xref: /freebsd/contrib/pam-krb5/portable/krb5-profile.c (revision 24e4dcf4ba5e9dedcf89efd358ea3e1fe5867020) 
1 /*
2  * Kerberos compatibility functions for AIX's NAS libraries.
3  *
4  * AIX for some reason doesn't provide the krb5_appdefault_* functions, but
5  * does provide the underlying profile library functions (as a separate
6  * libk5profile with a separate k5profile.h header file).
7  *
8  * This file is therefore (apart from the includes, opening and closing
9  * comments, and the spots marked with an rra-c-util comment) a verbatim copy
10  * of src/lib/krb5/krb/appdefault.c from MIT Kerberos 1.4.4.
11  *
12  * The canonical version of this file is maintained in the rra-c-util package,
13  * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>.
14  *
15  * Copyright 1985-2005 by the Massachusetts Institute of Technology.
16  * For license information, see the end of this file.
17  */
18 
19 #include <config.h>
20 
21 #include <krb5.h>
22 #ifdef HAVE_K5PROFILE_H
23 # include <k5profile.h>
24 #endif
25 #ifdef HAVE_PROFILE_H
26 # include <profile.h>
27 #endif
28 #include <stdio.h>
29 #include <string.h>
30 
31  /*xxx Duplicating this is annoying; try to work on a better way.*/
32 static const char *const conf_yes[] = {
33 	"y", "yes", "true", "t", "1", "on",
34 	0,
35 };
36 
37 static const char *const conf_no[] = {
38 	"n", "no", "false", "nil", "0", "off",
39 	0,
40 };
41 
42 static int conf_boolean(char *s)
43 {
44 	const char * const *p;
45 	for(p=conf_yes; *p; p++) {
46 		if (!strcasecmp(*p,s))
47 			return 1;
48 	}
49 	for(p=conf_no; *p; p++) {
50 		if (!strcasecmp(*p,s))
51 		return 0;
52 	}
53 	/* Default to "no" */
54 	return 0;
55 }
56 
57 static krb5_error_code appdefault_get(krb5_context context, const char *appname, const krb5_data *realm, const char *option, char **ret_value)
58 {
59         profile_t profile;
60         const char *names[5];
61 	char **nameval = NULL;
62 	krb5_error_code retval;
63 	const char * realmstr =  realm?realm->data:NULL;
64 
65         /*
66          * rra-c-util: The magic values are internal, so a magic check for the
67          * context struct was removed here.  Call krb5_get_profile if it's
68          * available since the krb5_context struct may be opaque.
69          */
70 	    if (!context)
71 	    return KV5M_CONTEXT;
72 
73 #ifdef HAVE_KRB5_GET_PROFILE
74             krb5_get_profile(context, &profile);
75 #else
76 	    profile = context->profile;
77 #endif
78 
79 	/*
80 	 * Try number one:
81 	 *
82 	 * [appdefaults]
83 	 *	app = {
84 	 *		SOME.REALM = {
85 	 *			option = <boolean>
86 	 *		}
87 	 *	}
88 	 */
89 
90 	names[0] = "appdefaults";
91 	names[1] = appname;
92 
93 	if (realmstr) {
94 		names[2] = realmstr;
95 		names[3] = option;
96 		names[4] = 0;
97 		retval = profile_get_values(profile, names, &nameval);
98 		if (retval == 0 && nameval && nameval[0]) {
99 			*ret_value = strdup(nameval[0]);
100 			goto goodbye;
101 		}
102 	}
103 
104 	/*
105 	 * Try number two:
106 	 *
107 	 * [appdefaults]
108 	 *	app = {
109 	 *		option = <boolean>
110 	 *      }
111 	 */
112 
113 	names[2] = option;
114 	names[3] = 0;
115 	retval = profile_get_values(profile, names, &nameval);
116 	if (retval == 0 && nameval && nameval[0]) {
117 		*ret_value = strdup(nameval[0]);
118 		goto goodbye;
119 	}
120 
121 	/*
122 	 * Try number three:
123 	 *
124 	 * [appdefaults]
125 	 *	realm = {
126 	 *		option = <boolean>
127 	 */
128 
129 	if (realmstr) {
130 		names[1] = realmstr;
131 		names[2] = option;
132 		names[3] = 0;
133 		retval = profile_get_values(profile, names, &nameval);
134 		if (retval == 0 && nameval && nameval[0]) {
135 			*ret_value = strdup(nameval[0]);
136 			goto goodbye;
