Use macros for config parameters
authorZhanna Tsitkov <tsitkova@mit.edu>
Wed, 4 Feb 2009 17:08:44 +0000 (17:08 +0000)
committerZhanna Tsitkov <tsitkova@mit.edu>
Wed, 4 Feb 2009 17:08:44 +0000 (17:08 +0000)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21879 dc483132-0cff-0310-8789-dd5450dbe970

24 files changed:
src/include/k5-int.h
src/kdc/do_tgs_req.c
src/kdc/main.c
src/lib/kadm5/alt_prof.c
src/lib/kdb/kdb5.c
src/lib/krb5/krb/conv_princ.c
src/lib/krb5/krb/get_in_tkt.c
src/lib/krb5/krb/init_ctx.c
src/lib/krb5/krb/vfy_increds.c
src/lib/krb5/os/an_to_ln.c
src/lib/krb5/os/def_realm.c
src/lib/krb5/os/get_krbhst.c
src/lib/krb5/os/hst_realm.c
src/lib/krb5/os/ktdefname.c
src/lib/krb5/os/localaddr.c
src/lib/krb5/os/locate_kdc.c
src/lib/krb5/os/realm_dom.c
src/lib/krb5/os/sendto_kdc.c
src/lib/krb5/os/sn2princ.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
src/plugins/preauth/pkinit/pkinit_clnt.c
src/plugins/preauth/pkinit/pkinit_matching.c
src/plugins/preauth/pkinit/pkinit_profile.c
src/plugins/preauth/pkinit/pkinit_srv.c

index 77f99c89e531aa6aba3632c44e51d13214de330e..c0540f38a2a8bf6c09c784ee9d5837dd46f86baf 100644 (file)
@@ -185,6 +185,9 @@ typedef INT64_TYPE krb5_int64;
 #define KRB5_CONF_ADMIN_SERVER                   "admin_server"
 #define KRB5_CONF_ALLOW_WEAK_CRYPTO              "allow_weak_crypto"
 #define KRB5_CONF_AP_REQ_CHECKSUM_TYPE           "ap_req_checksum_type"
+#define KRB5_CONF_AUTH_TO_LOCAL                  "auth_to_local"
+#define KRB5_CONF_AUTH_TO_LOCAL_NAMES            "auth_to_local_names"
+#define KRB5_CONF_CANONICALIZE                   "canonicalize"
 #define KRB5_CONF_CCACHE_TYPE                    "ccache_type"
 #define KRB5_CONF_CLOCKSKEW                      "clockskew"
 #define KRB5_CONF_DATABASE_NAME                  "database_name"
@@ -192,6 +195,7 @@ typedef INT64_TYPE krb5_int64;
 #define KRB5_CONF_DB_MODULES                     "db_modules"
 #define KRB5_CONF_DOMAIN_REALM                   "domain_realm"
 #define KRB5_CONF_DEFAULT_REALM                  "default_realm"
+#define KRB5_CONF_DEFAULT_DOMAIN                 "default_domain"
 #define KRB5_CONF_DEFAULT_TKT_ENCTYPES           "default_tkt_enctypes"
 #define KRB5_CONF_DEFAULT_TGS_ENCTYPES           "default_tgs_enctypes"
 #define KRB5_CONF_DEFAULT_KEYTAB_NAME            "default_keytab_name"
@@ -202,6 +206,7 @@ typedef INT64_TYPE krb5_int64;
 #define KRB5_CONF_DNS_LOOKUP_REALM            "dns_lookup_realm"
 #define KRB5_CONF_DNS_FALLBACK                "dns_fallback"
 #define KRB5_CONF_EXTRA_ADDRESSES             "extra_addresses"
+#define KRB5_CONF_FORWARDABLE                 "forwardable"
 #define KRB5_CONF_HOST_BASED_SERVICES         "host_based_services"
 #define KRB5_CONF_IPROP_ENABLE                "iprop_enable"
 #define KRB5_CONF_IPROP_MASTER_ULOGSIZE       "iprop_master_ulogsize"
@@ -213,7 +218,7 @@ typedef INT64_TYPE krb5_int64;
 #define KRB5_CONF_KDC                         "kdc"
 #define KRB5_CONF_KDCDEFAULTS                 "kdcdefaults"
 #define KRB5_CONF_KDC_PORTS                   "kdc_ports"
-#define KRB5_CONF_TCP_PORTS                   "kdc_tcp_ports"
+#define KRB5_CONF_KDC_TCP_PORTS               "kdc_tcp_ports"
 #define KRB5_CONF_MAX_DGRAM_REPLY_SIZE        "kdc_max_dgram_reply_size"
 #define KRB5_CONF_KDC_DEFAULT_OPTIONS         "kdc_default_options"
 #define KRB5_CONF_KDC_TIMESYNC                "kdc_timesync"
@@ -225,6 +230,7 @@ typedef INT64_TYPE krb5_int64;
 #define KRB5_CONF_LDAP_KDC_DN                 "ldap_kdc_dn"
 #define KRB5_CONF_LDAP_KADMIN_DN              "ldap_kadmind_dn"
 #define KRB5_CONF_LDAP_SERVICE_PASSWORD_FILE  "ldap_service_password_file"
+#define KRB5_CONF_LDAP_ROOT_CERTIFICATE_FILE  "ldap_root_certificate_file"
 #define KRB5_CONF_LDAP_SERVERS                "ldap_servers"
 #define KRB5_CONF_LDAP_CONNS_PER_SERVER       "ldap_conns_per_server"
 #define KRB5_CONF_NO_HOST_REFERRAL            "no_host_referral"
@@ -233,25 +239,36 @@ typedef INT64_TYPE krb5_int64;
 #define KRB5_CONF_MASTER_KDC                  "master_kdc"
 #define KRB5_CONF_MAX_LIFE                    "max_life"
 #define KRB5_CONF_MAX_RENEWABLE_LIFE          "max_renewable_life"
-#define KRB5_CONF_NOADDRESS                   "noaddresses"
+#define KRB5_CONF_NOADDRESSES                 "noaddresses"
 #define KRB5_CONF_PERMITTED_ENCTYPES          "permitted_enctypes"
+#define KRB5_CONF_PKINIT_ALLOW_UPN            "pkinit_allow_upn"
 #define KRB5_CONF_PKINIT_ANCHORS              "pkinit_anchors"
+#define KRB5_CONF_PKINIT_CERT_MATCH           "pkinit_cert_match"
+#define KRB5_CONF_PKINIT_DH_MIN_BITS          "pkinit_dh_min_bits"
+#define KRB5_CONF_PKINIT_EKU_CHECKING         "pkinit_eku_checking"
 #define KRB5_CONF_PKINIT_IDENTITY             "pkinit_identity"
+#define KRB5_CONF_PKINIT_IDENTITIES           "pkinit_identities"
+#define KRB5_CONF_PKINIT_KDC_HOSTNAME         "pkinit_kdc_hostname"
 #define KRB5_CONF_PKINIT_KDC_OCSP             "pkinit_kdc_ocsp"
+#define KRB5_CONF_PKINIT_LONGHORN             "pkinit_longhorn"
+#define KRB5_CONF_PKINIT_MAPPING_FILE         "pkinit_mappings_file"
 #define KRB5_CONF_PKINIT_POOL                 "pkinit_pool"
 #define KRB5_CONF_PKINIT_REVOKE               "pkinit_revoke"
-#define KRB5_CONF_PKINIT_MAPPING_FILE         "pkinit_mappings_file"
-#define KRB5_CONF_PKINIT_DH_MIN_BITS          "pkinit_dh_min_bits"
-#define KRB5_CONF_PKINIT_ALLOW_UPN            "pkinit_allow_upn"
 #define KRB5_CONF_PKINIT_REQUIRE_CRL_CHECKING "pkinit_require_crl_checking"
-#define KRB5_CONF_PKINIT_EKU_CHECKING         "pkinit_eku_checking"
+#define KRB5_CONF_PKINIT_WIN2K                "pkinit_win2k"
+#define KRB5_CONF_PKINIT_WIN2K_REQUIRE_BINDING "pkinit_win2k_require_binding"
+#define KRB5_CONF_PREFERRED_PREAUTH_TYPES     "preferred_preauth_types"
+#define KRB5_CONF_PROXIABLE                   "proxiable"
 #define KRB5_CONF_RDNS                        "rdns"
 #define KRB5_CONF_REALMS                      "realms"
 #define KRB5_CONF_REALM_TRY_DOMAINS           "realm_try_domains"
 #define KRB5_CONF_REJECT_BAD_TRANSIT          "reject_bad_transit"
+#define KRB5_CONF_RENEW_LIFETIME              "renew_lifetime"
 #define KRB5_CONF_SAFE_CHECKSUM_TYPE          "safe_checksum_type"
 #define KRB5_CONF_SUPPORTED_ENCTYPES          "supported_enctypes"
+#define KRB5_CONF_TICKET_LIFETIME             "ticket_lifetime"
 #define KRB5_CONF_UDP_PREFERENCE_LIMIT        "udp_preference_limit"
+#define KRB5_CONF_VERIFY_AP_REQ_NOFAIL        "verify_ap_req_nofail"
 #define KRB5_CONF_V4_INSTANCE_CONVERT         "v4_instance_convert"
 #define KRB5_CONF_V4_REALM                    "v4_realm"
 #define KRB5_CONF_ASTERISK                    "*"
index d63ef65fef5e3c0d39b38f64455d54669084a171..b7eaf2f8f6328001e041b2e4a6111a6e3a615274 100644 (file)
@@ -1104,9 +1104,9 @@ prep_reprocess_req(krb5_kdc_req *request, krb5_principal *krbtgt_princ)
             (krb5_princ_type(kdc_context, request->server) == KRB5_NT_UNKNOWN &&   
             kdc_active_realm->realm_host_based_services != NULL &&
             (krb5_match_config_pattern(kdc_active_realm->realm_host_based_services, comp1_str) == TRUE ||
-             krb5_match_config_pattern(kdc_active_realm->realm_host_based_services, "*") == TRUE))) &&
+             krb5_match_config_pattern(kdc_active_realm->realm_host_based_services, KRB5_CONF_ASTERISK) == TRUE))) &&
             (kdc_active_realm->realm_no_host_referral == NULL || 
-            (krb5_match_config_pattern(kdc_active_realm->realm_no_host_referral, "*") == FALSE &&
+            (krb5_match_config_pattern(kdc_active_realm->realm_no_host_referral, KRB5_CONF_ASTERISK) == FALSE &&
              krb5_match_config_pattern(kdc_active_realm->realm_no_host_referral, comp1_str) == FALSE))) { 
 
