17c478bd9Sstevel@tonic-gate /*
27c64d375Smp153739 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
37c478bd9Sstevel@tonic-gate * Use is subject to license terms.
47c478bd9Sstevel@tonic-gate */
57c478bd9Sstevel@tonic-gate
67c478bd9Sstevel@tonic-gate
77c478bd9Sstevel@tonic-gate /*
87c478bd9Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
97c478bd9Sstevel@tonic-gate *
107c478bd9Sstevel@tonic-gate * Openvision retains the copyright to derivative works of
117c478bd9Sstevel@tonic-gate * this source code. Do *NOT* create a derivative of this
127c478bd9Sstevel@tonic-gate * source code before consulting with your legal department.
137c478bd9Sstevel@tonic-gate * Do *NOT* integrate *ANY* of this source code into another
147c478bd9Sstevel@tonic-gate * product before consulting with your legal department.
157c478bd9Sstevel@tonic-gate *
167c478bd9Sstevel@tonic-gate * For further information, read the top-level Openvision
177c478bd9Sstevel@tonic-gate * copyright which is contained in the top-level MIT Kerberos
187c478bd9Sstevel@tonic-gate * copyright.
197c478bd9Sstevel@tonic-gate *
207c478bd9Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
217c478bd9Sstevel@tonic-gate *
227c478bd9Sstevel@tonic-gate */
237c478bd9Sstevel@tonic-gate
247c478bd9Sstevel@tonic-gate
257c478bd9Sstevel@tonic-gate /*
267c478bd9Sstevel@tonic-gate * lib/kadm/alt_prof.c
277c478bd9Sstevel@tonic-gate *
2856a424ccSmp153739 * Copyright 1995,2001 by the Massachusetts Institute of Technology.
297c478bd9Sstevel@tonic-gate * All Rights Reserved.
307c478bd9Sstevel@tonic-gate *
317c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may
327c478bd9Sstevel@tonic-gate * require a specific license from the United States Government.
337c478bd9Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating
347c478bd9Sstevel@tonic-gate * export to obtain such a license before exporting.
357c478bd9Sstevel@tonic-gate *
367c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
377c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and
387c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright
397c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and
407c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that
417c478bd9Sstevel@tonic-gate * the name of M.I.T. not be used in advertising or publicity pertaining
427c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior
4356a424ccSmp153739 * permission. Furthermore if you modify this software you must label
4456a424ccSmp153739 * your software as modified software and not distribute it in such a
4556a424ccSmp153739 * fashion that it might be confused with the original M.I.T. software.
4656a424ccSmp153739 * M.I.T. makes no representations about the suitability of
477c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express
487c478bd9Sstevel@tonic-gate * or implied warranty.
497c478bd9Sstevel@tonic-gate *
507c478bd9Sstevel@tonic-gate */
517c478bd9Sstevel@tonic-gate
527c478bd9Sstevel@tonic-gate /*
537c478bd9Sstevel@tonic-gate * alt_prof.c - Implement alternate profile file handling.
547c478bd9Sstevel@tonic-gate */
55*159d09a2SMark Phalan #include "k5-int.h"
567c478bd9Sstevel@tonic-gate #include <kadm5/admin.h>
57*159d09a2SMark Phalan #include "adm_proto.h"
587c478bd9Sstevel@tonic-gate #include <stdio.h>
597c478bd9Sstevel@tonic-gate #include <ctype.h>
607c478bd9Sstevel@tonic-gate #include <os-proto.h>
617c478bd9Sstevel@tonic-gate #include <kdb/kdb_log.h>
627c478bd9Sstevel@tonic-gate
637c478bd9Sstevel@tonic-gate krb5_error_code kadm5_free_config_params();
647c478bd9Sstevel@tonic-gate
657c478bd9Sstevel@tonic-gate #define DEFAULT_ENCTYPE_LIST \
667c478bd9Sstevel@tonic-gate "aes256-cts-hmac-sha1-96:normal " \
677c478bd9Sstevel@tonic-gate "aes128-cts-hmac-sha1-96:normal " \
687c478bd9Sstevel@tonic-gate "des3-cbc-hmac-sha1-kd:normal " \
697c478bd9Sstevel@tonic-gate "arcfour-hmac-md5:normal " \
7045526e97Ssemery "arcfour-hmac-md5-exp:normal " \
717c478bd9Sstevel@tonic-gate "des-cbc-md5:normal " \
727c478bd9Sstevel@tonic-gate "des-cbc-crc:normal"
737c478bd9Sstevel@tonic-gate
copy_key_salt_tuple(ksalt,len)7456a424ccSmp153739 static krb5_key_salt_tuple *copy_key_salt_tuple(ksalt, len)
7556a424ccSmp153739 krb5_key_salt_tuple *ksalt;
7656a424ccSmp153739 krb5_int32 len;
7756a424ccSmp153739 {
7856a424ccSmp153739 krb5_key_salt_tuple *knew;
7956a424ccSmp153739
8056a424ccSmp153739 if((knew = (krb5_key_salt_tuple *)
8156a424ccSmp153739 malloc((len ) * sizeof(krb5_key_salt_tuple)))) {
8256a424ccSmp153739 memcpy(knew, ksalt, len * sizeof(krb5_key_salt_tuple));
8356a424ccSmp153739 return knew;
8456a424ccSmp153739 }
8556a424ccSmp153739 return 0;
8656a424ccSmp153739 }
8756a424ccSmp153739
887c478bd9Sstevel@tonic-gate /*
897c478bd9Sstevel@tonic-gate * krb5_aprof_init() - Initialize alternate profile context.
907c478bd9Sstevel@tonic-gate *
917c478bd9Sstevel@tonic-gate * Parameters:
927c478bd9Sstevel@tonic-gate * fname - default file name of the profile.
937c478bd9Sstevel@tonic-gate * envname - environment variable name which can override fname.
947c478bd9Sstevel@tonic-gate * acontextp - Pointer to opaque context for alternate profile.
957c478bd9Sstevel@tonic-gate *
967c478bd9Sstevel@tonic-gate * Returns:
977c478bd9Sstevel@tonic-gate * error codes from profile_init()
987c478bd9Sstevel@tonic-gate */
997c478bd9Sstevel@tonic-gate krb5_error_code
krb5_aprof_init(fname,envname,acontextp)1007c478bd9Sstevel@tonic-gate krb5_aprof_init(fname, envname, acontextp)
1017c478bd9Sstevel@tonic-gate char *fname;
1027c478bd9Sstevel@tonic-gate char *envname;
1037c478bd9Sstevel@tonic-gate krb5_pointer *acontextp;
1047c478bd9Sstevel@tonic-gate {
1057c478bd9Sstevel@tonic-gate krb5_error_code kret;
1067c478bd9Sstevel@tonic-gate profile_t profile;
107*159d09a2SMark Phalan const char *kdc_config;
108*159d09a2SMark Phalan size_t krb5_config_len, kdc_config_len;
109*159d09a2SMark Phalan char *profile_path;
110*159d09a2SMark Phalan char **filenames;
111*159d09a2SMark Phalan int i;
1127c478bd9Sstevel@tonic-gate
113*159d09a2SMark Phalan kret = krb5_get_default_config_files (&filenames);
1147c478bd9Sstevel@tonic-gate if (kret)
11556a424ccSmp153739 return kret;
116*159d09a2SMark Phalan krb5_config_len = 0;
117*159d09a2SMark Phalan for (i = 0; filenames[i] != NULL; i++)
118*159d09a2SMark Phalan krb5_config_len += strlen(filenames[i]) + 1;
119*159d09a2SMark Phalan if (i > 0)
120*159d09a2SMark Phalan krb5_config_len--;
121*159d09a2SMark Phalan if (envname == NULL
122*159d09a2SMark Phalan || (kdc_config = getenv(envname)) == NULL)
123*159d09a2SMark Phalan kdc_config = fname;
124*159d09a2SMark Phalan if (kdc_config == NULL)
125*159d09a2SMark Phalan kdc_config_len = 0;
126*159d09a2SMark Phalan else
127*159d09a2SMark Phalan kdc_config_len = strlen(kdc_config);
128*159d09a2SMark Phalan profile_path = malloc(2 + krb5_config_len + kdc_config_len);
129*159d09a2SMark Phalan if (profile_path == NULL) {
130*159d09a2SMark Phalan krb5_free_config_files(filenames);
131*159d09a2SMark Phalan return errno;
1327c478bd9Sstevel@tonic-gate }
133*159d09a2SMark Phalan if (kdc_config_len)
134*159d09a2SMark Phalan strcpy(profile_path, kdc_config);
135*159d09a2SMark Phalan else
136*159d09a2SMark Phalan profile_path[0] = 0;
137*159d09a2SMark Phalan if (krb5_config_len)
138*159d09a2SMark Phalan for (i = 0; filenames[i] != NULL; i++) {
139*159d09a2SMark Phalan if (kdc_config_len || i)
140*159d09a2SMark Phalan strcat(profile_path, ":");
141*159d09a2SMark Phalan strcat(profile_path, filenames[i]);
1427c478bd9Sstevel@tonic-gate }
143*159d09a2SMark Phalan krb5_free_config_files(filenames);
1447c478bd9Sstevel@tonic-gate profile = (profile_t) NULL;
145*159d09a2SMark Phalan kret = profile_init_path(profile_path, &profile);
146*159d09a2SMark Phalan free(profile_path);
147*159d09a2SMark Phalan if (kret)
14856a424ccSmp153739 return kret;
149*159d09a2SMark Phalan *acontextp = profile;
15056a424ccSmp153739 return 0;
1517c478bd9Sstevel@tonic-gate }
1527c478bd9Sstevel@tonic-gate
1537c478bd9Sstevel@tonic-gate /*
1547c478bd9Sstevel@tonic-gate * krb5_aprof_getvals() - Get values from alternate profile.
1557c478bd9Sstevel@tonic-gate *
1567c478bd9Sstevel@tonic-gate * Parameters:
1577c478bd9Sstevel@tonic-gate * acontext - opaque context for alternate profile.
1587c478bd9Sstevel@tonic-gate * hierarchy - hierarchy of value to retrieve.
1597c478bd9Sstevel@tonic-gate * retdata - Returned data values.
