static krb5_error_code
kpasswd_get_next(krb5_context context,
struct krb5_krbhst_data *kd,
krb5_krbhst_info **host)
{
krb5_error_code ret;
if ((kd->flags & KD_PLUGIN) == 0) {
plugin_get_hosts(context, kd, locate_service_kpasswd);
kd->flags |= KD_PLUGIN;
if(get_next(kd, host))
return 0;
}
if((kd->flags & KD_CONFIG) == 0) {
config_get_hosts(context, kd, "kpasswd_server");
kd->flags |= KD_CONFIG;
if(get_next(kd, host))
return 0;
}
if (kd->flags & KD_CONFIG_EXISTS) {
_krb5_debug(context, 1,
"Configuration exists for realm %s, wont go to DNS",
kd->realm);
return KRB5_KDC_UNREACH;
}
if(context->srv_lookup) {
if((kd->flags & KD_SRV_UDP) == 0) {
srv_get_hosts(context, kd, "udp", "kpasswd");
kd->flags |= KD_SRV_UDP;
if(get_next(kd, host))
return 0;
}
if((kd->flags & KD_SRV_TCP) == 0) {
srv_get_hosts(context, kd, "tcp", "kpasswd");
kd->flags |= KD_SRV_TCP;
if(get_next(kd, host))
return 0;
}
}
/* no matches -> try admin */
if (krbhst_empty(kd)) {
kd->flags = 0;
kd->port = kd->def_port;
kd->get_next = admin_get_next;
ret = (*kd->get_next)(context, kd, host);
if (ret == 0)
(*host)->proto = krbhst_get_default_proto(kd);
return ret;
}
_krb5_debug(context, 0, "No kpasswd entries found for realm %s", kd->realm);
return KRB5_KDC_UNREACH;
}
static struct krb5_krbhst_info*
parse_hostspec(krb5_context context, struct krb5_krbhst_data *kd,
const char *spec, int def_port, int port)
{
const char *p = spec, *q;
struct krb5_krbhst_info *hi;
hi = calloc(1, sizeof(*hi) + strlen(spec));
if(hi == NULL)
return NULL;
hi->proto = krbhst_get_default_proto(kd);
if(strncmp(p, "http://", 7) == 0){
hi->proto = KRB5_KRBHST_HTTP;
p += 7;
} else if(strncmp(p, "http/", 5) == 0) {
hi->proto = KRB5_KRBHST_HTTP;
p += 5;
def_port = ntohs(krb5_getportbyname (context, "http", "tcp", 80));
}else if(strncmp(p, "tcp/", 4) == 0){
hi->proto = KRB5_KRBHST_TCP;
p += 4;
} else if(strncmp(p, "udp/", 4) == 0) {
hi->proto = KRB5_KRBHST_UDP;
p += 4;
}
if (p[0] == '[' && (q = strchr(p, ']')) != NULL) {
/* if address looks like [foo:bar] or [foo:bar]: its a ipv6
adress, strip of [] */
memcpy(hi->hostname, &p[1], q - p - 1);
hi->hostname[q - p - 1] = '\0';
p = q + 1;
/* get trailing : */
if (p[0] == ':')
p++;
} else if(strsep_copy(&p, ":", hi->hostname, strlen(spec) + 1) < 0) {
/* copy everything before : */
free(hi);
return NULL;
}
/* get rid of trailing /, and convert to lower case */
hi->hostname[strcspn(hi->hostname, "/")] = '\0';
strlwr(hi->hostname);
hi->port = hi->def_port = def_port;
if(p != NULL && p[0]) {
char *end;
hi->port = strtol(p, &end, 0);
if(end == p) {
free(hi);
return NULL;
}
}
if (port)
hi->port = port;
return hi;
}
static krb5_error_code
kdc_get_next(krb5_context context,
struct krb5_krbhst_data *kd,
krb5_krbhst_info **host)
{
krb5_error_code ret;
if ((kd->flags & KD_PLUGIN) == 0) {
plugin_get_hosts(context, kd, locate_service_kdc);
kd->flags |= KD_PLUGIN;
if(get_next(kd, host))
return 0;
}
