component, data);
        if (r)
            return r;
        if (intermediates)
            r = process_intermediates (fn, data, &this_component,
                                       &last_component);
    }
    if (r != 0)
        return r;
    return 0;
}
Exemple #26
0
static krb5_error_code
locate_srv_conf_1(krb5_context context, const krb5_data *realm,
                  const char * name, struct serverlist *serverlist,
                  int socktype, int udpport, int sec_udpport)
{
    const char  *realm_srv_names[4];
    char **hostlist, *host, *port, *cp;
    krb5_error_code code;
    int i;

    Tprintf ("looking in krb5.conf for realm %s entry %s; ports %d,%d\n",
             realm->data, name, ntohs (udpport), ntohs (sec_udpport));

    if ((host = malloc(realm->length + 1)) == NULL)
        return ENOMEM;

    strncpy(host, realm->data, realm->length);
    host[realm->length] = '\0';
    hostlist = 0;

    realm_srv_names[0] = KRB5_CONF_REALMS;
    realm_srv_names[1] = host;
    realm_srv_names[2] = name;
    realm_srv_names[3] = 0;

    code = profile_get_values(context->profile, realm_srv_names, &hostlist);
    free(host);

    if (code) {
        Tprintf ("config file lookup failed: %s\n",
                 error_message(code));
        if (code == PROF_NO_SECTION || code == PROF_NO_RELATION)
            code = 0;
        return code;
    }

    for (i=0; hostlist[i]; i++) {
        int p1, p2;

        host = hostlist[i];
        Tprintf ("entry %d is '%s'\n", i, host);
        /* Find port number, and strip off any excess characters. */
        if (*host == '[' && (cp = strchr(host, ']')))
            cp = cp + 1;
        else
            cp = host + strcspn(host, " \t:");
        port = (*cp == ':') ? cp + 1 : NULL;
        *cp = '\0';

        if (port) {
            unsigned long l;
#ifdef HAVE_STROUL
            char *endptr;
            l = strtoul (port, &endptr, 10);
            if (endptr == NULL || *endptr != 0)
                return EINVAL;
#else
            l = atoi (port);
#endif
            /* L is unsigned, don't need to check <0.  */
            if (l > 65535)
                return EINVAL;
            p1 = htons (l);
            p2 = 0;
        } else {
            p1 = udpport;
            p2 = sec_udpport;
        }

        /* If the hostname was in brackets, strip those off now. */
        if (*host == '[' && (cp = strchr(host, ']'))) {
            host++;
            *cp = '\0';
        }

        code = add_host_to_list(serverlist, host, p1, socktype, AF_UNSPEC);
        /* Second port is for IPv4 UDP only, and should possibly go away as
         * it was originally a krb4 compatibility measure. */
        if (code == 0 && p2 != 0 &&
            (socktype == 0 || socktype == SOCK_DGRAM))
            code = add_host_to_list(serverlist, host, p2, SOCK_DGRAM, AF_INET);
        if (code)
            goto cleanup;
    }

cleanup:
    profile_free_list(hostlist);
    return code;
}
Exemple #27
0
static krb5_error_code
module_locate_server(krb5_context ctx, const krb5_data *realm,
                     struct serverlist *serverlist,
                     enum locate_service_type svc, int socktype)
{
    struct krb5plugin_service_locate_result *res = NULL;
    krb5_error_code code;
    struct krb5plugin_service_locate_ftable *vtbl = NULL;
    void **ptrs;
    char *realmz;               /* NUL-terminated realm */
    int i;
    struct module_callback_data cbdata = { 0, };
    const char *msg;

    Tprintf("in module_locate_server\n");
    cbdata.list = serverlist;
    if (!PLUGIN_DIR_OPEN (&ctx->libkrb5_plugins)) {

        code = krb5int_open_plugin_dirs (objdirs, NULL, &ctx->libkrb5_plugins,
                                         &ctx->err);
        if (code)
            return KRB5_PLUGIN_NO_HANDLE;
    }

    code = krb5int_get_plugin_dir_data (&ctx->libkrb5_plugins,
                                        "service_locator", &ptrs, &ctx->err);
    if (code) {
        Tprintf("error looking up plugin symbols: %s\n",
                (msg = krb5_get_error_message(ctx, code)));
        krb5_free_error_message(ctx, msg);
        return KRB5_PLUGIN_NO_HANDLE;
    }

    if (realm->length >= UINT_MAX) {
        krb5int_free_plugin_dir_data(ptrs);
        return ENOMEM;
    }
    realmz = k5memdup0(realm->data, realm->length, &code);
    if (realmz == NULL) {
        krb5int_free_plugin_dir_data(ptrs);
        return code;
    }
    for (i = 0; ptrs[i]; i++) {
        void *blob;

        vtbl = ptrs[i];
        Tprintf("element %d is %p\n", i, ptrs[i]);

        /* For now, don't keep the plugin data alive.  For long-lived
           contexts, it may be desirable to change that later.  */
        code = vtbl->init(ctx, &blob);
        if (code)
            continue;

        code = vtbl->lookup(blob, svc, realmz,
                            (socktype != 0) ? socktype : SOCK_DGRAM, AF_UNSPEC,
                            module_callback, &cbdata);
        /* Also ask for TCP addresses if we got UDP addresses and want both. */
        if (code == 0 && socktype == 0) {
            code = vtbl->lookup(blob, svc, realmz, SOCK_STREAM, AF_UNSPEC,
                                module_callback, &cbdata);
            if (code == KRB5_PLUGIN_NO_HANDLE)
                code = 0;
        }
        vtbl->fini(blob);
        if (code == KRB5_PLUGIN_NO_HANDLE) {
            /* Module passes, keep going.  */
            /* XXX */
            Tprintf("plugin doesn't handle this realm (KRB5_PLUGIN_NO_HANDLE)\n");
            continue;
        }
        if (code != 0) {
            /* Module encountered an actual error.  */
            Tprintf("plugin lookup routine returned error %d: %s\n",
                    code, error_message(code));
            free(realmz);
            krb5int_free_plugin_dir_data (ptrs);
            return code;
        }
        break;
    }
    if (ptrs[i] == NULL) {
        Tprintf("ran off end of plugin list\n");
        free(realmz);
        krb5int_free_plugin_dir_data (ptrs);
        return KRB5_PLUGIN_NO_HANDLE;
    }
    Tprintf("stopped with plugin #%d, res=%p\n", i, res);

    /* Got something back, yippee.  */
    Tprintf("now have %lu addrs in list %p\n",
            (unsigned long) serverlist->nservers, serverlist);
    free(realmz);
    krb5int_free_plugin_dir_data (ptrs);
    return 0;
}
Exemple #28
0
krb5_error_code
krb5int_locate_server (krb5_context context, const krb5_data *realm,
		       struct addrlist *addrlist,
		       enum locate_service_type svc,
		       int socktype, int family)
{
    krb5_error_code code;
    struct addrlist al = ADDRLIST_INIT;
    char **hostlist = NULL;
    struct srv_dns_entry *dns_list_head = NULL;

    *addrlist = al;

    /*
     * Solaris Kerberos (illumos)
     * Allow main programs to override _locate_server()
     */
    code = override_locate_server(context, realm, &al, svc, socktype, family);
    if (code != KRB5_PLUGIN_NO_HANDLE) {
    	if (code == 0) 
	    *addrlist = al;
	else if (al.space)
	    free_list (&al);
	return (code);
    }
    /* Solaris Kerberos (illumos) */

    code = module_locate_server(context, realm, &al, svc, socktype, family);
    Tprintf("module_locate_server returns %d\n", code);
    if (code == KRB5_PLUGIN_NO_HANDLE) {
	/*
	 * We always try the local file before DNS.  Note that there
	 * is no way to indicate "service not available" via the
	 * config file.
	 */
	code = prof_locate_server(context, realm, &hostlist, svc);

	/*
	 * Solaris Kerberos:
	 * If kpasswd_server has not been configured and dns_lookup_kdc -
	 * dns_fallback are not configured then admin_server should
	 * be inferred, per krb5.conf(4).
	 */
	if (code && svc == locate_service_kpasswd &&
	    !maybe_use_dns(context, "dns_lookup_kdc", 0)) {
		code = prof_locate_server(context, realm, &hostlist,
			locate_service_kadmin);
	}

#ifdef KRB5_DNS_LOOKUP
	/*
	 * Solaris Kerberos:
	 * There is no point in trying to locate the KDC in DNS if "realm"
	 * is empty.
	 */
	/* Try DNS for all profile errors?  */
	if (code && !krb5_is_referral_realm(realm)) {
	    krb5_error_code code2;
	    code2 = dns_locate_server(context, realm, &dns_list_head,
				    svc, socktype, family);

	    if (code2 != KRB5_PLUGIN_NO_HANDLE)
		code = code2;
	}
#endif /* KRB5_DNS_LOOKUP */

