krb5_error_code hdb_create(krb5_context context, HDB **db, const char *filename) { struct cb_s cb_ctx; if (filename == NULL) filename = HDB_DEFAULT_DB; cb_ctx.h = find_method (filename, &cb_ctx.residual); cb_ctx.filename = filename; if (cb_ctx.h == NULL || cb_ctx.h->create == NULL) { char *sym; if ((sym = make_sym(filename)) == NULL) return krb5_enomem(context); (void)_krb5_plugin_run_f(context, "krb5", sym, HDB_INTERFACE_VERSION, 0, &cb_ctx, callback); free(sym); } if (cb_ctx.h == NULL) krb5_errx(context, 1, "No database support for %s", cb_ctx.filename); return (*cb_ctx.h->create)(context, db, cb_ctx.residual); }
static krb5_error_code an2ln_plugin(krb5_context context, const char *rule, krb5_const_principal aname, size_t lnsize, char *lname) { krb5_error_code ret; struct plctx ctx; ctx.rule = rule; ctx.aname = aname; ctx.luser = NULL; /* * Order of plugin invocation is non-deterministic, but there should * really be no more than one plugin that can handle any given kind * rule, so the effect should be deterministic anyways. */ ret = _krb5_plugin_run_f(context, "krb5", KRB5_PLUGIN_AN2LN, KRB5_PLUGIN_AN2LN_VERSION_0, 0, &ctx, plcallback); if (ret != 0) { heim_release(ctx.luser); return ret; } if (ctx.luser == NULL) return KRB5_PLUGIN_NO_HANDLE; if (strlcpy(lname, heim_string_get_utf8(ctx.luser), lnsize) >= lnsize) ret = KRB5_CONFIG_NOTENUFSPACE; heim_release(ctx.luser); return ret; }
static void db_plugins_init(void *arg) { krb5_context context = arg; (void)_krb5_plugin_run_f(context, &db_plugin_data, 0, NULL, db_plugins_plcallback); }
static void db_plugins_init(void *arg) { krb5_context context = arg; (void)_krb5_plugin_run_f(context, "krb5", KRB5_PLUGIN_DB, KRB5_PLUGIN_DB_VERSION_0, 0, NULL, db_plugins_plcallback); }
krb5_error_code hdb_list_builtin(krb5_context context, char **list) { const struct hdb_method *h; size_t len = 0; char *buf = NULL; for (h = methods; h->prefix != NULL; ++h) { if (h->prefix[0] == '\0') continue; len += strlen(h->prefix) + 2; } len += 1; buf = malloc(len); if (buf == NULL) { return krb5_enomem(context); } buf[0] = '\0'; for (h = methods; h->prefix != NULL; ++h) { if (h->create == NULL) { struct cb_s cb_ctx; char *f; char *sym; /* Try loading the plugin */ if (asprintf(&f, "%sfoo", h->prefix) == -1) f = NULL; if ((sym = make_sym(h->prefix)) == NULL) { free(buf); free(f); return krb5_enomem(context); } cb_ctx.filename = f; cb_ctx.residual = NULL; cb_ctx.h = NULL; (void)_krb5_plugin_run_f(context, "krb5", sym, HDB_INTERFACE_VERSION, 0, &cb_ctx, callback); free(f); free(sym); if (cb_ctx.h == NULL || cb_ctx.h->create == NULL) continue; } if (h != methods) strlcat(buf, ", ", len); strlcat(buf, h->prefix, len); } *list = buf; return 0; }
static void plugin_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, enum locate_service_type type) { struct plctx ctx = { type, kd, 0 }; if (_krb5_homedir_access(context)) ctx.flags |= KRB5_PLF_ALLOW_HOMEDIR; _krb5_plugin_run_f(context, "krb5", KRB5_PLUGIN_LOCATE, KRB5_PLUGIN_LOCATE_VERSION_0, 0, &ctx, plcallback); }
static krb5_error_code realm_via_plugin(krb5_context context, krb5_const_realm realm, time_t timeout, const krb5_data *send_data, krb5_data *receive) { struct send_via_plugin_s userctx; userctx.realm = realm; userctx.hi = NULL; userctx.timeout = timeout; userctx.send_data = send_data; userctx.receive = receive; return _krb5_plugin_run_f(context, &send_to_kdc_plugin_data, 0, &userctx, realmcallback); }
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL _krb5_kuserok(krb5_context context, krb5_principal principal, const char *luser, krb5_boolean an2ln_ok) { static heim_base_once_t reg_def_plugins = HEIM_BASE_ONCE_INIT; krb5_error_code ret; struct plctx ctx; char **rules; /* * XXX we should have a struct with a krb5_context field and a * krb5_error_code fied and pass the address of that as the ctx * argument of heim_base_once_f(). For now we use a static to * communicate failures. Actually, we ignore failures anyways, * since we can't return them. */ heim_base_once_f(®_def_plugins, context, reg_def_plugins_once); ctx.flags = 0; ctx.luser = luser; ctx.principal = principal; ctx.result = FALSE; ctx.k5login_dir = krb5_config_get_string(context, NULL, "libdefaults", "k5login_directory", NULL); if (an2ln_ok) ctx.flags |= KUSEROK_ANAME_TO_LNAME_OK; if (krb5_config_get_bool_default(context, NULL, FALSE, "libdefaults", "k5login_authoritative", NULL)) ctx.flags |= KUSEROK_K5LOGIN_IS_AUTHORITATIVE; if ((ctx.flags & KUSEROK_K5LOGIN_IS_AUTHORITATIVE) && plugin_reg_ret) return plugin_reg_ret; /* fail safe */ rules = krb5_config_get_strings(context, NULL, "libdefaults", "kuserok", NULL); if (rules == NULL) { /* Default: check ~/.k5login */ ctx.rule = "USER-K5LOGIN"; ret = plcallback(context, &kuserok_user_k5login_plug, NULL, &ctx); if (ret == 0) goto out; ctx.rule = "SIMPLE"; ret = plcallback(context, &kuserok_simple_plug, NULL, &ctx); if (ret == 0) goto out; ctx.result = FALSE; } else { size_t n; for (n = 0; rules[n]; n++) { ctx.rule = rules[n]; ret = _krb5_plugin_run_f(context, "krb5", KRB5_PLUGIN_KUSEROK, KRB5_PLUGIN_KUSEROK_VERSION_0, 0, &ctx, plcallback); if (ret != KRB5_PLUGIN_NO_HANDLE) goto out; } } out: krb5_config_free_strings(rules); return ctx.result; }