diff options
Diffstat (limited to 'crypto/heimdal/lib/krb5/context.c')
| -rw-r--r-- | crypto/heimdal/lib/krb5/context.c | 1033 |
1 files changed, 0 insertions, 1033 deletions
diff --git a/crypto/heimdal/lib/krb5/context.c b/crypto/heimdal/lib/krb5/context.c deleted file mode 100644 index 2567833..0000000 --- a/crypto/heimdal/lib/krb5/context.c +++ /dev/null @@ -1,1033 +0,0 @@ -/* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "krb5_locl.h" -#include <com_err.h> - -RCSID("$Id: context.c 22293 2007-12-14 05:25:59Z lha $"); - -#define INIT_FIELD(C, T, E, D, F) \ - (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \ - "libdefaults", F, NULL) - -#define INIT_FLAG(C, O, V, D, F) \ - do { \ - if (krb5_config_get_bool_default((C), NULL, (D),"libdefaults", F, NULL)) { \ - (C)->O |= V; \ - } \ - } while(0) - -/* - * Set the list of etypes `ret_etypes' from the configuration variable - * `name' - */ - -static krb5_error_code -set_etypes (krb5_context context, - const char *name, - krb5_enctype **ret_enctypes) -{ - char **etypes_str; - krb5_enctype *etypes = NULL; - - etypes_str = krb5_config_get_strings(context, NULL, "libdefaults", - name, NULL); - if(etypes_str){ - int i, j, k; - for(i = 0; etypes_str[i]; i++); - etypes = malloc((i+1) * sizeof(*etypes)); - if (etypes == NULL) { - krb5_config_free_strings (etypes_str); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - for(j = 0, k = 0; j < i; j++) { - krb5_enctype e; - if(krb5_string_to_enctype(context, etypes_str[j], &e) != 0) - continue; - if (krb5_enctype_valid(context, e) != 0) - continue; - etypes[k++] = e; - } - etypes[k] = ETYPE_NULL; - krb5_config_free_strings(etypes_str); - } - *ret_enctypes = etypes; - return 0; -} - -/* - * read variables from the configuration file and set in `context' - */ - -static krb5_error_code -init_context_from_config_file(krb5_context context) -{ - krb5_error_code ret; - const char * tmp; - krb5_enctype *tmptypes; - - INIT_FIELD(context, time, max_skew, 5 * 60, "clockskew"); - INIT_FIELD(context, time, kdc_timeout, 3, "kdc_timeout"); - INIT_FIELD(context, int, max_retries, 3, "max_retries"); - - INIT_FIELD(context, string, http_proxy, NULL, "http_proxy"); - - ret = set_etypes (context, "default_etypes", &tmptypes); - if(ret) - return ret; - free(context->etypes); - context->etypes = tmptypes; - - ret = set_etypes (context, "default_etypes_des", &tmptypes); - if(ret) - return ret; - free(context->etypes_des); - context->etypes_des = tmptypes; - - /* default keytab name */ - tmp = NULL; - if(!issuid()) - tmp = getenv("KRB5_KTNAME"); - if(tmp != NULL) - context->default_keytab = tmp; - else - INIT_FIELD(context, string, default_keytab, - KEYTAB_DEFAULT, "default_keytab_name"); - - INIT_FIELD(context, string, default_keytab_modify, - NULL, "default_keytab_modify_name"); - - INIT_FIELD(context, string, time_fmt, - "%Y-%m-%dT%H:%M:%S", "time_format"); - - INIT_FIELD(context, string, date_fmt, - "%Y-%m-%d", "date_format"); - - INIT_FIELD(context, bool, log_utc, - FALSE, "log_utc"); - - - - /* init dns-proxy slime */ - tmp = krb5_config_get_string(context, NULL, "libdefaults", - "dns_proxy", NULL); - if(tmp) - roken_gethostby_setup(context->http_proxy, tmp); - krb5_free_host_realm (context, context->default_realms); - context->default_realms = NULL; - - { - krb5_addresses addresses; - char **adr, **a; - - krb5_set_extra_addresses(context, NULL); - adr = krb5_config_get_strings(context, NULL, - "libdefaults", - "extra_addresses", - NULL); - memset(&addresses, 0, sizeof(addresses)); - for(a = adr; a && *a; a++) { - ret = krb5_parse_address(context, *a, &addresses); - if (ret == 0) { - krb5_add_extra_addresses(context, &addresses); - krb5_free_addresses(context, &addresses); - } - } - krb5_config_free_strings(adr); - - krb5_set_ignore_addresses(context, NULL); - adr = krb5_config_get_strings(context, NULL, - "libdefaults", - "ignore_addresses", - NULL); - memset(&addresses, 0, sizeof(addresses)); - for(a = adr; a && *a; a++) { - ret = krb5_parse_address(context, *a, &addresses); - if (ret == 