Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

context.c

Visit:

Last change on this file was 745, checked in by Silvan Scherrer, 13 years ago
Samba Server: updated trunk to 3.6.0
File size: 38.8 KB

Line
1	/*
2	* Copyright (c) 1997 - 2010 Kungliga Tekniska HÃ¶gskolan
3	* (Royal Institute of Technology, Stockholm, Sweden).
4	* All rights reserved.
5	*
6	* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	*
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	*
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in the
17	* documentation and/or other materials provided with the distribution.
18	*
19	* 3. Neither the name of the Institute nor the names of its contributors
20	* may be used to endorse or promote products derived from this software
21	* without specific prior written permission.
22	*
23	* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26	* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33	* SUCH DAMAGE.
34	*/
35
36	#include "krb5_locl.h"
37	#include <com_err.h>
38
39	#define INIT_FIELD(C, T, E, D, F) \
40	(C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \
41	"libdefaults", F, NULL)
42
43	#define INIT_FLAG(C, O, V, D, F) \
44	do { \
45	if (krb5_config_get_bool_default((C), NULL, (D),"libdefaults", F, NULL)) { \
46	(C)->O \|= V; \
47	} \
48	} while(0)
49
50	/*
51	* Set the list of etypes `ret_etypes' from the configuration variable
52	* `name'
53	*/
54
55	static krb5_error_code
56	set_etypes (krb5_context context,
57	const char *name,
58	krb5_enctype **ret_enctypes)
59	{
60	char **etypes_str;
61	krb5_enctype *etypes = NULL;
62
63	etypes_str = krb5_config_get_strings(context, NULL, "libdefaults",
64	name, NULL);
65	if(etypes_str){
66	int i, j, k;
67	for(i = 0; etypes_str[i]; i++);
68	etypes = malloc((i+1) * sizeof(*etypes));
69	if (etypes == NULL) {
70	krb5_config_free_strings (etypes_str);
71	krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
72	return ENOMEM;
73	}
74	for(j = 0, k = 0; j < i; j++) {
75	krb5_enctype e;
76	if(krb5_string_to_enctype(context, etypes_str[j], &e) != 0)
77	continue;
78	if (krb5_enctype_valid(context, e) != 0)
79	continue;
80	etypes[k++] = e;
81	}
82	etypes[k] = ETYPE_NULL;
83	krb5_config_free_strings(etypes_str);
84	}
85	*ret_enctypes = etypes;
86	return 0;
87	}
88
89	/*
90	* read variables from the configuration file and set in `context'
91	*/
92
93	static krb5_error_code
94	init_context_from_config_file(krb5_context context)
95	{
96	krb5_error_code ret;
97	const char * tmp;
98	char **s;
99	krb5_enctype *tmptypes;
100
101	INIT_FIELD(context, time, max_skew, 5 * 60, "clockskew");
102	INIT_FIELD(context, time, kdc_timeout, 3, "kdc_timeout");
103	INIT_FIELD(context, int, max_retries, 3, "max_retries");
104
105	INIT_FIELD(context, string, http_proxy, NULL, "http_proxy");
106
107	ret = krb5_config_get_bool_default(context, NULL, FALSE,
108	"libdefaults",
109	"allow_weak_crypto", NULL);
110	if (ret) {
111	krb5_enctype_enable(context, ETYPE_DES_CBC_CRC);
112	krb5_enctype_enable(context, ETYPE_DES_CBC_MD4);
113	krb5_enctype_enable(context, ETYPE_DES_CBC_MD5);
114	krb5_enctype_enable(context, ETYPE_DES_CBC_NONE);
115	krb5_enctype_enable(context, ETYPE_DES_CFB64_NONE);
116	krb5_enctype_enable(context, ETYPE_DES_PCBC_NONE);
117	}
118
119	ret = set_etypes (context, "default_etypes", &tmptypes);
120	if(ret)
121	return ret;
122	free(context->etypes);
123	context->etypes = tmptypes;
124
125	ret = set_etypes (context, "default_etypes_des", &tmptypes);
126	if(ret)
127	return ret;
128	free(context->etypes_des);
129	context->etypes_des = tmptypes;
130
131	/* default keytab name */
132	tmp = NULL;
133	if(!issuid())
134	tmp = getenv("KRB5_KTNAME");
135	if(tmp != NULL)
136	context->default_keytab = tmp;
137	else
138	INIT_FIELD(context, string, default_keytab,
139	KEYTAB_DEFAULT, "default_keytab_name");
140
141	INIT_FIELD(context, string, default_keytab_modify,
142	NULL, "default_keytab_modify_name");
143
144	INIT_FIELD(context, string, time_fmt,
145	"%Y-%m-%dT%H:%M:%S", "time_format");
146
147	INIT_FIELD(context, string, date_fmt,
148	"%Y-%m-%d", "date_format");
149
150	INIT_FIELD(context, bool, log_utc,
151	FALSE, "log_utc");
152
153
154
155	/* init dns-proxy slime */
156	tmp = krb5_config_get_string(context, NULL, "libdefaults",
157	"dns_proxy", NULL);
158	if(tmp)
159	roken_gethostby_setup(context->http_proxy, tmp);
160	krb5_free_host_realm (context, context->default_realms);
161	context->default_realms = NULL;
162
163	{
164	krb5_addresses addresses;
165	char adr, a;
166
167	krb5_set_extra_addresses(context, NULL);
168	adr = krb5_config_get_strings(context, NULL,
169	"libdefaults",
170	"extra_addresses",
171	NULL);
172	memset(&addresses, 0, sizeof(addresses));
173	for(a = adr; a && *a; a++) {
174	ret = krb5_parse_address(context, *a, &addresses);
175	if (ret == 0) {
176	krb5_add_extra_addresses(context, &addresses);
177	krb5_free_addresses(context, &addresses);
178	}
179	}