            if (memchr(comp2->data, '.', comp2->length) == NULL)
index dd601c1c54c9838cee103369de200aecf1a831e6..4fc1c7834e2c80a5b0c0e3a867b785e67db40fe0 100644 (file)
@@ -176,14 +176,14 @@ handle_referral_params(krb5_realm_params *rparams,
 {
     krb5_error_code retval = 0;
 
-    if (no_refrls && krb5_match_config_pattern(no_refrls, "*") == TRUE) {
-        rdp->realm_no_host_referral = strdup("*");
+    if (no_refrls && krb5_match_config_pattern(no_refrls, KRB5_CONF_ASTERISK) == TRUE) {
+        rdp->realm_no_host_referral = strdup(KRB5_CONF_ASTERISK);
         if (!rdp->realm_no_host_referral)
             retval = ENOMEM;
     } else {
         if (rparams && rparams->realm_no_host_referral) {
-            if (krb5_match_config_pattern(rparams->realm_no_host_referral, "*") == TRUE) {
-                rdp->realm_no_host_referral = strdup("*");
+            if (krb5_match_config_pattern(rparams->realm_no_host_referral, KRB5_CONF_ASTERISK) == TRUE) {
+                rdp->realm_no_host_referral = strdup(KRB5_CONF_ASTERISK);
                 if (!rdp->realm_no_host_referral)
                     retval = ENOMEM;
            } else if  (no_refrls && (asprintf(&(rdp->realm_no_host_referral), "%s%s%s%s%s",
@@ -198,19 +198,19 @@ handle_referral_params(krb5_realm_params *rparams,
             rdp->realm_no_host_referral = NULL;
     }
 
-    if (rdp->realm_no_host_referral && krb5_match_config_pattern(rdp->realm_no_host_referral, "*") == TRUE) {
+    if (rdp->realm_no_host_referral && krb5_match_config_pattern(rdp->realm_no_host_referral, KRB5_CONF_ASTERISK) == TRUE) {
         rdp->realm_host_based_services = NULL; 
         return 0;
     }
 
-    if (host_based_srvcs && (krb5_match_config_pattern(host_based_srvcs, "*") == TRUE)) {
-            rdp->realm_host_based_services = strdup("*");
+    if (host_based_srvcs && (krb5_match_config_pattern(host_based_srvcs, KRB5_CONF_ASTERISK) == TRUE)) {
+            rdp->realm_host_based_services = strdup(KRB5_CONF_ASTERISK);
             if (!rdp->realm_host_based_services)
                 retval = ENOMEM;
     } else {
             if (rparams && rparams->realm_host_based_services) {
-                if (krb5_match_config_pattern(rparams->realm_host_based_services, "*") == TRUE) {
-                    rdp->realm_host_based_services = strdup("*");
+                if (krb5_match_config_pattern(rparams->realm_host_based_services, KRB5_CONF_ASTERISK) == TRUE) {
+                    rdp->realm_host_based_services = strdup(KRB5_CONF_ASTERISK);
                     if (!rdp->realm_host_based_services)
                         retval = ENOMEM;
                 } else if (host_based_srvcs && asprintf(&(rdp->realm_host_based_services), "%s%s%s%s%s",
@@ -552,22 +552,22 @@ initialize_realms(krb5_context kcontext, int argc, char **argv)
     extern char *optarg;
 
     if (!krb5_aprof_init(DEFAULT_KDC_PROFILE, KDC_PROFILE_ENV, &aprof)) {
-       hierarchy[0] = "kdcdefaults";
-       hierarchy[1] = "kdc_ports";
+       hierarchy[0] = KRB5_CONF_KDCDEFAULTS;
+       hierarchy[1] = KRB5_CONF_KDC_PORTS;
        hierarchy[2] = (char *) NULL;
        if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &default_udp_ports))
            default_udp_ports = 0;
-       hierarchy[1] = "kdc_tcp_ports";
+       hierarchy[1] = KRB5_CONF_KDC_TCP_PORTS;
        if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &default_tcp_ports))
            default_tcp_ports = 0;
-       hierarchy[1] = "kdc_max_dgram_reply_size";
+       hierarchy[1] = KRB5_CONF_MAX_DGRAM_REPLY_SIZE;
        if (krb5_aprof_get_int32(aprof, hierarchy, TRUE, &max_dgram_reply_size))
            max_dgram_reply_size = MAX_DGRAM_SIZE;
-        hierarchy[1] = "no_host_referral";
+        hierarchy[1] = KRB5_CONF_NO_HOST_REFERRAL;
         if (krb5_aprof_get_string_all(aprof, hierarchy, &no_refrls)) 
             no_refrls = 0;
-        if (!no_refrls || krb5_match_config_pattern(no_refrls, "*") == FALSE) {
-            hierarchy[1] = "host_based_services";
+        if (!no_refrls || krb5_match_config_pattern(no_refrls, KRB5_CONF_ASTERISK) == FALSE) {
+            hierarchy[1] = KRB5_CONF_HOST_BASED_SERVICES;
             if (krb5_aprof_get_string_all(aprof, hierarchy, &host_based_srvcs))
                 host_based_srvcs = 0;
         }
index 497eb66367b6f09f6f0ba8ea54fbd777876b02fe..55a850d62e3863e1498e9f509547e639f45e52a2 100644 (file)
@@ -566,7 +566,7 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config,
             goto cleanup;
     
     /* Initialize realm parameters */
-    hierarchy[0] = "realms";
+    hierarchy[0] = KRB5_CONF_REALMS;
     hierarchy[1] = lrealm;
     hierarchy[3] = (char *) NULL;
 
@@ -576,7 +576,7 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config,
                      aprofile, hierarchy, CONFTAG, DEFAULT)
 
     /* Get the value for the admin server */
-    GET_STRING_PARAM(admin_server, KADM5_CONFIG_ADMIN_SERVER, "admin_server",
+    GET_STRING_PARAM(admin_server, KADM5_CONFIG_ADMIN_SERVER, KRB5_CONF_ADMIN_SERVER,
                      NULL);
 
     if (params.mask & KADM5_CONFIG_ADMIN_SERVER) {
@@ -590,7 +590,7 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config,
     }
 