137 		}
138 	}
139 
140 	/*
141 	 * Try number four:
142 	 *
143 	 * [appdefaults]
144 	 *	option = <boolean>
145 	 */
146 
147 	names[1] = option;
148 	names[2] = 0;
149 	retval = profile_get_values(profile, names, &nameval);
150 	if (retval == 0 && nameval && nameval[0]) {
151 		*ret_value = strdup(nameval[0]);
152 	} else {
153 		return retval;
154 	}
155 
156 goodbye:
157 	if (nameval) {
158 		char **cpp;
159 		for (cpp = nameval; *cpp; cpp++)
160 			free(*cpp);
161 		free(nameval);
162 	}
163 	return 0;
164 }
165 
166 void KRB5_CALLCONV
167 krb5_appdefault_boolean(krb5_context context, const char *appname, const krb5_data *realm, const char *option, int default_value, int *ret_value)
168 {
169 	char *string = NULL;
170 	krb5_error_code retval;
171 
172 	retval = appdefault_get(context, appname, realm, option, &string);
173 
174 	if (! retval && string) {
175 		*ret_value = conf_boolean(string);
176 		free(string);
177 	} else
178 		*ret_value = default_value;
179 }
180 
181 void KRB5_CALLCONV
182 krb5_appdefault_string(krb5_context context, const char *appname, const krb5_data *realm, const char *option, const char *default_value, char **ret_value)
183 {
184 	krb5_error_code retval;
185 	char *string;
186 
187 	retval = appdefault_get(context, appname, realm, option, &string);
188 
189 	if (! retval && string) {
190 		*ret_value = string;
191 	} else {
192 		*ret_value = strdup(default_value);
193 	}
194 }
195 
196 /*
197  * Copyright (C) 1985-2005 by the Massachusetts Institute of Technology.
198  * All rights reserved.
199  *
200  * Export of this software from the United States of America may require
201  * a specific license from the United States Government.  It is the
202  * responsibility of any person or organization contemplating export to
203  * obtain such a license before exporting.
204  *
205  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
206  * distribute this software and its documentation for any purpose and
207  * without fee is hereby granted, provided that the above copyright
208  * notice appear in all copies and that both that copyright notice and
209  * this permission notice appear in supporting documentation, and that
210  * the name of M.I.T. not be used in advertising or publicity pertaining
211  * to distribution of the software without specific, written prior
212  * permission.  Furthermore if you modify this software you must label
213  * your software as modified software and not distribute it in such a
214  * fashion that it might be confused with the original MIT software.
215  * M.I.T. makes no representations about the suitability of this software
216  * for any purpose.  It is provided "as is" without express or implied
217  * warranty.
218  *
219  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
220  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
221  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
222  *
223  * Individual source code files are copyright MIT, Cygnus Support,
224  * OpenVision, Oracle, Sun Soft, FundsXpress, and others.
225  *
226  * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
227  * and Zephyr are trademarks of the Massachusetts Institute of Technology
228  * (MIT).  No commercial use of these trademarks may be made without
229  * prior written permission of MIT.
230  *
231  * "Commercial use" means use of a name in a product or other for-profit
232  * manner.  It does NOT prevent a commercial firm from referring to the
233  * MIT trademarks in order to convey information (although in doing so,
234  * recognition of their trademark status should be given).
235  *
236  * There is no SPDX-License-Identifier registered for this license.
237  */
238