2007-08-24 19:50:12 +04:00
/*
2007-03-13 19:04:17 +03:00
Unix SMB / CIFS implementation .
kerberos locator plugin
2008-09-27 05:11:59 +04:00
Copyright ( C ) Guenther Deschner 2007 - 2008
2007-08-24 19:50:12 +04:00
2007-03-13 19:04:17 +03:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
the Free Software Foundation ; either version 3 of the License , or
2007-03-13 19:04:17 +03:00
( at your option ) any later version .
2007-08-24 19:50:12 +04:00
2007-03-13 19:04:17 +03:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2007-08-24 19:50:12 +04:00
2007-03-13 19:04:17 +03:00
You should have received a copy of the GNU General Public License
2007-07-10 04:52:41 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2007-03-13 19:04:17 +03:00
*/
2007-08-28 19:26:59 +04:00
# include "nsswitch/winbind_client.h"
2008-10-07 20:54:08 +04:00
# include "libwbclient/wbclient.h"
2007-08-28 19:26:59 +04:00
# ifndef DEBUG_KRB5
# undef DEBUG_KRB5
# endif
2007-03-13 19:04:17 +03:00
# if defined(HAVE_KRB5) && defined(HAVE_KRB5_LOCATE_PLUGIN_H)
# include <krb5/locate_plugin.h>
2007-08-29 14:12:43 +04:00
# ifndef KRB5_PLUGIN_NO_HANDLE
# define KRB5_PLUGIN_NO_HANDLE KRB5_KDC_UNREACH /* Heimdal */
# endif
2007-03-13 19:04:17 +03:00
static const char * get_service_from_locate_service_type ( enum locate_service_type svc )
{
switch ( svc ) {
case locate_service_kdc :
case locate_service_master_kdc :
return " 88 " ;
case locate_service_kadmin :
case locate_service_krb524 :
/* not supported */
return NULL ;
case locate_service_kpasswd :
return " 464 " ;
default :
break ;
}
return NULL ;
}
2007-08-28 19:26:59 +04:00
# ifdef DEBUG_KRB5
2007-03-13 19:04:17 +03:00
static const char * locate_service_type_name ( enum locate_service_type svc )
{
switch ( svc ) {
case locate_service_kdc :
return " locate_service_kdc " ;
case locate_service_master_kdc :
return " locate_service_master_kdc " ;
case locate_service_kadmin :
return " locate_service_kadmin " ;
case locate_service_krb524 :
return " locate_service_krb524 " ;
case locate_service_kpasswd :
return " locate_service_kpasswd " ;
default :
break ;
}
return NULL ;
}
static const char * socktype_name ( int socktype )
{
switch ( socktype ) {
case SOCK_STREAM :
return " SOCK_STREAM " ;
case SOCK_DGRAM :
return " SOCK_DGRAM " ;
default :
break ;
}
return " unknown " ;
}
static const char * family_name ( int family )
{
switch ( family ) {
case AF_UNSPEC :
return " AF_UNSPEC " ;
case AF_INET :
return " AF_INET " ;
2008-02-06 00:44:22 +03:00
# if defined(HAVE_IPV6)
2007-03-13 19:04:17 +03:00
case AF_INET6 :
return " AF_INET6 " ;
2007-10-25 01:16:54 +04:00
# endif
2007-03-13 19:04:17 +03:00
default :
break ;
}
return " unknown " ;
}
2007-08-28 19:26:59 +04:00
# endif
2007-03-13 19:04:17 +03:00
/**
* Check input parameters , return KRB5_PLUGIN_NO_HANDLE for unsupported ones
*
2007-08-24 19:50:12 +04:00
* @ param svc
2007-03-13 19:04:17 +03:00
* @ param realm string
* @ param socktype integer
* @ param family integer
*
* @ return integer .
