oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

remove krb4 support

Browse Source
This commit is contained in:
Love Hornquist Astrand
2010-11-20 14:38:21 -08:00
parent aa750c33d1
commit fae3d127a2
7 changed files with 0 additions and 1909 deletions
Download Patch File Download Diff File Expand all files Collapse all files

431
lib/krb5/principal.c
View File

@@ -1013,437 +1013,6 @@ krb5_principal_match(krb5_context context,
return TRUE;
}
#if defined(KRB4) || !defined(HEIMDAL_SMALLER)
static struct v4_name_convert {
const char *from;
const char *to;
} default_v4_name_convert[] = {
{ "ftp", "ftp" },
{ "hprop", "hprop" },
{ "pop", "pop" },
{ "imap", "imap" },
{ "rcmd", "host" },
{ "smtp", "smtp" },
{ NULL, NULL }
};
#endif
#ifdef KRB4
/*
* return the converted instance name of `name' in `realm'.
* look in the configuration file and then in the default set above.
* return NULL if no conversion is appropriate.
*/
static const char*
get_name_conversion(krb5_context context, const char *realm, const char *name)
{
struct v4_name_convert *q;
const char *p;
p = krb5_config_get_string(context, NULL, "realms", realm,
"v4_name_convert", "host", name, NULL);
if(p == NULL)
p = krb5_config_get_string(context, NULL, "libdefaults",
"v4_name_convert", "host", name, NULL);
if(p)
return p;
/* XXX should be possible to override default list */
p = krb5_config_get_string(context, NULL,
"realms",
realm,
"v4_name_convert",
"plain",
name,
NULL);
if(p)
return NULL;
p = krb5_config_get_string(context, NULL,
"libdefaults",
"v4_name_convert",
"plain",
name,
NULL);
if(p)
return NULL;
for(q = default_v4_name_convert; q->from; q++)
if(strcmp(q->from, name) == 0)
return q->to;
return NULL;
}
/*
* convert the v4 principal `name.instance@realm' to a v5 principal in `princ'.
* if `resolve', use DNS.
* if `func', use that function for validating the conversion
*/
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_425_conv_principal_ext2(krb5_context context,
const char *name,
const char *instance,
const char *realm,
krb5_boolean (*func)(krb5_context,
void *, krb5_principal),
void *funcctx,
krb5_boolean resolve,
krb5_principal *princ)
{
const char *p;
krb5_error_code ret;
krb5_principal pr;
char host[MAXHOSTNAMELEN];
char local_hostname[MAXHOSTNAMELEN];
/* do the following: if the name is found in the
`v4_name_convert:host' part, is assumed to be a `host' type
principal, and the instance is looked up in the
`v4_instance_convert' part. if not found there the name is
(optionally) looked up as a hostname, and if that doesn't yield
anything, the `default_domain' is appended to the instance
*/
if(instance == NULL)
goto no_host;
if(instance[0] == 0){
instance = NULL;
goto no_host;
}
p = get_name_conversion(context, realm, name);
if(p == NULL)
goto no_host;
name = p;
p = krb5_config_get_string(context, NULL, "realms", realm,
"v4_instance_convert", instance, NULL);
if(p){
instance = p;
ret = krb5_make_principal(context, &pr, realm, name, instance, NULL);
if (ret)
return ret;
if(func == NULL || (*func)(context, funcctx, pr)){
*princ = pr;
return 0;
}
krb5_free_principal(context, pr);
*princ = NULL;
krb5_clear_error_message (context);
return HEIM_ERR_V4_PRINC_NO_CONV;
}
if(resolve){
krb5_boolean passed = FALSE;
char *inst = NULL;
#ifdef USE_RESOLVER
struct rk_dns_reply *r;
r = rk_dns_lookup(instance, "aaaa");
if (r) {
if (r->head && r->head->type == rk_ns_t_aaaa) {
inst = strdup(r->head->domain);
passed = TRUE;
}
rk_dns_free_data(r);
} else {
r = rk_dns_lookup(instance, "a");
if (r) {
if(r->head && r->head->type == rk_ns_t_a) {
inst = strdup(r->head->domain);
passed = TRUE;
}
rk_dns_free_data(r);
}
}
#else
struct addrinfo hints, *ai;
memset (&hints, 0, sizeof(hints));
hints.ai_flags = AI_CANONNAME;
ret = getaddrinfo(instance, NULL, &hints, &ai);
if (ret == 0) {
const struct addrinfo *a;
for (a = ai; a != NULL; a = a->ai_next) {
if (a->ai_canonname != NULL) {
inst = strdup (a->ai_canonname);
passed = TRUE;
break;
}
}
freeaddrinfo (ai);
}
#endif
if (passed) {
if (inst == NULL) {
krb5_set_error_message(context, ENOMEM,
N_("malloc: out of memory", ""));
return ENOMEM;
}
strlwr(inst);
ret = krb5_make_principal(context, &pr, realm, name, inst,
NULL);
free (inst);
if(ret == 0) {
if(func == NULL || (*func)(context, funcctx, pr)){
*princ = pr;
return 0;
}
krb5_free_principal(context, pr);
}
}
}
if(func != NULL) {
snprintf(host, sizeof(host), "%s.%s", instance, realm);
strlwr(host);
ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
if (ret)
return ret;
if((*func)(context, funcctx, pr)){
*princ = pr;
return 0;
}
krb5_free_principal(context, pr);
}
/*
* if the instance is the first component of the local hostname,
* the converted host should be the long hostname.
*/
if (func == NULL &&
gethostname (local_hostname, sizeof(local_hostname)) == 0 &&
strncmp(instance, local_hostname, strlen(instance)) == 0 &&
