5 let comment = Inifile.comment IniFile.comment_re "#"
6 let empty = Inifile.empty
8 let dels = Util.del_str
10 let indent = del /[ \t]*/ ""
11 let comma_or_space_sep = del /[ \t,]{1,}/ " "
12 let eq = del /[ \t]*=[ \t]*/ " = "
13 let eq_openbr = del /[ \t]*=[ \t\n]*\{[ \t]*\n/ " = {\n"
14 let closebr = del /[ \t]*\}/ "}"
16 (* These two regexps for realms and apps are not entirely true
17 - strictly speaking, there's no requirement that a realm is all upper case
18 and an application only uses lowercase. But it's what's used in practice.
20 Without that distinction we couldn't distinguish between applications
21 and realms in the [appdefaults] section.
24 let include_re = /include(dir)?/
25 let realm_re = /[A-Z0-9][.a-zA-Z0-9-]*/
26 let realm_anycase_re = /[A-Za-z0-9][.a-zA-Z0-9-]*/
27 let app_re = /[a-z][a-zA-Z0-9_]*/
28 let name_re = /[.a-zA-Z0-9_-]+/ - include_re
30 let value_br = store /[^;# \t\r\n{}]+/
31 let value = store /[^;# \t\r\n]+/
32 let entry (kw:regexp) (sep:lens) (value:lens) (comment:lens)
33 = [ indent . key kw . sep . value . (comment|eol) ] | comment
35 let subsec_entry (kw:regexp) (sep:lens) (comment:lens)
36 = ( entry kw sep value_br comment ) | empty
38 let simple_section (n:string) (k:regexp) =
39 let title = Inifile.indented_title n in
40 let entry = entry k eq value comment in
41 Inifile.record title entry
43 let record (t:string) (e:lens) =
44 let title = Inifile.indented_title t in
45 Inifile.record title e
47 let v4_name_convert (subsec:lens) = [ indent . key "v4_name_convert" .
48 eq_openbr . subsec* . closebr . eol ]
51 For the enctypes this appears to be a list of the valid entries:
52 c4-hmac arcfour-hmac aes128-cts rc4-hmac
53 arcfour-hmac-md5 des3-cbc-sha1 des-cbc-md5 des-cbc-crc
55 let enctype_re = /[a-zA-Z0-9-]{3,}/
56 let enctypes = /permitted_enctypes|default_tgs_enctypes|default_tkt_enctypes/i
58 (* An #eol label prevents ambiguity between "k = v1 v2" and "k = v1\n k = v2" *)
59 let enctype_list (nr:regexp) (ns:string) =
60 indent . del nr ns . eq
61 . Build.opt_list [ label ns . store enctype_re ] comma_or_space_sep
62 . (comment|eol) . [ label "#eol" ]
65 let option = entry (name_re - ("v4_name_convert" |enctypes)) eq value comment in
66 let enctype_lists = enctype_list /permitted_enctypes/i "permitted_enctypes"
67 | enctype_list /default_tgs_enctypes/i "default_tgs_enctypes"
68 | enctype_list /default_tkt_enctypes/i "default_tkt_enctypes" in
69 let subsec = [ indent . key /host|plain/ . eq_openbr .
70 (subsec_entry name_re eq comment)* . closebr . eol ] in
71 record "libdefaults" (option|enctype_lists|v4_name_convert subsec)
74 let keys = /krb[45]_get_tickets|krb4_convert|krb_run_aklog/
75 |/aklog_path|accept_passwd/ in
76 simple_section "login" keys
79 let option = entry (name_re - ("realm" | "application")) eq value_br comment in
80 let realm = [ indent . label "realm" . store realm_re .
81 eq_openbr . (option|empty)* . closebr . eol ] in
82 let app = [ indent . label "application" . store app_re .
83 eq_openbr . (realm|option|empty)* . closebr . eol] in
84 record "appdefaults" (option|realm|app)
87 let simple_option = /kdc|admin_server|database_module|default_domain/
88 |/v4_realm|auth_to_local(_names)?|master_kdc|kpasswd_server/
89 |/admin_server|ticket_lifetime|pkinit_(anchors|identities|identity|pool)/
91 let subsec_option = /v4_instance_convert/ in
92 let option = subsec_entry simple_option eq comment in
93 let subsec = [ indent . key subsec_option . eq_openbr .
