prof_solaris.c revision 938d11f4dc1913fa271733c9057f13109fd80cdb
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * CDDL HEADER START
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * The contents of this file are subject to the terms of the
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Common Development and Distribution License (the "License").
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * You may not use this file except in compliance with the License.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * See the License for the specific language governing permissions
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * and limitations under the License.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * When distributing Covered Code, include this CDDL HEADER in each
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * If applicable, add the following below this CDDL HEADER, with the
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * fields enclosed by brackets "[]" replaced with your own identifying
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * information: Portions Copyright [yyyy] [name of copyright owner]
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * CDDL HEADER END
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Abstracted contract private interfaces for configuring krb5.conf(4).
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery__profile_iter_name_value(profile_t profile, char *section, char *key,
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery char *name = NULL, *value = NULL, **ret_values = NULL;
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = profile_iterator_create(profile, hierarchy,
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery while (code == 0) {
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery if ((key == NULL) || (strcmp(value, key) == 0)) {
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery__profile_get_domain_realm(profile_t profile, char *realm, char ***domains)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery if (profile == NULL || realm == NULL || domains == NULL)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery return (__profile_iter_name_value(profile, "domain_realm", realm,
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Not fatal if this fails, continue on.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery (void) profile_clear_relation(profile, hierarchy);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = profile_add_relation(profile, hierarchy, "true");
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery (void) profile_clear_relation(profile, hierarchy);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = profile_add_relation(profile, hierarchy, "true");
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Not fatal if this fails, continue on.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery (void) profile_clear_relation(profile, hierarchy);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery (void) profile_clear_relation(profile, hierarchy);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery (void) profile_clear_relation(profile, hierarchy);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = profile_add_relation(profile, hierarchy, "1d");
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery (void) profile_clear_relation(profile, hierarchy);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = profile_add_relation(profile, hierarchy, "10");
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery__profile_set_libdefaults(profile_t profile, char *realm)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Not fatal if this fails, continue on.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery (void) profile_clear_relation(profile, hierarchy);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = profile_add_relation(profile, hierarchy, realm);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery__profile_set_kdc(profile_t profile, char *realm, char *kdc,
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery if (profile == NULL || realm == NULL || kdc == NULL)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Not fatal if this fails, continue on.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery (void) profile_clear_relation(profile, hierarchy);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = profile_add_relation(profile, hierarchy, kdc);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * errcode_t __profile_release(profile_t profile)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where profile was the pointer passed back by __profile_init
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Note: used to commit the associated profile to the backing store
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * (e.g. file) and free profile memory
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Note: that this function returns an error code which profile_release
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * does not. With the error code, the application can determine if they
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * need to free the resulting profile information in memory
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery if (profile == NULL || profile->magic != PROF_MAGIC_PROFILE)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * void __profile_abandon(profile_t profile)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where profile was the pointer passed back by __profile_init
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Note: used to free any profile information in memory. Typically can
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * be used in conjunction with __profile_release upon error
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * errcode_t __profile_add_domain_mapping(profile_t profile, char *domain,
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * char *realm)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where profile was the pointer passed back by __profile_init
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where domain is the domain name of the associated realm name
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where realm is the corresponding realm name for the domain
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery__profile_add_domain_mapping(profile_t profile, char *domain, char *realm)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery if (profile == NULL || domain == NULL || realm == NULL)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Not fatal if relation can't be cleared, continue on.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery (void) profile_clear_relation(profile, hierarchy);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = profile_add_relation(profile, hierarchy, realm);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * errcode_t __profile_remove_domain_mapping(profile_t profile, char *realm)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where profile was the pointer passed back by __profile_init
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where domain is the domain name of the associated realm name
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where realm is the corresponding realm name for the domain
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Note: for the remove function, all matching domain - realm mappings
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * will be removed for realm
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery__profile_remove_domain_mapping(profile_t profile, char *realm)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = __profile_get_domain_realm(profile, realm, &domains);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = profile_clear_relation(profile, hierarchy);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * errcode_t __profile_get_realm_entry(profile_t profile, char *realm,