local_hostname[strlen(instance)] == '.') {
strlcpy(host, local_hostname, sizeof(host));
goto local_host;
}
{
char **domains, **d;
domains = krb5_config_get_strings(context, NULL, "realms", realm,
"v4_domains", NULL);
for(d = domains; d && *d; d++){
snprintf(host, sizeof(host), "%s.%s", instance, *d);
ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
if (ret) {
krb5_config_free_strings(domains);
return ret;
}
if(func == NULL || (*func)(context, funcctx, pr)){
*princ = pr;
krb5_config_free_strings(domains);
return 0;
}
krb5_free_principal(context, pr);
}
krb5_config_free_strings(domains);
}
p = krb5_config_get_string(context, NULL, "realms", realm,
"default_domain", NULL);
if(p == NULL){
/* this should be an error, just faking a name is not good */
krb5_clear_error_message (context);
return HEIM_ERR_V4_PRINC_NO_CONV;
}
if (*p == '.')
++p;
snprintf(host, sizeof(host), "%s.%s", instance, p);
local_host:
ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
if (ret)
return ret;
if(func == NULL || (*func)(context, funcctx, pr)){
*princ = pr;
return 0;
}
krb5_free_principal(context, pr);
krb5_clear_error_message (context);
return HEIM_ERR_V4_PRINC_NO_CONV;
no_host:
p = krb5_config_get_string(context, NULL,
"realms",
realm,
"v4_name_convert",
"plain",
name,
NULL);
if(p == NULL)
p = krb5_config_get_string(context, NULL,
"libdefaults",
"v4_name_convert",
"plain",
name,
NULL);
if(p)
name = p;
ret = krb5_make_principal(context, &pr, realm, name, instance, NULL);
if (ret)
return ret;
if(func == NULL || (*func)(context, funcctx, pr)){
*princ = pr;
return 0;
}
krb5_free_principal(context, pr);
krb5_clear_error_message (context);
return HEIM_ERR_V4_PRINC_NO_CONV;
}
#endif /* KRB4 */
#ifndef HEIMDAL_SMALLER
static int
check_list(const krb5_config_binding *l, const char *name, const char **out)
{
while(l){
if (l->type != krb5_config_string)
continue;
if(strcmp(name, l->u.string) == 0) {
*out = l->name;
return 1;
}
l = l->next;
}
return 0;
}
static int
name_convert(krb5_context context, const char *name, const char *realm,
const char **out)
{
const krb5_config_binding *l;
l = krb5_config_get_list (context,
NULL,
"realms",
realm,
"v4_name_convert",
"host",
NULL);
if(l && check_list(l, name, out))
return KRB5_NT_SRV_HST;
l = krb5_config_get_list (context,
NULL,
"libdefaults",
"v4_name_convert",
"host",
NULL);
if(l && check_list(l, name, out))
return KRB5_NT_SRV_HST;
l = krb5_config_get_list (context,
NULL,
"realms",
realm,
"v4_name_convert",
"plain",
NULL);
if(l && check_list(l, name, out))
return KRB5_NT_UNKNOWN;
l = krb5_config_get_list (context,
NULL,
"libdefaults",
"v4_name_convert",
"host",
NULL);
if(l && check_list(l, name, out))
return KRB5_NT_UNKNOWN;
/* didn't find it in config file, try built-in list */
#ifdef KRB4
{
struct v4_name_convert *q;
for(q = default_v4_name_convert; q->from; q++) {
if(strcmp(name, q->to) == 0) {
*out = q->from;
return KRB5_NT_SRV_HST;
}
}
}
#endif
return -1;
}
/*
* convert the v5 principal in `principal' into a v4 corresponding one
* in `name, instance, realm'
* this is limited interface since there's no length given for these
* three parameters. They have to be 40 bytes each (ANAME_SZ).
*/
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_524_conv_principal(krb5_context context,
const krb5_principal principal,
char *name,
char *instance,
char *realm)
{
const char *n, *i, *r;
char tmpinst[40];
int type = princ_type(principal);
const int aname_sz = 40;
r = principal->realm;
switch(principal->name.name_string.len){
case 1:
n = principal->name.name_string.val[0];
i = "";
break;
case 2:
n = principal->name.name_string.val[0];
i = principal->name.name_string.val[1];
break;
default:
krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
N_("cannot convert a %d "
"component principal", ""),
principal->name.name_string.len);
return KRB5_PARSE_MALFORMED;
}
{
const char *tmp;
int t = name_convert(context, n, r, &tmp);
if(t >= 0) {
type = t;
n = tmp;
}
}
if(type == KRB5_NT_SRV_HST){
char *p;
strlcpy (tmpinst, i, sizeof(tmpinst));
p = strchr(tmpinst, '.');
if(p)
*p = 0;
i = tmpinst;
}
if (strlcpy (name, n, aname_sz) >= aname_sz) {
krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
N_("too long name component to convert", ""));
return KRB5_PARSE_MALFORMED;
}
if (strlcpy (instance, i, aname_sz) >= aname_sz) {
krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
N_("too long instance component to convert", ""));
return KRB5_PARSE_MALFORMED;
}
if (strlcpy (realm, r, aname_sz) >= aname_sz) {
krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
N_("too long realm component to convert", ""));
return KRB5_PARSE_MALFORMED;
}
return 0;
}
#endif /* !HEIMDAL_SMALLER */
/**
* Create a principal for the service running on hostname. If
* KRB5_NT_SRV_HST is used, the hostname is canonization using DNS (or