1 /* $NetBSD: principal.c,v 1.4 2023/06/19 21:41:44 christos Exp $ */
2
3 /*
4 * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
5 * (Royal Institute of Technology, Stockholm, Sweden).
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 /**
37 * @page krb5_principal_intro The principal handing functions.
38 *
39 * A Kerberos principal is a email address looking string that
40 * contains two parts separated by @. The second part is the kerberos
41 * realm the principal belongs to and the first is a list of 0 or
42 * more components. For example
43 * @verbatim
44 lha@SU.SE
45 host/hummel.it.su.se@SU.SE
46 host/admin@H5L.ORG
47 @endverbatim
48 *
49 * See the library functions here: @ref krb5_principal
50 */
51
52 #include "krb5_locl.h"
53 #ifdef HAVE_RES_SEARCH
54 #define USE_RESOLVER
55 #endif
56 #ifdef HAVE_ARPA_NAMESER_H
57 #include <arpa/nameser.h>
58 #endif
59 #include <fnmatch.h>
60 #include <krb5/resolve.h>
61
62 #define princ_num_comp(P) ((P)->name.name_string.len)
63 #define princ_type(P) ((P)->name.name_type)
64 #define princ_comp(P) ((P)->name.name_string.val)
65 #define princ_ncomp(P, N) ((P)->name.name_string.val[(N)])
66 #define princ_realm(P) ((P)->realm)
67
68 static krb5_error_code
set_default_princ_type(krb5_principal p,NAME_TYPE defnt)69 set_default_princ_type(krb5_principal p, NAME_TYPE defnt)
70 {
71 if (princ_num_comp(p) > 1 && strcmp(princ_ncomp(p, 0), KRB5_TGS_NAME) == 0)
72 princ_type(p) = KRB5_NT_SRV_INST;
73 else if (princ_num_comp(p) > 1 && strcmp(princ_ncomp(p, 0), "host") == 0)
74 princ_type(p) = KRB5_NT_SRV_HST;
75 else if (princ_num_comp(p) > 1 && strcmp(princ_ncomp(p, 0), "kca_service") == 0)
76 princ_type(p) = KRB5_NT_SRV_HST;
77 else if (princ_num_comp(p) == 2 &&
78 strcmp(princ_ncomp(p, 0), KRB5_WELLKNOWN_NAME) == 0)
79 princ_type(p) = KRB5_NT_WELLKNOWN;
80 else if (princ_num_comp(p) == 1 && strchr(princ_ncomp(p, 0), '@') != NULL)
81 princ_type(p) = KRB5_NT_SMTP_NAME;
82 else
83 princ_type(p) = defnt;
84 return 0;
85 }
86
87 static krb5_error_code append_component(krb5_context, krb5_principal,
88 const char *, size_t);
89
90 /**
91 * Frees a Kerberos principal allocated by the library with
92 * krb5_parse_name(), krb5_make_principal() or any other related
93 * principal functions.
94 *
95 * @param context A Kerberos context.
96 * @param p a principal to free.
97 *
98 * @return An krb5 error code, see krb5_get_error_message().
99 *
100 * @ingroup krb5_principal
101 */
102
103 KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_principal(krb5_context context,krb5_principal p)104 krb5_free_principal(krb5_context context,
105 krb5_principal p)
106 {
107 if(p){
108 free_Principal(p);
109 free(p);
110 }
111 }
112
113 /**
114 * Set the type of the principal
115 *
116 * @param context A Kerberos context.
117 * @param principal principal to set the type for
118 * @param type the new type
119 *
120 * @return An krb5 error code, see krb5_get_error_message().
121 *
122 * @ingroup krb5_principal
123 */
124
125 KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_principal_set_type(krb5_context context,krb5_principal principal,int type)126 krb5_principal_set_type(krb5_context context,
127 krb5_principal principal,
128 int type)
129 {
130 princ_type(principal) = type;
131 }
132
133 /**
134 * Get the type of the principal
135 *
136 * @param context A Kerberos context.
137 * @param principal principal to get the type for
138 *
139 * @return the type of principal
140 *
141 * @ingroup krb5_principal
142 */
143
144 KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_principal_get_type(krb5_context context,krb5_const_principal principal)145 krb5_principal_get_type(krb5_context context,
146 krb5_const_principal principal)
147 {
148 return princ_type(principal);
149 }
150
151 /**
152 * Get the realm of the principal
153 *
154 * @param context A Kerberos context.
155 * @param principal principal to get the realm for
156 *
157 * @return realm of the principal, don't free or use after krb5_principal is freed
158 *
159 * @ingroup krb5_principal
160 */
161
162 KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_principal_get_realm(krb5_context context,krb5_const_principal principal)163 krb5_principal_get_realm(krb5_context context,
164 krb5_const_principal principal)
165 {
166 return princ_realm(principal);
167 }
168
169 KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_principal_get_comp_string(krb5_context context,krb5_const_principal principal,unsigned int component)170 krb5_principal_get_comp_string(krb5_context context,
171 krb5_const_principal principal,
172 unsigned int component)
173 {
174 if(component >= princ_num_comp(principal))
175 return NULL;
176 return princ_ncomp(principal, component);
177 }
178
179 /**
180 * Get number of component is principal.
181 *
182 * @param context Kerberos 5 context
183 * @param principal principal to query
184 *
185 * @return number of components in string
186 *
187 * @ingroup krb5_principal
188 */
189
190 KRB5_LIB_FUNCTION unsigned int KRB5_LIB_CALL
krb5_principal_get_num_comp(krb5_context context,krb5_const_principal principal)191 krb5_principal_get_num_comp(krb5_context context,
192 krb5_const_principal principal)
193 {
194 return princ_num_comp(principal);
195 }
196
197 /**
198 * Parse a name into a krb5_principal structure, flags controls the behavior.
199 *
200 * @param context Kerberos 5 context
201 * @param name name to parse into a Kerberos principal
202 * @param flags flags to control the behavior
203 * @param principal returned principal, free with krb5_free_principal().
204 *
205 * @return An krb5 error code, see krb5_get_error_message().
206 *
207 * @ingroup krb5_principal
208 */
209
210 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_parse_name_flags(krb5_context context,const char * name,int flags,krb5_principal * principal)211 krb5_parse_name_flags(krb5_context context,
212 const char *name,
213 int flags,
214 krb5_principal *principal)
215 {
216 krb5_error_code ret;
217 heim_general_string *comp;
218 heim_general_string realm = NULL;
219 int ncomp;
220
221 const char *p;
222 char *q;
223 char *s;
224 char *start;
225
226 int n;
227 char c;
228 int got_realm = 0;
229 int first_at = 1;
230 int no_realm = flags & KRB5_PRINCIPAL_PARSE_NO_REALM;
231 int require_realm = flags & KRB5_PRINCIPAL_PARSE_REQUIRE_REALM;
232 int enterprise = flags & KRB5_PRINCIPAL_PARSE_ENTERPRISE;
233 int ignore_realm = flags & KRB5_PRINCIPAL_PARSE_IGNORE_REALM;
234 int no_def_realm = flags & KRB5_PRINCIPAL_PARSE_NO_DEF_REALM;
235
236 *principal = NULL;
237
238 if (no_realm && require_realm) {
239 krb5_set_error_message(context, KRB5_ERR_NO_SERVICE,
240 N_("Can't require both realm and "
241 "no realm at the same time", ""));
242 return KRB5_ERR_NO_SERVICE;
243 }
244
245 /* count number of component,
246 * enterprise names only have one component
247 */
248 ncomp = 1;
249 if (!enterprise) {
250 for (p = name; *p; p++) {
251 if (*p=='\\') {
252 if (!p[1]) {
253 krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
254 N_("trailing \\ in principal name", ""));
255 return KRB5_PARSE_MALFORMED;
256 }
257 p++;
258 } else if (*p == '/')
259 ncomp++;
260 else if (*p == '@')
261 break;
262 }
263 }
264 comp = calloc(ncomp, sizeof(*comp));
265 if (comp == NULL)
266 return krb5_enomem(context);
267
268 n = 0;
269 p = start = q = s = strdup(name);
270 if (start == NULL) {
271 free(comp);
272 return krb5_enomem(context);
273 }
274 while (*p) {
275 c = *p++;
276 if (c == '\\') {
277 c = *p++;
278 if (c == 'n')
279 c = '\n';
280 else if (c == 't')
281 c = '\t';
282 else if (c == 'b')
283 c = '\b';
284 else if (c == '0')
285 c = '\0';
286 else if (c == '\0') {
287 ret = KRB5_PARSE_MALFORMED;
288 krb5_set_error_message(context, ret,
289 N_("trailing \\ in principal name", ""));
290 goto exit;
291 }
292 } else if (enterprise && first_at) {
293 if (c == '@')
294 first_at = 0;
295 } else if ((c == '/' && !enterprise) || c == '@') {
296 if (got_realm) {
297 ret = KRB5_PARSE_MALFORMED;
298 krb5_set_error_message(context, ret,
299 N_("part after realm in principal name", ""));
300 goto exit;
301 } else {
302 comp[n] = malloc(q - start + 1);
303 if (comp[n] == NULL) {
304 ret = krb5_enomem(context);
305 goto exit;
306 }
307 memcpy(comp[n], start, q - start);
308 comp[n][q - start] = 0;
309 n++;
310 }
311 if (c == '@')
312 got_realm = 1;
313 start = q;
314 continue;
315 }
316 if (got_realm && (c == '/' || c == '\0')) {
317 ret = KRB5_PARSE_MALFORMED;
318 krb5_set_error_message(context, ret,
319 N_("part after realm in principal name", ""));
320 goto exit;
321 }
322 *q++ = c;
323 }
324 if (got_realm) {
325 if (no_realm) {
326 ret = KRB5_PARSE_MALFORMED;
327 krb5_set_error_message(context, ret,
328 N_("realm found in 'short' principal "
329 "expected to be without one", ""));
330 goto exit;
331 }
332 if (!ignore_realm) {
333 realm = malloc(q - start + 1);
334 if (realm == NULL) {
335 ret = krb5_enomem(context);
336 goto exit;
337 }
338 memcpy(realm, start, q - start);
339 realm[q - start] = 0;
340 }
341 } else {
342 if (require_realm) {
343 ret = KRB5_PARSE_MALFORMED;
344 krb5_set_error_message(context, ret,
345 N_("realm NOT found in principal "
346 "expected to be with one", ""));
347 goto exit;
348 } else if (no_realm || no_def_realm) {
349 realm = NULL;
350 } else {
351 ret = krb5_get_default_realm(context, &realm);
352 if (ret)
353 goto exit;
354 }
355
356 comp[n] = malloc(q - start + 1);
357 if (comp[n] == NULL) {
358 ret = krb5_enomem(context);
359 goto exit;
360 }
361 memcpy(comp[n], start, q - start);
362 comp[n][q - start] = 0;
363 n++;
364 }
365 *principal = calloc(1, sizeof(**principal));
366 if (*principal == NULL) {
367 ret = krb5_enomem(context);
368 goto exit;
369 }
370 (*principal)->name.name_string.val = comp;
371 princ_num_comp(*principal) = n;
372 (*principal)->realm = realm;
373 if (enterprise)
374 princ_type(*principal) = KRB5_NT_ENTERPRISE_PRINCIPAL;
375 else
376 set_default_princ_type(*principal, KRB5_NT_PRINCIPAL);
377 free(s);
378 return 0;
379 exit:
380 while (n>0) {
381 free(comp[--n]);
382 }
383 free(comp);
384 krb5_free_default_realm(context, realm);
385 free(s);
386 return ret;
387 }
388
389 /**
390 * Parse a name into a krb5_principal structure
391 *
392 * @param context Kerberos 5 context
393 * @param name name to parse into a Kerberos principal
394 * @param principal returned principal, free with krb5_free_principal().