1607c478bd9Sstevel@tonic-gate *
1617c478bd9Sstevel@tonic-gate * Returns:
1627c478bd9Sstevel@tonic-gate * error codes from profile_get_values()
1637c478bd9Sstevel@tonic-gate */
1647c478bd9Sstevel@tonic-gate krb5_error_code
krb5_aprof_getvals(acontext,hierarchy,retdata)1657c478bd9Sstevel@tonic-gate krb5_aprof_getvals(acontext, hierarchy, retdata)
1667c478bd9Sstevel@tonic-gate krb5_pointer acontext;
1677c478bd9Sstevel@tonic-gate const char **hierarchy;
1687c478bd9Sstevel@tonic-gate char ***retdata;
1697c478bd9Sstevel@tonic-gate {
1707c478bd9Sstevel@tonic-gate return(profile_get_values((profile_t) acontext,
1717c478bd9Sstevel@tonic-gate hierarchy,
1727c478bd9Sstevel@tonic-gate retdata));
1737c478bd9Sstevel@tonic-gate }
1747c478bd9Sstevel@tonic-gate
1757c478bd9Sstevel@tonic-gate /*
17656a424ccSmp153739 * krb5_aprof_get_boolean()
17756a424ccSmp153739 *
17856a424ccSmp153739 * Parameters:
17956a424ccSmp153739 * acontext - opaque context for alternate profile
18056a424ccSmp153739 * hierarchy - hierarchy of value to retrieve
18156a424ccSmp153739 * retdata - Returned data value
18256a424ccSmp153739 * Returns:
18356a424ccSmp153739 * error codes
18456a424ccSmp153739 */
18556a424ccSmp153739
18656a424ccSmp153739 static krb5_error_code
string_to_boolean(const char * string,krb5_boolean * out)18756a424ccSmp153739 string_to_boolean (const char *string, krb5_boolean *out)
18856a424ccSmp153739 {
18956a424ccSmp153739 static const char *const yes[] = { "y", "yes", "true", "t", "1", "on" };
19056a424ccSmp153739 static const char *const no[] = { "n", "no", "false", "f", "nil", "0", "off" };
19156a424ccSmp153739 int i;
19256a424ccSmp153739
19356a424ccSmp153739 for (i = 0; i < sizeof(yes)/sizeof(yes[0]); i++)
19456a424ccSmp153739 if (!strcasecmp(string, yes[i])) {
19556a424ccSmp153739 *out = 1;
19656a424ccSmp153739 return 0;
19756a424ccSmp153739 }
19856a424ccSmp153739 for (i = 0; i < sizeof(no)/sizeof(no[0]); i++)
19956a424ccSmp153739 if (!strcasecmp(string, no[i])) {
20056a424ccSmp153739 *out = 0;
20156a424ccSmp153739 return 0;
20256a424ccSmp153739 }
20356a424ccSmp153739 return PROF_BAD_BOOLEAN;
20456a424ccSmp153739 }
20556a424ccSmp153739
20656a424ccSmp153739 krb5_error_code
krb5_aprof_get_boolean(krb5_pointer acontext,const char ** hierarchy,int uselast,krb5_boolean * retdata)20756a424ccSmp153739 krb5_aprof_get_boolean(krb5_pointer acontext, const char **hierarchy,
20856a424ccSmp153739 int uselast, krb5_boolean *retdata)
20956a424ccSmp153739 {
21056a424ccSmp153739 krb5_error_code kret;
21156a424ccSmp153739 char **values;
21256a424ccSmp153739 char *valp;
21356a424ccSmp153739 int idx;
21456a424ccSmp153739 krb5_boolean val;
21556a424ccSmp153739
21656a424ccSmp153739 kret = krb5_aprof_getvals (acontext, hierarchy, &values);
21756a424ccSmp153739 if (kret)
21856a424ccSmp153739 return kret;
21956a424ccSmp153739 idx = 0;
22056a424ccSmp153739 if (uselast) {
22156a424ccSmp153739 while (values[idx])
22256a424ccSmp153739 idx++;
22356a424ccSmp153739 idx--;
22456a424ccSmp153739 }
22556a424ccSmp153739 valp = values[idx];
22656a424ccSmp153739 kret = string_to_boolean (valp, &val);
22756a424ccSmp153739 if (kret)
22856a424ccSmp153739 return kret;
22956a424ccSmp153739 *retdata = val;
23056a424ccSmp153739 return 0;
23156a424ccSmp153739 }
23256a424ccSmp153739
23356a424ccSmp153739 /*
2347c478bd9Sstevel@tonic-gate * krb5_aprof_get_deltat() - Get a delta time value from the alternate
2357c478bd9Sstevel@tonic-gate * profile.
2367c478bd9Sstevel@tonic-gate *
2377c478bd9Sstevel@tonic-gate * Parameters:
2387c478bd9Sstevel@tonic-gate * acontext - opaque context for alternate profile.
2397c478bd9Sstevel@tonic-gate * hierarchy - hierarchy of value to retrieve.
2407c478bd9Sstevel@tonic-gate * uselast - if true, use last value, otherwise use
2417c478bd9Sstevel@tonic-gate * first value found.
2427c478bd9Sstevel@tonic-gate * deltatp - returned delta time value.
2437c478bd9Sstevel@tonic-gate *
2447c478bd9Sstevel@tonic-gate * Returns:
2457c478bd9Sstevel@tonic-gate * error codes from profile_get_values()
2467c478bd9Sstevel@tonic-gate * error codes from krb5_string_to_deltat()
2477c478bd9Sstevel@tonic-gate */
2487c478bd9Sstevel@tonic-gate krb5_error_code
krb5_aprof_get_deltat(acontext,hierarchy,uselast,deltatp)2497c478bd9Sstevel@tonic-gate krb5_aprof_get_deltat(acontext, hierarchy, uselast, deltatp)
2507c478bd9Sstevel@tonic-gate krb5_pointer acontext;
2517c478bd9Sstevel@tonic-gate const char **hierarchy;
2527c478bd9Sstevel@tonic-gate krb5_boolean uselast;
2537c478bd9Sstevel@tonic-gate krb5_deltat *deltatp;
2547c478bd9Sstevel@tonic-gate {
2557c478bd9Sstevel@tonic-gate krb5_error_code kret;
2567c478bd9Sstevel@tonic-gate char **values;
2577c478bd9Sstevel@tonic-gate char *valp;
25856a424ccSmp153739 int idx;
2597c478bd9Sstevel@tonic-gate
2607c478bd9Sstevel@tonic-gate if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) {
26156a424ccSmp153739 idx = 0;
2627c478bd9Sstevel@tonic-gate if (uselast) {
26356a424ccSmp153739 for (idx=0; values[idx]; idx++);
26456a424ccSmp153739 idx--;
2657c478bd9Sstevel@tonic-gate }
26656a424ccSmp153739 valp = values[idx];
2677c478bd9Sstevel@tonic-gate kret = krb5_string_to_deltat(valp, deltatp);
2687c478bd9Sstevel@tonic-gate
2697c478bd9Sstevel@tonic-gate /* Free the string storage */
27056a424ccSmp153739 for (idx=0; values[idx]; idx++)
27156a424ccSmp153739 krb5_xfree(values[idx]);
2727c478bd9Sstevel@tonic-gate krb5_xfree(values);
2737c478bd9Sstevel@tonic-gate }
2747c478bd9Sstevel@tonic-gate return(kret);
2757c478bd9Sstevel@tonic-gate }
2767c478bd9Sstevel@tonic-gate
2777c478bd9Sstevel@tonic-gate /*
2787c478bd9Sstevel@tonic-gate * krb5_aprof_get_string() - Get a string value from the alternate
2797c478bd9Sstevel@tonic-gate * profile.
2807c478bd9Sstevel@tonic-gate *
2817c478bd9Sstevel@tonic-gate * Parameters:
2827c478bd9Sstevel@tonic-gate * acontext - opaque context for alternate profile.
2837c478bd9Sstevel@tonic-gate * hierarchy - hierarchy of value to retrieve.
2847c478bd9Sstevel@tonic-gate * uselast - if true, use last value, otherwise use
2857c478bd9Sstevel@tonic-gate * first value found.
2867c478bd9Sstevel@tonic-gate * stringp - returned string value.
2877c478bd9Sstevel@tonic-gate *
2887c478bd9Sstevel@tonic-gate * Returns:
2897c478bd9Sstevel@tonic-gate * error codes from profile_get_values()
2907c478bd9Sstevel@tonic-gate */
2917c478bd9Sstevel@tonic-gate krb5_error_code
krb5_aprof_get_string(acontext,hierarchy,uselast,stringp)2927c478bd9Sstevel@tonic-gate krb5_aprof_get_string(acontext, hierarchy, uselast, stringp)
2937c478bd9Sstevel@tonic-gate krb5_pointer acontext;
2947c478bd9Sstevel@tonic-gate const char **hierarchy;
2957c478bd9Sstevel@tonic-gate krb5_boolean uselast;
2967c478bd9Sstevel@tonic-gate char **stringp;
2977c478bd9Sstevel@tonic-gate {
2987c478bd9Sstevel@tonic-gate krb5_error_code kret;
2997c478bd9Sstevel@tonic-gate char **values;
30056a424ccSmp153739 int idx, i;
3017c478bd9Sstevel@tonic-gate
3027c478bd9Sstevel@tonic-gate if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) {
30356a424ccSmp153739 idx = 0;
3047c478bd9Sstevel@tonic-gate if (uselast) {
30556a424ccSmp153739 for (idx=0; values[idx]; idx++);
30656a424ccSmp153739 idx--;
3077c478bd9Sstevel@tonic-gate }
3087c478bd9Sstevel@tonic-gate
30956a424ccSmp153739 *stringp = values[idx];
3107c478bd9Sstevel@tonic-gate
3117c478bd9Sstevel@tonic-gate /* Free the string storage */
3127c478bd9Sstevel@tonic-gate for (i=0; values[i]; i++)
31356a424ccSmp153739 if (i != idx)
3147c478bd9Sstevel@tonic-gate krb5_xfree(values[i]);
3157c478bd9Sstevel@tonic-gate krb5_xfree(values);
3167c478bd9Sstevel@tonic-gate }
3177c478bd9Sstevel@tonic-gate return(kret);
3187c478bd9Sstevel@tonic-gate }
3197c478bd9Sstevel@tonic-gate
3207c478bd9Sstevel@tonic-gate /*
3217c478bd9Sstevel@tonic-gate * krb5_aprof_get_int32() - Get a 32-bit integer value from the alternate
3227c478bd9Sstevel@tonic-gate * profile.
3237c478bd9Sstevel@tonic-gate *
3247c478bd9Sstevel@tonic-gate * Parameters:
3257c478bd9Sstevel@tonic-gate * acontext - opaque context for alternate profile.
3267c478bd9Sstevel@tonic-gate * hierarchy - hierarchy of value to retrieve.
3277c478bd9Sstevel@tonic-gate * uselast - if true, use last value, otherwise use
3287c478bd9Sstevel@tonic-gate * first value found.
3297c478bd9Sstevel@tonic-gate * intp - returned 32-bit integer value.
3307c478bd9Sstevel@tonic-gate *
3317c478bd9Sstevel@tonic-gate * Returns:
3327c478bd9Sstevel@tonic-gate * error codes from profile_get_values()
3337c478bd9Sstevel@tonic-gate * EINVAL - value is not an integer
3347c478bd9Sstevel@tonic-gate */
3357c478bd9Sstevel@tonic-gate krb5_error_code
krb5_aprof_get_int32(acontext,hierarchy,uselast,intp)3367c478bd9Sstevel@tonic-gate krb5_aprof_get_int32(acontext, hierarchy, uselast, intp)
3377c478bd9Sstevel@tonic-gate krb5_pointer acontext;
3387c478bd9Sstevel@tonic-gate const char **hierarchy;
3397c478bd9Sstevel@tonic-gate krb5_boolean uselast;
3407c478bd9Sstevel@tonic-gate krb5_int32 *intp;
3417c478bd9Sstevel@tonic-gate {
3427c478bd9Sstevel@tonic-gate krb5_error_code kret;
3437c478bd9Sstevel@tonic-gate char **values;
34456a424ccSmp153739 int idx;
3457c478bd9Sstevel@tonic-gate
3467c478bd9Sstevel@tonic-gate if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) {
34756a424ccSmp153739 idx = 0;
3487c478bd9Sstevel@tonic-gate if (uselast) {
34956a424ccSmp153739 for (idx=0; values[idx]; idx++);
35056a424ccSmp153739 idx--;
3517c478bd9Sstevel@tonic-gate }
3527c478bd9Sstevel@tonic-gate
35356a424ccSmp153739 if (sscanf(values[idx], "%d", intp) != 1)
3547c478bd9Sstevel@tonic-gate kret = EINVAL;
3557c478bd9Sstevel@tonic-gate
3567c478bd9Sstevel@tonic-gate /* Free the string storage */
35756a424ccSmp153739 for (idx=0; values[idx]; idx++)
35856a424ccSmp153739 krb5_xfree(values[idx]);
3597c478bd9Sstevel@tonic-gate krb5_xfree(values);
3607c478bd9Sstevel@tonic-gate }
3617c478bd9Sstevel@tonic-gate return(kret);
3627c478bd9Sstevel@tonic-gate }
3637c478bd9Sstevel@tonic-gate
3647c478bd9Sstevel@tonic-gate /*
3657c478bd9Sstevel@tonic-gate * krb5_aprof_finish() - Finish alternate profile context.
