source: trunk/server/nsswitch/winbind_krb5_locator.c

Last change on this file was 752, checked in by Silvan Scherrer, 13 years ago

Samba Server: updated trunk to 3.6.9 2nd part
File size: 9.1 KB
Line 
1/*
2 Unix SMB/CIFS implementation.
3 kerberos locator plugin
4 Copyright (C) Guenther Deschner 2007-2008
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18*/
19
20#include "nsswitch/winbind_client.h"
21#include "libwbclient/wbclient.h"
22
23#ifndef DEBUG_KRB5
24#undef DEBUG_KRB5
25#endif
26
27#if defined(HAVE_KRB5) && defined(HAVE_KRB5_LOCATE_PLUGIN_H)
28
29#if HAVE_COM_ERR_H
30#include <com_err.h>
31#endif
32
33#include <krb5.h>
34#include <krb5/locate_plugin.h>
35
36#ifndef KRB5_PLUGIN_NO_HANDLE
37#define KRB5_PLUGIN_NO_HANDLE KRB5_KDC_UNREACH /* Heimdal */
38#endif
39
40static const char *get_service_from_locate_service_type(enum locate_service_type svc)
41{
42 switch (svc) {
43 case locate_service_kdc:
44 case locate_service_master_kdc:
45 return "88";
46 case locate_service_kadmin:
47 case locate_service_krb524:
48 /* not supported */
49 return NULL;
50 case locate_service_kpasswd:
51 return "464";
52 default:
53 break;
54 }
55 return NULL;
56
57}
58
59#ifdef DEBUG_KRB5
60static const char *locate_service_type_name(enum locate_service_type svc)
61{
62 switch (svc) {
63 case locate_service_kdc:
64 return "locate_service_kdc";
65 case locate_service_master_kdc:
66 return "locate_service_master_kdc";
67 case locate_service_kadmin:
68 return "locate_service_kadmin";
69 case locate_service_krb524:
70 return "locate_service_krb524";
71 case locate_service_kpasswd:
72 return "locate_service_kpasswd";
73 default:
74 break;
75 }
76 return NULL;
77}
78
79static const char *socktype_name(int socktype)
80{
81 switch (socktype) {
82 case SOCK_STREAM:
83 return "SOCK_STREAM";
84 case SOCK_DGRAM:
85 return "SOCK_DGRAM";
86 default:
87 break;
88 }
89 return "unknown";
90}
91
92static const char *family_name(int family)
93{
94 switch (family) {
95 case AF_UNSPEC:
96 return "AF_UNSPEC";
97 case AF_INET:
98 return "AF_INET";
99#if defined(HAVE_IPV6)
100 case AF_INET6:
101 return "AF_INET6";
102#endif
103 default:
104 break;
105 }
106 return "unknown";
107}
108#endif
109
110/**
111 * Check input parameters, return KRB5_PLUGIN_NO_HANDLE for unsupported ones
112 *
113 * @param svc
114 * @param realm string
115 * @param socktype integer
116 * @param family integer
117 *
118 * @return integer.
119 */
120
121static int smb_krb5_locator_lookup_sanity_check(enum locate_service_type svc,
122 const char *realm,
123 int socktype,
124 int family)
125{
126 if (!realm || strlen(realm) == 0) {
127 return EINVAL;
128 }
129
130 switch (svc) {
131 case locate_service_kdc:
132 case locate_service_master_kdc:
133 case locate_service_kpasswd:
134 break;
135 case locate_service_kadmin:
136 case locate_service_krb524:
137 return KRB5_PLUGIN_NO_HANDLE;
138 default:
139 return EINVAL;
140 }
141
142 switch (family) {
143 case AF_UNSPEC:
144 case AF_INET:
145 break;
146#if defined(HAVE_IPV6)
147 case AF_INET6:
148 break;
149#endif
150 default:
151 return EINVAL;
152 }
153
154 switch (socktype) {
155 case SOCK_STREAM:
156 case SOCK_DGRAM:
157 case 0: /* Heimdal uses that */
158 break;
159 default:
160 return EINVAL;
161 }
162
163 return 0;
164}
165
166/**
167 * Try to get addrinfo for a given host and call the krb5 callback
168 *
169 * @param name string
170 * @param service string
171 * @param in struct addrinfo hint
172 * @param cbfunc krb5 callback function
173 * @param cbdata void pointer cbdata
174 *
175 * @return krb5_error_code.