180	krb5_config_free_strings(adr);
181
182	krb5_set_ignore_addresses(context, NULL);
183	adr = krb5_config_get_strings(context, NULL,
184	"libdefaults",
185	"ignore_addresses",
186	NULL);
187	memset(&addresses, 0, sizeof(addresses));
188	for(a = adr; a && *a; a++) {
189	ret = krb5_parse_address(context, *a, &addresses);
190	if (ret == 0) {
191	krb5_add_ignore_addresses(context, &addresses);
192	krb5_free_addresses(context, &addresses);
193	}
194	}
195	krb5_config_free_strings(adr);
196	}
197
198	INIT_FIELD(context, bool, scan_interfaces, TRUE, "scan_interfaces");
199	INIT_FIELD(context, int, fcache_vno, 0, "fcache_version");
200	/* prefer dns_lookup_kdc over srv_lookup. */
201	INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup");
202	INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc");
203	INIT_FIELD(context, int, large_msg_size, 1400, "large_message_size");
204	INIT_FLAG(context, flags, KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME, TRUE, "dns_canonicalize_hostname");
205	INIT_FLAG(context, flags, KRB5_CTX_F_CHECK_PAC, TRUE, "check_pac");
206	context->default_cc_name = NULL;
207	context->default_cc_name_set = 0;
208
209	s = krb5_config_get_strings(context, NULL, "logging", "krb5", NULL);
210	if(s) {
211	char **p;
212	krb5_initlog(context, "libkrb5", &context->debug_dest);
213	for(p = s; *p; p++)
214	krb5_addlog_dest(context, context->debug_dest, *p);
215	krb5_config_free_strings(s);
216	}
217
218	tmp = krb5_config_get_string(context, NULL, "libdefaults",
219	"check-rd-req-server", NULL);
220	if (tmp == NULL && !issuid())
221	tmp = getenv("KRB5_CHECK_RD_REQ_SERVER");
222	if(tmp) {
223	if (strcasecmp(tmp, "ignore") == 0)
224	context->flags \|= KRB5_CTX_F_RD_REQ_IGNORE;
225	}
226
227	return 0;
228	}
229
230	static krb5_error_code
231	cc_ops_register(krb5_context context)
232	{
233	context->cc_ops = NULL;
234	context->num_cc_ops = 0;
235
236	#ifndef KCM_IS_API_CACHE
237	krb5_cc_register(context, &krb5_acc_ops, TRUE);
238	#endif
239	krb5_cc_register(context, &krb5_fcc_ops, TRUE);
240	krb5_cc_register(context, &krb5_mcc_ops, TRUE);
241	#ifdef HAVE_SCC
242	krb5_cc_register(context, &krb5_scc_ops, TRUE);
243	#endif
244	#ifdef HAVE_KCM
245	#ifdef KCM_IS_API_CACHE
246	krb5_cc_register(context, &krb5_akcm_ops, TRUE);
247	#endif
248	krb5_cc_register(context, &krb5_kcm_ops, TRUE);
249	#endif
250	_krb5_load_ccache_plugins(context);
251	return 0;
252	}
253
254	static krb5_error_code
255	cc_ops_copy(krb5_context context, const krb5_context src_context)
256	{
257	const krb5_cc_ops **cc_ops;
258
259	context->cc_ops = NULL;
260	context->num_cc_ops = 0;
261
262	if (src_context->num_cc_ops == 0)
263	return 0;
264
265	cc_ops = malloc(sizeof(cc_ops[0]) * src_context->num_cc_ops);
266	if (cc_ops == NULL) {
267	krb5_set_error_message(context, KRB5_CC_NOMEM,
268	N_("malloc: out of memory", ""));
269	return KRB5_CC_NOMEM;
270	}
271
272	memcpy(rk_UNCONST(cc_ops), src_context->cc_ops,
273	sizeof(cc_ops[0]) * src_context->num_cc_ops);
274	context->cc_ops = cc_ops;
275	context->num_cc_ops = src_context->num_cc_ops;
276
277	return 0;
278	}
279
280	static krb5_error_code
281	kt_ops_register(krb5_context context)
282	{
283	context->num_kt_types = 0;
284	context->kt_types = NULL;
285
286	krb5_kt_register (context, &krb5_fkt_ops);
287	krb5_kt_register (context, &krb5_wrfkt_ops);
288	krb5_kt_register (context, &krb5_javakt_ops);
289	krb5_kt_register (context, &krb5_mkt_ops);
290	#ifndef HEIMDAL_SMALLER
291	krb5_kt_register (context, &krb5_akf_ops);
292	#endif
293	krb5_kt_register (context, &krb5_any_ops);
294	return 0;
295	}
296
297	static krb5_error_code
298	kt_ops_copy(krb5_context context, const krb5_context src_context)
299	{
300	context->num_kt_types = 0;
301	context->kt_types = NULL;
302
303	if (src_context->num_kt_types == 0)
304	return 0;
305
306	context->kt_types = malloc(sizeof(context->kt_types[0]) * src_context->num_kt_types);
307	if (context->kt_types == NULL) {
308	krb5_set_error_message(context, ENOMEM,
309	N_("malloc: out of memory", ""));
310	return ENOMEM;
311	}
312
313	context->num_kt_types = src_context->num_kt_types;
314	memcpy(context->kt_types, src_context->kt_types,
315	sizeof(context->kt_types[0]) * src_context->num_kt_types);
316
317	return 0;
318	}
319
320	static const char *sysplugin_dirs[] = {
321	LIBDIR "/plugin/krb5",
322	#ifdef __APPLE__
323	"/Library/KerberosPlugins/KerberosFrameworkPlugins",
324	"/System/Library/KerberosPlugins/KerberosFrameworkPlugins",
325	#endif
326	NULL
327	};
328
329	static void
330	init_context_once(void *ctx)
331	{
332	krb5_context context = ctx;
333
334	_krb5_load_plugins(context, "krb5", sysplugin_dirs);
335
336	bindtextdomain(HEIMDAL_TEXTDOMAIN, HEIMDAL_LOCALEDIR);
337	}
338
339
340	/**
341	* Initializes the context structure and reads the configuration file
342	* /etc/krb5.conf. The structure should be freed by calling
343	* krb5_free_context() when it is no longer being used.