3667c478bd9Sstevel@tonic-gate *
3677c478bd9Sstevel@tonic-gate * Parameter:
3687c478bd9Sstevel@tonic-gate * acontext - opaque context for alternate profile.
3697c478bd9Sstevel@tonic-gate *
3707c478bd9Sstevel@tonic-gate * Returns:
3717c478bd9Sstevel@tonic-gate * 0 on success, something else on failure.
3727c478bd9Sstevel@tonic-gate */
3737c478bd9Sstevel@tonic-gate krb5_error_code
krb5_aprof_finish(acontext)3747c478bd9Sstevel@tonic-gate krb5_aprof_finish(acontext)
3757c478bd9Sstevel@tonic-gate krb5_pointer acontext;
3767c478bd9Sstevel@tonic-gate {
3777c478bd9Sstevel@tonic-gate profile_release(acontext);
3787c478bd9Sstevel@tonic-gate return(0);
3797c478bd9Sstevel@tonic-gate }
3807c478bd9Sstevel@tonic-gate
3817c478bd9Sstevel@tonic-gate /*
3827c478bd9Sstevel@tonic-gate * Function: kadm5_get_config_params
3837c478bd9Sstevel@tonic-gate *
3847c478bd9Sstevel@tonic-gate * Purpose: Merge configuration parameters provided by the caller with
3857c478bd9Sstevel@tonic-gate * values specified in configuration files and with default values.
3867c478bd9Sstevel@tonic-gate *
3877c478bd9Sstevel@tonic-gate * Arguments:
3887c478bd9Sstevel@tonic-gate *
3897c478bd9Sstevel@tonic-gate * context (r) krb5_context to use
3907c478bd9Sstevel@tonic-gate * profile (r) profile file to use
3917c478bd9Sstevel@tonic-gate * envname (r) envname that contains a profile name to
3927c478bd9Sstevel@tonic-gate * override profile
3937c478bd9Sstevel@tonic-gate * params_in (r) params structure containing user-supplied
3947c478bd9Sstevel@tonic-gate * values, or NULL
3957c478bd9Sstevel@tonic-gate * params_out (w) params structure to be filled in
3967c478bd9Sstevel@tonic-gate *
3977c478bd9Sstevel@tonic-gate * Effects:
3987c478bd9Sstevel@tonic-gate *
3997c478bd9Sstevel@tonic-gate * The fields and mask of params_out are filled in with values
4007c478bd9Sstevel@tonic-gate * obtained from params_in, the specified profile, and default
4017c478bd9Sstevel@tonic-gate * values. Only and all fields specified in params_out->mask are
4027c478bd9Sstevel@tonic-gate * set. The context of params_out must be freed with
4037c478bd9Sstevel@tonic-gate * kadm5_free_config_params.
4047c478bd9Sstevel@tonic-gate *
4057c478bd9Sstevel@tonic-gate * params_in and params_out may be the same pointer. However, all pointers
4067c478bd9Sstevel@tonic-gate * in params_in for which the mask is set will be re-assigned to newly copied
4077c478bd9Sstevel@tonic-gate * versions, overwriting the old pointer value.
4087c478bd9Sstevel@tonic-gate */
kadm5_get_config_params(context,use_kdc_config,params_in,params_out)409*159d09a2SMark Phalan krb5_error_code kadm5_get_config_params(context, use_kdc_config,
4107c478bd9Sstevel@tonic-gate params_in, params_out)
4117c478bd9Sstevel@tonic-gate krb5_context context;
412*159d09a2SMark Phalan int use_kdc_config;
4137c478bd9Sstevel@tonic-gate kadm5_config_params *params_in, *params_out;
4147c478bd9Sstevel@tonic-gate {
4157c478bd9Sstevel@tonic-gate char *filename;
4167c478bd9Sstevel@tonic-gate char *envname;
4177c478bd9Sstevel@tonic-gate char *lrealm;
4187c478bd9Sstevel@tonic-gate krb5_pointer aprofile = 0;
4197c478bd9Sstevel@tonic-gate const char *hierarchy[4];
4207c478bd9Sstevel@tonic-gate char *svalue;
4217c478bd9Sstevel@tonic-gate krb5_int32 ivalue;
4227c478bd9Sstevel@tonic-gate kadm5_config_params params, empty_params;
4237c478bd9Sstevel@tonic-gate
4247c478bd9Sstevel@tonic-gate krb5_error_code kret = 0;
4257c478bd9Sstevel@tonic-gate krb5_error_code dnsret = 1;
4267c478bd9Sstevel@tonic-gate
4277c478bd9Sstevel@tonic-gate #ifdef KRB5_DNS_LOOKUP
4287c478bd9Sstevel@tonic-gate char dns_host[MAX_DNS_NAMELEN];
4297c478bd9Sstevel@tonic-gate unsigned short dns_portno;
4307c478bd9Sstevel@tonic-gate krb5_data dns_realm;
431eda50310Smp153739 memset((char *)&dns_realm, 0, sizeof (dns_realm));
4327c478bd9Sstevel@tonic-gate #endif /* KRB5_DNS_LOOKUP */
4337c478bd9Sstevel@tonic-gate
4347c478bd9Sstevel@tonic-gate memset((char *) ¶ms, 0, sizeof(params));
4357c478bd9Sstevel@tonic-gate memset((char *) &empty_params, 0, sizeof(empty_params));
4367c478bd9Sstevel@tonic-gate
4377c478bd9Sstevel@tonic-gate if (params_in == NULL) params_in = &empty_params;
4387c478bd9Sstevel@tonic-gate
4397c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_REALM) {
4407c478bd9Sstevel@tonic-gate lrealm = params.realm = strdup(params_in->realm);
4417c478bd9Sstevel@tonic-gate if (params.realm)
4427c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_REALM;
4437c478bd9Sstevel@tonic-gate } else {
4447c478bd9Sstevel@tonic-gate kret = krb5_get_default_realm(context, &lrealm);
4457c478bd9Sstevel@tonic-gate if (kret)
4467c478bd9Sstevel@tonic-gate goto cleanup;
4477c478bd9Sstevel@tonic-gate params.realm = lrealm;
4487c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_REALM;
4497c478bd9Sstevel@tonic-gate }
4507c478bd9Sstevel@tonic-gate /*
4517c478bd9Sstevel@tonic-gate * XXX These defaults should to work on both client and
4527c478bd9Sstevel@tonic-gate * server. kadm5_get_config_params can be implemented as a
4537c478bd9Sstevel@tonic-gate * wrapper function in each library that provides correct
4547c478bd9Sstevel@tonic-gate * defaults for NULL values.
4557c478bd9Sstevel@tonic-gate */
456*159d09a2SMark Phalan if (use_kdc_config) {
457*159d09a2SMark Phalan filename = DEFAULT_KDC_PROFILE;
458*159d09a2SMark Phalan envname = KDC_PROFILE_ENV;
459*159d09a2SMark Phalan } else {
460*159d09a2SMark Phalan filename = DEFAULT_PROFILE_PATH;
461*159d09a2SMark Phalan envname = "KRB5_CONFIG";
4627c478bd9Sstevel@tonic-gate }
463*159d09a2SMark Phalan if (context->profile_secure == TRUE) envname = 0;
4647c478bd9Sstevel@tonic-gate
4657c478bd9Sstevel@tonic-gate kret = krb5_aprof_init(filename, envname, &aprofile);
4667c478bd9Sstevel@tonic-gate if (kret)
4677c478bd9Sstevel@tonic-gate goto cleanup;
4687c478bd9Sstevel@tonic-gate
4697c478bd9Sstevel@tonic-gate /* Initialize realm parameters */
4707c478bd9Sstevel@tonic-gate hierarchy[0] = "realms";
4717c478bd9Sstevel@tonic-gate hierarchy[1] = lrealm;
4727c478bd9Sstevel@tonic-gate hierarchy[3] = (char *) NULL;
4737c478bd9Sstevel@tonic-gate
4747c478bd9Sstevel@tonic-gate #ifdef KRB5_DNS_LOOKUP
4757c478bd9Sstevel@tonic-gate /*
4767c478bd9Sstevel@tonic-gate * Initialize realm info for (possible) DNS lookups.
4777c478bd9Sstevel@tonic-gate */
4787c478bd9Sstevel@tonic-gate dns_realm.data = strdup(lrealm);
4797c478bd9Sstevel@tonic-gate dns_realm.length = strlen(lrealm);
4807c478bd9Sstevel@tonic-gate dns_realm.magic = 0;
4817c478bd9Sstevel@tonic-gate #endif /* KRB5_DNS_LOOKUP */
4827c478bd9Sstevel@tonic-gate
4837c478bd9Sstevel@tonic-gate /* Get the value for the admin server */
4847c478bd9Sstevel@tonic-gate hierarchy[2] = "admin_server";
4857c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_ADMIN_SERVER) {
4867c478bd9Sstevel@tonic-gate params.admin_server = strdup(params_in->admin_server);
4877c478bd9Sstevel@tonic-gate if (params.admin_server)
4887c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ADMIN_SERVER;
4897c478bd9Sstevel@tonic-gate } else if (aprofile &&
4907c478bd9Sstevel@tonic-gate !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
4917c478bd9Sstevel@tonic-gate params.admin_server = svalue;
4927c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ADMIN_SERVER;
4937c478bd9Sstevel@tonic-gate }
4947c478bd9Sstevel@tonic-gate #ifdef KRB5_DNS_LOOKUP
4957c478bd9Sstevel@tonic-gate else if (strcmp(envname, "KRB5_CONFIG") == 0) {
4967c478bd9Sstevel@tonic-gate /*
4977c478bd9Sstevel@tonic-gate * Solaris Kerberos: only do DNS lookup for admin_server if this
4987c478bd9Sstevel@tonic-gate * is a krb5.conf type of config file. Note, the filename may
4997c478bd9Sstevel@tonic-gate * not be /etc/krb5/krb5.conf so we assume that the KRB5_CONFIG
5007c478bd9Sstevel@tonic-gate * envname string will consistently indicate the type of config
5017c478bd9Sstevel@tonic-gate * file.
