2  * Parse PAM options into a struct.
5  * options go where, parse both the PAM configuration options and any options
6  * from a Kerberos krb5.conf file and fill out the struct.
8  * The canonical version of this file is maintained in the rra-c-util package,
9  * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>.
13  * Copyright 2006-2008, 2010-2011, 2013-2014
34  * SPDX-License-Identifier: MIT
39 #    include <portable/krb5.h>
45 #include <pam-util/args.h>
46 #include <pam-util/logging.h>
47 #include <pam-util/options.h>
48 #include <pam-util/vector.h>
58 /* clang-format off */
63 /* clang-format on */
69 /* clang-format off */
75 /* clang-format on */
81  * the PAM argument struct, the pointer in which to store the vector, and the
92     if (defval != NULL && defval->strings != NULL) {  in copy_default_list()
105  * Set a vector argument to a default based on a string.  Takes the PAM
130  * Set the defaults for the PAM configuration.  Takes the PAM arguments, an
158             bp = CONF_BOOL(args->config, options[opt].location);  in putil_args_defaults()
162             lp = CONF_NUMBER(args->config, options[opt].location);  in putil_args_defaults()
166             tp = CONF_TIME(args->config, options[opt].location);  in putil_args_defaults()
170             sp = CONF_STRING(args->config, options[opt].location);  in putil_args_defaults()
183             vp = CONF_LIST(args->config, options[opt].location);  in putil_args_defaults()
188             vp = CONF_LIST(args->config, options[opt].location);  in putil_args_defaults()
200  * Load a boolean option from Kerberos appdefaults.  Takes the PAM argument
232     krb5_appdefault_boolean(args->ctx, section, rdata, opt, *result, &tmp);  in default_boolean()
238  * Load a number option from Kerberos appdefaults.  Takes the PAM argument
266     krb5_appdefault_string(args->ctx, section, rdata, opt, "", &tmp);  in default_number()
271             putil_err(args, "invalid number in krb5.conf setting for %s: %s",  in default_number()
281  * Load a time option from Kerberos appdefaults.  Takes the PAM argument
309     krb5_appdefault_string(args->ctx, section, rdata, opt, "", &tmp);  in default_time()
313             putil_err(args, "invalid time in krb5.conf setting for %s: %s",  in default_time()
323  * Load a string option from Kerberos appdefaults.  Takes the PAM argument
353     krb5_appdefault_string(args->ctx, section, rdata, opt, "", &value);  in default_string()
367  * Load a list option from Kerberos appdefaults.  Takes the PAM arguments, the
371  * false to indicate that PAM setup should abort.
398  * The public interface for getting configuration information from krb5.conf.
399  * Takes the PAM arguments, the krb5.conf section, the options specification,
418     if (args->realm != NULL)  in putil_args_krb5()
419         realm = args->realm;  in putil_args_krb5()
421         if (krb5_get_default_realm(args->ctx, &realm) < 0)  in putil_args_krb5()
429         if (!opt->krb5_config)  in putil_args_krb5()
431         switch (opt->type) {  in putil_args_krb5()
433             default_boolean(args, section, realm, opt->name,  in putil_args_krb5()
434                             CONF_BOOL(args->config, opt->location));  in putil_args_krb5()
437             default_number(args, section, realm, opt->name,  in putil_args_krb5()
438                            CONF_NUMBER(args->config, opt->location));  in putil_args_krb5()
441             default_time(args, section, realm, opt->name,  in putil_args_krb5()
442                          CONF_TIME(args->config, opt->location));  in putil_args_krb5()
445             default_string(args, section, realm, opt->name,  in putil_args_krb5()
446                            CONF_STRING(args->config, opt->location));  in putil_args_krb5()
450             if (!default_list(args, section, realm, opt->name,  in putil_args_krb5()
451                               CONF_LIST(args->config, opt->location)))  in putil_args_krb5()
457         krb5_free_default_realm(args->ctx, realm);  in putil_args_krb5()
464  * Stub function for getting configuration information from krb5.conf used
465  * when the PAM module is not built with Kerberos support so that the function
479  * bsearch comparison function for finding PAM arguments in an array of struct
494         return strcmp(string, option->name);  in option_compare()
496         length = (size_t)(p - string);  in option_compare()
498             return -1;  in option_compare()
499         result = strncmp(string, option->name, length);  in option_compare()
500         if (result == 0 && strlen(option->name) > length)  in option_compare()
501             return -1;  in option_compare()
508  * Given a PAM argument, convert the value portion of the argument to a
523         /* clang-format off */  in convert_boolean()
536         /* clang-format on */  in convert_boolean()
542  * Given a PAM argument, convert the value portion of the argument to a number
569  * Given a PAM argument, convert the value portion of the argument from a
606  * Given a PAM argument, convert the value portion of the argument to a string
609  * non-fatal error.  If memory allocation fails, return false, since PAM setup
635  * Given a PAM argument, convert the value portion of the argument to a vector
638  * non-fatal error.  If memory allocation fails, return false, since PAM setup
664  * Parse the PAM arguments.  Takes the PAM argument struct, the argument count
672  * If options should be retrieved from krb5.conf, call putil_args_krb5()
693         switch (option->type) {  in putil_args_parse()
696                             CONF_BOOL(args->config, option->location));  in putil_args_parse()
700                            CONF_NUMBER(args->config, option->location));  in putil_args_parse()
704                          CONF_TIME(args->config, option->location));  in putil_args_parse()
708                                 CONF_STRING(args->config, option->location)))  in putil_args_parse()
714                               CONF_LIST(args->config, option->location)))  in putil_args_parse()