     /* Get the value for the database */
-    GET_STRING_PARAM(dbname, KADM5_CONFIG_DBNAME, "database_name",
+    GET_STRING_PARAM(dbname, KADM5_CONFIG_DBNAME, KRB5_CONF_DATABASE_NAME,
                      DEFAULT_KDB_FILE);
 
     params.admin_dbname_was_here = NULL;
@@ -599,7 +599,7 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config,
 
     /* Get the value for the admin (policy) database lock file*/
     if (!GET_STRING_PARAM(admin_keytab, KADM5_CONFIG_ADMIN_KEYTAB,
-                          "admin_keytab", NULL)) {
+                          KRB5_CONF_ADMIN_KEYTAB, NULL)) {
         const char *s = getenv("KRB5_KTNAME");
         if (s == NULL)
             s = DEFAULT_KADM5_KEYTAB;
@@ -609,11 +609,11 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config,
     }
     
     /* Get the name of the acl file */
-    GET_STRING_PARAM(acl_file, KADM5_CONFIG_ACL_FILE, "acl_file",
+    GET_STRING_PARAM(acl_file, KADM5_CONFIG_ACL_FILE, KRB5_CONF_ACL_FILE,
                      DEFAULT_KADM5_ACL_FILE);
 
     /* Get the name of the dict file */
-    GET_STRING_PARAM(dict_file, KADM5_CONFIG_DICT_FILE, "dict_file", NULL);
+    GET_STRING_PARAM(dict_file, KADM5_CONFIG_DICT_FILE, KRB5_CONF_DICT_FILE, NULL);
 
 #define GET_PORT_PARAM(FIELD, BIT, CONFTAG, DEFAULT) \
     get_port_param(&params.FIELD, params_in->FIELD,  \
@@ -621,18 +621,18 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config,
                    aprofile, hierarchy, CONFTAG, DEFAULT)
     /* Get the value for the kadmind port */
     GET_PORT_PARAM(kadmind_port, KADM5_CONFIG_KADMIND_PORT,
-                   "kadmind_port", DEFAULT_KADM5_PORT);
+                   KRB5_CONF_KADMIND_PORT, DEFAULT_KADM5_PORT);
 
     /* Get the value for the kpasswd port */
     GET_PORT_PARAM(kpasswd_port, KADM5_CONFIG_KPASSWD_PORT,
-                   "kpasswd_port", DEFAULT_KPASSWD_PORT);
+                   KRB5_CONF_KPASSWD_PORT, DEFAULT_KPASSWD_PORT);
 
     /* Get the value for the master key name */
     GET_STRING_PARAM(mkey_name, KADM5_CONFIG_MKEY_NAME,
-                     "master_key_name", NULL);
+                     KRB5_CONF_MASTER_KEY_NAME, NULL);
 
     /* Get the value for the master key type */
-    hierarchy[2] = "master_key_type";
+    hierarchy[2] = KRB5_CONF_MASTER_KEY_TYPE;
     if (params_in->mask & KADM5_CONFIG_ENCTYPE) {
          params.mask |= KADM5_CONFIG_ENCTYPE;
          params.enctype = params_in->enctype;
@@ -655,7 +655,7 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config,
     
     /* Get the value for the stashfile */
     GET_STRING_PARAM(stash_file, KADM5_CONFIG_STASH_FILE,
-                     "key_stash_file", NULL);
+                     KRB5_CONF_KEY_STASH_FILE, NULL);
 
     /* Get the value for maximum ticket lifetime. */
 #define GET_DELTAT_PARAM(FIELD, BIT, CONFTAG, DEFAULT) \
@@ -663,15 +663,15 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config,
                      &params.mask, params_in->mask, BIT, \
                      aprofile, hierarchy, CONFTAG, DEFAULT)
 
-    GET_DELTAT_PARAM(max_life, KADM5_CONFIG_MAX_LIFE, "max_life",
+    GET_DELTAT_PARAM(max_life, KADM5_CONFIG_MAX_LIFE, KRB5_CONF_MAX_LIFE,
                      24 * 60 * 60); /* 1 day */
 
     /* Get the value for maximum renewable ticket lifetime. */
-    GET_DELTAT_PARAM(max_rlife, KADM5_CONFIG_MAX_RLIFE, "max_renewable_life",
+    GET_DELTAT_PARAM(max_rlife, KADM5_CONFIG_MAX_RLIFE, KRB5_CONF_MAX_RENEWABLE_LIFE,
                      0);
 
     /* Get the value for the default principal expiration */
-    hierarchy[2] = "default_principal_expiration";
+    hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_EXPIRATION;
     if (params_in->mask & KADM5_CONFIG_EXPIRATION) {
          params.mask |= KADM5_CONFIG_EXPIRATION;
          params.expiration = params_in->expiration;
@@ -687,7 +687,7 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config,
     }
     
     /* Get the value for the default principal flags */
-    hierarchy[2] = "default_principal_flags";
+    hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_FLAGS;
     if (params_in->mask & KADM5_CONFIG_FLAGS) {
          params.mask |= KADM5_CONFIG_FLAGS;
          params.flags = params_in->flags;
@@ -729,7 +729,7 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config,
     }
 
     /* Get the value for the supported enctype/salttype matrix */
-    hierarchy[2] = "supported_enctypes";
+    hierarchy[2] = KRB5_CONF_SUPPORTED_ENCTYPES;
     if (params_in->mask & KADM5_CONFIG_ENCTYPES) {
          /* The following scenario is when the input keysalts are !NULL */
          if(params_in->keysalts) {
@@ -765,7 +765,7 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config,
          free(svalue);
     }
     
-        hierarchy[2] = "iprop_enable";
+        hierarchy[2] = KRB5_CONF_IPROP_ENABLE;
 
         params.iprop_enabled = FALSE;
         params.mask |= KADM5_CONFIG_IPROP_ENABLED;
@@ -783,7 +783,7 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config,
         }
 
         if (!GET_STRING_PARAM(iprop_logfile, KADM5_CONFIG_IPROP_LOGFILE,
-                              "iprop_logfile", NULL)) {
+                              KRB5_CONF_IPROP_LOGFILE, NULL)) {
             if (params.mask & KADM5_CONFIG_DBNAME) {
                 if (asprintf(&params.iprop_logfile, "%s.ulog", params.dbname) >= 0) {
                     params.mask |= KADM5_CONFIG_IPROP_LOGFILE;
@@ -792,9 +792,9 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config,
         }
 
         GET_PORT_PARAM(iprop_port, KADM5_CONFIG_IPROP_PORT,
-                       "iprop_port", 0);
+                       KRB5_CONF_IPROP_PORT, 0);
 
-        hierarchy[2] = "iprop_master_ulogsize";
+        hierarchy[2] = KRB5_CONF_IPROP_MASTER_ULOGSIZE;
 
         params.iprop_ulogsize = DEF_ULOGENTRIES;
         params.mask |= KADM5_CONFIG_ULOG_SIZE;
@@ -816,7 +816,7 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config,
         }
 
         GET_DELTAT_PARAM(iprop_poll_time, KADM5_CONFIG_POLL_TIME,
-                         "iprop_slave_poll", 2 * 60); /* 2m */
+                         KRB5_CONF_IPROP_SLAVE_POLL, 2 * 60); /* 2m */
 
     *params_out = params;
     
@@ -955,40 +955,40 @@ krb5_read_realm_params(kcontext, realm, rparamp)
     memset(rparams, 0, sizeof(krb5_realm_params));
 
     /* Get the value for the database */
-    hierarchy[0] = "realms";
+    hierarchy[0] = KRB5_CONF_REALMS;
     hierarchy[1] = lrealm;
-    hierarchy[2] = "database_name";
+    hierarchy[2] = KRB5_CONF_DATABASE_NAME;
     hierarchy[3] = (char *) NULL;
     if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
         rparams->realm_dbname = svalue;
         
     /* Get the value for the KDC port list */
-    hierarchy[2] = "kdc_ports";
+    hierarchy[2] = KRB5_CONF_KDC_PORTS;
     if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
         rparams->realm_kdc_ports = svalue;
-    hierarchy[2] = "kdc_tcp_ports";
+    hierarchy[2] = KRB5_CONF_KDC_TCP_PORTS;
     if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
         rparams->realm_kdc_tcp_ports = svalue;
 