0) { - krb5_add_ignore_addresses(context, &addresses); - krb5_free_addresses(context, &addresses); - } - } - krb5_config_free_strings(adr); - } - - INIT_FIELD(context, bool, scan_interfaces, TRUE, "scan_interfaces"); - INIT_FIELD(context, int, fcache_vno, 0, "fcache_version"); - /* prefer dns_lookup_kdc over srv_lookup. */ - INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup"); - INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc"); - INIT_FIELD(context, int, large_msg_size, 1400, "large_message_size"); - INIT_FLAG(context, flags, KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME, TRUE, "dns_canonicalize_hostname"); - INIT_FLAG(context, flags, KRB5_CTX_F_CHECK_PAC, TRUE, "check_pac"); - context->default_cc_name = NULL; - context->default_cc_name_set = 0; - return 0; -} - -/** - * Initializes the context structure and reads the configuration file - * /etc/krb5.conf. The structure should be freed by calling - * krb5_free_context() when it is no longer being used. - * - * @param context pointer to returned context - * - * @return Returns 0 to indicate success. Otherwise an errno code is - * returned. Failure means either that something bad happened during - * initialization (typically ENOMEM) or that Kerberos should not be - * used ENXIO. - * - * @ingroup krb5 - */ - -krb5_error_code KRB5_LIB_FUNCTION -krb5_init_context(krb5_context *context) -{ - krb5_context p; - krb5_error_code ret; - char **files; - - *context = NULL; - - p = calloc(1, sizeof(*p)); - if(!p) - return ENOMEM; - - p->mutex = malloc(sizeof(HEIMDAL_MUTEX)); - if (p->mutex == NULL) { - free(p); - return ENOMEM; - } - HEIMDAL_MUTEX_init(p->mutex); - - ret = krb5_get_default_config_files(&files); - if(ret) - goto out; - ret = krb5_set_config_files(p, files); - krb5_free_config_files(files); - if(ret) - goto out; - - /* init error tables */ - krb5_init_ets(p); - - p->cc_ops = NULL; - p->num_cc_ops = 0; - krb5_cc_register(p, &krb5_acc_ops, TRUE); - krb5_cc_register(p, &krb5_fcc_ops, TRUE); - krb5_cc_register(p, &krb5_mcc_ops, TRUE); -#ifdef HAVE_KCM - krb5_cc_register(p, &krb5_kcm_ops, TRUE); -#endif - - p->num_kt_types = 0; - p->kt_types = NULL; - krb5_kt_register (p, &krb5_fkt_ops); - krb5_kt_register (p, &krb5_wrfkt_ops); - krb5_kt_register (p, &krb5_javakt_ops); - krb5_kt_register (p, &krb5_mkt_ops); - krb5_kt_register (p, &krb5_akf_ops); - krb5_kt_register (p, &krb4_fkt_ops); - krb5_kt_register (p, &krb5_srvtab_fkt_ops); - krb5_kt_register (p, &krb5_any_ops); - -out: - if(ret) { - krb5_free_context(p); - p = NULL; - } - *context = p; - return ret; -} - -/** - * Frees the krb5_context allocated by krb5_init_context(). - * - * @param context context to be freed. - * - * @ingroup krb5 -*/ - -void KRB5_LIB_FUNCTION -krb5_free_context(krb5_context context) -{ - if (context->default_cc_name) - free(context->default_cc_name); - if (context->default_cc_name_env) - free(context->default_cc_name_env); - free(context->etypes); - free(context->etypes_des); - krb5_free_host_realm (context, context->default_realms); - krb5_config_file_free (context, context->cf); - free_error_table (context->et_list); - free(context->cc_ops); - free(context->kt_types); - krb5_clear_error_string(context); - if(context->warn_dest != NULL) - krb5_closelog(context, context->warn_dest); - krb5_set_extra_addresses(context, NULL); - krb5_set_ignore_addresses(context, NULL); - krb5_set_send_to_kdc_func(context, NULL, NULL); - if (context->mutex != NULL) { - HEIMDAL_MUTEX_destroy(context->mutex); - free(context->mutex); - } - memset(context, 0, sizeof(*context)); - free(context); -} - -/** - * Reinit the context from a new set of filenames. - * - * @param context context to add configuration too. - * @param filenames array of filenames, end of list is indicated with a NULL filename. - * - * @return Returns 0 to indicate success. Otherwise an kerberos et - * error code is returned, see krb5_get_error_message(). - * - * @ingroup krb5 - */ - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_config_files(krb5_context context, char **filenames) -{ - krb5_error_code