344	*
345	* @param context pointer to returned context
346	*
347	* @return Returns 0 to indicate success. Otherwise an errno code is
348	* returned. Failure means either that something bad happened during
349	* initialization (typically ENOMEM) or that Kerberos should not be
350	* used ENXIO.
351	*
352	* @ingroup krb5
353	*/
354
355	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
356	krb5_init_context(krb5_context *context)
357	{
358	static heim_base_once_t init_context = HEIM_BASE_ONCE_INIT;
359	krb5_context p;
360	krb5_error_code ret;
361	char **files;
362
363	*context = NULL;
364
365	p = calloc(1, sizeof(*p));
366	if(!p)
367	return ENOMEM;
368
369	p->mutex = malloc(sizeof(HEIMDAL_MUTEX));
370	if (p->mutex == NULL) {
371	free(p);
372	return ENOMEM;
373	}
374	HEIMDAL_MUTEX_init(p->mutex);
375
376	p->flags \|= KRB5_CTX_F_HOMEDIR_ACCESS;
377
378	ret = krb5_get_default_config_files(&files);
379	if(ret)
380	goto out;
381	ret = krb5_set_config_files(p, files);
382	krb5_free_config_files(files);
383	if(ret)
384	goto out;
385
386	/* init error tables */
387	krb5_init_ets(p);
388	cc_ops_register(p);
389	kt_ops_register(p);
390
391	#ifdef PKINIT
392	ret = hx509_context_init(&p->hx509ctx);
393	if (ret)
394	goto out;
395	#endif
396	if (rk_SOCK_INIT())
397	p->flags \|= KRB5_CTX_F_SOCKETS_INITIALIZED;
398
399	out:
400	if(ret) {
401	krb5_free_context(p);
402	p = NULL;
403	} else {
404	heim_base_once_f(&init_context, p, init_context_once);
405	}
406	*context = p;
407	return ret;
408	}
409
410	#ifndef HEIMDAL_SMALLER
411
412	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
413	krb5_get_permitted_enctypes(krb5_context context,
414	krb5_enctype **etypes)
415	{
416	return krb5_get_default_in_tkt_etypes(context, etypes);
417	}
418
419	/*
420	*
421	*/
422
423	static krb5_error_code
424	copy_etypes (krb5_context context,
425	krb5_enctype *enctypes,
426	krb5_enctype **ret_enctypes)
427	{
428	unsigned int i;
429
430	for (i = 0; enctypes[i]; i++)
431	;
432	i++;
433
434	ret_enctypes = malloc(sizeof(ret_enctypes[0]) i);
435	if (*ret_enctypes == NULL) {
436	krb5_set_error_message(context, ENOMEM,
437	N_("malloc: out of memory", ""));
438	return ENOMEM;
439	}
440	memcpy(ret_enctypes, enctypes, sizeof(ret_enctypes[0]) i);
441	return 0;
442	}
443
444	/**
445	* Make a copy for the Kerberos 5 context, the new krb5_context shoud
446	* be freed with krb5_free_context().
447	*
448	* @param context the Kerberos context to copy
449	* @param out the copy of the Kerberos, set to NULL error.
450	*
451	* @return Returns 0 to indicate success. Otherwise an kerberos et
452	* error code is returned, see krb5_get_error_message().
453	*
454	* @ingroup krb5
455	*/
456
457	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
458	krb5_copy_context(krb5_context context, krb5_context *out)
459	{
460	krb5_error_code ret;
461	krb5_context p;
462
463	*out = NULL;
464
465	p = calloc(1, sizeof(*p));
466	if (p == NULL) {
467	krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
468	return ENOMEM;
469	}
470
471	p->mutex = malloc(sizeof(HEIMDAL_MUTEX));
472	if (p->mutex == NULL) {
473	krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
474	free(p);
475	return ENOMEM;
476	}
477	HEIMDAL_MUTEX_init(p->mutex);
478
479
480	if (context->default_cc_name)
481	p->default_cc_name = strdup(context->default_cc_name);
482	if (context->default_cc_name_env)
483	p->default_cc_name_env = strdup(context->default_cc_name_env);
484
485	if (context->etypes) {
486	ret = copy_etypes(context, context->etypes, &p->etypes);
487	if (ret)
488	goto out;
489	}
490	if (context->etypes_des) {
491	ret = copy_etypes(context, context->etypes_des, &p->etypes_des);
492	if (ret)
493	goto out;
494	}
495
496	if (context->default_realms) {
497	ret = krb5_copy_host_realm(context,
498	context->default_realms, &p->default_realms);
499	if (ret)
500	goto out;
501	}
502
503	ret = _krb5_config_copy(context, context->cf, &p->cf);
504	if (ret)
505	goto out;
506
507	/* XXX should copy */
508	krb5_init_ets(p);
509
510	cc_ops_copy(p, context);
511	kt_ops_copy(p, context);
512
513	#if 0 /* XXX */
514	if(context->warn_dest != NULL)
515	;
516	if(context->debug_dest != NULL)
517	;
518	#endif
519
520	ret = krb5_set_extra_addresses(p, context->extra_addresses);
521	if (ret)
522	goto out;
523	ret = krb5_set_extra_addresses(p, context->ignore_addresses);
524	if (ret)
525	goto out;
526
527	ret = _krb5_copy_send_to_kdc_func(p, context);
528	if (ret)
529	goto out;
530
531	*out = p;
532
533	return 0;
534
535	out:
536	krb5_free_context(p);
537	return ret;
538	}
539
540	#endif
541
542	/**
543	* Frees the krb5_context allocated by krb5_init_context().
544	*
545	* @param context context to be freed.