     /* Get the name of the acl file */
-    hierarchy[2] = "acl_file";
+    hierarchy[2] = KRB5_CONF_ACL_FILE;
     if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
         rparams->realm_acl_file = svalue;
             
     /* Get the value for the kadmind port */
-    hierarchy[2] = "kadmind_port";
+    hierarchy[2] = KRB5_CONF_KADMIND_PORT;
     if (!krb5_aprof_get_int32(aprofile, hierarchy, TRUE, &ivalue)) {
         rparams->realm_kadmind_port = ivalue;
         rparams->realm_kadmind_port_valid = 1;
     }
             
     /* Get the value for the master key name */
-    hierarchy[2] = "master_key_name";
+    hierarchy[2] = KRB5_CONF_MASTER_KEY_NAME;
     if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
         rparams->realm_mkey_name = svalue;
             
     /* Get the value for the master key type */
-    hierarchy[2] = "master_key_type";
+    hierarchy[2] = KRB5_CONF_MASTER_KEY_TYPE;
     if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
         if (!krb5_string_to_enctype(svalue, &rparams->realm_enctype))
             rparams->realm_enctype_valid = 1;
@@ -996,26 +996,26 @@ krb5_read_realm_params(kcontext, realm, rparamp)
     }
             
     /* Get the value for the stashfile */
-    hierarchy[2] = "key_stash_file";
+    hierarchy[2] = KRB5_CONF_KEY_STASH_FILE;
     if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
         rparams->realm_stash_file = svalue;
             
     /* Get the value for maximum ticket lifetime. */
-    hierarchy[2] = "max_life";
+    hierarchy[2] = KRB5_CONF_MAX_LIFE;
     if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) {
         rparams->realm_max_life = dtvalue;
         rparams->realm_max_life_valid = 1;
     }
             
     /* Get the value for maximum renewable ticket lifetime. */
-    hierarchy[2] = "max_renewable_life";
+    hierarchy[2] = KRB5_CONF_MAX_RENEWABLE_LIFE;
     if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) {
         rparams->realm_max_rlife = dtvalue;
         rparams->realm_max_rlife_valid = 1;
     }
             
     /* Get the value for the default principal expiration */
-    hierarchy[2] = "default_principal_expiration";
+    hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_EXPIRATION;
     if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
         if (!krb5_string_to_timestamp(svalue,
                                       &rparams->realm_expiration))
@@ -1023,20 +1023,20 @@ krb5_read_realm_params(kcontext, realm, rparamp)
         free(svalue);
     }
 
-    hierarchy[2] = "reject_bad_transit";
+    hierarchy[2] = KRB5_CONF_REJECT_BAD_TRANSIT;
     if (!krb5_aprof_get_boolean(aprofile, hierarchy, TRUE, &bvalue)) {
         rparams->realm_reject_bad_transit = bvalue;
         rparams->realm_reject_bad_transit_valid = 1;
     }
 
-    hierarchy[2] = "no_host_referral";
+    hierarchy[2] = KRB5_CONF_NO_HOST_REFERRAL;
     if (!krb5_aprof_get_string_all(aprofile, hierarchy, &no_refrls)) 
        rparams->realm_no_host_referral = no_refrls;
     else 
             no_refrls = 0;
 
-    if (!no_refrls || krb5_match_config_pattern(no_refrls, "*") == FALSE) {
-        hierarchy[2] = "host_based_services";
+    if (!no_refrls || krb5_match_config_pattern(no_refrls, KRB5_CONF_ASTERISK) == FALSE) {
+        hierarchy[2] = KRB5_CONF_HOST_BASED_SERVICES;
         if (!krb5_aprof_get_string_all(aprofile, hierarchy, &host_based_srvcs))
             rparams->realm_host_based_services = host_based_srvcs;
         else
@@ -1044,7 +1044,7 @@ krb5_read_realm_params(kcontext, realm, rparamp)
     }
 
     /* Get the value for the default principal flags */
-    hierarchy[2] = "default_principal_flags";
+    hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_FLAGS;
     if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
         char *sp, *ep, *tp;
 
index 2252c3ad0359d417504522774dcee60d12be035d..a7d5154cbc1743250b2f8a0cc263bc8c0a77ed2b 100644 (file)
@@ -413,7 +413,7 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib)
        When it's static, it goes into ".picdata", which is
        read-write.  */
     static const char *const dbpath_names[] = {
-       KDB_MODULE_SECTION, "db_module_dir", NULL,
+       KDB_MODULE_SECTION, KRB5_CONF_DB_MODULE_DIR, NULL,
     };
     const char *filebases[2];
     char **profpath = NULL;
index 176b41e35045aec5a3ffb1eaaa76e0508b56d5f9..3247893bc236ddf6f099ddb5a986093b76bcfca8 100644 (file)
@@ -220,8 +220,8 @@ krb5_524_conv_principal(krb5_context context, krb5_const_principal princ,
 
      if (context->profile == 0)
        return KRB5_CONFIG_CANTOPEN;
-     retval = profile_get_string(context->profile, "realms",
-                                tmp_prealm, "v4_realm", 0,
+     retval = profile_get_string(context->profile, KRB5_CONF_REALMS,
+                                tmp_prealm, KRB5_CONF_V4_REALM, 0,
                                 &tmp_realm);
      free(tmp_prealm);
      if (retval) { 
@@ -263,15 +263,15 @@ krb5_425_conv_principal(krb5_context context, const char *name,
      /* First, convert the realm, since the v4 realm is not necessarily the same as the v5 realm
         To do that, iterate over all the realms in the config file, looking for a matching 
         v4_realm line */
-     names2 [0] = "realms";
+     names2 [0] = KRB5_CONF_REALMS;
      names2 [1] = NULL;
      retval = profile_iterator_create (context -> profile, names2, PROFILE_ITER_LIST_SECTION | PROFILE_ITER_SECTIONS_ONLY, &iterator);
      while (retval == 0) {
        retval = profile_iterator (&iterator, &realm_name, &dummy_value);
        if ((retval == 0) && (realm_name != NULL)) {
-               names [0] = "realms";
+               names [0] = KRB5_CONF_REALMS;
                names [1] = realm_name;
-               names [2] = "v4_realm";
+               names [2] = KRB5_CONF_V4_REALM;
                names [3] = NULL;
 
                retval = profile_get_values (context -> profile, names, &v4realms);
@@ -314,9 +314,9 @@ krb5_425_conv_principal(krb5_context context, const char *name,
          }
          name = p->v5_str;
          if ((p->flags & DO_REALM_CONVERSION) && !strchr(instance, '.')) {
-             names[0] = "realms";
+             names[0] = KRB5_CONF_REALMS;
              names[1] = realm;
-             names[2] = "v4_instance_convert";
+             names[2] = KRB5_CONF_V4_INSTANCE_CONVERT;
              names[3] = instance;
              names[4] = 0;
              retval = profile_get_values(context->profile, names, &full_name);
index 5db253d714bbae01d52169e3bf6f67f8494e985d..f3e6ddf23cc690e8bbce777dc00a290e4bd790a8 100644 (file)
@@ -800,7 +800,7 @@ krb5_libdefault_string(krb5_context context, const krb5_data *realm,
 
     profile = context->profile;
            
-    names[0] = "libdefaults";
+    names[0] = KRB5_CONF_LIBDEFAULTS;
 
     /*
      * Try number one:
@@ -887,7 +887,7 @@ sort_krb5_padata_sequence(krb5_context context, krb5_data *realm,
        return 0;
     }
 
