17c478bd9Sstevel@tonic-gate /* 27c64d375Smp153739 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 37c478bd9Sstevel@tonic-gate * Use is subject to license terms. 47c478bd9Sstevel@tonic-gate */ 57c478bd9Sstevel@tonic-gate 67c478bd9Sstevel@tonic-gate 77c478bd9Sstevel@tonic-gate /* 87c478bd9Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 97c478bd9Sstevel@tonic-gate * 107c478bd9Sstevel@tonic-gate * Openvision retains the copyright to derivative works of 117c478bd9Sstevel@tonic-gate * this source code. Do *NOT* create a derivative of this 127c478bd9Sstevel@tonic-gate * source code before consulting with your legal department. 137c478bd9Sstevel@tonic-gate * Do *NOT* integrate *ANY* of this source code into another 147c478bd9Sstevel@tonic-gate * product before consulting with your legal department. 157c478bd9Sstevel@tonic-gate * 167c478bd9Sstevel@tonic-gate * For further information, read the top-level Openvision 177c478bd9Sstevel@tonic-gate * copyright which is contained in the top-level MIT Kerberos 187c478bd9Sstevel@tonic-gate * copyright. 197c478bd9Sstevel@tonic-gate * 207c478bd9Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 217c478bd9Sstevel@tonic-gate * 227c478bd9Sstevel@tonic-gate */ 237c478bd9Sstevel@tonic-gate 247c478bd9Sstevel@tonic-gate 257c478bd9Sstevel@tonic-gate /* 267c478bd9Sstevel@tonic-gate * lib/kadm/alt_prof.c 277c478bd9Sstevel@tonic-gate * 2856a424ccSmp153739 * Copyright 1995,2001 by the Massachusetts Institute of Technology. 297c478bd9Sstevel@tonic-gate * All Rights Reserved. 307c478bd9Sstevel@tonic-gate * 317c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may 327c478bd9Sstevel@tonic-gate * require a specific license from the United States Government. 337c478bd9Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating 347c478bd9Sstevel@tonic-gate * export to obtain such a license before exporting. 357c478bd9Sstevel@tonic-gate * 367c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 377c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and 387c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright 397c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and 407c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that 417c478bd9Sstevel@tonic-gate * the name of M.I.T. not be used in advertising or publicity pertaining 427c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior 4356a424ccSmp153739 * permission. Furthermore if you modify this software you must label 4456a424ccSmp153739 * your software as modified software and not distribute it in such a 4556a424ccSmp153739 * fashion that it might be confused with the original M.I.T. software. 4656a424ccSmp153739 * M.I.T. makes no representations about the suitability of 477c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express 487c478bd9Sstevel@tonic-gate * or implied warranty. 497c478bd9Sstevel@tonic-gate * 507c478bd9Sstevel@tonic-gate */ 517c478bd9Sstevel@tonic-gate 527c478bd9Sstevel@tonic-gate /* 537c478bd9Sstevel@tonic-gate * alt_prof.c - Implement alternate profile file handling. 547c478bd9Sstevel@tonic-gate */ 55*159d09a2SMark Phalan #include "k5-int.h" 567c478bd9Sstevel@tonic-gate #include <kadm5/admin.h> 57*159d09a2SMark Phalan #include "adm_proto.h" 587c478bd9Sstevel@tonic-gate #include <stdio.h> 597c478bd9Sstevel@tonic-gate #include <ctype.h> 607c478bd9Sstevel@tonic-gate #include <os-proto.h> 617c478bd9Sstevel@tonic-gate #include <kdb/kdb_log.h> 627c478bd9Sstevel@tonic-gate 637c478bd9Sstevel@tonic-gate krb5_error_code kadm5_free_config_params(); 647c478bd9Sstevel@tonic-gate 657c478bd9Sstevel@tonic-gate #define DEFAULT_ENCTYPE_LIST \ 667c478bd9Sstevel@tonic-gate "aes256-cts-hmac-sha1-96:normal " \ 677c478bd9Sstevel@tonic-gate "aes128-cts-hmac-sha1-96:normal " \ 687c478bd9Sstevel@tonic-gate "des3-cbc-hmac-sha1-kd:normal " \ 697c478bd9Sstevel@tonic-gate "arcfour-hmac-md5:normal " \ 7045526e97Ssemery "arcfour-hmac-md5-exp:normal " \ 717c478bd9Sstevel@tonic-gate "des-cbc-md5:normal " \ 727c478bd9Sstevel@tonic-gate "des-cbc-crc:normal" 737c478bd9Sstevel@tonic-gate 7456a424ccSmp153739 static krb5_key_salt_tuple *copy_key_salt_tuple(ksalt, len) 7556a424ccSmp153739 krb5_key_salt_tuple *ksalt; 7656a424ccSmp153739 krb5_int32 len; 7756a424ccSmp153739 { 7856a424ccSmp153739 krb5_key_salt_tuple *knew; 7956a424ccSmp153739 8056a424ccSmp153739 if((knew = (krb5_key_salt_tuple *) 8156a424ccSmp153739 malloc((len ) * sizeof(krb5_key_salt_tuple)))) { 8256a424ccSmp153739 memcpy(knew, ksalt, len * sizeof(krb5_key_salt_tuple)); 8356a424ccSmp153739 return knew; 8456a424ccSmp153739 } 8556a424ccSmp153739 return 0; 8656a424ccSmp153739 } 8756a424ccSmp153739 887c478bd9Sstevel@tonic-gate /* 897c478bd9Sstevel@tonic-gate * krb5_aprof_init() - Initialize alternate profile context. 907c478bd9Sstevel@tonic-gate * 917c478bd9Sstevel@tonic-gate * Parameters: 927c478bd9Sstevel@tonic-gate * fname - default file name of the profile. 937c478bd9Sstevel@tonic-gate * envname - environment variable name which can override fname. 947c478bd9Sstevel@tonic-gate * acontextp - Pointer to opaque context for alternate profile. 957c478bd9Sstevel@tonic-gate * 967c478bd9Sstevel@tonic-gate * Returns: 977c478bd9Sstevel@tonic-gate * error codes from profile_init() 987c478bd9Sstevel@tonic-gate */ 997c478bd9Sstevel@tonic-gate krb5_error_code 1007c478bd9Sstevel@tonic-gate krb5_aprof_init(fname, envname, acontextp) 1017c478bd9Sstevel@tonic-gate char *fname; 1027c478bd9Sstevel@tonic-gate char *envname; 1037c478bd9Sstevel@tonic-gate krb5_pointer *acontextp; 1047c478bd9Sstevel@tonic-gate { 1057c478bd9Sstevel@tonic-gate krb5_error_code kret; 1067c478bd9Sstevel@tonic-gate profile_t profile; 107*159d09a2SMark Phalan const char *kdc_config; 108*159d09a2SMark Phalan size_t krb5_config_len, kdc_config_len; 109*159d09a2SMark Phalan char *profile_path; 110*159d09a2SMark Phalan char **filenames; 111*159d09a2SMark Phalan int i; 1127c478bd9Sstevel@tonic-gate 113*159d09a2SMark Phalan kret = krb5_get_default_config_files (&filenames); 1147c478bd9Sstevel@tonic-gate if (kret) 11556a424ccSmp153739 return kret; 116*159d09a2SMark Phalan krb5_config_len = 0; 117*159d09a2SMark Phalan for (i = 0; filenames[i] != NULL; i++) 118*159d09a2SMark Phalan krb5_config_len += strlen(filenames[i]) + 1; 119*159d09a2SMark Phalan if (i > 0) 120*159d09a2SMark Phalan krb5_config_len--; 121*159d09a2SMark Phalan if (envname == NULL 122*159d09a2SMark Phalan || (kdc_config = getenv(envname)) == NULL) 123*159d09a2SMark Phalan kdc_config = fname; 124*159d09a2SMark Phalan if (kdc_config == NULL) 125*159d09a2SMark Phalan kdc_config_len = 0; 126*159d09a2SMark Phalan else 127*159d09a2SMark Phalan kdc_config_len = strlen(kdc_config); 128*159d09a2SMark Phalan profile_path = malloc(2 + krb5_config_len + kdc_config_len); 129*159d09a2SMark Phalan if (profile_path == NULL) { 130*159d09a2SMark Phalan krb5_free_config_files(filenames); 131*159d09a2SMark Phalan return errno; 1327c478bd9Sstevel@tonic-gate } 133*159d09a2SMark Phalan if (kdc_config_len) 134*159d09a2SMark Phalan strcpy(profile_path, kdc_config); 135*159d09a2SMark Phalan else 136*159d09a2SMark Phalan profile_path[0] = 0; 137*159d09a2SMark Phalan if (krb5_config_len) 138*159d09a2SMark Phalan for (i = 0; filenames[i] != NULL; i++) { 139*159d09a2SMark Phalan if (kdc_config_len || i) 140*159d09a2SMark Phalan strcat(profile_path, ":"); 141*159d09a2SMark Phalan strcat(profile_path, filenames[i]); 1427c478bd9Sstevel@tonic-gate } 143*159d09a2SMark Phalan krb5_free_config_files(filenames); 1447c478bd9Sstevel@tonic-gate profile = (profile_t) NULL; 145*159d09a2SMark Phalan kret = profile_init_path(profile_path, &profile); 146*159d09a2SMark Phalan free(profile_path); 147*159d09a2SMark Phalan if (kret) 14856a424ccSmp153739 return kret; 149*159d09a2SMark Phalan *acontextp = profile; 15056a424ccSmp153739 return 0; 1517c478bd9Sstevel@tonic-gate } 1527c478bd9Sstevel@tonic-gate 1537c478bd9Sstevel@tonic-gate /* 1547c478bd9Sstevel@tonic-gate * krb5_aprof_getvals() - Get values from alternate profile. 1557c478bd9Sstevel@tonic-gate * 1567c478bd9Sstevel@tonic-gate * Parameters: 1577c478bd9Sstevel@tonic-gate * acontext - opaque context for alternate profile. 1587c478bd9Sstevel@tonic-gate * hierarchy - hierarchy of value to retrieve. 1597c478bd9Sstevel@tonic-gate * retdata - Returned data values. 1607c478bd9Sstevel@tonic-gate * 1617c478bd9Sstevel@tonic-gate * Returns: 1627c478bd9Sstevel@tonic-gate * error codes from profile_get_values() 1637c478bd9Sstevel@tonic-gate */ 1647c478bd9Sstevel@tonic-gate krb5_error_code 1657c478bd9Sstevel@tonic-gate krb5_aprof_getvals(acontext, hierarchy, retdata) 1667c478bd9Sstevel@tonic-gate krb5_pointer acontext; 1677c478bd9Sstevel@tonic-gate const char **hierarchy; 1687c478bd9Sstevel@tonic-gate char ***retdata; 1697c478bd9Sstevel@tonic-gate { 1707c478bd9Sstevel@tonic-gate return(profile_get_values((profile_t) acontext, 1717c478bd9Sstevel@tonic-gate hierarchy, 1727c478bd9Sstevel@tonic-gate retdata)); 1737c478bd9Sstevel@tonic-gate } 1747c478bd9Sstevel@tonic-gate 1757c478bd9Sstevel@tonic-gate /* 17656a424ccSmp153739 * krb5_aprof_get_boolean() 17756a424ccSmp153739 * 17856a424ccSmp153739 * Parameters: 17956a424ccSmp153739 * acontext - opaque context for alternate profile 18056a424ccSmp153739 * hierarchy - hierarchy of value to retrieve 18156a424ccSmp153739 * retdata - Returned data value 18256a424ccSmp153739 * Returns: 18356a424ccSmp153739 * error codes 18456a424ccSmp153739 */ 18556a424ccSmp153739 18656a424ccSmp153739 static krb5_error_code 18756a424ccSmp153739 string_to_boolean (const char *string, krb5_boolean *out) 18856a424ccSmp153739 { 18956a424ccSmp153739 static const char *const yes[] = { "y", "yes", "true", "t", "1", "on" }; 19056a424ccSmp153739 static const char *const no[] = { "n", "no", "false", "f", "nil", "0", "off" }; 19156a424ccSmp153739 int i; 19256a424ccSmp153739 19356a424ccSmp153739 for (i = 0; i < sizeof(yes)/sizeof(yes[0]); i++) 19456a424ccSmp153739 if (!strcasecmp(string, yes[i])) { 19556a424ccSmp153739 *out = 1; 19656a424ccSmp153739 return 0; 19756a424ccSmp153739 } 19856a424ccSmp153739 for (i = 0; i < sizeof(no)/sizeof(no[0]); i++) 19956a424ccSmp153739 if (!strcasecmp(string, no[i])) { 20056a424ccSmp153739 *out = 0; 20156a424ccSmp153739 return 0; 20256a424ccSmp153739 } 20356a424ccSmp153739 return PROF_BAD_BOOLEAN; 20456a424ccSmp153739 } 20556a424ccSmp153739 20656a424ccSmp153739 krb5_error_code 20756a424ccSmp153739 krb5_aprof_get_boolean(krb5_pointer acontext, const char **hierarchy, 20856a424ccSmp153739 int uselast, krb5_boolean *retdata) 20956a424ccSmp153739 { 21056a424ccSmp153739 krb5_error_code kret; 21156a424ccSmp153739 char **values; 21256a424ccSmp153739 char *valp; 21356a424ccSmp153739 int idx; 21456a424ccSmp153739 krb5_boolean val; 21556a424ccSmp153739 21656a424ccSmp153739 kret = krb5_aprof_getvals (acontext, hierarchy, &values); 21756a424ccSmp153739 if (kret) 21856a424ccSmp153739 return kret; 21956a424ccSmp153739 idx = 0; 22056a424ccSmp153739 if (uselast) { 22156a424ccSmp153739 while (values[idx]) 22256a424ccSmp153739 idx++; 22356a424ccSmp153739 idx--; 22456a424ccSmp153739 } 22556a424ccSmp153739 valp = values[idx]; 22656a424ccSmp153739 kret = string_to_boolean (valp, &val); 22756a424ccSmp153739 if (kret) 22856a424ccSmp153739 return kret; 22956a424ccSmp153739 *retdata = val; 23056a424ccSmp153739 return 0; 23156a424ccSmp153739 } 23256a424ccSmp153739 23356a424ccSmp153739 /* 2347c478bd9Sstevel@tonic-gate * krb5_aprof_get_deltat() - Get a delta time value from the alternate 2357c478bd9Sstevel@tonic-gate * profile. 2367c478bd9Sstevel@tonic-gate * 2377c478bd9Sstevel@tonic-gate * Parameters: 2387c478bd9Sstevel@tonic-gate * acontext - opaque context for alternate profile. 2397c478bd9Sstevel@tonic-gate * hierarchy - hierarchy of value to retrieve. 2407c478bd9Sstevel@tonic-gate * uselast - if true, use last value, otherwise use 2417c478bd9Sstevel@tonic-gate * first value found. 2427c478bd9Sstevel@tonic-gate * deltatp - returned delta time value. 2437c478bd9Sstevel@tonic-gate * 2447c478bd9Sstevel@tonic-gate * Returns: 2457c478bd9Sstevel@tonic-gate * error codes from profile_get_values() 2467c478bd9Sstevel@tonic-gate * error codes from krb5_string_to_deltat() 2477c478bd9Sstevel@tonic-gate */ 2487c478bd9Sstevel@tonic-gate krb5_error_code 2497c478bd9Sstevel@tonic-gate krb5_aprof_get_deltat(acontext, hierarchy, uselast, deltatp) 2507c478bd9Sstevel@tonic-gate krb5_pointer acontext; 2517c478bd9Sstevel@tonic-gate const char **hierarchy; 2527c478bd9Sstevel@tonic-gate krb5_boolean uselast; 2537c478bd9Sstevel@tonic-gate krb5_deltat *deltatp; 2547c478bd9Sstevel@tonic-gate { 2557c478bd9Sstevel@tonic-gate krb5_error_code kret; 2567c478bd9Sstevel@tonic-gate char **values; 2577c478bd9Sstevel@tonic-gate char *valp; 25856a424ccSmp153739 int idx; 2597c478bd9Sstevel@tonic-gate 2607c478bd9Sstevel@tonic-gate if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) { 26156a424ccSmp153739 idx = 0; 2627c478bd9Sstevel@tonic-gate if (uselast) { 26356a424ccSmp153739 for (idx=0; values[idx]; idx++); 26456a424ccSmp153739 idx--; 2657c478bd9Sstevel@tonic-gate } 26656a424ccSmp153739 valp = values[idx]; 2677c478bd9Sstevel@tonic-gate kret = krb5_string_to_deltat(valp, deltatp); 2687c478bd9Sstevel@tonic-gate 2697c478bd9Sstevel@tonic-gate /* Free the string storage */ 27056a424ccSmp153739 for (idx=0; values[idx]; idx++) 27156a424ccSmp153739 krb5_xfree(values[idx]); 2727c478bd9Sstevel@tonic-gate krb5_xfree(values); 2737c478bd9Sstevel@tonic-gate } 2747c478bd9Sstevel@tonic-gate return(kret); 2757c478bd9Sstevel@tonic-gate } 2767c478bd9Sstevel@tonic-gate 2777c478bd9Sstevel@tonic-gate /* 2787c478bd9Sstevel@tonic-gate * krb5_aprof_get_string() - Get a string value from the alternate 2797c478bd9Sstevel@tonic-gate * profile. 2807c478bd9Sstevel@tonic-gate * 2817c478bd9Sstevel@tonic-gate * Parameters: 2827c478bd9Sstevel@tonic-gate * acontext - opaque context for alternate profile. 2837c478bd9Sstevel@tonic-gate * hierarchy - hierarchy of value to retrieve. 2847c478bd9Sstevel@tonic-gate * uselast - if true, use last value, otherwise use 2857c478bd9Sstevel@tonic-gate * first value found. 2867c478bd9Sstevel@tonic-gate * stringp - returned string value. 2877c478bd9Sstevel@tonic-gate * 2887c478bd9Sstevel@tonic-gate * Returns: 2897c478bd9Sstevel@tonic-gate * error codes from profile_get_values() 2907c478bd9Sstevel@tonic-gate */ 2917c478bd9Sstevel@tonic-gate krb5_error_code 2927c478bd9Sstevel@tonic-gate krb5_aprof_get_string(acontext, hierarchy, uselast, stringp) 2937c478bd9Sstevel@tonic-gate krb5_pointer acontext; 2947c478bd9Sstevel@tonic-gate const char **hierarchy; 2957c478bd9Sstevel@tonic-gate krb5_boolean uselast; 2967c478bd9Sstevel@tonic-gate char **stringp; 2977c478bd9Sstevel@tonic-gate { 2987c478bd9Sstevel@tonic-gate krb5_error_code kret; 2997c478bd9Sstevel@tonic-gate char **values; 30056a424ccSmp153739 int idx, i; 3017c478bd9Sstevel@tonic-gate 3027c478bd9Sstevel@tonic-gate if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) { 30356a424ccSmp153739 idx = 0; 3047c478bd9Sstevel@tonic-gate if (uselast) { 30556a424ccSmp153739 for (idx=0; values[idx]; idx++); 30656a424ccSmp153739 idx--; 3077c478bd9Sstevel@tonic-gate } 3087c478bd9Sstevel@tonic-gate 30956a424ccSmp153739 *stringp = values[idx]; 3107c478bd9Sstevel@tonic-gate 3117c478bd9Sstevel@tonic-gate /* Free the string storage */ 3127c478bd9Sstevel@tonic-gate for (i=0; values[i]; i++) 31356a424ccSmp153739 if (i != idx) 3147c478bd9Sstevel@tonic-gate krb5_xfree(values[i]); 3157c478bd9Sstevel@tonic-gate krb5_xfree(values); 3167c478bd9Sstevel@tonic-gate } 3177c478bd9Sstevel@tonic-gate return(kret); 3187c478bd9Sstevel@tonic-gate } 3197c478bd9Sstevel@tonic-gate 3207c478bd9Sstevel@tonic-gate /* 3217c478bd9Sstevel@tonic-gate * krb5_aprof_get_int32() - Get a 32-bit integer value from the alternate 3227c478bd9Sstevel@tonic-gate * profile. 3237c478bd9Sstevel@tonic-gate * 3247c478bd9Sstevel@tonic-gate * Parameters: 3257c478bd9Sstevel@tonic-gate * acontext - opaque context for alternate profile. 3267c478bd9Sstevel@tonic-gate * hierarchy - hierarchy of value to retrieve. 3277c478bd9Sstevel@tonic-gate * uselast - if true, use last value, otherwise use 3287c478bd9Sstevel@tonic-gate * first value found. 3297c478bd9Sstevel@tonic-gate * intp - returned 32-bit integer value. 3307c478bd9Sstevel@tonic-gate * 3317c478bd9Sstevel@tonic-gate * Returns: 3327c478bd9Sstevel@tonic-gate * error codes from profile_get_values() 3337c478bd9Sstevel@tonic-gate * EINVAL - value is not an integer 3347c478bd9Sstevel@tonic-gate */ 3357c478bd9Sstevel@tonic-gate krb5_error_code 3367c478bd9Sstevel@tonic-gate krb5_aprof_get_int32(acontext, hierarchy, uselast, intp) 3377c478bd9Sstevel@tonic-gate krb5_pointer acontext; 3387c478bd9Sstevel@tonic-gate const char **hierarchy; 3397c478bd9Sstevel@tonic-gate krb5_boolean uselast; 3407c478bd9Sstevel@tonic-gate krb5_int32 *intp; 3417c478bd9Sstevel@tonic-gate { 3427c478bd9Sstevel@tonic-gate krb5_error_code kret; 3437c478bd9Sstevel@tonic-gate char **values; 34456a424ccSmp153739 int idx; 3457c478bd9Sstevel@tonic-gate 3467c478bd9Sstevel@tonic-gate if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) { 34756a424ccSmp153739 idx = 0; 3487c478bd9Sstevel@tonic-gate if (uselast) { 34956a424ccSmp153739 for (idx=0; values[idx]; idx++); 35056a424ccSmp153739 idx--; 3517c478bd9Sstevel@tonic-gate } 3527c478bd9Sstevel@tonic-gate 35356a424ccSmp153739 if (sscanf(values[idx], "%d", intp) != 1) 3547c478bd9Sstevel@tonic-gate kret = EINVAL; 3557c478bd9Sstevel@tonic-gate 3567c478bd9Sstevel@tonic-gate /* Free the string storage */ 35756a424ccSmp153739 for (idx=0; values[idx]; idx++) 35856a424ccSmp153739 krb5_xfree(values[idx]); 3597c478bd9Sstevel@tonic-gate krb5_xfree(values); 3607c478bd9Sstevel@tonic-gate } 3617c478bd9Sstevel@tonic-gate return(kret); 3627c478bd9Sstevel@tonic-gate } 3637c478bd9Sstevel@tonic-gate 3647c478bd9Sstevel@tonic-gate /* 3657c478bd9Sstevel@tonic-gate * krb5_aprof_finish() - Finish alternate profile context. 3667c478bd9Sstevel@tonic-gate * 3677c478bd9Sstevel@tonic-gate * Parameter: 3687c478bd9Sstevel@tonic-gate * acontext - opaque context for alternate profile. 3697c478bd9Sstevel@tonic-gate * 3707c478bd9Sstevel@tonic-gate * Returns: 3717c478bd9Sstevel@tonic-gate * 0 on success, something else on failure. 