546	*
547	* @ingroup krb5
548	*/
549
550	KRB5_LIB_FUNCTION void KRB5_LIB_CALL
551	krb5_free_context(krb5_context context)
552	{
553	if (context->default_cc_name)
554	free(context->default_cc_name);
555	if (context->default_cc_name_env)
556	free(context->default_cc_name_env);
557	free(context->etypes);
558	free(context->etypes_des);
559	krb5_free_host_realm (context, context->default_realms);
560	krb5_config_file_free (context, context->cf);
561	free_error_table (context->et_list);
562	free(rk_UNCONST(context->cc_ops));
563	free(context->kt_types);
564	krb5_clear_error_message(context);
565	if(context->warn_dest != NULL)
566	krb5_closelog(context, context->warn_dest);
567	if(context->debug_dest != NULL)
568	krb5_closelog(context, context->debug_dest);
569	krb5_set_extra_addresses(context, NULL);
570	krb5_set_ignore_addresses(context, NULL);
571	krb5_set_send_to_kdc_func(context, NULL, NULL);
572
573	#ifdef PKINIT
574	if (context->hx509ctx)
575	hx509_context_free(&context->hx509ctx);
576	#endif
577
578	HEIMDAL_MUTEX_destroy(context->mutex);
579	free(context->mutex);
580	if (context->flags & KRB5_CTX_F_SOCKETS_INITIALIZED) {
581	rk_SOCK_EXIT();
582	}
583
584	memset(context, 0, sizeof(*context));
585	free(context);
586	}
587
588	/**
589	* Reinit the context from a new set of filenames.
590	*
591	* @param context context to add configuration too.
592	* @param filenames array of filenames, end of list is indicated with a NULL filename.
593	*
594	* @return Returns 0 to indicate success. Otherwise an kerberos et
595	* error code is returned, see krb5_get_error_message().
596	*
597	* @ingroup krb5
598	*/
599
600	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
601	krb5_set_config_files(krb5_context context, char **filenames)
602	{
603	krb5_error_code ret;
604	krb5_config_binding *tmp = NULL;
605	while(filenames != NULL && filenames != NULL && *filenames != '\0') {
606	ret = krb5_config_parse_file_multi(context, *filenames, &tmp);
607	if(ret != 0 && ret != ENOENT && ret != EACCES && ret != EPERM) {
608	krb5_config_file_free(context, tmp);
609	return ret;
610	}
611	filenames++;
612	}
613	#if 0
614	/* with this enabled and if there are no config files, Kerberos is
615	considererd disabled */
616	if(tmp == NULL)
617	return ENXIO;
618	#endif
619
620	#ifdef _WIN32
621	_krb5_load_config_from_registry(context, &tmp);
622	#endif
623
624	krb5_config_file_free(context, context->cf);
625	context->cf = tmp;
626	ret = init_context_from_config_file(context);
627	return ret;
628	}
629
630	static krb5_error_code
631	add_file(char **pfilenames, int len, char *file)
632	{
633	char *pp = pfilenames;
634	int i;
635
636	for(i = 0; i < *len; i++) {
637	if(strcmp(pp[i], file) == 0) {
638	free(file);
639	return 0;
640	}
641	}
642
643	pp = realloc(pfilenames, (len + 2) * sizeof(*pp));
644	if (pp == NULL) {
645	free(file);
646	return ENOMEM;
647	}
648
649	pp[*len] = file;
650	pp[*len + 1] = NULL;
651	*pfilenames = pp;
652	*len += 1;
653	return 0;
654	}
655
656	/*
657	* `pq' isn't free, it's up the the caller
658	*/
659
660	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
661	krb5_prepend_config_files(const char filelist, char pq, char **ret_pp)
662	{
663	krb5_error_code ret;
664	const char p, q;
665	char **pp;
666	int len;
667	char *fn;
668
669	pp = NULL;
670
671	len = 0;
672	p = filelist;
673	while(1) {
674	ssize_t l;
675	q = p;
676	l = strsep_copy(&q, PATH_SEP, NULL, 0);
677	if(l == -1)
678	break;
679	fn = malloc(l + 1);
680	if(fn == NULL) {
681	krb5_free_config_files(pp);
682	return ENOMEM;
683	}
684	(void)strsep_copy(&p, PATH_SEP, fn, l + 1);
685	ret = add_file(&pp, &len, fn);
686	if (ret) {
687	krb5_free_config_files(pp);
688	return ret;
689	}
690	}
691
692	if (pq != NULL) {
693	int i;
694
695	for (i = 0; pq[i] != NULL; i++) {
696	fn = strdup(pq[i]);
697	if (fn == NULL) {
698	krb5_free_config_files(pp);
699	return ENOMEM;
700	}
701	ret = add_file(&pp, &len, fn);
702	if (ret) {
703	krb5_free_config_files(pp);
704	return ret;
705	}
706	}
707	}
708
709	*ret_pp = pp;
710	return 0;
711	}
712
713	/**
714	* Prepend the filename to the global configuration list.
715	*
716	* @param filelist a filename to add to the default list of filename
717	* @param pfilenames return array of filenames, should be freed with krb5_free_config_files().
718	*
719	* @return Returns 0 to indicate success. Otherwise an kerberos et
720	* error code is returned, see krb5_get_error_message().
721	*
722	* @ingroup krb5
723	*/
724
725	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
726	krb5_prepend_config_files_default(const char filelist, char **pfilenames)
727	{
728	krb5_error_code ret;
729	char defpp, pp = NULL;
730
731	ret = krb5_get_default_config_files(&defpp);
732	if (ret)
733	return ret;
734
735	ret = krb5_prepend_config_files(filelist, defpp, &pp);
736	krb5_free_config_files(defpp);
737	if (ret) {
738	return ret;
739	}
740	*pfilenames = pp;
741	return 0;
742	}
743
744	#ifdef _WIN32
745
746	/**
747	* Checks the registry for configuration file location
748	*
749	* Kerberos for Windows and other legacy Kerberos applications expect
750	* to find the configuration file location in the
751	* SOFTWARE\MIT\Kerberos registry key under the value "config".