	/* We could put more heuristics here, like looking up a hostname
	   of "kerberos."+REALM, etc.  */
    }

    if (code != 0) {
	if (al.space)
	    free_list (&al);
	if (hostlist)
	    profile_free_list(hostlist);
	if (dns_list_head)
	    krb5int_free_srv_dns_data(dns_list_head);

	return code;
    }

    /*
     * At this point we have no errors, let's check to see if we have
     * any KDC entries from krb5.conf or DNS.
     */
    if (!hostlist && !dns_list_head) {
	switch(svc) {
	case locate_service_master_kdc:
	    krb5_set_error_message(context,
				KRB5_REALM_CANT_RESOLVE,
				dgettext(TEXT_DOMAIN,
					"Cannot find a master KDC entry in krb5.conf(4) or DNS Service Location records for realm '%.*s'"),
				realm->length, realm->data);
	    break;
	case locate_service_kadmin:
	    krb5_set_error_message(context,
				KRB5_REALM_CANT_RESOLVE,
				dgettext(TEXT_DOMAIN,
					"Cannot find a kadmin KDC entry in krb5.conf(4) or DNS Service Location records for realm '%.*s'"),
				realm->length, realm->data);
	    break;
	case locate_service_kpasswd:
	    krb5_set_error_message(context,
				KRB5_REALM_CANT_RESOLVE,
				dgettext(TEXT_DOMAIN,
					"Cannot find a kpasswd KDC entry in krb5.conf(4) or DNS Service Location records for realm '%.*s'"),
				realm->length, realm->data);
	    break;
	default: 	  /*  locate_service_kdc: */
		krb5_set_error_message(context,
				    KRB5_REALM_CANT_RESOLVE,
				    dgettext(TEXT_DOMAIN,
					    "Cannot find any KDC entries in krb5.conf(4) or DNS Service Location records for realm '%.*s'"),
				    realm->length, realm->data);
			       
	}
	return KRB5_REALM_CANT_RESOLVE;
    }

    /* We have KDC entries, let see if we can get their net addrs. */
    if (hostlist)
	code = prof_hostnames2netaddrs(hostlist, svc,
				    socktype, family, &al);
    else if (dns_list_head)
	code = dns_hostnames2netaddrs(dns_list_head, svc,
				    socktype, family, &al);
    if (code) {
	if (hostlist)
	    profile_free_list(hostlist);
	if (dns_list_head)
	    krb5int_free_srv_dns_data(dns_list_head);
	return code;
    }

    /*
     * Solaris Kerberos:
     * If an entry for _kerberos-master. does not exist (checked for
     * above) but _kpasswd. does then treat that as an entry for the
     * master KDC (but use port 88 not the kpasswd port). MS AD creates
     * kpasswd entries by default in DNS.
     */
    if (!dns_list_head && svc == locate_service_master_kdc &&
	al.naddrs == 0) {

	/* Look for _kpasswd._tcp|udp */
	code = dns_locate_server(context, realm, &dns_list_head,
				locate_service_kpasswd, socktype, family);

	if (code == 0 && dns_list_head) {
	    int i;
	    struct addrinfo *a;

	    code = dns_hostnames2netaddrs(dns_list_head, svc,
					socktype, family, &al);

	    /* Set the port to 88 instead of the kpasswd port */
	    if (code == 0 && al.naddrs > 0) {
		for (i = 0; i < al.naddrs; i++) {
		    if (al.addrs[i].ai->ai_family == AF_INET)
			for (a = al.addrs[i].ai; a != NULL; a = a->ai_next)
			    ((struct sockaddr_in *)a->ai_addr)->sin_port =
				htons(KRB5_DEFAULT_PORT);
				
		    if (al.addrs[i].ai->ai_family == AF_INET6)
			for (a = al.addrs[i].ai; a != NULL; a = a->ai_next)
			     ((struct sockaddr_in6 *)a->ai_addr)->sin6_port =
				    htons(KRB5_DEFAULT_PORT);
		}
	    }
	}
    }

