KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_config_parse_file_multi (krb5_context context,
const char *fname,
krb5_config_section **res)
{
const char *str;
char *newfname = NULL;
unsigned lineno = 0;
krb5_error_code ret;
struct fileptr f;
/**
* If the fname starts with "~/" parse configuration file in the
* current users home directory. The behavior can be disabled and
* enabled by calling krb5_set_home_dir_access().
*/
if (fname[0] == '~' && fname[1] == '/') {
#ifndef KRB5_USE_PATH_TOKENS
const char *home = NULL;
if (!_krb5_homedir_access(context)) {
krb5_set_error_message(context, EPERM,
"Access to home directory not allowed");
return EPERM;
}
if(!issuid())
home = getenv("HOME");
if (home == NULL) {
struct passwd *pw = getpwuid(getuid());
if(pw != NULL)
home = pw->pw_dir;
}
if (home) {
asprintf(&newfname, "%s%s", home, &fname[1]);
if (newfname == NULL) {
krb5_set_error_message(context, ENOMEM,
N_("malloc: out of memory", ""));
return ENOMEM;
}
fname = newfname;
}
#else /* KRB5_USE_PATH_TOKENS */
if (asprintf(&newfname, "%%{USERCONFIG}%s", &fname[1]) < 0 ||
newfname == NULL)
{
krb5_set_error_message(context, ENOMEM,
N_("malloc: out of memory", ""));
return ENOMEM;
}
fname = newfname;
#endif
}
if (is_plist_file(fname)) {
#ifdef __APPLE__
ret = parse_plist_config(context, fname, res);
if (ret) {
krb5_set_error_message(context, ret,
"Failed to parse plist %s", fname);
if (newfname)
free(newfname);
return ret;
}
#else
krb5_set_error_message(context, ENOENT,
"no support for plist configuration files");
return ENOENT;
#endif
} else {
#ifdef KRB5_USE_PATH_TOKENS
char * exp_fname = NULL;
ret = _krb5_expand_path_tokens(context, fname, &exp_fname);
if (ret) {
if (newfname)
free(newfname);
return ret;
}
if (newfname)
free(newfname);
fname = newfname = exp_fname;
#endif
f.f = fopen(fname, "r");
f.s = NULL;
if(f.f == NULL) {
ret = errno;
krb5_set_error_message (context, ret, "open %s: %s",
fname, strerror(ret));
if (newfname)
free(newfname);
return ret;
}
ret = krb5_config_parse_debug (&f, res, &lineno, &str);
fclose(f.f);
if (ret) {
krb5_set_error_message (context, ret, "%s:%u: %s",
fname, lineno, str);
if (newfname)
free(newfname);
return ret;
}
}
return 0;
}
static krb5_error_code
load_plugins(krb5_context context)
{
struct plugin *e;
krb5_error_code ret;
char **dirs = NULL, **di;
struct dirent *entry;
char *path;
DIR *d = NULL;
if (!plugins_needs_scan)
return 0;
plugins_needs_scan = 0;
#ifdef HAVE_DLOPEN
dirs = krb5_config_get_strings(context, NULL, "libdefaults",
"plugin_dir", NULL);
if (dirs == NULL)
dirs = rk_UNCONST(sysplugin_dirs);
for (di = dirs; *di != NULL; di++) {
char * dir = *di;
#ifdef KRB5_USE_PATH_TOKENS
if (_krb5_expand_path_tokens(context, *di, &dir))
goto next_dir;
#endif
trim_trailing_slash(dir);
d = opendir(dir);
if (d == NULL)
goto next_dir;
rk_cloexec_dir(d);
while ((entry = readdir(d)) != NULL) {
char *n = entry->d_name;
/* skip . and .. */
if (!is_valid_plugin_filename(n))
continue;
path = NULL;
ret = 0;
#ifdef __APPLE__
{ /* support loading bundles on MacOS */
size_t len = strlen(n);
if (len > 7 && strcmp(&n[len - 7], ".bundle") == 0)
ret = asprintf(&path, "%s/%s/Contents/MacOS/%.*s", dir, n, (int)(len - 7), n);
}
#endif
if (ret < 0 || path == NULL)
ret = asprintf(&path, "%s/%s", dir, n);
if (ret < 0 || path == NULL) {
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
return ret;
}
/* check if already tried */
for (e = registered; e != NULL; e = e->next)
if (e->type == DSO && strcmp(e->u.dso.path, path) == 0)
break;
if (e) {
free(path);
} else {
loadlib(context, path); /* store or frees path */
}
}
closedir(d);
next_dir:
if (dir != *di)
free(dir);
}
if (dirs != rk_UNCONST(sysplugin_dirs))
krb5_config_free_strings(dirs);
#endif /* HAVE_DLOPEN */
return 0;
}
static krb5_error_code
init_ccapi(krb5_context context)
{
const char *lib = NULL;
HEIMDAL_MUTEX_lock(&acc_mutex);
if (init_func) {
HEIMDAL_MUTEX_unlock(&acc_mutex);
if (context)
krb5_clear_error_message(context);
return 0;
}
if (context)
lib = krb5_config_get_string(context, NULL,
"libdefaults", "ccapi_library",
NULL);
if (lib == NULL) {
#ifdef __APPLE__
lib = "/System/Library/Frameworks/Kerberos.framework/Kerberos";
#elif defined(KRB5_USE_PATH_TOKENS) && defined(_WIN32)
lib = "%{LIBDIR}/libkrb5_cc.dll";
#else
lib = "/usr/lib/libkrb5_cc.so";
#endif
}
#ifdef HAVE_DLOPEN
#ifndef RTLD_LAZY
#define RTLD_LAZY 0
#endif
#ifndef RTLD_LOCAL
#define RTLD_LOCAL 0
#endif
#ifdef KRB5_USE_PATH_TOKENS
{
char * explib = NULL;
if (_krb5_expand_path_tokens(context, lib, &explib) == 0) {
cc_handle = dlopen(explib, RTLD_LAZY|RTLD_LOCAL);
free(explib);
}
}
#else
cc_handle = dlopen(lib, RTLD_LAZY|RTLD_LOCAL);
#endif
if (cc_handle == NULL) {
HEIMDAL_MUTEX_unlock(&acc_mutex);
if (context)
krb5_set_error_message(context, KRB5_CC_NOSUPP,
N_("Failed to load API cache module %s", "file"),
lib);
return KRB5_CC_NOSUPP;
}
init_func = (cc_initialize_func)dlsym(cc_handle, "cc_initialize");
set_target_uid = (void (KRB5_CALLCONV *)(uid_t))
dlsym(cc_handle, "krb5_ipc_client_set_target_uid");
clear_target = (void (KRB5_CALLCONV *)(void))
dlsym(cc_handle, "krb5_ipc_client_clear_target");
HEIMDAL_MUTEX_unlock(&acc_mutex);
if (init_func == NULL) {
if (context)
krb5_set_error_message(context, KRB5_CC_NOSUPP,
N_("Failed to find cc_initialize"
"in %s: %s", "file, error"), lib, dlerror());
dlclose(cc_handle);
return KRB5_CC_NOSUPP;
}
return 0;
#else
HEIMDAL_MUTEX_unlock(&acc_mutex);
if (context)
krb5_set_error_message(context, KRB5_CC_NOSUPP,
N_("no support for shared object", ""));
return KRB5_CC_NOSUPP;
#endif
}