if((kd->flags & KD_CONFIG) == 0) {
config_get_hosts(context, kd, "kdc");
kd->flags |= KD_CONFIG;
if(get_next(kd, host))
return 0;
}
if (kd->flags & KD_CONFIG_EXISTS)
return KRB5_KDC_UNREACH; /* XXX */
if(context->srv_lookup) {
if((kd->flags & KD_SRV_UDP) == 0 && (kd->flags & KD_LARGE_MSG) == 0) {
srv_get_hosts(context, kd, "udp", "kerberos");
kd->flags |= KD_SRV_UDP;
if(get_next(kd, host))
return 0;
}
if((kd->flags & KD_SRV_TCP) == 0) {
srv_get_hosts(context, kd, "tcp", "kerberos");
kd->flags |= KD_SRV_TCP;
if(get_next(kd, host))
return 0;
}
if((kd->flags & KD_SRV_HTTP) == 0) {
srv_get_hosts(context, kd, "http", "kerberos");
kd->flags |= KD_SRV_HTTP;
if(get_next(kd, host))
return 0;
}
}
while((kd->flags & KD_FALLBACK) == 0) {
ret = fallback_get_hosts(context, kd, "kerberos",
kd->def_port,
krbhst_get_default_proto(kd));
if(ret)
return ret;
if(get_next(kd, host))
return 0;
}
return KRB5_KDC_UNREACH; /* XXX */
}
static krb5_error_code
admin_get_next(krb5_context context,
struct krb5_krbhst_data *kd,
krb5_krbhst_info **host)
{
krb5_error_code ret;
if ((kd->flags & KD_PLUGIN) == 0) {
plugin_get_hosts(context, kd, locate_service_kadmin);
kd->flags |= KD_PLUGIN;
if(get_next(kd, host))
return 0;
}
if((kd->flags & KD_CONFIG) == 0) {
config_get_hosts(context, kd, "admin_server");
kd->flags |= KD_CONFIG;
if(get_next(kd, host))
return 0;
}
if (kd->flags & KD_CONFIG_EXISTS) {
_krb5_debug(context, 1,
"Configuration exists for realm %s, wont go to DNS",
kd->realm);
return KRB5_KDC_UNREACH;
}
if(context->srv_lookup) {
if((kd->flags & KD_SRV_TCP) == 0) {
srv_get_hosts(context, kd, "tcp", "kerberos-adm");
kd->flags |= KD_SRV_TCP;
if(get_next(kd, host))
return 0;
}
}
if (krbhst_empty(kd)
&& (kd->flags & KD_FALLBACK) == 0) {
ret = fallback_get_hosts(context, kd, "kerberos",
kd->def_port,
krbhst_get_default_proto(kd));
if(ret)
return ret;
kd->flags |= KD_FALLBACK;
if(get_next(kd, host))
return 0;
}
_krb5_debug(context, 0, "No admin entries found for realm %s", kd->realm);
return KRB5_KDC_UNREACH; /* XXX */
}
static krb5_error_code
add_locate(void *ctx, int type, struct sockaddr *addr)
{
struct krb5_krbhst_info *hi;
struct krb5_krbhst_data *kd = ctx;
char host[NI_MAXHOST], port[NI_MAXSERV];
struct addrinfo hints, *ai;
socklen_t socklen;
size_t hostlen;
int ret;
socklen = socket_sockaddr_size(addr);
ret = getnameinfo(addr, socklen, host, sizeof(host), port, sizeof(port),
NI_NUMERICHOST|NI_NUMERICSERV);
if (ret != 0)
return 0;
make_hints(&hints, krbhst_get_default_proto(kd));
ret = getaddrinfo(host, port, &hints, &ai);
if (ret)
return 0;
hostlen = strlen(host);
hi = calloc(1, sizeof(*hi) + hostlen);
if(hi == NULL)
return ENOMEM;
hi->proto = krbhst_get_default_proto(kd);
hi->port = hi->def_port = socket_get_port(addr);
hi->ai = ai;
memmove(hi->hostname, host, hostlen);
hi->hostname[hostlen] = '\0';
append_host_hostinfo(kd, hi);
return 0;
}
static struct krb5_krbhst_info*
