src/krb5_plugin/sssd_krb5_locator_plugin.c

	sssd_krb5_locator_plugin.c revision 1193f20a8267e506d863b27c74870c86c085902b
/*
    Authors:
        Sumit Bose <sbose@redhat.com>

    Copyright (C) 2009 Red Hat

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

#include "config.h"

#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/types.h>
#include <netdb.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <ctype.h>

#include "util/sss_krb5.h"
#include <krb5/locate_plugin.h>

#include "providers/krb5/krb5_common.h"

#define DEFAULT_KERBEROS_PORT 88
#define DEFAULT_KADMIN_PORT 749
#define DEFAULT_KPASSWD_PORT 464

#define BUFSIZE 512
#define PORT_STR_SIZE 7
#define SSSD_KRB5_LOCATOR_DEBUG "SSSD_KRB5_LOCATOR_DEBUG"
#define SSSD_KRB5_LOCATOR_DISABLE "SSSD_KRB5_LOCATOR_DISABLE"
#define DEBUG_KEY "[sssd_krb5_locator] "
#define PLUGIN_DEBUG(body) do { \
    if (ctx->debug) { \
        plugin_debug_fn body; \
    } \
} while(0)

struct sssd_ctx {
    char *sssd_realm;
    char *kdc_addr;
    uint16_t kdc_port;
    char *kpasswd_addr;
    uint16_t kpasswd_port;
    bool debug;
    bool disabled;
};

void plugin_debug_fn(const char *format, ...)
{
    va_list ap;
    char *s = NULL;
    int ret;

    va_start(ap, format);

    ret = vasprintf(&s, format, ap);
    va_end(ap);
    if (ret < 0) {
        /* ENOMEM */
        return;
    }

    fprintf(stderr, DEBUG_KEY "%s", s);
    free(s);
}

static int get_krb5info(const char *realm, struct sssd_ctx *ctx,
                        enum locate_service_type svc)
{
    int ret;
    char *krb5info_name = NULL;
    size_t len;
    uint8_t buf[BUFSIZE + 1];
    int fd = -1;
    const char *name_tmpl = NULL;
    char *port_str;
    long port;
    char *endptr;

    switch (svc) {
        case locate_service_kdc:
            name_tmpl = KDCINFO_TMPL;
            break;
        case locate_service_kpasswd:
            name_tmpl = KPASSWDINFO_TMPL;
            break;
        default:
            PLUGIN_DEBUG(("Unsupported service [%d].\n", svc));
            return EINVAL;
    }


    len = strlen(realm) + strlen(name_tmpl);

    krb5info_name = calloc(1, len + 1);
    if (krb5info_name == NULL) {
        PLUGIN_DEBUG(("malloc failed.\n"));
        return ENOMEM;
    }

    ret = snprintf(krb5info_name, len, name_tmpl, realm);
    if (ret < 0) {
        PLUGIN_DEBUG(("snprintf failed.\n"));
        ret = EINVAL;
        goto done;
    }
    krb5info_name[len] = '\0';

    fd = open(krb5info_name, O_RDONLY);
    if (fd == -1) {
        PLUGIN_DEBUG(("open failed [%s][%d][%s].\n",
                      krb5info_name, errno, strerror(errno)));
        ret = errno;
        goto done;
    }

    memset(buf, 0, BUFSIZE+1);

    errno = 0;
    len = sss_atomic_read_s(fd, buf, BUFSIZE);
    if (len == -1) {
        ret = errno;
        PLUGIN_DEBUG(("read failed [%d][%s].\n", ret, strerror(ret)));
        close(fd);
        goto done;
    }
    close(fd);

    if (len == BUFSIZE) {
        PLUGIN_DEBUG(("Content of krb5info file [%s] is [%d] or larger.\n",
                      krb5info_name, BUFSIZE));
    }
    PLUGIN_DEBUG(("Found [%s] in [%s].\n", buf, krb5info_name));

    port_str = strrchr((char *) buf, ':');
    if (port_str == NULL) {
        port = 0;
    } else {
        *port_str = '\0';
        ++port_str;