3727c478bd9Sstevel@tonic-gate */ 3737c478bd9Sstevel@tonic-gate krb5_error_code 3747c478bd9Sstevel@tonic-gate krb5_aprof_finish(acontext) 3757c478bd9Sstevel@tonic-gate krb5_pointer acontext; 3767c478bd9Sstevel@tonic-gate { 3777c478bd9Sstevel@tonic-gate profile_release(acontext); 3787c478bd9Sstevel@tonic-gate return(0); 3797c478bd9Sstevel@tonic-gate } 3807c478bd9Sstevel@tonic-gate 3817c478bd9Sstevel@tonic-gate /* 3827c478bd9Sstevel@tonic-gate * Function: kadm5_get_config_params 3837c478bd9Sstevel@tonic-gate * 3847c478bd9Sstevel@tonic-gate * Purpose: Merge configuration parameters provided by the caller with 3857c478bd9Sstevel@tonic-gate * values specified in configuration files and with default values. 3867c478bd9Sstevel@tonic-gate * 3877c478bd9Sstevel@tonic-gate * Arguments: 3887c478bd9Sstevel@tonic-gate * 3897c478bd9Sstevel@tonic-gate * context (r) krb5_context to use 3907c478bd9Sstevel@tonic-gate * profile (r) profile file to use 3917c478bd9Sstevel@tonic-gate * envname (r) envname that contains a profile name to 3927c478bd9Sstevel@tonic-gate * override profile 3937c478bd9Sstevel@tonic-gate * params_in (r) params structure containing user-supplied 3947c478bd9Sstevel@tonic-gate * values, or NULL 3957c478bd9Sstevel@tonic-gate * params_out (w) params structure to be filled in 3967c478bd9Sstevel@tonic-gate * 3977c478bd9Sstevel@tonic-gate * Effects: 3987c478bd9Sstevel@tonic-gate * 3997c478bd9Sstevel@tonic-gate * The fields and mask of params_out are filled in with values 4007c478bd9Sstevel@tonic-gate * obtained from params_in, the specified profile, and default 4017c478bd9Sstevel@tonic-gate * values. Only and all fields specified in params_out->mask are 4027c478bd9Sstevel@tonic-gate * set. The context of params_out must be freed with 4037c478bd9Sstevel@tonic-gate * kadm5_free_config_params. 4047c478bd9Sstevel@tonic-gate * 4057c478bd9Sstevel@tonic-gate * params_in and params_out may be the same pointer. However, all pointers 4067c478bd9Sstevel@tonic-gate * in params_in for which the mask is set will be re-assigned to newly copied 4077c478bd9Sstevel@tonic-gate * versions, overwriting the old pointer value. 4087c478bd9Sstevel@tonic-gate */ 409*159d09a2SMark Phalan krb5_error_code kadm5_get_config_params(context, use_kdc_config, 4107c478bd9Sstevel@tonic-gate params_in, params_out) 4117c478bd9Sstevel@tonic-gate krb5_context context; 412*159d09a2SMark Phalan int use_kdc_config; 4137c478bd9Sstevel@tonic-gate kadm5_config_params *params_in, *params_out; 4147c478bd9Sstevel@tonic-gate { 4157c478bd9Sstevel@tonic-gate char *filename; 4167c478bd9Sstevel@tonic-gate char *envname; 4177c478bd9Sstevel@tonic-gate char *lrealm; 4187c478bd9Sstevel@tonic-gate krb5_pointer aprofile = 0; 4197c478bd9Sstevel@tonic-gate const char *hierarchy[4]; 4207c478bd9Sstevel@tonic-gate char *svalue; 4217c478bd9Sstevel@tonic-gate krb5_int32 ivalue; 4227c478bd9Sstevel@tonic-gate kadm5_config_params params, empty_params; 4237c478bd9Sstevel@tonic-gate 4247c478bd9Sstevel@tonic-gate krb5_error_code kret = 0; 4257c478bd9Sstevel@tonic-gate krb5_error_code dnsret = 1; 4267c478bd9Sstevel@tonic-gate 4277c478bd9Sstevel@tonic-gate #ifdef KRB5_DNS_LOOKUP 4287c478bd9Sstevel@tonic-gate char dns_host[MAX_DNS_NAMELEN]; 4297c478bd9Sstevel@tonic-gate unsigned short dns_portno; 4307c478bd9Sstevel@tonic-gate krb5_data dns_realm; 431eda50310Smp153739 memset((char *)&dns_realm, 0, sizeof (dns_realm)); 4327c478bd9Sstevel@tonic-gate #endif /* KRB5_DNS_LOOKUP */ 4337c478bd9Sstevel@tonic-gate 4347c478bd9Sstevel@tonic-gate memset((char *) ¶ms, 0, sizeof(params)); 4357c478bd9Sstevel@tonic-gate memset((char *) &empty_params, 0, sizeof(empty_params)); 4367c478bd9Sstevel@tonic-gate 4377c478bd9Sstevel@tonic-gate if (params_in == NULL) params_in = &empty_params; 4387c478bd9Sstevel@tonic-gate 4397c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_REALM) { 4407c478bd9Sstevel@tonic-gate lrealm = params.realm = strdup(params_in->realm); 4417c478bd9Sstevel@tonic-gate if (params.realm) 4427c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_REALM; 4437c478bd9Sstevel@tonic-gate } else { 4447c478bd9Sstevel@tonic-gate kret = krb5_get_default_realm(context, &lrealm); 4457c478bd9Sstevel@tonic-gate if (kret) 4467c478bd9Sstevel@tonic-gate goto cleanup; 4477c478bd9Sstevel@tonic-gate params.realm = lrealm; 4487c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_REALM; 4497c478bd9Sstevel@tonic-gate } 4507c478bd9Sstevel@tonic-gate /* 4517c478bd9Sstevel@tonic-gate * XXX These defaults should to work on both client and 4527c478bd9Sstevel@tonic-gate * server. kadm5_get_config_params can be implemented as a 4537c478bd9Sstevel@tonic-gate * wrapper function in each library that provides correct 4547c478bd9Sstevel@tonic-gate * defaults for NULL values. 4557c478bd9Sstevel@tonic-gate */ 456*159d09a2SMark Phalan if (use_kdc_config) { 457*159d09a2SMark Phalan filename = DEFAULT_KDC_PROFILE; 458*159d09a2SMark Phalan envname = KDC_PROFILE_ENV; 459*159d09a2SMark Phalan } else { 460*159d09a2SMark Phalan filename = DEFAULT_PROFILE_PATH; 461*159d09a2SMark Phalan envname = "KRB5_CONFIG"; 4627c478bd9Sstevel@tonic-gate } 463*159d09a2SMark Phalan if (context->profile_secure == TRUE) envname = 0; 4647c478bd9Sstevel@tonic-gate 4657c478bd9Sstevel@tonic-gate kret = krb5_aprof_init(filename, envname, &aprofile); 4667c478bd9Sstevel@tonic-gate if (kret) 4677c478bd9Sstevel@tonic-gate goto cleanup; 4687c478bd9Sstevel@tonic-gate 4697c478bd9Sstevel@tonic-gate /* Initialize realm parameters */ 4707c478bd9Sstevel@tonic-gate hierarchy[0] = "realms"; 4717c478bd9Sstevel@tonic-gate hierarchy[1] = lrealm; 4727c478bd9Sstevel@tonic-gate hierarchy[3] = (char *) NULL; 4737c478bd9Sstevel@tonic-gate 4747c478bd9Sstevel@tonic-gate #ifdef KRB5_DNS_LOOKUP 4757c478bd9Sstevel@tonic-gate /* 4767c478bd9Sstevel@tonic-gate * Initialize realm info for (possible) DNS lookups. 4777c478bd9Sstevel@tonic-gate */ 4787c478bd9Sstevel@tonic-gate dns_realm.data = strdup(lrealm); 4797c478bd9Sstevel@tonic-gate dns_realm.length = strlen(lrealm); 4807c478bd9Sstevel@tonic-gate dns_realm.magic = 0; 4817c478bd9Sstevel@tonic-gate #endif /* KRB5_DNS_LOOKUP */ 4827c478bd9Sstevel@tonic-gate 4837c478bd9Sstevel@tonic-gate /* Get the value for the admin server */ 4847c478bd9Sstevel@tonic-gate hierarchy[2] = "admin_server"; 4857c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_ADMIN_SERVER) { 4867c478bd9Sstevel@tonic-gate params.admin_server = strdup(params_in->admin_server); 4877c478bd9Sstevel@tonic-gate if (params.admin_server) 4887c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ADMIN_SERVER; 4897c478bd9Sstevel@tonic-gate } else if (aprofile && 4907c478bd9Sstevel@tonic-gate !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { 4917c478bd9Sstevel@tonic-gate params.admin_server = svalue; 4927c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ADMIN_SERVER; 4937c478bd9Sstevel@tonic-gate } 4947c478bd9Sstevel@tonic-gate #ifdef KRB5_DNS_LOOKUP 4957c478bd9Sstevel@tonic-gate else if (strcmp(envname, "KRB5_CONFIG") == 0) { 4967c478bd9Sstevel@tonic-gate /* 4977c478bd9Sstevel@tonic-gate * Solaris Kerberos: only do DNS lookup for admin_server if this 4987c478bd9Sstevel@tonic-gate * is a krb5.conf type of config file. Note, the filename may 4997c478bd9Sstevel@tonic-gate * not be /etc/krb5/krb5.conf so we assume that the KRB5_CONFIG 5007c478bd9Sstevel@tonic-gate * envname string will consistently indicate the type of config 5017c478bd9Sstevel@tonic-gate * file. 5027c478bd9Sstevel@tonic-gate */ 5037c478bd9Sstevel@tonic-gate dnsret = krb5_get_servername(context, &dns_realm, 5047c478bd9Sstevel@tonic-gate "_kerberos-adm", "_udp", 5057c478bd9Sstevel@tonic-gate dns_host, &dns_portno); 5067c478bd9Sstevel@tonic-gate if (dnsret == 0) { 5077c478bd9Sstevel@tonic-gate params.admin_server = strdup(dns_host); 5087c478bd9Sstevel@tonic-gate if (params.admin_server) 5097c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ADMIN_SERVER; 5107c478bd9Sstevel@tonic-gate params.kadmind_port = dns_portno; 5117c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KADMIND_PORT; 5127c478bd9Sstevel@tonic-gate } 5137c478bd9Sstevel@tonic-gate } 5147c478bd9Sstevel@tonic-gate #endif /* KRB5_DNS_LOOKUP */ 5157c478bd9Sstevel@tonic-gate 5167c478bd9Sstevel@tonic-gate if ((params.mask & KADM5_CONFIG_ADMIN_SERVER) && dnsret) { 5177c478bd9Sstevel@tonic-gate char *p; 51856a424ccSmp153739 p = strchr(params.admin_server, ':'); 51956a424ccSmp153739 if (p) { 5207c478bd9Sstevel@tonic-gate params.kadmind_port = atoi(p+1); 5217c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KADMIND_PORT; 5227c478bd9Sstevel@tonic-gate *p = '\0'; 5237c478bd9Sstevel@tonic-gate } 5247c478bd9Sstevel@tonic-gate } 5257c478bd9Sstevel@tonic-gate 5267c478bd9Sstevel@tonic-gate /* Get the value for the database */ 5277c478bd9Sstevel@tonic-gate hierarchy[2] = "database_name"; 5287c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_DBNAME) { 5297c478bd9Sstevel@tonic-gate params.dbname = strdup(params_in->dbname); 5307c478bd9Sstevel@tonic-gate if (params.dbname) 5317c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_DBNAME; 5327c478bd9Sstevel@tonic-gate } else if (aprofile && 5337c478bd9Sstevel@tonic-gate !