752	*/
753	char *
754	_krb5_get_default_config_config_files_from_registry()
755	{
756	static const char * KeyName = "Software\\MIT\\Kerberos";
757	char *config_file = NULL;
758	LONG rcode;
759	HKEY key;
760
761	rcode = RegOpenKeyEx(HKEY_CURRENT_USER, KeyName, 0, KEY_READ, &key);
762	if (rcode == ERROR_SUCCESS) {
763	config_file = _krb5_parse_reg_value_as_multi_string(NULL, key, "config",
764	REG_NONE, 0, PATH_SEP);
765	RegCloseKey(key);
766	}
767
768	if (config_file)
769	return config_file;
770
771	rcode = RegOpenKeyEx(HKEY_LOCAL_MACHINE, KeyName, 0, KEY_READ, &key);
772	if (rcode == ERROR_SUCCESS) {
773	config_file = _krb5_parse_reg_value_as_multi_string(NULL, key, "config",
774	REG_NONE, 0, PATH_SEP);
775	RegCloseKey(key);
776	}
777
778	return config_file;
779	}
780
781	#endif
782
783	/**
784	* Get the global configuration list.
785	*
786	* @param pfilenames return array of filenames, should be freed with krb5_free_config_files().
787	*
788	* @return Returns 0 to indicate success. Otherwise an kerberos et
789	* error code is returned, see krb5_get_error_message().
790	*
791	* @ingroup krb5
792	*/
793
794	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
795	krb5_get_default_config_files(char ***pfilenames)
796	{
797	const char *files = NULL;
798
799	if (pfilenames == NULL)
800	return EINVAL;
801	if(!issuid())
802	files = getenv("KRB5_CONFIG");
803
804	#ifdef _WIN32
805	if (files == NULL) {
806	char * reg_files;
807	reg_files = _krb5_get_default_config_config_files_from_registry();
808	if (reg_files != NULL) {
809	krb5_error_code code;
810
811	code = krb5_prepend_config_files(reg_files, NULL, pfilenames);
812	free(reg_files);
813
814	return code;
815	}
816	}
817	#endif
818
819	if (files == NULL)
820	files = krb5_config_file;
821
822	return krb5_prepend_config_files(files, NULL, pfilenames);
823	}
824
825	/**
826	* Free a list of configuration files.
827	*
828	* @param filenames list, terminated with a NULL pointer, to be
829	* freed. NULL is an valid argument.
830	*
831	* @return Returns 0 to indicate success. Otherwise an kerberos et
832	* error code is returned, see krb5_get_error_message().
833	*
834	* @ingroup krb5
835	*/
836
837	KRB5_LIB_FUNCTION void KRB5_LIB_CALL
838	krb5_free_config_files(char **filenames)
839	{
840	char **p;
841	for(p = filenames; p && *p != NULL; p++)
842	free(*p);
843	free(filenames);
844	}
845
846	/**
847	* Returns the list of Kerberos encryption types sorted in order of
848	* most preferred to least preferred encryption type. Note that some
849	* encryption types might be disabled, so you need to check with
850	* krb5_enctype_valid() before using the encryption type.
851	*
852	* @return list of enctypes, terminated with ETYPE_NULL. Its a static
853	* array completed into the Kerberos library so the content doesn't
854	* need to be freed.
855	*
856	* @ingroup krb5
857	*/
858
859	KRB5_LIB_FUNCTION const krb5_enctype * KRB5_LIB_CALL
860	krb5_kerberos_enctypes(krb5_context context)
861	{
862	static const krb5_enctype p[] = {
863	ETYPE_AES256_CTS_HMAC_SHA1_96,
864	ETYPE_AES128_CTS_HMAC_SHA1_96,
865	ETYPE_DES3_CBC_SHA1,
866	ETYPE_DES3_CBC_MD5,
867	ETYPE_ARCFOUR_HMAC_MD5,
868	ETYPE_DES_CBC_MD5,
869	ETYPE_DES_CBC_MD4,
870	ETYPE_DES_CBC_CRC,
871	ETYPE_NULL
872	};
873	return p;
874	}
875
876	/*
877	* set `etype' to a malloced list of the default enctypes
878	*/
879
880	static krb5_error_code
881	default_etypes(krb5_context context, krb5_enctype **etype)
882	{
883	const krb5_enctype *p;
884	krb5_enctype e = NULL, ep;
885	int i, n = 0;
886
887	p = krb5_kerberos_enctypes(context);
888
889	for (i = 0; p[i] != ETYPE_NULL; i++) {
890	if (krb5_enctype_valid(context, p[i]) != 0)
891	continue;
892	ep = realloc(e, (n + 2) * sizeof(*e));
893	if (ep == NULL) {
894	free(e);
895	krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
896	return ENOMEM;
897	}
898	e = ep;
899	e[n] = p[i];
900	e[n + 1] = ETYPE_NULL;
901	n++;
902	}
903	*etype = e;
904	return 0;
905	}
906
907	/**
908	* Set the default encryption types that will be use in communcation
909	* with the KDC, clients and servers.
910	*
911	* @param context Kerberos 5 context.
912	* @param etypes Encryption types, array terminated with ETYPE_NULL (0).
913	*
914	* @return Returns 0 to indicate success. Otherwise an kerberos et
915	* error code is returned, see krb5_get_error_message().