parse_hostspec(krb5_context context, struct krb5_krbhst_data *kd,
const char *spec, int def_port, int port)
{
const char *p = spec;
struct krb5_krbhst_info *hi;
hi = calloc(1, sizeof(*hi) + strlen(spec));
if(hi == NULL)
return NULL;
hi->proto = krbhst_get_default_proto(kd);
if(strncmp(p, "http://", 7) == 0){
hi->proto = KRB5_KRBHST_HTTP;
p += 7;
} else if(strncmp(p, "http/", 5) == 0) {
hi->proto = KRB5_KRBHST_HTTP;
p += 5;
def_port = ntohs(krb5_getportbyname (context, "http", "tcp", 80));
}else if(strncmp(p, "tcp/", 4) == 0){
hi->proto = KRB5_KRBHST_TCP;
p += 4;
} else if(strncmp(p, "udp/", 4) == 0) {
p += 4;
}
if(strsep_copy(&p, ":", hi->hostname, strlen(spec) + 1) < 0) {
free(hi);
return NULL;
}
/* get rid of trailing /, and convert to lower case */
hi->hostname[strcspn(hi->hostname, "/")] = '\0';
strlwr(hi->hostname);
hi->port = hi->def_port = def_port;
if(p != NULL) {
char *end;
hi->port = strtol(p, &end, 0);
if(end == p) {
free(hi);
return NULL;
}
}
if (port)
hi->port = port;
return hi;
}
static krb5_error_code
kpasswd_get_next(krb5_context context,
struct krb5_krbhst_data *kd,
krb5_krbhst_info **host)
{
krb5_error_code ret;
if((kd->flags & KD_CONFIG) == 0) {
config_get_hosts(context, kd, "kpasswd_server");
kd->flags |= KD_CONFIG;
if(get_next(kd, host))
return 0;
}
if (kd->flags & KD_CONFIG_EXISTS)
return KRB5_KDC_UNREACH; /* XXX */
if(context->srv_lookup) {
if((kd->flags & KD_SRV_UDP) == 0) {
srv_get_hosts(context, kd, "udp", "kpasswd");
kd->flags |= KD_SRV_UDP;
if(get_next(kd, host))
return 0;
}
if((kd->flags & KD_SRV_TCP) == 0) {
srv_get_hosts(context, kd, "tcp", "kpasswd");
kd->flags |= KD_SRV_TCP;
if(get_next(kd, host))
return 0;
}
}
/* no matches -> try admin */
if (krbhst_empty(kd)) {
kd->flags = 0;
kd->port = kd->def_port;
kd->get_next = admin_get_next;
ret = (*kd->get_next)(context, kd, host);
if (ret == 0)
(*host)->proto = krbhst_get_default_proto(kd);
return ret;
}
return KRB5_KDC_UNREACH; /* XXX */
}
static krb5_error_code
add_locate(void *ctx, int type, struct sockaddr *addr)
{
struct krb5_krbhst_data *kd = ctx;
char host[NI_MAXHOST], port[NI_MAXSERV];
socklen_t socklen;
krb5_error_code ret;
int proto, portnum;
socklen = socket_sockaddr_size(addr);
portnum = socket_get_port(addr);
ret = getnameinfo(addr, socklen, host, sizeof(host), port, sizeof(port),
NI_NUMERICHOST|NI_NUMERICSERV);
if (ret != 0)
return 0;
if (kd->port)
snprintf(port, sizeof(port), "%d", kd->port);
else if (atoi(port) == 0)
snprintf(port, sizeof(port), "%d", krbhst_get_default_port(kd));
proto = krbhst_get_default_proto(kd);
ret = add_plugin_host(kd, host, port, portnum, proto);
if (ret)
return ret;
/*
* This is really kind of broken and should be solved a different
* way, some sites block UDP, and we don't, in the general case,
* fall back to TCP, that should also be done. But since that
* should require us to invert the whole "find kdc" stack, let put
* this in for now.