-    ret = krb5_libdefault_string(context, realm, "preferred_preauth_types",
+    ret = krb5_libdefault_string(context, realm, KRB5_CONF_PREFERRED_PREAUTH_TYPES,
                                 &preauth_types);
     if ((ret != 0) || (preauth_types == NULL)) {
        /* Try to use PKINIT first. */
@@ -1022,7 +1022,7 @@ krb5_get_init_creds(krb5_context context,
     if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_FORWARDABLE))
        tempint = options->forwardable;
     else if ((ret = krb5_libdefault_boolean(context, &client->realm,
-                                           "forwardable", &tempint)) == 0)
+                                           KRB5_CONF_FORWARDABLE, &tempint)) == 0)
            ;
     else
        tempint = 0;
@@ -1034,7 +1034,7 @@ krb5_get_init_creds(krb5_context context,
     if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_PROXIABLE))
        tempint = options->proxiable;
     else if ((ret = krb5_libdefault_boolean(context, &client->realm,
-                                           "proxiable", &tempint)) == 0)
+                                           KRB5_CONF_PROXIABLE, &tempint)) == 0)
            ;
     else
        tempint = 0;
@@ -1045,7 +1045,7 @@ krb5_get_init_creds(krb5_context context,
     if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_CANONICALIZE))
        tempint = 1;
     else if ((ret = krb5_libdefault_boolean(context, &client->realm,
-                                           "canonicalize", &tempint)) == 0)
+                                           KRB5_CONF_CANONICALIZE, &tempint)) == 0)
        ;
     else
        tempint = 0;
@@ -1066,7 +1066,7 @@ krb5_get_init_creds(krb5_context context,
     if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_TKT_LIFE)) {
         tkt_life = options->tkt_life;
     } else if ((ret = krb5_libdefault_string(context, &client->realm,
-                                            "ticket_lifetime", &tempstr))
+                                            KRB5_CONF_TICKET_LIFETIME, &tempstr))
               == 0) {
        ret = krb5_string_to_deltat(tempstr, &tkt_life);
        free(tempstr);
@@ -1084,7 +1084,7 @@ krb5_get_init_creds(krb5_context context,
     if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE)) {
        renew_life = options->renew_life;
     } else if ((ret = krb5_libdefault_string(context, &client->realm,
-                                            "renew_lifetime", &tempstr))
+                                            KRB5_CONF_RENEW_LIFETIME, &tempstr))
               == 0) {
        ret = krb5_string_to_deltat(tempstr, &renew_life);
        free(tempstr);
@@ -1178,7 +1178,7 @@ krb5_get_init_creds(krb5_context context,
     /* it would be nice if this parsed out an address list, but
        that would be work. */
     else if (((ret = krb5_libdefault_boolean(context, &client->realm,
-                                           "noaddresses", &tempint)) != 0)
+                                           KRB5_CONF_NOADDRESSES, &tempint)) != 0)
             || (tempint == 1)) {
            ;
     } else {
index 69f7ad887d958fd3f61cc1d62cff1abd257eea01..bf9b30df258f4afc1810fb1970818919455727cf 100644 (file)
@@ -1,7 +1,7 @@
 /*
  * lib/krb5/krb/init_ctx.c
  *
- * Copyright 1994,1999,2000, 2002, 2003, 2007, 2008  by the Massachusetts Institute of Technology.
+ * Copyright 1994,1999,2000, 2002, 2003, 2007, 2008, 2009  by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -171,8 +171,8 @@ init_common (krb5_context *context, krb5_boolean secure, krb5_boolean kdc)
        if ((retval = krb5_os_init_context(ctx, kdc)))
                goto cleanup;
 
-       retval = profile_get_boolean(ctx->profile, "libdefaults",
-                                    "allow_weak_crypto", NULL, 1, &tmp);
+       retval = profile_get_boolean(ctx->profile, KRB5_CONF_LIBDEFAULTS,
+                                    KRB5_CONF_ALLOW_WEAK_CRYPTO, NULL, 1, &tmp);
        if (retval)
                goto cleanup;
        ctx->allow_weak_crypto = tmp;
@@ -189,41 +189,41 @@ init_common (krb5_context *context, krb5_boolean secure, krb5_boolean kdc)
                goto cleanup;
 
        ctx->default_realm = 0;
-       profile_get_integer(ctx->profile, "libdefaults", "clockskew",
+       profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, KRB5_CONF_CLOCKSKEW,
                            0, 5 * 60, &tmp);
        ctx->clockskew = tmp;
 
 #if 0
        /* Default ticket lifetime is currently not supported */
-       profile_get_integer(ctx->profile, "libdefaults", "tkt_lifetime",
+       profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, "tkt_lifetime",
                            0, 10 * 60 * 60, &tmp);
        ctx->tkt_lifetime = tmp;
 #endif
 
        /* DCE 1.1 and below only support CKSUMTYPE_RSA_MD4 (2)  */
        /* DCE add kdc_req_checksum_type = 2 to krb5.conf */
-       profile_get_integer(ctx->profile, "libdefaults",
-                           "kdc_req_checksum_type", 0, CKSUMTYPE_RSA_MD5, 
+       profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS,
+                           KRB5_CONF_KDC_REQ_CHECKSUM_TYPE, 0, CKSUMTYPE_RSA_MD5, 
                            &tmp);
        ctx->kdc_req_sumtype = tmp;
 
-       profile_get_integer(ctx->profile, "libdefaults",
-                           "ap_req_checksum_type", 0, CKSUMTYPE_RSA_MD5,
+       profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS,
+                           KRB5_CONF_AP_REQ_CHECKSUM_TYPE, 0, CKSUMTYPE_RSA_MD5,
                            &tmp);
        ctx->default_ap_req_sumtype = tmp;
 
-       profile_get_integer(ctx->profile, "libdefaults",
-                           "safe_checksum_type", 0,
+       profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS,
+                           KRB5_CONF_SAFE_CHECKSUM_TYPE, 0,
                            CKSUMTYPE_RSA_MD5_DES, &tmp);
        ctx->default_safe_sumtype = tmp;
 
-       profile_get_integer(ctx->profile, "libdefaults",
-                           "kdc_default_options", 0,
+       profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS,
+                           KRB5_CONF_KDC_DEFAULT_OPTIONS, 0,
                            KDC_OPT_RENEWABLE_OK, &tmp);
        ctx->kdc_default_options = tmp;
 #define DEFAULT_KDC_TIMESYNC 1
-       profile_get_integer(ctx->profile, "libdefaults",
-                           "kdc_timesync", 0, DEFAULT_KDC_TIMESYNC,
+       profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS,
+                           KRB5_CONF_KDC_TIMESYNC, 0, DEFAULT_KDC_TIMESYNC,
                            &tmp);
        ctx->library_options = tmp ? KRB5_LIBOPT_SYNC_KDCTIME : 0;
 
@@ -236,7 +236,7 @@ init_common (krb5_context *context, krb5_boolean secure, krb5_boolean kdc)
         *      DCE 1.1 supports a cache type of 2.
         */
 #define DEFAULT_CCACHE_TYPE 4
-       profile_get_integer(ctx->profile, "libdefaults", "ccache_type",
+       profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, KRB5_CONF_CCACHE_TYPE,
                            0, DEFAULT_CCACHE_TYPE, &tmp);
        ctx->fcc_default_format = tmp + 0x0500;
        ctx->prompt_types = 0;
@@ -341,12 +341,12 @@ get_profile_etype_list(krb5_context context, krb5_enctype **ktypes, char *profst
           session key types.
         */
 
-       char *retval;
-       char *sp, *ep;
+       char *retval = NULL;
+       char *sp = NULL, *ep = NULL;
        int i, j, count;
        krb5_error_code code;
 