916	*
917	* @ingroup krb5
918	*/
919
920	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
921	krb5_set_default_in_tkt_etypes(krb5_context context,
922	const krb5_enctype *etypes)
923	{
924	krb5_error_code ret;
925	krb5_enctype *p = NULL;
926	unsigned int n, m;
927
928	if(etypes) {
929	for (n = 0; etypes[n]; n++)
930	;
931	n++;
932	ALLOC(p, n);
933	if(!p) {
934	krb5_set_error_message (context, ENOMEM,
935	N_("malloc: out of memory", ""));
936	return ENOMEM;
937	}
938	for (n = 0, m = 0; etypes[n]; n++) {
939	ret = krb5_enctype_valid(context, etypes[n]);
940	if (ret)
941	continue;
942	p[m++] = etypes[n];
943	}
944	p[m] = ETYPE_NULL;
945	if (m == 0) {
946	free(p);
947	krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
948	N_("no valid enctype set", ""));
949	return KRB5_PROG_ETYPE_NOSUPP;
950	}
951	}
952	if(context->etypes)
953	free(context->etypes);
954	context->etypes = p;
955	return 0;
956	}
957
958	/**
959	* Get the default encryption types that will be use in communcation
960	* with the KDC, clients and servers.
961	*
962	* @param context Kerberos 5 context.
963	* @param etypes Encryption types, array terminated with
964	* ETYPE_NULL(0), caller should free array with krb5_xfree():
965	*
966	* @return Returns 0 to indicate success. Otherwise an kerberos et
967	* error code is returned, see krb5_get_error_message().
968	*
969	* @ingroup krb5
970	*/
971
972	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
973	krb5_get_default_in_tkt_etypes(krb5_context context,
974	krb5_enctype **etypes)
975	{
976	krb5_enctype *p;
977	int i;
978	krb5_error_code ret;
979
980	if(context->etypes) {
981	for(i = 0; context->etypes[i]; i++);
982	++i;
983	ALLOC(p, i);
984	if(!p) {
985	krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
986	return ENOMEM;
987	}
988	memmove(p, context->etypes, i * sizeof(krb5_enctype));
989	} else {
990	ret = default_etypes(context, &p);
991	if (ret)
992	return ret;
993	}
994	*etypes = p;
995	return 0;
996	}
997
998	/**
999	* Init the built-in ets in the Kerberos library.
1000	*
1001	* @param context kerberos context to add the ets too
1002	*
1003	* @ingroup krb5
1004	*/
1005
1006	KRB5_LIB_FUNCTION void KRB5_LIB_CALL
1007	krb5_init_ets(krb5_context context)
1008	{
1009	if(context->et_list == NULL){
1010	krb5_add_et_list(context, initialize_krb5_error_table_r);
1011	krb5_add_et_list(context, initialize_asn1_error_table_r);
1012	krb5_add_et_list(context, initialize_heim_error_table_r);
1013
1014	krb5_add_et_list(context, initialize_k524_error_table_r);
1015
1016	#ifdef COM_ERR_BINDDOMAIN_krb5
1017	bindtextdomain(COM_ERR_BINDDOMAIN_krb5, HEIMDAL_LOCALEDIR);
1018	bindtextdomain(COM_ERR_BINDDOMAIN_asn1, HEIMDAL_LOCALEDIR);
1019	bindtextdomain(COM_ERR_BINDDOMAIN_heim, HEIMDAL_LOCALEDIR);
1020	bindtextdomain(COM_ERR_BINDDOMAIN_k524, HEIMDAL_LOCALEDIR);
1021	#endif
1022
1023	#ifdef PKINIT
1024	krb5_add_et_list(context, initialize_hx_error_table_r);
1025	#ifdef COM_ERR_BINDDOMAIN_hx
1026	bindtextdomain(COM_ERR_BINDDOMAIN_hx, HEIMDAL_LOCALEDIR);
1027	#endif
1028	#endif
1029	}
1030	}
1031
1032	/**
1033	* Make the kerberos library default to the admin KDC.
1034	*
1035	* @param context Kerberos 5 context.
1036	* @param flag boolean flag to select if the use the admin KDC or not.
1037	*
1038	* @ingroup krb5
1039	*/
1040
1041	KRB5_LIB_FUNCTION void KRB5_LIB_CALL
1042	krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag)
1043	{
1044	context->use_admin_kdc = flag;
1045	}
1046
1047	/**
1048	* Make the kerberos library default to the admin KDC.
1049	*
1050	* @param context Kerberos 5 context.
1051	*
1052	* @return boolean flag to telling the context will use admin KDC as the default KDC.
1053	*
1054	* @ingroup krb5
1055	*/
1056
1057	KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
1058	krb5_get_use_admin_kdc (krb5_context context)
1059	{
1060	return context->use_admin_kdc;
1061	}
1062
1063	/**
1064	* Add extra address to the address list that the library will add to
1065	* the client's address list when communicating with the KDC.
1066	*
1067	* @param context Kerberos 5 context.
1068	* @param addresses addreses to add
1069	*
1070	* @return Returns 0 to indicate success. Otherwise an kerberos et
1071	* error code is returned, see krb5_get_error_message().
1072	*
1073	* @ingroup krb5
1074	*/
1075
1076	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1077	krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses)
1078	{
1079
1080	if(context->extra_addresses)
1081	return krb5_append_addresses(context,
1082	context->extra_addresses, addresses);
1083	else
1084	return krb5_set_extra_addresses(context, addresses);
1085	}
1086
1087	/**
1088	* Set extra address to the address list that the library will add to
1089	* the client's address list when communicating with the KDC.
1090	*
1091	* @param context Kerberos 5 context.
1092	* @param addresses addreses to set
1093	*
1094	* @return Returns 0 to indicate success. Otherwise an kerberos et
1095	* error code is returned, see krb5_get_error_message().
1096	*
1097	* @ingroup krb5
1098	*/
1099
1100	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1101	krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
1102	{
1103	if(context->extra_addresses)
1104	krb5_free_addresses(context, context->extra_addresses);
1105
1106	if(addresses == NULL) {
1107	if(context->extra_addresses != NULL) {
1108	free(context->extra_addresses);
1109	context->extra_addresses = NULL;
1110	}
1111	return 0;
1112	}
1113	if(context->extra_addresses == NULL) {
1114	context->extra_addresses = malloc(sizeof(*context->extra_addresses));
1115	if(context->extra_addresses == NULL) {
1116	krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
1117	return ENOMEM;
1118	}
1119	}
1120	return krb5_copy_addresses(context, addresses, context->extra_addresses);
1121	}
1122
1123	/**
1124	* Get extra address to the address list that the library will add to
1125	* the client's address list when communicating with the KDC.
