1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
|
<!DOCTYPE html>
<html lang="en" data-content_root="../">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Configuration interface (profile) — MIT Kerberos Documentation</title>
<link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" />
<link rel="stylesheet" type="text/css" href="../_static/agogo.css?v=879f3c71" />
<link rel="stylesheet" type="text/css" href="../_static/kerb.css?v=6a0b3979" />
<script src="../_static/documentation_options.js?v=6dbce55c"></script>
<script src="../_static/doctools.js?v=888ff710"></script>
<script src="../_static/sphinx_highlight.js?v=dc90522c"></script>
<link rel="author" title="About these documents" href="../about.html" />
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
<link rel="copyright" title="Copyright" href="../copyright.html" />
<link rel="next" title="GSSAPI mechanism interface" href="gssapi.html" />
<link rel="prev" title="Server location interface (locate)" href="locate.html" />
</head><body>
<div class="header-wrapper">
<div class="header">
<h1><a href="../index.html">MIT Kerberos Documentation</a></h1>
<div class="rel">
<a href="../index.html" title="Full Table of Contents"
accesskey="C">Contents</a> |
<a href="locate.html" title="Server location interface (locate)"
accesskey="P">previous</a> |
<a href="gssapi.html" title="GSSAPI mechanism interface"
accesskey="N">next</a> |
<a href="../genindex.html" title="General Index"
accesskey="I">index</a> |
<a href="../search.html" title="Enter search criteria"
accesskey="S">Search</a> |
<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Configuration interface (profile)">feedback</a>
</div>
</div>
</div>
<div class="content-wrapper">
<div class="content">
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body" role="main">
<section id="configuration-interface-profile">
<span id="profile-plugin"></span><h1>Configuration interface (profile)<a class="headerlink" href="#configuration-interface-profile" title="Link to this heading">¶</a></h1>
<p>The profile interface allows a module to control how krb5
configuration information is obtained by the Kerberos library and
applications. For a detailed description of the profile interface,
see the header file <code class="docutils literal notranslate"><span class="pre"><profile.h></span></code>.</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>The profile interface does not follow the normal conventions
for MIT krb5 pluggable interfaces, because it is part of a
lower-level component of the krb5 library.</p>
</div>
<p>As with other types of plugin modules, a profile module is a Unix
shared object or Windows DLL, built separately from the krb5 tree.
The krb5 library will dynamically load and use a profile plugin module
if it reads a <code class="docutils literal notranslate"><span class="pre">module</span></code> directive at the beginning of krb5.conf, as
described in <a class="reference internal" href="../admin/host_config.html#profile-plugin-config"><span class="std std-ref">Configuration profile modules</span></a>.</p>
<p>A profile module exports a function named <code class="docutils literal notranslate"><span class="pre">profile_module_init</span></code>
matching the signature of the profile_module_init_fn type. This
function accepts a residual string, which may be used to help locate
the configuration source. The function fills in a vtable and may also
create a per-profile state object. If the module uses state objects,
it should implement the <strong>copy</strong> and <strong>cleanup</strong> methods to manage
them.</p>
<p>A basic read-only profile module need only implement the
<strong>get_values</strong> and <strong>free_values</strong> methods. The <strong>get_values</strong> method
accepts a null-terminated list of C string names (e.g., an array
containing “libdefaults”, “clockskew”, and NULL for the <strong>clockskew</strong>
variable in the <a class="reference internal" href="../admin/conf_files/krb5_conf.html#libdefaults"><span class="std std-ref">[libdefaults]</span></a> section) and returns a
null-terminated list of values, which will be cleaned up with the
<strong>free_values</strong> method when the caller is done with them.</p>
<p>Iterable profile modules must also define the <strong>iterator_create</strong>,
<strong>iterator</strong>, <strong>iterator_free</strong>, and <strong>free_string</strong> methods. The
core krb5 code does not require profiles to be iterable, but some
applications may iterate over the krb5 profile object in order to
present configuration interfaces.</p>
<p>Writable profile modules must also define the <strong>writable</strong>,
<strong>modified</strong>, <strong>update_relation</strong>, <strong>rename_section</strong>,
<strong>add_relation</strong>, and <strong>flush</strong> methods. The core krb5 code does not
require profiles to be writable, but some applications may write to
the krb5 profile in order to present configuration interfaces.</p>
<p>The following is an example of a very basic read-only profile module
which returns a hardcoded value for the <strong>default_realm</strong> variable in
<a class="reference internal" href="../admin/conf_files/krb5_conf.html#libdefaults"><span class="std std-ref">[libdefaults]</span></a>, and provides no other configuration information.