5027c478bd9Sstevel@tonic-gate */
5037c478bd9Sstevel@tonic-gate dnsret = krb5_get_servername(context, &dns_realm,
5047c478bd9Sstevel@tonic-gate "_kerberos-adm", "_udp",
5057c478bd9Sstevel@tonic-gate dns_host, &dns_portno);
5067c478bd9Sstevel@tonic-gate if (dnsret == 0) {
5077c478bd9Sstevel@tonic-gate params.admin_server = strdup(dns_host);
5087c478bd9Sstevel@tonic-gate if (params.admin_server)
5097c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ADMIN_SERVER;
5107c478bd9Sstevel@tonic-gate params.kadmind_port = dns_portno;
5117c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KADMIND_PORT;
5127c478bd9Sstevel@tonic-gate }
5137c478bd9Sstevel@tonic-gate }
5147c478bd9Sstevel@tonic-gate #endif /* KRB5_DNS_LOOKUP */
5157c478bd9Sstevel@tonic-gate
5167c478bd9Sstevel@tonic-gate if ((params.mask & KADM5_CONFIG_ADMIN_SERVER) && dnsret) {
5177c478bd9Sstevel@tonic-gate char *p;
51856a424ccSmp153739 p = strchr(params.admin_server, ':');
51956a424ccSmp153739 if (p) {
5207c478bd9Sstevel@tonic-gate params.kadmind_port = atoi(p+1);
5217c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KADMIND_PORT;
5227c478bd9Sstevel@tonic-gate *p = '\0';
5237c478bd9Sstevel@tonic-gate }
5247c478bd9Sstevel@tonic-gate }
5257c478bd9Sstevel@tonic-gate
5267c478bd9Sstevel@tonic-gate /* Get the value for the database */
5277c478bd9Sstevel@tonic-gate hierarchy[2] = "database_name";
5287c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_DBNAME) {
5297c478bd9Sstevel@tonic-gate params.dbname = strdup(params_in->dbname);
5307c478bd9Sstevel@tonic-gate if (params.dbname)
5317c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_DBNAME;
5327c478bd9Sstevel@tonic-gate } else if (aprofile &&
5337c478bd9Sstevel@tonic-gate !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
5347c478bd9Sstevel@tonic-gate params.dbname = svalue;
5357c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_DBNAME;
5367c478bd9Sstevel@tonic-gate } else {
5377c478bd9Sstevel@tonic-gate params.dbname = strdup(DEFAULT_KDB_FILE);
5387c478bd9Sstevel@tonic-gate if (params.dbname)
5397c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_DBNAME;
5407c478bd9Sstevel@tonic-gate }
5417c478bd9Sstevel@tonic-gate
5427c478bd9Sstevel@tonic-gate /*
5437c478bd9Sstevel@tonic-gate * admin database name and lockfile are now always derived from dbname
5447c478bd9Sstevel@tonic-gate */
5457c478bd9Sstevel@tonic-gate if (params.mask & KADM5_CONFIG_DBNAME) {
54656a424ccSmp153739 params.admin_dbname = (char *) malloc(strlen(params.dbname) + 7);
5477c478bd9Sstevel@tonic-gate if (params.admin_dbname) {
54856a424ccSmp153739 sprintf(params.admin_dbname, "%s.kadm5", params.dbname);
5497c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ADBNAME;
5507c478bd9Sstevel@tonic-gate }
5517c478bd9Sstevel@tonic-gate }
5527c478bd9Sstevel@tonic-gate
5537c478bd9Sstevel@tonic-gate if (params.mask & KADM5_CONFIG_ADBNAME) {
55456a424ccSmp153739 params.admin_lockfile = (char *) malloc(strlen(params.admin_dbname)
55556a424ccSmp153739 + 6);
5567c478bd9Sstevel@tonic-gate if (params.admin_lockfile) {
55756a424ccSmp153739 sprintf(params.admin_lockfile, "%s.lock", params.admin_dbname);
5587c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ADB_LOCKFILE;
5597c478bd9Sstevel@tonic-gate }
5607c478bd9Sstevel@tonic-gate }
5617c478bd9Sstevel@tonic-gate
5627c478bd9Sstevel@tonic-gate /* Get the value for the admin (policy) database lock file*/
5637c478bd9Sstevel@tonic-gate hierarchy[2] = "admin_keytab";
5647c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_ADMIN_KEYTAB) {
5657c478bd9Sstevel@tonic-gate params.admin_keytab = strdup(params_in->admin_keytab);
5667c478bd9Sstevel@tonic-gate if (params.admin_keytab)
5677c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ADMIN_KEYTAB;
5687c478bd9Sstevel@tonic-gate } else if (aprofile &&
5697c478bd9Sstevel@tonic-gate !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
5707c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ADMIN_KEYTAB;
5717c478bd9Sstevel@tonic-gate params.admin_keytab = svalue;
57256a424ccSmp153739 } else if ((params.admin_keytab = (char *) getenv("KRB5_KTNAME"))) {
5737c478bd9Sstevel@tonic-gate params.admin_keytab = strdup(params.admin_keytab);
5747c478bd9Sstevel@tonic-gate if (params.admin_keytab)
5757c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ADMIN_KEYTAB;
5767c478bd9Sstevel@tonic-gate } else {
5777c478bd9Sstevel@tonic-gate params.admin_keytab = strdup(DEFAULT_KADM5_KEYTAB);
5787c478bd9Sstevel@tonic-gate if (params.admin_keytab)
5797c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ADMIN_KEYTAB;
5807c478bd9Sstevel@tonic-gate }
5817c478bd9Sstevel@tonic-gate
5827c478bd9Sstevel@tonic-gate /* Get the name of the acl file */
5837c478bd9Sstevel@tonic-gate hierarchy[2] = "acl_file";
5847c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_ACL_FILE) {
5857c478bd9Sstevel@tonic-gate params.acl_file = strdup(params_in->acl_file);
5867c478bd9Sstevel@tonic-gate if (params.acl_file)
5877c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ACL_FILE;
5887c478bd9Sstevel@tonic-gate } else if (aprofile &&
5897c478bd9Sstevel@tonic-gate !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
5907c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ACL_FILE;
5917c478bd9Sstevel@tonic-gate params.acl_file = svalue;
5927c478bd9Sstevel@tonic-gate } else {
5937c478bd9Sstevel@tonic-gate params.acl_file = strdup(DEFAULT_KADM5_ACL_FILE);
5947c478bd9Sstevel@tonic-gate if (params.acl_file)
5957c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ACL_FILE;
5967c478bd9Sstevel@tonic-gate }
5977c478bd9Sstevel@tonic-gate
5987c478bd9Sstevel@tonic-gate /* Get the name of the dict file */
5997c478bd9Sstevel@tonic-gate hierarchy[2] = "dict_file";
6007c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_DICT_FILE) {
6017c478bd9Sstevel@tonic-gate params.dict_file = strdup(params_in->dict_file);
6027c478bd9Sstevel@tonic-gate if (params.dict_file)
6037c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_DICT_FILE;
6047c478bd9Sstevel@tonic-gate } else if (aprofile &&
6057c478bd9Sstevel@tonic-gate !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
6067c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_DICT_FILE;
6077c478bd9Sstevel@tonic-gate params.dict_file = svalue;
6087c478bd9Sstevel@tonic-gate }
6097c478bd9Sstevel@tonic-gate
6107c478bd9Sstevel@tonic-gate /* Get the value for the kadmind port */
6117c478bd9Sstevel@tonic-gate if (! (params.mask & KADM5_CONFIG_KADMIND_PORT)) {
6127c478bd9Sstevel@tonic-gate hierarchy[2] = "kadmind_port";
6137c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_KADMIND_PORT) {
6147c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KADMIND_PORT;
6157c478bd9Sstevel@tonic-gate params.kadmind_port = params_in->kadmind_port;
6167c478bd9Sstevel@tonic-gate } else if (aprofile &&
6177c478bd9Sstevel@tonic-gate !krb5_aprof_get_int32(aprofile, hierarchy, TRUE,
6187c478bd9Sstevel@tonic-gate &ivalue)) {
6197c478bd9Sstevel@tonic-gate params.kadmind_port = ivalue;
6207c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KADMIND_PORT;
6217c478bd9Sstevel@tonic-gate } else {
6227c478bd9Sstevel@tonic-gate params.kadmind_port = DEFAULT_KADM5_PORT;
6237c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KADMIND_PORT;
6247c478bd9Sstevel@tonic-gate }
6257c478bd9Sstevel@tonic-gate }
6267c478bd9Sstevel@tonic-gate
62756a424ccSmp153739 /* Get the value for the kpasswd port */
62856a424ccSmp153739 if (! (params.mask & KADM5_CONFIG_KPASSWD_PORT)) {
62956a424ccSmp153739 hierarchy[2] = "kpasswd_port";
63056a424ccSmp153739 if (params_in->mask & KADM5_CONFIG_KPASSWD_PORT) {
63156a424ccSmp153739 params.mask |= KADM5_CONFIG_KPASSWD_PORT;
63256a424ccSmp153739 params.kpasswd_port = params_in->kpasswd_port;
63356a424ccSmp153739 } else if (aprofile &&
63456a424ccSmp153739 !krb5_aprof_get_int32(aprofile, hierarchy, TRUE,
63556a424ccSmp153739 &ivalue)) {
63656a424ccSmp153739 params.kpasswd_port = ivalue;
63756a424ccSmp153739 params.mask |= KADM5_CONFIG_KPASSWD_PORT;
63856a424ccSmp153739 } else {
63956a424ccSmp153739 params.kpasswd_port = DEFAULT_KPASSWD_PORT;
64056a424ccSmp153739 params.mask |= KADM5_CONFIG_KPASSWD_PORT;
64156a424ccSmp153739 }
64256a424ccSmp153739 }
64356a424ccSmp153739
6447c478bd9Sstevel@tonic-gate /* Get the value for the master key name */
6457c478bd9Sstevel@tonic-gate hierarchy[2] = "master_key_name";
6467c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_MKEY_NAME) {
6477c478bd9Sstevel@tonic-gate params.mkey_name = strdup(params_in->mkey_name);
6487c478bd9Sstevel@tonic-gate if (params.mkey_name)
6497c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_MKEY_NAME;
6507c478bd9Sstevel@tonic-gate } else if (aprofile &&
6517c478bd9Sstevel@tonic-gate !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
6527c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_MKEY_NAME;
6537c478bd9Sstevel@tonic-gate params.mkey_name = svalue;
6547c478bd9Sstevel@tonic-gate }
6557c478bd9Sstevel@tonic-gate
6567c478bd9Sstevel@tonic-gate /* Get the value for the master key type */
6577c478bd9Sstevel@tonic-gate hierarchy[2] = "master_key_type";
6587c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_ENCTYPE) {
6597c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ENCTYPE;
6607c478bd9Sstevel@tonic-gate params.enctype = params_in->enctype;
6617c478bd9Sstevel@tonic-gate } else if (aprofile &&
6627c478bd9Sstevel@tonic-gate !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
6637c478bd9Sstevel@tonic-gate if (!krb5_string_to_enctype(svalue, ¶ms.enctype)) {
6647c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ENCTYPE;
6657c478bd9Sstevel@tonic-gate krb5_xfree(svalue);
6667c478bd9Sstevel@tonic-gate }
6677c478bd9Sstevel@tonic-gate } else {
6687c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ENCTYPE;
6697c478bd9Sstevel@tonic-gate params.enctype = DEFAULT_KDC_ENCTYPE;
6707c478bd9Sstevel@tonic-gate }
6717c478bd9Sstevel@tonic-gate
6727c478bd9Sstevel@tonic-gate /* Get the value for mkey_from_kbd */
6737c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_MKEY_FROM_KBD) {
6747c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
6757c478bd9Sstevel@tonic-gate params.mkey_from_kbd = params_in->mkey_from_kbd;
6767c478bd9Sstevel@tonic-gate }
6777c478bd9Sstevel@tonic-gate
6787c478bd9Sstevel@tonic-gate /* Get the value for the stashfile */
6797c478bd9Sstevel@tonic-gate hierarchy[2] = "key_stash_file";
6807c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_STASH_FILE) {
6817c478bd9Sstevel@tonic-gate params.stash_file = strdup(params_in->stash_file);
6827c478bd9Sstevel@tonic-gate if (params.stash_file)
6837c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_STASH_FILE;
6847c478bd9Sstevel@tonic-gate } else if (aprofile &&
6857c478bd9Sstevel@tonic-gate !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
6867c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_STASH_FILE;
6877c478bd9Sstevel@tonic-gate params.stash_file = svalue;
6887c478bd9Sstevel@tonic-gate }
6897c478bd9Sstevel@tonic-gate
6907c478bd9Sstevel@tonic-gate /*
691*159d09a2SMark Phalan * Solaris Kerberos
6927c478bd9Sstevel@tonic-gate * Get the value for maximum ticket lifetime.
6937c478bd9Sstevel@tonic-gate * See SEAM documentation or the Bug ID 4184504
6947c478bd9Sstevel@tonic-gate * We have changed the logic so that the entries are
6957c478bd9Sstevel@tonic-gate * created in the database with the maximum duration
6967c478bd9Sstevel@tonic-gate * for life and renew life KRB5_INT32_MAX
6977c478bd9Sstevel@tonic-gate * However this wil get negotiated down when
6987c478bd9Sstevel@tonic-gate * as or tgs request is processed by KDC.