*/
if (proto == KRB5_KRBHST_UDP) {
ret = add_plugin_host(kd, host, port, portnum, KRB5_KRBHST_TCP);
if (ret)
return ret;
}
return 0;
}
static krb5_error_code
admin_get_next(krb5_context context,
struct krb5_krbhst_data *kd,
krb5_krbhst_info **host)
{
krb5_error_code ret;
if((kd->flags & KD_CONFIG) == 0) {
config_get_hosts(context, kd, "admin_server");
kd->flags |= KD_CONFIG;
if(get_next(kd, host))
return 0;
}
if (kd->flags & KD_CONFIG_EXISTS)
return KRB5_KDC_UNREACH; /* XXX */
if(context->srv_lookup) {
if((kd->flags & KD_SRV_TCP) == 0) {
srv_get_hosts(context, kd, "tcp", "kerberos-adm");
kd->flags |= KD_SRV_TCP;
if(get_next(kd, host))
return 0;
}
}
if (krbhst_empty(kd)
&& (kd->flags & KD_FALLBACK) == 0) {
ret = fallback_get_hosts(context, kd, "kerberos",
kd->def_port,
krbhst_get_default_proto(kd));
if(ret)
return ret;
kd->flags |= KD_FALLBACK;
if(get_next(kd, host))
return 0;
}
return KRB5_KDC_UNREACH; /* XXX */
}
static krb5_error_code
kdc_get_next(krb5_context context,
struct krb5_krbhst_data *kd,
krb5_krbhst_info **host)
{
krb5_error_code ret;
if ((kd->flags & KD_HOSTNAMES) == 0) {
hostnames_get_hosts(context, kd, "kdc");
if(get_next(kd, host))
return 0;
}
if ((kd->flags & KD_PLUGIN) == 0) {
plugin_get_hosts(context, kd, locate_service_kdc);
kd->flags |= KD_PLUGIN;
if(get_next(kd, host))
return 0;
}
if((kd->flags & KD_CONFIG) == 0) {
config_get_hosts(context, kd, "kdc");
kd->flags |= KD_CONFIG;
if(get_next(kd, host))
return 0;
}
if (kd->flags & KD_CONFIG_EXISTS) {
_krb5_debug(context, 1,
"Configuration exists for realm %s, wont go to DNS",
kd->realm);
return KRB5_KDC_UNREACH;
}
if(context->srv_lookup) {
if((kd->flags & KD_SRV_UDP) == 0 && (kd->flags & KD_LARGE_MSG) == 0) {
srv_get_hosts(context, kd, "udp", "kerberos");
kd->flags |= KD_SRV_UDP;
if(get_next(kd, host))
return 0;
}
if((kd->flags & KD_SRV_TCP) == 0) {
srv_get_hosts(context, kd, "tcp", "kerberos");
kd->flags |= KD_SRV_TCP;
if(get_next(kd, host))
return 0;
}
if((kd->flags & KD_SRV_HTTP) == 0) {
srv_get_hosts(context, kd, "http", "kerberos");
kd->flags |= KD_SRV_HTTP;
if(get_next(kd, host))
return 0;
}
}
while((kd->flags & KD_FALLBACK) == 0) {
ret = fallback_get_hosts(context, kd, "kerberos",
kd->def_port,
krbhst_get_default_proto(kd));
if(ret)
return ret;
if(get_next(kd, host))
return 0;
}
_krb5_debug(context, 0, "No KDC entries found for %s", kd->realm);
return KRB5_KDC_UNREACH; /* XXX */
}