*/
static int smb_krb5_locator_lookup_sanity_check ( enum locate_service_type svc ,
const char * realm ,
int socktype ,
int family )
{
if ( ! realm | | strlen ( realm ) = = 0 ) {
return EINVAL ;
}
switch ( svc ) {
case locate_service_kdc :
case locate_service_master_kdc :
case locate_service_kpasswd :
break ;
case locate_service_kadmin :
case locate_service_krb524 :
return KRB5_PLUGIN_NO_HANDLE ;
default :
return EINVAL ;
}
switch ( family ) {
case AF_UNSPEC :
case AF_INET :
break ;
2008-02-06 00:44:22 +03:00
# if defined(HAVE_IPV6)
case AF_INET6 :
break ;
2007-10-25 01:16:54 +04:00
# endif
2007-03-13 19:04:17 +03:00
default :
return EINVAL ;
}
switch ( socktype ) {
case SOCK_STREAM :
case SOCK_DGRAM :
case 0 : /* Heimdal uses that */
break ;
default :
return EINVAL ;
}
return 0 ;
}
/**
* Try to get addrinfo for a given host and call the krb5 callback
*
* @ param name string
* @ param service string
* @ param in struct addrinfo hint
* @ param cbfunc krb5 callback function
* @ param cbdata void pointer cbdata
*
* @ return krb5_error_code .
*/
2007-08-24 19:50:12 +04:00
static krb5_error_code smb_krb5_locator_call_cbfunc ( const char * name ,
2007-03-13 19:04:17 +03:00
const char * service ,
struct addrinfo * in ,
int ( * cbfunc ) ( void * , int , struct sockaddr * ) ,
void * cbdata )
{
2007-10-16 03:11:48 +04:00
struct addrinfo * out = NULL ;
2007-03-13 19:04:17 +03:00
int ret ;
int count = 3 ;
while ( count ) {
ret = getaddrinfo ( name , service , in , & out ) ;
if ( ret = = 0 ) {
break ;
}
if ( ret = = EAI_AGAIN ) {
count - - ;
continue ;
}
2007-08-28 19:26:59 +04:00
# ifdef DEBUG_KRB5
fprintf ( stderr , " [%5u]: smb_krb5_locator_lookup: "
" getaddrinfo failed: %s (%d) \n " ,
( unsigned int ) getpid ( ) , gai_strerror ( ret ) , ret ) ;
# endif
2007-03-13 19:04:17 +03:00
return KRB5_PLUGIN_NO_HANDLE ;
}
ret = cbfunc ( cbdata , out - > ai_socktype , out - > ai_addr ) ;
2007-08-28 19:26:59 +04:00
# ifdef DEBUG_KRB5
2007-03-13 19:04:17 +03:00
if ( ret ) {
2007-08-28 19:26:59 +04:00
fprintf ( stderr , " [%5u]: smb_krb5_locator_lookup: "
2007-08-24 19:50:12 +04:00
" failed to call callback: %s (%d) \n " ,
2007-08-28 19:26:59 +04:00
( unsigned int ) getpid ( ) , error_message ( ret ) , ret ) ;
2007-03-13 19:04:17 +03:00
}
2007-08-28 19:26:59 +04:00
# endif
2007-03-13 19:04:17 +03:00
freeaddrinfo ( out ) ;
return ret ;
}
/**
* PUBLIC INTERFACE : locate init
*
* @ param context krb5_context
* @ param privata_data pointer to private data pointer
*
* @ return krb5_error_code .
*/
2008-07-30 19:47:40 +04:00
static krb5_error_code smb_krb5_locator_init ( krb5_context context ,
void * * private_data )
2007-03-13 19:04:17 +03:00
{
return 0 ;
}
/**
* PUBLIC INTERFACE : close locate
*
* @ param private_data pointer to private data
*
* @ return void .