6997c478bd9Sstevel@tonic-gate */
7007c478bd9Sstevel@tonic-gate hierarchy[2] = "max_life";
7017c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_MAX_LIFE) {
7027c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_MAX_LIFE;
7037c478bd9Sstevel@tonic-gate params.max_life = params_in->max_life;
7047c478bd9Sstevel@tonic-gate } else {
7057c478bd9Sstevel@tonic-gate params.max_life = KRB5_INT32_MAX;
70656a424ccSmp153739 params.mask |= KADM5_CONFIG_MAX_LIFE;
7077c478bd9Sstevel@tonic-gate }
7087c478bd9Sstevel@tonic-gate
7097c478bd9Sstevel@tonic-gate /* Get the value for maximum renewable ticket lifetime. */
7107c478bd9Sstevel@tonic-gate hierarchy[2] = "max_renewable_life";
7117c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_MAX_RLIFE) {
7127c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_MAX_RLIFE;
7137c478bd9Sstevel@tonic-gate params.max_rlife = params_in->max_rlife;
7147c478bd9Sstevel@tonic-gate } else {
7157c478bd9Sstevel@tonic-gate params.max_rlife = KRB5_INT32_MAX;
71656a424ccSmp153739 params.mask |= KADM5_CONFIG_MAX_RLIFE;
7177c478bd9Sstevel@tonic-gate }
7187c478bd9Sstevel@tonic-gate
7197c478bd9Sstevel@tonic-gate /* Get the value for the default principal expiration */
7207c478bd9Sstevel@tonic-gate hierarchy[2] = "default_principal_expiration";
7217c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_EXPIRATION) {
7227c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_EXPIRATION;
7237c478bd9Sstevel@tonic-gate params.expiration = params_in->expiration;
7247c478bd9Sstevel@tonic-gate } else if (aprofile &&
7257c478bd9Sstevel@tonic-gate !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
7267c478bd9Sstevel@tonic-gate if (!krb5_string_to_timestamp(svalue, ¶ms.expiration)) {
7277c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_EXPIRATION;
7287c478bd9Sstevel@tonic-gate krb5_xfree(svalue);
7297c478bd9Sstevel@tonic-gate }
7307c478bd9Sstevel@tonic-gate } else {
7317c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_EXPIRATION;
7327c478bd9Sstevel@tonic-gate params.expiration = 0;
7337c478bd9Sstevel@tonic-gate }
7347c478bd9Sstevel@tonic-gate
7357c478bd9Sstevel@tonic-gate /* Get the value for the default principal flags */
7367c478bd9Sstevel@tonic-gate hierarchy[2] = "default_principal_flags";
7377c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_FLAGS) {
7387c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_FLAGS;
7397c478bd9Sstevel@tonic-gate params.flags = params_in->flags;
7407c478bd9Sstevel@tonic-gate } else if (aprofile &&
7417c478bd9Sstevel@tonic-gate !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
7427c478bd9Sstevel@tonic-gate char *sp, *ep, *tp;
7437c478bd9Sstevel@tonic-gate
7447c478bd9Sstevel@tonic-gate sp = svalue;
7457c478bd9Sstevel@tonic-gate params.flags = 0;
7467c478bd9Sstevel@tonic-gate while (sp) {
7477c478bd9Sstevel@tonic-gate if ((ep = strchr(sp, (int) ',')) ||
7487c478bd9Sstevel@tonic-gate (ep = strchr(sp, (int) ' ')) ||
7497c478bd9Sstevel@tonic-gate (ep = strchr(sp, (int) '\t'))) {
7507c478bd9Sstevel@tonic-gate /* Fill in trailing whitespace of sp */
7517c478bd9Sstevel@tonic-gate tp = ep - 1;
75256a424ccSmp153739 while (isspace((int) *tp) && (tp > sp)) {
7537c478bd9Sstevel@tonic-gate *tp = '\0';
7547c478bd9Sstevel@tonic-gate tp--;
7557c478bd9Sstevel@tonic-gate }
7567c478bd9Sstevel@tonic-gate *ep = '\0';
7577c478bd9Sstevel@tonic-gate ep++;
7587c478bd9Sstevel@tonic-gate /* Skip over trailing whitespace of ep */
75956a424ccSmp153739 while (isspace((int) *ep) && (*ep)) ep++;
7607c478bd9Sstevel@tonic-gate }
7617c478bd9Sstevel@tonic-gate /* Convert this flag */
7627c478bd9Sstevel@tonic-gate if (krb5_string_to_flags(sp,
7637c478bd9Sstevel@tonic-gate "+",
7647c478bd9Sstevel@tonic-gate "-",
7657c478bd9Sstevel@tonic-gate ¶ms.flags))
7667c478bd9Sstevel@tonic-gate break;
7677c478bd9Sstevel@tonic-gate sp = ep;
7687c478bd9Sstevel@tonic-gate }
7697c478bd9Sstevel@tonic-gate if (!sp)
7707c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_FLAGS;
7717c478bd9Sstevel@tonic-gate krb5_xfree(svalue);
7727c478bd9Sstevel@tonic-gate } else {
7737c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_FLAGS;
7747c478bd9Sstevel@tonic-gate params.flags = KRB5_KDB_DEF_FLAGS;
7757c478bd9Sstevel@tonic-gate }
7767c478bd9Sstevel@tonic-gate
7777c478bd9Sstevel@tonic-gate /* Get the value for the supported enctype/salttype matrix */
7787c478bd9Sstevel@tonic-gate hierarchy[2] = "supported_enctypes";
7797c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_ENCTYPES) {
7807c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ENCTYPES;
7817c478bd9Sstevel@tonic-gate if (params_in->num_keysalts > 0) {
7827c478bd9Sstevel@tonic-gate params.keysalts = malloc(params_in->num_keysalts *
7837c478bd9Sstevel@tonic-gate sizeof (*params.keysalts));
7847c478bd9Sstevel@tonic-gate if (params.keysalts == NULL) {
7857c478bd9Sstevel@tonic-gate kret = ENOMEM;
7867c478bd9Sstevel@tonic-gate goto cleanup;
7877c478bd9Sstevel@tonic-gate }
7887c478bd9Sstevel@tonic-gate (void) memcpy(params.keysalts, params_in->keysalts,
7897c478bd9Sstevel@tonic-gate (params_in->num_keysalts *
7907c478bd9Sstevel@tonic-gate sizeof (*params.keysalts)));
7917c478bd9Sstevel@tonic-gate params.num_keysalts = params_in->num_keysalts;
7927c478bd9Sstevel@tonic-gate }
7937c478bd9Sstevel@tonic-gate } else {
7947c478bd9Sstevel@tonic-gate svalue = NULL;
7957c478bd9Sstevel@tonic-gate if (aprofile)
79656a424ccSmp153739 krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue);
7977c478bd9Sstevel@tonic-gate if (svalue == NULL)
7987c478bd9Sstevel@tonic-gate svalue = strdup(DEFAULT_ENCTYPE_LIST);
7997c478bd9Sstevel@tonic-gate
8007c478bd9Sstevel@tonic-gate params.keysalts = NULL;
8017c478bd9Sstevel@tonic-gate params.num_keysalts = 0;
8027c478bd9Sstevel@tonic-gate krb5_string_to_keysalts(svalue,
8037c478bd9Sstevel@tonic-gate ", \t",/* Tuple separators */
8047c478bd9Sstevel@tonic-gate ":.-", /* Key/salt separators */
8057c478bd9Sstevel@tonic-gate 0, /* No duplicates */
8067c478bd9Sstevel@tonic-gate ¶ms.keysalts,
8077c478bd9Sstevel@tonic-gate ¶ms.num_keysalts);
8087c478bd9Sstevel@tonic-gate if (params.num_keysalts)
8097c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ENCTYPES;
8107c478bd9Sstevel@tonic-gate
8117c478bd9Sstevel@tonic-gate if (svalue)
8127c478bd9Sstevel@tonic-gate krb5_xfree(svalue);
8137c478bd9Sstevel@tonic-gate }
8147c478bd9Sstevel@tonic-gate
8157c478bd9Sstevel@tonic-gate hierarchy[2] = "kpasswd_server";
8167c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_KPASSWD_SERVER) {
8177c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KPASSWD_SERVER;
8187c478bd9Sstevel@tonic-gate params.kpasswd_server = strdup(params_in->kpasswd_server);
8197c478bd9Sstevel@tonic-gate } else {
8207c478bd9Sstevel@tonic-gate svalue = NULL;
8217c478bd9Sstevel@tonic-gate
8227c478bd9Sstevel@tonic-gate if (aprofile)
8237c478bd9Sstevel@tonic-gate krb5_aprof_get_string(aprofile, hierarchy,
8247c478bd9Sstevel@tonic-gate TRUE, &svalue);
8257c478bd9Sstevel@tonic-gate if (svalue == NULL) {
8267c478bd9Sstevel@tonic-gate #ifdef KRB5_DNS_LOOKUP
8277c478bd9Sstevel@tonic-gate if (strcmp(envname, "KRB5_CONFIG") == 0) {
8287c478bd9Sstevel@tonic-gate /*
8297c478bd9Sstevel@tonic-gate * Solaris Kerberos: only do DNS lookup for
8307c478bd9Sstevel@tonic-gate * kpasswd_server if this is a krb5.conf type of
8317c478bd9Sstevel@tonic-gate * config file. Note, the filename may not be
8327c478bd9Sstevel@tonic-gate * /etc/krb5/krb5.conf so we assume that the
8337c478bd9Sstevel@tonic-gate * KRB5_CONFIG envname string will consistently
8347c478bd9Sstevel@tonic-gate * indicate the type of config file.
8357c478bd9Sstevel@tonic-gate */
8367c478bd9Sstevel@tonic-gate dnsret = krb5_get_servername(context,
8377c478bd9Sstevel@tonic-gate &dns_realm, "_kpasswd", "_udp",
8387c478bd9Sstevel@tonic-gate dns_host, &dns_portno);
8397c478bd9Sstevel@tonic-gate
8407c478bd9Sstevel@tonic-gate if (dnsret == 0) {
8417c478bd9Sstevel@tonic-gate params.kpasswd_server =
8427c478bd9Sstevel@tonic-gate strdup(dns_host);
8437c478bd9Sstevel@tonic-gate if (params.kpasswd_server) {
8447c478bd9Sstevel@tonic-gate params.mask |=
8457c478bd9Sstevel@tonic-gate KADM5_CONFIG_KPASSWD_SERVER;
8467c478bd9Sstevel@tonic-gate }
8477c478bd9Sstevel@tonic-gate params.kpasswd_port = dns_portno;
8487c478bd9Sstevel@tonic-gate params.mask |=
8497c478bd9Sstevel@tonic-gate KADM5_CONFIG_KPASSWD_PORT;
8507c478bd9Sstevel@tonic-gate }
8517c478bd9Sstevel@tonic-gate }
8527c478bd9Sstevel@tonic-gate #endif /* KRB5_DNS_LOOKUP */
8537c478bd9Sstevel@tonic-gate
8547c478bd9Sstevel@tonic-gate /*
8557c478bd9Sstevel@tonic-gate * If a unique 'kpasswd_server' is not specified,
8567c478bd9Sstevel@tonic-gate * use the normal 'admin_server'.
8577c478bd9Sstevel@tonic-gate */
8587c478bd9Sstevel@tonic-gate if ((params.mask & KADM5_CONFIG_ADMIN_SERVER) &&
8597c478bd9Sstevel@tonic-gate dnsret) {
8607c478bd9Sstevel@tonic-gate params.kpasswd_server =
8617c478bd9Sstevel@tonic-gate strdup(params.admin_server);
8627c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KPASSWD_SERVER;
8637c478bd9Sstevel@tonic-gate }
8647c478bd9Sstevel@tonic-gate } else {
8657c478bd9Sstevel@tonic-gate char *p;
8667c478bd9Sstevel@tonic-gate params.kpasswd_server = svalue;
8677c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KPASSWD_SERVER;
8687c478bd9Sstevel@tonic-gate
8697c478bd9Sstevel@tonic-gate if ((p = strchr(params.kpasswd_server, ':'))) {
8707c478bd9Sstevel@tonic-gate params.kpasswd_port = atoi(p+1);
8717c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KPASSWD_PORT;
8727c478bd9Sstevel@tonic-gate *p = '\0';
8737c478bd9Sstevel@tonic-gate }
8747c478bd9Sstevel@tonic-gate }
8757c478bd9Sstevel@tonic-gate }
8767c478bd9Sstevel@tonic-gate
8777c478bd9Sstevel@tonic-gate hierarchy[2] = "kpasswd_protocol";
8787c478bd9Sstevel@tonic-gate
8797c478bd9Sstevel@tonic-gate /* default to current RPCSEC_GSS protocol */
8807c478bd9Sstevel@tonic-gate params.kpasswd_protocol = KRB5_CHGPWD_RPCSEC;
8817c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KPASSWD_PROTOCOL;
8827c478bd9Sstevel@tonic-gate
8837c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_KPASSWD_PROTOCOL) {
8847c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KPASSWD_PROTOCOL;
8857c478bd9Sstevel@tonic-gate params.kpasswd_protocol = params_in->kpasswd_protocol;
8867c478bd9Sstevel@tonic-gate } else {
8877c478bd9Sstevel@tonic-gate svalue = NULL;
8887c478bd9Sstevel@tonic-gate
8897c478bd9Sstevel@tonic-gate if (aprofile)
8907c478bd9Sstevel@tonic-gate krb5_aprof_get_string(aprofile, hierarchy,
8917c478bd9Sstevel@tonic-gate TRUE, &svalue);
8927c478bd9Sstevel@tonic-gate if (svalue != NULL) {
8937c478bd9Sstevel@tonic-gate if (strcasecmp(svalue, "RPCSEC_GSS") == 0) {
8947c478bd9Sstevel@tonic-gate params.kpasswd_protocol = KRB5_CHGPWD_RPCSEC;
8957c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KPASSWD_PROTOCOL;
8967c478bd9Sstevel@tonic-gate } else if (strcasecmp(svalue, "SET_CHANGE") == 0) {
8977c478bd9Sstevel@tonic-gate params.kpasswd_protocol =
8987c478bd9Sstevel@tonic-gate KRB5_CHGPWD_CHANGEPW_V2;
8997c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KPASSWD_PROTOCOL;
9007c478bd9Sstevel@tonic-gate }
9017c478bd9Sstevel@tonic-gate }
9027c478bd9Sstevel@tonic-gate if (svalue)
9037c478bd9Sstevel@tonic-gate krb5_xfree(svalue);
9047c478bd9Sstevel@tonic-gate }
9057c478bd9Sstevel@tonic-gate
9067c478bd9Sstevel@tonic-gate /*
9077c478bd9Sstevel@tonic-gate * If the kpasswd_port is not yet defined, define it now.
9087c478bd9Sstevel@tonic-gate */
9097c478bd9Sstevel@tonic-gate if (! (params.mask & KADM5_CONFIG_KPASSWD_PORT)) {
9107c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_KPASSWD_PORT)
9117c478bd9Sstevel@tonic-gate params.kpasswd_port = params_in->kpasswd_port;
9127c478bd9Sstevel@tonic-gate /*
9137c478bd9Sstevel@tonic-gate * If kpasswd_port is not explicitly defined,
9147c478bd9Sstevel@tonic-gate * determine the port to use based on the protocol.
9157c478bd9Sstevel@tonic-gate * The alternative protocol uses a different port
9167c478bd9Sstevel@tonic-gate * than the standard admind port.
9177c478bd9Sstevel@tonic-gate */
9187c478bd9Sstevel@tonic-gate else if (params.kpasswd_protocol == KRB5_CHGPWD_RPCSEC) {
9197c478bd9Sstevel@tonic-gate params.kpasswd_port = DEFAULT_KADM5_PORT;
9207c478bd9Sstevel@tonic-gate } else {
9217c478bd9Sstevel@tonic-gate /*
9227c478bd9Sstevel@tonic-gate * When using the Horowitz/IETF protocol for
9237c478bd9Sstevel@tonic-gate * password changing, the default port is 464
9247c478bd9Sstevel@tonic-gate * (officially recognized by IANA).
9257c478bd9Sstevel@tonic-gate */
9267c478bd9Sstevel@tonic-gate params.kpasswd_port = DEFAULT_KPASSWD_PORT;
9277c478bd9Sstevel@tonic-gate }
9287c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KPASSWD_PORT;
9297c478bd9Sstevel@tonic-gate }
9307c478bd9Sstevel@tonic-gate
9317c478bd9Sstevel@tonic-gate hierarchy[2] = "sunw_dbprop_enable";
9327c478bd9Sstevel@tonic-gate
9337c478bd9Sstevel@tonic-gate params.iprop_enabled = FALSE;
9347c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_IPROP_ENABLED;
9357c478bd9Sstevel@tonic-gate
9367c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_IPROP_ENABLED) {
9377c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_IPROP_ENABLED;
9387c478bd9Sstevel@tonic-gate params.iprop_enabled = params_in->iprop_enabled;
9397c478bd9Sstevel@tonic-gate } else {
9407c478bd9Sstevel@tonic-gate if (aprofile && !krb5_aprof_get_string(aprofile, hierarchy,
9417c478bd9Sstevel@tonic-gate TRUE, &svalue)) {
9427c478bd9Sstevel@tonic-gate if (strncasecmp(svalue, "Y", 1) == 0)
9437c478bd9Sstevel@tonic-gate params.iprop_enabled = TRUE;
9447c478bd9Sstevel@tonic-gate if (strncasecmp(svalue, "true", 4) == 0)
9457c478bd9Sstevel@tonic-gate params.iprop_enabled = TRUE;
9467c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_IPROP_ENABLED;
9477c478bd9Sstevel@tonic-gate krb5_xfree(svalue);
9487c478bd9Sstevel@tonic-gate }
9497c478bd9Sstevel@tonic-gate }
9507c478bd9Sstevel@tonic-gate
9517c478bd9Sstevel@tonic-gate hierarchy[2] = "sunw_dbprop_master_ulogsize";
9527c478bd9Sstevel@tonic-gate
9537c478bd9Sstevel@tonic-gate params.iprop_ulogsize = DEF_ULOGENTRIES;
9547c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ULOG_SIZE;
9557c478bd9Sstevel@tonic-gate
9567c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_ULOG_SIZE) {
9577c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ULOG_SIZE;
9587c478bd9Sstevel@tonic-gate params.iprop_ulogsize = params_in->iprop_ulogsize;
9597c478bd9Sstevel@tonic-gate } else {
9607c478bd9Sstevel@tonic-gate if (aprofile && !krb5_aprof_get_int32(aprofile, hierarchy,
9617c478bd9Sstevel@tonic-gate TRUE, &ivalue)) {
9627c478bd9Sstevel@tonic-gate if (ivalue > MAX_ULOGENTRIES)
9637c478bd9Sstevel@tonic-gate params.iprop_ulogsize = MAX_ULOGENTRIES;
9647c478bd9Sstevel@tonic-gate else if (ivalue <= 0)
9657c478bd9Sstevel@tonic-gate params.iprop_ulogsize = DEF_ULOGENTRIES;
9667c478bd9Sstevel@tonic-gate else
9677c478bd9Sstevel@tonic-gate params.iprop_ulogsize = ivalue;
9687c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ULOG_SIZE;
9697c478bd9Sstevel@tonic-gate }
9707c478bd9Sstevel@tonic-gate }
9717c478bd9Sstevel@tonic-gate
9727c478bd9Sstevel@tonic-gate hierarchy[2] = "sunw_dbprop_slave_poll";
9737c478bd9Sstevel@tonic-gate
9747c64d375Smp153739 params.iprop_polltime = strdup("2m");
9757c64d375Smp153739 if (params.iprop_polltime)
9767c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_POLL_TIME;
9777c478bd9Sstevel@tonic-gate
9787c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_POLL_TIME) {
9797c64d375Smp153739 if (params.iprop_polltime)
9807c64d375Smp153739 free(params.iprop_polltime);
9817c478bd9Sstevel@tonic-gate params.iprop_polltime = strdup(params_in->iprop_polltime);
9827c478bd9Sstevel@tonic-gate if (params.iprop_polltime)
9837c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_POLL_TIME;
9847c478bd9Sstevel@tonic-gate } else {
9857c478bd9Sstevel@tonic-gate if (aprofile && !krb5_aprof_get_string(aprofile, hierarchy,
9867c478bd9Sstevel@tonic-gate TRUE, &svalue)) {
9877c64d375Smp153739 if (params.iprop_polltime)
9887c64d375Smp153739 free(params.iprop_polltime);
9897c478bd9Sstevel@tonic-gate params.iprop_polltime = strdup(svalue);
9907c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_POLL_TIME;
9917c478bd9Sstevel@tonic-gate krb5_xfree(svalue);
9927c478bd9Sstevel@tonic-gate }
9937c478bd9Sstevel@tonic-gate }
9947c478bd9Sstevel@tonic-gate
9957c478bd9Sstevel@tonic-gate *params_out = params;
9967c478bd9Sstevel@tonic-gate
9977c478bd9Sstevel@tonic-gate cleanup:
9987c478bd9Sstevel@tonic-gate if (aprofile)
9997c478bd9Sstevel@tonic-gate krb5_aprof_finish(aprofile);
10007c478bd9Sstevel@tonic-gate if (kret) {
100156a424ccSmp153739 kadm5_free_config_params(context, ¶ms);
10027c478bd9Sstevel@tonic-gate params_out->mask = 0;
10037c478bd9Sstevel@tonic-gate }
10047c478bd9Sstevel@tonic-gate #ifdef KRB5_DNS_LOOKUP
10057c478bd9Sstevel@tonic-gate if (dns_realm.data)
10067c478bd9Sstevel@tonic-gate free(dns_realm.data);
10077c478bd9Sstevel@tonic-gate #endif /* KRB5_DNS_LOOKUP */
10087c478bd9Sstevel@tonic-gate
10097c478bd9Sstevel@tonic-gate return(kret);
10107c478bd9Sstevel@tonic-gate }
10117c478bd9Sstevel@tonic-gate /*
10127c478bd9Sstevel@tonic-gate * kadm5_free_config_params() - Free data allocated by above.