176 */
177
178static krb5_error_code smb_krb5_locator_call_cbfunc(const char *name,
179 const char *service,
180 struct addrinfo *in,
181 int (*cbfunc)(void *, int, struct sockaddr *),
182 void *cbdata)
183{
184 struct addrinfo *out = NULL;
185 int ret = 0;
186 struct addrinfo *res = NULL;
187 int count = 3;
188
189 while (count) {
190
191 ret = getaddrinfo(name, service, in, &out);
192 if (ret == 0) {
193 break;
194 }
195
196 if ((ret == EAI_AGAIN) && (count > 1)) {
197 count--;
198 continue;
199 }
200
201#ifdef DEBUG_KRB5
202 fprintf(stderr, "[%5u]: smb_krb5_locator_lookup: "
203 "getaddrinfo failed: %s (%d)\n",
204 (unsigned int)getpid(), gai_strerror(ret), ret);
205#endif
206
207 return KRB5_PLUGIN_NO_HANDLE;
208 }
209
210 for (res = out; res; res = res->ai_next) {
211 if (!res->ai_addr || res->ai_addrlen == 0) {
212 continue;
213 }
214
215 ret = cbfunc(cbdata, res->ai_socktype, res->ai_addr);
216 if (ret) {
217#ifdef DEBUG_KRB5
218 fprintf(stderr, "[%5u]: smb_krb5_locator_lookup: "
219 "failed to call callback: %s (%d)\n",
220 (unsigned int)getpid(), error_message(ret), ret);
221#endif
222 break;
223 }
224 }
225
226 if (out) {
227 freeaddrinfo(out);
228 }
229 return ret;
230}
231
232/**
233 * PUBLIC INTERFACE: locate init
234 *
235 * @param context krb5_context
236 * @param privata_data pointer to private data pointer
237 *
238 * @return krb5_error_code.
239 */
240
241static krb5_error_code smb_krb5_locator_init(krb5_context context,
242 void **private_data)
243{
244 return 0;
245}
246
247/**
248 * PUBLIC INTERFACE: close locate
249 *
250 * @param private_data pointer to private data
251 *
252 * @return void.
253 */
254
255static void smb_krb5_locator_close(void *private_data)
256{
257 return;
258}
259
260
261static bool ask_winbind(const char *realm, char **dcname)
262{
263 wbcErr wbc_status;
264 const char *dc = NULL;
265 struct wbcDomainControllerInfoEx *dc_info = NULL;
266 uint32_t flags;
267
268 flags = WBC_LOOKUP_DC_KDC_REQUIRED |
269 WBC_LOOKUP_DC_IS_DNS_NAME |
270 WBC_LOOKUP_DC_RETURN_DNS_NAME;
271
272 wbc_status = wbcLookupDomainControllerEx(realm, NULL, NULL, flags, &dc_info);
273
274 if (!WBC_ERROR_IS_OK(wbc_status)) {
275#ifdef DEBUG_KRB5
276 fprintf(stderr,"[%5u]: smb_krb5_locator_lookup: failed with: %s\n",
277 (unsigned int)getpid(), wbcErrorString(wbc_status));
278#endif
279 return false;
280 }
281
282 if (!dc && dc_info->dc_unc) {
283 dc = dc_info->dc_unc;
284 if (dc[0] == '\\') dc++;
285 if (dc[0] == '\\') dc++;
286 }
287
288 if (!dc) {
289 wbcFreeMemory(dc_info);
290 return false;
291 }
292
293 *dcname = strdup(dc);
294 if (!*dcname) {
295 wbcFreeMemory(dc_info);
296 return false;
297 }
298
299 wbcFreeMemory(dc_info);
300 return true;
301}
302
303/**
304 * PUBLIC INTERFACE: locate lookup
305 *
306 * @param private_data pointer to private data
307 * @param svc enum locate_service_type.
308 * @param realm string
309 * @param socktype integer
310 * @param family integer
311 * @param cbfunc callback function to send back entries
312 * @param cbdata void pointer to cbdata
313 *
314 * @return krb5_error_code.
315 */
316
317static krb5_error_code smb_krb5_locator_lookup(void *private_data,
318 enum locate_service_type svc,
319 const char *realm,
320 int socktype,
321 int family,
322 int (*cbfunc)(void *, int, struct sockaddr *),
323 void *cbdata)
324{
325 krb5_error_code ret;
326 struct addrinfo aihints;
327 char *kdc_name = NULL;
328 const char *service = get_service_from_locate_service_type(svc);
329
330 ZERO_STRUCT(aihints);
331
332#ifdef DEBUG_KRB5
333 fprintf(stderr,"[%5u]: smb_krb5_locator_lookup: called for '%s' "
334 "svc: '%s' (%d) "
335 "socktype: '%s' (%d), family: '%s' (%d)\n",
336 (unsigned int)getpid(), realm,
337 locate_service_type_name(svc), svc,
338 socktype_name(socktype), socktype,
339 family_name(family), family);
340#endif
341 ret = smb_krb5_locator_lookup_sanity_check(svc, realm, socktype,
342 family);
343 if (ret) {
344#ifdef DEBUG_KRB5
345 fprintf(stderr, "[%5u]: smb_krb5_locator_lookup: "
346 "returning ret: %s (%d)\n",
347 (unsigned int)getpid(), error_message(ret), ret);
348#endif
349 return ret;
350 }
351
352 if (!winbind_env_set()) {
353 if (!ask_winbind(realm, &kdc_name)) {
354#ifdef DEBUG_KRB5
355 fprintf(stderr, "[%5u]: smb_krb5_locator_lookup: "
356 "failed to query winbindd\n",
357 (unsigned int)getpid());
358#endif
359 goto failed;
360 }
361 } else {
362 const char *env = NULL;
363 char *var = NULL;
364 if (asprintf(&var, "%s_%s",
365 WINBINDD_LOCATOR_KDC_ADDRESS, realm) == -1) {
366 goto failed;
367 }
368 env = getenv(var);
369 if (!env) {
370#ifdef DEBUG_KRB5
371 fprintf(stderr, "[%5u]: smb_krb5_locator_lookup: "
372 "failed to get kdc from env %s\n",
373 (unsigned int)getpid(), var);
374#endif
375 free(var);
376 goto failed;
377 }
378 free(var);
379
380 kdc_name = strdup(env);
381 if (!kdc_name) {
382 goto failed;
383 }
384 }
385#ifdef DEBUG_KRB5
386 fprintf(stderr, "[%5u]: smb_krb5_locator_lookup: "
387 "got '%s' for '%s' from winbindd\n", (unsigned int)getpid(),
388 kdc_name, realm);
389#endif
390
391 aihints.ai_family = family;
392 aihints.ai_socktype = socktype;
393
394 ret = smb_krb5_locator_call_cbfunc(kdc_name,
395 service,
396 &aihints,
397 cbfunc, cbdata);
398 SAFE_FREE(kdc_name);
399
400 return ret;
401
402 failed:
403 return KRB5_PLUGIN_NO_HANDLE;
404}
405
406#ifdef HEIMDAL_KRB5_LOCATE_PLUGIN_H
407#define SMB_KRB5_LOCATOR_SYMBOL_NAME resolve /* Heimdal */
408#else
409#define SMB_KRB5_LOCATOR_SYMBOL_NAME service_locator /* MIT */
410#endif
411
412const krb5plugin_service_locate_ftable SMB_KRB5_LOCATOR_SYMBOL_NAME = {
413 0, /* version */
414 smb_krb5_locator_init,
415 smb_krb5_locator_close,
416 smb_krb5_locator_lookup,
417};
418
419#endif
Note: See TracBrowser for help on using the repository browser.