395 *
396 * @return An krb5 error code, see krb5_get_error_message().
397 *
398 * @ingroup krb5_principal
399 */
400
401 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_parse_name(krb5_context context,const char * name,krb5_principal * principal)402 krb5_parse_name(krb5_context context,
403 const char *name,
404 krb5_principal *principal)
405 {
406 return krb5_parse_name_flags(context, name, 0, principal);
407 }
408
409 static const char quotable_chars[] = " \n\t\b\\/@";
410 static const char replace_chars[] = " ntb\\/@";
411
412 #define add_char(BASE, INDEX, LEN, C) do { if((INDEX) < (LEN)) (BASE)[(INDEX)++] = (C); }while(0);
413
414 static size_t
quote_string(const char * s,char * out,size_t idx,size_t len,int display)415 quote_string(const char *s, char *out, size_t idx, size_t len, int display)
416 {
417 const char *p, *q;
418 for(p = s; *p && idx < len; p++){
419 q = strchr(quotable_chars, *p);
420 if (q && display) {
421 add_char(out, idx, len, replace_chars[q - quotable_chars]);
422 } else if (q) {
423 add_char(out, idx, len, '\\');
424 add_char(out, idx, len, replace_chars[q - quotable_chars]);
425 }else
426 add_char(out, idx, len, *p);
427 }
428 if(idx < len)
429 out[idx] = '\0';
430 return idx;
431 }
432
433
434 static krb5_error_code
unparse_name_fixed(krb5_context context,krb5_const_principal principal,char * name,size_t len,int flags)435 unparse_name_fixed(krb5_context context,
436 krb5_const_principal principal,
437 char *name,
438 size_t len,
439 int flags)
440 {
441 size_t idx = 0;
442 size_t i;
443 int short_form = (flags & KRB5_PRINCIPAL_UNPARSE_SHORT) != 0;
444 int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) != 0;
445 int display = (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) != 0;
446
447 if (!no_realm && princ_realm(principal) == NULL) {
448 krb5_set_error_message(context, ERANGE,
449 N_("Realm missing from principal, "
450 "can't unparse", ""));
451 return ERANGE;
452 }
453
454 for(i = 0; i < princ_num_comp(principal); i++){
455 if(i)
456 add_char(name, idx, len, '/');
457 idx = quote_string(princ_ncomp(principal, i), name, idx, len, display);
458 if(idx == len) {
459 krb5_set_error_message(context, ERANGE,
460 N_("Out of space printing principal", ""));
461 return ERANGE;
462 }
463 }
464 /* add realm if different from default realm */
465 if(short_form && !no_realm) {
466 krb5_realm r;
467 krb5_error_code ret;
468 ret = krb5_get_default_realm(context, &r);
469 if(ret)
470 return ret;
471 if(strcmp(princ_realm(principal), r) != 0)
472 short_form = 0;
473 krb5_free_default_realm(context, r);
474 }
475 if(!short_form && !no_realm) {
476 add_char(name, idx, len, '@');
477 idx = quote_string(princ_realm(principal), name, idx, len, display);
478 if(idx == len) {
479 krb5_set_error_message(context, ERANGE,
480 N_("Out of space printing "
481 "realm of principal", ""));
482 return ERANGE;
483 }
484 }
485 return 0;
486 }
487
488 /**
489 * Unparse the principal name to a fixed buffer
490 *
491 * @param context A Kerberos context.
492 * @param principal principal to unparse
493 * @param name buffer to write name to
494 * @param len length of buffer
495 *
496 * @return An krb5 error code, see krb5_get_error_message().
497 *
498 * @ingroup krb5_principal
499 */
500
501 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_unparse_name_fixed(krb5_context context,krb5_const_principal principal,char * name,size_t len)502 krb5_unparse_name_fixed(krb5_context context,
503 krb5_const_principal principal,
504 char *name,
505 size_t len)
506 {
507 return unparse_name_fixed(context, principal, name, len, 0);
508 }
509
510 /**
511 * Unparse the principal name to a fixed buffer. The realm is skipped
512 * if its a default realm.
513 *
514 * @param context A Kerberos context.
515 * @param principal principal to unparse
516 * @param name buffer to write name to
517 * @param len length of buffer
518 *
519 * @return An krb5 error code, see krb5_get_error_message().
520 *
521 * @ingroup krb5_principal
522 */
523
524 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_unparse_name_fixed_short(krb5_context context,krb5_const_principal principal,char * name,size_t len)525 krb5_unparse_name_fixed_short(krb5_context context,
526 krb5_const_principal principal,
527 char *name,
528 size_t len)
529 {
530 return unparse_name_fixed(context, principal, name, len,
531 KRB5_PRINCIPAL_UNPARSE_SHORT);
532 }
533
534 /**
535 * Unparse the principal name with unparse flags to a fixed buffer.
536 *
537 * @param context A Kerberos context.
538 * @param principal principal to unparse
539 * @param flags unparse flags
540 * @param name buffer to write name to
541 * @param len length of buffer
542 *
543 * @return An krb5 error code, see krb5_get_error_message().
544 *
545 * @ingroup krb5_principal
546 */
547
548 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_unparse_name_fixed_flags(krb5_context context,krb5_const_principal principal,int flags,char * name,size_t len)549 krb5_unparse_name_fixed_flags(krb5_context context,
550 krb5_const_principal principal,
551 int flags,
552 char *name,
553 size_t len)
554 {
555 return unparse_name_fixed(context, principal, name, len, flags);
556 }
557
558 static krb5_error_code
unparse_name(krb5_context context,krb5_const_principal principal,char ** name,int flags)559 unparse_name(krb5_context context,
560 krb5_const_principal principal,
561 char **name,
562 int flags)
563 {
564 size_t len = 0, plen;
565 size_t i;
566 krb5_error_code ret;
567 /* count length */
568 if (princ_realm(principal)) {
569 plen = strlen(princ_realm(principal));
570
571 if(strcspn(princ_realm(principal), quotable_chars) == plen)
572 len += plen;
573 else
574 len += 2*plen;
575 len++; /* '@' */
576 }
577 for(i = 0; i < princ_num_comp(principal); i++){
578 plen = strlen(princ_ncomp(principal, i));
579 if(strcspn(princ_ncomp(principal, i), quotable_chars) == plen)
580 len += plen;
581 else
582 len += 2*plen;
583 len++;
584 }
585 len++; /* '\0' */
586 *name = malloc(len);
587 if(*name == NULL)
588 return krb5_enomem(context);
589 ret = unparse_name_fixed(context, principal, *name, len, flags);
590 if(ret) {
591 free(*name);
592 *name = NULL;
593 }
594 return ret;
595 }
596
597 /**
598 * Unparse the Kerberos name into a string
599 *
600 * @param context Kerberos 5 context
601 * @param principal principal to query
602 * @param name resulting string, free with krb5_xfree()
603 *
604 * @return An krb5 error code, see krb5_get_error_message().
605 *
606 * @ingroup krb5_principal
607 */
608
609 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_unparse_name(krb5_context context,krb5_const_principal principal,char ** name)610 krb5_unparse_name(krb5_context context,
611 krb5_const_principal principal,
612 char **name)
613 {
614 return unparse_name(context, principal, name, 0);
615 }
616
617 /**
618 * Unparse the Kerberos name into a string
619 *
620 * @param context Kerberos 5 context
621 * @param principal principal to query
622 * @param flags flag to determine the behavior
623 * @param name resulting string, free with krb5_xfree()
624 *
625 * @return An krb5 error code, see krb5_get_error_message().