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * char *name, char ***ret_value)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where profile was the pointer passed back by __profile_init
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where realm is the target realm for lookup
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where name is the name in the realm section requested
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where value is a string array of any matching values assigned to name.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * The array is terminated with a NULL pointer.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Note: if no name has been configured and a profile does exist
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * then value is set to NULL
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery__profile_get_realm_entry(profile_t profile, char *realm, char *name,
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery if (profile == NULL || realm == NULL || name == NULL ||
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = profile_get_values(profile, hierarchy, &values);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * errcode_t __profile_add_realm_entry(profile_t profile, char *realm,
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * char *name, char **value)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where profile was the pointer passed back by __profile_init
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where realm is the target realm for the name-value pair
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where name is the name in the realm subsection to add
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where value is a string array values to assigned to name. The array is
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * terminated with a NULL pointer.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Note: if the realm subsection does no exist then an error is returned
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Note: if the name already exists the set is overwritten with the values
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery__profile_add_realm_entry(profile_t profile, char *realm, char *name,
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery if (profile == NULL || realm == NULL || name == NULL || values == NULL)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Not fatal if this fails, continue on.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery (void) profile_clear_relation(profile, hierarchy);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = profile_add_relation(profile, hierarchy, *tvalue);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * errcode_t __profile_get_default_realm(profile_t profile, char **realm)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where profile was the pointer passed back by __profile_init
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where realm is the default_realm configured for the system
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Note: if no default_realm has been configured and a profile does exist
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * then realm is set to NULL
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery__profile_get_default_realm(profile_t profile, char **realm)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = profile_get_string(profile, "libdefaults", "default_realm", 0, 0,
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * errcode_t __profile_get_realms(profile_t profile, char ***realms)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where profile was the pointer passed back by __profile_init
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where realms is a string array of realm names currently configured.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * The array is terminated with a NULL pointer.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Note: if no realms have been configured and a profile does exist then
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * realms is set to NULL
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery__profile_get_realms(profile_t profile, char ***realms)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery return (__profile_iter_name_value(profile, "realms", NULL, realms));
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * errcode_t __profile_add_realm(profile_t profile, char *realm,
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * char *master, char **kdcs, boolean_t set_change, boolean_t
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * default_realm)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where profile was the pointer passed back by __profile_init
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where realm is the realm name associated with the configuration
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where master is the server that is assigned to admin_server
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where kdcs is a string array of KDCs used to populate the kdc set.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * The array is terminated with a NULL pointer.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where set_change, if set, will use the SET_CHANGE protocol for password
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * modifications. RPCSEC_GSS is set by default
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where default_realm, if set, will assign the realm to default_realm
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Note: the ordering of kdcs is determined by the server's position in the
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Note: kdcs must be assigned a value, even if it is the same value as the
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery__profile_add_realm(profile_t profile, char *realm, char *master, char **kdcs,
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery if (profile == NULL || realm == NULL || master == NULL || kdcs == NULL)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Sets the default realm to realm if default_realm flag is set.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery if (code = __profile_set_libdefaults(profile, realm))
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Not fatal if this fails, therefore return code is not checked.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery (void) profile_clear_relation(profile, hierarchy);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery if (code = profile_add_relation(profile, hierarchy, master))
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * If not set then defaults to undefined, which defaults to RPCSEC_GSS.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery (void) profile_clear_relation(profile, hierarchy);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = profile_add_relation(profile, hierarchy, "SET_CHANGE");
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery if (code = __profile_set_kdc(profile, realm, *tkdcs, ow))
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * errcode_t __profile_remove_xrealm_mapping(profile_t profile, char *realm)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where profile was the pointer passed back by __profile_init
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where source is the source realm for the capath
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where target is the target realm for the capath
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where inter is the intermediate realm between the source and target
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * realms. If the source and target share x-realm keys then this set to "."