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { 5347c478bd9Sstevel@tonic-gate params.dbname = svalue; 5357c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_DBNAME; 5367c478bd9Sstevel@tonic-gate } else { 5377c478bd9Sstevel@tonic-gate params.dbname = strdup(DEFAULT_KDB_FILE); 5387c478bd9Sstevel@tonic-gate if (params.dbname) 5397c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_DBNAME; 5407c478bd9Sstevel@tonic-gate } 5417c478bd9Sstevel@tonic-gate 5427c478bd9Sstevel@tonic-gate /* 5437c478bd9Sstevel@tonic-gate * admin database name and lockfile are now always derived from dbname 5447c478bd9Sstevel@tonic-gate */ 5457c478bd9Sstevel@tonic-gate if (params.mask & KADM5_CONFIG_DBNAME) { 54656a424ccSmp153739 params.admin_dbname = (char *) malloc(strlen(params.dbname) + 7); 5477c478bd9Sstevel@tonic-gate if (params.admin_dbname) { 54856a424ccSmp153739 sprintf(params.admin_dbname, "%s.kadm5", params.dbname); 5497c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ADBNAME; 5507c478bd9Sstevel@tonic-gate } 5517c478bd9Sstevel@tonic-gate } 5527c478bd9Sstevel@tonic-gate 5537c478bd9Sstevel@tonic-gate if (params.mask & KADM5_CONFIG_ADBNAME) { 55456a424ccSmp153739 params.admin_lockfile = (char *) malloc(strlen(params.admin_dbname) 55556a424ccSmp153739 + 6); 5567c478bd9Sstevel@tonic-gate if (params.admin_lockfile) { 55756a424ccSmp153739 sprintf(params.admin_lockfile, "%s.lock", params.admin_dbname); 5587c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ADB_LOCKFILE; 5597c478bd9Sstevel@tonic-gate } 5607c478bd9Sstevel@tonic-gate } 5617c478bd9Sstevel@tonic-gate 5627c478bd9Sstevel@tonic-gate /* Get the value for the admin (policy) database lock file*/ 5637c478bd9Sstevel@tonic-gate hierarchy[2] = "admin_keytab"; 5647c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_ADMIN_KEYTAB) { 5657c478bd9Sstevel@tonic-gate params.admin_keytab = strdup(params_in->admin_keytab); 5667c478bd9Sstevel@tonic-gate if (params.admin_keytab) 5677c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ADMIN_KEYTAB; 5687c478bd9Sstevel@tonic-gate } else if (aprofile && 5697c478bd9Sstevel@tonic-gate !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { 5707c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ADMIN_KEYTAB; 5717c478bd9Sstevel@tonic-gate params.admin_keytab = svalue; 57256a424ccSmp153739 } else if ((params.admin_keytab = (char *) getenv("KRB5_KTNAME"))) { 5737c478bd9Sstevel@tonic-gate params.admin_keytab = strdup(params.admin_keytab); 5747c478bd9Sstevel@tonic-gate if (params.admin_keytab) 5757c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ADMIN_KEYTAB; 5767c478bd9Sstevel@tonic-gate } else { 5777c478bd9Sstevel@tonic-gate params.admin_keytab = strdup(DEFAULT_KADM5_KEYTAB); 5787c478bd9Sstevel@tonic-gate if (params.admin_keytab) 5797c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ADMIN_KEYTAB; 5807c478bd9Sstevel@tonic-gate } 5817c478bd9Sstevel@tonic-gate 5827c478bd9Sstevel@tonic-gate /* Get the name of the acl file */ 5837c478bd9Sstevel@tonic-gate hierarchy[2] = "acl_file"; 5847c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_ACL_FILE) { 5857c478bd9Sstevel@tonic-gate params.acl_file = strdup(params_in->acl_file); 5867c478bd9Sstevel@tonic-gate if (params.acl_file) 5877c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ACL_FILE; 5887c478bd9Sstevel@tonic-gate } else if (aprofile && 5897c478bd9Sstevel@tonic-gate !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { 5907c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ACL_FILE; 5917c478bd9Sstevel@tonic-gate params.acl_file = svalue; 5927c478bd9Sstevel@tonic-gate } else { 5937c478bd9Sstevel@tonic-gate params.acl_file = strdup(DEFAULT_KADM5_ACL_FILE); 5947c478bd9Sstevel@tonic-gate if (params.acl_file) 5957c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ACL_FILE; 5967c478bd9Sstevel@tonic-gate } 5977c478bd9Sstevel@tonic-gate 5987c478bd9Sstevel@tonic-gate /* Get the name of the dict file */ 5997c478bd9Sstevel@tonic-gate hierarchy[2] = "dict_file"; 6007c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_DICT_FILE) { 6017c478bd9Sstevel@tonic-gate params.dict_file = strdup(params_in->dict_file); 6027c478bd9Sstevel@tonic-gate if (params.dict_file) 6037c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_DICT_FILE; 6047c478bd9Sstevel@tonic-gate } else if (aprofile && 6057c478bd9Sstevel@tonic-gate !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { 6067c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_DICT_FILE; 6077c478bd9Sstevel@tonic-gate params.dict_file = svalue; 6087c478bd9Sstevel@tonic-gate } 6097c478bd9Sstevel@tonic-gate 6107c478bd9Sstevel@tonic-gate /* Get the value for the kadmind port */ 6117c478bd9Sstevel@tonic-gate if (! (params.mask & KADM5_CONFIG_KADMIND_PORT)) { 6127c478bd9Sstevel@tonic-gate hierarchy[2] = "kadmind_port"; 6137c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_KADMIND_PORT) { 6147c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KADMIND_PORT; 6157c478bd9Sstevel@tonic-gate params.kadmind_port = params_in->kadmind_port; 6167c478bd9Sstevel@tonic-gate } else if (aprofile && 6177c478bd9Sstevel@tonic-gate !krb5_aprof_get_int32(aprofile, hierarchy, TRUE, 6187c478bd9Sstevel@tonic-gate &ivalue)) { 6197c478bd9Sstevel@tonic-gate params.kadmind_port = ivalue; 6207c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KADMIND_PORT; 6217c478bd9Sstevel@tonic-gate } else { 6227c478bd9Sstevel@tonic-gate params.kadmind_port = DEFAULT_KADM5_PORT; 6237c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KADMIND_PORT; 6247c478bd9Sstevel@tonic-gate } 6257c478bd9Sstevel@tonic-gate } 6267c478bd9Sstevel@tonic-gate 62756a424ccSmp153739 /* Get the value for the kpasswd port */ 62856a424ccSmp153739 if (! (params.mask & KADM5_CONFIG_KPASSWD_PORT)) { 62956a424ccSmp153739 hierarchy[2] = "kpasswd_port"; 63056a424ccSmp153739 if (params_in->mask & KADM5_CONFIG_KPASSWD_PORT) { 63156a424ccSmp153739 params.mask |= KADM5_CONFIG_KPASSWD_PORT; 63256a424ccSmp153739 params.kpasswd_port = params_in->kpasswd_port; 63356a424ccSmp153739 } else if (aprofile && 63456a424ccSmp153739 !krb5_aprof_get_int32(aprofile, hierarchy, TRUE, 63556a424ccSmp153739 &ivalue)) { 63656a424ccSmp153739 params.kpasswd_port = ivalue; 63756a424ccSmp153739 params.mask |= KADM5_CONFIG_KPASSWD_PORT; 63856a424ccSmp153739 } else { 63956a424ccSmp153739 params.kpasswd_port = DEFAULT_KPASSWD_PORT; 64056a424ccSmp153739 params.mask |= KADM5_CONFIG_KPASSWD_PORT; 64156a424ccSmp153739 } 64256a424ccSmp153739 } 64356a424ccSmp153739 6447c478bd9Sstevel@tonic-gate /* Get the value for the master key name */ 6457c478bd9Sstevel@tonic-gate hierarchy[2] = "master_key_name"; 6467c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_MKEY_NAME) { 6477c478bd9Sstevel@tonic-gate params.mkey_name = strdup(params_in->mkey_name); 6487c478bd9Sstevel@tonic-gate if (params.mkey_name) 6497c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_MKEY_NAME; 6507c478bd9Sstevel@tonic-gate } else if (aprofile && 6517c478bd9Sstevel@tonic-gate !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { 6527c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_MKEY_NAME; 6537c478bd9Sstevel@tonic-gate params.mkey_name = svalue; 6547c478bd9Sstevel@tonic-gate } 6557c478bd9Sstevel@tonic-gate 6567c478bd9Sstevel@tonic-gate /* Get the value for the master key type */ 6577c478bd9Sstevel@tonic-gate hierarchy[2] = "master_key_type"; 6587c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_ENCTYPE) { 6597c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ENCTYPE; 6607c478bd9Sstevel@tonic-gate params.enctype = params_in->enctype; 6617c478bd9Sstevel@tonic-gate } else if (aprofile && 6627c478bd9Sstevel@tonic-gate !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { 6637c478bd9Sstevel@tonic-gate if (!krb5_string_to_enctype(svalue, ¶ms.enctype)) { 6647c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ENCTYPE; 6657c478bd9Sstevel@tonic-gate krb5_xfree(svalue); 6667c478bd9Sstevel@tonic-gate } 6677c478bd9Sstevel@tonic-gate } else { 6687c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ENCTYPE; 6697c478bd9Sstevel@tonic-gate params.enctype = DEFAULT_KDC_ENCTYPE; 6707c478bd9Sstevel@tonic-gate } 6717c478bd9Sstevel@tonic-gate 6727c478bd9Sstevel@tonic-gate /* Get the value for mkey_from_kbd */ 6737c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_MKEY_FROM_KBD) { 6747c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_MKEY_FROM_KBD; 6757c478bd9Sstevel@tonic-gate params.mkey_from_kbd = params_in->mkey_from_kbd; 6767c478bd9Sstevel@tonic-gate } 6777c478bd9Sstevel@tonic-gate 6787c478bd9Sstevel@tonic-gate /* Get the value for the stashfile */ 6797c478bd9Sstevel@tonic-gate hierarchy[2] = "key_stash_file"; 6807c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_STASH_FILE) { 6817c478bd9Sstevel@tonic-gate params.stash_file = strdup(params_in->stash_file); 6827c478bd9Sstevel@tonic-gate if (params.stash_file) 6837c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_STASH_FILE; 6847c478bd9Sstevel@tonic-gate } else if (aprofile && 6857c478bd9Sstevel@tonic-gate !