1126	*
1127	* @param context Kerberos 5 context.
1128	* @param addresses addreses to set
1129	*
1130	* @return Returns 0 to indicate success. Otherwise an kerberos et
1131	* error code is returned, see krb5_get_error_message().
1132	*
1133	* @ingroup krb5
1134	*/
1135
1136	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1137	krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses)
1138	{
1139	if(context->extra_addresses == NULL) {
1140	memset(addresses, 0, sizeof(*addresses));
1141	return 0;
1142	}
1143	return krb5_copy_addresses(context,context->extra_addresses, addresses);
1144	}
1145
1146	/**
1147	* Add extra addresses to ignore when fetching addresses from the
1148	* underlaying operating system.
1149	*
1150	* @param context Kerberos 5 context.
1151	* @param addresses addreses to ignore
1152	*
1153	* @return Returns 0 to indicate success. Otherwise an kerberos et
1154	* error code is returned, see krb5_get_error_message().
1155	*
1156	* @ingroup krb5
1157	*/
1158
1159	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1160	krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses)
1161	{
1162
1163	if(context->ignore_addresses)
1164	return krb5_append_addresses(context,
1165	context->ignore_addresses, addresses);
1166	else
1167	return krb5_set_ignore_addresses(context, addresses);
1168	}
1169
1170	/**
1171	* Set extra addresses to ignore when fetching addresses from the
1172	* underlaying operating system.
1173	*
1174	* @param context Kerberos 5 context.
1175	* @param addresses addreses to ignore
1176	*
1177	* @return Returns 0 to indicate success. Otherwise an kerberos et
1178	* error code is returned, see krb5_get_error_message().
1179	*
1180	* @ingroup krb5
1181	*/
1182
1183	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1184	krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses)
1185	{
1186	if(context->ignore_addresses)
1187	krb5_free_addresses(context, context->ignore_addresses);
1188	if(addresses == NULL) {
1189	if(context->ignore_addresses != NULL) {
1190	free(context->ignore_addresses);
1191	context->ignore_addresses = NULL;
1192	}
1193	return 0;
1194	}
1195	if(context->ignore_addresses == NULL) {
1196	context->ignore_addresses = malloc(sizeof(*context->ignore_addresses));
1197	if(context->ignore_addresses == NULL) {
1198	krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
1199	return ENOMEM;
1200	}
1201	}
1202	return krb5_copy_addresses(context, addresses, context->ignore_addresses);
1203	}
1204
1205	/**
1206	* Get extra addresses to ignore when fetching addresses from the
1207	* underlaying operating system.
1208	*
1209	* @param context Kerberos 5 context.
1210	* @param addresses list addreses ignored
1211	*
1212	* @return Returns 0 to indicate success. Otherwise an kerberos et
1213	* error code is returned, see krb5_get_error_message().
1214	*
1215	* @ingroup krb5
1216	*/
1217
1218	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1219	krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses)
1220	{
1221	if(context->ignore_addresses == NULL) {
1222	memset(addresses, 0, sizeof(*addresses));
1223	return 0;
1224	}
1225	return krb5_copy_addresses(context, context->ignore_addresses, addresses);
1226	}
1227
1228	/**
1229	* Set version of fcache that the library should use.
1230	*
1231	* @param context Kerberos 5 context.
1232	* @param version version number.
1233	*
1234	* @return Returns 0 to indicate success. Otherwise an kerberos et
1235	* error code is returned, see krb5_get_error_message().
1236	*
1237	* @ingroup krb5
1238	*/
1239
1240	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1241	krb5_set_fcache_version(krb5_context context, int version)
1242	{
1243	context->fcache_vno = version;
1244	return 0;
1245	}
1246
1247	/**
1248	* Get version of fcache that the library should use.
1249	*
1250	* @param context Kerberos 5 context.
1251	* @param version version number.
1252	*
1253	* @return Returns 0 to indicate success. Otherwise an kerberos et
1254	* error code is returned, see krb5_get_error_message().
1255	*
1256	* @ingroup krb5
1257	*/
1258
1259	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1260	krb5_get_fcache_version(krb5_context context, int *version)
1261	{
1262	*version = context->fcache_vno;
1263	return 0;
1264	}
1265
1266	/**
1267	* Runtime check if the Kerberos library was complied with thread support.
1268	*
1269	* @return TRUE if the library was compiled with thread support, FALSE if not.
1270	*
1271	* @ingroup krb5
1272	*/
1273
1274
1275	KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
1276	krb5_is_thread_safe(void)
1277	{
1278	#ifdef ENABLE_PTHREAD_SUPPORT
1279	return TRUE;
1280	#else
1281	return FALSE;
1282	#endif
1283	}
1284
1285	/**
1286	* Set if the library should use DNS to canonicalize hostnames.
1287	*
1288	* @param context Kerberos 5 context.
1289	* @param flag if its dns canonicalizion is used or not.
1290	*
1291	* @ingroup krb5
1292	*/
1293
1294	KRB5_LIB_FUNCTION void KRB5_LIB_CALL
1295	krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag)
1296	{
1297	if (flag)
1298	context->flags \|= KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME;
1299	else
1300	context->flags &= ~KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME;
1301	}
1302
1303	/**
1304	* Get if the library uses DNS to canonicalize hostnames.
1305	*
1306	* @param context Kerberos 5 context.
1307	*
1308	* @return return non zero if the library uses DNS to canonicalize hostnames.