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Note: for the remove function, all associated source, target, and
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * intermediate entries will be removed matching the realm name
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery__profile_remove_xrealm_mapping(profile_t profile, char *realm)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery char *source = NULL, *dummy_val = NULL, *target = NULL;
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Not fatal if this fails, continue on.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = profile_rename_section(profile, hierarchy, NULL);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = profile_iterator_create(profile, hierarchy,
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery while (code == 0) {
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = profile_iterator(&state, &source, &dummy_val);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code2 = profile_iterator_create(profile, hierarchy,
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery while (code2 == 0) {
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * errcode_t __profile_remove_realm(profile_t profile, char *realm)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where profile was the pointer passed back by __profile_init
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where realm is the target realm for removal
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Note: the function removes the matching realm in the realms section,
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * the default_realm, relevant domain_realm mappings with the realm name,
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * and matching capaths source realm subsection.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery__profile_remove_realm(profile_t profile, char *realm)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Remove the default realm.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = __profile_get_default_realm(profile, &drealm);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = profile_clear_relation(profile, hierarchy);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = profile_rename_section(profile, hierarchy, NULL);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = __profile_remove_domain_mapping(profile, realm);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = __profile_remove_xrealm_mapping(profile, realm);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Not fatal even if realm wasn't available to remove.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * errcode_t __profile_add_xrealm_mapping(profile_t profile, char *source,
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * char *target, char *inter)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where profile was the pointer passed back by __profile_init
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where source is the source realm for the capath
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where target is the target realm for the capath
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where inter is the intermediate realm between the source and target
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * realms. If the source and target share x-realm keys then this set to "."
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Note: if the section does not exist one will be created
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery__profile_add_xrealm_mapping(profile_t profile, char *source, char *target,
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery if (profile == NULL || source == NULL || target == NULL ||
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Not fatal if this fails, continue on.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery (void) profile_clear_relation(profile, hierarchy);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = profile_add_relation(profile, hierarchy, inter);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * errcode_t __profile_validate(profile_t profile, int *val_err, char **val)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where profile was the pointer passed back by __profile_init
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where val_err is a function specific error code of the following values:
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * 0 No errors detected in profile
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * 1 default realm is in lower-case (val returns realm)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * 2 realm in realms section is in lower-case (val returns realm)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * 3 default realm is not found in realms section
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * (val returns realm not found)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * 4 default realm does not exist
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * 5 no realm found in realms section
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * 6 no domain realm mapping entry found corresponding to a realm
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * in the realms section (val returns realm name)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * 7 kdc relation-value does not exist in realm
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * (val returns realm name)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * 8 admin_server relation-value does not exist in realm
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * (val returns realm name)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where val is the associated errant value, associated with val_err. This
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * value is returned as is from the profile
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Note: function infers the following:
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * 1. REALM should be in upper-case
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * 2. all required entries are present
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * 3. all relations are defined between default realm, realm, and
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * domain - realm mappings
938d11f4dc1913fa271733c9057f13109fd80cdbShawn Emery * Note: The return value of this function is based on the error code returned
938d11f4dc1913fa271733c9057f13109fd80cdbShawn Emery * by the framework/mechanism. The function could return zero with the
938d11f4dc1913fa271733c9057f13109fd80cdbShawn Emery * validation error code set to non-zero if the profile is invalid in any way.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Caution: This function could return false positives on valid
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * configurations and should only be used by the CIFS team for
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * specific purposes.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery__profile_validate(profile_t profile, int *val_err, char **val)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery register int c;
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery char *default_realm = NULL, **realms = NULL, *tr = NULL;
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery char **trealms = NULL, **domains = NULL, **ret_vals = NULL;
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery if (profile == NULL || val_err == NULL || val == NULL)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = __profile_get_default_realm(profile, &default_realm);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery } else if (code == 0 && default_realm == NULL) {
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = __profile_get_domain_realm(profile, *trealms,
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = __profile_get_realm_entry(profile, *trealms,
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery code = __profile_get_realm_entry(profile, *trealms,
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * errcode_t __profile_init(char *filename, profile_t *profile)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where filename is the specified profile location. If filename is NULL
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * then function uses the system default name, /etc/krb5/krb5.conf
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * where profile is pointer passed to caller upon success
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Note: if the file does not exist then one will be created
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Note: if the file does exist then any existing profile information will
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * be in profile
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Note: profile_release() should be used by the caller to free profile
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery__profile_init(char *filename, profile_t *profile)
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery mode_t mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH;
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery ret = krb5_get_default_config_files(&filenames);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * If file does not exist then create said file.
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery fd = open(*filenames, O_RDWR|O_CREAT|O_NOFOLLOW|O_NOLINKS, mode);
bfc032a14cc866ab7f34ca6fd86c240a5ebede9dShawn Emery * Specify non-null for specific file (to load any existing profile)