-       code = profile_get_string(context->profile, "libdefaults", profstr,
+       code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS, profstr,
                                  NULL, DEFAULT_ETYPE_LIST, &retval);
        if (code)
            return code;
@@ -406,7 +406,7 @@ get_profile_etype_list(krb5_context context, krb5_enctype **ktypes, char *profst
 krb5_error_code
 krb5_get_default_in_tkt_ktypes(krb5_context context, krb5_enctype **ktypes)
 {
-    return(get_profile_etype_list(context, ktypes, "default_tkt_enctypes",
+    return(get_profile_etype_list(context, ktypes, KRB5_CONF_DEFAULT_TKT_ENCTYPES,
                                  context->in_tkt_ktype_count,
                                  context->in_tkt_ktypes));
 }
@@ -464,10 +464,10 @@ krb5_get_tgs_ktypes(krb5_context context, krb5_const_principal princ, krb5_encty
     if (context->use_conf_ktypes)
        /* This one is set *only* by reading the config file; it's not
           set by the application.  */
-       return(get_profile_etype_list(context, ktypes, "default_tgs_enctypes",
+       return(get_profile_etype_list(context, ktypes, KRB5_CONF_DEFAULT_TKT_ENCTYPES,
                                      0, NULL));
     else
-       return(get_profile_etype_list(context, ktypes, "default_tgs_enctypes",
+       return(get_profile_etype_list(context, ktypes, KRB5_CONF_DEFAULT_TGS_ENCTYPES,
                                      context->tgs_ktype_count,
                                      context->tgs_ktypes));
 }
@@ -475,7 +475,7 @@ krb5_get_tgs_ktypes(krb5_context context, krb5_const_principal princ, krb5_encty
 krb5_error_code KRB5_CALLCONV
 krb5_get_permitted_enctypes(krb5_context context, krb5_enctype **ktypes)
 {
-    return(get_profile_etype_list(context, ktypes, "permitted_enctypes",
+    return(get_profile_etype_list(context, ktypes, KRB5_CONF_PERMITTED_ENCTYPES,
                                  context->tgs_ktype_count,
                                  context->tgs_ktypes));
 }
index ba4187ea649edb40d09066e7cf0492f015179777..6f53f5728b9cb45d256f1aa3f36c50c587eb7ee4 100644 (file)
@@ -115,7 +115,7 @@ krb5_verify_init_creds(krb5_context context,
               goto cleanup;
        } else if (krb5_libdefault_boolean(context,
                                          &creds->client->realm,
-                                         "verify_ap_req_nofail",
+                                         KRB5_CONF_VERIFY_AP_REQ_NOFAIL,
                                          &nofail)
                  == 0) {
           if (nofail)
index b886f17f1ae2fb14c6a1ddca399c1495632d6ca1..2c4e7047ddf25492d2bcb3417da57a65372844ce 100644 (file)
@@ -703,9 +703,9 @@ krb5_aname_to_localname(krb5_context context, krb5_const_principal aname, int ln
                 *
                 * [realms]->realm->"auth_to_local_names"->mapping_name
                 */
-               hierarchy[0] = "realms";
+               hierarchy[0] = KRB5_CONF_REALMS;
                hierarchy[1] = realm;
-               hierarchy[2] = "auth_to_local_names";
+               hierarchy[2] = KRB5_CONF_AUTH_TO_LOCAL_NAMES;
                hierarchy[3] = mname;
                hierarchy[4] = (char *) NULL;
                if (!(kret = profile_get_values(context->profile,
@@ -747,9 +747,9 @@ krb5_aname_to_localname(krb5_context context, krb5_const_principal aname, int ln
                     *  DEFAULT         - Use default rule.
                     * The first rule to find a match is used.
                     */
-                   hierarchy[0] = "realms";
+                   hierarchy[0] = KRB5_CONF_REALMS;
                    hierarchy[1] = realm;
-                   hierarchy[2] = "auth_to_local";
+                   hierarchy[2] = KRB5_CONF_AUTH_TO_LOCAL;
                    hierarchy[3] = (char *) NULL;
                    if (!(kret = profile_get_values(context->profile,
                                                    hierarchy,
index d30a914cd7de57b7c64d5d7627c8f9a4b365f61e..998e555d1a052e989d31945a94075ef7dad2903b 100644 (file)
@@ -84,8 +84,8 @@ krb5_get_default_realm(krb5_context context, char **lrealm)
          */
         context->default_realm = 0;
         if (context->profile != 0) {
-            retval = profile_get_string(context->profile, "libdefaults",
-                                        "default_realm", 0, 0,
+            retval = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
+                                        KRB5_CONF_DEFAULT_REALM, 0, 0,
                                         &realm);
 
             if (!retval && realm) {
@@ -210,7 +210,7 @@ krb5int_get_domain_realm_mapping(krb5_context context, const char *host, char **
     realm = (char *)NULL;
     temp_realm = 0;
     while (cp ) {
-        retval = profile_get_string(context->profile, "domain_realm", cp,
+        retval = profile_get_string(context->profile, KRB5_CONF_DOMAIN_REALM, cp,
                                     0, (char *)NULL, &temp_realm);
         if (retval)
             return retval;
index 31c77af6fe3866f0e2e2f7689fc00ac93f391dd0..1cac7514ca5cb4e6e6f7cff4f8ee45dd31b358e4 100644 (file)
@@ -68,9 +68,9 @@ krb5_get_krbhst(krb5_context context, const krb5_data *realm, char ***hostlist)
 
     rethosts = 0;
 
-    realm_kdc_names[0] = "realms";
+    realm_kdc_names[0] = KRB5_CONF_REALMS;
     realm_kdc_names[1] = realm->data;
-    realm_kdc_names[2] = "kdc";
+    realm_kdc_names[2] = KRB5_CONF_KDC;
     realm_kdc_names[3] = 0;
 
     if (context->profile == 0)
index fda0dfde2ce4d285a38ace58747f5de313c56205..839df8056093e326051d365ff08f9f4eeb274bd1 100644 (file)
@@ -234,7 +234,7 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp)
 #ifdef DEBUG_REFERRALS
         printf("  trying to look up %s in the domain_realm map\n",cp);
 #endif
-       retval = profile_get_string(context->profile, "domain_realm", cp,
+       retval = profile_get_string(context->profile, KRB5_CONF_DOMAIN_REALM, cp,
                                    0, (char *)NULL, &temp_realm);
        if (retval)
            return retval;
@@ -385,8 +385,8 @@ krb5_get_fallback_host_realm(krb5_context context, krb5_data *hdata, char ***rea
        int limit;
        errcode_t code;
 
-       code = profile_get_integer(context->profile, "libdefaults",
-                                  "realm_try_domains", 0, -1, &limit);
+       code = profile_get_integer(context->profile, KRB5_CONF_LIBDEFAULTS,
+                                  KRB5_CONF_REALM_TRY_DOMAINS, 0, -1, &limit);
        if (code == 0) {
            retval = domain_heuristic(context, local_host, &realm, limit);
            if (retval)
index 89bb35fcfb806d04aa65ec5136223a20bb4003e3..91f65858b5bf8e64add3c6109f3519c8c1165949 100644 (file)
@@ -51,8 +51,8 @@ krb5_kt_default_name(krb5_context context, char *name, int name_size)
        if (strlcpy(name, cp, namesize) >= namesize)
            return KRB5_CONFIG_NOTENUFSPACE;
     } else if ((profile_get_string(context->profile,
-                                  "libdefaults",
-                                  "default_keytab_name", NULL, 
+                                  KRB5_CONF_LIBDEFAULTS,
+                                  KRB5_CONF_DEFAULT_KEYTAB_NAME, NULL, 
                                   NULL, &retval) == 0) &&
               retval) {
        if (strlcpy(name, retval, namesize) >= namesize)
index 1007522474b7f4b09c5190931396b24554264c75..25079062a7f7101beee86573991c65137fb2af1f 100644 (file)
@@ -1247,7 +1247,7 @@ krb5_os_localaddr_profile (krb5_context context, struct localaddr_data *datap)
 {
     krb5_error_code err;
     static const char *const profile_name[] = {
-       "libdefaults", "extra_addresses", 0
+       KRB5_CONF_LIBDEFAULTS, KRB5_CONF_EXTRA_ADDRESSES, 0
     };
     char **values;
     char **iter;
index f10f3af1cded6e4c21a58801f26e0913173c10c6..7326435fa4f3d1c0f1fa1206f8ba09b539d9355c 100644 (file)
@@ -70,11 +70,11 @@ maybe_use_dns (krb5_context context, const char *name, int defalt)
     char * value = NULL;
     int use_dns = 0;
 
-    code = profile_get_string(context->profile, "libdefaults",
+    code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
                               name, 0, 0, &value);
     if (value == 0 && code == 0)
-       code = profile_get_string(context->profile, "libdefaults",
-                                 "dns_fallback", 0, 0, &value);
+       code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
+                                 KRB5_CONF_DNS_FALLBACK, 0, 0, &value);
     if (code)
         return defalt;
 
@@ -89,13 +89,13 @@ maybe_use_dns (krb5_context context, const char *name, int defalt)
 int
 _krb5_use_dns_kdc(krb5_context context)
 {
-    return maybe_use_dns (context, "dns_lookup_kdc", DEFAULT_LOOKUP_KDC);
+    return maybe_use_dns (context, KRB5_CONF_DNS_LOOKUP_KDC, DEFAULT_LOOKUP_KDC);
 }
 
 int
 _krb5_use_dns_realm(krb5_context context)
 {
-    return maybe_use_dns (context, "dns_lookup_realm", DEFAULT_LOOKUP_REALM);
+    return maybe_use_dns (context, KRB5_CONF_DNS_LOOKUP_REALM, DEFAULT_LOOKUP_REALM);
 }
 
 #endif /* KRB5_DNS_LOOKUP */
@@ -325,7 +325,7 @@ krb5_locate_srv_conf_1(krb5_context context, const krb5_data *realm,
 
     masterlist = NULL;
 