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { 6867c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_STASH_FILE; 6877c478bd9Sstevel@tonic-gate params.stash_file = svalue; 6887c478bd9Sstevel@tonic-gate } 6897c478bd9Sstevel@tonic-gate 6907c478bd9Sstevel@tonic-gate /* 691*159d09a2SMark Phalan * Solaris Kerberos 6927c478bd9Sstevel@tonic-gate * Get the value for maximum ticket lifetime. 6937c478bd9Sstevel@tonic-gate * See SEAM documentation or the Bug ID 4184504 6947c478bd9Sstevel@tonic-gate * We have changed the logic so that the entries are 6957c478bd9Sstevel@tonic-gate * created in the database with the maximum duration 6967c478bd9Sstevel@tonic-gate * for life and renew life KRB5_INT32_MAX 6977c478bd9Sstevel@tonic-gate * However this wil get negotiated down when 6987c478bd9Sstevel@tonic-gate * as or tgs request is processed by KDC. 6997c478bd9Sstevel@tonic-gate */ 7007c478bd9Sstevel@tonic-gate hierarchy[2] = "max_life"; 7017c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_MAX_LIFE) { 7027c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_MAX_LIFE; 7037c478bd9Sstevel@tonic-gate params.max_life = params_in->max_life; 7047c478bd9Sstevel@tonic-gate } else { 7057c478bd9Sstevel@tonic-gate params.max_life = KRB5_INT32_MAX; 70656a424ccSmp153739 params.mask |= KADM5_CONFIG_MAX_LIFE; 7077c478bd9Sstevel@tonic-gate } 7087c478bd9Sstevel@tonic-gate 7097c478bd9Sstevel@tonic-gate /* Get the value for maximum renewable ticket lifetime. */ 7107c478bd9Sstevel@tonic-gate hierarchy[2] = "max_renewable_life"; 7117c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_MAX_RLIFE) { 7127c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_MAX_RLIFE; 7137c478bd9Sstevel@tonic-gate params.max_rlife = params_in->max_rlife; 7147c478bd9Sstevel@tonic-gate } else { 7157c478bd9Sstevel@tonic-gate params.max_rlife = KRB5_INT32_MAX; 71656a424ccSmp153739 params.mask |= KADM5_CONFIG_MAX_RLIFE; 7177c478bd9Sstevel@tonic-gate } 7187c478bd9Sstevel@tonic-gate 7197c478bd9Sstevel@tonic-gate /* Get the value for the default principal expiration */ 7207c478bd9Sstevel@tonic-gate hierarchy[2] = "default_principal_expiration"; 7217c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_EXPIRATION) { 7227c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_EXPIRATION; 7237c478bd9Sstevel@tonic-gate params.expiration = params_in->expiration; 7247c478bd9Sstevel@tonic-gate } else if (aprofile && 7257c478bd9Sstevel@tonic-gate !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { 7267c478bd9Sstevel@tonic-gate if (!krb5_string_to_timestamp(svalue, ¶ms.expiration)) { 7277c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_EXPIRATION; 7287c478bd9Sstevel@tonic-gate krb5_xfree(svalue); 7297c478bd9Sstevel@tonic-gate } 7307c478bd9Sstevel@tonic-gate } else { 7317c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_EXPIRATION; 7327c478bd9Sstevel@tonic-gate params.expiration = 0; 7337c478bd9Sstevel@tonic-gate } 7347c478bd9Sstevel@tonic-gate 7357c478bd9Sstevel@tonic-gate /* Get the value for the default principal flags */ 7367c478bd9Sstevel@tonic-gate hierarchy[2] = "default_principal_flags"; 7377c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_FLAGS) { 7387c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_FLAGS; 7397c478bd9Sstevel@tonic-gate params.flags = params_in->flags; 7407c478bd9Sstevel@tonic-gate } else if (aprofile && 7417c478bd9Sstevel@tonic-gate !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { 7427c478bd9Sstevel@tonic-gate char *sp, *ep, *tp; 7437c478bd9Sstevel@tonic-gate 7447c478bd9Sstevel@tonic-gate sp = svalue; 7457c478bd9Sstevel@tonic-gate params.flags = 0; 7467c478bd9Sstevel@tonic-gate while (sp) { 7477c478bd9Sstevel@tonic-gate if ((ep = strchr(sp, (int) ',')) || 7487c478bd9Sstevel@tonic-gate (ep = strchr(sp, (int) ' ')) || 7497c478bd9Sstevel@tonic-gate (ep = strchr(sp, (int) '\t'))) { 7507c478bd9Sstevel@tonic-gate /* Fill in trailing whitespace of sp */ 7517c478bd9Sstevel@tonic-gate tp = ep - 1; 75256a424ccSmp153739 while (isspace((int) *tp) && (tp > sp)) { 7537c478bd9Sstevel@tonic-gate *tp = '\0'; 7547c478bd9Sstevel@tonic-gate tp--; 7557c478bd9Sstevel@tonic-gate } 7567c478bd9Sstevel@tonic-gate *ep = '\0'; 7577c478bd9Sstevel@tonic-gate ep++; 7587c478bd9Sstevel@tonic-gate /* Skip over trailing whitespace of ep */ 75956a424ccSmp153739 while (isspace((int) *ep) && (*ep)) ep++; 7607c478bd9Sstevel@tonic-gate } 7617c478bd9Sstevel@tonic-gate /* Convert this flag */ 7627c478bd9Sstevel@tonic-gate if (krb5_string_to_flags(sp, 7637c478bd9Sstevel@tonic-gate "+", 7647c478bd9Sstevel@tonic-gate "-", 7657c478bd9Sstevel@tonic-gate ¶ms.flags)) 7667c478bd9Sstevel@tonic-gate break; 7677c478bd9Sstevel@tonic-gate sp = ep; 7687c478bd9Sstevel@tonic-gate } 7697c478bd9Sstevel@tonic-gate if (!sp) 7707c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_FLAGS; 7717c478bd9Sstevel@tonic-gate krb5_xfree(svalue); 7727c478bd9Sstevel@tonic-gate } else { 7737c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_FLAGS; 7747c478bd9Sstevel@tonic-gate params.flags = KRB5_KDB_DEF_FLAGS; 7757c478bd9Sstevel@tonic-gate } 7767c478bd9Sstevel@tonic-gate 7777c478bd9Sstevel@tonic-gate /* Get the value for the supported enctype/salttype matrix */ 7787c478bd9Sstevel@tonic-gate hierarchy[2] = "supported_enctypes"; 7797c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_ENCTYPES) { 7807c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ENCTYPES; 7817c478bd9Sstevel@tonic-gate if (params_in->num_keysalts > 0) { 7827c478bd9Sstevel@tonic-gate params.keysalts = malloc(params_in->num_keysalts * 7837c478bd9Sstevel@tonic-gate sizeof (*params.keysalts)); 7847c478bd9Sstevel@tonic-gate if (params.keysalts == NULL) { 7857c478bd9Sstevel@tonic-gate kret = ENOMEM; 7867c478bd9Sstevel@tonic-gate goto cleanup; 7877c478bd9Sstevel@tonic-gate } 7887c478bd9Sstevel@tonic-gate (void) memcpy(params.keysalts, params_in->keysalts, 7897c478bd9Sstevel@tonic-gate (params_in->num_keysalts * 7907c478bd9Sstevel@tonic-gate sizeof (*params.keysalts))); 7917c478bd9Sstevel@tonic-gate params.num_keysalts = params_in->num_keysalts; 7927c478bd9Sstevel@tonic-gate } 7937c478bd9Sstevel@tonic-gate } else { 7947c478bd9Sstevel@tonic-gate svalue = NULL; 7957c478bd9Sstevel@tonic-gate if (aprofile) 79656a424ccSmp153739 krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue); 7977c478bd9Sstevel@tonic-gate if (svalue == NULL) 7987c478bd9Sstevel@tonic-gate svalue = strdup(DEFAULT_ENCTYPE_LIST); 7997c478bd9Sstevel@tonic-gate 8007c478bd9Sstevel@tonic-gate params.keysalts = NULL; 8017c478bd9Sstevel@tonic-gate params.num_keysalts = 0; 8027c478bd9Sstevel@tonic-gate krb5_string_to_keysalts(svalue, 8037c478bd9Sstevel@tonic-gate ", \t",/* Tuple separators */ 8047c478bd9Sstevel@tonic-gate ":.-", /* Key/salt separators */ 8057c478bd9Sstevel@tonic-gate 0, /* No duplicates */ 8067c478bd9Sstevel@tonic-gate ¶ms.keysalts, 8077c478bd9Sstevel@tonic-gate ¶ms.num_keysalts); 8087c478bd9Sstevel@tonic-gate if (params.num_keysalts) 8097c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ENCTYPES; 8107c478bd9Sstevel@tonic-gate 8117c478bd9Sstevel@tonic-gate if (svalue) 8127c478bd9Sstevel@tonic-gate krb5_xfree(svalue); 8137c478bd9Sstevel@tonic-gate } 8147c478bd9Sstevel@tonic-gate 8157c478bd9Sstevel@tonic-gate hierarchy[2] = "kpasswd_server"; 8167c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_KPASSWD_SERVER) { 8177c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KPASSWD_SERVER; 8187c478bd9Sstevel@tonic-gate params.kpasswd_server = strdup(params_in->kpasswd_server); 8197c478bd9Sstevel@tonic-gate } else { 8207c478bd9Sstevel@tonic-gate svalue = NULL; 8217c478bd9Sstevel@tonic-gate 8227c478bd9Sstevel@tonic-gate if (aprofile) 8237c478bd9Sstevel@tonic-gate krb5_aprof_get_string(aprofile, hierarchy, 8247c478bd9Sstevel@tonic-gate TRUE, &svalue); 8257c478bd9Sstevel@tonic-gate if (svalue == NULL) { 8267c478bd9Sstevel@tonic-gate #ifdef KRB5_DNS_LOOKUP 8277c478bd9Sstevel@tonic-gate if (strcmp(envname, "KRB5_CONFIG") == 0) { 8287c478bd9Sstevel@tonic-gate /* 8297c478bd9Sstevel@tonic-gate * Solaris Kerberos: only do DNS lookup for 8307c478bd9Sstevel@tonic-gate * kpasswd_server if this is a krb5.conf type of 8317c478bd9Sstevel@tonic-gate * config file. Note, the filename may not be 8327c478bd9Sstevel@tonic-gate * /etc/krb5/krb5.conf so we assume that the 8337c478bd9Sstevel@tonic-gate * KRB5_CONFIG envname string will consistently 8347c478bd9Sstevel@tonic-gate * indicate the type of config file. 8357c478bd9Sstevel@tonic-gate */ 8367c478bd9Sstevel@tonic-gate dnsret = krb5_get_servername(context, 8377c478bd9Sstevel@tonic-gate &dns_realm, "_kpasswd", "_udp", 8387c478bd9Sstevel@tonic-gate dns_host, &dns_portno); 8397c478bd9Sstevel@tonic-gate 8407c478bd9Sstevel@tonic-gate if (dnsret == 0) { 8417c478bd9Sstevel@tonic-gate params.kpasswd_server = 8427c478bd9Sstevel@tonic-gate strdup(dns_host); 8437c478bd9Sstevel@tonic-gate if (params.kpasswd_server) { 8447c478bd9Sstevel@tonic-gate params.mask |= 8457c478bd9Sstevel@tonic-gate KADM5_CONFIG_KPASSWD_SERVER; 8467c478bd9Sstevel@tonic-gate } 8477c478bd9Sstevel@tonic-gate params.kpasswd_port = dns_portno; 8487c478bd9Sstevel@tonic-gate params.mask |= 8497c478bd9Sstevel@tonic-gate KADM5_CONFIG_KPASSWD_PORT; 8507c478bd9Sstevel@tonic-gate } 8517c478bd9Sstevel@tonic-gate } 8527c478bd9Sstevel@tonic-gate #endif /* KRB5_DNS_LOOKUP */ 8537c478bd9Sstevel@tonic-gate 8547c478bd9Sstevel@tonic-gate /* 8557c478bd9Sstevel@tonic-gate * If a unique 'kpasswd_server' is not specified, 8567c478bd9Sstevel@tonic-gate * use the normal 'admin_server'. 8577c478bd9Sstevel@tonic-gate */ 8587c478bd9Sstevel@tonic-gate if ((params.mask & KADM5_CONFIG_ADMIN_SERVER) && 8597c478bd9Sstevel@tonic-gate dnsret) { 8607c478bd9Sstevel@tonic-gate params.kpasswd_server = 8617c478bd9Sstevel@tonic-gate strdup(params.admin_server); 8627c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KPASSWD_SERVER; 8637c478bd9Sstevel@tonic-gate } 8647c478bd9Sstevel@tonic-gate } else { 8657c478bd9Sstevel@tonic-gate char *p; 8667c478bd9Sstevel@tonic-gate params.kpasswd_server = svalue; 8677c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KPASSWD_SERVER; 8687c478bd9Sstevel@tonic-gate 8697c478bd9Sstevel@tonic-gate if ((p = strchr(params.kpasswd_server, ':'))) { 8707c478bd9Sstevel@tonic-gate params.kpasswd_port = atoi(p+1); 8717c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KPASSWD_PORT; 8727c478bd9Sstevel@tonic-gate *p = '\0'; 8737c478bd9Sstevel@tonic-gate } 8747c478bd9Sstevel@tonic-gate } 8757c478bd9Sstevel@tonic-gate } 8767c478bd9Sstevel@tonic-gate 8777c478bd9Sstevel@tonic-gate hierarchy[2] = "kpasswd_protocol"; 8787c478bd9Sstevel@tonic-gate 8797c478bd9Sstevel@tonic-gate /* default to current RPCSEC_GSS protocol */ 8807c478bd9Sstevel@tonic-gate params.kpasswd_protocol = KRB5_CHGPWD_RPCSEC; 8817c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KPASSWD_PROTOCOL; 8827c478bd9Sstevel@tonic-gate 8837c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_KPASSWD_PROTOCOL) { 8847c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KPASSWD_PROTOCOL; 8857c478bd9Sstevel@tonic-gate params.kpasswd_protocol = params_in->kpasswd_protocol; 8867c478bd9Sstevel@tonic-gate } else { 8877c478bd9Sstevel@tonic-gate svalue = NULL; 8887c478bd9Sstevel@tonic-gate 8897c478bd9Sstevel@tonic-gate if (aprofile) 8907c478bd9Sstevel@tonic-gate krb5_aprof_get_string(aprofile, hierarchy, 8917c478bd9Sstevel@tonic-gate TRUE, &svalue); 8927c478bd9Sstevel@tonic-gate if (svalue != NULL) { 8937c478bd9Sstevel@tonic-gate if (strcasecmp(svalue, "RPCSEC_GSS") == 0) { 8947c478bd9Sstevel@tonic-gate params.kpasswd_protocol = KRB5_CHGPWD_RPCSEC; 8957c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KPASSWD_PROTOCOL; 8967c478bd9Sstevel@tonic-gate } else if (strcasecmp(svalue, "SET_CHANGE") == 0) { 8977c478bd9Sstevel@tonic-gate params.kpasswd_protocol = 8987c478bd9Sstevel@tonic-gate KRB5_CHGPWD_CHANGEPW_V2; 8997c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KPASSWD_PROTOCOL; 9007c478bd9Sstevel@tonic-gate } 9017c478bd9Sstevel@tonic-gate } 9027c478bd9Sstevel@tonic-gate if (svalue) 9037c478bd9Sstevel@tonic-gate krb5_xfree(svalue); 9047c478bd9Sstevel@tonic-gate } 9057c478bd9Sstevel@tonic-gate 9067c478bd9Sstevel@tonic-gate /* 9077c478bd9Sstevel@tonic-gate * If the kpasswd_port is not yet defined, define it now. 9087c478bd9Sstevel@tonic-gate */ 9097c478bd9Sstevel@tonic-gate if (! (params.mask & KADM5_CONFIG_KPASSWD_PORT)) { 9107c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_KPASSWD_PORT) 9117c478bd9Sstevel@tonic-gate params.kpasswd_port = params_in->kpasswd_port; 9127c478bd9Sstevel@tonic-gate /* 9137c478bd9Sstevel@tonic-gate * If kpasswd_port is not explicitly defined, 9147c478bd9Sstevel@tonic-gate * determine the port to use based on the protocol. 9157c478bd9Sstevel@tonic-gate * The alternative protocol uses a different port 9167c478bd9Sstevel@tonic-gate * than the standard admind port. 9177c478bd9Sstevel@tonic-gate */ 9187c478bd9Sstevel@tonic-gate else if (params.kpasswd_protocol == KRB5_CHGPWD_RPCSEC) { 9197c478bd9Sstevel@tonic-gate params.kpasswd_port = DEFAULT_KADM5_PORT; 9207c478bd9Sstevel@tonic-gate } else { 9217c478bd9Sstevel@tonic-gate /* 9227c478bd9Sstevel@tonic-gate * When using the Horowitz/IETF protocol for 9237c478bd9Sstevel@tonic-gate * password changing, the default port is 464 9247c478bd9Sstevel@tonic-gate * (officially recognized by IANA). 9257c478bd9Sstevel@tonic-gate */ 9267c478bd9Sstevel@tonic-gate params.kpasswd_port = DEFAULT_KPASSWD_PORT; 9277c478bd9Sstevel@tonic-gate } 9287c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_KPASSWD_PORT; 9297c478bd9Sstevel@tonic-gate } 9307c478bd9Sstevel@tonic-gate 9317c478bd9Sstevel@tonic-gate hierarchy[2] = "sunw_dbprop_enable"; 9327c478bd9Sstevel@tonic-gate 9337c478bd9Sstevel@tonic-gate params.iprop_enabled = FALSE; 9347c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_IPROP_ENABLED; 9357c478bd9Sstevel@tonic-gate 9367c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_IPROP_ENABLED) { 9377c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_IPROP_ENABLED; 9387c478bd9Sstevel@tonic-gate params.iprop_enabled = params_in->iprop_enabled; 9397c478bd9Sstevel@tonic-gate } else { 9407c478bd9Sstevel@tonic-gate if (aprofile && !krb5_aprof_get_string(aprofile, hierarchy, 9417c478bd9Sstevel@tonic-gate TRUE, &svalue)) { 9427c478bd9Sstevel@tonic-gate if (strncasecmp(svalue, "Y", 1) == 0) 9437c478bd9Sstevel@tonic-gate params.iprop_enabled = TRUE; 9447c478bd9Sstevel@tonic-gate if (strncasecmp(svalue, "true", 4) == 0) 9457c478bd9Sstevel@tonic-gate params.iprop_enabled = TRUE; 9467c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_IPROP_ENABLED; 9477c478bd9Sstevel@tonic-gate krb5_xfree(svalue); 9487c478bd9Sstevel@tonic-gate } 9497c478bd9Sstevel@tonic-gate } 9507c478bd9Sstevel@tonic-gate 9517c478bd9Sstevel@tonic-gate hierarchy[2] = "sunw_dbprop_master_ulogsize"; 9527c478bd9Sstevel@tonic-gate 9537c478bd9Sstevel@tonic-gate params.iprop_ulogsize = DEF_ULOGENTRIES; 9547c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ULOG_SIZE; 9557c478bd9Sstevel@tonic-gate 9567c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_ULOG_SIZE) { 9577c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ULOG_SIZE; 9587c478bd9Sstevel@tonic-gate params.iprop_ulogsize = params_in->iprop_ulogsize; 9597c478bd9Sstevel@tonic-gate } else { 9607c478bd9Sstevel@tonic-gate if (aprofile && !krb5_aprof_get_int32(aprofile, hierarchy, 9617c478bd9Sstevel@tonic-gate TRUE, &ivalue)) { 9627c478bd9Sstevel@tonic-gate if (ivalue > MAX_ULOGENTRIES) 9637c478bd9Sstevel@tonic-gate params.iprop_ulogsize = MAX_ULOGENTRIES; 9647c478bd9Sstevel@tonic-gate else if (ivalue <= 0) 9657c478bd9Sstevel@tonic-gate params.iprop_ulogsize = DEF_ULOGENTRIES; 9667c478bd9Sstevel@tonic-gate else 9677c478bd9Sstevel@tonic-gate params.iprop_ulogsize = ivalue; 9687c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_ULOG_SIZE; 9697c478bd9Sstevel@tonic-gate } 9707c478bd9Sstevel@tonic-gate } 9717c478bd9Sstevel@tonic-gate 9727c478bd9Sstevel@tonic-gate hierarchy[2] = "sunw_dbprop_slave_poll"; 9737c478bd9Sstevel@tonic-gate 9747c64d375Smp153739 params.iprop_polltime = strdup("2m"); 9757c64d375Smp153739 if (params.iprop_polltime) 9767c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_POLL_TIME; 9777c478bd9Sstevel@tonic-gate 9787c478bd9Sstevel@tonic-gate if (params_in->mask & KADM5_CONFIG_POLL_TIME) { 9797c64d375Smp153739 if (params.iprop_polltime) 9807c64d375Smp153739 free(params.iprop_polltime); 9817c478bd9Sstevel@tonic-gate params.iprop_polltime = strdup(params_in->iprop_polltime); 9827c478bd9Sstevel@tonic-gate if (params.iprop_polltime) 9837c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_POLL_TIME; 9847c478bd9Sstevel@tonic-gate } else { 9857c478bd9Sstevel@tonic-gate if (aprofile && !krb5_aprof_get_string(aprofile, hierarchy, 9867c478bd9Sstevel@tonic-gate TRUE, &svalue)) { 9877c64d375Smp153739 if (params.iprop_polltime) 9887c64d375Smp153739 free(params.iprop_polltime); 9897c478bd9Sstevel@tonic-gate params.iprop_polltime = strdup(svalue); 9907c478bd9Sstevel@tonic-gate params.mask |= KADM5_CONFIG_POLL_TIME; 9917c478bd9Sstevel@tonic-gate krb5_xfree(svalue); 9927c478bd9Sstevel@tonic-gate } 9937c478bd9Sstevel@tonic-gate } 9947c478bd9Sstevel@tonic-gate 9957c478bd9Sstevel@tonic-gate *params_out = params; 9967c478bd9Sstevel@tonic-gate 9977c478bd9Sstevel@tonic-gate cleanup: 9987c478bd9Sstevel@tonic-gate if (aprofile) 9997c478bd9Sstevel@tonic-gate krb5_aprof_finish(aprofile); 10007c478bd9Sstevel@tonic-gate if (kret) { 100156a424ccSmp153739 kadm5_free_config_params(context, ¶ms); 10027c478bd9Sstevel@tonic-gate params_out->mask = 0; 10037c478bd9Sstevel@tonic-gate } 10047c478bd9Sstevel@tonic-gate #ifdef KRB5_DNS_LOOKUP 10057c478bd9Sstevel@tonic-gate if (dns_realm.data) 10067c478bd9Sstevel@tonic-gate free(dns_realm.data); 10077c478bd9Sstevel@tonic-gate #endif /* KRB5_DNS_LOOKUP */ 10087c478bd9Sstevel@tonic-gate 10097c478bd9Sstevel@tonic-gate return(kret); 10107c478bd9Sstevel@tonic-gate } 10117c478bd9Sstevel@tonic-gate /* 10127c478bd9Sstevel@tonic-gate * kadm5_free_config_params() - Free data allocated by above. 10137c478bd9Sstevel@tonic-gate */ 10147c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 10157c478bd9Sstevel@tonic-gate krb5_error_code 10167c478bd9Sstevel@tonic-gate kadm5_free_config_params(context, params) 10177c478bd9Sstevel@tonic-gate krb5_context context; 10187c478bd9Sstevel@tonic-gate kadm5_config_params *params; 10197c478bd9Sstevel@tonic-gate { 10207c478bd9Sstevel@tonic-gate if (params) { 10217c478bd9Sstevel@tonic-gate if (params->dbname) { 10227c478bd9Sstevel@tonic-gate krb5_xfree(params->dbname); 10237c478bd9Sstevel@tonic-gate params->dbname = NULL; 10247c478bd9Sstevel@tonic-gate } 10257c478bd9Sstevel@tonic-gate if (params->mkey_name) { 10267c478bd9Sstevel@tonic-gate krb5_xfree(params->mkey_name); 10277c478bd9Sstevel@tonic-gate params->mkey_name = NULL; 10287c478bd9Sstevel@tonic-gate } 10297c478bd9Sstevel@tonic-gate if (params->stash_file) { 10307c478bd9Sstevel@tonic-gate krb5_xfree(params->stash_file); 10317c478bd9Sstevel@tonic-gate params->stash_file = NULL; 10327c478bd9Sstevel@tonic-gate } 10337c478bd9Sstevel@tonic-gate if (params->keysalts) { 10347c478bd9Sstevel@tonic-gate krb5_xfree(params->keysalts); 10357c478bd9Sstevel@tonic-gate params->keysalts = NULL; 10367c478bd9Sstevel@tonic-gate params->num_keysalts = 0; 10377c478bd9Sstevel@tonic-gate } 10387c478bd9Sstevel@tonic-gate if (params->admin_keytab) { 10397c478bd9Sstevel@tonic-gate free(params->admin_keytab); 10407c478bd9Sstevel@tonic-gate params->admin_keytab = NULL; 10417c478bd9Sstevel@tonic-gate } 10427c478bd9Sstevel@tonic-gate if (params->dict_file) { 10437c478bd9Sstevel@tonic-gate free(params->dict_file); 10447c478bd9Sstevel@tonic-gate params->dict_file = NULL; 10457c478bd9Sstevel@tonic-gate } 10467c478bd9Sstevel@tonic-gate if (params->acl_file) { 10477c478bd9Sstevel@tonic-gate free(params->acl_file); 10487c478bd9Sstevel@tonic-gate params->acl_file = NULL; 10497c478bd9Sstevel@tonic-gate } 10507c478bd9Sstevel@tonic-gate if (params->realm) { 10517c478bd9Sstevel@tonic-gate free(params->realm); 10527c478bd9Sstevel@tonic-gate params->realm = NULL; 10537c478bd9Sstevel@tonic-gate } 10547c478bd9Sstevel@tonic-gate if (params->admin_dbname) { 10557c478bd9Sstevel@tonic-gate free(params->admin_dbname); 10567c478bd9Sstevel@tonic-gate params->admin_dbname = NULL; 10577c478bd9Sstevel@tonic-gate } 10587c478bd9Sstevel@tonic-gate if (params->admin_lockfile) { 10597c478bd9Sstevel@tonic-gate free(params->admin_lockfile); 10607c478bd9Sstevel@tonic-gate params->admin_lockfile = NULL; 10617c478bd9Sstevel@tonic-gate } 10627c478bd9Sstevel@tonic-gate if (params->admin_server) { 10637c478bd9Sstevel@tonic-gate free(params->admin_server); 10647c478bd9Sstevel@tonic-gate params->admin_server = NULL; 10657c478bd9Sstevel@tonic-gate } 10667c478bd9Sstevel@tonic-gate if (params->kpasswd_server) { 10677c478bd9Sstevel@tonic-gate free(params->kpasswd_server); 10687c478bd9Sstevel@tonic-gate params->kpasswd_server = NULL; 10697c478bd9Sstevel@tonic-gate } 10707c64d375Smp153739 if (params->iprop_polltime) { 10717c64d375Smp153739 free(params->iprop_polltime); 10727c64d375Smp153739 params->iprop_polltime = NULL; 10737c64d375Smp153739 } 10747c478bd9Sstevel@tonic-gate } 10757c478bd9Sstevel@tonic-gate return (0); 10767c478bd9Sstevel@tonic-gate } 10777c478bd9Sstevel@tonic-gate 107856a424ccSmp153739 krb5_error_code 107956a424ccSmp153739 kadm5_get_admin_service_name(krb5_context ctx, 108056a424ccSmp153739 char *realm_in, 108156a424ccSmp153739 char *admin_name, 108256a424ccSmp153739 size_t maxlen) 108356a424ccSmp153739 { 108456a424ccSmp153739 krb5_error_code ret; 108556a424ccSmp153739 kadm5_config_params params_in, params_out; 108656a424ccSmp153739 struct hostent *hp; 108756a424ccSmp153739 108856a424ccSmp153739 memset(¶ms_in, 0, sizeof(params_in)); 108956a424ccSmp153739 memset(¶ms_out, 0, sizeof(params_out)); 109056a424ccSmp153739 109156a424ccSmp153739 params_in.mask |= KADM5_CONFIG_REALM; 109256a424ccSmp153739 params_in.realm = realm_in; 1093*159d09a2SMark Phalan ret = kadm5_get_config_params(ctx, 0, ¶ms_in, ¶ms_out); 109456a424ccSmp153739 if (ret) 109556a424ccSmp153739 return ret; 109656a424ccSmp153739 109756a424ccSmp153739 if (!(params_out.mask & KADM5_CONFIG_ADMIN_SERVER)) { 109856a424ccSmp153739 ret = KADM5_MISSING_KRB5_CONF_PARAMS; 109956a424ccSmp153739 goto err_params; 110056a424ccSmp153739 } 110156a424ccSmp153739 110256a424ccSmp153739 hp = gethostbyname(params_out.admin_server); 110356a424ccSmp153739 if (hp == NULL) { 110456a424ccSmp153739 ret = errno; 110556a424ccSmp153739 goto err_params; 110656a424ccSmp153739 } 110756a424ccSmp153739 if (strlen(hp->h_name) + sizeof("kadmin/") > maxlen) { 110856a424ccSmp153739 ret = ENOMEM; 110956a424ccSmp153739 goto err_params; 111056a424ccSmp153739 } 111156a424ccSmp153739 sprintf(admin_name, "kadmin/%s", hp->h_name); 111256a424ccSmp153739 111356a424ccSmp153739 err_params: 111456a424ccSmp153739 kadm5_free_config_params(ctx, ¶ms_out); 111556a424ccSmp153739 return ret; 111656a424ccSmp153739 } 111756a424ccSmp153739 111856a424ccSmp153739 /*********************************************************************** 11197c478bd9Sstevel@tonic-gate * This is the old krb5_realm_read_params, which I mutated into 11207c478bd9Sstevel@tonic-gate * kadm5_get_config_params but which old code (kdb5_* and krb5kdc) 11217c478bd9Sstevel@tonic-gate * still uses. 112256a424ccSmp153739 ***********************************************************************/ 11237c478bd9Sstevel@tonic-gate 11247c478bd9Sstevel@tonic-gate /* 11257c478bd9Sstevel@tonic-gate * krb5_read_realm_params() - Read per-realm parameters from KDC 11267c478bd9Sstevel@tonic-gate * alternate profile. 11277c478bd9Sstevel@tonic-gate */ 11287c478bd9Sstevel@tonic-gate krb5_error_code 1129*159d09a2SMark Phalan krb5_read_realm_params(kcontext, realm, rparamp) 11307c478bd9Sstevel@tonic-gate krb5_context kcontext; 11317c478bd9Sstevel@tonic-gate char *realm; 11327c478bd9Sstevel@tonic-gate krb5_realm_params **rparamp; 11337c478bd9Sstevel@tonic-gate { 11347c478bd9Sstevel@tonic-gate char *filename; 11357c478bd9Sstevel@tonic-gate char *envname; 11367c478bd9Sstevel@tonic-gate char *lrealm; 11377c478bd9Sstevel@tonic-gate krb5_pointer aprofile = 0; 11387c478bd9Sstevel@tonic-gate krb5_realm_params *rparams; 11397c478bd9Sstevel@tonic-gate const char *hierarchy[4]; 11407c478bd9Sstevel@tonic-gate char *svalue; 11417c478bd9Sstevel@tonic-gate krb5_int32 ivalue; 114256a424ccSmp153739 krb5_boolean bvalue; 11437c478bd9Sstevel@tonic-gate krb5_deltat dtvalue; 11447c478bd9Sstevel@tonic-gate 1145*159d09a2SMark Phalan char *kdcprofile = 0; 1146*159d09a2SMark Phalan char *kdcenv = 0; 1147*159d09a2SMark Phalan 11487c478bd9Sstevel@tonic-gate krb5_error_code kret; 11497c478bd9Sstevel@tonic-gate 11507c478bd9Sstevel@tonic-gate filename = (kdcprofile) ? kdcprofile : DEFAULT_KDC_PROFILE; 11517c478bd9Sstevel@tonic-gate envname = (kdcenv) ? kdcenv : KDC_PROFILE_ENV; 11527c478bd9Sstevel@tonic-gate 11537c478bd9Sstevel@tonic-gate if (kcontext->profile_secure == TRUE) envname = 0; 11547c478bd9Sstevel@tonic-gate 11557c478bd9Sstevel@tonic-gate rparams = (krb5_realm_params *) NULL; 11567c478bd9Sstevel@tonic-gate if (realm) 11577c478bd9Sstevel@tonic-gate lrealm = strdup(realm); 11587c478bd9Sstevel@tonic-gate else { 11597c478bd9Sstevel@tonic-gate kret = krb5_get_default_realm(kcontext, &lrealm); 11607c478bd9Sstevel@tonic-gate if (kret) 11617c478bd9Sstevel@tonic-gate goto cleanup; 11627c478bd9Sstevel@tonic-gate } 11637c478bd9Sstevel@tonic-gate 11647c478bd9Sstevel@tonic-gate kret = krb5_aprof_init(filename, envname, &aprofile); 11657c478bd9Sstevel@tonic-gate if (kret) 11667c478bd9Sstevel@tonic-gate goto cleanup; 11677c478bd9Sstevel@tonic-gate 11687c478bd9Sstevel@tonic-gate rparams = (krb5_realm_params *) malloc(sizeof(krb5_realm_params)); 11697c478bd9Sstevel@tonic-gate if (rparams == 0) { 11707c478bd9Sstevel@tonic-gate kret = ENOMEM; 11717c478bd9Sstevel@tonic-gate goto cleanup; 11727c478bd9Sstevel@tonic-gate } 11737c478bd9Sstevel@tonic-gate 11747c478bd9Sstevel@tonic-gate /* Initialize realm parameters */ 11757c478bd9Sstevel@tonic-gate memset((char *) rparams, 0, sizeof(krb5_realm_params)); 11767c478bd9Sstevel@tonic-gate 11777c478bd9Sstevel@tonic-gate /* Get the value for the database */ 11787c478bd9Sstevel@tonic-gate hierarchy[0] = "realms"; 11797c478bd9Sstevel@tonic-gate hierarchy[1] = lrealm; 11807c478bd9Sstevel@tonic-gate hierarchy[2] = "database_name"; 11817c478bd9Sstevel@tonic-gate hierarchy[3] = (char *) NULL; 11827c478bd9Sstevel@tonic-gate if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) 11837c478bd9Sstevel@tonic-gate rparams->realm_dbname = svalue; 11847c478bd9Sstevel@tonic-gate 11857c478bd9Sstevel@tonic-gate /* Get the value for the KDC port list */ 11867c478bd9Sstevel@tonic-gate hierarchy[2] = "kdc_ports"; 11877c478bd9Sstevel@tonic-gate if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) 11887c478bd9Sstevel@tonic-gate rparams->realm_kdc_ports = svalue; 11897c478bd9Sstevel@tonic-gate hierarchy[2] = "kdc_tcp_ports"; 11907c478bd9Sstevel@tonic-gate if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) 11917c478bd9Sstevel@tonic-gate rparams->realm_kdc_tcp_ports = svalue; 11927c478bd9Sstevel@tonic-gate 11937c478bd9Sstevel@tonic-gate /* Get the name of the acl file */ 11947c478bd9Sstevel@tonic-gate hierarchy[2] = "acl_file"; 11957c478bd9Sstevel@tonic-gate if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) 11967c478bd9Sstevel@tonic-gate rparams->realm_acl_file = svalue; 11977c478bd9Sstevel@tonic-gate 11987c478bd9Sstevel@tonic-gate /* Get the value for the kadmind port */ 11997c478bd9Sstevel@tonic-gate hierarchy[2] = "kadmind_port"; 12007c478bd9Sstevel@tonic-gate if (!krb5_aprof_get_int32(aprofile, hierarchy, TRUE, &ivalue)) { 12017c478bd9Sstevel@tonic-gate rparams->realm_kadmind_port = ivalue; 12027c478bd9Sstevel@tonic-gate rparams->realm_kadmind_port_valid = 1; 12037c478bd9Sstevel@tonic-gate } 12047c478bd9Sstevel@tonic-gate 12057c478bd9Sstevel@tonic-gate /* Get the value for the master key name */ 12067c478bd9Sstevel@tonic-gate hierarchy[2] = "master_key_name"; 12077c478bd9Sstevel@tonic-gate if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) 12087c478bd9Sstevel@tonic-gate rparams->realm_mkey_name = svalue; 12097c478bd9Sstevel@tonic-gate 12107c478bd9Sstevel@tonic-gate /* Get the value for the master key type */ 12117c478bd9Sstevel@tonic-gate hierarchy[2] = "master_key_type"; 12127c478bd9Sstevel@tonic-gate if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { 12137c478bd9Sstevel@tonic-gate if (!krb5_string_to_enctype(svalue, &rparams->realm_enctype)) 12147c478bd9Sstevel@tonic-gate rparams->realm_enctype_valid = 1; 12157c478bd9Sstevel@tonic-gate krb5_xfree(svalue); 12167c478bd9Sstevel@tonic-gate } 12177c478bd9Sstevel@tonic-gate 12187c478bd9Sstevel@tonic-gate /* Get the value for the stashfile */ 12197c478bd9Sstevel@tonic-gate hierarchy[2] = "key_stash_file"; 12207c478bd9Sstevel@tonic-gate if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) 12217c478bd9Sstevel@tonic-gate rparams->realm_stash_file = svalue; 12227c478bd9Sstevel@tonic-gate 12237c478bd9Sstevel@tonic-gate /* Get the value for maximum ticket lifetime. */ 12247c478bd9Sstevel@tonic-gate hierarchy[2] = "max_life"; 12257c478bd9Sstevel@tonic-gate if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) { 12267c478bd9Sstevel@tonic-gate rparams->realm_max_life = dtvalue; 12277c478bd9Sstevel@tonic-gate rparams->realm_max_life_valid = 1; 12287c478bd9Sstevel@tonic-gate } 12297c478bd9Sstevel@tonic-gate 12307c478bd9Sstevel@tonic-gate /* Get the value for maximum renewable ticket lifetime. */ 12317c478bd9Sstevel@tonic-gate hierarchy[2] = "max_renewable_life"; 12327c478bd9Sstevel@tonic-gate if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) { 12337c478bd9Sstevel@tonic-gate rparams->realm_max_rlife = dtvalue; 12347c478bd9Sstevel@tonic-gate rparams->realm_max_rlife_valid = 1; 12357c478bd9Sstevel@tonic-gate } 12367c478bd9Sstevel@tonic-gate 12377c478bd9Sstevel@tonic-gate /* Get the value for the default principal expiration */ 12387c478bd9Sstevel@tonic-gate hierarchy[2] = "default_principal_expiration"; 12397c478bd9Sstevel@tonic-gate if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { 12407c478bd9Sstevel@tonic-gate if (!krb5_string_to_timestamp(svalue, 12417c478bd9Sstevel@tonic-gate &rparams->realm_expiration)) 12427c478bd9Sstevel@tonic-gate rparams->realm_expiration_valid = 1; 12437c478bd9Sstevel@tonic-gate krb5_xfree(svalue); 12447c478bd9Sstevel@tonic-gate } 12457c478bd9Sstevel@tonic-gate 124656a424ccSmp153739 hierarchy[2] = "reject_bad_transit"; 124756a424ccSmp153739 if (!krb5_aprof_get_boolean(aprofile, hierarchy, TRUE, &bvalue)) { 124856a424ccSmp153739 rparams->realm_reject_bad_transit = bvalue; 124956a424ccSmp153739 rparams->realm_reject_bad_transit_valid = 1; 125056a424ccSmp153739 } 125156a424ccSmp153739 12527c478bd9Sstevel@tonic-gate /* Get the value for the default principal flags */ 12537c478bd9Sstevel@tonic-gate hierarchy[2] = "default_principal_flags"; 12547c478bd9Sstevel@tonic-gate if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { 12557c478bd9Sstevel@tonic-gate char *sp, *ep, *tp; 12567c478bd9Sstevel@tonic-gate 12577c478bd9Sstevel@tonic-gate sp = svalue; 12587c478bd9Sstevel@tonic-gate rparams->realm_flags = 0; 12597c478bd9Sstevel@tonic-gate while (sp) { 12607c478bd9Sstevel@tonic-gate if ((ep = strchr(sp, (int) ',')) || 12617c478bd9Sstevel@tonic-gate (ep = strchr(sp, (int) ' ')) || 12627c478bd9Sstevel@tonic-gate (ep = strchr(sp, (int) '\t'))) { 12637c478bd9Sstevel@tonic-gate /* Fill in trailing whitespace of sp */ 12647c478bd9Sstevel@tonic-gate tp = ep - 1; 126556a424ccSmp153739 while (isspace((int) *tp) && (tp < sp)) { 12667c478bd9Sstevel@tonic-gate *tp = '\0'; 12677c478bd9Sstevel@tonic-gate tp--; 12687c478bd9Sstevel@tonic-gate } 12697c478bd9Sstevel@tonic-gate *ep = '\0'; 12707c478bd9Sstevel@tonic-gate ep++; 12717c478bd9Sstevel@tonic-gate /* Skip over trailing whitespace of ep */ 127256a424ccSmp153739 while (isspace((int) *ep) && (*ep)) ep++; 12737c478bd9Sstevel@tonic-gate } 12747c478bd9Sstevel@tonic-gate /* Convert this flag */ 12757c478bd9Sstevel@tonic-gate if (krb5_string_to_flags(sp, 12767c478bd9Sstevel@tonic-gate "+", 12777c478bd9Sstevel@tonic-gate "-", 12787c478bd9Sstevel@tonic-gate &rparams->realm_flags)) 12797c478bd9Sstevel@tonic-gate break; 12807c478bd9Sstevel@tonic-gate sp = ep; 12817c478bd9Sstevel@tonic-gate } 12827c478bd9Sstevel@tonic-gate if (!sp) 12837c478bd9Sstevel@tonic-gate rparams->realm_flags_valid = 1; 12847c478bd9Sstevel@tonic-gate krb5_xfree(svalue); 12857c478bd9Sstevel@tonic-gate } 12867c478bd9Sstevel@tonic-gate 12877c478bd9Sstevel@tonic-gate /* Get the value for the supported enctype/salttype matrix */ 12887c478bd9Sstevel@tonic-gate /* 12897c478bd9Sstevel@tonic-gate * SUNWresync121 12907c478bd9Sstevel@tonic-gate * Solaris kerberos: updated this code to support default values for 12917c478bd9Sstevel@tonic-gate * the supported_enctypes. 12927c478bd9Sstevel@tonic-gate */ 12937c478bd9Sstevel@tonic-gate hierarchy[2] = "supported_enctypes"; 12947c478bd9Sstevel@tonic-gate svalue = NULL; 12957c478bd9Sstevel@tonic-gate krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue); 12967c478bd9Sstevel@tonic-gate 12977c478bd9Sstevel@tonic-gate /* 12987c478bd9Sstevel@tonic-gate * Set the default value if supported_enctypes was not explicitly 12997c478bd9Sstevel@tonic-gate * set in the kdc.conf. 13007c478bd9Sstevel@tonic-gate */ 13017c478bd9Sstevel@tonic-gate if (svalue == NULL) { 13027c478bd9Sstevel@tonic-gate svalue = strdup(DEFAULT_ENCTYPE_LIST); 13037c478bd9Sstevel@tonic-gate } 13047c478bd9Sstevel@tonic-gate if (svalue != NULL) { 13057c478bd9Sstevel@tonic-gate krb5_string_to_keysalts(svalue, 13067c478bd9Sstevel@tonic-gate ", \t", /* Tuple separators */ 13077c478bd9Sstevel@tonic-gate ":.-", /* Key/salt separators */ 13087c478bd9Sstevel@tonic-gate 0, /* No duplicates */ 13097c478bd9Sstevel@tonic-gate &rparams->realm_keysalts, 13107c478bd9Sstevel@tonic-gate &rparams->realm_num_keysalts); 13117c478bd9Sstevel@tonic-gate krb5_xfree(svalue); 13127c478bd9Sstevel@tonic-gate svalue = NULL; 13137c478bd9Sstevel@tonic-gate } 13147c478bd9Sstevel@tonic-gate cleanup: 13157c478bd9Sstevel@tonic-gate if (aprofile) 13167c478bd9Sstevel@tonic-gate krb5_aprof_finish(aprofile); 13177c478bd9Sstevel@tonic-gate if (lrealm) 13187c478bd9Sstevel@tonic-gate free(lrealm); 13197c478bd9Sstevel@tonic-gate if (kret) { 13207c478bd9Sstevel@tonic-gate if (rparams) 13217c478bd9Sstevel@tonic-gate krb5_free_realm_params(kcontext, rparams); 13227c478bd9Sstevel@tonic-gate rparams = 0; 13237c478bd9Sstevel@tonic-gate } 13247c478bd9Sstevel@tonic-gate *rparamp = rparams; 13257c478bd9Sstevel@tonic-gate return(kret); 13267c478bd9Sstevel@tonic-gate } 13277c478bd9Sstevel@tonic-gate 13287c478bd9Sstevel@tonic-gate /* 13297c478bd9Sstevel@tonic-gate * krb5_free_realm_params() - Free data allocated by above. 13307c478bd9Sstevel@tonic-gate */ 13317c478bd9Sstevel@tonic-gate krb5_error_code 13327c478bd9Sstevel@tonic-gate krb5_free_realm_params(kcontext, rparams) 13337c478bd9Sstevel@tonic-gate krb5_context kcontext; 13347c478bd9Sstevel@tonic-gate krb5_realm_params *rparams; 13357c478bd9Sstevel@tonic-gate { 13367c478bd9Sstevel@tonic-gate if (rparams) { 13377c478bd9Sstevel@tonic-gate if (rparams->realm_profile) 13387c478bd9Sstevel@tonic-gate krb5_xfree(rparams->realm_profile); 13397c478bd9Sstevel@tonic-gate if (rparams->realm_dbname) 13407c478bd9Sstevel@tonic-gate krb5_xfree(rparams->realm_dbname); 13417c478bd9Sstevel@tonic-gate if (rparams->realm_mkey_name) 13427c478bd9Sstevel@tonic-gate krb5_xfree(rparams->realm_mkey_name); 13437c478bd9Sstevel@tonic-gate if (rparams->realm_stash_file) 13447c478bd9Sstevel@tonic-gate krb5_xfree(rparams->realm_stash_file); 13457c478bd9Sstevel@tonic-gate if (rparams->realm_keysalts) 13467c478bd9Sstevel@tonic-gate krb5_xfree(rparams->realm_keysalts); 13477c478bd9Sstevel@tonic-gate if (rparams->realm_kdc_ports) 13487c478bd9Sstevel@tonic-gate krb5_xfree(rparams->realm_kdc_ports); 134956a424ccSmp153739 if (rparams->realm_kdc_tcp_ports) 135056a424ccSmp153739 krb5_xfree(rparams->realm_kdc_tcp_ports); 135156a424ccSmp153739 if (rparams->realm_acl_file) 135256a424ccSmp153739 krb5_xfree(rparams->realm_acl_file); 13537c478bd9Sstevel@tonic-gate krb5_xfree(rparams); 13547c478bd9Sstevel@tonic-gate } 13557c478bd9Sstevel@tonic-gate return(0); 13567c478bd9Sstevel@tonic-gate } 135756a424ccSmp153739 1358