626 *
627 * @ingroup krb5_principal
628 */
629
630 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_unparse_name_flags(krb5_context context,krb5_const_principal principal,int flags,char ** name)631 krb5_unparse_name_flags(krb5_context context,
632 krb5_const_principal principal,
633 int flags,
634 char **name)
635 {
636 return unparse_name(context, principal, name, flags);
637 }
638
639 /**
640 * Unparse the principal name to a allocated buffer. The realm is
641 * skipped if its a default realm.
642 *
643 * @param context A Kerberos context.
644 * @param principal principal to unparse
645 * @param name returned buffer, free with krb5_xfree()
646 *
647 * @return An krb5 error code, see krb5_get_error_message().
648 *
649 * @ingroup krb5_principal
650 */
651
652 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_unparse_name_short(krb5_context context,krb5_const_principal principal,char ** name)653 krb5_unparse_name_short(krb5_context context,
654 krb5_const_principal principal,
655 char **name)
656 {
657 return unparse_name(context, principal, name, KRB5_PRINCIPAL_UNPARSE_SHORT);
658 }
659
660 /**
661 * Set a new realm for a principal, and as a side-effect free the
662 * previous realm.
663 *
664 * @param context A Kerberos context.
665 * @param principal principal set the realm for
666 * @param realm the new realm to set
667 *
668 * @return An krb5 error code, see krb5_get_error_message().
669 *
670 * @ingroup krb5_principal
671 */
672
673 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_principal_set_realm(krb5_context context,krb5_principal principal,krb5_const_realm realm)674 krb5_principal_set_realm(krb5_context context,
675 krb5_principal principal,
676 krb5_const_realm realm)
677 {
678 if (princ_realm(principal))
679 free(princ_realm(principal));
680
681 if (realm == NULL)
682 princ_realm(principal) = NULL;
683 else if ((princ_realm(principal) = strdup(realm)) == NULL)
684 return krb5_enomem(context);
685 return 0;
686 }
687
688 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_principal_set_comp_string(krb5_context context,krb5_principal principal,unsigned int k,const char * component)689 krb5_principal_set_comp_string(krb5_context context,
690 krb5_principal principal,
691 unsigned int k,
692 const char *component)
693 {
694 char *s;
695 size_t i;
696
697 for (i = princ_num_comp(principal); i <= k; i++)
698 append_component(context, principal, "", 0);
699 s = strdup(component);
700 if (s == NULL)
701 return krb5_enomem(context);
702 free(princ_ncomp(principal, k));
703 princ_ncomp(principal, k) = s;
704 return 0;
705 }
706
707 #ifndef HEIMDAL_SMALLER
708 /**
709 * Build a principal using vararg style building
710 *
711 * @param context A Kerberos context.
712 * @param principal returned principal
713 * @param rlen length of realm
714 * @param realm realm name
715 * @param ... a list of components ended with NULL.
716 *
717 * @return An krb5 error code, see krb5_get_error_message().
718 *
719 * @ingroup krb5_principal
720 */
721
722 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_build_principal(krb5_context context,krb5_principal * principal,int rlen,krb5_const_realm realm,...)723 krb5_build_principal(krb5_context context,
724 krb5_principal *principal,
725 int rlen,
726 krb5_const_realm realm,
727 ...)
728 {
729 krb5_error_code ret;
730 va_list ap;
731 va_start(ap, realm);
732 ret = krb5_build_principal_va(context, principal, rlen, realm, ap);
733 va_end(ap);
734 return ret;
735 }
736 #endif
737
738 /**
739 * Build a principal using vararg style building
740 *
741 * @param context A Kerberos context.
742 * @param principal returned principal
743 * @param realm realm name
744 * @param ... a list of components ended with NULL.
745 *
746 * @return An krb5 error code, see krb5_get_error_message().
747 *
748 * @ingroup krb5_principal
749 */
750
751 /* coverity[+alloc : arg-*1] */
752 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_make_principal(krb5_context context,krb5_principal * principal,krb5_const_realm realm,...)753 krb5_make_principal(krb5_context context,
754 krb5_principal *principal,
755 krb5_const_realm realm,
756 ...)
757 {
758 krb5_error_code ret;
759 krb5_realm r = NULL;
760 va_list ap;
761 if(realm == NULL) {
762 ret = krb5_get_default_realm(context, &r);
763 if(ret)
764 return ret;
765 realm = r;
766 }
767 va_start(ap, realm);
768 ret = krb5_build_principal_va(context, principal, strlen(realm), realm, ap);
769 va_end(ap);
770 if(r)
771 krb5_free_default_realm(context, r);
772 return ret;
773 }
774
775 static krb5_error_code
append_component(krb5_context context,krb5_principal p,const char * comp,size_t comp_len)776 append_component(krb5_context context, krb5_principal p,
777 const char *comp,
778 size_t comp_len)
779 {
780 heim_general_string *tmp;
781 size_t len = princ_num_comp(p);
782
783 tmp = realloc(princ_comp(p), (len + 1) * sizeof(*tmp));
784 if(tmp == NULL)
785 return krb5_enomem(context);
786 princ_comp(p) = tmp;
787 princ_ncomp(p, len) = malloc(comp_len + 1);
788 if (princ_ncomp(p, len) == NULL)
789 return krb5_enomem(context);
790 memcpy (princ_ncomp(p, len), comp, comp_len);
791 princ_ncomp(p, len)[comp_len] = '\0';
792 princ_num_comp(p)++;
793 return 0;
794 }
795
796 static krb5_error_code
va_ext_princ(krb5_context context,krb5_principal p,va_list ap)797 va_ext_princ(krb5_context context, krb5_principal p, va_list ap)
798 {
799 krb5_error_code ret = 0;
800
801 while (1){
802 const char *s;
803 int len;
804
805 if ((len = va_arg(ap, int)) == 0)
806 break;
807 s = va_arg(ap, const char*);
808 if ((ret = append_component(context, p, s, len)) != 0)
809 break;
810 }
811 return ret;
812 }
813
814 static krb5_error_code
va_princ(krb5_context context,krb5_principal p,va_list ap)815 va_princ(krb5_context context, krb5_principal p, va_list ap)
816 {
817 krb5_error_code ret = 0;
818
819 while (1){
820 const char *s;
821
822 if ((s = va_arg(ap, const char*)) == NULL)
823 break;
824 if ((ret = append_component(context, p, s, strlen(s))) != 0)
825 break;
826 }
827 return ret;
828 }
829
830 static krb5_error_code
build_principal(krb5_context context,krb5_principal * principal,int rlen,krb5_const_realm realm,krb5_error_code (* func)(krb5_context,krb5_principal,va_list),va_list ap)831 build_principal(krb5_context context,
832 krb5_principal *principal,
833 int rlen,
834 krb5_const_realm realm,
835 krb5_error_code (*func)(krb5_context, krb5_principal, va_list),
836 va_list ap)
837 {
838 krb5_error_code ret;
839 krb5_principal p;
840
841 *principal = NULL;
842 p = calloc(1, sizeof(*p));
843 if (p == NULL)
844 return krb5_enomem(context);
845
846 princ_realm(p) = strdup(realm);
847 if (p->realm == NULL) {
848 free(p);
849 return krb5_enomem(context);
850 }
851
852 ret = func(context, p, ap);
853 if (ret == 0) {
854 *principal = p;
855 set_default_princ_type(p, KRB5_NT_PRINCIPAL);
856 } else
857 krb5_free_principal(context, p);
858 return ret;
859 }
860
861 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_build_principal_va(krb5_context context,krb5_principal * principal,int rlen,krb5_const_realm realm,va_list ap)862 krb5_build_principal_va(krb5_context context,
863 krb5_principal *principal,
864 int rlen,
865 krb5_const_realm realm,
866 va_list ap)
867 {
868 return build_principal(context, principal, rlen, realm, va_princ, ap);
869 }
870
871 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_build_principal_va_ext(krb5_context context,krb5_principal * principal,int rlen,krb5_const_realm realm,va_list ap)872 krb5_build_principal_va_ext(krb5_context context,
873 krb5_principal *principal,
874 int rlen,
875 krb5_const_realm realm,
876 va_list ap)
877 {
878 return build_principal(context, principal, rlen, realm, va_ext_princ, ap);
879 }
880
881
882 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_build_principal_ext(krb5_context context,krb5_principal * principal,int rlen,krb5_const_realm realm,...)883 krb5_build_principal_ext(krb5_context context,
884 krb5_principal *principal,
885 int rlen,
886 krb5_const_realm realm,
887 ...)
888 {
889 krb5_error_code ret;
890 va_list ap;
891 va_start(ap, realm);
892 ret = krb5_build_principal_va_ext(context, principal, rlen, realm, ap);
893 va_end(ap);
894 return ret;
895 }
896
897 /**
898 * Copy a principal
899 *
900 * @param context A Kerberos context.
901 * @param inprinc principal to copy
902 * @param outprinc copied principal, free with krb5_free_principal()
903 *
904 * @return An krb5 error code, see krb5_get_error_message().