-    realm_srv_names[0] = "realms";
+    realm_srv_names[0] = KRB5_CONF_REALMS;
     realm_srv_names[1] = host;
     realm_srv_names[2] = name;
     realm_srv_names[3] = 0;
@@ -354,9 +354,9 @@ krb5_locate_srv_conf_1(krb5_context context, const krb5_data *realm,
     }
     
     if (get_masters) {
-       realm_srv_names[0] = "realms";
+       realm_srv_names[0] = KRB5_CONF_REALMS;
        realm_srv_names[1] = host;
-       realm_srv_names[2] = "admin_server";
+       realm_srv_names[2] = KRB5_CONF_ADMIN_SERVER;
        realm_srv_names[3] = 0;
 
        code = profile_get_values(context->profile, realm_srv_names,
@@ -712,7 +712,7 @@ prof_locate_server (krb5_context context, const krb5_data *realm,
 
     switch (svc) {
     case locate_service_kdc:
-       profname = "kdc";
+       profname = KRB5_CONF_KDC;
        /* We used to use /etc/services for these, but enough systems
           have old, crufty, wrong settings that this is probably
           better.  */
@@ -721,19 +721,19 @@ prof_locate_server (krb5_context context, const krb5_data *realm,
        dflport2 = htons(KRB5_DEFAULT_SEC_PORT);
        break;
     case locate_service_master_kdc:
-       profname = "master_kdc";
+       profname = KRB5_CONF_MASTER_KDC;
        goto kdc_ports;
     case locate_service_kadmin:
-       profname = "admin_server";
+       profname = KRB5_CONF_ADMIN_SERVER;
        dflport1 = htons(DEFAULT_KADM5_PORT);
        break;
     case locate_service_krb524:
-       profname = "krb524_server";
+       profname = KRB5_CONF_KRB524_SERVER;
        serv = getservbyname(KRB524_SERVICE, "udp");
        dflport1 = serv ? serv->s_port : htons (KRB524_PORT);
        break;
     case locate_service_kpasswd:
-       profname = "kpasswd_server";
+       profname = KRB5_CONF_KPASSWD_SERVER;
        dflport1 = htons(DEFAULT_KPASSWD_PORT);
        break;
     default:
index 43e6266ca3ca0a4d76f7ed21e070e4d37e697131..ed44e9d59278ba905317433ea3abb1f33423c93f 100644 (file)
@@ -51,8 +51,8 @@ krb5_get_realm_domain(krb5_context context, const char *realm, char **domain)
     krb5_error_code retval;
     char *temp_domain = 0;
 
-    retval = profile_get_string(context->profile, "realms", realm,
-                              "default_domain", realm, &temp_domain);
+    retval = profile_get_string(context->profile, KRB5_CONF_REALMS, realm,
+                              KRB5_CONF_DEFAULT_DOMAIN, realm, &temp_domain);
     if (!retval && temp_domain)
     {
         *domain = strdup(temp_domain);
index 971047b547b050297942b22c3dced31368ac8cd8..86f372299f0e1d7ac957804b3e43762a285e722c 100644 (file)
@@ -377,7 +377,7 @@ krb5_sendto_kdc (krb5_context context, const krb5_data *message,
     if (!tcp_only && context->udp_pref_limit < 0) {
        int tmp;
        retval = profile_get_integer(context->profile,
-                                    "libdefaults", "udp_preference_limit", 0,
+                                    KRB5_CONF_LIBDEFAULTS, KRB5_CONF_UDP_PREFERENCE_LIMIT, 0,
                                     DEFAULT_UDP_PREF_LIMIT, &tmp);
        if (retval)
            return retval;
index c300e2d42f82ea1663dfb28bd88b6b96b6d725ad..ee4f3bc11b8274f69ede703cb4cc28d24c8b0a8b 100644 (file)
@@ -47,8 +47,8 @@ maybe_use_reverse_dns (krb5_context context, int defalt)
     char * value = NULL;
     int use_rdns = 0;
 
-    code = profile_get_string(context->profile, "libdefaults",
-                              "rdns", 0, 0, &value);
+    code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
+                              KRB5_CONF_RDNS, 0, 0, &value);
     if (code)
         return defalt;
 
index f0734deb2a55a173c96345b356eb1739c3171f72..8625984d875beba77261c4a6e05255974ea5387d 100644 (file)
@@ -185,7 +185,7 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
      */
     if (ldap_context->max_server_conns == 0) {
        st = prof_get_integer_def (context, conf_section,
-                                  "ldap_conns_per_server",
+                                  KRB5_CONF_LDAP_CONNS_PER_SERVER,
                                   DEFAULT_CONNS_PER_SERVER,
                                   &ldap_context->max_server_conns);
        if (st)
@@ -208,9 +208,9 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
     if (ldap_context->bind_dn == NULL) {
        char *name = 0;
        if (srv_type == KRB5_KDB_SRV_TYPE_KDC)
-           name = "ldap_kdc_dn";
+           name = KRB5_CONF_LDAP_KDC_DN;
        else if (srv_type == KRB5_KDB_SRV_TYPE_ADMIN)
-           name = "ldap_kadmind_dn";
+           name = KRB5_CONF_LDAP_KADMIN_DN;
        else if (srv_type == KRB5_KDB_SRV_TYPE_PASSWD)
            name = "ldap_kpasswdd_dn";
 
@@ -229,7 +229,7 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
      */
     if (ldap_context->service_password_file == NULL) {
        st = prof_get_string_def (context, conf_section,
-                                 "ldap_service_password_file",
+                                 KRB5_CONF_LDAP_SERVICE_PASSWORD_FILE,
                                  &ldap_context->service_password_file);
        if (st)
            goto cleanup;
@@ -243,7 +243,7 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
      */
     if (ldap_context->root_certificate_file == NULL) {
        st = prof_get_string_def (context, conf_section,
-                                 "ldap_root_certificate_file",
+                                 KRB5_CONF_LDAP_ROOT_CERTIFICATE_FILE,
                                  &ldap_context->root_certificate_file);
        if (st)
            goto cleanup;
@@ -268,7 +268,7 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
        }
 
        if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, conf_section,
-                                  "ldap_servers", NULL, &tempval)) != 0) {
+                                  KRB5_CONF_LDAP_SERVERS, NULL, &tempval)) != 0) {
            krb5_set_error_message (context, st, "Error reading 'ldap_servers' attribute");
            goto cleanup;
        }
index 0d6da4dc549bebe13a67b3422798b2b10c90a350..13651c57aa73a5d9f592ce4bb23b2f94612f38ab 100644 (file)
@@ -548,7 +548,7 @@ verify_kdc_san(krb5_context context,
 
     retval = pkinit_libdefault_strings(context,
                                       krb5_princ_realm(context, kdcprinc), 
-                                      "pkinit_kdc_hostname",
+                                      KRB5_CONF_PKINIT_KDC_HOSTNAME,
                                       &cfghosts);
     if (retval || cfghosts == NULL) {
        pkiDebug("%s: No pkinit_kdc_hostname values found in config file\n",
@@ -936,19 +936,19 @@ pkinit_client_profile(krb5_context context,
             context, plgctx, reqctx, request);
 