*/
2008-07-30 19:47:40 +04:00
static void smb_krb5_locator_close ( void * private_data )
2007-03-13 19:04:17 +03:00
{
2007-08-28 19:26:59 +04:00
return ;
}
2007-03-13 19:04:17 +03:00
2007-09-13 18:14:02 +04:00
static bool ask_winbind ( const char * realm , char * * dcname )
2007-08-28 19:26:59 +04:00
{
2008-10-07 20:54:08 +04:00
wbcErr wbc_status ;
2008-09-27 05:11:59 +04:00
const char * dc = NULL ;
2008-10-07 20:54:08 +04:00
struct wbcDomainControllerInfoEx * dc_info = NULL ;
uint32_t flags ;
2007-08-28 19:26:59 +04:00
2008-10-07 20:54:08 +04:00
flags = WBC_LOOKUP_DC_KDC_REQUIRED |
WBC_LOOKUP_DC_IS_DNS_NAME |
WBC_LOOKUP_DC_RETURN_DNS_NAME |
WBC_LOOKUP_DC_IP_REQUIRED ;
2007-08-28 19:26:59 +04:00
2008-10-07 20:54:08 +04:00
wbc_status = wbcLookupDomainControllerEx ( realm , NULL , NULL , flags , & dc_info ) ;
2007-08-28 19:26:59 +04:00
2008-10-07 20:54:08 +04:00
if ( ! WBC_ERROR_IS_OK ( wbc_status ) ) {
2007-08-28 19:26:59 +04:00
# ifdef DEBUG_KRB5
fprintf ( stderr , " [%5u]: smb_krb5_locator_lookup: failed with: %s \n " ,
2008-10-07 20:54:08 +04:00
( unsigned int ) getpid ( ) , wbcErrorString ( wbc_status ) ) ;
2007-08-28 19:26:59 +04:00
# endif
2007-09-13 18:14:02 +04:00
return false ;
2007-08-28 19:26:59 +04:00
}
2008-10-07 20:54:08 +04:00
if ( dc_info - > dc_address ) {
dc = dc_info - > dc_address ;
2008-09-27 05:11:59 +04:00
if ( dc [ 0 ] = = ' \\ ' ) dc + + ;
if ( dc [ 0 ] = = ' \\ ' ) dc + + ;
}
2008-10-07 20:54:08 +04:00
if ( ! dc & & dc_info - > dc_unc ) {
dc = dc_info - > dc_unc ;
2008-09-27 05:11:59 +04:00
if ( dc [ 0 ] = = ' \\ ' ) dc + + ;
if ( dc [ 0 ] = = ' \\ ' ) dc + + ;
}
if ( ! dc ) {
2008-10-07 20:54:08 +04:00
wbcFreeMemory ( dc_info ) ;
2008-09-27 05:11:59 +04:00
return false ;
}
* dcname = strdup ( dc ) ;
2007-08-28 19:26:59 +04:00
if ( ! * dcname ) {
2008-10-07 20:54:08 +04:00
wbcFreeMemory ( dc_info ) ;
2007-09-13 18:14:02 +04:00
return false ;
2007-08-28 19:26:59 +04:00
}
2008-10-07 20:54:08 +04:00
wbcFreeMemory ( dc_info ) ;
2007-09-13 18:14:02 +04:00
return true ;
2007-03-13 19:04:17 +03:00
}
/**
* PUBLIC INTERFACE : locate lookup
*
* @ param private_data pointer to private data
* @ param svc enum locate_service_type .
* @ param realm string
* @ param socktype integer
* @ param family integer
* @ param cbfunc callback function to send back entries
* @ param cbdata void pointer to cbdata
*
* @ return krb5_error_code .