    /* No errors so far, lets see if we have KDC net addrs */
    if (al.naddrs == 0) {
	char *hostlist_str = NULL, *dnslist_str  = NULL;
	if (al.space)
	    free_list (&al);

	if (hostlist) {
	    hostlist_str = hostlist2str(hostlist);
	    krb5_set_error_message(context, KRB5_REALM_CANT_RESOLVE,
				dgettext(TEXT_DOMAIN,
					"Cannot resolve network address for KDCs '%s' specified in krb5.conf(4) for realm %.*s"),
				hostlist_str ? hostlist_str : "unknown",
				realm->length, realm->data);
	    if (hostlist_str)
		free(hostlist_str);
	} else if (dns_list_head) {
	    dnslist_str = dnslist2str(dns_list_head);
	    krb5_set_error_message(context, KRB5_REALM_CANT_RESOLVE,
				dgettext(TEXT_DOMAIN,
					"Cannot resolve network address for KDCs '%s' discovered via DNS Service Location records for realm '%.*s'"),
				dnslist_str ? dnslist_str : "unknown",
				realm->length, realm->data);
	    if (dnslist_str)
		    free(dnslist_str);
	}

	if (hostlist)
	    profile_free_list(hostlist);
	if (dns_list_head)
	    krb5int_free_srv_dns_data(dns_list_head);

	return KRB5_REALM_CANT_RESOLVE;
    }

    if (hostlist)
	    profile_free_list(hostlist);
    if (dns_list_head)
	    krb5int_free_srv_dns_data(dns_list_head);

    *addrlist = al;
    return 0;
}
Exemple #29
0
/*ARGSUSED2*/
long KRB5_CALLCONV
krb5int_open_plugin (const char *filepath, struct plugin_file_handle **h, struct errinfo *ep)
{
    long err = 0;
    struct stat statbuf;
    struct plugin_file_handle *htmp = NULL;
    int got_plugin = 0;

    if (!err) {
        if (stat (filepath, &statbuf) < 0) {
            Tprintf ("stat(%s): %s\n", filepath, strerror (errno));
            err = errno;
        }
    }

    if (!err) {
        htmp = calloc (1, sizeof (*htmp)); /* calloc initializes ptrs to NULL */
        if (htmp == NULL) { err = errno; }
    }

#if USE_DLOPEN
    if (!err && (statbuf.st_mode & S_IFMT) == S_IFREG) {
        void *handle = NULL;
#ifdef RTLD_GROUP
#define PLUGIN_DLOPEN_FLAGS (RTLD_NOW | RTLD_LOCAL | RTLD_GROUP)
#else
#define PLUGIN_DLOPEN_FLAGS (RTLD_NOW | RTLD_LOCAL)
#endif

        if (!err) {
            handle = dlopen(filepath, PLUGIN_DLOPEN_FLAGS);
            if (handle == NULL) {
                const char *e = dlerror();
                Tprintf ("dlopen(%s): %s\n", filepath, e);
                err = ENOENT; /* XXX */
		krb5int_set_error (ep, err, "%s", e);
            }
        }

        if (!err) {
            got_plugin = 1;
            htmp->dlhandle = handle;
            handle = NULL;
        }

        if (handle != NULL) { dlclose (handle); }
    }
#endif

#if USE_CFBUNDLE
    if (!err && (statbuf.st_mode & S_IFMT) == S_IFDIR) {
        CFStringRef pluginPath = NULL;
        CFURLRef pluginURL = NULL;
        CFBundleRef pluginBundle = NULL;

        if (!err) {
            pluginPath = CFStringCreateWithCString (kCFAllocatorDefault, filepath, 
                                                    kCFStringEncodingASCII);
            if (pluginPath == NULL) { err = ENOMEM; }
        }
        
        if (!err) {
            pluginURL = CFURLCreateWithFileSystemPath (kCFAllocatorDefault, pluginPath, 
                                                       kCFURLPOSIXPathStyle, true);
            if (pluginURL == NULL) { err = ENOMEM; }
        }
        
        if (!err) {
            pluginBundle = CFBundleCreate (kCFAllocatorDefault, pluginURL);
            if (pluginBundle == NULL) { err = ENOENT; } /* XXX need better error */
        }
        
        if (!err) {
            if (!CFBundleIsExecutableLoaded (pluginBundle)) {
                int loaded = CFBundleLoadExecutable (pluginBundle);
                if (!loaded) { err = ENOENT; }  /* XXX need better error */
            }
        }
        
        if (!err) {
            got_plugin = 1;
            htmp->bundle = pluginBundle;
            pluginBundle = NULL;  /* htmp->bundle takes ownership */
        }

        if (pluginBundle != NULL) { CFRelease (pluginBundle); }
        if (pluginURL    != NULL) { CFRelease (pluginURL); }
        if (pluginPath   != NULL) { CFRelease (pluginPath); }
    }
#endif
        
