179
171
kret = krb5_aprof_getvals (acontext, hierarchy, &values);
188
180
valp = values[idx];
189
181
kret = string_to_boolean (valp, &val);
182
profile_free_list(values);
197
* krb5_aprof_get_deltat() - Get a delta time value from the alternate
190
* krb5_aprof_get_deltat() - Get a delta time value from the alternate
201
* acontext - opaque context for alternate profile.
202
* hierarchy - hierarchy of value to retrieve.
203
* uselast - if true, use last value, otherwise use
205
* deltatp - returned delta time value.
194
* acontext - opaque context for alternate profile.
195
* hierarchy - hierarchy of value to retrieve.
196
* uselast - if true, use last value, otherwise use
198
* deltatp - returned delta time value.
208
* error codes from profile_get_values()
209
* error codes from krb5_string_to_deltat()
201
* error codes from profile_get_values()
202
* error codes from krb5_string_to_deltat()
212
205
krb5_aprof_get_deltat(acontext, hierarchy, uselast, deltatp)
213
krb5_pointer acontext;
214
const char **hierarchy;
215
krb5_boolean uselast;
216
krb5_deltat *deltatp;
206
krb5_pointer acontext;
207
const char **hierarchy;
208
krb5_boolean uselast;
209
krb5_deltat *deltatp;
218
krb5_error_code kret;
211
krb5_error_code kret;
223
216
if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) {
226
for (idx=0; values[idx]; idx++);
230
kret = krb5_string_to_deltat(valp, deltatp);
219
for (idx=0; values[idx]; idx++);
223
kret = krb5_string_to_deltat(valp, deltatp);
232
/* Free the string storage */
233
for (idx=0; values[idx]; idx++)
234
krb5_xfree(values[idx]);
225
/* Free the string storage */
226
profile_free_list(values);
241
* krb5_aprof_get_string() - Get a string value from the alternate
232
* krb5_aprof_get_string() - Get a string value from the alternate
245
* acontext - opaque context for alternate profile.
246
* hierarchy - hierarchy of value to retrieve.
247
* uselast - if true, use last value, otherwise use
249
* stringp - returned string value.
236
* acontext - opaque context for alternate profile.
237
* hierarchy - hierarchy of value to retrieve.
238
* uselast - if true, use last value, otherwise use
240
* stringp - returned string value.
252
* error codes from profile_get_values()
243
* error codes from profile_get_values()
255
246
krb5_aprof_get_string(acontext, hierarchy, uselast, stringp)
256
krb5_pointer acontext;
257
const char **hierarchy;
258
krb5_boolean uselast;
247
krb5_pointer acontext;
248
const char **hierarchy;
249
krb5_boolean uselast;
261
krb5_error_code kret;
252
krb5_error_code kret;
265
256
if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) {
268
for (idx=0; values[idx]; idx++);
272
*stringp = values[idx];
274
/* Free the string storage */
275
for (i=0; values[i]; i++)
277
krb5_xfree(values[i]);
257
for (lastidx=0; values[lastidx]; lastidx++);
260
/* Excise the entry we want from the null-terminated list,
261
and free up the rest. */
263
*stringp = values[lastidx];
264
values[lastidx] = NULL;
266
*stringp = values[0];
267
values[0] = values[lastidx];
268
values[lastidx] = NULL;
271
/* Free the string storage */
272
profile_free_list(values);
284
* krb5_aprof_get_int32() - Get a 32-bit integer value from the alternate
288
* acontext - opaque context for alternate profile.
289
* hierarchy - hierarchy of value to retrieve.
290
* uselast - if true, use last value, otherwise use
292
* intp - returned 32-bit integer value.
295
* error codes from profile_get_values()
296
* EINVAL - value is not an integer
278
* krb5_aprof_get_string_all() - When the attr identified by "hierarchy" is specified multiple times,
279
* collect all its string values from the alternate profile.
282
* acontext - opaque context for alternate profile.
283
* hierarchy - hierarchy of value to retrieve.
284
* stringp - Returned string value.
287
* error codes from profile_get_values() or ENOMEM
288
* Caller is responsible for deallocating stringp buffer
291
krb5_aprof_get_string_all(acontext, hierarchy, stringp)
292
krb5_pointer acontext;
293
const char **hierarchy;
296
krb5_error_code kret=0;
301
kret = krb5_aprof_getvals(acontext, hierarchy, &values);
303
for (lastidx=0; values[lastidx]; lastidx++);
306
buf_size = strlen(values[0])+3;
307
for (lastidx=1; values[lastidx]; lastidx++){
308
buf_size += strlen(values[lastidx]) + 3;
312
*stringp = calloc(1,buf_size);
313
if (*stringp == NULL){
314
profile_free_list(values);
318
strlcpy(tmp, values[0], buf_size);
319
for (lastidx=1; values[lastidx]; lastidx++){
320
tmp = strcat(tmp, " ");
321
tmp = strcat(tmp, values[lastidx]);
323
/* Free the string storage */
324
profile_free_list(values);
331
* krb5_aprof_get_int32() - Get a 32-bit integer value from the alternate
335
* acontext - opaque context for alternate profile.