10137c478bd9Sstevel@tonic-gate */
10147c478bd9Sstevel@tonic-gate /*ARGSUSED*/
10157c478bd9Sstevel@tonic-gate krb5_error_code
kadm5_free_config_params(context,params)10167c478bd9Sstevel@tonic-gate kadm5_free_config_params(context, params)
10177c478bd9Sstevel@tonic-gate krb5_context context;
10187c478bd9Sstevel@tonic-gate kadm5_config_params *params;
10197c478bd9Sstevel@tonic-gate {
10207c478bd9Sstevel@tonic-gate if (params) {
10217c478bd9Sstevel@tonic-gate if (params->dbname) {
10227c478bd9Sstevel@tonic-gate krb5_xfree(params->dbname);
10237c478bd9Sstevel@tonic-gate params->dbname = NULL;
10247c478bd9Sstevel@tonic-gate }
10257c478bd9Sstevel@tonic-gate if (params->mkey_name) {
10267c478bd9Sstevel@tonic-gate krb5_xfree(params->mkey_name);
10277c478bd9Sstevel@tonic-gate params->mkey_name = NULL;
10287c478bd9Sstevel@tonic-gate }
10297c478bd9Sstevel@tonic-gate if (params->stash_file) {
10307c478bd9Sstevel@tonic-gate krb5_xfree(params->stash_file);
10317c478bd9Sstevel@tonic-gate params->stash_file = NULL;
10327c478bd9Sstevel@tonic-gate }
10337c478bd9Sstevel@tonic-gate if (params->keysalts) {
10347c478bd9Sstevel@tonic-gate krb5_xfree(params->keysalts);
10357c478bd9Sstevel@tonic-gate params->keysalts = NULL;
10367c478bd9Sstevel@tonic-gate params->num_keysalts = 0;
10377c478bd9Sstevel@tonic-gate }
10387c478bd9Sstevel@tonic-gate if (params->admin_keytab) {
10397c478bd9Sstevel@tonic-gate free(params->admin_keytab);
10407c478bd9Sstevel@tonic-gate params->admin_keytab = NULL;
10417c478bd9Sstevel@tonic-gate }
10427c478bd9Sstevel@tonic-gate if (params->dict_file) {
10437c478bd9Sstevel@tonic-gate free(params->dict_file);
10447c478bd9Sstevel@tonic-gate params->dict_file = NULL;
10457c478bd9Sstevel@tonic-gate }
10467c478bd9Sstevel@tonic-gate if (params->acl_file) {
10477c478bd9Sstevel@tonic-gate free(params->acl_file);
10487c478bd9Sstevel@tonic-gate params->acl_file = NULL;
10497c478bd9Sstevel@tonic-gate }
10507c478bd9Sstevel@tonic-gate if (params->realm) {
10517c478bd9Sstevel@tonic-gate free(params->realm);
10527c478bd9Sstevel@tonic-gate params->realm = NULL;
10537c478bd9Sstevel@tonic-gate }
10547c478bd9Sstevel@tonic-gate if (params->admin_dbname) {
10557c478bd9Sstevel@tonic-gate free(params->admin_dbname);
10567c478bd9Sstevel@tonic-gate params->admin_dbname = NULL;
10577c478bd9Sstevel@tonic-gate }
10587c478bd9Sstevel@tonic-gate if (params->admin_lockfile) {
10597c478bd9Sstevel@tonic-gate free(params->admin_lockfile);
10607c478bd9Sstevel@tonic-gate params->admin_lockfile = NULL;
10617c478bd9Sstevel@tonic-gate }
10627c478bd9Sstevel@tonic-gate if (params->admin_server) {
10637c478bd9Sstevel@tonic-gate free(params->admin_server);
10647c478bd9Sstevel@tonic-gate params->admin_server = NULL;
10657c478bd9Sstevel@tonic-gate }
10667c478bd9Sstevel@tonic-gate if (params->kpasswd_server) {
10677c478bd9Sstevel@tonic-gate free(params->kpasswd_server);
10687c478bd9Sstevel@tonic-gate params->kpasswd_server = NULL;
10697c478bd9Sstevel@tonic-gate }
10707c64d375Smp153739 if (params->iprop_polltime) {
10717c64d375Smp153739 free(params->iprop_polltime);
10727c64d375Smp153739 params->iprop_polltime = NULL;
10737c64d375Smp153739 }
10747c478bd9Sstevel@tonic-gate }
10757c478bd9Sstevel@tonic-gate return (0);
10767c478bd9Sstevel@tonic-gate }
10777c478bd9Sstevel@tonic-gate
107856a424ccSmp153739 krb5_error_code
kadm5_get_admin_service_name(krb5_context ctx,char * realm_in,char * admin_name,size_t maxlen)107956a424ccSmp153739 kadm5_get_admin_service_name(krb5_context ctx,
108056a424ccSmp153739 char *realm_in,
108156a424ccSmp153739 char *admin_name,
108256a424ccSmp153739 size_t maxlen)
108356a424ccSmp153739 {
108456a424ccSmp153739 krb5_error_code ret;
108556a424ccSmp153739 kadm5_config_params params_in, params_out;
108656a424ccSmp153739 struct hostent *hp;
108756a424ccSmp153739
108856a424ccSmp153739 memset(¶ms_in, 0, sizeof(params_in));
108956a424ccSmp153739 memset(¶ms_out, 0, sizeof(params_out));
109056a424ccSmp153739
109156a424ccSmp153739 params_in.mask |= KADM5_CONFIG_REALM;
109256a424ccSmp153739 params_in.realm = realm_in;
1093*159d09a2SMark Phalan ret = kadm5_get_config_params(ctx, 0, ¶ms_in, ¶ms_out);
109456a424ccSmp153739 if (ret)
109556a424ccSmp153739 return ret;
109656a424ccSmp153739
109756a424ccSmp153739 if (!(params_out.mask & KADM5_CONFIG_ADMIN_SERVER)) {
109856a424ccSmp153739 ret = KADM5_MISSING_KRB5_CONF_PARAMS;
109956a424ccSmp153739 goto err_params;
110056a424ccSmp153739 }
110156a424ccSmp153739
110256a424ccSmp153739 hp = gethostbyname(params_out.admin_server);
110356a424ccSmp153739 if (hp == NULL) {
110456a424ccSmp153739 ret = errno;
110556a424ccSmp153739 goto err_params;
110656a424ccSmp153739 }
110756a424ccSmp153739 if (strlen(hp->h_name) + sizeof("kadmin/") > maxlen) {
110856a424ccSmp153739 ret = ENOMEM;
110956a424ccSmp153739 goto err_params;
111056a424ccSmp153739 }
111156a424ccSmp153739 sprintf(admin_name, "kadmin/%s", hp->h_name);
111256a424ccSmp153739
111356a424ccSmp153739 err_params:
111456a424ccSmp153739 kadm5_free_config_params(ctx, ¶ms_out);
111556a424ccSmp153739 return ret;
111656a424ccSmp153739 }
111756a424ccSmp153739
111856a424ccSmp153739 /***********************************************************************
11197c478bd9Sstevel@tonic-gate * This is the old krb5_realm_read_params, which I mutated into
11207c478bd9Sstevel@tonic-gate * kadm5_get_config_params but which old code (kdb5_* and krb5kdc)
11217c478bd9Sstevel@tonic-gate * still uses.
112256a424ccSmp153739 ***********************************************************************/
11237c478bd9Sstevel@tonic-gate
11247c478bd9Sstevel@tonic-gate /*
11257c478bd9Sstevel@tonic-gate * krb5_read_realm_params() - Read per-realm parameters from KDC
11267c478bd9Sstevel@tonic-gate * alternate profile.
11277c478bd9Sstevel@tonic-gate */
11287c478bd9Sstevel@tonic-gate krb5_error_code
krb5_read_realm_params(kcontext,realm,rparamp)1129*159d09a2SMark Phalan krb5_read_realm_params(kcontext, realm, rparamp)
11307c478bd9Sstevel@tonic-gate krb5_context kcontext;
11317c478bd9Sstevel@tonic-gate char *realm;
11327c478bd9Sstevel@tonic-gate krb5_realm_params **rparamp;
11337c478bd9Sstevel@tonic-gate {
11347c478bd9Sstevel@tonic-gate char *filename;
11357c478bd9Sstevel@tonic-gate char *envname;
11367c478bd9Sstevel@tonic-gate char *lrealm;
11377c478bd9Sstevel@tonic-gate krb5_pointer aprofile = 0;
11387c478bd9Sstevel@tonic-gate krb5_realm_params *rparams;
11397c478bd9Sstevel@tonic-gate const char *hierarchy[4];
11407c478bd9Sstevel@tonic-gate char *svalue;
11417c478bd9Sstevel@tonic-gate krb5_int32 ivalue;
114256a424ccSmp153739 krb5_boolean bvalue;
11437c478bd9Sstevel@tonic-gate krb5_deltat dtvalue;
11447c478bd9Sstevel@tonic-gate
1145*159d09a2SMark Phalan char *kdcprofile = 0;
1146*159d09a2SMark Phalan char *kdcenv = 0;
1147*159d09a2SMark Phalan
11487c478bd9Sstevel@tonic-gate krb5_error_code kret;
11497c478bd9Sstevel@tonic-gate
11507c478bd9Sstevel@tonic-gate filename = (kdcprofile) ? kdcprofile : DEFAULT_KDC_PROFILE;
11517c478bd9Sstevel@tonic-gate envname = (kdcenv) ? kdcenv : KDC_PROFILE_ENV;
11527c478bd9Sstevel@tonic-gate
11537c478bd9Sstevel@tonic-gate if (kcontext->profile_secure == TRUE) envname = 0;
11547c478bd9Sstevel@tonic-gate
11557c478bd9Sstevel@tonic-gate rparams = (krb5_realm_params *) NULL;
11567c478bd9Sstevel@tonic-gate if (realm)
11577c478bd9Sstevel@tonic-gate lrealm = strdup(realm);
11587c478bd9Sstevel@tonic-gate else {
11597c478bd9Sstevel@tonic-gate kret = krb5_get_default_realm(kcontext, &lrealm);
11607c478bd9Sstevel@tonic-gate if (kret)
11617c478bd9Sstevel@tonic-gate goto cleanup;
11627c478bd9Sstevel@tonic-gate }
11637c478bd9Sstevel@tonic-gate
11647c478bd9Sstevel@tonic-gate kret = krb5_aprof_init(filename, envname, &aprofile);
11657c478bd9Sstevel@tonic-gate if (kret)
11667c478bd9Sstevel@tonic-gate goto cleanup;
11677c478bd9Sstevel@tonic-gate
11687c478bd9Sstevel@tonic-gate rparams = (krb5_realm_params *) malloc(sizeof(krb5_realm_params));
11697c478bd9Sstevel@tonic-gate if (rparams == 0) {
11707c478bd9Sstevel@tonic-gate kret = ENOMEM;
11717c478bd9Sstevel@tonic-gate goto cleanup;
11727c478bd9Sstevel@tonic-gate }
11737c478bd9Sstevel@tonic-gate
11747c478bd9Sstevel@tonic-gate /* Initialize realm parameters */
11757c478bd9Sstevel@tonic-gate memset((char *) rparams, 0, sizeof(krb5_realm_params));
11767c478bd9Sstevel@tonic-gate
11777c478bd9Sstevel@tonic-gate /* Get the value for the database */
11787c478bd9Sstevel@tonic-gate hierarchy[0] = "realms";
11797c478bd9Sstevel@tonic-gate hierarchy[1] = lrealm;
11807c478bd9Sstevel@tonic-gate hierarchy[2] = "database_name";
11817c478bd9Sstevel@tonic-gate hierarchy[3] = (char *) NULL;
11827c478bd9Sstevel@tonic-gate if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
11837c478bd9Sstevel@tonic-gate rparams->realm_dbname = svalue;
11847c478bd9Sstevel@tonic-gate
11857c478bd9Sstevel@tonic-gate /* Get the value for the KDC port list */
11867c478bd9Sstevel@tonic-gate hierarchy[2] = "kdc_ports";
11877c478bd9Sstevel@tonic-gate if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
11887c478bd9Sstevel@tonic-gate rparams->realm_kdc_ports = svalue;
11897c478bd9Sstevel@tonic-gate hierarchy[2] = "kdc_tcp_ports";
11907c478bd9Sstevel@tonic-gate if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
11917c478bd9Sstevel@tonic-gate rparams->realm_kdc_tcp_ports = svalue;