ret; - krb5_config_binding *tmp = NULL; - while(filenames != NULL && *filenames != NULL && **filenames != '\0') { - ret = krb5_config_parse_file_multi(context, *filenames, &tmp); - if(ret != 0 && ret != ENOENT && ret != EACCES) { - krb5_config_file_free(context, tmp); - return ret; - } - filenames++; - } -#if 0 - /* with this enabled and if there are no config files, Kerberos is - considererd disabled */ - if(tmp == NULL) - return ENXIO; -#endif - krb5_config_file_free(context, context->cf); - context->cf = tmp; - ret = init_context_from_config_file(context); - return ret; -} - -static krb5_error_code -add_file(char ***pfilenames, int *len, char *file) -{ - char **pp = *pfilenames; - int i; - - for(i = 0; i < *len; i++) { - if(strcmp(pp[i], file) == 0) { - free(file); - return 0; - } - } - - pp = realloc(*pfilenames, (*len + 2) * sizeof(*pp)); - if (pp == NULL) { - free(file); - return ENOMEM; - } - - pp[*len] = file; - pp[*len + 1] = NULL; - *pfilenames = pp; - *len += 1; - return 0; -} - -/* - * `pq' isn't free, it's up the the caller - */ - -krb5_error_code KRB5_LIB_FUNCTION -krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp) -{ - krb5_error_code ret; - const char *p, *q; - char **pp; - int len; - char *fn; - - pp = NULL; - - len = 0; - p = filelist; - while(1) { - ssize_t l; - q = p; - l = strsep_copy(&q, ":", NULL, 0); - if(l == -1) - break; - fn = malloc(l + 1); - if(fn == NULL) { - krb5_free_config_files(pp); - return ENOMEM; - } - l = strsep_copy(&p, ":", fn, l + 1); - ret = add_file(&pp, &len, fn); - if (ret) { - krb5_free_config_files(pp); - return ret; - } - } - - if (pq != NULL) { - int i; - - for (i = 0; pq[i] != NULL; i++) { - fn = strdup(pq[i]); - if (fn == NULL) { - krb5_free_config_files(pp); - return ENOMEM; - } - ret = add_file(&pp, &len, fn); - if (ret) { - krb5_free_config_files(pp); - return ret; - } - } - } - - *ret_pp = pp; - return 0; -} - -/** - * Prepend the filename to the global configuration list. - * - * @param filelist a filename to add to the default list of filename - * @param pfilenames return array of filenames, should be freed with krb5_free_config_files(). - * - * @return Returns 0 to indicate success. Otherwise an kerberos et - * error code is returned, see krb5_get_error_message(). - * - * @ingroup krb5 - */ - -krb5_error_code KRB5_LIB_FUNCTION -krb5_prepend_config_files_default(const char *filelist, char ***pfilenames) -{ - krb5_error_code ret; - char **defpp, **pp = NULL; - - ret = krb5_get_default_config_files(&defpp); - if (ret) - return ret; - - ret = krb5_prepend_config_files(filelist, defpp, &pp); - krb5_free_config_files(defpp); - if (ret) { - return ret; - } - *pfilenames = pp; - return 0; -} - -/** - * Get the global configuration list. - * - * @param pfilenames return array of filenames, should be freed with krb5_free_config_files(). - * - * @return Returns 0 to indicate success. Otherwise an kerberos et - * error code is returned, see krb5_get_error_message(). - * - * @ingroup krb5 - */ - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_default_config_files(char ***pfilenames) -{ - const char *files = NULL; - - if (pfilenames == NULL) - return EINVAL; - if(!issuid()) - files = getenv("KRB5_CONFIG"); - if (files == NULL) - files = krb5_config_file; - - return krb5_prepend_config_files(files, NULL, pfilenames); -} - -/** - * Free a list of configuration files. - * - * @param filenames list to be freed. - * - * @return Returns 0 to indicate success. Otherwise an kerberos et - * error code is returned, see krb5_get_error_message(). - * - * @ingroup krb5 - */ - -void KRB5_LIB_FUNCTION -krb5_free_config_files(char **filenames) -{ - char **p; - for(p = filenames; *p != NULL; p++) - free(*p); - free(filenames); -} - -/** - * Returns the list of Kerberos encryption types sorted in order of - * most preferred to least preferred encryption type. Note that some - * encryption types might be disabled, so you need to check with - * krb5_enctype_valid() before using the encryption type. - * - * @return list of enctypes, terminated with ETYPE_NULL. Its