*/
2008-07-30 19:47:40 +04:00
static krb5_error_code smb_krb5_locator_lookup ( void * private_data ,
enum locate_service_type svc ,
const char * realm ,
int socktype ,
int family ,
int ( * cbfunc ) ( void * , int , struct sockaddr * ) ,
void * cbdata )
2007-03-13 19:04:17 +03:00
{
krb5_error_code ret ;
struct addrinfo aihints ;
2007-08-28 19:26:59 +04:00
char * kdc_name = NULL ;
2007-08-24 19:50:12 +04:00
const char * service = get_service_from_locate_service_type ( svc ) ;
2007-03-13 19:04:17 +03:00
2007-08-28 19:26:59 +04:00
ZERO_STRUCT ( aihints ) ;
2007-03-13 19:04:17 +03:00
2007-08-28 19:26:59 +04:00
# ifdef DEBUG_KRB5
fprintf ( stderr , " [%5u]: smb_krb5_locator_lookup: called for '%s' "
" svc: '%s' (%d) "
" socktype: '%s' (%d), family: '%s' (%d) \n " ,
( unsigned int ) getpid ( ) , realm ,
locate_service_type_name ( svc ) , svc ,
socktype_name ( socktype ) , socktype ,
family_name ( family ) , family ) ;
# endif
2007-08-24 19:50:12 +04:00
ret = smb_krb5_locator_lookup_sanity_check ( svc , realm , socktype ,
family ) ;
2007-03-13 19:04:17 +03:00
if ( ret ) {
2007-08-28 19:26:59 +04:00
# ifdef DEBUG_KRB5
fprintf ( stderr , " [%5u]: smb_krb5_locator_lookup: "
" returning ret: %s (%d) \n " ,
( unsigned int ) getpid ( ) , error_message ( ret ) , ret ) ;
# endif
2007-03-13 19:04:17 +03:00
return ret ;
}
2007-08-28 19:26:59 +04:00
if ( ! winbind_env_set ( ) ) {
if ( ! ask_winbind ( realm , & kdc_name ) ) {
# ifdef DEBUG_KRB5
fprintf ( stderr , " [%5u]: smb_krb5_locator_lookup: "
" failed to query winbindd \n " ,
( unsigned int ) getpid ( ) ) ;
# endif
2007-08-28 20:39:03 +04:00
goto failed ;
2007-03-13 19:04:17 +03:00
}
2007-08-28 19:26:59 +04:00
} else {
2007-08-31 16:18:21 +04:00
const char * env = NULL ;
char * var = NULL ;
if ( asprintf ( & var , " %s_%s " ,
WINBINDD_LOCATOR_KDC_ADDRESS , realm ) = = - 1 ) {
goto failed ;
}
env = getenv ( var ) ;
if ( ! env ) {
# ifdef DEBUG_KRB5
fprintf ( stderr , " [%5u]: smb_krb5_locator_lookup: "
" failed to get kdc from env %s \n " ,
( unsigned int ) getpid ( ) , var ) ;
# endif
free ( var ) ;
goto failed ;
}
free ( var ) ;
kdc_name = strdup ( env ) ;
if ( ! kdc_name ) {
goto failed ;
}
2007-03-13 19:04:17 +03:00
}
2007-08-28 19:26:59 +04:00
# ifdef DEBUG_KRB5
fprintf ( stderr , " [%5u]: smb_krb5_locator_lookup: "
" got '%s' for '%s' from winbindd \n " , ( unsigned int ) getpid ( ) ,
kdc_name , realm ) ;
# endif
aihints . ai_family = family ;
aihints . ai_socktype = socktype ;
2007-03-13 19:04:17 +03:00
2007-08-28 19:26:59 +04:00
ret = smb_krb5_locator_call_cbfunc ( kdc_name ,
service ,
& aihints ,
cbfunc , cbdata ) ;
SAFE_FREE ( kdc_name ) ;
2007-03-16 18:48:07 +03:00
2007-03-13 19:04:17 +03:00
return ret ;
2007-08-28 20:39:03 +04:00
failed :
return KRB5_PLUGIN_NO_HANDLE ;
2007-03-13 19:04:17 +03:00
}
# ifdef HEIMDAL_KRB5_LOCATE_PLUGIN_H
# define SMB_KRB5_LOCATOR_SYMBOL_NAME resolve /* Heimdal */
# else
# define SMB_KRB5_LOCATOR_SYMBOL_NAME service_locator /* MIT */
# endif
const krb5plugin_service_locate_ftable SMB_KRB5_LOCATOR_SYMBOL_NAME = {
0 , /* version */
smb_krb5_locator_init ,
smb_krb5_locator_close ,
smb_krb5_locator_lookup ,
} ;
# endif