905 *
906 * @ingroup krb5_principal
907 */
908
909
910 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_principal(krb5_context context,krb5_const_principal inprinc,krb5_principal * outprinc)911 krb5_copy_principal(krb5_context context,
912 krb5_const_principal inprinc,
913 krb5_principal *outprinc)
914 {
915 krb5_principal p = malloc(sizeof(*p));
916 if (p == NULL)
917 return krb5_enomem(context);
918 if(copy_Principal(inprinc, p)) {
919 free(p);
920 return krb5_enomem(context);
921 }
922 *outprinc = p;
923 return 0;
924 }
925
926 /**
927 * Return TRUE iff princ1 == princ2 (without considering the realm)
928 *
929 * @param context Kerberos 5 context
930 * @param princ1 first principal to compare
931 * @param princ2 second principal to compare
932 *
933 * @return non zero if equal, 0 if not
934 *
935 * @ingroup krb5_principal
936 * @see krb5_principal_compare()
937 * @see krb5_realm_compare()
938 */
939
940 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_principal_compare_any_realm(krb5_context context,krb5_const_principal princ1,krb5_const_principal princ2)941 krb5_principal_compare_any_realm(krb5_context context,
942 krb5_const_principal princ1,
943 krb5_const_principal princ2)
944 {
945 size_t i;
946 if(princ_num_comp(princ1) != princ_num_comp(princ2))
947 return FALSE;
948 for(i = 0; i < princ_num_comp(princ1); i++){
949 if(strcmp(princ_ncomp(princ1, i), princ_ncomp(princ2, i)) != 0)
950 return FALSE;
951 }
952 return TRUE;
953 }
954
955 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
_krb5_principal_compare_PrincipalName(krb5_context context,krb5_const_principal princ1,PrincipalName * princ2)956 _krb5_principal_compare_PrincipalName(krb5_context context,
957 krb5_const_principal princ1,
958 PrincipalName *princ2)
959 {
960 size_t i;
961 if (princ_num_comp(princ1) != princ2->name_string.len)
962 return FALSE;
963 for(i = 0; i < princ_num_comp(princ1); i++){
964 if(strcmp(princ_ncomp(princ1, i), princ2->name_string.val[i]) != 0)
965 return FALSE;
966 }
967 return TRUE;
968 }
969
970
971 /**
972 * Compares the two principals, including realm of the principals and returns
973 * TRUE if they are the same and FALSE if not.
974 *
975 * @param context Kerberos 5 context
976 * @param princ1 first principal to compare
977 * @param princ2 second principal to compare
978 *
979 * @ingroup krb5_principal
980 * @see krb5_principal_compare_any_realm()
981 * @see krb5_realm_compare()
982 */
983
984 /*
985 * return TRUE iff princ1 == princ2
986 */
987
988 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_principal_compare(krb5_context context,krb5_const_principal princ1,krb5_const_principal princ2)989 krb5_principal_compare(krb5_context context,
990 krb5_const_principal princ1,
991 krb5_const_principal princ2)
992 {
993 if (!krb5_realm_compare(context, princ1, princ2))
994 return FALSE;
995 return krb5_principal_compare_any_realm(context, princ1, princ2);
996 }
997
998 /**
999 * return TRUE iff realm(princ1) == realm(princ2)
1000 *
1001 * @param context Kerberos 5 context
1002 * @param princ1 first principal to compare
1003 * @param princ2 second principal to compare
1004 *
1005 * @ingroup krb5_principal
1006 * @see krb5_principal_compare_any_realm()
1007 * @see krb5_principal_compare()
1008 */
1009
1010 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_realm_compare(krb5_context context,krb5_const_principal princ1,krb5_const_principal princ2)1011 krb5_realm_compare(krb5_context context,
1012 krb5_const_principal princ1,
1013 krb5_const_principal princ2)
1014 {
1015 return strcmp(princ_realm(princ1), princ_realm(princ2)) == 0;
1016 }
1017
1018 /**
1019 * return TRUE iff princ matches pattern
1020 *
1021 * @ingroup krb5_principal
1022 */
1023
1024 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_principal_match(krb5_context context,krb5_const_principal princ,krb5_const_principal pattern)1025 krb5_principal_match(krb5_context context,
1026 krb5_const_principal princ,
1027 krb5_const_principal pattern)
1028 {
1029 size_t i;
1030 if(princ_num_comp(princ) != princ_num_comp(pattern))
1031 return FALSE;
1032 if(fnmatch(princ_realm(pattern), princ_realm(princ), 0) != 0)
1033 return FALSE;
1034 for(i = 0; i < princ_num_comp(princ); i++){
1035 if(fnmatch(princ_ncomp(pattern, i), princ_ncomp(princ, i), 0) != 0)
1036 return FALSE;
1037 }
1038 return TRUE;
1039 }
1040
1041 /*
1042 * This is the original krb5_sname_to_principal(), renamed to be a
1043 * helper of the new one.
1044 */
1045 static krb5_error_code
krb5_sname_to_principal_old(krb5_context context,const char * realm,const char * hostname,const char * sname,int32_t type,krb5_principal * ret_princ)1046 krb5_sname_to_principal_old(krb5_context context,
1047 const char *realm,
1048 const char *hostname,
1049 const char *sname,
1050 int32_t type,
1051 krb5_principal *ret_princ)
1052 {
1053 krb5_error_code ret;
1054 char localhost[MAXHOSTNAMELEN];
1055 char **realms = NULL, *host = NULL;
1056
1057 if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) {
1058 krb5_set_error_message(context, KRB5_SNAME_UNSUPP_NAMETYPE,
1059 N_("unsupported name type %d", ""),
1060 (int)type);
1061 return KRB5_SNAME_UNSUPP_NAMETYPE;
1062 }
1063 if(hostname == NULL) {
1064 ret = gethostname(localhost, sizeof(localhost) - 1);
1065 if (ret != 0) {
1066 ret = errno;
1067 krb5_set_error_message(context, ret,
1068 N_("Failed to get local hostname", ""));
1069 return ret;
1070 }
1071 localhost[sizeof(localhost) - 1] = '\0';
1072 hostname = localhost;
1073 }
1074 if(sname == NULL)
1075 sname = "host";
1076 if(type == KRB5_NT_SRV_HST) {
1077 if (realm)
1078 ret = krb5_expand_hostname(context, hostname, &host);
1079 else
1080 ret = krb5_expand_hostname_realms(context, hostname,
1081 &host, &realms);
1082 if (ret)
1083 return ret;
1084 strlwr(host);
1085 hostname = host;
1086 if (!realm)
1087 realm = realms[0];
1088 } else if (!realm) {
1089 ret = krb5_get_host_realm(context, hostname, &realms);
1090 if(ret)
1091 return ret;
1092 realm = realms[0];
1093 }
1094
1095 ret = krb5_make_principal(context, ret_princ, realm, sname,
1096 hostname, NULL);
1097 if(host)
1098 free(host);
1099 if (realms)
1100 krb5_free_host_realm(context, realms);
1101 return ret;
1102 }
1103
1104 static const struct {
1105 const char *type;
1106 int32_t value;
1107 } nametypes[] = {
1108 { "UNKNOWN", KRB5_NT_UNKNOWN },
1109 { "PRINCIPAL", KRB5_NT_PRINCIPAL },
1110 { "SRV_INST", KRB5_NT_SRV_INST },
1111 { "SRV_HST", KRB5_NT_SRV_HST },
1112 { "SRV_XHST", KRB5_NT_SRV_XHST },
1113 { "UID", KRB5_NT_UID },
1114 { "X500_PRINCIPAL", KRB5_NT_X500_PRINCIPAL },
1115 { "SMTP_NAME", KRB5_NT_SMTP_NAME },
1116 { "ENTERPRISE_PRINCIPAL", KRB5_NT_ENTERPRISE_PRINCIPAL },
1117 { "WELLKNOWN", KRB5_NT_WELLKNOWN },
1118 { "SRV_HST_DOMAIN", KRB5_NT_SRV_HST_DOMAIN },
1119 { "ENT_PRINCIPAL_AND_ID", KRB5_NT_ENT_PRINCIPAL_AND_ID },
1120 { "MS_PRINCIPAL", KRB5_NT_MS_PRINCIPAL },
1121 { "MS_PRINCIPAL_AND_ID", KRB5_NT_MS_PRINCIPAL_AND_ID },
1122 { "SRV_HST_NEEDS_CANON", KRB5_NT_SRV_HST_NEEDS_CANON },
1123 { NULL, 0 }
1124 };
1125
1126 /**
1127 * Parse nametype string and return a nametype integer
1128 *
1129 * @ingroup krb5_principal
1130 */
1131
1132 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_parse_nametype(krb5_context context,const char * str,int32_t * nametype)1133 krb5_parse_nametype(krb5_context context, const char *str, int32_t *nametype)
1134 {
1135 size_t i;
1136
1137 for(i = 0; nametypes[i].type; i++) {
1138 if (strcasecmp(nametypes[i].type, str) == 0) {
1139 *nametype = nametypes[i].value;
1140 return 0;
1141 }
1142 }
1143 krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
1144 N_("Failed to find name type %s", ""), str);
1145 return KRB5_PARSE_MALFORMED;
1146 }
1147
1148 /**
1149 * Returns true if name is Kerberos NULL name
1150 *
1151 * @ingroup krb5_principal
1152 */
1153
1154 krb5_boolean KRB5_LIB_FUNCTION
krb5_principal_is_null(krb5_context context,krb5_const_principal principal)1155 krb5_principal_is_null(krb5_context context, krb5_const_principal principal)
1156 {
1157 if (principal->name.name_type == KRB5_NT_WELLKNOWN &&
1158 principal->name.name_string.len == 2 &&
1159 strcmp(principal->name.name_string.val[0], "WELLKNOWN") == 0 &&
1160 strcmp(principal->name.name_string.val[1], "NULL") == 0)
1161 return TRUE;
1162 return FALSE;
1163 }
1164
1165 const char _krb5_wellknown_lkdc[] = "WELLKNOWN:COM.APPLE.LKDC";
