2
* Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
3
* (Royal Institute of Technology, Stockholm, Sweden).
6
* Redistribution and use in source and binary forms, with or without
7
* modification, are permitted provided that the following conditions
10
* 1. Redistributions of source code must retain the above copyright
11
* notice, this list of conditions and the following disclaimer.
13
* 2. Redistributions in binary form must reproduce the above copyright
14
* notice, this list of conditions and the following disclaimer in the
15
* documentation and/or other materials provided with the distribution.
17
* 3. Neither the name of the Institute nor the names of its contributors
18
* may be used to endorse or promote products derived from this software
19
* without specific prior written permission.
21
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34
#include "krb5_locl.h"
39
/* To automagically find the correct realm of a host (without
40
* [domain_realm] in krb5.conf) add a text record for your domain with
41
* the name of your realm, like this:
43
* _kerberos IN TXT "FOO.SE"
45
* The search is recursive, so you can add entries for specific
46
* hosts. To find the realm of host a.b.c, it first tries
47
* _kerberos.a.b.c, then _kerberos.b.c and so on.
49
* This method is described in draft-ietf-cat-krb-dns-locate-03.txt.
54
copy_txt_to_realms (struct resource_record *head,
57
struct resource_record *rr;
60
for(n = 0, rr = head; rr; rr = rr->next)
61
if (rr->type == T_TXT)
67
*realms = malloc ((n + 1) * sizeof(krb5_realm));
71
for (i = 0; i < n + 1; ++i)
74
for (i = 0, rr = head; rr; rr = rr->next) {
75
if (rr->type == T_TXT) {
78
tmp = strdup(rr->u.txt);
80
for (i = 0; i < n; ++i)
93
dns_find_realm(krb5_context context,
97
static const char *default_labels[] = { "_kerberos", NULL };
98
char dom[MAXHOSTNAMELEN];
101
char **config_labels;
104
config_labels = krb5_config_get_strings(context, NULL, "libdefaults",
105
"dns_lookup_realm_labels", NULL);
106
if(config_labels != NULL)
107
labels = (const char **)config_labels;
109
labels = default_labels;
112
for (i = 0; labels[i] != NULL; i++) {
113
ret = snprintf(dom, sizeof(dom), "%s.%s.", labels[i], domain);
114
if(ret < 0 || ret >= sizeof(dom)) {
116
krb5_config_free_strings(config_labels);
119
r = dns_lookup(dom, "TXT");
121
ret = copy_txt_to_realms (r->head, realms);
125
krb5_config_free_strings(config_labels);
131
krb5_config_free_strings(config_labels);
136
* Try to figure out what realms host in `domain' belong to from the
137
* configuration file.
141
config_find_realm(krb5_context context,
145
char **tmp = krb5_config_get_strings (context, NULL,
157
* This function assumes that `host' is a FQDN (and doesn't handle the
158
* special case of host == NULL either).
159
* Try to find mapping in the config file or DNS and it that fails,
160
* fall back to guessing
163
krb5_error_code KRB5_LIB_FUNCTION
164
_krb5_get_host_realm_int (krb5_context context,
166
krb5_boolean use_dns,
170
krb5_boolean dns_locate_enable;
172
dns_locate_enable = krb5_config_get_bool_default(context, NULL, TRUE,
173
"libdefaults", "dns_lookup_realm", NULL);
174
for (p = host; p != NULL; p = strchr (p + 1, '.')) {
175
if(config_find_realm(context, p, realms) == 0) {
176
if(strcasecmp(*realms[0], "dns_locate") == 0) {
178
for (q = host; q != NULL; q = strchr(q + 1, '.'))
179
if(dns_find_realm(context, q, realms) == 0)
185
else if(use_dns && dns_locate_enable) {
186
if(dns_find_realm(context, p, realms) == 0)
190
p = strchr(host, '.');
193
*realms = malloc(2 * sizeof(krb5_realm));
194
if (*realms == NULL) {
195
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
199
(*realms)[0] = strdup(p);
200
if((*realms)[0] == NULL) {
202
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
205
strupr((*realms)[0]);
209
krb5_set_error_message(context, KRB5_ERR_HOST_REALM_UNKNOWN,
210
N_("unable to find realm of host %s", ""),
212
return KRB5_ERR_HOST_REALM_UNKNOWN;
216
* Return the realm(s) of `host' as a NULL-terminated list in
217
* `realms'. Free `realms' with krb5_free_host_realm().
220
krb5_error_code KRB5_LIB_FUNCTION
221
krb5_get_host_realm(krb5_context context,
222
const char *targethost,
225
const char *host = targethost;
226
char hostname[MAXHOSTNAMELEN];
231
if (gethostname (hostname, sizeof(hostname))) {
239
* If our local hostname is without components, don't even try to dns.
242
use_dns = (strchr(host, '.') != NULL);
244
ret = _krb5_get_host_realm_int (context, host, use_dns, realms);
245
if (ret && targethost != NULL) {
247
* If there was no realm mapping for the host (and we wasn't
248
* looking for ourself), guess at the local realm, maybe our
249
* KDC knows better then we do and we get a referral back.
251
ret = krb5_get_default_realms(context, realms);
253
krb5_set_error_message(context, KRB5_ERR_HOST_REALM_UNKNOWN,
254
N_("Unable to find realm of host %s", ""),
256
return KRB5_ERR_HOST_REALM_UNKNOWN;