krb5_error_code
hdb_create(krb5_context context, HDB **db, const char *filename)
{
struct cb_s cb_ctx;
if (filename == NULL)
filename = HDB_DEFAULT_DB;
cb_ctx.h = find_method (filename, &cb_ctx.residual);
cb_ctx.filename = filename;
if (cb_ctx.h == NULL || cb_ctx.h->create == NULL) {
char *sym;
if ((sym = make_sym(filename)) == NULL)
return krb5_enomem(context);
(void)_krb5_plugin_run_f(context, "krb5", sym, HDB_INTERFACE_VERSION,
0, &cb_ctx, callback);
free(sym);
}
if (cb_ctx.h == NULL)
krb5_errx(context, 1, "No database support for %s", cb_ctx.filename);
return (*cb_ctx.h->create)(context, db, cb_ctx.residual);
}
static krb5_error_code
an2ln_plugin(krb5_context context, const char *rule, krb5_const_principal aname,
size_t lnsize, char *lname)
{
krb5_error_code ret;
struct plctx ctx;
ctx.rule = rule;
ctx.aname = aname;
ctx.luser = NULL;
/*
* Order of plugin invocation is non-deterministic, but there should
* really be no more than one plugin that can handle any given kind
* rule, so the effect should be deterministic anyways.
*/
ret = _krb5_plugin_run_f(context, "krb5", KRB5_PLUGIN_AN2LN,
KRB5_PLUGIN_AN2LN_VERSION_0, 0, &ctx, plcallback);
if (ret != 0) {
heim_release(ctx.luser);
return ret;
}
if (ctx.luser == NULL)
return KRB5_PLUGIN_NO_HANDLE;
if (strlcpy(lname, heim_string_get_utf8(ctx.luser), lnsize) >= lnsize)
ret = KRB5_CONFIG_NOTENUFSPACE;
heim_release(ctx.luser);
return ret;
}
static void
db_plugins_init(void *arg)
{
krb5_context context = arg;
(void)_krb5_plugin_run_f(context, &db_plugin_data, 0, NULL,
db_plugins_plcallback);
}
static void
db_plugins_init(void *arg)
{
krb5_context context = arg;
(void)_krb5_plugin_run_f(context, "krb5", KRB5_PLUGIN_DB,
KRB5_PLUGIN_DB_VERSION_0, 0, NULL,
db_plugins_plcallback);
}
krb5_error_code
hdb_list_builtin(krb5_context context, char **list)
{
const struct hdb_method *h;
size_t len = 0;
char *buf = NULL;
for (h = methods; h->prefix != NULL; ++h) {
if (h->prefix[0] == '\0')
continue;
len += strlen(h->prefix) + 2;
}
len += 1;
buf = malloc(len);
if (buf == NULL) {
return krb5_enomem(context);
}
buf[0] = '\0';
for (h = methods; h->prefix != NULL; ++h) {
if (h->create == NULL) {
struct cb_s cb_ctx;
char *f;
char *sym;
/* Try loading the plugin */
if (asprintf(&f, "%sfoo", h->prefix) == -1)
f = NULL;
if ((sym = make_sym(h->prefix)) == NULL) {
free(buf);
free(f);
return krb5_enomem(context);
}
cb_ctx.filename = f;
cb_ctx.residual = NULL;
cb_ctx.h = NULL;
(void)_krb5_plugin_run_f(context, "krb5", sym,
HDB_INTERFACE_VERSION, 0, &cb_ctx,
callback);
free(f);
free(sym);
if (cb_ctx.h == NULL || cb_ctx.h->create == NULL)
continue;
}
if (h != methods)
strlcat(buf, ", ", len);
strlcat(buf, h->prefix, len);
}
*list = buf;
return 0;
}
static void
plugin_get_hosts(krb5_context context,
struct krb5_krbhst_data *kd,
enum locate_service_type type)
{
struct plctx ctx = { type, kd, 0 };
if (_krb5_homedir_access(context))
ctx.flags |= KRB5_PLF_ALLOW_HOMEDIR;
_krb5_plugin_run_f(context, "krb5", KRB5_PLUGIN_LOCATE,
KRB5_PLUGIN_LOCATE_VERSION_0,
0, &ctx, plcallback);
}
static krb5_error_code
realm_via_plugin(krb5_context context,
krb5_const_realm realm,
time_t timeout,
const krb5_data *send_data,
krb5_data *receive)
{
struct send_via_plugin_s userctx;
userctx.realm = realm;
userctx.hi = NULL;
userctx.timeout = timeout;
userctx.send_data = send_data;
userctx.receive = receive;
return _krb5_plugin_run_f(context, &send_to_kdc_plugin_data, 0,
&userctx, realmcallback);
}
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
_krb5_kuserok(krb5_context context,
krb5_principal principal,
const char *luser,
krb5_boolean an2ln_ok)
{
static heim_base_once_t reg_def_plugins = HEIM_BASE_ONCE_INIT;
krb5_error_code ret;
struct plctx ctx;
char **rules;
/*
* XXX we should have a struct with a krb5_context field and a
* krb5_error_code fied and pass the address of that as the ctx
* argument of heim_base_once_f(). For now we use a static to
* communicate failures. Actually, we ignore failures anyways,
* since we can't return them.
*/
heim_base_once_f(®_def_plugins, context, reg_def_plugins_once);
ctx.flags = 0;
ctx.luser = luser;
ctx.principal = principal;
ctx.result = FALSE;
ctx.k5login_dir = krb5_config_get_string(context, NULL, "libdefaults",
"k5login_directory", NULL);
if (an2ln_ok)
ctx.flags |= KUSEROK_ANAME_TO_LNAME_OK;
if (krb5_config_get_bool_default(context, NULL, FALSE, "libdefaults",
"k5login_authoritative", NULL))
ctx.flags |= KUSEROK_K5LOGIN_IS_AUTHORITATIVE;
if ((ctx.flags & KUSEROK_K5LOGIN_IS_AUTHORITATIVE) && plugin_reg_ret)
return plugin_reg_ret; /* fail safe */
rules = krb5_config_get_strings(context, NULL, "libdefaults",
"kuserok", NULL);
if (rules == NULL) {
/* Default: check ~/.k5login */
ctx.rule = "USER-K5LOGIN";
ret = plcallback(context, &kuserok_user_k5login_plug, NULL, &ctx);
if (ret == 0)
goto out;
ctx.rule = "SIMPLE";
ret = plcallback(context, &kuserok_simple_plug, NULL, &ctx);
if (ret == 0)
goto out;
ctx.result = FALSE;
} else {
size_t n;
for (n = 0; rules[n]; n++) {
ctx.rule = rules[n];
ret = _krb5_plugin_run_f(context, "krb5", KRB5_PLUGIN_KUSEROK,
KRB5_PLUGIN_KUSEROK_VERSION_0, 0,
&ctx, plcallback);
if (ret != KRB5_PLUGIN_NO_HANDLE)
goto out;
}
}
out:
krb5_config_free_strings(rules);
return ctx.result;
}