1166 static const char lkdc_prefix[] = "LKDC:";
1167
1168 /**
1169 * Returns true if name is Kerberos an LKDC realm
1170 *
1171 * @ingroup krb5_principal
1172 */
1173
1174 krb5_boolean KRB5_LIB_FUNCTION
krb5_realm_is_lkdc(const char * realm)1175 krb5_realm_is_lkdc(const char *realm)
1176 {
1177
1178 return strncmp(realm, lkdc_prefix, sizeof(lkdc_prefix)-1) == 0 ||
1179 strncmp(realm, _krb5_wellknown_lkdc, sizeof(_krb5_wellknown_lkdc) - 1) == 0;
1180 }
1181
1182 /**
1183 * Returns true if name is Kerberos an LKDC realm
1184 *
1185 * @ingroup krb5_principal
1186 */
1187
1188 krb5_boolean KRB5_LIB_FUNCTION
krb5_principal_is_lkdc(krb5_context context,krb5_const_principal principal)1189 krb5_principal_is_lkdc(krb5_context context, krb5_const_principal principal)
1190 {
1191 return krb5_realm_is_lkdc(principal->realm);
1192 }
1193
1194 /**
1195 * Returns true if name is Kerberos an LKDC realm
1196 *
1197 * @ingroup krb5_principal
1198 */
1199
1200 krb5_boolean KRB5_LIB_FUNCTION
krb5_principal_is_pku2u(krb5_context context,krb5_const_principal principal)1201 krb5_principal_is_pku2u(krb5_context context, krb5_const_principal principal)
1202 {
1203 return strcmp(principal->realm, KRB5_PKU2U_REALM_NAME) == 0;
1204 }
1205
1206 /**
1207 * Check if the cname part of the principal is a krbtgt principal
1208 *
1209 * @ingroup krb5_principal
1210 */
1211
1212 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_principal_is_krbtgt(krb5_context context,krb5_const_principal p)1213 krb5_principal_is_krbtgt(krb5_context context, krb5_const_principal p)
1214 {
1215 return p->name.name_string.len == 2 &&
1216 strcmp(p->name.name_string.val[0], KRB5_TGS_NAME) == 0;
1217 }
1218
1219 /**
1220 * Returns true iff name is an WELLKNOWN:ORG.H5L.HOSTBASED-SERVICE
1221 *
1222 * @ingroup krb5_principal
1223 */
1224
1225 krb5_boolean KRB5_LIB_FUNCTION
krb5_principal_is_gss_hostbased_service(krb5_context context,krb5_const_principal principal)1226 krb5_principal_is_gss_hostbased_service(krb5_context context,
1227 krb5_const_principal principal)
1228 {
1229 if (principal == NULL)
1230 return FALSE;
1231 if (principal->name.name_string.len != 2)
1232 return FALSE;
1233 if (strcmp(principal->name.name_string.val[1], KRB5_GSS_HOSTBASED_SERVICE_NAME) != 0)
1234 return FALSE;
1235 return TRUE;
1236 }
1237
1238 /**
1239 * Check if the cname part of the principal is a initial or renewed krbtgt principal
1240 *
1241 * @ingroup krb5_principal
1242 */
1243
1244 krb5_boolean KRB5_LIB_FUNCTION
krb5_principal_is_root_krbtgt(krb5_context context,krb5_const_principal p)1245 krb5_principal_is_root_krbtgt(krb5_context context, krb5_const_principal p)
1246 {
1247 return p->name.name_string.len == 2 &&
1248 strcmp(p->name.name_string.val[0], KRB5_TGS_NAME) == 0 &&
1249 strcmp(p->name.name_string.val[1], p->realm) == 0;
1250 }
1251
1252 /**
1253 * Returns true iff name is WELLKNOWN/ANONYMOUS
1254 *
1255 * @ingroup krb5_principal
1256 */
1257
1258 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_principal_is_anonymous(krb5_context context,krb5_const_principal p,unsigned int flags)1259 krb5_principal_is_anonymous(krb5_context context,
1260 krb5_const_principal p,
1261 unsigned int flags)
1262 {
1263 /*
1264 * Heimdal versions 7.5 and below left the name-type at KRB5_NT_PRINCIPAL
1265 * even with anonymous pkinit responses. To retain interoperability with
1266 * legacy KDCs, the name-type is not checked by the client after requesting
1267 * a fully anonymous ticket.
1268 */
1269 if (!(flags & KRB5_ANON_IGNORE_NAME_TYPE) &&
1270 p->name.name_type != KRB5_NT_WELLKNOWN &&
1271 p->name.name_type != KRB5_NT_UNKNOWN)
1272 return FALSE;
1273
1274 if (p->name.name_string.len != 2 ||
1275 strcmp(p->name.name_string.val[0], KRB5_WELLKNOWN_NAME) != 0 ||
1276 strcmp(p->name.name_string.val[1], KRB5_ANON_NAME) != 0)
1277 return FALSE;
1278
1279 /*
1280 * While unauthenticated clients SHOULD get "WELLKNOWN:ANONYMOUS" as their
1281 * realm, Heimdal KDCs prior to 7.0 returned the requested realm. While
1282 * such tickets might lead *servers* to unwittingly grant access to fully
1283 * anonymous clients, trusting that the client was authenticated to the
1284 * realm in question, doing it right is the KDC's job, the client should
1285 * not refuse such a ticket.
1286 *
1287 * If we ever do decide to enforce WELLKNOWN:ANONYMOUS for unauthenticated
1288 * clients, it is essential that calls that pass KRB5_ANON_MATCH_ANY still
1289 * ignore the realm, as in that case either case matches one of the two
1290 * possible conditions.
1291 */
1292 if (flags & KRB5_ANON_MATCH_UNAUTHENTICATED)
1293 return TRUE;
1294
1295 /*
1296 * Finally, authenticated clients that asked to be only anonymized do
1297 * legitimately expect a non-anon realm.
1298 */
1299 return strcmp(p->realm, KRB5_ANON_REALM) != 0;
1300 }
1301
1302 static int
tolower_ascii(int c)1303 tolower_ascii(int c)
1304 {
1305 if (c >= 'A' || c <= 'Z')
1306 return 'a' + (c - 'A');
1307 return c;
1308 }
1309
1310 typedef enum krb5_name_canon_rule_type {
1311 KRB5_NCRT_BOGUS = 0,
1312 KRB5_NCRT_AS_IS,
1313 KRB5_NCRT_QUALIFY,
1314 KRB5_NCRT_NSS
1315 } krb5_name_canon_rule_type;
1316
1317 #ifdef UINT8_MAX
1318 #define MAXDOTS UINT8_MAX
1319 #else
1320 #define MAXDOTS (255U)
1321 #endif
1322 #ifdef UINT16_MAX
1323 #define MAXORDER UINT16_MAX
1324 #else
1325 #define MAXORDER (65535U)
1326 #endif
1327
1328 struct krb5_name_canon_rule_data {
1329 krb5_name_canon_rule_type type;
1330 krb5_name_canon_rule_options options;
1331 uint8_t mindots; /* match this many dots or more */
1332 uint8_t maxdots; /* match no more than this many dots */
1333 uint16_t explicit_order; /* given order */
1334 uint16_t order; /* actual order */
1335 char *match_domain; /* match this stem */
1336 char *match_realm; /* match this realm */
1337 char *domain; /* qualify with this domain */
1338 char *realm; /* qualify with this realm */
1339 };
1340
1341 /**
1342 * Create a principal for the given service running on the given
1343 * hostname. If KRB5_NT_SRV_HST is used, the hostname is canonicalized
1344 * according the configured name canonicalization rules, with
1345 * canonicalization delayed in some cases. One rule involves DNS, which
1346 * is insecure unless DNSSEC is used, but we don't use DNSSEC-capable
1347 * resolver APIs here, so that if DNSSEC is used we wouldn't know it.
1348 *
1349 * Canonicalization is immediate (not delayed) only when there is only
1350 * one canonicalization rule and that rule indicates that we should do a
1351 * host lookup by name (i.e., DNS).
1352 *
1353 * @param context A Kerberos context.
1354 * @param hostname hostname to use
1355 * @param sname Service name to use
1356 * @param type name type of principal, use KRB5_NT_SRV_HST or KRB5_NT_UNKNOWN.
1357 * @param ret_princ return principal, free with krb5_free_principal().
1358 *
1359 * @return An krb5 error code, see krb5_get_error_message().
1360 *
1361 * @ingroup krb5_principal
1362 */
1363
1364 /* coverity[+alloc : arg-*4] */
1365 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_sname_to_principal(krb5_context context,const char * hostname,const char * sname,int32_t type,krb5_principal * ret_princ)1366 krb5_sname_to_principal(krb5_context context,
1367 const char *hostname,
1368 const char *sname,
1369 int32_t type,
1370 krb5_principal *ret_princ)
1371 {
1372 char *realm, *remote_host;
1373 krb5_error_code ret;
1374 register char *cp;
1375 char localname[MAXHOSTNAMELEN];
1376
1377 *ret_princ = NULL;
1378
1379 if ((type != KRB5_NT_UNKNOWN) &&
1380 (type != KRB5_NT_SRV_HST))
1381 return KRB5_SNAME_UNSUPP_NAMETYPE;
1382
1383 /* if hostname is NULL, use local hostname */
1384 if (hostname == NULL) {
1385 if (gethostname(localname, MAXHOSTNAMELEN))
1386 return errno;
1387 hostname = localname;
1388 }
1389
1390 /* if sname is NULL, use "host" */
1391 if (sname == NULL)
1392 sname = "host";
1393
1394 remote_host = strdup(hostname);
1395 if (remote_host == NULL)
1396 return krb5_enomem(context);
1397
1398 if (type == KRB5_NT_SRV_HST) {
1399 krb5_name_canon_rule rules;
1400
1401 /* Lower-case the hostname, because that's the convention */
1402 for (cp = remote_host; *cp; cp++)
1403 if (isupper((int) (*cp)))
1404 *cp = tolower((int) (*cp));
1405
1406 /*
1407 * If there is only one name canon rule and it says to
1408 * canonicalize the old way, do that now, as we used to.
