/* Get the system default realm using hostrealm modules. */
static krb5_error_code
get_default_realm(krb5_context context, char **realm_out)
{
krb5_error_code ret;
struct hostrealm_module_handle **hp;
char **realms;
*realm_out = NULL;
if (context->hostrealm_handles == NULL) {
ret = load_hostrealm_modules(context);
if (ret)
return ret;
}
/* Give each module a chance to determine the default realm. */
for (hp = context->hostrealm_handles; *hp != NULL; hp++) {
ret = default_realm(context, *hp, &realms);
if (ret == 0) {
if (*realms == NULL) {
ret = KRB5_CONFIG_NODEFREALM;
} else {
*realm_out = strdup(realms[0]);
if (*realm_out == NULL)
ret = ENOMEM;
}
free_list(context, *hp, realms);
return ret;
} else if (ret != KRB5_PLUGIN_NO_HANDLE) {
return ret;
}
}
return KRB5_CONFIG_NODEFREALM;
}
/*
* Load a boolean option from Kerberos appdefaults. Takes the Kerberos
* context, the option, and the result location.
*/
void
sync_config_boolean(krb5_context ctx, const char *opt, bool *result)
{
realm_type realm;
int tmp;
/*
* The MIT version of krb5_appdefault_boolean takes an int * and the
* Heimdal version takes a krb5_boolean *, so hope that Heimdal always
* defines krb5_boolean to int or this will require more portability work.
*/
realm = default_realm(ctx);
krb5_appdefault_boolean(ctx, "krb5-sync", realm, opt, *result, &tmp);
*result = tmp;
free_default_realm(ctx, realm);
}
/*
* Load a string option from Kerberos appdefaults. Takes the Kerberos
* context, the option, and the result location.
*
* This requires an annoying workaround because one cannot specify a default
* value of NULL with MIT Kerberos, since MIT Kerberos unconditionally calls
* strdup on the default value. There's also no way to determine if memory
* allocation failed while parsing or while setting the default value, so we
* don't return an error code.
*/
void
sync_config_string(krb5_context ctx, const char *opt, char **result)
{
realm_type realm;
char *value = NULL;
/* Obtain the string from [appdefaults]. */
realm = default_realm(ctx);
krb5_appdefault_string(ctx, "krb5-sync", realm, opt, "", &value);
free_default_realm(ctx, realm);
/* If we got something back, store it in result. */
if (value != NULL) {
if (value[0] != '\0') {
free(*result);
*result = strdup(value);
}
krb5_free_string(ctx, value);
}
}
/*
* Load a list option from Kerberos appdefaults. Takes the Kerberos context,
* the option, and the result location. The option is read as a string and
* the split on spaces and tabs into a list.
*
* This requires an annoying workaround because one cannot specify a default
* value of NULL with MIT Kerberos, since MIT Kerberos unconditionally calls
* strdup on the default value. There's also no way to determine if memory
* allocation failed while parsing or while setting the default value.
*/
krb5_error_code
sync_config_list(krb5_context ctx, const char *opt, struct vector **result)
{
realm_type realm;
char *value = NULL;
/* Obtain the string from [appdefaults]. */
realm = default_realm(ctx);
krb5_appdefault_string(ctx, "krb5-sync", realm, opt, "", &value);
free_default_realm(ctx, realm);
/* If we got something back, store it in result. */
if (value != NULL) {
if (value[0] != '\0') {
*result = sync_vector_split_multi(value, " \t", *result);
if (*result == NULL)
return sync_error_system(ctx, "cannot allocate memory");
}
krb5_free_string(ctx, value);
}
return 0;
}