        if (isdigit(*port_str)) {
            errno = 0;
            port = strtol(port_str, &endptr, 10);
            if (errno != 0) {
                ret = errno;
                PLUGIN_DEBUG(("strtol failed on [%s]: [%d][%s], "
                            "assuming default.\n", port_str, ret, strerror(ret)));
                port = 0;
            }
            if (*endptr != '\0') {
                PLUGIN_DEBUG(("Found additional characters [%s] in port number "
                            "[%s], assuming default.\n", endptr, port_str));
                port = 0;
            }

            if (port < 0 || port > 65535) {
                PLUGIN_DEBUG(("Illegal port number [%ld], assuming default.\n",
                            port));
                port = 0;
            }
        } else {
            PLUGIN_DEBUG(("Illegal port number [%s], assuming default.\n",
                        port_str));
            port = 0;
        }
    }

    switch (svc) {
        case locate_service_kdc:
            free(ctx->kdc_addr);
            ctx->kdc_addr = strdup((char *) buf);
            if (ctx->kdc_addr == NULL) {
                PLUGIN_DEBUG(("strdup failed.\n"));
                ret = ENOMEM;
                goto done;
            }
            ctx->kdc_port = (uint16_t) port;
            break;
        case locate_service_kpasswd:
            free(ctx->kpasswd_addr);
            ctx->kpasswd_addr = strdup((char *) buf);
            if (ctx->kpasswd_addr == NULL) {
                PLUGIN_DEBUG(("strdup failed.\n"));
                ret = ENOMEM;
                goto done;
            }
            ctx->kpasswd_port = (uint16_t) port;
            break;
        default:
            PLUGIN_DEBUG(("Unsupported service [%d].\n", svc));
            ret = EINVAL;
            goto done;
    }

    ret = 0;
done:
    free(krb5info_name);
    return ret;
}

krb5_error_code sssd_krb5_locator_init(krb5_context context,
                                       void **private_data)
{
    struct sssd_ctx *ctx;
    const char *dummy;

    ctx = calloc(1,sizeof(struct sssd_ctx));
    if (ctx == NULL) return KRB5_PLUGIN_NO_HANDLE;

    dummy = getenv(SSSD_KRB5_LOCATOR_DEBUG);
    if (dummy == NULL) {
        ctx->debug = false;
    } else {
        ctx->debug = true;
        PLUGIN_DEBUG(("sssd_krb5_locator_init called\n"));
    }

    dummy = getenv(SSSD_KRB5_LOCATOR_DISABLE);
    if (dummy == NULL) {
        ctx->disabled = false;
    } else {
        ctx->disabled = true;
        PLUGIN_DEBUG(("SSSD KRB5 locator plugin is disabled.\n"));
    }

    *private_data = ctx;

    return 0;
}

void sssd_krb5_locator_close(void *private_data)
{
    struct sssd_ctx *ctx;

    if (private_data == NULL) return;

    ctx = (struct sssd_ctx *) private_data;
    PLUGIN_DEBUG(("sssd_krb5_locator_close called\n"));

    free(ctx->kdc_addr);
    free(ctx->kpasswd_addr);
    free(ctx->sssd_realm);
    free(ctx);

    return;
}

krb5_error_code sssd_krb5_locator_lookup(void *private_data,
                    enum locate_service_type svc,
                    const char *realm,
                    int socktype,
                    int family,
                    int (*cbfunc)(void *, int, struct sockaddr *),
                    void *cbdata)
{
    int ret;
    struct addrinfo *ai;
    struct sssd_ctx *ctx;
    struct addrinfo ai_hints;
    uint16_t port = 0;
    const char *addr = NULL;
    char port_str[PORT_STR_SIZE];

    if (private_data == NULL) return KRB5_PLUGIN_NO_HANDLE;
    ctx = (struct sssd_ctx *) private_data;

    if (ctx->disabled) {
        PLUGIN_DEBUG(("Plugin disabled, nothing to do.\n"));
        return KRB5_PLUGIN_NO_HANDLE;
    }

    if (ctx->sssd_realm == NULL || strcmp(ctx->sssd_realm, realm) != 0) {
        free(ctx->sssd_realm);
        ctx->sssd_realm = strdup(realm);
        if (ctx->sssd_realm == NULL) {
            PLUGIN_DEBUG(("strdup failed.\n"));
            return KRB5_PLUGIN_NO_HANDLE;
        }