(For conciseness, the example omits code for checking the return
values of malloc and strdup.)</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="c1">#include <stdlib.h></span>
<span class="c1">#include <string.h></span>
<span class="c1">#include <profile.h></span>
<span class="n">static</span> <span class="n">long</span>
<span class="n">get_values</span><span class="p">(</span><span class="n">void</span> <span class="o">*</span><span class="n">cbdata</span><span class="p">,</span> <span class="n">const</span> <span class="n">char</span> <span class="o">*</span><span class="n">const</span> <span class="o">*</span><span class="n">names</span><span class="p">,</span> <span class="n">char</span> <span class="o">***</span><span class="n">values</span><span class="p">)</span>
<span class="p">{</span>
<span class="k">if</span> <span class="p">(</span><span class="n">names</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">!=</span> <span class="n">NULL</span> <span class="o">&&</span> <span class="n">strcmp</span><span class="p">(</span><span class="n">names</span><span class="p">[</span><span class="mi">0</span><span class="p">],</span> <span class="s2">"libdefaults"</span><span class="p">)</span> <span class="o">==</span> <span class="mi">0</span> <span class="o">&&</span>
<span class="n">names</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="o">!=</span> <span class="n">NULL</span> <span class="o">&&</span> <span class="n">strcmp</span><span class="p">(</span><span class="n">names</span><span class="p">[</span><span class="mi">1</span><span class="p">],</span> <span class="s2">"default_realm"</span><span class="p">)</span> <span class="o">==</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span>
<span class="o">*</span><span class="n">values</span> <span class="o">=</span> <span class="n">malloc</span><span class="p">(</span><span class="mi">2</span> <span class="o">*</span> <span class="n">sizeof</span><span class="p">(</span><span class="n">char</span> <span class="o">*</span><span class="p">));</span>
<span class="p">(</span><span class="o">*</span><span class="n">values</span><span class="p">)[</span><span class="mi">0</span><span class="p">]</span> <span class="o">=</span> <span class="n">strdup</span><span class="p">(</span><span class="s2">"ATHENA.MIT.EDU"</span><span class="p">);</span>
<span class="p">(</span><span class="o">*</span><span class="n">values</span><span class="p">)[</span><span class="mi">1</span><span class="p">]</span> <span class="o">=</span> <span class="n">NULL</span><span class="p">;</span>
<span class="k">return</span> <span class="mi">0</span><span class="p">;</span>
<span class="p">}</span>
<span class="k">return</span> <span class="n">PROF_NO_RELATION</span><span class="p">;</span>
<span class="p">}</span>
<span class="n">static</span> <span class="n">void</span>
<span class="n">free_values</span><span class="p">(</span><span class="n">void</span> <span class="o">*</span><span class="n">cbdata</span><span class="p">,</span> <span class="n">char</span> <span class="o">**</span><span class="n">values</span><span class="p">)</span>
<span class="p">{</span>
<span class="n">char</span> <span class="o">**</span><span class="n">v</span><span class="p">;</span>
<span class="k">for</span> <span class="p">(</span><span class="n">v</span> <span class="o">=</span> <span class="n">values</span><span class="p">;</span> <span class="o">*</span><span class="n">v</span><span class="p">;</span> <span class="n">v</span><span class="o">++</span><span class="p">)</span>
<span class="n">free</span><span class="p">(</span><span class="o">*</span><span class="n">v</span><span class="p">);</span>
<span class="n">free</span><span class="p">(</span><span class="n">values</span><span class="p">);</span>
<span class="p">}</span>
<span class="n">long</span>
<span class="n">profile_module_init</span><span class="p">(</span><span class="n">const</span> <span class="n">char</span> <span class="o">*</span><span class="n">residual</span><span class="p">,</span> <span class="n">struct</span> <span class="n">profile_vtable</span> <span class="o">*</span><span class="n">vtable</span><span class="p">,</span>