336
* hierarchy - hierarchy of value to retrieve.
337
* uselast - if true, use last value, otherwise use
339
* intp - returned 32-bit integer value.
342
* error codes from profile_get_values()
343
* EINVAL - value is not an integer
299
346
krb5_aprof_get_int32(acontext, hierarchy, uselast, intp)
300
krb5_pointer acontext;
301
const char **hierarchy;
302
krb5_boolean uselast;
347
krb5_pointer acontext;
348
const char **hierarchy;
349
krb5_boolean uselast;
305
krb5_error_code kret;
352
krb5_error_code kret;
309
356
if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) {
312
for (idx=0; values[idx]; idx++);
316
if (sscanf(values[idx], "%d", intp) != 1)
319
/* Free the string storage */
320
for (idx=0; values[idx]; idx++)
321
krb5_xfree(values[idx]);
359
for (idx=0; values[idx]; idx++);
363
if (sscanf(values[idx], "%d", intp) != 1)
366
/* Free the string storage */
367
profile_free_list(values);
328
* krb5_aprof_finish() - Finish alternate profile context.
373
* krb5_aprof_finish() - Finish alternate profile context.
331
* acontext - opaque context for alternate profile.
376
* acontext - opaque context for alternate profile.
334
* 0 on success, something else on failure.
379
* 0 on success, something else on failure.
337
382
krb5_aprof_finish(acontext)
338
krb5_pointer acontext;
383
krb5_pointer acontext;
340
385
profile_release(acontext);
390
* Returns nonzero if it found something to copy; the caller may still
391
* need to check the output field or mask to see if the copy
392
* (allocation) was successful. Returns zero if nothing was found to
393
* copy, and thus the caller may want to apply some default heuristic.
394
* If the default action is just to use a fixed, compiled-in string,
395
* supply it as the default value here and ignore the return value.
398
get_string_param(char **param_out, char *param_in,
399
long *mask_out, long mask_in, long mask_bit,
400
krb5_pointer aprofile,
401
const char **hierarchy,
402
const char *config_name,
403
const char *default_value)
407
hierarchy[2] = config_name;
408
if (mask_in & mask_bit) {
409
*param_out = strdup(param_in);
411
*mask_out |= mask_bit;
413
} else if (aprofile &&
414
!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
416
*mask_out |= mask_bit;
418
} else if (default_value) {
419
*param_out = strdup(default_value);
421
*mask_out |= mask_bit;
428
* Similar, for (host-order) port number, if not already set in the
429
* output field; default_value==0 means no default.
432
get_port_param(int *param_out, int param_in,
433
long *mask_out, long mask_in, long mask_bit,
434
krb5_pointer aprofile,
435
const char **hierarchy,
436
const char *config_name,
441
if (! (*mask_out & mask_bit)) {
442
hierarchy[2] = config_name;
443
if (mask_in & mask_bit) {
444
*mask_out |= mask_bit;
445
*param_out = param_in;
446
} else if (aprofile &&
447
!krb5_aprof_get_int32(aprofile, hierarchy, TRUE, &ivalue)) {
449
*mask_out |= mask_bit;
450
} else if (default_value) {
451
*param_out = default_value;
452
*mask_out |= mask_bit;
457
* Similar, for delta_t; default is required.
460
get_deltat_param(krb5_deltat *param_out, krb5_deltat param_in,
461
long *mask_out, long mask_in, long mask_bit,
462
krb5_pointer aprofile,
463
const char **hierarchy,
464
const char *config_name,
465
krb5_deltat default_value)
469
hierarchy[2] = config_name;
470
if (mask_in & mask_bit) {
471
*mask_out |= mask_bit;
472
*param_out = param_in;
473
} else if (aprofile &&
474
!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) {
475
*param_out = dtvalue;
476
*mask_out |= mask_bit;
478
*param_out = default_value;
479
*mask_out |= mask_bit;
345
484
* Function: kadm5_get_config_params
347
486
* Purpose: Merge configuration parameters provided by the caller with
410
553
* defaults for NULL values.