1409 */
1410 ret = _krb5_get_name_canon_rules(context, &rules);
1411 if (ret) {
1412 _krb5_debug(context, 5, "Failed to get name canon rules: ret = %d",
1413 ret);
1414 free(remote_host);
1415 return ret;
1416 }
1417 if (rules[0].type == KRB5_NCRT_NSS &&
1418 rules[1].type == KRB5_NCRT_BOGUS) {
1419 _krb5_debug(context, 5, "Using nss for name canon immediately");
1420 ret = krb5_sname_to_principal_old(context, rules[0].realm,
1421 remote_host, sname,
1422 KRB5_NT_SRV_HST, ret_princ);
1423 free(remote_host);
1424 return ret;
1425 }
1426 }
1427
1428 /* Remove trailing dots */
1429 if (remote_host[0]) {
1430 for (cp = remote_host + strlen(remote_host)-1;
1431 *cp == '.' && cp > remote_host;
1432 cp--) {
1433 *cp = '\0';
1434 }
1435 }
1436
1437 realm = ""; /* "Referral realm" */
1438
1439 ret = krb5_build_principal(context, ret_princ, strlen(realm),
1440 realm, sname, remote_host,
1441 (char *)0);
1442
1443 if (ret == 0 && type == KRB5_NT_SRV_HST) {
1444 /*
1445 * Hostname canonicalization is done elsewhere (in
1446 * krb5_get_credentials() and krb5_kt_get_entry()).
1447 *
1448 * We overload the name type to indicate to those functions that
1449 * this principal name requires canonicalization.
1450 *
1451 * We can't use the empty realm to denote the need to
1452 * canonicalize the hostname too: it would mean that users who
1453 * want to assert knowledge of a service's realm must also know
1454 * the canonical hostname, but in practice they don't.
1455 */
1456 (*ret_princ)->name.name_type = KRB5_NT_SRV_HST_NEEDS_CANON;
1457
1458 _krb5_debug(context, 5, "Building a delayed canon principal for %s/%s@",
1459 sname, remote_host);
1460 }
1461
1462 free(remote_host);
1463 return ret;
1464 }
1465
1466 static void
tolower_str(char * s)1467 tolower_str(char *s)
1468 {
1469 for (; *s != '\0'; s++) {
1470 if (isupper(*s))
1471 *s = tolower_ascii(*s);
1472 }
1473 }
1474
1475 static krb5_error_code
rule_parse_token(krb5_context context,krb5_name_canon_rule rule,const char * tok)1476 rule_parse_token(krb5_context context, krb5_name_canon_rule rule,
1477 const char *tok)
1478 {
1479 long int n;
1480 int needs_type = rule->type == KRB5_NCRT_BOGUS;
1481
1482 /*
1483 * Rules consist of a sequence of tokens, some of which indicate
1484 * what type of rule the rule is, and some of which set rule options
1485 * or ancilliary data. Last rule type token wins.
1486 */
1487
1488 /* Rule type tokens: */
1489 if (needs_type && strcmp(tok, "as-is") == 0) {
1490 rule->type = KRB5_NCRT_AS_IS;
1491 } else if (needs_type && strcmp(tok, "qualify") == 0) {
1492 rule->type = KRB5_NCRT_QUALIFY;
1493 } else if (needs_type && strcmp(tok, "nss") == 0) {
1494 rule->type = KRB5_NCRT_NSS;
1495 /* Rule options: */
1496 } else if (strcmp(tok, "use_fast") == 0) {
1497 rule->options |= KRB5_NCRO_USE_FAST;
1498 } else if (strcmp(tok, "use_dnssec") == 0) {
1499 rule->options |= KRB5_NCRO_USE_DNSSEC;
1500 } else if (strcmp(tok, "ccache_only") == 0) {
1501 rule->options |= KRB5_NCRO_GC_ONLY;
1502 } else if (strcmp(tok, "no_referrals") == 0) {
1503 rule->options |= KRB5_NCRO_NO_REFERRALS;
1504 } else if (strcmp(tok, "use_referrals") == 0) {
1505 rule->options &= ~KRB5_NCRO_NO_REFERRALS;
1506 if (rule->realm == NULL) {
1507 rule->realm = strdup("");
1508 if (rule->realm == NULL)
1509 return krb5_enomem(context);
1510 }
1511 } else if (strcmp(tok, "lookup_realm") == 0) {
1512 rule->options |= KRB5_NCRO_LOOKUP_REALM;
1513 free(rule->realm);
1514 rule->realm = NULL;
1515 /* Rule ancilliary data: */
1516 } else if (strncmp(tok, "domain=", strlen("domain=")) == 0) {
1517 free(rule->domain);
1518 rule->domain = strdup(tok + strlen("domain="));
1519 if (rule->domain == NULL)
1520 return krb5_enomem(context);
1521 tolower_str(rule->domain);
1522 } else if (strncmp(tok, "realm=", strlen("realm=")) == 0) {
1523 free(rule->realm);
1524 rule->realm = strdup(tok + strlen("realm="));
1525 if (rule->realm == NULL)
1526 return krb5_enomem(context);
1527 } else if (strncmp(tok, "match_domain=", strlen("match_domain=")) == 0) {
1528 free(rule->match_domain);
1529 rule->match_domain = strdup(tok + strlen("match_domain="));
1530 if (rule->match_domain == NULL)
1531 return krb5_enomem(context);
1532 tolower_str(rule->match_domain);
1533 } else if (strncmp(tok, "match_realm=", strlen("match_realm=")) == 0) {
1534 free(rule->match_realm);
1535 rule->match_realm = strdup(tok + strlen("match_realm="));
1536 if (rule->match_realm == NULL)
1537 return krb5_enomem(context);
1538 } else if (strncmp(tok, "mindots=", strlen("mindots=")) == 0) {
1539 errno = 0;
1540 n = strtol(tok + strlen("mindots="), NULL, 10);
1541 if (errno == 0 && n > 0 && n <= MAXDOTS)
1542 rule->mindots = n;
1543 } else if (strncmp(tok, "maxdots=", strlen("maxdots=")) == 0) {
1544 errno = 0;
1545 n = strtol(tok + strlen("maxdots="), NULL, 10);
1546 if (errno == 0 && n > 0 && n <= MAXDOTS)
1547 rule->maxdots = n;
1548 } else if (strncmp(tok, "order=", strlen("order=")) == 0) {
1549 errno = 0;
1550 n = strtol(tok + strlen("order="), NULL, 10);
1551 if (errno == 0 && n > 0 && n <= MAXORDER)
1552 rule->explicit_order = n;
1553 } else {
1554 _krb5_debug(context, 5,
1555 "Unrecognized name canonicalization rule token %s", tok);
1556 return EINVAL;
1557 }
1558 return 0;
1559 }
1560
1561 static int
rule_cmp(const void * a,const void * b)1562 rule_cmp(const void *a, const void *b)
1563 {
1564 krb5_const_name_canon_rule left = a;
1565 krb5_const_name_canon_rule right = b;
1566
1567 if (left->type == KRB5_NCRT_BOGUS &&
1568 right->type == KRB5_NCRT_BOGUS)
1569 return 0;
1570 if (left->type == KRB5_NCRT_BOGUS)
1571 return 1;
1572 if (right->type == KRB5_NCRT_BOGUS)
1573 return -1;
1574 if (left->explicit_order < right->explicit_order)
1575 return -1;
1576 if (left->explicit_order > right->explicit_order)
1577 return 1;
1578 return left->order - right->order;
1579 }
1580
1581 static krb5_error_code
parse_name_canon_rules(krb5_context context,char ** rulestrs,krb5_name_canon_rule * rules)1582 parse_name_canon_rules(krb5_context context, char **rulestrs,
1583 krb5_name_canon_rule *rules)
1584 {
1585 krb5_error_code ret;
1586 char *tok;
1587 char *cp;
1588 char **cpp;
1589 size_t n;
1590 size_t i, k;
1591 int do_sort = 0;
1592 krb5_name_canon_rule r;
1593
1594 *rules = NULL;
1595
1596 for (n =0, cpp = rulestrs; cpp != NULL && *cpp != NULL; cpp++)
1597 n++;
1598
1599 n += 2; /* Always at least one rule; two for the default case */
1600
1601 if ((r = calloc(n, sizeof (*r))) == NULL)
1602 return krb5_enomem(context);
1603
1604 for (k = 0; k < n; k++) {
1605 r[k].type = KRB5_NCRT_BOGUS;
1606 r[k].match_domain = NULL;
1607 r[k].match_realm = NULL;
1608 r[k].domain = NULL;
1609 r[k].realm = NULL;
1610 }
1611
1612 for (i = 0, k = 0; i < n && rulestrs != NULL && rulestrs[i] != NULL; i++) {
1613 cp = rulestrs[i];
1614 r[k].explicit_order = MAXORDER; /* mark order, see below */
1615 r[k].maxdots = MAXDOTS;
1616 r[k].order = k; /* default order */
1617
1618 /* Tokenize and parse value */
1619 do {
1620 tok = cp;
1621 cp = strchr(cp, ':'); /* XXX use strtok_r() */
1622 if (cp)
1623 *cp++ = '\0'; /* delimit token */
1624 ret = rule_parse_token(context, &r[k], tok);
1625 if (ret == EINVAL) {
1626 r[k].type = KRB5_NCRT_BOGUS;
1627 break;
1628 }
1629 if (ret) {
1630 _krb5_free_name_canon_rules(context, r);
1631 return ret;
1632 }
1633 } while (cp && *cp);
1634 if (r[k].explicit_order != MAXORDER)
1635 do_sort = 1;
1636
1637 /* Validate parsed rule */
1638 if (r[k].type == KRB5_NCRT_BOGUS ||
1639 (r[k].type == KRB5_NCRT_QUALIFY && !r[k].domain) ||
1640 (r[k].type == KRB5_NCRT_NSS && r[k].domain)) {
1641 /* Invalid rule; mark it so and clean up */
1642 r[k].type = KRB5_NCRT_BOGUS;
1643 free(r[k].match_domain);
1644 free(r[k].match_realm);
1645 free(r[k].domain);
1646 free(r[k].realm);
1647 r[k].realm = NULL;
1648 r[k].domain = NULL;
1649 r[k].match_domain = NULL;
1650 r[k].match_realm = NULL;
1651 _krb5_debug(context, 5,
1652 "Ignoring invalid name canonicalization rule %lu",
1653 (unsigned long)i);
1654 continue;
1655 }
1656 k++; /* good rule */
1657 }
1658
1659 if (do_sort) {
1660 /*
1661 * Note that we make make this a stable sort by using appareance
1662 * and explicit order.