11927c478bd9Sstevel@tonic-gate
11937c478bd9Sstevel@tonic-gate /* Get the name of the acl file */
11947c478bd9Sstevel@tonic-gate hierarchy[2] = "acl_file";
11957c478bd9Sstevel@tonic-gate if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
11967c478bd9Sstevel@tonic-gate rparams->realm_acl_file = svalue;
11977c478bd9Sstevel@tonic-gate
11987c478bd9Sstevel@tonic-gate /* Get the value for the kadmind port */
11997c478bd9Sstevel@tonic-gate hierarchy[2] = "kadmind_port";
12007c478bd9Sstevel@tonic-gate if (!krb5_aprof_get_int32(aprofile, hierarchy, TRUE, &ivalue)) {
12017c478bd9Sstevel@tonic-gate rparams->realm_kadmind_port = ivalue;
12027c478bd9Sstevel@tonic-gate rparams->realm_kadmind_port_valid = 1;
12037c478bd9Sstevel@tonic-gate }
12047c478bd9Sstevel@tonic-gate
12057c478bd9Sstevel@tonic-gate /* Get the value for the master key name */
12067c478bd9Sstevel@tonic-gate hierarchy[2] = "master_key_name";
12077c478bd9Sstevel@tonic-gate if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
12087c478bd9Sstevel@tonic-gate rparams->realm_mkey_name = svalue;
12097c478bd9Sstevel@tonic-gate
12107c478bd9Sstevel@tonic-gate /* Get the value for the master key type */
12117c478bd9Sstevel@tonic-gate hierarchy[2] = "master_key_type";
12127c478bd9Sstevel@tonic-gate if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
12137c478bd9Sstevel@tonic-gate if (!krb5_string_to_enctype(svalue, &rparams->realm_enctype))
12147c478bd9Sstevel@tonic-gate rparams->realm_enctype_valid = 1;
12157c478bd9Sstevel@tonic-gate krb5_xfree(svalue);
12167c478bd9Sstevel@tonic-gate }
12177c478bd9Sstevel@tonic-gate
12187c478bd9Sstevel@tonic-gate /* Get the value for the stashfile */
12197c478bd9Sstevel@tonic-gate hierarchy[2] = "key_stash_file";
12207c478bd9Sstevel@tonic-gate if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
12217c478bd9Sstevel@tonic-gate rparams->realm_stash_file = svalue;
12227c478bd9Sstevel@tonic-gate
12237c478bd9Sstevel@tonic-gate /* Get the value for maximum ticket lifetime. */
12247c478bd9Sstevel@tonic-gate hierarchy[2] = "max_life";
12257c478bd9Sstevel@tonic-gate if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) {
12267c478bd9Sstevel@tonic-gate rparams->realm_max_life = dtvalue;
12277c478bd9Sstevel@tonic-gate rparams->realm_max_life_valid = 1;
12287c478bd9Sstevel@tonic-gate }
12297c478bd9Sstevel@tonic-gate
12307c478bd9Sstevel@tonic-gate /* Get the value for maximum renewable ticket lifetime. */
12317c478bd9Sstevel@tonic-gate hierarchy[2] = "max_renewable_life";
12327c478bd9Sstevel@tonic-gate if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) {
12337c478bd9Sstevel@tonic-gate rparams->realm_max_rlife = dtvalue;
12347c478bd9Sstevel@tonic-gate rparams->realm_max_rlife_valid = 1;
12357c478bd9Sstevel@tonic-gate }
12367c478bd9Sstevel@tonic-gate
12377c478bd9Sstevel@tonic-gate /* Get the value for the default principal expiration */
12387c478bd9Sstevel@tonic-gate hierarchy[2] = "default_principal_expiration";
12397c478bd9Sstevel@tonic-gate if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
12407c478bd9Sstevel@tonic-gate if (!krb5_string_to_timestamp(svalue,
12417c478bd9Sstevel@tonic-gate &rparams->realm_expiration))
12427c478bd9Sstevel@tonic-gate rparams->realm_expiration_valid = 1;
12437c478bd9Sstevel@tonic-gate krb5_xfree(svalue);
12447c478bd9Sstevel@tonic-gate }
12457c478bd9Sstevel@tonic-gate
124656a424ccSmp153739 hierarchy[2] = "reject_bad_transit";
124756a424ccSmp153739 if (!krb5_aprof_get_boolean(aprofile, hierarchy, TRUE, &bvalue)) {
124856a424ccSmp153739 rparams->realm_reject_bad_transit = bvalue;
124956a424ccSmp153739 rparams->realm_reject_bad_transit_valid = 1;
125056a424ccSmp153739 }
125156a424ccSmp153739
12527c478bd9Sstevel@tonic-gate /* Get the value for the default principal flags */
12537c478bd9Sstevel@tonic-gate hierarchy[2] = "default_principal_flags";
12547c478bd9Sstevel@tonic-gate if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
12557c478bd9Sstevel@tonic-gate char *sp, *ep, *tp;
12567c478bd9Sstevel@tonic-gate
12577c478bd9Sstevel@tonic-gate sp = svalue;
12587c478bd9Sstevel@tonic-gate rparams->realm_flags = 0;
12597c478bd9Sstevel@tonic-gate while (sp) {
12607c478bd9Sstevel@tonic-gate if ((ep = strchr(sp, (int) ',')) ||
12617c478bd9Sstevel@tonic-gate (ep = strchr(sp, (int) ' ')) ||
12627c478bd9Sstevel@tonic-gate (ep = strchr(sp, (int) '\t'))) {
12637c478bd9Sstevel@tonic-gate /* Fill in trailing whitespace of sp */
12647c478bd9Sstevel@tonic-gate tp = ep - 1;
126556a424ccSmp153739 while (isspace((int) *tp) && (tp < sp)) {
12667c478bd9Sstevel@tonic-gate *tp = '\0';
12677c478bd9Sstevel@tonic-gate tp--;
12687c478bd9Sstevel@tonic-gate }
12697c478bd9Sstevel@tonic-gate *ep = '\0';
12707c478bd9Sstevel@tonic-gate ep++;
12717c478bd9Sstevel@tonic-gate /* Skip over trailing whitespace of ep */
127256a424ccSmp153739 while (isspace((int) *ep) && (*ep)) ep++;
12737c478bd9Sstevel@tonic-gate }
12747c478bd9Sstevel@tonic-gate /* Convert this flag */
12757c478bd9Sstevel@tonic-gate if (krb5_string_to_flags(sp,
12767c478bd9Sstevel@tonic-gate "+",
12777c478bd9Sstevel@tonic-gate "-",
12787c478bd9Sstevel@tonic-gate &rparams->realm_flags))
12797c478bd9Sstevel@tonic-gate break;
12807c478bd9Sstevel@tonic-gate sp = ep;
12817c478bd9Sstevel@tonic-gate }
12827c478bd9Sstevel@tonic-gate if (!sp)
12837c478bd9Sstevel@tonic-gate rparams->realm_flags_valid = 1;
12847c478bd9Sstevel@tonic-gate krb5_xfree(svalue);
12857c478bd9Sstevel@tonic-gate }
12867c478bd9Sstevel@tonic-gate
12877c478bd9Sstevel@tonic-gate /* Get the value for the supported enctype/salttype matrix */
12887c478bd9Sstevel@tonic-gate /*
12897c478bd9Sstevel@tonic-gate * SUNWresync121
12907c478bd9Sstevel@tonic-gate * Solaris kerberos: updated this code to support default values for
12917c478bd9Sstevel@tonic-gate * the supported_enctypes.
12927c478bd9Sstevel@tonic-gate */
12937c478bd9Sstevel@tonic-gate hierarchy[2] = "supported_enctypes";
12947c478bd9Sstevel@tonic-gate svalue = NULL;
12957c478bd9Sstevel@tonic-gate krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue);
12967c478bd9Sstevel@tonic-gate
12977c478bd9Sstevel@tonic-gate /*
12987c478bd9Sstevel@tonic-gate * Set the default value if supported_enctypes was not explicitly
12997c478bd9Sstevel@tonic-gate * set in the kdc.conf.
13007c478bd9Sstevel@tonic-gate */
13017c478bd9Sstevel@tonic-gate if (svalue == NULL) {
13027c478bd9Sstevel@tonic-gate svalue = strdup(DEFAULT_ENCTYPE_LIST);
13037c478bd9Sstevel@tonic-gate }
13047c478bd9Sstevel@tonic-gate if (svalue != NULL) {
13057c478bd9Sstevel@tonic-gate krb5_string_to_keysalts(svalue,
13067c478bd9Sstevel@tonic-gate ", \t", /* Tuple separators */
13077c478bd9Sstevel@tonic-gate ":.-", /* Key/salt separators */
13087c478bd9Sstevel@tonic-gate 0, /* No duplicates */
13097c478bd9Sstevel@tonic-gate &rparams->realm_keysalts,
13107c478bd9Sstevel@tonic-gate &rparams->realm_num_keysalts);
13117c478bd9Sstevel@tonic-gate krb5_xfree(svalue);
13127c478bd9Sstevel@tonic-gate svalue = NULL;
13137c478bd9Sstevel@tonic-gate }
13147c478bd9Sstevel@tonic-gate cleanup:
13157c478bd9Sstevel@tonic-gate if (aprofile)
13167c478bd9Sstevel@tonic-gate krb5_aprof_finish(aprofile);
13177c478bd9Sstevel@tonic-gate if (lrealm)
13187c478bd9Sstevel@tonic-gate free(lrealm);
13197c478bd9Sstevel@tonic-gate if (kret) {
13207c478bd9Sstevel@tonic-gate if (rparams)
13217c478bd9Sstevel@tonic-gate krb5_free_realm_params(kcontext, rparams);
13227c478bd9Sstevel@tonic-gate rparams = 0;
13237c478bd9Sstevel@tonic-gate }
13247c478bd9Sstevel@tonic-gate *rparamp = rparams;
13257c478bd9Sstevel@tonic-gate return(kret);
13267c478bd9Sstevel@tonic-gate }
13277c478bd9Sstevel@tonic-gate
13287c478bd9Sstevel@tonic-gate /*
13297c478bd9Sstevel@tonic-gate * krb5_free_realm_params() - Free data allocated by above.
13307c478bd9Sstevel@tonic-gate */
13317c478bd9Sstevel@tonic-gate krb5_error_code
krb5_free_realm_params(kcontext,rparams)13327c478bd9Sstevel@tonic-gate krb5_free_realm_params(kcontext, rparams)
13337c478bd9Sstevel@tonic-gate krb5_context kcontext;
13347c478bd9Sstevel@tonic-gate krb5_realm_params *rparams;
13357c478bd9Sstevel@tonic-gate {
13367c478bd9Sstevel@tonic-gate if (rparams) {
13377c478bd9Sstevel@tonic-gate if (rparams->realm_profile)
13387c478bd9Sstevel@tonic-gate krb5_xfree(rparams->realm_profile);
13397c478bd9Sstevel@tonic-gate if (rparams->realm_dbname)
13407c478bd9Sstevel@tonic-gate krb5_xfree(rparams->realm_dbname);
13417c478bd9Sstevel@tonic-gate if (rparams->realm_mkey_name)
13427c478bd9Sstevel@tonic-gate krb5_xfree(rparams->realm_mkey_name);
13437c478bd9Sstevel@tonic-gate if (rparams->realm_stash_file)
13447c478bd9Sstevel@tonic-gate krb5_xfree(rparams->realm_stash_file);
13457c478bd9Sstevel@tonic-gate if (rparams->realm_keysalts)
13467c478bd9Sstevel@tonic-gate krb5_xfree(rparams->realm_keysalts);
13477c478bd9Sstevel@tonic-gate if (rparams->realm_kdc_ports)
13487c478bd9Sstevel@tonic-gate krb5_xfree(rparams->realm_kdc_ports);
134956a424ccSmp153739 if (rparams->realm_kdc_tcp_ports)
135056a424ccSmp153739 krb5_xfree(rparams->realm_kdc_tcp_ports);
135156a424ccSmp153739 if (rparams->realm_acl_file)
135256a424ccSmp153739 krb5_xfree(rparams->realm_acl_file);
13537c478bd9Sstevel@tonic-gate krb5_xfree(rparams);
13547c478bd9Sstevel@tonic-gate }
13557c478bd9Sstevel@tonic-gate return(0);
13567c478bd9Sstevel@tonic-gate }
135756a424ccSmp153739
1358