412
555
if (use_kdc_config) {
413
filename = DEFAULT_KDC_PROFILE;
414
envname = KDC_PROFILE_ENV;
556
filename = DEFAULT_KDC_PROFILE;
557
envname = KDC_PROFILE_ENV;
416
filename = DEFAULT_PROFILE_PATH;
417
envname = "KRB5_CONFIG";
559
filename = DEFAULT_PROFILE_PATH;
560
envname = "KRB5_CONFIG";
419
562
if (context->profile_secure == TRUE) envname = 0;
421
564
kret = krb5_aprof_init(filename, envname, &aprofile);
425
568
/* Initialize realm parameters */
426
hierarchy[0] = "realms";
569
hierarchy[0] = KRB5_CONF_REALMS;
427
570
hierarchy[1] = lrealm;
428
571
hierarchy[3] = (char *) NULL;
573
#define GET_STRING_PARAM(FIELD, BIT, CONFTAG, DEFAULT) \
574
get_string_param(¶ms.FIELD, params_in->FIELD, \
575
¶ms.mask, params_in->mask, BIT, \
576
aprofile, hierarchy, CONFTAG, DEFAULT)
430
578
/* Get the value for the admin server */
431
hierarchy[2] = "admin_server";
432
if (params_in->mask & KADM5_CONFIG_ADMIN_SERVER) {
433
params.admin_server = strdup(params_in->admin_server);
434
if (params.admin_server)
435
params.mask |= KADM5_CONFIG_ADMIN_SERVER;
436
} else if (aprofile &&
437
!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
438
params.admin_server = svalue;
439
params.mask |= KADM5_CONFIG_ADMIN_SERVER;
579
GET_STRING_PARAM(admin_server, KADM5_CONFIG_ADMIN_SERVER, KRB5_CONF_ADMIN_SERVER,
441
582
if (params.mask & KADM5_CONFIG_ADMIN_SERVER) {
443
p = strchr(params.admin_server, ':');
445
params.kadmind_port = atoi(p+1);
446
params.mask |= KADM5_CONFIG_KADMIND_PORT;
584
p = strchr(params.admin_server, ':');
586
params.kadmind_port = atoi(p+1);
587
params.mask |= KADM5_CONFIG_KADMIND_PORT;
451
592
/* Get the value for the database */
452
hierarchy[2] = "database_name";
453
if (params_in->mask & KADM5_CONFIG_DBNAME) {
454
params.dbname = strdup(params_in->dbname);
456
params.mask |= KADM5_CONFIG_DBNAME;
457
} else if (aprofile &&
458
!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
459
params.dbname = svalue;
460
params.mask |= KADM5_CONFIG_DBNAME;
462
params.dbname = strdup(DEFAULT_KDB_FILE);
464
params.mask |= KADM5_CONFIG_DBNAME;
468
* admin database name and lockfile are now always derived from dbname
470
if (params.mask & KADM5_CONFIG_DBNAME) {
471
params.admin_dbname = (char *) malloc(strlen(params.dbname) + 7);
472
if (params.admin_dbname) {
473
sprintf(params.admin_dbname, "%s.kadm5", params.dbname);
474
params.mask |= KADM5_CONFIG_ADBNAME;
478
if (params.mask & KADM5_CONFIG_ADBNAME) {
479
params.admin_lockfile = (char *) malloc(strlen(params.admin_dbname)
481
if (params.admin_lockfile) {
482
sprintf(params.admin_lockfile, "%s.lock", params.admin_dbname);
483
params.mask |= KADM5_CONFIG_ADB_LOCKFILE;
593
GET_STRING_PARAM(dbname, KADM5_CONFIG_DBNAME, KRB5_CONF_DATABASE_NAME,
596
params.admin_dbname_was_here = NULL;
597
params.admin_lockfile_was_here = NULL;
598
/* never set KADM5_CONFIG_ADBNAME, KADM5_CONFIG_ADB_LOCKFILE */
487
600
/* Get the value for the admin (policy) database lock file*/
488
hierarchy[2] = "admin_keytab";
489
if (params_in->mask & KADM5_CONFIG_ADMIN_KEYTAB) {
490
params.admin_keytab = strdup(params_in->admin_keytab);
491
if (params.admin_keytab)
492
params.mask |= KADM5_CONFIG_ADMIN_KEYTAB;
493
} else if (aprofile &&
494
!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
495
params.mask |= KADM5_CONFIG_ADMIN_KEYTAB;
496
params.admin_keytab = svalue;
497
} else if ((params.admin_keytab = (char *) getenv("KRB5_KTNAME"))) {
498
params.admin_keytab = strdup(params.admin_keytab);
499
if (params.admin_keytab)
500
params.mask |= KADM5_CONFIG_ADMIN_KEYTAB;
502
params.admin_keytab = strdup(DEFAULT_KADM5_KEYTAB);
503
if (params.admin_keytab)
504
params.mask |= KADM5_CONFIG_ADMIN_KEYTAB;
601
if (!GET_STRING_PARAM(admin_keytab, KADM5_CONFIG_ADMIN_KEYTAB,
602
KRB5_CONF_ADMIN_KEYTAB, NULL)) {
603
const char *s = getenv("KRB5_KTNAME");
605
s = DEFAULT_KADM5_KEYTAB;
606
params.admin_keytab = strdup(s);
607
if (params.admin_keytab)
608
params.mask |= KADM5_CONFIG_ADMIN_KEYTAB;
507
611
/* Get the name of the acl file */