<span class="n">void</span> <span class="o">**</span><span class="n">cb_ret</span><span class="p">);</span>
<span class="n">long</span>
<span class="n">profile_module_init</span><span class="p">(</span><span class="n">const</span> <span class="n">char</span> <span class="o">*</span><span class="n">residual</span><span class="p">,</span> <span class="n">struct</span> <span class="n">profile_vtable</span> <span class="o">*</span><span class="n">vtable</span><span class="p">,</span>
<span class="n">void</span> <span class="o">**</span><span class="n">cb_ret</span><span class="p">)</span>
<span class="p">{</span>
<span class="o">*</span><span class="n">cb_ret</span> <span class="o">=</span> <span class="n">NULL</span><span class="p">;</span>
<span class="n">vtable</span><span class="o">-></span><span class="n">get_values</span> <span class="o">=</span> <span class="n">get_values</span><span class="p">;</span>
<span class="n">vtable</span><span class="o">-></span><span class="n">free_values</span> <span class="o">=</span> <span class="n">free_values</span><span class="p">;</span>
<span class="k">return</span> <span class="mi">0</span><span class="p">;</span>
<span class="p">}</span>
</pre></div>
</div>
</section>
<div class="clearer"></div>
</div>
</div>
</div>
</div>
<div class="sidebar">
<h2>On this page</h2>
<ul>
<li><a class="reference internal" href="#">Configuration interface (profile)</a></li>
</ul>
<br/>
<h2>Table of contents</h2>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li>
<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li>
<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li>
<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li>
<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li>
<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li>
<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li>
<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li>
<li class="toctree-l2"><a class="reference internal" href="kadm5_auth.html">kadmin authorization interface (kadm5_auth)</a></li>
<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li>
<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li>
<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li>
<li class="toctree-l2 current"><a class="current reference internal" href="#">Configuration interface (profile)</a></li>
<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li>
<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li>
<li class="toctree-l2"><a class="reference internal" href="certauth.html">PKINIT certificate authorization interface (certauth)</a></li>
<li class="toctree-l2"><a class="reference internal" href="kdcpolicy.html">KDC policy interface (kdcpolicy)</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li>
<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li>
<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li>
<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li>
<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li>
<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li>
<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li>
</ul>
<br/>
<h4><a href="../index.html">Full Table of Contents</a></h4>
<h4>Search</h4>
<form class="search" action="../search.html" method="get">
<input type="text" name="q" size="18" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
<div class="clearer"></div>
</div>
</div>
<div class="footer-wrapper">
<div class="footer" >
<div class="right" ><i>Release: 1.22.1</i><br />
© <a href="../copyright.html">Copyright</a> 1985-2025, MIT.
</div>
<div class="left">
<a href="../index.html" title="Full Table of Contents"
>Contents</a> |
<a href="locate.html" title="Server location interface (locate)"
>previous</a> |
<a href="gssapi.html" title="GSSAPI mechanism interface"
>next</a> |
<a href="../genindex.html" title="General Index"
>index</a> |
<a href="../search.html" title="Enter search criteria"
>Search</a> |
<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Configuration interface (profile)">feedback</a>
</div>
</div>
</div>
</body>
</html>
|
