/* Heimdal */ krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters) { krb5_krbhst_handle hnd; krb5_krbhst_info *hinfo; krb5_error_code rc; int num_kdcs, i; struct sockaddr *sa; struct addrinfo *ai; *addr_pp = NULL; *naddrs = 0; rc = krb5_krbhst_init(ctx, realm->data, KRB5_KRBHST_KDC, &hnd); if (rc) { DEBUG(0, ("smb_krb5_locate_kdc: krb5_krbhst_init failed (%s)\n", error_message(rc))); return rc; } for ( num_kdcs = 0; (rc = krb5_krbhst_next(ctx, hnd, &hinfo) == 0); num_kdcs++) ; krb5_krbhst_reset(ctx, hnd); if (!num_kdcs) { DEBUG(0, ("smb_krb5_locate_kdc: zero kdcs found !\n")); krb5_krbhst_free(ctx, hnd); return -1; } sa = SMB_MALLOC_ARRAY( struct sockaddr, num_kdcs ); if (!sa) { DEBUG(0, ("smb_krb5_locate_kdc: malloc failed\n")); krb5_krbhst_free(ctx, hnd); naddrs = 0; return -1; } memset(sa, '\0', sizeof(struct sockaddr) * num_kdcs ); for (i = 0; i < num_kdcs && (rc = krb5_krbhst_next(ctx, hnd, &hinfo) == 0); i++) { #if defined(HAVE_KRB5_KRBHST_GET_ADDRINFO) rc = krb5_krbhst_get_addrinfo(ctx, hinfo, &ai); if (rc) { DEBUG(0,("krb5_krbhst_get_addrinfo failed: %s\n", error_message(rc))); continue; } #endif if (hinfo->ai && hinfo->ai->ai_family == AF_INET) memcpy(&sa[i], hinfo->ai->ai_addr, sizeof(struct sockaddr)); } krb5_krbhst_free(ctx, hnd); *naddrs = num_kdcs; *addr_pp = sa; return 0; }
static krb5_error_code gethostlist(krb5_context context, const char *realm, unsigned int type, char ***hostlist) { krb5_error_code ret; int nhost = 0; krb5_krbhst_handle handle; char host[MAXHOSTNAMELEN]; krb5_krbhst_info *hostinfo; ret = krb5_krbhst_init(context, realm, type, &handle); if (ret) return ret; while(krb5_krbhst_next(context, handle, &hostinfo) == 0) nhost++; if(nhost == 0) { krb5_set_error_message(context, KRB5_KDC_UNREACH, N_("No KDC found for realm %s", ""), realm); return KRB5_KDC_UNREACH; } *hostlist = calloc(nhost + 1, sizeof(**hostlist)); if(*hostlist == NULL) { krb5_krbhst_free(context, handle); return ENOMEM; } krb5_krbhst_reset(context, handle); nhost = 0; while(krb5_krbhst_next_as_string(context, handle, host, sizeof(host)) == 0) { if(((*hostlist)[nhost++] = strdup(host)) == NULL) { krb5_free_krbhst(context, *hostlist); krb5_krbhst_free(context, handle); return ENOMEM; } } (*hostlist)[nhost] = NULL; krb5_krbhst_free(context, handle); return 0; }
int main(int argc, char **argv) { krb5_error_code ret; krb5_context context; krb5_krbhst_handle handle; char host[MAXHOSTNAMELEN]; int found = 0; setprogname(argv[0]); ret = krb5_init_context(&context); if (ret) errx(1, "krb5_init_contex"); ret = krb5_plugin_register(context, PLUGIN_TYPE_DATA, KRB5_PLUGIN_LOCATE, &resolve); if (ret) krb5_err(context, 1, ret, "krb5_plugin_register"); ret = krb5_krbhst_init_flags(context, "NOTHERE.H5L.SE", KRB5_KRBHST_KDC, 0, &handle); if (ret) krb5_err(context, 1, ret, "krb5_krbhst_init_flags"); while(krb5_krbhst_next_as_string(context, handle, host, sizeof(host)) == 0){ found++; if (strcmp(host, "127.0.0.2") != 0 && strcmp(host, "tcp/127.0.0.2") != 0) krb5_errx(context, 1, "wrong address: %s", host); } if (!found) krb5_errx(context, 1, "failed to find host"); krb5_krbhst_free(context, handle); krb5_free_context(context); return 0; }
static krb5_error_code change_password_loop (krb5_context context, krb5_creds *creds, krb5_principal targprinc, char *newpw, int *result_code, krb5_data *result_code_string, krb5_data *result_string, struct kpwd_proc *proc) { krb5_error_code ret; krb5_auth_context auth_context = NULL; krb5_krbhst_handle handle = NULL; krb5_krbhst_info *hi; int sock; int i; int done = 0; krb5_realm realm = creds->client->realm; ret = krb5_auth_con_init (context, &auth_context); if (ret) return ret; krb5_auth_con_setflags (context, auth_context, KRB5_AUTH_CONTEXT_DO_SEQUENCE); ret = krb5_krbhst_init (context, realm, KRB5_KRBHST_CHANGEPW, &handle); if (ret) goto out; while (!done && (ret = krb5_krbhst_next(context, handle, &hi)) == 0) { struct addrinfo *ai, *a; int is_stream; switch (hi->proto) { case KRB5_KRBHST_UDP: if ((proc->flags & SUPPORT_UDP) == 0) continue; is_stream = 0; break; case KRB5_KRBHST_TCP: if ((proc->flags & SUPPORT_TCP) == 0) continue; is_stream = 1; break; default: continue; } ret = krb5_krbhst_get_addrinfo(context, hi, &ai); if (ret) continue; for (a = ai; !done && a != NULL; a = a->ai_next) { int replied = 0; sock = socket (a->ai_family, a->ai_socktype, a->ai_protocol); if (sock < 0) continue; ret = connect(sock, a->ai_addr, a->ai_addrlen); if (ret < 0) { close (sock); goto out; } ret = krb5_auth_con_genaddrs (context, auth_context, sock, KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR); if (ret) { close (sock); goto out; } for (i = 0; !done && i < 5; ++i) { fd_set fdset; struct timeval tv; if (!replied) { replied = 0; ret = (*proc->send_req) (context, &auth_context, creds, targprinc, is_stream, sock, newpw, hi->hostname); if (ret) { close(sock); goto out; } } if (sock >= FD_SETSIZE) { krb5_set_error_string(context, "fd %d too large", sock); ret = ERANGE; close (sock); goto out; } FD_ZERO(&fdset); FD_SET(sock, &fdset); tv.tv_usec = 0; tv.tv_sec = 1 + (1 << i); ret = select (sock + 1, &fdset, NULL, NULL, &tv); if (ret < 0 && errno != EINTR) { close(sock); goto out; } if (ret == 1) { ret = (*proc->process_rep) (context, auth_context, is_stream, sock, result_code, result_code_string, result_string, hi->hostname); if (ret == 0) done = 1; else if (i > 0 && ret == KRB5KRB_AP_ERR_MUT_FAIL) replied = 1; } else { ret = KRB5_KDC_UNREACH; } } close (sock); } } out: krb5_krbhst_free (context, handle); krb5_auth_con_free (context, auth_context); if (done) return 0; else { if (ret == KRB5_KDC_UNREACH) { krb5_set_error_string(context, "unable to reach any changepw server " " in realm %s", realm); *result_code = KRB5_KPASSWD_HARDERROR; } return ret; } }
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto_context(krb5_context context, krb5_sendto_ctx ctx, const krb5_data *send_data, const krb5_realm realm, krb5_data *receive) { krb5_error_code ret; krb5_krbhst_handle handle = NULL; int type, freectx = 0; int action; krb5_data_zero(receive); if (ctx == NULL) { freectx = 1; ret = krb5_sendto_ctx_alloc(context, &ctx); if (ret) return ret; } type = ctx->type; if (type == 0) { if ((ctx->flags & KRB5_KRBHST_FLAGS_MASTER) || context->use_admin_kdc) type = KRB5_KRBHST_ADMIN; else type = KRB5_KRBHST_KDC; } if ((int)send_data->length > context->large_msg_size) ctx->flags |= KRB5_KRBHST_FLAGS_LARGE_MSG; /* loop until we get back a appropriate response */ do { action = KRB5_SENDTO_DONE; krb5_data_free(receive); if (handle == NULL) { ret = krb5_krbhst_init_flags(context, realm, type, ctx->flags, &handle); if (ret) { if (freectx) krb5_sendto_ctx_free(context, ctx); return ret; } } ret = krb5_sendto(context, send_data, handle, receive); if (ret) break; if (ctx->func) { ret = (*ctx->func)(context, ctx, ctx->data, receive, &action); if (ret) break; } if (action != KRB5_SENDTO_CONTINUE) { krb5_krbhst_free(context, handle); handle = NULL; } } while (action != KRB5_SENDTO_DONE); if (handle) krb5_krbhst_free(context, handle); if (ret == KRB5_KDC_UNREACH) krb5_set_error_message(context, ret, N_("unable to reach any KDC in realm %s", ""), realm); if (ret) krb5_data_free(receive); if (freectx) krb5_sendto_ctx_free(context, ctx); return ret; }
kadm5_ret_t _kadm5_c_init_context(kadm5_client_context **ctx, kadm5_config_params *params, krb5_context context) { krb5_error_code ret; char *colon; *ctx = malloc(sizeof(**ctx)); if(*ctx == NULL) return ENOMEM; memset(*ctx, 0, sizeof(**ctx)); krb5_add_et_list (context, initialize_kadm5_error_table_r); set_funcs(*ctx); (*ctx)->context = context; if(params->mask & KADM5_CONFIG_REALM) { ret = 0; (*ctx)->realm = strdup(params->realm); if ((*ctx)->realm == NULL) ret = ENOMEM; } else ret = krb5_get_default_realm((*ctx)->context, &(*ctx)->realm); if (ret) { free(*ctx); return ret; } if(params->mask & KADM5_CONFIG_ADMIN_SERVER) (*ctx)->admin_server = strdup(params->admin_server); else { krb5_krbhst_handle handle = NULL; char host[MAXHOSTNAMELEN]; ret = krb5_krbhst_init(context, (*ctx)->realm, KRB5_KRBHST_ADMIN, &handle); if (ret == 0) ret = krb5_krbhst_next_as_string(context, handle, host, sizeof(host)); krb5_krbhst_free(context, handle); if (ret) { free((*ctx)->realm); free(*ctx); return ret; } (*ctx)->admin_server = strdup(host); } if ((*ctx)->admin_server == NULL) { free((*ctx)->realm); free(*ctx); return ENOMEM; } colon = strchr ((*ctx)->admin_server, ':'); if (colon != NULL) *colon++ = '\0'; (*ctx)->kadmind_port = 0; if(params->mask & KADM5_CONFIG_KADMIND_PORT) (*ctx)->kadmind_port = params->kadmind_port; else if (colon != NULL) { char *end; (*ctx)->kadmind_port = htons(strtol (colon, &end, 0)); } if ((*ctx)->kadmind_port == 0) (*ctx)->kadmind_port = krb5_getportbyname (context, "kerberos-adm", "tcp", 749); return 0; }