1663 */
1664 qsort(r, n, sizeof(r[0]), rule_cmp);
1665 }
1666
1667 if (r[0].type == KRB5_NCRT_BOGUS) {
1668 /* No rules, or no valid rules */
1669 r[0].type = KRB5_NCRT_NSS;
1670 }
1671
1672 *rules = r;
1673 return 0; /* We don't communicate bad rule errors here */
1674 }
1675
1676 /*
1677 * This exists only because the hostname canonicalization behavior in Heimdal
1678 * (and other implementations of Kerberos) has been to use getaddrinfo(),
1679 * unsafe though it is, for ages. We can't fix it in one day.
1680 */
1681 static void
make_rules_safe(krb5_context context,krb5_name_canon_rule rules)1682 make_rules_safe(krb5_context context, krb5_name_canon_rule rules)
1683 {
1684 /*
1685 * If the only rule were to use the name service (getaddrinfo()) then we're
1686 * bound to fail. We could try to convert that rule to an as-is rule, but
1687 * when we do get a validating resolver we'd be unhappy that we did such a
1688 * conversion. Better let the user get failures and make them think about
1689 * their naming rules.
1690 */
1691 if (rules == NULL)
1692 return;
1693 for (; rules[0].type != KRB5_NCRT_BOGUS; rules++) {
1694 if (rules->type == KRB5_NCRT_NSS)
1695 rules->options |= KRB5_NCRO_USE_DNSSEC;
1696 else
1697 rules->options |= KRB5_NCRO_USE_FAST;
1698 }
1699 }
1700
1701 /**
1702 * This function returns an array of host-based service name
1703 * canonicalization rules. The array of rules is organized as a list.
1704 * See the definition of krb5_name_canon_rule.
1705 *
1706 * @param context A Kerberos context.
1707 * @param rules Output location for array of rules.
1708 */
1709 KRB5_LIB_FUNCTION krb5_error_code
_krb5_get_name_canon_rules(krb5_context context,krb5_name_canon_rule * rules)1710 _krb5_get_name_canon_rules(krb5_context context, krb5_name_canon_rule *rules)
1711 {
1712 krb5_error_code ret;
1713 char **values = NULL;
1714
1715 *rules = context->name_canon_rules;
1716 if (*rules != NULL)
1717 return 0;
1718
1719 values = krb5_config_get_strings(context, NULL,
1720 "libdefaults", "name_canon_rules", NULL);
1721 ret = parse_name_canon_rules(context, values, rules);
1722 krb5_config_free_strings(values);
1723 if (ret)
1724 return ret;
1725
1726 if (krb5_config_get_bool_default(context, NULL, FALSE,
1727 "libdefaults", "safe_name_canon", NULL))
1728 make_rules_safe(context, *rules);
1729
1730 heim_assert(rules != NULL && (*rules)[0].type != KRB5_NCRT_BOGUS,
1731 "internal error in parsing principal name "
1732 "canonicalization rules");
1733
1734 /* Memoize */
1735 context->name_canon_rules = *rules;
1736
1737 return 0;
1738 }
1739
1740 static krb5_error_code
get_host_realm(krb5_context context,const char * hostname,char ** realm)1741 get_host_realm(krb5_context context, const char *hostname, char **realm)
1742 {
1743 krb5_error_code ret;
1744 char **hrealms = NULL;
1745
1746 *realm = NULL;
1747 ret = krb5_get_host_realm(context, hostname, &hrealms);
1748 if (ret)
1749 return ret;
1750 if (hrealms == NULL)
1751 return KRB5_ERR_HOST_REALM_UNKNOWN; /* krb5_set_error() already done */
1752 if (hrealms[0] == NULL) {
1753 krb5_free_host_realm(context, hrealms);
1754 return KRB5_ERR_HOST_REALM_UNKNOWN; /* krb5_set_error() already done */
1755 }
1756 *realm = strdup(hrealms[0]);
1757 krb5_free_host_realm(context, hrealms);
1758 if (*realm == NULL)
1759 return krb5_enomem(context);
1760 return 0;
1761 }
1762
1763 static int
is_domain_suffix(const char * domain,const char * suffix)1764 is_domain_suffix(const char *domain, const char *suffix)
1765 {
1766 size_t dlen = strlen(domain);
1767 size_t slen = strlen(suffix);
1768
1769 if (dlen < slen + 2)
1770 return 0;
1771
1772 if (strcasecmp(domain + (dlen - slen), suffix) != 0)
1773 return 0;
1774
1775 if (domain[(dlen - slen) - 1] != '.')
1776 return 0;
1777 return 1;
1778 }
1779
1780 /*
1781 * Applies a name canonicalization rule to a principal.
1782 *
1783 * Returns zero and no out_princ if the rule does not match.
1784 * Returns zero and an out_princ if the rule does match.
1785 */
1786 static krb5_error_code
apply_name_canon_rule(krb5_context context,krb5_name_canon_rule rules,size_t rule_idx,krb5_const_principal in_princ,krb5_principal * out_princ,krb5_name_canon_rule_options * rule_opts)1787 apply_name_canon_rule(krb5_context context, krb5_name_canon_rule rules,
1788 size_t rule_idx, krb5_const_principal in_princ,
1789 krb5_principal *out_princ,
1790 krb5_name_canon_rule_options *rule_opts)
1791 {
1792 krb5_name_canon_rule rule = &rules[rule_idx];
1793 krb5_error_code ret;
1794 unsigned int ndots = 0;
1795 krb5_principal nss = NULL;
1796 const char *sname = NULL;
1797 const char *orig_hostname = NULL;
1798 const char *new_hostname = NULL;
1799 const char *new_realm = NULL;
1800 const char *port = "";
1801 const char *cp;
1802 char *hostname_sans_port = NULL;
1803 char *hostname_with_port = NULL;
1804 char *tmp_hostname = NULL;
1805 char *tmp_realm = NULL;
1806
1807 *out_princ = NULL; /* Signal no match */
1808
1809 if (rule_opts != NULL)
1810 *rule_opts = rule->options;
1811
1812 if (rule->type == KRB5_NCRT_BOGUS)
1813 return 0; /* rule doesn't apply */
1814
1815 sname = krb5_principal_get_comp_string(context, in_princ, 0);
1816 orig_hostname = krb5_principal_get_comp_string(context, in_princ, 1);
1817
1818 /*
1819 * Some apps want to use the very non-standard svc/hostname:port@REALM
1820 * form. We do our best to support that here :(
1821 */
1822 port = strchr(orig_hostname, ':');
1823 if (port != NULL) {
1824 hostname_sans_port = strndup(orig_hostname, port - orig_hostname);
1825 if (hostname_sans_port == NULL)
1826 return krb5_enomem(context);
1827 orig_hostname = hostname_sans_port;
1828 }
1829
1830 _krb5_debug(context, 5, N_("Applying a name rule (type %d) to %s", ""),
1831 rule->type, orig_hostname);
1832
1833 if (rule->mindots > 0 || rule->maxdots > 0) {
1834 for (cp = strchr(orig_hostname, '.'); cp && *cp; cp = strchr(cp + 1, '.'))
1835 ndots++;
1836 }
1837 if (rule->mindots > 0 && ndots < rule->mindots)
1838 return 0;
1839 if (ndots > rule->maxdots)
1840 return 0;
1841
1842 if (rule->match_domain != NULL &&
1843 !is_domain_suffix(orig_hostname, rule->match_domain))
1844 return 0;
1845
1846 if (rule->match_realm != NULL &&
1847 strcmp(rule->match_realm, in_princ->realm) != 0)
1848 return 0;
1849
1850 new_realm = rule->realm;
1851 switch (rule->type) {
1852 case KRB5_NCRT_AS_IS:
1853 break;
1854
1855 case KRB5_NCRT_QUALIFY:
1856 heim_assert(rule->domain != NULL,
1857 "missing domain for qualify name canon rule");
1858 if (asprintf(&tmp_hostname, "%s.%s", orig_hostname,
1859 rule->domain) == -1 || tmp_hostname == NULL) {
1860 ret = krb5_enomem(context);
1861 goto out;
1862 }
1863 new_hostname = tmp_hostname;
1864 break;
1865
1866 case KRB5_NCRT_NSS:
1867 if ((rule->options & KRB5_NCRO_USE_DNSSEC)) {
1868 ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
1869 krb5_set_error_message(context, ret,
1870 "Secure hostname resolution not supported");
1871 goto out;
1872 }
1873 _krb5_debug(context, 5, "Using name service lookups");
1874 ret = krb5_sname_to_principal_old(context, rule->realm,
1875 orig_hostname, sname,
1876 KRB5_NT_SRV_HST,
1877 &nss);
1878 if (rules[rule_idx + 1].type != KRB5_NCRT_BOGUS &&
1879 (ret == KRB5_ERR_BAD_HOSTNAME ||
1880 ret == KRB5_ERR_HOST_REALM_UNKNOWN)) {
1881 /*
1882 * Bad hostname / realm unknown -> rule inapplicable if
1883 * there's more rules. If it's the last rule then we want
1884 * to return all errors from krb5_sname_to_principal_old()
1885 * here.
1886 */
1887 ret = 0;
1888 goto out;
1889 }
1890 if (ret)
1891 goto out;
1892
1893 new_hostname = krb5_principal_get_comp_string(context, nss, 1);
1894 new_realm = krb5_principal_get_realm(context, nss);
1895 break;
1896
1897 default:
1898 /* Can't happen */
1899 ret = 0;
1900 goto out;
1901 }
1902
1903 /*
1904 * This rule applies.
1905 *
1906 * Copy in_princ and mutate the copy per the matched rule.
1907 *
1908 * This way we apply to principals with two or more components, such as
1909 * domain-based names.
1910 */
1911 ret = krb5_copy_principal(context, in_princ, out_princ);
1912 if (ret)
1913 goto out;
1914
1915 if (new_realm == NULL && (rule->options & KRB5_NCRO_LOOKUP_REALM) != 0) {
1916 ret = get_host_realm(context, new_hostname, &tmp_realm);
1917 if (ret)
1918 goto out;
1919 new_realm = tmp_realm;
1920 }
1921
1922 /* If we stripped off a :port, add it back in */
1923 if (port != NULL && new_hostname != NULL) {
1924 if (asprintf(&hostname_with_port, "%s%s", new_hostname, port) == -1 ||
1925 hostname_with_port == NULL) {
1926 ret = krb5_enomem(context);
1927 goto out;
1928 }
1929 new_hostname = hostname_with_port;
1930 }
1931
1932 if (new_realm != NULL)
1933 krb5_principal_set_realm(context, *out_princ, new_realm);
1934 if (new_hostname != NULL)
1935 krb5_principal_set_comp_string(context, *out_princ, 1, new_hostname);
1936 if (princ_type(*out_princ) == KRB5_NT_SRV_HST_NEEDS_CANON)
1937 princ_type(*out_princ) = KRB5_NT_SRV_HST;
1938
1939 /* Trace rule application */
1940 {
1941 krb5_error_code ret2;
1942 char *unparsed;
1943
1944 ret2 = krb5_unparse_name(context, *out_princ, &unparsed);
1945 if (ret2) {
1946 _krb5_debug(context, 5,
1947 N_("Couldn't unparse canonicalized princicpal (%d)",
1948 ""),
1949 ret);
1950 } else {
1951 _krb5_debug(context, 5,
1952 N_("Name canon rule application yields %s", ""),
1953 unparsed);
1954 free(unparsed);
1955 }
1956 }
1957
1958 out:
1959 free(hostname_sans_port);
1960 free(hostname_with_port);
1961 free(tmp_hostname);
1962 free(tmp_realm);
1963 krb5_free_principal(context, nss);
1964 if (ret)
1965 krb5_set_error_message(context, ret,
1966 N_("Name canon rule application failed", ""));
1967 return ret;
1968 }
1969
1970 /**
1971 * Free name canonicalization rules
1972 */
1973 KRB5_LIB_FUNCTION void
_krb5_free_name_canon_rules(krb5_context context,krb5_name_canon_rule rules)1974 _krb5_free_name_canon_rules(krb5_context context, krb5_name_canon_rule rules)
1975 {
1976 size_t k;
1977
1978 if (rules == NULL)
1979 return;
1980
1981 for (k = 0; rules[k].type != KRB5_NCRT_BOGUS; k++) {
1982 free(rules[k].match_domain);
1983 free(rules[k].match_realm);
1984 free(rules[k].domain);
1985 free(rules[k].realm);
1986 }
1987 free(rules);
1988 }
1989
1990 struct krb5_name_canon_iterator_data {
1991 krb5_name_canon_rule rules;
1992 krb5_const_principal in_princ; /* given princ */
1993 krb5_const_principal out_princ; /* princ to be output */
1994 krb5_principal tmp_princ; /* to be freed */
1995 int is_trivial; /* no canon to be done */
1996 int done; /* no more rules to be applied */
1997 size_t cursor; /* current/next rule */
1998 };
1999
2000 /**
2001 * Initialize name canonicalization iterator.
2002 *
2003 * @param context Kerberos context
2004 * @param in_princ principal name to be canonicalized OR
2005 * @param iter output iterator object
2006 */
2007 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_name_canon_iterator_start(krb5_context context,krb5_const_principal in_princ,krb5_name_canon_iterator * iter)2008 krb5_name_canon_iterator_start(krb5_context context,
2009 krb5_const_principal in_princ,
2010 krb5_name_canon_iterator *iter)
2011 {
2012 krb5_error_code ret;
2013 krb5_name_canon_iterator state;
2014
2015 *iter = NULL;
2016
2017 state = calloc(1, sizeof (*state));
2018 if (state == NULL)
2019 return krb5_enomem(context);
2020 state->in_princ = in_princ;
2021
2022 if (princ_type(state->in_princ) == KRB5_NT_SRV_HST_NEEDS_CANON) {
2023 ret = _krb5_get_name_canon_rules(context, &state->rules);
2024 if (ret)
2025 goto out;
2026 } else {
2027 /* Name needs no canon -> trivial iterator: in_princ is canonical */
2028 state->is_trivial = 1;
2029 }
2030
2031 *iter = state;
2032 return 0;
2033
2034 out:
2035 krb5_free_name_canon_iterator(context, state);
2036 return krb5_enomem(context);
2037 }
2038
2039 /*
2040 * Helper for name canon iteration.
2041 */
2042 static krb5_error_code
name_canon_iterate(krb5_context context,krb5_name_canon_iterator * iter,krb5_name_canon_rule_options * rule_opts)2043 name_canon_iterate(krb5_context context,
2044 krb5_name_canon_iterator *iter,
2045 krb5_name_canon_rule_options *rule_opts)
2046 {
2047 krb5_error_code ret;
2048 krb5_name_canon_iterator state = *iter;
2049
2050 if (rule_opts)
2051 *rule_opts = 0;
2052
2053 if (state == NULL)
2054 return 0;
2055
2056 if (state->done) {
2057 krb5_free_name_canon_iterator(context, state);
2058 *iter = NULL;
2059 return 0;
2060 }
2061
2062 if (state->is_trivial && !state->done) {
2063 state->out_princ = state->in_princ;
2064 state->done = 1;
2065 return 0;
2066 }
2067
2068 heim_assert(state->rules != NULL &&
2069 state->rules[state->cursor].type != KRB5_NCRT_BOGUS,
2070 "Internal error during name canonicalization");
2071
2072 do {
2073 krb5_free_principal(context, state->tmp_princ);
2074 ret = apply_name_canon_rule(context, state->rules, state->cursor,
2075 state->in_princ, &state->tmp_princ, rule_opts);
2076 if (ret) {
2077 krb5_free_name_canon_iterator(context, state);
2078 *iter = NULL;
2079 return ret;
2080 }
2081 state->cursor++;
2082 } while (state->tmp_princ == NULL &&
2083 state->rules[state->cursor].type != KRB5_NCRT_BOGUS);
2084
2085 if (state->rules[state->cursor].type == KRB5_NCRT_BOGUS)
2086 state->done = 1;
2087
2088 state->out_princ = state->tmp_princ;
2089 if (state->tmp_princ == NULL) {
2090 krb5_free_name_canon_iterator(context, state);
2091 *iter = NULL;
2092 return 0;
2093 }
2094 return 0;
2095 }
2096
2097 /**
2098 * Iteratively apply name canon rules, outputing a principal and rule
2099 * options each time. Iteration completes when the @iter is NULL on
2100 * return or when an error is returned. Callers must free the iterator
2101 * if they abandon it mid-way.
2102 *
2103 * @param context Kerberos context
2104 * @param iter name canon rule iterator (input/output)
2105 * @param try_princ output principal name
2106 * @param rule_opts output rule options
2107 */
2108 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_name_canon_iterate(krb5_context context,krb5_name_canon_iterator * iter,krb5_const_principal * try_princ,krb5_name_canon_rule_options * rule_opts)2109 krb5_name_canon_iterate(krb5_context context,
2110 krb5_name_canon_iterator *iter,
2111 krb5_const_principal *try_princ,
2112 krb5_name_canon_rule_options *rule_opts)
2113 {
2114 krb5_error_code ret;
2115
2116 *try_princ = NULL;
2117
2118 ret = name_canon_iterate(context, iter, rule_opts);
2119 if (*iter)
2120 *try_princ = (*iter)->out_princ;
2121 return ret;
2122 }
2123
2124 /**
2125 * Free a name canonicalization rule iterator.
2126 */
2127 KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_name_canon_iterator(krb5_context context,krb5_name_canon_iterator iter)2128 krb5_free_name_canon_iterator(krb5_context context,
2129 krb5_name_canon_iterator iter)
2130 {
2131 if (iter == NULL)
2132 return;
2133 if (iter->tmp_princ)
2134 krb5_free_principal(context, iter->tmp_princ);
2135 free(iter);
2136 }
2137