        ret = get_krb5info(realm, ctx, locate_service_kdc);
        if (ret != EOK) {
            PLUGIN_DEBUG(("get_krb5info failed.\n"));
            return KRB5_PLUGIN_NO_HANDLE;
        }

        if (svc == locate_service_kadmin || svc == locate_service_kpasswd ||
            svc == locate_service_master_kdc) {
            ret = get_krb5info(realm, ctx, locate_service_kpasswd);
            if (ret != EOK) {
                PLUGIN_DEBUG(("reading kpasswd address failed, "
                              "using kdc address.\n"));
                free(ctx->kpasswd_addr);
                ctx->kpasswd_addr = strdup(ctx->kdc_addr);
                ctx->kpasswd_port = 0;
            }
        }
    }

    PLUGIN_DEBUG(("sssd_realm[%s] requested realm[%s] family[%d] socktype[%d] "
                  "locate_service[%d]\n", ctx->sssd_realm, realm, family,
                                          socktype, svc));

    switch (svc) {
        case locate_service_kdc:
            addr = ctx->kdc_addr;
            port = ctx->kdc_port ? ctx->kdc_port : DEFAULT_KERBEROS_PORT;
            break;
        case locate_service_master_kdc:
            addr = ctx->kpasswd_addr;
            port = DEFAULT_KERBEROS_PORT;
            break;
        case locate_service_kadmin:
            addr = ctx->kpasswd_addr;
            port = DEFAULT_KADMIN_PORT;
            break;
        case locate_service_kpasswd:
            addr = ctx->kpasswd_addr;
            port = ctx->kpasswd_port ? ctx->kpasswd_port : DEFAULT_KPASSWD_PORT;
            break;
        case locate_service_krb524:
            return KRB5_PLUGIN_NO_HANDLE;
        default:
            return KRB5_PLUGIN_NO_HANDLE;
    }

    switch (family) {
        case AF_UNSPEC:
        case AF_INET:
        case AF_INET6:
            break;
        default:
            return KRB5_PLUGIN_NO_HANDLE;
    }

    switch (socktype) {
        case SOCK_STREAM:
        case SOCK_DGRAM:
            break;
        default:
            return KRB5_PLUGIN_NO_HANDLE;
    }

    if (strcmp(realm, ctx->sssd_realm) != 0)
        return KRB5_PLUGIN_NO_HANDLE;

    memset(port_str, 0, PORT_STR_SIZE);
    ret = snprintf(port_str, PORT_STR_SIZE-1, "%u", port);
    if (ret < 0 || ret >= (PORT_STR_SIZE-1)) {
        PLUGIN_DEBUG(("snprintf failed.\n"));
        return KRB5_PLUGIN_NO_HANDLE;
    }

    memset(&ai_hints, 0, sizeof(struct addrinfo));
    ai_hints.ai_flags = AI_NUMERICHOST|AI_NUMERICSERV;
    ai_hints.ai_socktype = socktype;

    ret = getaddrinfo(addr, port_str, &ai_hints, &ai);
    if (ret != 0) {
        PLUGIN_DEBUG(("getaddrinfo failed [%d][%s].\n", ret,
                                                        gai_strerror(ret)));
        if (ret == EAI_SYSTEM) {
            PLUGIN_DEBUG(("getaddrinfo failed [%d][%s].\n", errno,
                                                            strerror(errno)));
        }
        return KRB5_PLUGIN_NO_HANDLE;
    }

    PLUGIN_DEBUG(("addr[%s:%s] family[%d] socktype[%d]\n", addr, port_str,
                 ai->ai_family, ai->ai_socktype));

    if ((family == AF_UNSPEC || ai->ai_family == family) &&
        ai->ai_socktype == socktype) {

        ret = cbfunc(cbdata, socktype, ai->ai_addr);
        if (ret != 0) {
            PLUGIN_DEBUG(("cbfunc failed\n"));
            freeaddrinfo(ai);
            return ret;
        } else {
            PLUGIN_DEBUG(("[%s] used\n", addr));
        }
    } else {
        PLUGIN_DEBUG(("[%s] NOT used\n", addr));
    }
    freeaddrinfo(ai);

    return 0;
}

const krb5plugin_service_locate_ftable service_locator = {
    0, /* version */
    sssd_krb5_locator_init,
    sssd_krb5_locator_close,
    sssd_krb5_locator_lookup,
};