     pkinit_libdefault_boolean(context, &request->server->realm,
-                             "pkinit_win2k",
+                             KRB5_CONF_PKINIT_WIN2K,
                              reqctx->opts->win2k_target,
                              &reqctx->opts->win2k_target);
     pkinit_libdefault_boolean(context, &request->server->realm,
-                             "pkinit_win2k_require_binding",
+                             KRB5_CONF_PKINIT_WIN2K_REQUIRE_BINDING,
                              reqctx->opts->win2k_require_cksum,
                              &reqctx->opts->win2k_require_cksum);
     pkinit_libdefault_boolean(context, &request->server->realm,
-                             "pkinit_require_crl_checking",
+                             KRB5_CONF_PKINIT_REQUIRE_CRL_CHECKING,
                              reqctx->opts->require_crl_checking,
                              &reqctx->opts->require_crl_checking);
     pkinit_libdefault_integer(context, &request->server->realm,
-                             "pkinit_dh_min_bits",
+                             KRB5_CONF_PKINIT_DH_MIN_BITS,
                              reqctx->opts->dh_size,
                              &reqctx->opts->dh_size);
     if (reqctx->opts->dh_size != 1024 && reqctx->opts->dh_size != 2048
@@ -959,7 +959,7 @@ pkinit_client_profile(krb5_context context,
        reqctx->opts->dh_size = PKINIT_DEFAULT_DH_MIN_BITS;
     }
     pkinit_libdefault_string(context, &request->server->realm,
-                            "pkinit_eku_checking",
+                            KRB5_CONF_PKINIT_EKU_CHECKING,
                             &eku_string);
     if (eku_string != NULL) {
        if (strcasecmp(eku_string, "kpKDC") == 0) {
@@ -980,7 +980,7 @@ pkinit_client_profile(krb5_context context,
 #ifdef LONGHORN_BETA_COMPAT
     /* Temporarily just set global flag from config file */
     pkinit_libdefault_boolean(context, &request->server->realm,
-                             "pkinit_longhorn",
+                             KRB5_CONF_PKINIT_LONGHORN,
                              0,
                              &longhorn);
 #endif
@@ -988,16 +988,16 @@ pkinit_client_profile(krb5_context context,
     /* Only process anchors here if they were not specified on command line */
     if (reqctx->idopts->anchors == NULL)
        pkinit_libdefault_strings(context, &request->server->realm,
-                                 "pkinit_anchors",
+                                 KRB5_CONF_PKINIT_ANCHORS,
                                  &reqctx->idopts->anchors);
     pkinit_libdefault_strings(context, &request->server->realm,
-                             "pkinit_pool",
+                             KRB5_CONF_PKINIT_POOL,
                              &reqctx->idopts->intermediates);
     pkinit_libdefault_strings(context, &request->server->realm,
-                             "pkinit_revoke",
+                             KRB5_CONF_PKINIT_REVOKE,
                              &reqctx->idopts->crls);
     pkinit_libdefault_strings(context, &request->server->realm,
-                             "pkinit_identities",
+                             KRB5_CONF_PKINIT_IDENTITIES,
                              &reqctx->idopts->identity_alt);
 }
 
index b790c38f760eb729b1680afdc9eb3fb1d5b8ea61..65f35993cf200c8684d5a3cd274cfea29a6856c3 100644 (file)
@@ -746,7 +746,7 @@ pkinit_cert_matching(krb5_context context,
 
     /* If no matching rules, select the default cert and we're done */
     pkinit_libdefault_strings(context, krb5_princ_realm(context, princ),
-                             "pkinit_cert_match", &rules);
+                             KRB5_CONF_PKINIT_CERT_MATCH, &rules);
     if (rules == NULL) {
        pkiDebug("%s: no matching rules found in config file\n", __FUNCTION__);
        retval = crypto_cert_select_default(context, plg_cryptoctx,
index 1f7045aca8766d085dc11674c256d5fadf244397..6b1b45b26ca8068ee8f865375c0c7360db127c1b 100644 (file)
@@ -114,7 +114,7 @@ pkinit_kdcdefault_strings(krb5_context context, const char *realmname,
         *          }
         */
 
-       names[0] = "realms";
+       names[0] = KRB5_CONF_REALMS;
        names[1] = realmname;
        names[2] = option;
        names[3] = 0;
@@ -130,7 +130,7 @@ pkinit_kdcdefault_strings(krb5_context context, const char *realmname,
      *     option = <value>
      */
 
-    names[0] = "kdcdefaults";
+    names[0] = KRB5_CONF_KDCDEFAULTS;
     names[1] = option;
     names[2] = 0;
     retval = profile_get_values(profile, names, &values);
@@ -256,7 +256,7 @@ pkinit_libdefault_strings(krb5_context context, const krb5_data *realm,
         *        }
         */
 
-       names[0] = "libdefaults";
+       names[0] = KRB5_CONF_LIBDEFAULTS;
        names[1] = realmstr;
        names[2] = option;
        names[3] = 0;
@@ -273,7 +273,7 @@ pkinit_libdefault_strings(krb5_context context, const krb5_data *realm,
         *      }
         */
 
-       names[0] = "realms";
+       names[0] = KRB5_CONF_REALMS;
        names[1] = realmstr;
        names[2] = option;
        names[3] = 0;
@@ -289,7 +289,7 @@ pkinit_libdefault_strings(krb5_context context, const krb5_data *realm,
      *       option = <value>
      */
 
-    names[0] = "libdefaults";
+    names[0] = KRB5_CONF_LIBDEFAULTS;
     names[1] = option;
     names[2] = 0;
     retval = profile_get_values(profile, names, &values);
index 595a3d04d1b3e7ec4668cdd0a5c3b440bcbff0ea..228815511d3aa1f32a15829c937c0443d3578557 100644 (file)
@@ -1092,7 +1092,7 @@ pkinit_init_kdc_profile(krb5_context context, pkinit_kdc_context plgctx)
 
     pkiDebug("%s: entered for realm %s\n", __FUNCTION__, plgctx->realmname);
     retval = pkinit_kdcdefault_string(context, plgctx->realmname,
-                                     "pkinit_identity",
+                                     KRB5_CONF_PKINIT_IDENTITY,
                                      &plgctx->idopts->identity);
     if (retval != 0 || NULL == plgctx->idopts->identity) {
        retval = EINVAL;
@@ -1103,7 +1103,7 @@ pkinit_init_kdc_profile(krb5_context context, pkinit_kdc_context plgctx)
     }
 
     retval = pkinit_kdcdefault_strings(context, plgctx->realmname,
-                                      "pkinit_anchors",
+                                      KRB5_CONF_PKINIT_ANCHORS,
                                       &plgctx->idopts->anchors);
     if (retval != 0 || NULL == plgctx->idopts->anchors) {
        retval = EINVAL;
@@ -1114,26 +1114,26 @@ pkinit_init_kdc_profile(krb5_context context, pkinit_kdc_context plgctx)
     }
 
     pkinit_kdcdefault_strings(context, plgctx->realmname,
-                             "pkinit_pool",
+                             KRB5_CONF_PKINIT_POOL,
                              &plgctx->idopts->intermediates);
 
     pkinit_kdcdefault_strings(context, plgctx->realmname,
-                             "pkinit_revoke",
+                             KRB5_CONF_PKINIT_REVOKE,
                              &plgctx->idopts->crls);
 
     pkinit_kdcdefault_string(context, plgctx->realmname,
-                            "pkinit_kdc_ocsp",
+                            KRB5_CONF_PKINIT_KDC_OCSP,
                             &plgctx->idopts->ocsp);
 
     pkinit_kdcdefault_string(context, plgctx->realmname,
-                            "pkinit_mappings_file",
+                            KRB5_CONF_PKINIT_MAPPING_FILE,
                             &plgctx->idopts->dn_mapping_file);
 
     pkinit_kdcdefault_integer(context, plgctx->realmname,
-                             "pkinit_dh_min_bits",
+                             KRB5_CONF_PKINIT_DH_MIN_BITS,
                              PKINIT_DEFAULT_DH_MIN_BITS,
                              &plgctx->opts->dh_min_bits);
-    if (plgctx->opts->dh_min_bits < 1024) {
+    if (plgctx->opts->dh_min_bits < PKINIT_DEFAULT_DH_MIN_BITS) {
        pkiDebug("%s: invalid value (%d) for pkinit_dh_min_bits, "
                 "using default value (%d) instead\n", __FUNCTION__,
                 plgctx->opts->dh_min_bits, PKINIT_DEFAULT_DH_MIN_BITS);
@@ -1141,15 +1141,15 @@ pkinit_init_kdc_profile(krb5_context context, pkinit_kdc_context plgctx)
     }
 
     pkinit_kdcdefault_boolean(context, plgctx->realmname,
-                             "pkinit_allow_upn",
+                             KRB5_CONF_PKINIT_ALLOW_UPN,
                              0, &plgctx->opts->allow_upn);
 
     pkinit_kdcdefault_boolean(context, plgctx->realmname,
-                             "pkinit_require_crl_checking",
+                             KRB5_CONF_PKINIT_REQUIRE_CRL_CHECKING,
                              0, &plgctx->opts->require_crl_checking);
 
     pkinit_kdcdefault_string(context, plgctx->realmname,
-                            "pkinit_eku_checking",
+                            KRB5_CONF_PKINIT_EKU_CHECKING,
                             &eku_string);
     if (eku_string != NULL) {
        if (strcasecmp(eku_string, "kpClientAuth") == 0) {