    if (!err && !got_plugin) {
        err = ENOENT;  /* no plugin or no way to load plugins */
    }
    
    if (!err) {
        *h = htmp;
        htmp = NULL;  /* h takes ownership */
    }
    
    if (htmp != NULL) { free (htmp); }
    
    return err;
}
Exemple #30
0
int EmbedPolyline(TopologicalGraph &G)
  {if(G.nv() < 3 || G.ne() < 2)return -1;
  int OldNumEdge = G.ne();
  PSet1  propSave(G.Set());
  G.MakeConnected();
  if(!G.FindPlanarMap() )
      {Tprintf("Not Planar Graph");
      for(tedge e = G.ne(); e > OldNumEdge; e--) G.DeleteEdge(e);
      return -1;
      }
 tbrin FirstBrin = 1;
  bool MaxPlanar = (G.ne() != 3 * G.nv() - 6) ? false : true;
  int len;
  if(!FirstBrin && !MaxPlanar)
      G.LongestFace(FirstBrin,len);
  else if(FirstBrin == 0)
      {FirstBrin = G.extbrin();FirstBrin = -G.acir[FirstBrin];}

  if(!MaxPlanar && G.ZigZagTriangulate())return -2;
  svector<short> ecolor(1, G.ne());
  SchnyderDecomp(G,FirstBrin,ecolor);
  GeometricGraph G0(G);
  
  //Compute trees 
  tedge ee;
  Prop<Tpoint> Ebend(G.Set(tedge()),PROP_DRAW_POINT_3);
  
  svector<tbrin> FatherB(1,G.nv(),(tbrin)0);           FatherB.SetName("FatherB");
  svector<tbrin> FatherG(1,G.nv(),(tbrin)0);           FatherG.SetName("FatherG");
  svector<tbrin> FatherR(1,G.nv(),(tbrin)0);           FatherR.SetName("FatherR");
  svector<int> x(1,G.nv(),0), y(1,G.nv(),0);
  x.clear(); y.clear();
  compute_parents(G0, Blue, -FirstBrin, FatherB, ecolor);
  compute_parents(G0, Red, FirstBrin, FatherR, ecolor);
  compute_parents(G0, Green, -G0.acir[FirstBrin], FatherG, ecolor);
  // Compute the number of leaves of each tree
  int nb_leavesB, nb_leavesR, nb_leavesG;
  nb_leavesB = nb_leaves(G0, Blue, -FirstBrin, ecolor);
  nb_leavesR = nb_leaves(G0, Red, FirstBrin, ecolor);
  nb_leavesG = nb_leaves(G0, Green, -G0.acir[FirstBrin], ecolor);

    // Compute the coordinates using the tree with the minimum number of leaves
  ForAllEdges(ee, G) Ebend[ee] = Tpoint(-1,-1);
  if (nb_leavesB <= nb_leavesR && nb_leavesB <= nb_leavesG) 
      compute_coords(G0,Red,Blue,-FirstBrin,FatherB,FatherR,FatherG,ecolor,x,y,Ebend);
  else if (nb_leavesR <= nb_leavesG) 
      compute_coords(G0,Green,Red,G0.acir[FirstBrin],FatherR,FatherG,FatherB,ecolor,x,y,Ebend);
  else 
      compute_coords(G0,Blue,Green,G0.acir[-G0.acir[FirstBrin]],FatherG,FatherB,FatherR,ecolor,x,y,Ebend);
  // computes extremities of vertices
  Prop<Tpoint> Epoint1(G.Set(tedge()),PROP_DRAW_POINT_1);
  Prop<Tpoint> Epoint2(G.Set(tedge()),PROP_DRAW_POINT_2);
  Prop<Tpoint> Vcoord(G.Set(tvertex()),PROP_DRAW_POINT_1);
  G.Set() =  propSave;
  Prop1<Tpoint> pmin(G.Set(),PROP_POINT_MIN);
  Prop1<Tpoint> pmax(G.Set(),PROP_POINT_MAX);  
  tvertex vv;
  pmin() = Tpoint(0,0);
  pmax() = Tpoint(0,0);
  ForAllVertices(vv, G0) 
   {Vcoord[vv] = Tpoint(x[vv], y[vv]);
   if (Vcoord[vv].x() > pmax().x())
       pmax().x() = Vcoord[vv].x();
   if (Vcoord[vv].y() > pmax().y())
       pmax().y() = Vcoord[vv].y();
   }