5 let comment = Inifile.comment IniFile.comment_re "#"
6 let empty = Inifile.empty
8 let dels = Util.del_str
10 let indent = del /[ \t]*/ ""
11 let comma_or_space_sep = del /[ \t,]{1,}/ " "
12 let eq = del /[ \t]*=[ \t]*/ " = "
13 let eq_openbr = del /[ \t]*=[ \t\n]*\{[ \t]*\n/ " = {\n"
14 let closebr = del /[ \t]*\}/ "}"
16 (* These two regexps for realms and apps are not entirely true
17 - strictly speaking, there's no requirement that a realm is all upper case
18 and an application only uses lowercase. But it's what's used in practice.
20 Without that distinction we couldn't distinguish between applications
21 and realms in the [appdefaults] section.
24 let realm_re = /[A-Z][.a-zA-Z0-9-]*/
25 let realm_anycase_re = /[A-Za-z][.a-zA-Z0-9-]*/
26 let app_re = /[a-z][a-zA-Z0-9_]*/
27 let name_re = /[.a-zA-Z0-9_-]+/
29 let value_br = store /[^;# \t\r\n{}]+/
30 let value = store /[^;# \t\r\n]+/
31 let entry (kw:regexp) (sep:lens) (value:lens) (comment:lens)
32 = [ indent . key kw . sep . value . (comment|eol) ] | comment
34 let subsec_entry (kw:regexp) (sep:lens) (comment:lens)
35 = ( entry kw sep value_br comment ) | empty
37 let simple_section (n:string) (k:regexp) =
38 let title = Inifile.indented_title n in
39 let entry = entry k eq value comment in
40 Inifile.record title entry
42 let record (t:string) (e:lens) =
43 let title = Inifile.indented_title t in
44 Inifile.record title e
46 let v4_name_convert (subsec:lens) = [ indent . key "v4_name_convert" .
47 eq_openbr . subsec* . closebr . eol ]
50 For the enctypes this appears to be a list of the valid entries:
51 c4-hmac arcfour-hmac aes128-cts rc4-hmac
52 arcfour-hmac-md5 des3-cbc-sha1 des-cbc-md5 des-cbc-crc
54 let enctype_re = /[a-zA-Z0-9-]{3,}/
55 let enctypes = /permitted_enctypes|default_tgs_enctypes|default_tkt_enctypes/i
57 (* An #eol label prevents ambiguity between "k = v1 v2" and "k = v1\n k = v2" *)
58 let enctype_list (nr:regexp) (ns:string) =
59 indent . del nr ns . eq
60 . Build.opt_list [ label ns . store enctype_re ] comma_or_space_sep
61 . (comment|eol) . [ label "#eol" ]
64 let option = entry (name_re - ("v4_name_convert" |enctypes)) eq value comment in
65 let enctype_lists = enctype_list /permitted_enctypes/i "permitted_enctypes"
66 | enctype_list /default_tgs_enctypes/i "default_tgs_enctypes"
67 | enctype_list /default_tkt_enctypes/i "default_tkt_enctypes" in
68 let subsec = [ indent . key /host|plain/ . eq_openbr .
69 (subsec_entry name_re eq comment)* . closebr . eol ] in
70 record "libdefaults" (option|enctype_lists|v4_name_convert subsec)
73 let keys = /krb[45]_get_tickets|krb4_convert|krb_run_aklog/
74 |/aklog_path|accept_passwd/ in
75 simple_section "login" keys
78 let option = entry (name_re - ("realm" | "application")) eq value_br comment in
79 let realm = [ indent . label "realm" . store realm_re .
80 eq_openbr . (option|empty)* . closebr . eol ] in
81 let app = [ indent . label "application" . store app_re .
82 eq_openbr . (realm|option|empty)* . closebr . eol] in
83 record "appdefaults" (option|realm|app)
86 let simple_option = /kdc|admin_server|database_module|default_domain/
87 |/v4_realm|auth_to_local(_names)?|master_kdc|kpasswd_server/
88 |/admin_server|ticket_lifetime|pkinit_anchors|krb524_server/ in
89 let subsec_option = /v4_instance_convert/ in
90 let option = subsec_entry simple_option eq comment in
91 let subsec = [ indent . key subsec_option . eq_openbr .
92 (subsec_entry name_re eq comment)* . closebr . eol ] in
93 let v4subsec = [ indent . key /host|plain/ . eq_openbr .
94 (subsec_entry name_re eq comment)* . closebr . eol ] in
95 let realm = [ indent . label "realm" . store realm_anycase_re .
96 eq_openbr . (option|subsec|(v4_name_convert v4subsec))* .
98 record "realms" (realm|comment)
101 simple_section "domain_realm" name_re
104 let keys = /kdc|admin_server|default/ in
105 let xchg (m:regexp) (d:string) (l:string) =
107 let xchgs (m:string) (l:string) = xchg m m l in
109 [ xchg /FILE[=:]/ "FILE=" "file" . value ]
110 |[ xchgs "STDERR" "stderr" ]
111 |[ xchgs "CONSOLE" "console" ]
112 |[ xchgs "DEVICE=" "device" . value ]
113 |[ xchgs "SYSLOG" "syslog" .
114 ([ xchgs ":" "severity" . store /[A-Za-z0-9]+/ ].
115 [ xchgs ":" "facility" . store /[A-Za-z0-9]+/ ]?)? ] in
116 let entry = [ indent . key keys . eq . dest . (comment|eol) ] | comment in
117 record "logging" entry
120 let realm = [ indent . key realm_re .
122 (entry realm_re eq value_br comment)* . closebr . eol ] in
123 record "capaths" (realm|comment)
126 let keys = /database_module|ldap_kerberos_container_dn|ldap_kdc_dn/
127 |/ldap_kadmind_dn|ldap_service_password_file|ldap_servers/
128 |/ldap_conns_per_server/ in
129 simple_section "dbdefaults" keys
132 let keys = /db_library|ldap_kerberos_container_dn|ldap_kdc_dn/
133 |/ldap_kadmind_dn|ldap_service_password_file|ldap_servers/
134 |/ldap_conns_per_server/ in
135 simple_section "dbmodules" keys
137 (* This section is not documented in the krb5.conf manpage,
138 but the Fermi example uses it. *)
139 let instance_mapping =
140 let value = dels "\"" . store /[^;# \t\r\n{}]*/ . dels "\"" in
141 let map_node = label "mapping" . store /[a-zA-Z0-9\/*]+/ in
142 let mapping = [ indent . map_node . eq .
143 [ label "value" . value ] . (comment|eol) ] in
144 let instance = [ indent . key name_re .
145 eq_openbr . (mapping|comment)* . closebr . eol ] in
146 record "instancemapping" instance
149 simple_section "kdc" /profile/
152 simple_section "pam" name_re
154 let lns = (comment|empty)* .
155 (libdefaults|login|appdefaults|realms|domain_realm
156 |logging|capaths|dbdefaults|dbmodules|instance_mapping|kdc|pam)*
158 let xfm = transform lns (incl "/etc/krb5.conf")