a static - * array completed into the Kerberos library so the content doesn't - * need to be freed. - * - * @ingroup krb5 - */ - -const krb5_enctype * KRB5_LIB_FUNCTION -krb5_kerberos_enctypes(krb5_context context) -{ - static const krb5_enctype p[] = { - ETYPE_AES256_CTS_HMAC_SHA1_96, - ETYPE_AES128_CTS_HMAC_SHA1_96, - ETYPE_DES3_CBC_SHA1, - ETYPE_DES3_CBC_MD5, - ETYPE_ARCFOUR_HMAC_MD5, - ETYPE_DES_CBC_MD5, - ETYPE_DES_CBC_MD4, - ETYPE_DES_CBC_CRC, - ETYPE_NULL - }; - return p; -} - -/* - * set `etype' to a malloced list of the default enctypes - */ - -static krb5_error_code -default_etypes(krb5_context context, krb5_enctype **etype) -{ - const krb5_enctype *p; - krb5_enctype *e = NULL, *ep; - int i, n = 0; - - p = krb5_kerberos_enctypes(context); - - for (i = 0; p[i] != ETYPE_NULL; i++) { - if (krb5_enctype_valid(context, p[i]) != 0) - continue; - ep = realloc(e, (n + 2) * sizeof(*e)); - if (ep == NULL) { - free(e); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - e = ep; - e[n] = p[i]; - e[n + 1] = ETYPE_NULL; - n++; - } - *etype = e; - return 0; -} - -/** - * Set the default encryption types that will be use in communcation - * with the KDC, clients and servers. - * - * @param context Kerberos 5 context. - * @param etypes Encryption types, array terminated with ETYPE_NULL (0). - * - * @return Returns 0 to indicate success. Otherwise an kerberos et - * error code is returned, see krb5_get_error_message(). - * - * @ingroup krb5 - */ - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_default_in_tkt_etypes(krb5_context context, - const krb5_enctype *etypes) -{ - krb5_enctype *p = NULL; - int i; - - if(etypes) { - for (i = 0; etypes[i]; ++i) { - krb5_error_code ret; - ret = krb5_enctype_valid(context, etypes[i]); - if (ret) - return ret; - } - ++i; - ALLOC(p, i); - if(!p) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - memmove(p, etypes, i * sizeof(krb5_enctype)); - } - if(context->etypes) - free(context->etypes); - context->etypes = p; - return 0; -} - -/** - * Get the default encryption types that will be use in communcation - * with the KDC, clients and servers. - * - * @param context Kerberos 5 context. - * @param etypes Encryption types, array terminated with - * ETYPE_NULL(0), caller should free array with krb5_xfree(): - * - * @return Returns 0 to indicate success. Otherwise an kerberos et - * error code is returned, see krb5_get_error_message(). - * - * @ingroup krb5 - */ - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_default_in_tkt_etypes(krb5_context context, - krb5_enctype **etypes) -{ - krb5_enctype *p; - int i; - krb5_error_code ret; - - if(context->etypes) { - for(i = 0; context->etypes[i]; i++); - ++i; - ALLOC(p, i); - if(!p) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - memmove(p, context->etypes, i * sizeof(krb5_enctype)); - } else { - ret = default_etypes(context, &p); - if (ret) - return ret; - } - *etypes = p; - return 0; -} - -/** - * Return the error string for the error code. The caller must not - * free the string. - * - * @param context Kerberos 5 context. - * @param code Kerberos error code. - * - * @return the error message matching code - * - * @ingroup krb5 - */ - -const char* KRB5_LIB_FUNCTION -krb5_get_err_text(krb5_context context, krb5_error_code code) -{ - const char *p = NULL; - if(context != NULL) - p = com_right(context->et_list, code); - if(p == NULL) - p = strerror(code); - if (p == NULL) - p = "Unknown error"; - return p; -} - -/** - * Init the built-in ets in the Kerberos library. - * - * @param context kerberos context to add the ets too - * - * @ingroup krb5 - */ - -void KRB5_LIB_FUNCTION -krb5_init_ets(krb5_context context) -{ - if(context->et_list == NULL){ - krb5_add_et_list(context, initialize_krb5_error_table_r); - krb5_add_et_list(context, initialize_asn1_error_table_r); - krb5_add_et_list(context, initialize_heim_error_table_r); - krb5_add_et_list(context, initialize_k524_error_table_r); -#ifdef PKINIT - krb5_add_et_list(context, initialize_hx_error_table_r); -#endif - } -} - -/** - * Make the kerberos library