1309	*
1310	* @ingroup krb5
1311	*/
1312
1313	KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
1314	krb5_get_dns_canonicalize_hostname (krb5_context context)
1315	{
1316	return (context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) ? 1 : 0;
1317	}
1318
1319	/**
1320	* Get current offset in time to the KDC.
1321	*
1322	* @param context Kerberos 5 context.
1323	* @param sec seconds part of offset.
1324	* @param usec micro seconds part of offset.
1325	*
1326	* @return returns zero
1327	*
1328	* @ingroup krb5
1329	*/
1330
1331	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1332	krb5_get_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec)
1333	{
1334	if (sec)
1335	*sec = context->kdc_sec_offset;
1336	if (usec)
1337	*usec = context->kdc_usec_offset;
1338	return 0;
1339	}
1340
1341	/**
1342	* Set current offset in time to the KDC.
1343	*
1344	* @param context Kerberos 5 context.
1345	* @param sec seconds part of offset.
1346	* @param usec micro seconds part of offset.
1347	*
1348	* @return returns zero
1349	*
1350	* @ingroup krb5
1351	*/
1352
1353	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1354	krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec)
1355	{
1356	context->kdc_sec_offset = sec;
1357	if (usec >= 0)
1358	context->kdc_usec_offset = usec;
1359	return 0;
1360	}
1361
1362	/**
1363	* Get max time skew allowed.
1364	*
1365	* @param context Kerberos 5 context.
1366	*
1367	* @return timeskew in seconds.
1368	*
1369	* @ingroup krb5
1370	*/
1371
1372	KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL
1373	krb5_get_max_time_skew (krb5_context context)
1374	{
1375	return context->max_skew;
1376	}
1377
1378	/**
1379	* Set max time skew allowed.
1380	*
1381	* @param context Kerberos 5 context.
1382	* @param t timeskew in seconds.
1383	*
1384	* @ingroup krb5
1385	*/
1386
1387	KRB5_LIB_FUNCTION void KRB5_LIB_CALL
1388	krb5_set_max_time_skew (krb5_context context, time_t t)
1389	{
1390	context->max_skew = t;
1391	}
1392
1393	/**
1394	* Init encryption types in len, val with etypes.
1395	*
1396	* @param context Kerberos 5 context.
1397	* @param len output length of val.
1398	* @param val output array of enctypes.
1399	* @param etypes etypes to set val and len to, if NULL, use default enctypes.
1400
1401	* @return Returns 0 to indicate success. Otherwise an kerberos et
1402	* error code is returned, see krb5_get_error_message().
1403	*
1404	* @ingroup krb5
1405	*/
1406
1407	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1408	krb5_init_etype (krb5_context context,
1409	unsigned *len,
1410	krb5_enctype **val,
1411	const krb5_enctype *etypes)
1412	{
1413	unsigned int i;
1414	krb5_error_code ret;
1415	krb5_enctype *tmp = NULL;
1416
1417	ret = 0;
1418	if (etypes == NULL) {
1419	ret = krb5_get_default_in_tkt_etypes(context, &tmp);
1420	if (ret)
1421	return ret;
1422	etypes = tmp;
1423	}
1424
1425	for (i = 0; etypes[i]; ++i)
1426	;
1427	*len = i;
1428	val = malloc(i sizeof(**val));
1429	if (i != 0 && *val == NULL) {
1430	ret = ENOMEM;
1431	krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
1432	goto cleanup;
1433	}
1434	memmove (*val,
1435	etypes,
1436	i * sizeof(*tmp));
1437	cleanup:
1438	if (tmp != NULL)
1439	free (tmp);
1440	return ret;
1441	}
1442
1443	/*
1444	* Allow homedir accces
1445	*/
1446
1447	static HEIMDAL_MUTEX homedir_mutex = HEIMDAL_MUTEX_INITIALIZER;
1448	static krb5_boolean allow_homedir = TRUE;
1449
1450	krb5_boolean
1451	_krb5_homedir_access(krb5_context context)
1452	{
1453	krb5_boolean allow;
1454
1455	#ifdef HAVE_GETEUID
1456	/* is never allowed for root */
1457	if (geteuid() == 0)
1458	return FALSE;
1459	#endif
1460
1461	if (context && (context->flags & KRB5_CTX_F_HOMEDIR_ACCESS) == 0)
1462	return FALSE;
1463
1464	HEIMDAL_MUTEX_lock(&homedir_mutex);
1465	allow = allow_homedir;
1466	HEIMDAL_MUTEX_unlock(&homedir_mutex);
1467	return allow;
1468	}
1469
1470	/**
1471	* Enable and disable home directory access on either the global state
1472	* or the krb5_context state. By calling krb5_set_home_dir_access()
1473	* with context set to NULL, the global state is configured otherwise
1474	* the state for the krb5_context is modified.
1475	*
1476	* For home directory access to be allowed, both the global state and
1477	* the krb5_context state have to be allowed.
1478	*
1479	* Administrator (root user), never uses the home directory.
1480	*
1481	* @param context a Kerberos 5 context or NULL
1482	* @param allow allow if TRUE home directory
1483	* @return the old value
1484	*
1485	* @ingroup krb5
1486	*/
1487
1488	KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
1489	krb5_set_home_dir_access(krb5_context context, krb5_boolean allow)
1490	{
1491	krb5_boolean old;
1492	if (context) {
1493	old = (context->flags & KRB5_CTX_F_HOMEDIR_ACCESS) ? TRUE : FALSE;
1494	if (allow)
1495	context->flags \|= KRB5_CTX_F_HOMEDIR_ACCESS;
1496	else
1497	context->flags &= ~KRB5_CTX_F_HOMEDIR_ACCESS;
1498	} else {
1499	HEIMDAL_MUTEX_lock(&homedir_mutex);
1500	old = allow_homedir;
1501	allow_homedir = allow;
1502	HEIMDAL_MUTEX_unlock(&homedir_mutex);
1503	}
1504
1505	return old;
1506	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/server/source4/heimdal/lib/krb5/context.c

Download in other formats: