b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross/*
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * This file and its contents are supplied under the terms of the
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Common Development and Distribution License ("CDDL"), version 1.0.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * You may only use this file in accordance with the terms of version
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * 1.0 of the CDDL.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross *
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * A full copy of the text of the CDDL should have accompanied this
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * source. A copy of the CDDL is also available via the Internet at
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * http://www.illumos.org/license/CDDL.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross/*
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross#include <stdio.h>
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross#include <stdlib.h>
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross#include <stdarg.h>
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross#include <string.h>
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross#include <syslog.h>
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross#include <sys/types.h>
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross#include <sys/errno.h>
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross#include <sys/socket.h>
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross#include <netinet/in.h>
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross#include <sys/note.h>
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross#include <synch.h>
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross#include <thread.h>
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross#include "idmapd.h"
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross#include "libadutils.h"
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross#include "locate_plugin.h"
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross/* osconf.h - sigh */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross#define KRB5_DEFAULT_PORT 88
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross#define DEFAULT_KADM5_PORT 749
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross#define DEFAULT_KPASSWD_PORT 464
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross/*
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * This is an "override plugin" used by libkrb5. See:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * lib/gss_mechs/mech_krb5/krb5/os/locate_kdc.c
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross *
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * The interface is based on:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * http://web.mit.edu/~kerberos/krb5-1.12/doc/plugindev/locate.html
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross/*
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Called by krb5int_locate_server / override_locate_server
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rosskrb5_error_code
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross_krb5_override_service_locator(
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross void *arg0,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross enum locate_service_type svc,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross const char *realm,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross int socktype,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross int family,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross int (*cbfunc)(void *, int, struct sockaddr *),
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross void *cbdata)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross{
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross _NOTE(ARGUNUSED(arg0))
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross idmap_pg_config_t *pgcfg;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross ad_disc_ds_t *ds;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross int rc = KRB5_PLUGIN_NO_HANDLE;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross short port;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross /*
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Is this a service we want to override?
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross switch (svc) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross case locate_service_kdc:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross case locate_service_master_kdc:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross port = htons(KRB5_DEFAULT_PORT);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross break;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross case locate_service_kadmin:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross port = htons(DEFAULT_KADM5_PORT);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross break;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross case locate_service_kpasswd:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross port = htons(DEFAULT_KPASSWD_PORT);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross break;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross case locate_service_krb524:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross default:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross return (rc);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross }
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross RDLOCK_CONFIG();
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross pgcfg = &_idmapdstate.cfg->pgcfg;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross /*
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Is this a realm we want to override?
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross if (pgcfg->domain_name == NULL)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross goto out;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross if (0 != strcasecmp(realm, pgcfg->domain_name))
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross goto out;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross /*
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Yes, this is our domain. Have a DC?
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross if ((ds = pgcfg->domain_controller) == NULL) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross rc = KRB5_REALM_CANT_RESOLVE;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross goto out;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross }
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross switch (family) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross case AF_UNSPEC:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross break; /* OK */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross case AF_INET:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross case AF_INET6:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross if (family == ds->addr.ss_family)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross break; /* OK */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross /* else fallthrough */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross default:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross rc = KRB5_ERR_NO_SERVICE;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross goto out;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross }
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross /*
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Provide the service address we have.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross switch (ds->addr.ss_family) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross case AF_INET: {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross struct sockaddr_in sin;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross struct sockaddr_in *dsa = (void *)&ds->addr;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross (void) memset(&sin, 0, sizeof (sin));
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross sin.sin_family = AF_INET;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross sin.sin_port = port;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross (void) memcpy(&sin.sin_addr, &dsa->sin_addr,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross sizeof (sin.sin_addr));
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross rc = cbfunc(cbdata, socktype, (struct sockaddr *)&sin);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross break;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross }
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross case AF_INET6: {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross struct sockaddr_in6 sin6;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross struct sockaddr_in6 *dsa6 = (void *)&ds->addr;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross (void) memset(&sin6, 0, sizeof (sin6));
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross sin6.sin6_family = AF_INET6;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross sin6.sin6_port = port;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross (void) memcpy(&sin6.sin6_addr, &dsa6->sin6_addr,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross sizeof (sin6.sin6_addr));
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross rc = cbfunc(cbdata, socktype, (struct sockaddr *)&sin6);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross break;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross }
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross default:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross rc = KRB5_ERR_NO_SERVICE;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross goto out;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross }
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross /* rc from cbfunc is special. */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross if (rc)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross rc = ENOMEM;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rossout:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross UNLOCK_CONFIG();
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross return (rc);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross}