|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
Packit |
fd8b60 |
<head>
|
|
Packit |
fd8b60 |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
Packit |
fd8b60 |
<title>Configuration interface (profile) — MIT Kerberos Documentation</title>
|
|
Packit |
fd8b60 |
<link rel="stylesheet" href="../_static/agogo.css" type="text/css" />
|
|
Packit |
fd8b60 |
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
|
|
Packit |
fd8b60 |
<link rel="stylesheet" href="../_static/kerb.css" type="text/css" />
|
|
Packit |
fd8b60 |
<script type="text/javascript">
|
|
Packit |
fd8b60 |
var DOCUMENTATION_OPTIONS = {
|
|
Packit |
fd8b60 |
URL_ROOT: '../',
|
|
Packit |
fd8b60 |
VERSION: '1.18.2',
|
|
Packit |
fd8b60 |
COLLAPSE_INDEX: false,
|
|
Packit |
fd8b60 |
FILE_SUFFIX: '.html',
|
|
Packit |
fd8b60 |
HAS_SOURCE: true,
|
|
Packit |
fd8b60 |
SOURCELINK_SUFFIX: '.txt'
|
|
Packit |
fd8b60 |
};
|
|
Packit |
fd8b60 |
</script>
|
|
Packit |
fd8b60 |
<script type="text/javascript" src="../_static/jquery.js"></script>
|
|
Packit |
fd8b60 |
<script type="text/javascript" src="../_static/underscore.js"></script>
|
|
Packit |
fd8b60 |
<script type="text/javascript" src="../_static/doctools.js"></script>
|
|
Packit |
fd8b60 |
<link rel="author" title="About these documents" href="../about.html" />
|
|
Packit |
fd8b60 |
<link rel="index" title="Index" href="../genindex.html" />
|
|
Packit |
fd8b60 |
<link rel="search" title="Search" href="../search.html" />
|
|
Packit |
fd8b60 |
<link rel="copyright" title="Copyright" href="../copyright.html" />
|
|
Packit |
fd8b60 |
<link rel="next" title="GSSAPI mechanism interface" href="gssapi.html" />
|
|
Packit |
fd8b60 |
<link rel="prev" title="Server location interface (locate)" href="locate.html" />
|
|
Packit |
fd8b60 |
</head>
|
|
Packit |
fd8b60 |
<body>
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
accesskey="C">Contents |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
accesskey="P">previous |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
accesskey="N">next |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
accesskey="I">index |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
accesskey="S">Search |
|
|
Packit |
fd8b60 |
feedback
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
Configuration interface (profile)¶
|
|
Packit |
fd8b60 |
The profile interface allows a module to control how krb5
|
|
Packit |
fd8b60 |
configuration information is obtained by the Kerberos library and
|
|
Packit |
fd8b60 |
applications. For a detailed description of the profile interface,
|
|
Packit |
fd8b60 |
see the header file <profile.h>.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
Note
|
|
Packit |
fd8b60 |
The profile interface does not follow the normal conventions
|
|
Packit |
fd8b60 |
for MIT krb5 pluggable interfaces, because it is part of a
|
|
Packit |
fd8b60 |
lower-level component of the krb5 library.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
As with other types of plugin modules, a profile module is a Unix
|
|
Packit |
fd8b60 |
shared object or Windows DLL, built separately from the krb5 tree.
|
|
Packit |
fd8b60 |
The krb5 library will dynamically load and use a profile plugin module
|
|
Packit |
fd8b60 |
if it reads a module directive at the beginning of krb5.conf, as
|
|
Packit |
fd8b60 |
described in Configuration profile modules.
|
|
Packit |
fd8b60 |
A profile module exports a function named profile_module_init
|
|
Packit |
fd8b60 |
matching the signature of the profile_module_init_fn type. This
|
|
Packit |
fd8b60 |
function accepts a residual string, which may be used to help locate
|
|
Packit |
fd8b60 |
the configuration source. The function fills in a vtable and may also
|
|
Packit |
fd8b60 |
create a per-profile state object. If the module uses state objects,
|
|
Packit |
fd8b60 |
it should implement the copy and cleanup methods to manage
|
|
Packit |
fd8b60 |
them.
|
|
Packit |
fd8b60 |
A basic read-only profile module need only implement the
|
|
Packit |
fd8b60 |
get_values and free_values methods. The get_values method
|
|
Packit |
fd8b60 |
accepts a null-terminated list of C string names (e.g., an array
|
|
Packit |
fd8b60 |
containing “libdefaults”, “clockskew”, and NULL for the clockskew
|
|
Packit |
fd8b60 |
variable in the [libdefaults] section) and returns a
|
|
Packit |
fd8b60 |
null-terminated list of values, which will be cleaned up with the
|
|
Packit |
fd8b60 |
free_values method when the caller is done with them.
|
|
Packit |
fd8b60 |
Iterable profile modules must also define the iterator_create,
|
|
Packit |
fd8b60 |
iterator, iterator_free, and free_string methods. The
|
|
Packit |
fd8b60 |
core krb5 code does not require profiles to be iterable, but some
|
|
Packit |
fd8b60 |
applications may iterate over the krb5 profile object in order to
|
|
Packit |
fd8b60 |
present configuration interfaces.
|
|
Packit |
fd8b60 |
Writable profile modules must also define the writable,
|
|
Packit |
fd8b60 |
modified, update_relation, rename_section,
|
|
Packit |
fd8b60 |
add_relation, and flush methods. The core krb5 code does not
|
|
Packit |
fd8b60 |
require profiles to be writable, but some applications may write to
|
|
Packit |
fd8b60 |
the krb5 profile in order to present configuration interfaces.
|
|
Packit |
fd8b60 |
The following is an example of a very basic read-only profile module
|
|
Packit |
fd8b60 |
which returns a hardcoded value for the default_realm variable in
|
|
Packit |
fd8b60 |
[libdefaults], and provides no other configuration information.
|
|
Packit |
fd8b60 |
(For conciseness, the example omits code for checking the return
|
|
Packit |
fd8b60 |
values of malloc and strdup.)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#include <string.h>
|
|
Packit |
fd8b60 |
#include <profile.h>
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
static long
|
|
Packit |
fd8b60 |
get_values(void *cbdata, const char *const *names, char ***values)
|
|
Packit |
fd8b60 |
{
|
|
Packit |
fd8b60 |
if (names[0] != NULL && strcmp(names[0], "libdefaults") == 0 &&
|
|
Packit |
fd8b60 |
names[1] != NULL && strcmp(names[1], "default_realm") == 0) {
|
|
Packit |
fd8b60 |
*values = malloc(2 * sizeof(char *));
|
|
Packit |
fd8b60 |
(*values)[0] = strdup("ATHENA.MIT.EDU");
|
|
Packit |
fd8b60 |
(*values)[1] = NULL;
|
|
Packit |
fd8b60 |
return 0;
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
return PROF_NO_RELATION;
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
static void
|
|
Packit |
fd8b60 |
free_values(void *cbdata, char **values)
|
|
Packit |
fd8b60 |
{
|
|
Packit |
fd8b60 |
char **v;
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
for (v = values; *v; v++)
|
|
Packit |
fd8b60 |
free(*v);
|
|
Packit |
fd8b60 |
free(values);
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
long
|
|
Packit |
fd8b60 |
profile_module_init(const char *residual, struct profile_vtable *vtable,
|
|
Packit |
fd8b60 |
void **cb_ret);
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
long
|
|
Packit |
fd8b60 |
profile_module_init(const char *residual, struct profile_vtable *vtable,
|
|
Packit |
fd8b60 |
void **cb_ret)
|
|
Packit |
fd8b60 |
{
|
|
Packit |
fd8b60 |
*cb_ret = NULL;
|
|
Packit |
fd8b60 |
vtable->get_values = get_values;
|
|
Packit |
fd8b60 |
vtable->free_values = free_values;
|
|
Packit |
fd8b60 |
return 0;
|
|
Packit |
fd8b60 |
}
|