94 (subsec_entry name_re eq comment)* . closebr . eol ] in
95 let v4subsec = [ indent . key /host|plain/ . eq_openbr .
96 (subsec_entry name_re eq comment)* . closebr . eol ] in
97 let realm = [ indent . label "realm" . store realm_anycase_re .
98 eq_openbr . (option|subsec|(v4_name_convert v4subsec))* .
100 record "realms" (realm|comment)
103 simple_section "domain_realm" name_re
106 let keys = /kdc|admin_server|default/ in
107 let xchg (m:regexp) (d:string) (l:string) =
109 let xchgs (m:string) (l:string) = xchg m m l in
111 [ xchg /FILE[=:]/ "FILE=" "file" . value ]
112 |[ xchgs "STDERR" "stderr" ]
113 |[ xchgs "CONSOLE" "console" ]
114 |[ xchgs "DEVICE=" "device" . value ]
115 |[ xchgs "SYSLOG" "syslog" .
116 ([ xchgs ":" "severity" . store /[A-Za-z0-9]+/ ].
117 [ xchgs ":" "facility" . store /[A-Za-z0-9]+/ ]?)? ] in
118 let entry = [ indent . key keys . eq . dest . (comment|eol) ] | comment in
119 record "logging" entry
122 let realm = [ indent . key realm_re .
124 (entry realm_re eq value_br comment)* . closebr . eol ] in
125 record "capaths" (realm|comment)
128 let keys = /database_module|ldap_kerberos_container_dn|ldap_kdc_dn/
129 |/ldap_kadmind_dn|ldap_service_password_file|ldap_servers/
130 |/ldap_conns_per_server/ in
131 simple_section "dbdefaults" keys
134 let subsec_key = /database_name|db_library|disable_last_success/
135 |/disable_lockout|ldap_conns_per_server|ldap_(kdc|kadmind)_dn/
136 |/ldap_(kdc|kadmind)_sasl_mech|ldap_(kdc|kadmind)_sasl_authcid/
137 |/ldap_(kdc|kadmind)_sasl_authzid|ldap_(kdc|kadmind)_sasl_realm/
138 |/ldap_kerberos_container_dn|ldap_servers/
139 |/ldap_service_password_file|mapsize|max_readers|nosync/
141 let subsec_option = subsec_entry subsec_key eq comment in
142 let key = /db_module_dir/ in
143 let option = entry key eq value comment in
144 let realm = [ indent . label "realm" . store realm_re .
145 eq_openbr . (subsec_option)* . closebr . eol ] in
146 record "dbmodules" (option|realm)
148 (* This section is not documented in the krb5.conf manpage,
149 but the Fermi example uses it. *)
150 let instance_mapping =
151 let value = dels "\"" . store /[^;# \t\r\n{}]*/ . dels "\"" in
152 let map_node = label "mapping" . store /[a-zA-Z0-9\/*]+/ in
153 let mapping = [ indent . map_node . eq .
154 [ label "value" . value ] . (comment|eol) ] in
155 let instance = [ indent . key name_re .
156 eq_openbr . (mapping|comment)* . closebr . eol ] in
157 record "instancemapping" instance
160 simple_section "kdc" /profile/
163 simple_section "pam" name_re
166 let interface_option = subsec_entry name_re eq comment in
167 let interface = [ indent . key name_re .
168 eq_openbr . (interface_option)* . closebr . eol ] in
169 record "plugins" (interface|comment)
171 let includes = Build.key_value_line include_re Sep.space (store Rx.fspath)
172 let include_lines = includes . (comment|empty)*
174 let lns = (comment|empty)* .
175 (libdefaults|login|appdefaults|realms|domain_realm
176 |logging|capaths|dbdefaults|dbmodules|instance_mapping|kdc|pam|include_lines
179 let filter = (incl "/etc/krb5.conf.d/*.conf")
180 . (incl "/etc/krb5.conf")
182 let xfm = transform lns filter