krb5_kvno mkvno,
krb5_keylist_node **mkeys_list);
-krb5_error_code kdb_def_set_mkey_list ( krb5_context kcontext,
- krb5_keylist_node *keylist );
-
-krb5_error_code kdb_def_get_mkey_list ( krb5_context kcontext,
- krb5_keylist_node **keylist );
-
krb5_error_code
krb5_dbe_def_cpw( krb5_context context,
krb5_keyblock * master_key,
krb5_boolean keepold,
krb5_db_entry * db_entry);
-krb5_error_code
-krb5_def_promote_db(krb5_context, char *, char **);
-
krb5_error_code
krb5_dbe_def_decrypt_key_data( krb5_context context,
const krb5_keyblock * mkey,
void (*free)(krb5_context kcontext, void *ptr);
/*
- * Optional with default: Inform the module of the master key. The module
- * may remember an alias to the provided memory. This function is called
- * at startup by the KDC and kadmind with the value returned by
- * fetch_master_key_list. The default implementation does nothing.
+ * Optional: Inform the module of the master key list. The module may
+ * remember an alias to the provided memory. This function is called at
+ * startup by the KDC and kadmind with the value returned by
+ * fetch_master_key_list.
*/
krb5_error_code (*set_master_key_list)(krb5_context kcontext,
krb5_keylist_node *keylist);
/*
- * Optional with default: Retrieve an alias to the master key list as
- * previously set by set_master_key_list. This function is used by the KDB
- * keytab implementation in libkdb5, which is used by kadmind. The default
- * implementation returns success without modifying *keylist, which is an
- * invalid implementation.
+ * Optional: Retrieve an alias to the master key list as previously set by
+ * set_master_key_list. This function is used by the KDB keytab
+ * implementation in libkdb5, which is used by kadmind.
*/
krb5_error_code (*get_master_key_list)(krb5_context kcontext,
krb5_keylist_node **keylist);
krb5_db_entry *db_entry);
/*
- * Optional with default: Promote a temporary database to be the live one.
- * kdb5_util load opens the database with the "temporary" db_arg and then
- * invokes this function when the load is complete, thus replacing the live
+ * Optional: Promote a temporary database to be the live one. kdb5_util
+ * load opens the database with the "temporary" db_arg and then invokes
+ * this function when the load is complete, thus replacing the live
* database with no loss of read availability.
- *
- * The default implementation returns KRB5_PLUGIN_OP_NOTSUPP; kdb5_util
- * dump recognizes and ignores this error code.
*/
krb5_error_code (*promote_db)(krb5_context context, char *conf_section,
char **db_args);
static void
kdb_setup_opt_functions(db_library lib)
{
- if (lib->vftabl.set_master_key_list == NULL)
- lib->vftabl.set_master_key_list = kdb_def_set_mkey_list;
- if (lib->vftabl.get_master_key_list == NULL)
- lib->vftabl.get_master_key_list = kdb_def_get_mkey_list;
if (lib->vftabl.fetch_master_key == NULL)
lib->vftabl.fetch_master_key = krb5_db_def_fetch_mkey;
if (lib->vftabl.fetch_master_key_list == NULL)
lib->vftabl.dbe_search_enctype = krb5_dbe_def_search_enctype;
if (lib->vftabl.change_pwd == NULL)
lib->vftabl.change_pwd = krb5_dbe_def_cpw;
- if (lib->vftabl.promote_db == NULL)
- lib->vftabl.promote_db = krb5_def_promote_db;
if (lib->vftabl.decrypt_key_data == NULL)
lib->vftabl.decrypt_key_data = krb5_dbe_def_decrypt_key_data;
if (lib->vftabl.encrypt_key_data == NULL)
if (status)
return status;
if (v->iterate == NULL)
- return 0;
+ return KRB5_PLUGIN_OP_NOTSUPP;
return v->iterate(kcontext, match_entry, func, func_arg);
}
status = get_vftabl(kcontext, &v);
if (status)
return status;
+ if (v->set_master_key_list == NULL)
+ return KRB5_PLUGIN_OP_NOTSUPP;
return v->set_master_key_list(kcontext, keylist);
}
krb5_db_promote(krb5_context kcontext, char **db_args)
{
krb5_error_code status = 0;
- char *section = NULL;
+ char *section = NULL;
kdb_vftabl *v;
+ status = get_vftabl(kcontext, &v);
+ if (status)
+ return status;
+ if (v->promote_db == NULL)
+ return KRB5_PLUGIN_OP_NOTSUPP;
+
section = kdb_get_conf_section(kcontext);
if (section == NULL) {
status = KRB5_KDB_SERVER_INTERNAL_ERR;
- krb5_set_error_message (kcontext, status,
- "unable to determine configuration section for realm %s\n",
- kcontext->default_realm);
- goto clean_n_exit;
+ krb5_set_error_message(kcontext, status, "Unable to determine "
+ "configuration section for realm %s\n",
+ kcontext->default_realm);
+ return status;
}
- status = get_vftabl(kcontext, &v);
- if (status)
- goto clean_n_exit;
status = v->promote_db(kcontext, section, db_args);
-
-clean_n_exit:
free(section);
return status;
}
krb5_dbe_free_key_list(context, mkey_list_head);
return retval;
}
-
-krb5_error_code kdb_def_set_mkey_list ( krb5_context kcontext,
- krb5_keylist_node *keylist )
-{
- /* printf("default set master key\n"); */
- return 0;
-}
-
-krb5_error_code kdb_def_get_mkey_list ( krb5_context kcontext,
- krb5_keylist_node **keylist )
-{
- /* printf("default get master key\n"); */
- return 0;
-}
-
-krb5_error_code krb5_def_promote_db (krb5_context kcontext,
- char *s, char **args)
-{
- /* printf("default promote_db\n"); */
- return KRB5_PLUGIN_OP_NOTSUPP;
-}