508
hierarchy[2] = "acl_file";
509
if (params_in->mask & KADM5_CONFIG_ACL_FILE) {
510
params.acl_file = strdup(params_in->acl_file);
512
params.mask |= KADM5_CONFIG_ACL_FILE;
513
} else if (aprofile &&
514
!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
515
params.mask |= KADM5_CONFIG_ACL_FILE;
516
params.acl_file = svalue;
518
params.acl_file = strdup(DEFAULT_KADM5_ACL_FILE);
520
params.mask |= KADM5_CONFIG_ACL_FILE;
612
GET_STRING_PARAM(acl_file, KADM5_CONFIG_ACL_FILE, KRB5_CONF_ACL_FILE,
613
DEFAULT_KADM5_ACL_FILE);
523
615
/* Get the name of the dict file */
524
hierarchy[2] = "dict_file";
525
if (params_in->mask & KADM5_CONFIG_DICT_FILE) {
526
params.dict_file = strdup(params_in->dict_file);
527
if (params.dict_file)
528
params.mask |= KADM5_CONFIG_DICT_FILE;
529
} else if (aprofile &&
530
!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
531
params.mask |= KADM5_CONFIG_DICT_FILE;
532
params.dict_file = svalue;
616
GET_STRING_PARAM(dict_file, KADM5_CONFIG_DICT_FILE, KRB5_CONF_DICT_FILE, NULL);
618
#define GET_PORT_PARAM(FIELD, BIT, CONFTAG, DEFAULT) \
619
get_port_param(¶ms.FIELD, params_in->FIELD, \
620
¶ms.mask, params_in->mask, BIT, \
621
aprofile, hierarchy, CONFTAG, DEFAULT)
535
622
/* Get the value for the kadmind port */
536
if (! (params.mask & KADM5_CONFIG_KADMIND_PORT)) {
537
hierarchy[2] = "kadmind_port";
538
if (params_in->mask & KADM5_CONFIG_KADMIND_PORT) {
539
params.mask |= KADM5_CONFIG_KADMIND_PORT;
540
params.kadmind_port = params_in->kadmind_port;
541
} else if (aprofile &&
542
!krb5_aprof_get_int32(aprofile, hierarchy, TRUE,
544
params.kadmind_port = ivalue;
545
params.mask |= KADM5_CONFIG_KADMIND_PORT;
547
params.kadmind_port = DEFAULT_KADM5_PORT;
548
params.mask |= KADM5_CONFIG_KADMIND_PORT;
623
GET_PORT_PARAM(kadmind_port, KADM5_CONFIG_KADMIND_PORT,
624
KRB5_CONF_KADMIND_PORT, DEFAULT_KADM5_PORT);
552
626
/* Get the value for the kpasswd port */
553
if (! (params.mask & KADM5_CONFIG_KPASSWD_PORT)) {
554
hierarchy[2] = "kpasswd_port";
555
if (params_in->mask & KADM5_CONFIG_KPASSWD_PORT) {
556
params.mask |= KADM5_CONFIG_KPASSWD_PORT;
557
params.kpasswd_port = params_in->kpasswd_port;
558
} else if (aprofile &&
559
!krb5_aprof_get_int32(aprofile, hierarchy, TRUE,
561
params.kpasswd_port = ivalue;
562
params.mask |= KADM5_CONFIG_KPASSWD_PORT;
564
params.kpasswd_port = DEFAULT_KPASSWD_PORT;
565
params.mask |= KADM5_CONFIG_KPASSWD_PORT;
627
GET_PORT_PARAM(kpasswd_port, KADM5_CONFIG_KPASSWD_PORT,
628
KRB5_CONF_KPASSWD_PORT, DEFAULT_KPASSWD_PORT);
569
630
/* Get the value for the master key name */
570
hierarchy[2] = "master_key_name";
571
if (params_in->mask & KADM5_CONFIG_MKEY_NAME) {
572
params.mkey_name = strdup(params_in->mkey_name);
573
if (params.mkey_name)
574
params.mask |= KADM5_CONFIG_MKEY_NAME;
575
} else if (aprofile &&
576
!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
577
params.mask |= KADM5_CONFIG_MKEY_NAME;
578
params.mkey_name = svalue;
631
GET_STRING_PARAM(mkey_name, KADM5_CONFIG_MKEY_NAME,
632
KRB5_CONF_MASTER_KEY_NAME, NULL);
581
634
/* Get the value for the master key type */
582
hierarchy[2] = "master_key_type";
635
hierarchy[2] = KRB5_CONF_MASTER_KEY_TYPE;
583
636
if (params_in->mask & KADM5_CONFIG_ENCTYPE) {
584
params.mask |= KADM5_CONFIG_ENCTYPE;
585
params.enctype = params_in->enctype;
637
params.mask |= KADM5_CONFIG_ENCTYPE;
638
params.enctype = params_in->enctype;
586
639
} else if (aprofile &&
587
!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
588
if (!krb5_string_to_enctype(svalue, ¶ms.enctype)) {
589
params.mask |= KADM5_CONFIG_ENCTYPE;
640
!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
641
if (!krb5_string_to_enctype(svalue, ¶ms.enctype)) {
642
params.mask |= KADM5_CONFIG_ENCTYPE;
593
params.mask |= KADM5_CONFIG_ENCTYPE;
594
params.enctype = DEFAULT_KDC_ENCTYPE;
646
params.mask |= KADM5_CONFIG_ENCTYPE;
647
params.enctype = DEFAULT_KDC_ENCTYPE;
597
650
/* Get the value for mkey_from_kbd */
598
651
if (params_in->mask & KADM5_CONFIG_MKEY_FROM_KBD) {