default to the admin KDC. - * - * @param context Kerberos 5 context. - * @param flag boolean flag to select if the use the admin KDC or not. - * - * @ingroup krb5 - */ - -void KRB5_LIB_FUNCTION -krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag) -{ - context->use_admin_kdc = flag; -} - -/** - * Make the kerberos library default to the admin KDC. - * - * @param context Kerberos 5 context. - * - * @return boolean flag to telling the context will use admin KDC as the default KDC. - * - * @ingroup krb5 - */ - -krb5_boolean KRB5_LIB_FUNCTION -krb5_get_use_admin_kdc (krb5_context context) -{ - return context->use_admin_kdc; -} - -/** - * Add extra address to the address list that the library will add to - * the client's address list when communicating with the KDC. - * - * @param context Kerberos 5 context. - * @param addresses addreses to add - * - * @return Returns 0 to indicate success. Otherwise an kerberos et - * error code is returned, see krb5_get_error_message(). - * - * @ingroup krb5 - */ - -krb5_error_code KRB5_LIB_FUNCTION -krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses) -{ - - if(context->extra_addresses) - return krb5_append_addresses(context, - context->extra_addresses, addresses); - else - return krb5_set_extra_addresses(context, addresses); -} - -/** - * Set extra address to the address list that the library will add to - * the client's address list when communicating with the KDC. - * - * @param context Kerberos 5 context. - * @param addresses addreses to set - * - * @return Returns 0 to indicate success. Otherwise an kerberos et - * error code is returned, see krb5_get_error_message(). - * - * @ingroup krb5 - */ - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses) -{ - if(context->extra_addresses) - krb5_free_addresses(context, context->extra_addresses); - - if(addresses == NULL) { - if(context->extra_addresses != NULL) { - free(context->extra_addresses); - context->extra_addresses = NULL; - } - return 0; - } - if(context->extra_addresses == NULL) { - context->extra_addresses = malloc(sizeof(*context->extra_addresses)); - if(context->extra_addresses == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - } - return krb5_copy_addresses(context, addresses, context->extra_addresses); -} - -/** - * Get extra address to the address list that the library will add to - * the client's address list when communicating with the KDC. - * - * @param context Kerberos 5 context. - * @param addresses addreses to set - * - * @return Returns 0 to indicate success. Otherwise an kerberos et - * error code is returned, see krb5_get_error_message(). - * - * @ingroup krb5 - */ - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses) -{ - if(context->extra_addresses == NULL) { - memset(addresses, 0, sizeof(*addresses)); - return 0; - } - return krb5_copy_addresses(context,context->extra_addresses, addresses); -} - -/** - * Add extra addresses to ignore when fetching addresses from the - * underlaying operating system. - * - * @param context Kerberos 5 context. - * @param addresses addreses to ignore - * - * @return Returns 0 to indicate success. Otherwise an kerberos et - * error code is returned, see krb5_get_error_message(). - * - * @ingroup krb5 - */ - -krb5_error_code KRB5_LIB_FUNCTION -krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses) -{ - - if(context->ignore_addresses) - return krb5_append_addresses(context, - context->ignore_addresses, addresses); - else - return krb5_set_ignore_addresses(context, addresses); -} - -/** - * Set extra addresses to ignore when fetching addresses from the - * underlaying operating system. - * - * @param context Kerberos 5 context. - * @param addresses addreses to ignore - * - * @return Returns 0 to indicate success. Otherwise an kerberos et - * error code is returned, see krb5_get_error_message(). - * - * @ingroup krb5 - */ - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses) -{ - if(context->ignore_addresses) - krb5_free_addresses(context, context->ignore_addresses); - if(addresses == NULL) { - if(context->ignore_addresses != NULL) { - free(context->ignore_addresses); - context->ignore_addresses = NULL; - } - return 0; - } - if(context->ignore_addresses == NULL) { - context->ignore_addresses = malloc(sizeof(*context->ignore_addresses)); - if(context->ignore_addresses == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - } - return krb5_copy_addresses(context, addresses, context->ignore_addresses); -} - -/** - * Get extra addresses to ignore when fetching addresses from the - * underlaying operating system. - * - * @param context Kerberos 5 context. - * @param addresses list addreses ignored - * - * @return Returns 0 to indicate success. Otherwise an kerberos et - * error code is returned, see krb5_get_error_message(). - * - * @ingroup krb5 - */ - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses) -{ - if(context->ignore_addresses == NULL) { - memset(addresses, 0, sizeof(*addresses)); - return 0; - } - return krb5_copy_addresses(context, context->ignore_addresses, addresses); -} - -/** - * Set version of fcache that the library should use. - * - * @param context Kerberos 5 context. - * @param version version number. - * - * @return Returns 0 to indicate success. Otherwise an kerberos et - * error code is returned, see krb5_get_error_message(). - * - * @ingroup krb5 - */ - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_fcache_version(krb5_context context, int version) -{ - context->fcache_vno = version; - return 0; -} - -/** - * Get version of fcache that the library should use. - * - * @param context Kerberos 5 context. - * @param version version number. - * - * @return Returns 0 to indicate success. Otherwise an kerberos et - * error code is returned, see krb5_get_error_message(). - * - * @ingroup krb5 - */ - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_fcache_version(krb5_context context, int *version) -{ - *version = context->fcache_vno; - return 0; -} - -/** - * Runtime check if the Kerberos library was complied with thread support. - * - * @return TRUE if the library was compiled with thread support, FALSE if not. - * - * @ingroup krb5 - */ - - -krb5_boolean KRB5_LIB_FUNCTION -krb5_is_thread_safe(void) -{ -#ifdef ENABLE_PTHREAD_SUPPORT - return TRUE; -#else - return FALSE; -#endif -} - -/** - * Set if the library should use DNS to canonicalize hostnames. - * - * @param context Kerberos 5 context. - * @param flag if its dns canonicalizion is used or not. - * - * @ingroup krb5 - */ - -void KRB5_LIB_FUNCTION -krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag) -{ - if (flag) - context->flags |= KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME; - else - context->flags &= ~KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME; -} - -/** - * Get if the library uses DNS to canonicalize hostnames. - * - * @param context Kerberos 5 context. - * - * @return return non zero if the library uses DNS to canonicalize hostnames. - * - * @ingroup krb5 - */ - -krb5_boolean KRB5_LIB_FUNCTION -krb5_get_dns_canonicalize_hostname (krb5_context context) -{ - return (context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) ? 1 : 0; -} - -/** - * Get current offset in time to the KDC. - * - * @param context Kerberos 5 context. - * @param sec seconds part of offset. - * @param usec micro seconds part of offset. - * - * @return return non zero if the library uses DNS to canonicalize hostnames. - * - * @ingroup krb5 - */ - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec) -{ - if (sec) - *sec = context->kdc_sec_offset; - if (usec) - *usec = context->kdc_usec_offset; - return 0; -} - -/** - * Get max time skew allowed. - * - * @param context Kerberos 5 context. - * - * @return timeskew in seconds. - * - * @ingroup krb5 - */ - -time_t KRB5_LIB_FUNCTION -krb5_get_max_time_skew (krb5_context context) -{ - return context->max_skew; -} - -/** - * Set max time skew allowed. - * - * @param context Kerberos 5 context. - * @param t timeskew in seconds. - * - * @ingroup krb5 - */ - -void KRB5_LIB_FUNCTION -krb5_set_max_time_skew (krb5_context context, time_t t) -{ - context->max_skew = t; -} |