599
params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
600
params.mkey_from_kbd = params_in->mkey_from_kbd;
652
params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
653
params.mkey_from_kbd = params_in->mkey_from_kbd;
603
656
/* Get the value for the stashfile */
604
hierarchy[2] = "key_stash_file";
605
if (params_in->mask & KADM5_CONFIG_STASH_FILE) {
606
params.stash_file = strdup(params_in->stash_file);
607
if (params.stash_file)
608
params.mask |= KADM5_CONFIG_STASH_FILE;
609
} else if (aprofile &&
610
!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
611
params.mask |= KADM5_CONFIG_STASH_FILE;
612
params.stash_file = svalue;
657
GET_STRING_PARAM(stash_file, KADM5_CONFIG_STASH_FILE,
658
KRB5_CONF_KEY_STASH_FILE, NULL);
615
660
/* Get the value for maximum ticket lifetime. */
616
hierarchy[2] = "max_life";
617
if (params_in->mask & KADM5_CONFIG_MAX_LIFE) {
618
params.mask |= KADM5_CONFIG_MAX_LIFE;
619
params.max_life = params_in->max_life;
620
} else if (aprofile &&
621
!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) {
622
params.max_life = dtvalue;
623
params.mask |= KADM5_CONFIG_MAX_LIFE;
625
params.max_life = 24 * 60 * 60; /* 1 day */
626
params.mask |= KADM5_CONFIG_MAX_LIFE;
661
#define GET_DELTAT_PARAM(FIELD, BIT, CONFTAG, DEFAULT) \
662
get_deltat_param(¶ms.FIELD, params_in->FIELD, \
663
¶ms.mask, params_in->mask, BIT, \
664
aprofile, hierarchy, CONFTAG, DEFAULT)
666
GET_DELTAT_PARAM(max_life, KADM5_CONFIG_MAX_LIFE, KRB5_CONF_MAX_LIFE,
667
24 * 60 * 60); /* 1 day */
629
669
/* Get the value for maximum renewable ticket lifetime. */
630
hierarchy[2] = "max_renewable_life";
631
if (params_in->mask & KADM5_CONFIG_MAX_RLIFE) {
632
params.mask |= KADM5_CONFIG_MAX_RLIFE;
633
params.max_rlife = params_in->max_rlife;
634
} else if (aprofile &&
635
!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) {
636
params.max_rlife = dtvalue;
637
params.mask |= KADM5_CONFIG_MAX_RLIFE;
639
params.max_rlife = 0;
640
params.mask |= KADM5_CONFIG_MAX_RLIFE;
670
GET_DELTAT_PARAM(max_rlife, KADM5_CONFIG_MAX_RLIFE, KRB5_CONF_MAX_RENEWABLE_LIFE,
643
673
/* Get the value for the default principal expiration */
644
hierarchy[2] = "default_principal_expiration";
674
hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_EXPIRATION;
645
675
if (params_in->mask & KADM5_CONFIG_EXPIRATION) {
646
params.mask |= KADM5_CONFIG_EXPIRATION;
647
params.expiration = params_in->expiration;
676
params.mask |= KADM5_CONFIG_EXPIRATION;
677
params.expiration = params_in->expiration;
648
678
} else if (aprofile &&
649
!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
650
if (!krb5_string_to_timestamp(svalue, ¶ms.expiration)) {
651
params.mask |= KADM5_CONFIG_EXPIRATION;
679
!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
680
if (!krb5_string_to_timestamp(svalue, ¶ms.expiration)) {
681
params.mask |= KADM5_CONFIG_EXPIRATION;
655
params.mask |= KADM5_CONFIG_EXPIRATION;
656
params.expiration = 0;
685
params.mask |= KADM5_CONFIG_EXPIRATION;
686
params.expiration = 0;
659
689
/* Get the value for the default principal flags */
660
hierarchy[2] = "default_principal_flags";
690
hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_FLAGS;
661
691
if (params_in->mask & KADM5_CONFIG_FLAGS) {
662
params.mask |= KADM5_CONFIG_FLAGS;
663
params.flags = params_in->flags;
692
params.mask |= KADM5_CONFIG_FLAGS;
693
params.flags = params_in->flags;
664
694
} else if (aprofile &&
665
!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
671
if ((ep = strchr(sp, (int) ',')) ||
672
(ep = strchr(sp, (int) ' ')) ||
673
(ep = strchr(sp, (int) '\t'))) {
674
/* Fill in trailing whitespace of sp */
676
while (isspace((int) *tp) && (tp > sp)) {
682
/* Skip over trailing whitespace of ep */
683
while (isspace((int) *ep) && (*ep)) ep++;
685
/* Convert this flag */
686
if (krb5_string_to_flags(sp,
694
params.mask |= KADM5_CONFIG_FLAGS;
695
!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
701
if ((ep = strchr(sp, (int) ',')) ||
702
(ep = strchr(sp, (int) ' ')) ||
703
(ep = strchr(sp, (int) '\t'))) {
704
/* Fill in trailing whitespace of sp */
706
while (isspace((int) *tp) && (tp > sp)) {
712
/* Skip over trailing whitespace of ep */
713
while (isspace((int) *ep) && (*ep)) ep++;
715
/* Convert this flag */
716
if (krb5_string_to_flags(sp,
724
params.mask |= KADM5_CONFIG_FLAGS;
697
params.mask |= KADM5_CONFIG_FLAGS;
698
params.flags = KRB5_KDB_DEF_FLAGS;
727
params.mask |= KADM5_CONFIG_FLAGS;
728
params.flags = KRB5_KDB_DEF_FLAGS;
701
731
/* Get the value for the supported enctype/salttype matrix */
702
hierarchy[2] = "supported_enctypes";
732
hierarchy[2] = KRB5_CONF_SUPPORTED_ENCTYPES;
703
733
if (params_in->mask & KADM5_CONFIG_ENCTYPES) {
704
734
/* The following scenario is when the input keysalts are !NULL */
705
735
if(params_in->keysalts) {
706
params.keysalts = copy_key_salt_tuple(params_in->keysalts,
707
params_in->num_keysalts);
708
if(params.keysalts) {
709
params.mask |= KADM5_CONFIG_ENCTYPES;
710
params.num_keysalts = params_in->num_keysalts;
713
params.mask |= KADM5_CONFIG_ENCTYPES;
715
params.num_keysalts = params_in->num_keysalts;
736
params.keysalts = copy_key_salt_tuple(params_in->keysalts,
737
params_in->num_keysalts);
738
if(params.keysalts) {
739
params.mask |= KADM5_CONFIG_ENCTYPES;
740
params.num_keysalts = params_in->num_keysalts;
743
params.mask |= KADM5_CONFIG_ENCTYPES;
745
params.num_keysalts = params_in->num_keysalts;
720
krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue);
722
svalue = strdup("des3-hmac-sha1:normal des-cbc-crc:normal");
724
params.keysalts = NULL;
725
params.num_keysalts = 0;
726
krb5_string_to_keysalts(svalue,
727
", \t",/* Tuple separators */
728
":.-", /* Key/salt separators */
729
0, /* No duplicates */
731
¶ms.num_keysalts);
732
if (params.num_keysalts)
733
params.mask |= KADM5_CONFIG_ENCTYPES;
750
krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue);
752
svalue = strdup(KRB5_DEFAULT_SUPPORTED_ENCTYPES);
754
params.keysalts = NULL;
755
params.num_keysalts = 0;
756
krb5_string_to_keysalts(svalue,
757
", \t",/* Tuple separators */
758
":.-", /* Key/salt separators */
759
0, /* No duplicates */
761
¶ms.num_keysalts);
762
if (params.num_keysalts)
763
params.mask |= KADM5_CONFIG_ENCTYPES;
768
hierarchy[2] = KRB5_CONF_IPROP_ENABLE;
770
params.iprop_enabled = FALSE;
771
params.mask |= KADM5_CONFIG_IPROP_ENABLED;
773
if (params_in->mask & KADM5_CONFIG_IPROP_ENABLED) {
774
params.mask |= KADM5_CONFIG_IPROP_ENABLED;
775
params.iprop_enabled = params_in->iprop_enabled;
779
!krb5_aprof_get_boolean(aprofile, hierarchy, TRUE, &bvalue)) {
780
params.iprop_enabled = bvalue;
781
params.mask |= KADM5_CONFIG_IPROP_ENABLED;
785
if (!GET_STRING_PARAM(iprop_logfile, KADM5_CONFIG_IPROP_LOGFILE,
786
KRB5_CONF_IPROP_LOGFILE, NULL)) {
787
if (params.mask & KADM5_CONFIG_DBNAME) {
788
if (asprintf(¶ms.iprop_logfile, "%s.ulog", params.dbname) >= 0) {
789
params.mask |= KADM5_CONFIG_IPROP_LOGFILE;
794
GET_PORT_PARAM(iprop_port, KADM5_CONFIG_IPROP_PORT,
795
KRB5_CONF_IPROP_PORT, 0);
797
hierarchy[2] = KRB5_CONF_IPROP_MASTER_ULOGSIZE;
799
params.iprop_ulogsize = DEF_ULOGENTRIES;
800
params.mask |= KADM5_CONFIG_ULOG_SIZE;
802
if (params_in->mask & KADM5_CONFIG_ULOG_SIZE) {
803
params.mask |= KADM5_CONFIG_ULOG_SIZE;
804
params.iprop_ulogsize = params_in->iprop_ulogsize;
806
if (aprofile && !krb5_aprof_get_int32(aprofile, hierarchy,
808
if (ivalue > MAX_ULOGENTRIES)
809
params.iprop_ulogsize = MAX_ULOGENTRIES;
810
else if (ivalue <= 0)
811
params.iprop_ulogsize = DEF_ULOGENTRIES;
813
params.iprop_ulogsize = ivalue;
814
params.mask |= KADM5_CONFIG_ULOG_SIZE;
818
GET_DELTAT_PARAM(iprop_poll_time, KADM5_CONFIG_POLL_TIME,
819
KRB5_CONF_IPROP_SLAVE_POLL, 2 * 60); /* 2m */
739
821
*params_out = params;
743
krb5_aprof_finish(aprofile);
825
krb5_aprof_finish(aprofile);
745
kadm5_free_config_params(context, ¶ms);
746
params_out->mask = 0;
827
kadm5_free_config_params(context, ¶ms);
828
params_out->mask = 0;
751
* kadm5_free_config_params() - Free data allocated by above.
833
* kadm5_free_config_params() - Free data allocated by above.
754
836
kadm5_free_config_params(context, params)
755
krb5_context context;
756
kadm5_config_params *params;
837
krb5_context context;
838
kadm5_config_params *params;
760
krb5_xfree(params->dbname);
761
if (params->mkey_name)
762
krb5_xfree(params->mkey_name);
763
if (params->stash_file)
764
krb5_xfree(params->stash_file);
765
if (params->keysalts)
766
krb5_xfree(params->keysalts);
767
if (params->admin_server)
768
free(params->admin_server);
769
if (params->admin_keytab)
770
free(params->admin_keytab);
771
if (params->dict_file)
772
free(params->dict_file);
773
if (params->acl_file)
774
free(params->acl_file);
777
if (params->admin_dbname)
778
free(params->admin_dbname);
779
if (params->admin_lockfile)
780
free(params->admin_lockfile);
841
free(params->dbname);
842
free(params->mkey_name);
843
free(params->stash_file);
844
free(params->keysalts);
845
free(params->admin_server);
846
free(params->admin_keytab);
847
free(params->dict_file);
848
free(params->acl_file);
850
free(params->iprop_logfile);
787
856
kadm5_get_admin_service_name(krb5_context ctx,
792
861
krb5_error_code ret;
793
862
kadm5_config_params params_in, params_out;
863
935
rparams = (krb5_realm_params *) NULL;
865
lrealm = strdup(realm);
937
lrealm = strdup(realm);
867
kret = krb5_get_default_realm(kcontext, &lrealm);
939
kret = krb5_get_default_realm(kcontext, &lrealm);
872
944
kret = krb5_aprof_init(filename, envname, &aprofile);
876
948
rparams = (krb5_realm_params *) malloc(sizeof(krb5_realm_params));
877
949
if (rparams == 0) {
882
954
/* Initialize realm parameters */
883
955
memset((char *) rparams, 0, sizeof(krb5_realm_params));
885
957
/* Get the value for the database */
886
hierarchy[0] = "realms";
958
hierarchy[0] = KRB5_CONF_REALMS;
887
959
hierarchy[1] = lrealm;
888
hierarchy[2] = "database_name";
960
hierarchy[2] = KRB5_CONF_DATABASE_NAME;
889
961
hierarchy[3] = (char *) NULL;
890
962
if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
891
rparams->realm_dbname = svalue;
963
rparams->realm_dbname = svalue;
893
965
/* Get the value for the KDC port list */
894
hierarchy[2] = "kdc_ports";
895
if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
896
rparams->realm_kdc_ports = svalue;
897
hierarchy[2] = "kdc_tcp_ports";
898
if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
899
rparams->realm_kdc_tcp_ports = svalue;
966
hierarchy[2] = KRB5_CONF_KDC_PORTS;
967
if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
968
rparams->realm_kdc_ports = svalue;
969
hierarchy[2] = KRB5_CONF_KDC_TCP_PORTS;
970
if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
971
rparams->realm_kdc_tcp_ports = svalue;
901
973
/* Get the name of the acl file */
902
hierarchy[2] = "acl_file";
974
hierarchy[2] = KRB5_CONF_ACL_FILE;
903
975
if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
904
rparams->realm_acl_file = svalue;
976
rparams->realm_acl_file = svalue;
906
978
/* Get the value for the kadmind port */
907
hierarchy[2] = "kadmind_port";
979
hierarchy[2] = KRB5_CONF_KADMIND_PORT;
908
980
if (!krb5_aprof_get_int32(aprofile, hierarchy, TRUE, &ivalue)) {
909
rparams->realm_kadmind_port = ivalue;
910
rparams->realm_kadmind_port_valid = 1;
981
rparams->realm_kadmind_port = ivalue;
982
rparams->realm_kadmind_port_valid = 1;
913
985
/* Get the value for the master key name */
914
hierarchy[2] = "master_key_name";
986
hierarchy[2] = KRB5_CONF_MASTER_KEY_NAME;
915
987
if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
916
rparams->realm_mkey_name = svalue;
988
rparams->realm_mkey_name = svalue;
918
990
/* Get the value for the master key type */
919
hierarchy[2] = "master_key_type";
991
hierarchy[2] = KRB5_CONF_MASTER_KEY_TYPE;
920
992
if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
921
if (!krb5_string_to_enctype(svalue, &rparams->realm_enctype))
922
rparams->realm_enctype_valid = 1;
993
if (!krb5_string_to_enctype(svalue, &rparams->realm_enctype))
994
rparams->realm_enctype_valid = 1;
926
998
/* Get the value for the stashfile */
927
hierarchy[2] = "key_stash_file";
999
hierarchy[2] = KRB5_CONF_KEY_STASH_FILE;
928
1000
if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
929
rparams->realm_stash_file = svalue;
1001
rparams->realm_stash_file = svalue;
931
1003
/* Get the value for maximum ticket lifetime. */
932
hierarchy[2] = "max_life";
1004
hierarchy[2] = KRB5_CONF_MAX_LIFE;
933
1005
if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) {
934
rparams->realm_max_life = dtvalue;
935
rparams->realm_max_life_valid = 1;
1006
rparams->realm_max_life = dtvalue;
1007
rparams->realm_max_life_valid = 1;
938
1010
/* Get the value for maximum renewable ticket lifetime. */
939
hierarchy[2] = "max_renewable_life";
1011
hierarchy[2] = KRB5_CONF_MAX_RENEWABLE_LIFE;
940
1012
if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) {
941
rparams->realm_max_rlife = dtvalue;
942
rparams->realm_max_rlife_valid = 1;
1013
rparams->realm_max_rlife = dtvalue;
1014
rparams->realm_max_rlife_valid = 1;
945
1017
/* Get the value for the default principal expiration */
946
hierarchy[2] = "default_principal_expiration";
1018
hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_EXPIRATION;
947
1019
if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
948
if (!krb5_string_to_timestamp(svalue,
949
&rparams->realm_expiration))
950
rparams->realm_expiration_valid = 1;
1020
if (!krb5_string_to_timestamp(svalue,
1021
&rparams->realm_expiration))
1022
rparams->realm_expiration_valid = 1;
954
hierarchy[2] = "reject_bad_transit";
1026
hierarchy[2] = KRB5_CONF_REJECT_BAD_TRANSIT;
955
1027
if (!krb5_aprof_get_boolean(aprofile, hierarchy, TRUE, &bvalue)) {
956
rparams->realm_reject_bad_transit = bvalue;
957
rparams->realm_reject_bad_transit_valid = 1;
1028
rparams->realm_reject_bad_transit = bvalue;
1029
rparams->realm_reject_bad_transit_valid = 1;
1032
hierarchy[2] = KRB5_CONF_NO_HOST_REFERRAL;
1033
if (!krb5_aprof_get_string_all(aprofile, hierarchy, &no_refrls))
1034
rparams->realm_no_host_referral = no_refrls;
1038
if (!no_refrls || krb5_match_config_pattern(no_refrls, KRB5_CONF_ASTERISK) == FALSE) {
1039
hierarchy[2] = KRB5_CONF_HOST_BASED_SERVICES;
1040
if (!krb5_aprof_get_string_all(aprofile, hierarchy, &host_based_srvcs))
1041
rparams->realm_host_based_services = host_based_srvcs;
1043
host_based_srvcs = 0;
960
1046
/* Get the value for the default principal flags */
961
hierarchy[2] = "default_principal_flags";
1047
hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_FLAGS;
962
1048
if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
966
rparams->realm_flags = 0;
968
if ((ep = strchr(sp, (int) ',')) ||
969
(ep = strchr(sp, (int) ' ')) ||
970
(ep = strchr(sp, (int) '\t'))) {
971
/* Fill in trailing whitespace of sp */
973
while (isspace((int) *tp) && (tp < sp)) {
979
/* Skip over trailing whitespace of ep */
980
while (isspace((int) *ep) && (*ep)) ep++;
982
/* Convert this flag */
983
if (krb5_string_to_flags(sp,
986
&rparams->realm_flags))
991
rparams->realm_flags_valid = 1;
1052
rparams->realm_flags = 0;
1054
if ((ep = strchr(sp, (int) ',')) ||
1055
(ep = strchr(sp, (int) ' ')) ||
1056
(ep = strchr(sp, (int) '\t'))) {
1057
/* Fill in trailing whitespace of sp */
1059
while (isspace((int) *tp) && (tp < sp)) {
1065
/* Skip over trailing whitespace of ep */
1066
while (isspace((int) *ep) && (*ep)) ep++;
1068
/* Convert this flag */
1069
if (krb5_string_to_flags(sp,
1072
&rparams->realm_flags))
1077
rparams->realm_flags_valid = 1;
995
1081
rparams->realm_keysalts = NULL;